Commit Graph

8931 Commits

Author SHA1 Message Date
Anna Henningsen
55b48798eb [heap-profiler] remove bogus DCHECK
A map’s `constructor_or_backpointer` can be any kind of value,
because `fn.prototype = foo` sets that field to `foo` if the
latter is not a `JSReceiver`; so the `DCHECK` that is being
removed here was invalid.

Refs: https://github.com/nodejs/node/issues/18223
Bug: node:18223
Change-Id: Ia6449c07bb724e515d73b162369ab36ab1d89c6b
Reviewed-on: https://chromium-review.googlesource.com/874472
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50735}
2018-01-19 23:46:51 +00:00
Andreas Haas
b30330c968 [mips][turbofan] Pass the slot index for the Peek instruction by operand
This is the implementation of crrev.com/c/866721 for mips and mips64.

Drive-by change: I made the slot index calculation on mips the same as
on mips64.

Original description:

At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.

R=v8-mips-ports@googlegroups.com

Change-Id: I46219b07962eadd174f418cba1ea38b07f9b5e96
Reviewed-on: https://chromium-review.googlesource.com/866723
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50719}
2018-01-19 13:45:16 +00:00
Martyn Capewell
db1e370dec [arm64] Remove remaining instances of csp
Remove final csp instances, missed in the earlier patch due to being outside
the arm64 tree.

Bug: v8:6644
Change-Id: I2b5a2716568949740991c368b64c0a06105e4ff2
Reviewed-on: https://chromium-review.googlesource.com/874310
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50698}
2018-01-18 18:07:18 +00:00
Marja Hölttä
e4941f76f5 [parser] Follow-up to r50640: add cctest.
This adds a test-preparser cctest corresponding to the regression test added in
https://chromium-review.googlesource.com/865900

BUG=chromium:801772

Change-Id: I33d74e242fd765b91b7c148b9a0af4960a7b05ea
Reviewed-on: https://chromium-review.googlesource.com/870311
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50688}
2018-01-18 14:26:35 +00:00
Martyn Capewell
abe3bcdc3d [arm64] Rename csp to sp
Rename csp to sp and remove support for the stack pointer abstraction and
switching stack pointers.

Bug: v8:6644
Change-Id: I616633aabc1cee9926249fe95ce6c37ed6544fe3
Reviewed-on: https://chromium-review.googlesource.com/870870
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50687}
2018-01-18 14:20:40 +00:00
Ben L. Titzer
e4d7995cfd [wasm] Move SyncCompile* and AsyncCompile* methods to WasmEngine
This is a further step to separate the implementation of the JavaScript
API from the internals of the WASM implementation. Now, wasm-js.cc
only needs to interact with the WASM engine and is (almost) independent
of module-decoder.h and module-compiler.h.

Also, move SyncCompileAndInstantiate() into wasm-module-runner.cc.

Bug: v8:7316

R=clemensh@chromium.org, mstarzinger@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7765af54ac16f53a5ff88c17a22c5d36bacaf926
Reviewed-on: https://chromium-review.googlesource.com/870871
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50679}
2018-01-18 13:27:46 +00:00
Sathya Gunasekaran
2ba5588191 [class] Parse private fields
This patch does not add any functionality, it just parses the private
fields. Adds a new harmony flag as well.


Bug: v8:5368
Change-Id: I71ce11868f458571eb57a4bc922223931ce5baa8
Reviewed-on: https://chromium-review.googlesource.com/862526
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50662}
2018-01-17 17:18:03 +00:00
Dan Elphick
7fc10cb961 [CSA] Fix CSArguments::PopAndReturn for SMIs
Assembler::PopAndReturn expects an Integral type so convert argc from a
SMI if necessary.

On 64-bit architectures, convert 64-bit immediate pop values into
32-bit values. This is safe since the conversion checks that nothing
was truncated.

Also change CodeStubArguments unit tests to use PopAndReturn rather
than Return.

Change-Id: I91b47d2e81dc0504d185ad59752d638b1c3135a7
Reviewed-on: https://chromium-review.googlesource.com/867052
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50645}
2018-01-17 09:47:39 +00:00
Andreas Haas
5920777a04 [ia32][turbofan] Pass the slot index for the peek instruction by operand
This is the implementation of crrev.com/c/866721 for ia32.

Drive-by change: Clean up the slot index calculation.

At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.

R=titzer@chromium.org

Change-Id: I40adf8c6e62de28f8428492db6c5297252c1e2d1
Reviewed-on: https://chromium-review.googlesource.com/864642
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50643}
2018-01-17 09:39:59 +00:00
Benedikt Meurer
02dbef1489 [turbofan] Introduce NumberToString operator.
This adds a new simplified operator NumberToString, which just lowers to
a call to the NumberToString builtin, and hooks that up to the typed
lowering (addressing a long-standing TODO).

Drive-by-fix: Also remove the %NumberToString runtime entry, and just
always use the %NumberToStringSkipCache entry from CSA, since we only
go there if the cache lookup already failed.

Bug: v8:5267, v8:7109
Change-Id: I5ca698c98679653813088a404f1fd38903a73c0e
Reviewed-on: https://chromium-review.googlesource.com/779099
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50636}
2018-01-17 06:30:08 +00:00
jing.bao
34ae77e053 [ia32][wasm] Add F32x4 Abs/Neg
Also refine SSES128Not

Change-Id: Ifb34055ed673e1a0f5842e99b10547b834b0d9d6
Reviewed-on: https://chromium-review.googlesource.com/867520
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#50634}
2018-01-17 01:38:37 +00:00
Karl Schimpf
1607614a91 [wasm] Add more saturating float to int conversions
Adds I32UConvertF32, I32SConvertF64, and I32UConvertF64 instructions.

Refactors code to use templates where appropriate, and to use
previously committed template function is_inbounds() when appropriate
in tests.

Bug: v8:7226
Change-Id: I2701e5fd0b21cefa1f285677f20616cfde29ab0d
Reviewed-on: https://chromium-review.googlesource.com/862609
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50632}
2018-01-16 21:47:08 +00:00
Mostyn Bramley-Moore
bf4b5b9f66 [jumbo] add namespaces to avoid CreateDescriptorForStackArguments collision
Bug: chromium:798964
Change-Id: If88093cc1f1c1793be570f37604a03d427821821
Reviewed-on: https://chromium-review.googlesource.com/868159
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#50630}
2018-01-16 20:56:28 +00:00
Ben L. Titzer
3b64a340c7 [wasm] grow_memory(0) should detach the underlying ArrayBuffer
The WebAssembly JS API specification [1] covers the JS-visible side-effects
of executing a grow_memory operation and states that a successful
grow operation should always detach any prior array buffer.

[1] https://github.com/WebAssembly/spec/blob/master/document/js-api/index.bs

R=mstarzinger@chromium.org,gdeepti@chromium.org

Bug: 
Change-Id: Ib9232e01209ba546c0bba1c9408c92da60ff6d92
Reviewed-on: https://chromium-review.googlesource.com/860011
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50627}
2018-01-16 19:07:59 +00:00
Michael Starzinger
4a1a6e288e [test] Fix usages of std::array initializer lists.
R=clemensh@chromium.org

Change-Id: I49ca12fc882dd19eb26b60ed64a36b023a836702
Reviewed-on: https://chromium-review.googlesource.com/868294
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50626}
2018-01-16 17:14:29 +00:00
Clemens Hammacher
553e70b9b2 [wasm] Merge function table and signature table
Both tables are always updated together and are always accessed
together. Thus merge them, reducing code complexity, but also code
space and overhead for accessing them during runtime. Instead of two
weak global handles, we only need one, which also means one less load
for each indirect call.
Merging them also improves cache locality, since signature and code
address are not stored next to each other in memory, so they will very
likely end up in the same cache line.

R=titzer@chromium.org

Change-Id: I862df7de93a98aa602a3895796610c2c520d6f21
Reviewed-on: https://chromium-review.googlesource.com/866868
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50623}
2018-01-16 14:34:59 +00:00
Qingyan Li
473d747dbe [snapshot]: Fix missing Cast in {Private, Signature, AccessorSignature}
R=yangguo@chromium.org

Bug: v8:7306
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I40037ebb66a856b52454c50d17b4c8a51aab7a84
Reviewed-on: https://chromium-review.googlesource.com/866215
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50618}
2018-01-16 12:07:41 +00:00
Choongwoo Han
3a4f3b73e2 Reland "Optimize TypedArraySpeciesCreate using SpeciesProtector of Array"
If there is no constructor or species updates on Array or TypedArrays,
then skip lookups of constructor and species so that we can create a new
typed array quickly. This path makes TA.p.slice() 2x faster in fast
cases.


Bug: chromium:800356, v8:7161
Change-Id: Ied8c90e23ca6708f4a3cec077c1fd733e4a6609e
Reviewed-on: https://chromium-review.googlesource.com/859397
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50617}
2018-01-16 11:55:32 +00:00
Martyn Capewell
7f6355cf6d [arm64] Remove remains of jssp
Remove remaining references to jssp, and return register to the allocator.

Bug: v8:6644
Change-Id: Ia6938e6c9548cd45d8c9c12032920b32d3da3c4c
Reviewed-on: https://chromium-review.googlesource.com/866747
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50613}
2018-01-16 10:45:13 +00:00
Clemens Hammacher
6b909391fc [cleanup] Refactor CSignature helper
The implementation can be greatly simplified by using variadic
templates.

R=mstarzinger@chromium.org

Change-Id: I8dbeea3d570bf0fac83109f334c48dbe39aaa853
Reviewed-on: https://chromium-review.googlesource.com/859785
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50611}
2018-01-16 10:01:13 +00:00
Ben L. Titzer
19ce4fc96d [compiler] Add kRetpoline CallDescriptor flag and codegen
This CL adds support for the "retpoline" construction on x64
https://support.google.com/faqs/answer/7625886
which protects against speculative execution of indirect calls.

R=mstarzinger@chromium.org,jarin@chromium.org
CC=eholk@chromium.org

Bug: chromium:798964
Change-Id: I2aa5ab9a62dac53c67061378a0bc9cd2026ca7a2
Reviewed-on: https://chromium-review.googlesource.com/867063
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50608}
2018-01-16 09:35:03 +00:00
Andreas Haas
0c28bfb054 [arm][turbofan] Pass the slot index for the peek instruction by operand
This is the implementation of crrev.com/c/866721 for arm.

Drive-by change: I simplified the slot index calculation.

Original description:

At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.

R=v8-arm-ports@googlegroups.com

Change-Id: Ic448872aa1da63f421d569ab5ec9160f36e6652b
Reviewed-on: https://chromium-review.googlesource.com/866745
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50607}
2018-01-16 09:28:08 +00:00
Clemens Hammacher
4418b48691 [cleanup] Refactor codegen-tester
The implementation can be greatly simplified by using variadic
templates.

R=mstarzinger@chromium.org

Change-Id: Ifbda09bc536c9660a83d1888b395e92367c9b03e
Reviewed-on: https://chromium-review.googlesource.com/860458
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50603}
2018-01-16 09:01:22 +00:00
Andreas Haas
cd43f56eb1 [x64][turbofan] Pass the slot index for the peek instruction by operand
At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.

R=titzer@chromium.org

Change-Id: Iab676186f41b8174bcc6c5a6053e6b0d5640ed3c
Reviewed-on: https://chromium-review.googlesource.com/866721
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50586}
2018-01-15 15:22:27 +00:00
Andreas Haas
c710e6584c [arm64][turbofan] Implement on-stack returns.
This is the implementation of crrev.com/c/766371 for arm64.

Original description:

Add the ability to return (multiple) return values on the stack:

- Extend stack frames with a new buffer region for return slots.
  This region is located at the end of a caller's frame such that
  its slots can be indexed as caller frame slots in a callee
  (located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
  reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.

R=v8-arm-ports@googlegroups.com

Change-Id: I6e344a23f359861c9a1ff5a6511651c2176ce9a8
Reviewed-on: https://chromium-review.googlesource.com/842545
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50585}
2018-01-15 15:18:47 +00:00
Yang Guo
43ac9d5151 Fix TransitionArray::Sort.
R=ulan@chromium.org

Bug: v8:7303
Change-Id: Ica6db623fbb5a4c4dd3ccf1dcbd6f796bb4406fc
Reviewed-on: https://chromium-review.googlesource.com/865907
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50575}
2018-01-15 12:52:03 +00:00
Martyn Capewell
153f6705c2 [arm64] Remove SetStackPointer
Remove SetStackPointer function and update assembler tests.

Bug: v8:6644
Change-Id: I5ea26e57b848d56433c84d8eea22d7e9b761e6bb
Reviewed-on: https://chromium-review.googlesource.com/864147
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50571}
2018-01-15 11:35:31 +00:00
Adam Klein
49898aad76 Remove always-true --harmony-async-iteration runtime flag
It was shipped in Chrome 63.

Bug: v8:5855
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icc00b8300622d1c7b5662be8ac5e425b9781f666
Reviewed-on: https://chromium-review.googlesource.com/858381
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50558}
2018-01-12 20:14:34 +00:00
Ali Ijaz Sheikh
c3bb73f6b9 [tracing] implement TRACE_EVENT_ADD_WITH_TIMESTAMP
Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icb3cf7b7f96704e1eaa4c5fbf773b94b70cddc85
Reviewed-on: https://chromium-review.googlesource.com/861302
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50549}
2018-01-12 16:27:25 +00:00
Hannes Payer
14eec66781 [heap] Remove page header tag from owner field.
This reverts commit 8d7522bc67 and fixes
the TSAN issue.

Bug: chromium:800251
Change-Id: Ie88e5281f7543bb3420703e798416d4a6dbbd91a
Reviewed-on: https://chromium-review.googlesource.com/864042
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50535}
2018-01-12 13:44:55 +00:00
Andreas Haas
a7b26c6b83 [turbofan] Add fuzzer to test different signatures for multi-returns
This CL makes a fuzzer out of the cctest
test-multiple-return/ReturnMultipleRandom. The fuzzer creates a
CallDescriptor with input parameters and returns, and a function which
maps input parameters to returns. The fuzzer then calls this function
with a wrapper which checks that the correct mapping happened.

R=clemensh@chromium.org

Change-Id: Ib89c4063638baae69540a44486d7b2e9d13f8c1f
Reviewed-on: https://chromium-review.googlesource.com/859768
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50532}
2018-01-12 12:20:27 +00:00
Martyn Capewell
c6c2d9a3e4 [arm64] Tidy up stack related TF opcodes
Unify PokeCSP/JSSP and ClaimCSP/JSSP, remove RestoreJSSP/CSP, and
remove UseNativeStack.

Bug: v8:6644
Change-Id: I482237a0e112f986c6155dce253749f55bd08f5f
Reviewed-on: https://chromium-review.googlesource.com/860104
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50531}
2018-01-12 11:58:56 +00:00
Caitlin Potter
2d889aa9a4 Reland "[esnext] load iterator.next only once at beginning of iteration"
https://github.com/tc39/ecma262/pull/988 gained concensus during the
september 2017 TC39 meetings. This moves the load of the "next" method
to the very beginning of the iteration protocol, rather than during
each iteration step.

This impacts:

- yield*
- for-of loops
- spread arguments
- array spreads

In the v8 implementation, this also affects async iteration versions of
these things (the sole exception being the Async-From-Sync iterator,
which requires a few more changes to work with this, likely done in a
followup patch).

This change introduces a new AST node, ResolvedProperty, which can be used
as a callee by Call nodes to produce the same bytecode as Property calls,
without observably re-loading the property. This is used in several
AST-desugarings involving the iteration protocol.

BUG=v8:6861, v8:5699
R=rmcilroy@chromium.org
TBR=neis@chromium.org, adamk@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9685db6e85315ba8a2df87a4537c2bf491e1e35b
Reviewed-on: https://chromium-review.googlesource.com/857593
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50518}
2018-01-11 20:27:13 +00:00
Martyn Capewell
c6ea032850 Reland "[arm64] Switch jssp to csp"
This is a reland of 50baf93425

This fixes the number of expected instructions in MaybeCallEntryHookDelayed,
only exposed by nosnap tests.

Original change's description:
> [arm64] Switch jssp to csp
>
> Switch stack pointer to using csp directly, making jssp redundant.
>
> Bug: v8:6644
> Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
> Reviewed-on: https://chromium-review.googlesource.com/860097
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#50487}

Bug: v8:6644
Change-Id: Ie9a969ccbf00fd7a7cff8f45b73cdb6bc4f17df9
Reviewed-on: https://chromium-review.googlesource.com/860639
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50513}
2018-01-11 18:42:13 +00:00
Adam Klein
8d7522bc67 Revert "[heap] Remove page header tag from owner field."
This reverts commit 6af43874b5.

Reason for revert: Linux TSAN failures:

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/19028

Original change's description:
> [heap] Remove page header tag from owner field.
> 
> Bug: chromium:800251
> Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7
> Reviewed-on: https://chromium-review.googlesource.com/860010
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50507}

TBR=ulan@chromium.org,hpayer@chromium.org

Change-Id: I29001423959f6d9faadbdba5228b28cfb1f5b341
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:800251
Reviewed-on: https://chromium-review.googlesource.com/861923
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50512}
2018-01-11 17:56:55 +00:00
Hannes Payer
6af43874b5 [heap] Remove page header tag from owner field.
Bug: chromium:800251
Change-Id: I101131b4651b0bb27a79e5107ee43caf1229ffc7
Reviewed-on: https://chromium-review.googlesource.com/860010
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50507}
2018-01-11 14:49:34 +00:00
Dan Elphick
9dd2b20350 [CSA]: Fix ElementOffsetFromIndex for dynamic SMIs
Non-constant SMIs were being shifted to the right with SHR instead of SAR,
which caused corruption of negative offsets.

Add tests for SMI access to arguments using CodeStubArguments.

Change-Id: I6cc4fc0a5dd0018524f5ff4f16f9e9a21866363f
Reviewed-on: https://chromium-review.googlesource.com/854055
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50506}
2018-01-11 14:38:25 +00:00
Ben L. Titzer
3a79d5bcc5 [wasm] Move (almost all) constants to wasm-constants.h
This CL centralizes constants related to decoding from several places
into one place and makes it no longer necessary to include
wasm-opcodes.h for some simple constants.

R=clemensh@chromium.org

Bug: 
Change-Id: I53aa81e34167df467bc7455b717bf67083033943
Reviewed-on: https://chromium-review.googlesource.com/859764
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50503}
2018-01-11 12:25:54 +00:00
Leszek Swirski
713eb9e765 [ignition] Change RestoreGeneratorRegisters to ResumeGenerator
This makes RestoreGeneratorRegisters do a fuller resume process: update
the state register to indicate that it is now executing, and update the
accumulator with the input_or_debug_pos of the generator - i.e., perform
the boilerplate generator resuming in one bytecode instead of several.

Change-Id: Ia87b6766ac023064b40d3e9a143e7b32118ea3a0
Reviewed-on: https://chromium-review.googlesource.com/859770
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50499}
2018-01-11 11:25:04 +00:00
Junliang Yan
7cb600f26f PPC: Replace CALL_GENERATED_CODE by GeneratedCode wrapper
Port 30fabc4cdf

Original Commit Message:

    This ensures that there is only one entrance point from C++ to
    generated code, hence only one method has to be excluded from CFI.
    It also introduces type safety by only allowing the code to be called
    with the right arguments.
    This CL includes minor drive-by fixes in the tests, like removing
    unused dummy variables.

R=clemensh@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Idb21a7b8103a8fb833c963c182463006d9dd6288
Reviewed-on: https://chromium-review.googlesource.com/857425
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#50490}
2018-01-10 20:40:13 +00:00
Ali Ijaz Sheikh
814577e3fd [tracing] allow embedders to provide own tracing timestamps
Make it possible for embedders to provide their own tracing timetamps by
providing an overridable virtual function on V8's tracing controller.

Bug: 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I727e633cb7f63d4b41c2e427ecca3c9174c90bfe
Reviewed-on: https://chromium-review.googlesource.com/847690
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50489}
2018-01-10 19:36:23 +00:00
Adam Klein
89348016ff Revert "[arm64] Switch jssp to csp"
This reverts commit 50baf93425.

Reason for revert: breaks arm64 nosnap debug tests:

https://build.chromium.org/p/client.v8.ports/builders/V8%20Linux%20-%20arm64%20-%20sim%20-%20nosnap%20-%20debug/builds/8418

Original change's description:
> [arm64] Switch jssp to csp
> 
> Switch stack pointer to using csp directly, making jssp redundant.
> 
> Bug: v8:6644
> Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
> Reviewed-on: https://chromium-review.googlesource.com/860097
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#50487}

TBR=martyn.capewell@arm.com,bmeurer@chromium.org

Change-Id: I20015885e6029271ee6558509cdb92ff1a106e5f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6644
Reviewed-on: https://chromium-review.googlesource.com/860319
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50488}
2018-01-10 18:38:44 +00:00
Martyn Capewell
50baf93425 [arm64] Switch jssp to csp
Switch stack pointer to using csp directly, making jssp redundant.

Bug: v8:6644
Change-Id: I8e38eda50d56a25161b187c0a033608dd9f90239
Reviewed-on: https://chromium-review.googlesource.com/860097
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50487}
2018-01-10 17:45:35 +00:00
Timothy Gu
5b9adade64 [proxy] Set [[ProxyTarget]] to null during revocation
Before this, only the [[ProxyHandler]] was set to null during revocation
of the Proxy through either the v8::Proxy::Revoke() or the
Proxy.revocable() API. To be consistent with the spec, the Proxy's
target is set to null as well. This change should not be observable
through JS, since the check for if the Proxy is revoked should always
use the handler. But the changed value is exposed through the public
v8::Proxy::GetTarget() API, which is used by the inspector API and
Node.js.

Also included is a much more comprehensive test for Inspector's support
for Proxy, which prior to this commit did not work as intended.

Bug: 
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I727607ec2b3cea8642cd636573932c1e6bb5cc07
Reviewed-on: https://chromium-review.googlesource.com/854676
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50476}
2018-01-10 11:23:54 +00:00
Pierre Langlois
5361c57bd5 [arm] Restrict usage of pc-relative LDR.
Disallow using the PC as a base in LDR and instead provide a dedicated assembler
method for pc-relative loads. The reason for this is that the generic
`Assembler::ldr` method may decide to generate more instructions if the offset
is out of range, and if the PC was the base, we would get surprising
results. For example:

~~~
ldr r0, [pc, #0xcabba9e]
~~~

is not equivalent to:

~~~
movw ip, #0xba9e
movt ip, #0xcab
ldr r0, [pc, ip]
~~~

since the reference to the PC has moved down two instructions!

We could teach the assembler to handle those cases correctly, but pc-relative
loads are used in specific cases only so that's not necessary.

As a drive-by, remove a reference to code aging.

Bug: 
Change-Id: I586d83a418db52cf28d3b524f889bf40f077998a
Reviewed-on: https://chromium-review.googlesource.com/847008
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#50475}
2018-01-10 11:22:49 +00:00
Ivo Markovic
93e04fd3d6 Fix wasm_context wrong usage.
Previous usage was getting wrong address on Mips.

TEST=test-wasm-trap-position/RunWasmTurbofan_IllegalLoad

Bug: 
Change-Id: I325ada99540f01ae509dfbfe3c0e55693dacca19
Reviewed-on: https://chromium-review.googlesource.com/859457
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50474}
2018-01-10 11:13:49 +00:00
Jakob Gruber
b131cc35bc Revert "Optimize TypedArraySpeciesCreate using SpeciesProtector of Array"
This reverts commit 8fbc6a05c1.

Reason for revert: https://crbug.com/800356

Original change's description:
> Optimize TypedArraySpeciesCreate using SpeciesProtector of Array
> 
> If there is no constructor or species updates on Array or TypedArrays,
> then skip lookups of constructor and species so that we can create a new
> typed array quickly. This path makes TA.p.slice() 4x faster in fast
> cases.
> 
> Bug: v8:7161
> Change-Id: Ib8d2a3f6b8b5ed356c5822a814164166d1285f64
> Reviewed-on: https://chromium-review.googlesource.com/828343
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50423}

TBR=jkummerow@chromium.org,jgruber@chromium.org,ishell@chromium.org,bmeurer@chromium.org,cwhan.tunz@gmail.com

Change-Id: Icca07564d2a83710852eb797bac25f1d5600696e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7161
Reviewed-on: https://chromium-review.googlesource.com/859156
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50470}
2018-01-10 07:46:29 +00:00
jing.bao
058f166bd4 [ia32][wasm] Add F32x4 Add/Sub/Mul/Min/Max
Bug: 
Change-Id: I75de89ca895ef5a408a1d958b75dbc79d07e007a
Reviewed-on: https://chromium-review.googlesource.com/856096
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#50468}
2018-01-10 01:46:29 +00:00
Aseem Garg
0d0888c4e1 Reland "[wasm] remove kExecuteSimdLowered mode from wasm cctest"
This is a reland of 86bc15174f
Original change's description:
> [wasm] remove kExecuteSimdLowered mode from wasm cctest
> 
> R=clemensh@chromium.org,titzer@chromium.org,bbudge@chromium.org,gdeepti@chromium.org
> BUG=v8:7028
> 
> Change-Id: Ie0b984ebd18e267cdaf7aaff9f17fb4328d8e5fa
> Reviewed-on: https://chromium-review.googlesource.com/849638
> Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50385}

Bug: v8:7028
Change-Id: I64ef0f55268d542588d69a661c0ce88b8aa2f6d5
Reviewed-on: https://chromium-review.googlesource.com/854776
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50463}
2018-01-09 18:30:29 +00:00
Josh Wolfe
b065ed4795 Support Function::SetName() with --harmony-function-tostring
This is used in chromium for html attribute event handlers.

See blink layout test fast/events/event-function-toString.html

Bug: v8:4958
Change-Id: Ib3d88af834bbb62b4ccd4683eda743d92064b075
Reviewed-on: https://chromium-review.googlesource.com/837641
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50460}
2018-01-09 18:13:09 +00:00