Commit Graph

60604 Commits

Author SHA1 Message Date
Clemens Backes
d8bb229df0 [Liftoff] Clean up implementation of AtomicStore
As discussed offline, the current implementation implement each
situation separately. I think we can simplify the code a lot by sharing
code between the different paths.
This CL does that by
1) implementing the kI64Store case separately, because it does not have
   all the register contraints that the others have, and
2) moving all logic to ensure that the {src} register is usable before
   the switch, such that it's shared by all the compare-exchange cases.

As a side produce, this also fixes issue 1045225, because for i64 stores
which actually only use the lower half of {src}, only that half will be
pinned.

R=ahaas@chromium.org

Bug: chromium:1045225, v8:10108
Change-Id: I0be025b9706d563835ae6337d45b88e0233eacad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029414
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66062}
2020-01-31 08:54:44 +00:00
Milad Farazmand
902fe5f066 s390: [simulator] Avoid negating if reg value overflows
Negating 1 << 31 as a signed integer overflows and
causes undefined behaviour hence SetS390OverflowCode
may never get set.

Change-Id: I4a479f0d3c71eaaa58ae0925d744e7779ecd833b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031861
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66061}
2020-01-31 04:35:24 +00:00
v8-ci-autoroll-builder
75f66c5075 Update V8 DEPS.
Rolling v8/build: 25075ce..96fd652

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/707a874..a66ca23

Rolling v8/third_party/depot_tools: 1a0daf7..ae510e8

Rolling v8/tools/clang: 953ea7a..23191fa

Rolling v8/tools/swarming_client: 885b3fe..0ac2847

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I693b48fe867cb591b581c749445892d2f873aec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031906
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66060}
2020-01-31 03:47:44 +00:00
Milad Farazmand
bf8dae5b39 s390: [wasm-simd] Implement simd conversion operations
Change-Id: I6f7d3a5f123edea8674c0f9217b03760f3af016f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028451
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66059}
2020-01-30 21:24:02 +00:00
Zhi An Ng
d656905239 Revert "[wasm-simd][liftoff] Check CpuFeatures for SIMD support"
This reverts commit 7c32fa05df.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/35618
Need to update expected test output.

Original change's description:
> [wasm-simd][liftoff] Check CpuFeatures for SIMD support
> 
> If Wasm simd128 is not supported on this particular hardware, we bail
> out to TurboFan.
> 
> Bug: v8:9909
> Change-Id: Ie46e154426783ba099b7c0facc906670cda1bdd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029427
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66055}

TBR=gdeepti@chromium.org,clemensb@chromium.org,zhin@chromium.org

Change-Id: I7def513a619c609ff820ff1b9aefa92e1741e4a2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031888
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66058}
2020-01-30 19:23:42 +00:00
Milad Farazmand
19bc0ea2af PPC/s390: [arm32] Fix breakpoints in simulator/debugger
Port e920b2e351

Original Commit Message:

    - Debugger stepping assumes that the pc points to the instruction
      that should get executed next, so we need to increment it when
      we hit a stop or a bkpt instruction or else we'll end up in an
      infinite loop.
    - The "break" and the "stop unstop" command write into code space, so
      they need to temporarily make code space writable or else they
      just crash. (Note that this doesn't work for embedded builtins.)

R=neis@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I1a9507f621c83dd94f2de230f7c75bc1fee95dd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031204
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66057}
2020-01-30 18:49:42 +00:00
Ng Zhi An
0ca45a2095 [wasm-simd][liftoff] Always execute tests on Liftoff
On backends that do not have s128 support in Liftoff, tests will bail
out to TurboFan, so tests will continue running and passing.

Bug: v8:9909
Change-Id: I3b596a73b6cb2e8645a99c65a935026f9e1a8d55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029332
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66056}
2020-01-30 18:34:22 +00:00
Ng Zhi An
7c32fa05df [wasm-simd][liftoff] Check CpuFeatures for SIMD support
If Wasm simd128 is not supported on this particular hardware, we bail
out to TurboFan.

Bug: v8:9909
Change-Id: Ie46e154426783ba099b7c0facc906670cda1bdd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029427
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66055}
2020-01-30 18:29:42 +00:00
Eric Leese
fb96381b95 Revert "[wasm] Tierdown wasm module upon "Debugger.enable""
This reverts commit 410ca4c50e.

Reason for revert: This was causing Chrome to hang when debugging large wasm binaries.

Clean revert except for modification to test/debugger/debugger.status

Bug: chromium:1047210, v8:9654

Original change's description:
> [wasm] Tierdown wasm module upon "Debugger.enable"
>
> Put a logic in Wasm Engine to tier down all existing modules per isolate
> when debugger is enabled. This CL does not handle new module added after
> debugger is enabled yet.
>
> Bug: v8:9654
> Change-Id: I87060f5c416506543fcaf231bff9999d06ba4c0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013692
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66017}

TBR=clemensb@chromium.org,bmeurer@chromium.org,duongn@microsoft.com,szuend@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9654
Change-Id: Id49e8c69f8212e95e698d7e7267056fb2eb7e60a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030737
Auto-Submit: Eric Leese <leese@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66054}
2020-01-30 17:29:52 +00:00
Michael Achenbach
51dadbb313 [foozzie] Abort on all range errors in correctness fuzzing
This uses the most common bottleneck for intercepting range-error
creation in correctness fuzzing. Previous abort conditions didn't
cover all cases, e.g. they didn't cover the generic NewError called
by wasm-results.

This also moves code for error-message suppression to the same
location for readability.

In a follow up we'll remove the other redundant abort conditions that
are scattered through the code.

Bug: chromium:1044942, chromium:1047197
Change-Id: I1b898247a304fd35112facd4048de3a02d512c96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030728
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66053}
2020-01-30 15:29:22 +00:00
Milad Farazmand
acdd2cb283 PPC/s390: [wasm-simd][liftoff] Implement i32x4.splat
Port c10153b4e9

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I6668e7d7b260b62838d609e27e240bb670977250
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030744
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66052}
2020-01-30 15:18:32 +00:00
Michael Hablich
8be98077e0 Update version to 8.2
TBR=machenbach@chromium.org

Change-Id: I2a60152b04301c835fa21c03cd879b3530c436bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030726
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66051}
2020-01-30 15:01:12 +00:00
Thibaud Michaud
06a4e08048 Revert "Reland "[wasm] Cache streaming compilation result""
This reverts commit 9781aa076f.

Reason for revert: tsan bot failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/30110

Original change's description:
> Reland "[wasm] Cache streaming compilation result"
> 
> This is a reland of 015f379aa1
> 
> Original change's description:
> > [wasm] Cache streaming compilation result
> > 
> > Before compiling the code section, check whether the
> > bytes received so far match a cached module. If they do, delay
> > compilation until we receive the full bytes, since we are likely to find
> > a cache entry for them.
> > 
> > R=clemensb@chromium.org
> > 
> > Bug: v8:6847
> > Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823
> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#66000}
> 
> Bug: v8:6847
> Change-Id: I0b5acffa01aeb7dade3dc966392814383d900015
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022951
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66047}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: I76e3561835815ac3d5bca74e76079e82f9f3d581
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030727
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66050}
2020-01-30 14:27:36 +00:00
Andreas Haas
8ff14f5b36 [wasm] Type check brtable if it's not unreachable
There was a bug in the function body decoder where
type checking of brtable only happened if the brtable
instruction is reachable. However, type checking is
required in all cases where brtable "not unreachable".
The difference between reachable and "not unreachable"
is a state called spec-reachable where a clever
compiler can already infer that the code will be
unreachable (e.g. a memory access is out of bounds
just by the offset and therefore unconditionally
traps), but the spec can not. If an instruction is
only spec-reachable, it still has to be type checked.

R=clemensb@chromium.org
FIX=chromium:1046472

Change-Id: I7e9f1108597871615c0d443a0e94de35a0207b5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027990
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66049}
2020-01-30 13:46:15 +00:00
Milad Farazmand
8e6e3afc1d PPC/s390: [wasm] skip liftoff debugger tests
Change-Id: I22598152bd8763ae50b16adb84fa9c74a7bd26b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028835
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66048}
2020-01-30 13:45:10 +00:00
Thibaud Michaud
9781aa076f Reland "[wasm] Cache streaming compilation result"
This is a reland of 015f379aa1

Original change's description:
> [wasm] Cache streaming compilation result
> 
> Before compiling the code section, check whether the
> bytes received so far match a cached module. If they do, delay
> compilation until we receive the full bytes, since we are likely to find
> a cache entry for them.
> 
> R=clemensb@chromium.org
> 
> Bug: v8:6847
> Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66000}

Bug: v8:6847
Change-Id: I0b5acffa01aeb7dade3dc966392814383d900015
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022951
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66047}
2020-01-30 13:30:40 +00:00
Dominik Inführ
ace7d8d796 [snapshot] Ensure deterministic output with JSArrayBuffer extension
The JSArrayBuffer extension stores a pointer to native memory. Set it to
null before serialization and then restore the old value.

Bug: v8:10064
Change-Id: I11b6d5a02cad7da119308b280269a72e24ee2a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029410
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66046}
2020-01-30 12:59:21 +00:00
Ulan Degenbaev
767fff40e2 [heap] Avoid updating the shared worklist twice in per-context mode
MarkingWorklistHolder has two references to the shared marking worklist:
1) as a standalone worklist for general marking,
2) as a context worklist for per-context mode marking.

Because of that the shared worklist gets updated twice and breaks
the invariants of UpdateMarkingWorklistAfterScavenge.

Bug: chromium:1046791, chromium:973627
Change-Id: I61a8423f8b4d355adb5e8004bf200c67453c1e27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029411
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66045}
2020-01-30 12:31:50 +00:00
Ulan Degenbaev
b5c917ee80 [api] New function for reallocating ArrayBuffer backing store
This patch adds a new BackingStore::Reallocate function that internally
uses a new ArrayBuffer::Allocator::Reallocate provided by the embedder.

The default implementation of the function simply copies the backing
store. The embedder can override the function and provide a more
efficient implementation e.g. using realloc.

Bug: v8:9908, v8:9380

Change-Id: I2179c80ba199c045b6900c620a813916150e7098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007274
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66044}
2020-01-30 12:05:17 +00:00
Igor Sheludko
6c5f6ea320 [unittests] Randomize RegionAllocatorTests
... by using random seed provided via --gtest_random_seed= flag.

Bug: chromium:1043117
Change-Id: I6114e9c71f3196a386a8457a6ec6f9e1fc80f6ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027991
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66043}
2020-01-30 11:54:06 +00:00
Leszek Swirski
ddca360617 [ast] Allocate cons strings on-demand
Remove AstConsString "internalization", and instead make the conversion
to heap String be on-demand with an Allocate method. We never actually
need the heapified cons string more than once, so there's no need to do
the internalization walk or do the next/string union dance in the
AstConsString class.

This also allows us to specify how we want to allocate the String at the
call site. In particular, it allows us to allocate a flat SeqString rather
rather than a ConsString. This allows us to avoid allocating ConsStrings
which will just be passed to a flatten call, and especially avoid
allocating dead ConsStrings in the off-thread old space.

Bug: chromium:1011762
Bug: chromium:1043168
Change-Id: Id851f2f7529d92ad7e5388eb22823fd6d1959cd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020953
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66042}
2020-01-30 11:04:26 +00:00
Peter Marshall
42ceebee86 [inspector] Flush explicitly after sending resumed event
'resumed' events are sent to the renderer from V8 and stored in a queue.
We didn't flush this queue previously, meaning these events would sit in
the queue until another message coincidentally flushed the queue.

Under some circumstances, the resumed event would not get flushed and
the UI would still be in a paused state, even when JS had resumed.

Bug: chromium:1044989
Change-Id: I5d92fcc0a40d4e3816501da98f6be8a46f227e0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023563
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66041}
2020-01-30 10:47:06 +00:00
Liviu Rau
b9a690f38c [testing] Collect test duration
We will be able to collect test duration and later upload them in BQ.


Change-Id: Ie5610d4e872259857bf3f26ba698fa65d23058be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020952
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66040}
2020-01-30 10:17:06 +00:00
Georg Neis
e920b2e351 [arm32] Fix breakpoints in simulator/debugger
- Debugger stepping assumes that the pc points to the instruction
  that should get executed next, so we need to increment it when
  we hit a stop or a bkpt instruction or else we'll end up in an
  infinite loop.
- The "break" and the "stop unstop" command write into code space, so
  they need to temporarily make code space writable or else they
  just crash. (Note that this doesn't work for embedded builtins.)

Bug: v8:10164
Change-Id: Id77f5e97892076a9fdf8de0230632e0ce979da43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026732
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66039}
2020-01-30 09:44:16 +00:00
Jan Krems
f9257802c1 Fix scanner-level error reporting for hashbang
When the file begins with a hashbang, the scanner is in a failed state
when SkipHashbang() is called. This is usually not an issue but when
the parser encounters an ILLEGAL token, it will reset the SyntaxError
location because of it.

Bug: v8:10110
Change-Id: I1c7344bf5ad20079cff80130c991f3bff4d7e9a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995312
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66038}
2020-01-30 09:28:16 +00:00
v8-ci-autoroll-builder
d651b8e75b Update V8 DEPS.
Rolling v8/build: 2f17606..25075ce

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e0a0cb..707a874

Rolling v8/third_party/depot_tools: ea8b58b..1a0daf7

Rolling v8/tools/clang: 535dbf1..953ea7a

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ic908ce11f46097bf4b21189879220c21a90b7578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028530
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66037}
2020-01-30 04:02:56 +00:00
Ng Zhi An
c10153b4e9 [wasm-simd][liftoff] Implement i32x4.splat
Bug: v8:9909
Change-Id: I53d3b95e1f22e0194ac1a2ed7b556189acb8f9ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023399
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66036}
2020-01-29 23:15:55 +00:00
Ng Zhi An
3dbbb37223 Fix typo in disasm for psrlq
Change-Id: I78a33d10b2c73d2fa0cb364a7a4b23de0c01d94c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028516
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66035}
2020-01-29 21:37:20 +00:00
Deepti Gandluri
1b5a3178f8 Revert "[wasm-simd] Fix scalar lowering of kParameter"
This reverts commit e8832647b6.

Reason for revert: Causes flaky fails on the tree, reverting as this test should be deterministic pass/fail.

https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8889903130443940000/+/steps/Check_-_nosse3__flakes_/0/logs/simd-call/0

Original change's description:
> [wasm-simd] Fix scalar lowering of kParameter
> 
> Lowers the call descriptor of a wasm function if it contains simd.
> 
> Also fixes a couple of issues with the lowering of kParameter:
> - the old_index == new_index check is incorrect, it would only work if
> the s128 parameter is the first parameter
> - the old_index was also not adjusted to account for Parameter[0] being
> the wasm instance object
> - new_index needs to be adjusted to account for the instance object too
> 
> These fixes make it more similar to the lowering of kParameter in
> int64-lowering.c.
> 
> Also add a new mjsunit test to exercise this logic.
> 
> Bug: v8:10154
> Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66032}

TBR=gdeepti@chromium.org,ahaas@chromium.org,zhin@chromium.org

Change-Id: I69589e2331c857c0f197ac53b8fb8a241376c632
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028830
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66034}
2020-01-29 20:38:00 +00:00
Andrew Comminos
8580537587 [cpu-profiler] Remove instruction_start field from CodeEntry
This data is duplicated across the code map, and not actually required
for some esoteric types of CodeEntry objects (e.g. inline stacks). Unify
sourcing of this data from the code map instead.

Change-Id: I75fddc03221d1d6b7dab77d16fa05ad6eb3dd2a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026416
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#66033}
2020-01-29 19:31:00 +00:00
Ng Zhi An
e8832647b6 [wasm-simd] Fix scalar lowering of kParameter
Lowers the call descriptor of a wasm function if it contains simd.

Also fixes a couple of issues with the lowering of kParameter:
- the old_index == new_index check is incorrect, it would only work if
the s128 parameter is the first parameter
- the old_index was also not adjusted to account for Parameter[0] being
the wasm instance object
- new_index needs to be adjusted to account for the instance object too

These fixes make it more similar to the lowering of kParameter in
int64-lowering.c.

Also add a new mjsunit test to exercise this logic.

Bug: v8:10154
Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66032}
2020-01-29 19:00:30 +00:00
Joshua Litt
f22c213304 [promises] Port remaining promise code to Torque.
Bug: v8:9838
Change-Id: Idc6bda122354a54dd24e39b0356f35b0f54ef089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012596
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66031}
2020-01-29 18:02:40 +00:00
Michael Achenbach
01646bc89c Suppress some console functions for fuzzing
Bug: chromium:1044942
Change-Id: I6bc5f9a83e56a67996bb23ff46e1c58c719a2dfb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027988
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66030}
2020-01-29 18:00:10 +00:00
Dominik Inführ
acb4f3b549 [heap] Disable concurrent_array_buffer_sweeping in single-threaded mode
Bug: chromium:1045937
Change-Id: Ic30db61ec77cb684f927bae0ed45446abcb2e426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027989
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66029}
2020-01-29 16:59:30 +00:00
Milad Farazmand
c7e8d66e71 PPC/s390: [wasm] skip liftoff debugger tests
Tests need to be disable until liftoff is fully implemented.

Change-Id: Ib906b7d4ef2abae1359fbfb1a61031eeb5d5e70c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028289
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66028}
2020-01-29 16:55:24 +00:00
Jakob Kummerow
efaa34b5e5 Fix one more LookupIterator
Copying one object's named properties is always fine, even if one of
the names could be a large index on a TypedArray. Mark the LookupIterator
as OWN_SKIP_INTERCEPTOR to avoid the DCHECK.

Bug: chromium:1044909
Change-Id: I6918186a4b50df7865de3572cb674fd7d6eadb78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023558
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66027}
2020-01-29 16:49:50 +00:00
Jakob Kummerow
a35214a0c5 [turbofan] Repair 'index in typedarray' regression
Bumping the max TypedArray length caused the typer to make different
representation decisions, which caused inefficient back-and-forth
conversions. This patch repairs the microbenchmark where this was
most significant.
There might be additional future work to ensure that TypedArray
accesses that actually use huge indices remain on the fast path as well.

Bug: chromium:1045934
Change-Id: Ic6dccaae35fcdf74a26d47388477a1969bf0aa9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026728
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66026}
2020-01-29 16:42:20 +00:00
Leszek Swirski
60f108f984 [ast] Allocate cons strings in young space on main thread
In the case of function names, we allocate ConsStrings only to flatten
them during finalization. Allocating these ConsStrings in old space
appears to have regressed some benchmarks (especially memory benchmarks),
but is necessary for off-thread allocation which doesn't have a young
space.

Ideally, we would avoid allocating these ConsStrings in the first place,
and would flatten the data directly from the AstConsString. For now, we
make them allocate in old space for off-thread allocation only, to
revert the regressions. In the future we can investigate smarter
flattening.

Bug: chromium:1011762
Bug: chromium:1044477, chromium:1044147, chromium:1043573, chromium:1043168
Change-Id: If24b738d6f2eeb8c0fea042a711deb2a19015fbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020948
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66025}
2020-01-29 12:56:23 +00:00
Igor Sheludko
861da54fcb [cleanup] Reformat BUILD.gn file
... using up-to-date git cl format.

Bug: v8:10155
Change-Id: Ie29b492a7831fe2d7c0de247d16f9b7be9e42a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026730
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66024}
2020-01-29 12:26:43 +00:00
Igor Sheludko
68cc5c6796 [builtins] Fix FastCreateDataProperty
... which didn't check writability of array length on appending
a new element to an array.

Bug: chromium:1041251
Change-Id: I6935e505a4844e5b22abe9d4a42786619499daa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023551
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66023}
2020-01-29 12:25:03 +00:00
Jakob Gruber
390c7fed66 Revert "[regexp] Correctly escape a backslash-newline sequence"
This reverts commit 7d1f95d6e4.

Reason for revert: Speculative revert for https://crbug.com/1046678

Original change's description:
> [regexp] Correctly escape a backslash-newline sequence
> 
> When printing the source string, a backslash-newline sequence ('\\\n',
> '\\\r', '\\\u2028', '\\\u2029') should be formatted as '\n', '\r',
> '\u2028', '\u2029', respectively. Prior to this CL it was formatted as
> a backslash followed by the literal newline character.
> 
> Bug: v8:8615
> Change-Id: Iac90195c56ea1707ea8469066b0cc967ea87fc73
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016583
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65986}

TBR=neis@chromium.org,jgruber@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8615,chromium:1046678
Change-Id: If28626a1c6868ed848310c0d30cf61a73326f2c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027452
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66022}
2020-01-29 12:08:03 +00:00
Georg Neis
e395871fdb [runtime] Don't invalidate property cell when it becomes read-only
The compiler assumes (for loads) that the property cell of a
non-configurable global property never gets invalidated.

Bug: chromium:1044919
Change-Id: I27f6ce30fb9a21e2c1e5310f25e9bb973ebbc266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023562
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66021}
2020-01-29 11:06:42 +00:00
Jakob Kummerow
2d10033fba Fix ArrayLengthSetter for suddenly frozen elements
Converting an object to an array length can freeze the array whose
length is being set, but SetLength for the frozen elements accessor
is supposedly unreachable. This fix extends the existing special
handling for suddenly-readonly lengths to cover this case as well.
Prior art: https://codereview.chromium.org/2543553002

Bug: chromium:1044911
Change-Id: I85d2e79446a8d9c1d22cd86ddf828328bf51a1a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023555
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66020}
2020-01-29 10:52:52 +00:00
Ulan Degenbaev
f3e2ad9991 [heap] Separate shared objects from objects of untracked contexts
Currently objects that belong to the untracked contexts (i.e. contexts
for which measurement was not requested) are accounted in the shared
context. This CL introduces a dummy kOtherContext and attributes such
objects to that context.

Bug: chromium:973627
Change-Id: I9801ab317d95b944336b79a5e17721511d4897c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2025370
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66019}
2020-01-29 09:58:32 +00:00
Ulan Degenbaev
19f23ae9fb [heap] Add per-context accounting of external bytes
The existing legacy performance.memory API accounts external string
and array buffer backing store bytes. This CL adds per-context tracking
of external bytes

Bug: chromium:973627
Change-Id: I2b308dc540454e7b0b66406b83a18bf8f8d55d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2025369
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66018}
2020-01-29 09:46:42 +00:00
Z Nguyen-Huu
410ca4c50e [wasm] Tierdown wasm module upon "Debugger.enable"
Put a logic in Wasm Engine to tier down all existing modules per isolate
when debugger is enabled. This CL does not handle new module added after
debugger is enabled yet.

Bug: v8:9654
Change-Id: I87060f5c416506543fcaf231bff9999d06ba4c0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013692
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66017}
2020-01-29 07:03:24 +00:00
v8-ci-autoroll-builder
7fa6c693e2 Update V8 DEPS.
Rolling v8/base/trace_event/common: e327c63..bd79231

Rolling v8/build: fd02540..2f17606

Rolling v8/buildtools: 73414d5..afc5b79

Rolling v8/buildtools/linux64: git_revision:0c5557d173ce217cea095086a9c9610068123503..git_revision:97cc440d84f050f99ff0161f9414bfa2ffa38f65

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/251c765..2e0a0cb

Rolling v8/third_party/depot_tools: 05b001c..ea8b58b

Rolling v8/third_party/zlib: 94485d9..b9b9a5a

Rolling v8/tools/clang: 42fbdfe..535dbf1

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ie4dd3f3acb98c7fd3bbba0d5425a2791bf94567e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027147
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66016}
2020-01-29 04:01:44 +00:00
Ng Zhi An
554a347892 [wasm-simd] Remove f64x2.convert_i64x2_s and _u
These conversion instructions were removed from the proposal in
https://github.com/WebAssembly/simd/pull/178.

Change-Id: I212ca2f923362bf08e178f6d28cc2338cf6f5927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016006
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66015}
2020-01-28 18:36:43 +00:00
Andreas Haas
60d5f8cefd [wasm][liftoff] Implement AtomicSub on x64
R=clemensb@chromium.org

Bug: v8:10108
Change-Id: I1a0546b4a5b754dcf35c66594ac7c5c37d940001
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2019484
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66014}
2020-01-28 15:34:33 +00:00
Liviu Rau
ca02cfc698 [deps] Add android_platform to deps
Added the new dependency pointing to head of this repo:
https://chromium.googlesource.com/chromium/src/third_party/android_platform/

A more relevant dry run can be found below where I also included the changes that the auto-roller was unable to land.
https://chromium-review.googlesource.com/c/v8/v8/+/2023553

Bug: chromium:1043646
Change-Id: Ife6547ca9cbb7f303beb48c330d1b4457495dd83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023556
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66013}
2020-01-28 15:19:54 +00:00