Commit Graph

39923 Commits

Author SHA1 Message Date
jkummerow
6bfee50e15 [deserializer] Make large object deserialization GC safe
When black allocation is turned on at deserialization time, then
slots in deserialized objects have to be visited by the incremental
marker. For spaces with reservations, this has always been done; for
large object space with its special handling, this patch adds it.

Additionally, we must ensure that no incremental steps that might
cause incremental marking to finish are performed while there is an
AlwaysAllocateScope around.

BUG=chromium:718859

Review-Url: https://codereview.chromium.org/2868103002
Cr-Commit-Position: refs/heads/master@{#45231}
2017-05-10 12:54:01 +00:00
ulan
6110123257 [heap] Synchronize young generation GC with concurrent marking.
BUG=chromium:694255

Review-Url: https://codereview.chromium.org/2872263002
Cr-Commit-Position: refs/heads/master@{#45230}
2017-05-10 12:50:32 +00:00
ulan
69c6970fae [heap] Reland "Verify remembered set for objects in the old generation."
This reverts commit 8f89e28661.

Review-Url: https://codereview.chromium.org/2876503002
Cr-Commit-Position: refs/heads/master@{#45229}
2017-05-10 12:41:22 +00:00
tebbi
936b3d8d66 [runtime] do not left-trim short arrays
BUG=v8:6380

Review-Url: https://codereview.chromium.org/2872173003
Cr-Commit-Position: refs/heads/master@{#45228}
2017-05-10 12:13:43 +00:00
ulan
8f89e28661 Revert of [heap] Verify remembered set for objects in the old generation. (patchset #3 id:40001 of https://codereview.chromium.org/2868053002/ )
Reason for revert:
buildbot failures

Original issue's description:
> [heap] Verify remembered set for objects in the old generation.
>
> Review-Url: https://codereview.chromium.org/2868053002
> Cr-Commit-Position: refs/heads/master@{#45225}
> Committed: 755a809ee5

TBR=mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Review-Url: https://codereview.chromium.org/2870413002
Cr-Commit-Position: refs/heads/master@{#45227}
2017-05-10 10:37:37 +00:00
Miran.Karic
838d0b4bd2 MIPS64: Add/fix bit insertion/extraction instrs.
Added support for DINSM and DINSU bit insertion instructions. Also fixed
errors with bit extraction instructions, added disassembler tests and
adjusted the code to make it more compact.

BUG=
TEST=cctest/test-assembler-mips/Dins
     cctest/test-disasm-mips/Type0

Review-Url: https://codereview.chromium.org/2871663002
Cr-Commit-Position: refs/heads/master@{#45226}
2017-05-10 10:06:53 +00:00
ulan
755a809ee5 [heap] Verify remembered set for objects in the old generation.
Review-Url: https://codereview.chromium.org/2868053002
Cr-Commit-Position: refs/heads/master@{#45225}
2017-05-10 09:53:08 +00:00
Michael Achenbach
585428b8a1 [release] Fix parsing of gerrit footers with empty values.
This ports:
https://chromium-review.googlesource.com/c/493466/

The code was originally copied from bot_update. So were the bugs.

Bug: chromium:717504
NOTRY=true
TBR=tandrii@chromium.org,agable@chromium.org

Change-Id: If2d2dafdca8cd44f325dc770dfc42c17889a3b4a
Reviewed-on: https://chromium-review.googlesource.com/501787
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45224}
2017-05-10 09:49:56 +00:00
mlippautz
cf37556f0e [heap] Minor MC: Implement page moving
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2855143003
Cr-Commit-Position: refs/heads/master@{#45223}
2017-05-10 09:05:53 +00:00
jgruber
540419b660 [value-serializer] Verify deserialized JSRegExp flags
One of the serializer fuzzers passes in random data to the deserializer,
which can then be used to deserialize a JSRegExp instance with random flag
contents. This can cause issues since the JSRegExp::Flag enum statically
contains kDotAll - but it is only valid to set kDotAll iff
FLAG_harmony_regexp_dotall is set.

This CL verifies deserialized flags before constructing the JSRegExp
and bails out if they are invalid.

R=jbroman@chromium.org,yangguo@chromium.org
BUG=chromium:719280

Review-Url: https://codereview.chromium.org/2870743004
Cr-Commit-Position: refs/heads/master@{#45222}
2017-05-10 08:52:21 +00:00
Michael Starzinger
0679765daf [asm.js] Test and fix return type validation.
This fixes cases where falling off the end of a non-void function was
accepted as a valid asm.js module. This led to translation failures in
the WASM code. Only void functions are allowed to fall off the end.

R=clemensh@chromium.org
TEST=mjsunit/asm/return-types
BUG=chromium:719286

Change-Id: I7b1c9ba5381b87a23cf0a2171bee5e5f5e8cd9de
Reviewed-on: https://chromium-review.googlesource.com/500312
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45221}
2017-05-10 08:40:53 +00:00
predrag.rudic
a1f00971a1 [runtime function] Fix IndexOf when start is -Infinity
By C++ standard, behaviour is undedined when converting -Infinity to
integer. This patch assures correct behaviour in this case on all
platforms.

BUG=

Review-Url: https://codereview.chromium.org/2865113005
Cr-Commit-Position: refs/heads/master@{#45220}
2017-05-10 08:34:32 +00:00
jgruber
9fbfd6ead6 [regexp] Don't adapt arguments for @@replace and @@split
Mechanical change to remove argument adaption from RegExp.p.split,
RegExp.p.replace when the actual arguments counts does not match
the formal parameter count (should be a tad faster this way).

BUG=v8:6369

Review-Url: https://codereview.chromium.org/2865313002
Cr-Commit-Position: refs/heads/master@{#45219}
2017-05-10 06:51:56 +00:00
jgruber
7cce53586f [array] Don't adapt arguments for ArrayIndexOf and ArrayIncludes
Mechanical change to remove argument adaption from Array.p.indexOf and
Array.p.includes when the actual arguments counts does not match the formal
parameter count.

BUG=v8:6369

Review-Url: https://codereview.chromium.org/2873653002
Cr-Commit-Position: refs/heads/master@{#45218}
2017-05-10 06:46:29 +00:00
Alexey Kozyatinskiy
dccfe5dbbe Revert ENTER_V8 replacement for Isolate::ThrowException
Isolate::ThrowException calls Debug::OnException, this method can potentially enter debugger context and on exception inspector can lazily compile injected-script-source so NO_SCRIPT_NO_EXCEPTIONS restriction looks too strict to me

R=jochen@chromium.org
BUG=v8:5830

Change-Id: Ic37aaa7bc6f2bd5922654f1a3c235d5eaacb8f85
Reviewed-on: https://chromium-review.googlesource.com/501351
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45217}
2017-05-10 06:38:01 +00:00
bmeurer
6d38f89d26 [turbofan] Boost performance of Array.prototype.shift by 4x.
For small arrays, it's way faster to just move the elements instead of
doing the fairly complex and heavy-weight left-trimming. Crankshaft has
had this optimization for small arrays already; this CL more or less
ports this functionality to TurboFan, which yields a 4x speed-up when
using shift on small arrays (with up to 16 elements).

This should recover some of the regressions reported in the Node.js issues

  https://github.com/nodejs/node/issues/12657

and discovered for the syncthrough module using

  https://github.com/mcollina/syncthrough/blob/master/benchmarks/basic.js

as benchmark.

R=jarin@chromium.org
BUG=v8:6376

Review-Url: https://codereview.chromium.org/2874453002
Cr-Commit-Position: refs/heads/master@{#45216}
2017-05-10 05:48:21 +00:00
Mircea Trofin
619dfed4f7 Revert "Reland "Introducing an event loop mechanism for d8.""
This reverts commit 45bbf8041d.

Reason for revert: Still some flakes.

Original change's description:
> Reland "Introducing an event loop mechanism for d8."
> 
> This reverts commit 02595c60a3.
> 
> Original CL: https://chromium-review.googlesource.com/c/494968/
> 
> Bug: 
> Change-Id: I7441ed91ebb4a087cdf437ae3239f9b021110a11
> Reviewed-on: https://chromium-review.googlesource.com/500947
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45212}

TBR=bradnelson@chromium.org,bbudge@chromium.org,mtrofin@chromium.org,jochen@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Bug: 
Change-Id: Idf2ea0431865104042a68bd2dac944a9725bf3f9
Reviewed-on: https://chromium-review.googlesource.com/501370
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45215}
2017-05-10 04:50:19 +00:00
v8-autoroll
320d808e29 Update V8 DEPS.
Rolling v8/build: db1fe5b..5a162d8

Rolling v8/third_party/catapult: a263e55..0e86ab1

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: Ibe00f33fbdde392d015f9b825eb4e0ba64370fc6
Reviewed-on: https://chromium-review.googlesource.com/501212
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45214}
2017-05-10 03:33:27 +00:00
Jungshik Shin
50f37c2680 Prep for ICU 59 update (again)
During i18n code reorg, a couple of changes for ICU 59 prep were
lost. Add them back.

See https://codereview.chromium.org/2738503008/ for the original CL.

BUG=v8:6062
TEST=v8 can be compiled with ICU 59 (hash: c28886684 ).

Change-Id: Ie19a40a9e54d0a8966dbe8e072f9afabf9e85e4f
Reviewed-on: https://chromium-review.googlesource.com/499609
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45213}
2017-05-10 01:21:42 +00:00
Mircea Trofin
45bbf8041d Reland "Introducing an event loop mechanism for d8."
This reverts commit 02595c60a3.

Original CL: https://chromium-review.googlesource.com/c/494968/

Bug: 
Change-Id: I7441ed91ebb4a087cdf437ae3239f9b021110a11
Reviewed-on: https://chromium-review.googlesource.com/500947
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45212}
2017-05-10 01:02:42 +00:00
danno
fc274fbe99 Unify implementations of Map handles vectors and lists
This CL introduces a new type, MapHandles, which is a STL vector of Handle<Map>.
It is now used everywhere where lists of Handle<Maps> are required, replacing
usages of V8's internal List type.

Also-By: franzih@chromium.org
BUG=v8:6333,v8:6325
LOG=N

Review-Url: https://codereview.chromium.org/2809923002
Cr-Commit-Position: refs/heads/master@{#45211}
2017-05-09 22:36:00 +00:00
bbudge
a459f188fa [ARM] Implement irregular vector shuffles for SIMD.
- S32x4Shuffle by decomposing into s-register moves if no patterns match.
- S16x8Shuffle, S8x16Shuffle implemented with vtbl if no patterns match.

LOG=N
BUG=v8:6020

Review-Url: https://codereview.chromium.org/2856363003
Cr-Commit-Position: refs/heads/master@{#45210}
2017-05-09 21:04:27 +00:00
Mircea Trofin
e9a05114a8 Revert "Revert "Revert "Revert "Introducing an event loop mechanism for d8.""""
This reverts commit 266ff75630.

Reason for revert: Gerrit went ahead and committed my CL before I had a chance to upload the fix. 

Original change's description:
> Revert "Revert "Revert "Introducing an event loop mechanism for d8."""
> 
> This reverts commit 7dcc8effbd.
> 
> Reason for revert: Fixed: when running under --verify-predictable,
> because the PredictablePlatform runs either foreground and background
> tasks immediately, we don't need to support event looping.
> 
> Original change's description:
> > Revert "Revert "Introducing an event loop mechanism for d8.""
> > 
> > This reverts commit f7c25da680.
> > 
> > Reason for revert: Fixed
> > 
> > Original change's description:
> > > Revert "Introducing an event loop mechanism for d8."
> > > 
> > > This reverts commit de964dbe57.
> > > 
> > > Reason for revert:
> > > https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/17958
> > > 
> > > Original change's description:
> > > > Introducing an event loop mechanism for d8.
> > > > 
> > > > This mechanism ensures APIs like wasm async complete their work, 
> > > > without requiring use of natives (%APIs).
> > > > 
> > > > The mechanism is similar to the one used in content_shell,
> > > > which should allow us to easily port tests in that environment.
> > > > 
> > > > Review-Url: https://codereview.chromium.org/2842843005
> > > > Cr-Original-Commit-Position: refs/heads/master@{#44908}
> > > > Bug: 
> > > > Change-Id: I9deee0d256a600c60b42902fc8ef8478e5546344
> > > > Reviewed-on: https://chromium-review.googlesource.com/494968
> > > > Commit-Queue: Mircea Trofin <mtrofin@google.com>
> > > > Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#45165}
> > > 
> > > TBR=bradnelson@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org
> > > NOPRESUBMIT=true
> > > NOTREECHECKS=true
> > > NOTRY=true
> > > 
> > > Change-Id: Iafec2615d705d1990c57229cab3a988c00b5e12f
> > > Reviewed-on: https://chromium-review.googlesource.com/498630
> > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#45166}
> > 
> > TBR=bradnelson@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org,v8-reviews@googlegroups.com
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > 
> > Change-Id: Ic3c782e918326e291a6cb9bb349c609e9a340b09
> > Reviewed-on: https://chromium-review.googlesource.com/498430
> > Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> > Commit-Queue: Mircea Trofin <mtrofin@google.com>
> > Cr-Commit-Position: refs/heads/master@{#45172}
> 
> TBR=bradnelson@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org,v8-reviews@googlegroups.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> 
> Change-Id: If3036b3d4c89a88df3976924f11be88bfc5a6aa8
> Reviewed-on: https://chromium-review.googlesource.com/500867
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45207}

TBR=bradnelson@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Change-Id: I4ccf312bebd8c3451a749457a123d0e4f48a666b
Reviewed-on: https://chromium-review.googlesource.com/500868
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45209}
2017-05-09 19:58:25 +00:00
jyan
18c33c504a [wasm] Implement 128-bit endian swap for simd type
BUG=

Review-Url: https://codereview.chromium.org/2838943002
Cr-Commit-Position: refs/heads/master@{#45208}
2017-05-09 19:54:19 +00:00
Mircea Trofin
266ff75630 Revert "Revert "Revert "Introducing an event loop mechanism for d8."""
This reverts commit 7dcc8effbd.

Reason for revert: Fixed: when running under --verify-predictable,
because the PredictablePlatform runs either foreground and background
tasks immediately, we don't need to support event looping.

Original change's description:
> Revert "Revert "Introducing an event loop mechanism for d8.""
> 
> This reverts commit f7c25da680.
> 
> Reason for revert: Fixed
> 
> Original change's description:
> > Revert "Introducing an event loop mechanism for d8."
> > 
> > This reverts commit de964dbe57.
> > 
> > Reason for revert:
> > https://build.chromium.org/p/client.v8/builders/V8%20Linux/builds/17958
> > 
> > Original change's description:
> > > Introducing an event loop mechanism for d8.
> > > 
> > > This mechanism ensures APIs like wasm async complete their work, 
> > > without requiring use of natives (%APIs).
> > > 
> > > The mechanism is similar to the one used in content_shell,
> > > which should allow us to easily port tests in that environment.
> > > 
> > > Review-Url: https://codereview.chromium.org/2842843005
> > > Cr-Original-Commit-Position: refs/heads/master@{#44908}
> > > Bug: 
> > > Change-Id: I9deee0d256a600c60b42902fc8ef8478e5546344
> > > Reviewed-on: https://chromium-review.googlesource.com/494968
> > > Commit-Queue: Mircea Trofin <mtrofin@google.com>
> > > Reviewed-by: Jochen Eisinger <jochen@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#45165}
> > 
> > TBR=bradnelson@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > 
> > Change-Id: Iafec2615d705d1990c57229cab3a988c00b5e12f
> > Reviewed-on: https://chromium-review.googlesource.com/498630
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#45166}
> 
> TBR=bradnelson@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org,v8-reviews@googlegroups.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> 
> Change-Id: Ic3c782e918326e291a6cb9bb349c609e9a340b09
> Reviewed-on: https://chromium-review.googlesource.com/498430
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@google.com>
> Cr-Commit-Position: refs/heads/master@{#45172}

TBR=bradnelson@chromium.org,machenbach@chromium.org,mtrofin@chromium.org,mtrofin@google.com,jochen@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true

Change-Id: If3036b3d4c89a88df3976924f11be88bfc5a6aa8
Reviewed-on: https://chromium-review.googlesource.com/500867
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45207}
2017-05-09 19:54:04 +00:00
Igor Sheludko
b591fed43a Revert "[stubs] Properly convert the receiver for GetPropertyStub."
This reverts commit 26fdb617f5.

Reason for revert: v8:6378

Original change's description:
> [stubs] Properly convert the receiver for GetPropertyStub.
> 
> Call ToObject on the GetPropertyStub input first, so that lookups on
> Strings and other primitives don't automatically hit the runtime, i.e.
> as the stub is also used to lookup the special @@split and @@replace
> symbols for various String builtins.
> 
> BUG=v8:5269
> R=​ishell@chromium.org
> 
> Change-Id: I5dbbc84aa2051173bf10be71c782fbe448481034
> Reviewed-on: https://chromium-review.googlesource.com/488441
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44961}

TBR=ishell@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
BUG=v8:5269

Change-Id: I1e2e83b492d82656ead81ea35adbbcf5d324d2b8
Reviewed-on: https://chromium-review.googlesource.com/500135
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45206}
2017-05-09 19:07:41 +00:00
Adam Klein
18d2721952 [ignition] Avoid emitting unnecessary Jump in VisitSuspend()
Bug: v8:6351
Change-Id: I6a5b44486bac87e2b3cb9aa93808b2c7964d6202
Reviewed-on: https://chromium-review.googlesource.com/499508
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45205}
2017-05-09 18:48:37 +00:00
Wiktor Garbacz
4f5dcd4b4d [parser] Fix chunked utf8 stream handling.
BUG=v8:6377

Change-Id: I5bdd41bdda83d7efe4b37d24d44e2e8c2339a30a
Reviewed-on: https://chromium-review.googlesource.com/500168
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45204}
2017-05-09 18:41:00 +00:00
machenbach
63c5dd5dd4 Revert of [turbofan] Add alignment parameter to StackSlot operator (patchset #7 id:120001 of https://codereview.chromium.org/2816743003/ )
Reason for revert:
Seems to break cfi:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20cfi/builds/9989

Original issue's description:
> [turbofan] Add alignment parameter to StackSlot operator
>
> If alignment parameter is set, the memory returned by the
> StackSlot operator will be aligned according to the parameter.
>
> The implementation goes like this. If alignment parameter is set
> we allocate a bit more memory than actually needed and so we
> can move the beginning of the StackSlot in order to have it aligned.
>
>
> BUG=
>
> Review-Url: https://codereview.chromium.org/2816743003
> Cr-Commit-Position: refs/heads/master@{#45197}
> Committed: d8bfdb7a99

TBR=ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,bmeurer@chromium.org,ivica.bogosavljevic@imgtec.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2867403002
Cr-Commit-Position: refs/heads/master@{#45203}
2017-05-09 16:13:51 +00:00
Camillo Bruni
4a4699edac [tools] Adding heap_find gdb helper
heap_find walks all the page of the heap and finds the references to a given
address.

NOTRY=true

Change-Id: I3271ab96d0224acf2361fe5bc4c8b0a608caf091
Reviewed-on: https://chromium-review.googlesource.com/500190
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45202}
2017-05-09 15:27:01 +00:00
Camillo Bruni
2bd86a074e [tools] Add link_click chrome extension
This extension imitates user-interaction on a page by randomly clicking on
links matching a given regexp pattern.

Change-Id: I210bebf36ce6e3a3c785953010ce21528093d1af
NOTRY=true

Change-Id: I210bebf36ce6e3a3c785953010ce21528093d1af
Reviewed-on: https://chromium-review.googlesource.com/500247
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45201}
2017-05-09 15:25:21 +00:00
mvstanton
5c66d6fcd4 [turbofan] Create-lowering support for CreateGeneratorObject
We can inline the allocation of the generator object as long as our
closure is constant.

BUG=v8:6352

Review-Url: https://codereview.chromium.org/2867603002
Cr-Commit-Position: refs/heads/master@{#45200}
2017-05-09 14:51:33 +00:00
Tobias Tebbi
cdbf01ff97 [turbofan] check JSObject length in deoptimizer
Bug: 
Change-Id: I41442b9608b791d695dcb6324158bec994f34cee
Reviewed-on: https://chromium-review.googlesource.com/500310
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45199}
2017-05-09 14:47:44 +00:00
kozyatinskiy
e118462f18 [inspector] use creation stack trace as parent for async call chains
Creation stack trace points to the place where callback was actually chained, scheduled points where parent promise was resolved.
For async tasks without creation stack (e.g. setTimeout) we continue to use scheduled as creation since usually they are the same.

BUG=v8:6189
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2868493002
Cr-Commit-Position: refs/heads/master@{#45198}
2017-05-09 14:43:15 +00:00
ivica.bogosavljevic
d8bfdb7a99 [turbofan] Add alignment parameter to StackSlot operator
If alignment parameter is set, the memory returned by the
StackSlot operator will be aligned according to the parameter.

The implementation goes like this. If alignment parameter is set
we allocate a bit more memory than actually needed and so we
can move the beginning of the StackSlot in order to have it aligned.

BUG=

Review-Url: https://codereview.chromium.org/2816743003
Cr-Commit-Position: refs/heads/master@{#45197}
2017-05-09 14:25:35 +00:00
Jochen Eisinger
1c1e700ccd Make ICU a public dep of v8_base when building with i18n support
That's cleaner than having every target depending on v8 include icu
itself.

BUG=none
R=machenbach@chromium.org

Change-Id: Icaa9e8670718664041a6efe2622366c89b733f81
Reviewed-on: https://chromium-review.googlesource.com/500127
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45196}
2017-05-09 13:53:10 +00:00
bjaideep
c33b25bf63 Revert of PPC/s390: Reland: [TypeFeedbackVector] Store optimized code in the vector (patchset #1 id:1 of https://codereview.chromium.org/2861863003/ )
Reason for revert:
Original CL reverted.
Crashing on Canary
BUG=chromium:718891

Original issue's description:
> PPC/s390: Reland: [TypeFeedbackVector] Store optimized code in the vector
>
> Port 662aa425ba
>
> Original Commit Message:
>
>     Since the feedback vector is itself a native context structure, why
>     not store optimized code for a function in there rather than in
>     a map from native context to code? This allows us to get rid of
>     the optimized code map in the SharedFunctionInfo, saving a pointer,
>     and making lookup of any optimized code quicker.
>
>     Original patch by Michael Stanton <mvstanton@chromium.org>
>
> R=rmcilroy@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=v8:6246
> LOG=N
>
> Review-Url: https://codereview.chromium.org/2861863003
> Cr-Commit-Position: refs/heads/master@{#45111}
> Committed: d587812258

TBR=joransiu@ca.ibm.com,jyan@ca.ibm.com,michael_dawson@ca.ibm.com,rmcilroy@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=v8:6246

Review-Url: https://codereview.chromium.org/2870703003
Cr-Commit-Position: refs/heads/master@{#45195}
2017-05-09 13:46:17 +00:00
Michael Starzinger
6867bd6cf3 [asm.js] Move two unittests into the correct place.
R=clemensh@chromium.org

Change-Id: Iddbf8f2053318d90eaa3f469a36e67afca06b529
Reviewed-on: https://chromium-review.googlesource.com/500347
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45194}
2017-05-09 13:18:05 +00:00
Michael Achenbach
d790a99dc5 Reland "[test] Don't flatten testcfg globals"
This reverts commit dd9dbf4dd7.

Reason for revert: Fixed

Bug: v8:6375
Change-Id: Ied3fb991ba6f5774f5a2e6f13947b53f61196650
Reviewed-on: https://chromium-review.googlesource.com/500133
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45193}
2017-05-09 12:18:38 +00:00
Franziska Hinkelmann
5f98a061ca [cleanup] Make DebugObjectCache an std::vector.
There's no point in using our own implemention of List for this.

Bug:v8:6333

Change-Id: Ic239c9348bb17d61e41130a18e1c9f16cab9d8ee
Reviewed-on: https://chromium-review.googlesource.com/489503
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45192}
2017-05-09 12:14:38 +00:00
Michael Starzinger
a74ac8fa3e [asm.js] Remove deprecated foreign globals plumbing.
R=clemensh@chromium.org
BUG=v8:6127

Change-Id: I4f20eae61f47eaa300ba54269c68eefa910b68da
Reviewed-on: https://chromium-review.googlesource.com/500068
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45191}
2017-05-09 11:58:49 +00:00
Michael Starzinger
d40c6abd17 [asm.js] Cleanup vector use in WasmModuleBuilder.
R=clemensh@chromium.org

Change-Id: Ifa9f0f510bc5b864ebba199603919adb6a35d3a1
Reviewed-on: https://chromium-review.googlesource.com/500267
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45190}
2017-05-09 11:51:49 +00:00
Michael Starzinger
17d1530d21 [asm.js] Fix and test assignment to function imports.
This tests and fixes validation failures caused by assignments to
variables holding functions references (which are all considered
immutable). Such references can come from "stdlib" or "foreign".

R=clemensh@chromium.org
TEST=mjsunit/asm/global-imports
BUG=chromium:719382

Change-Id: Ic02be765e0773a6cc74a54e11a09d42ffb683cb8
Reviewed-on: https://chromium-review.googlesource.com/500188
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45189}
2017-05-09 11:19:45 +00:00
Michael Achenbach
dfddbd2d2a [test] Load the same suites in sub and parent test processes
Before this fix, all existing suites would get wastefully initialized in each subprocess.

Bug: v8:6375
Change-Id: I68d961cde143754724735aecbac605852f89c7d9
Reviewed-on: https://chromium-review.googlesource.com/500187
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45188}
2017-05-09 10:46:21 +00:00
Loo Rong Jie
e77ae92738 Fix print-bytecode in release build without setting OBJECT_PRINT
Before this, --print-bytecode flag was available in all Release builds
but did not actually print the bytecodes because OBJECT_PRINT is not set.

The output was pretty confusing:

[generating bytecode for function: ]
000002115442ABE9 <BytecodeArray[27]>[generating bytecode for function: main]
000002115442B069 <BytecodeArray[114]>[generating bytecode for function: Primes]
000002115442B729 <BytecodeArray[63]>[generating bytecode for function: Int32Array]
000002115442BB51 <BytecodeArray[175]>[generating bytecode for function: Primes.getPrimeCount]
000002115442BE81 <BytecodeArray[7]>[generating bytecode for function: Primes.isPrimeDivisible]
000002115442BFC9 <BytecodeArray[71]>[generating bytecode for function: Primes.addPrime]
000002115442C1C1 <BytecodeArray[31]>[generating bytecode for function: Primes.getPrime]
000002115442D7B1 <BytecodeArray[14]>

With this CL, --print-bytecode flag will always output bytecode, but
detailed info about constant pool and handler table are still guarded.

Bug:NO

Change-Id: Ie03be74520f45659303d1658da5b2acc02cf1b36
Reviewed-on: https://chromium-review.googlesource.com/497808
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Loo Rong Jie <loorongjie@gmail.com>
Cr-Commit-Position: refs/heads/master@{#45187}
2017-05-09 10:45:16 +00:00
jshin
f64f984603 Work around for crbug.com/719609
Temporarily disable check for Etc/GMT and take it as well as
Etc/UTC until the root cause of crbug.com/719609 is found.

BUG=chromium:719609,v8:6252
TBR=adamk@chromium.org

Review-Url: https://codereview.chromium.org/2872873002
Cr-Commit-Position: refs/heads/master@{#45186}
2017-05-09 10:42:03 +00:00
bmeurer
d412cade2a [turbofan] Don't mix element accesses with incompatible representations.
Due to speculative optimizations, the compiler can run into situations
where it's asked perform impossible operations, like loading a tagged
element as a float64 instead. All of this is guaranteed to be in dead
code (unless there's a bug), but leads to confusion and violates
assumptions in the compiler (that make perfect sense for code that is
not dead). So teach LoadElimination not to mix up element accesses with
incompatible representations.

BUG=chromium:719479
R=jarin@chromium.org

Review-Url: https://codereview.chromium.org/2866233002
Cr-Commit-Position: refs/heads/master@{#45185}
2017-05-09 10:16:13 +00:00
mlippautz
4aa5241fe9 [heap] Factor out marking state of array buffer tracker
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2870683003
Cr-Commit-Position: refs/heads/master@{#45184}
2017-05-09 10:09:20 +00:00
Mythri
40ccadb619 [Interpreter] Inline the collection of feedback for Equals bytecode handler.
This is the next in the series of simplifying the logic to collect feedback
in compare bytecode handlers. An earlier cl (
https://chromium-review.googlesource.com/c/483399/) modified StrictEquals
bytecode handler. This cl inlines the type feedback collection for the
Equalbytecode handler.

Bug: v8:4280
Change-Id: I36210a2412bb84a3fdb982aabccf8cdefe87e30e
Reviewed-on: https://chromium-review.googlesource.com/498447
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45183}
2017-05-09 10:09:04 +00:00
Michael Achenbach
dd9dbf4dd7 Revert "Reland "[test] Don't flatten testcfg globals""
This reverts commit 9a90717d95.

Reason for revert: Erroneous submit...

Original change's description:
> Reland "[test] Don't flatten testcfg globals"
> 
> This reverts commit 4fdf7cdfe0.
> 
> Reason for revert: Fixed
> 
> Original change's description:
> > Revert "[test] Don't flatten testcfg globals"
> > 
> > This reverts commit 4fa473cb75.
> > 
> > Reason for revert: Problems when v8 isn't located in a folder called "v8".
> > 
> > Original change's description:
> > > [test] Don't flatten testcfg globals
> > > 
> > > This loads each test's testcfg.py as a unique module rather than flattening all into testcfg. Other than accessing LoadTestSuite there should be no references into testcfg files.
> > > 
> > > Bug: v8:6375
> > > Change-Id: If863c1b35096b2589111e8091bb7d68f135da674
> > > Reviewed-on: https://chromium-review.googlesource.com/498807
> > > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#45178}
> > 
> > TBR=jkummerow@chromium.org,machenbach@chromium.org
> > NOPRESUBMIT=true
> > NOTREECHECKS=true
> > NOTRY=true
> > Bug: v8:6375
> > 
> > Change-Id: I3600b54279c0d98a39475432c5b2163f510153f0
> > Reviewed-on: https://chromium-review.googlesource.com/500130
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#45180}
> 
> TBR=jkummerow@chromium.org,machenbach@chromium.org,v8-reviews@googlegroups.com
> NOPRESUBMIT=true
> NOTREECHECKS=true
> NOTRY=true
> Bug: v8:6375
> 
> Change-Id: I8198b74ff8e1c3aa179769bef24f204dc705da67
> Reviewed-on: https://chromium-review.googlesource.com/500131
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#45181}

TBR=jkummerow@chromium.org,machenbach@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Bug: v8:6375

Change-Id: Id8ab1c3482806b613a024d4fff5c84a7ab0d2b0b
Reviewed-on: https://chromium-review.googlesource.com/500132
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45182}
2017-05-09 09:56:35 +00:00