Commit Graph

22057 Commits

Author SHA1 Message Date
Pierre Langlois
93716b9e71 [snapshot] Add support for native counters.
Counters in generated code, as enabled with --native-code-counters, do not work
in the snapshot. This adds a `v8_enable_snapshot_code_counters` build option
enabled by defaut in debug mode that allows code from the snapshot to increment
the current isolate's set of counters.

For this to work, we need to add native code counters in the external reference
table.

To keep the no snapshot configuration similar, we've also enabled the
--native-code-counters flag by default for debug builds.

Change-Id: I4478b79858c9b04f57e06e7ec67449e9e3a76f53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528998
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60495}
2019-03-27 17:45:50 +00:00
Ben L. Titzer
766edfc85e [asmjs] Check function body size limit
R=mstarzinger@chromium.org
BUG=chromium:944945

Change-Id: I9cd83118fd27556197bfd5c4597b4678fc97ee32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541479
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60494}
2019-03-27 17:20:20 +00:00
Sigurd Schneider
613a1c2f3a [cctest] Add V8_EXPORT_PRIVATE for cctest (wasm part)
Bug: v8:9020
Change-Id: I3a939d65ec8468f034d4670d9b14a911e5ef5a61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541044
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60492}
2019-03-27 13:59:46 +00:00
Igor Sheludko
2ee43006ab [regexp] Refactor Regexp.prototype[@@replace]
Tbr: jgruber@chromium.org
Bug: chromium:944971
Change-Id: I2dcbfae638848c11eac4e262c3d636f33c3f24a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541477
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60490}
2019-03-27 13:15:16 +00:00
Clemens Hammacher
6111c6104a [wasm] Fix missing GC visit of instance elements
The elements of a {WasmInstanceObject} were not visited during GC,
leading to crashes when using them later.
This CL fixes this by visiting the whole {JSObject} header, consisting
of properties and elements.

R=titzer@chromium.org

Bug: chromium:839919, chromium:946350
Change-Id: I070fb3e6a7fd87a7288fc68b284100a2f9c72e9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541237
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60488}
2019-03-27 13:04:26 +00:00
Junliang Yan
a5d23e81fd s390x: skip regress-crbug-178790 on debug mode
regress-crbug-178790 test can cause overflow on debug mode

Drive-by: clean up simulator skiped tests
Change-Id: Iec6151518fe1814e8eefcaaf09439782a2d29426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539791
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60485}
2019-03-27 12:03:56 +00:00
Z Duong Nguyen-Huu
34e1c07110 Improve test coverage for non-extensible array in optimized code
This cover all test files under mjsunit/compiler/array-*

Bug: v8:6831
Change-Id: I7a5632ccb3895a6e23ebfb92598dd1939de133b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1531030
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60484}
2019-03-27 11:08:36 +00:00
Bill Budge
1c378d02c1 [wasm simd] Fix F32x4Min/Max bug with signaling NaNs.
- Fixes a bug where signaling NaNs are converted to
  Infinities rather than quiet NaNs.

Bug: v8:6020,v8:8639
Change-Id: I2601378f06f1987983f2b93e8970f401333073be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536911
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60480}
2019-03-27 01:10:48 +00:00
Frank Tang
af8aef071f Roll test262
Bug: v8:7834
Change-Id: I513f13033dd9aab72a78feb45ec5181183f9cc51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538833
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60477}
2019-03-26 21:39:06 +00:00
Georg Neis
b9076b4976 [csa] Fix instanceof for LHS with proxy in prototype chain
If the LHS has a proxy in its prototype chain (or is itself one), then
the LHS's [prototype_or_initial_map] being the hole does not necessarily
imply that the result is false.

This CL also adds support for --force-slow-path, which would have been
useful in finding this bug earlier.

Bug: v8:9036
Change-Id: I6f5134d6ce18f9f14549ced3d33527f54ce9bcb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539497
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60476}
2019-03-26 19:35:25 +00:00
Michael Achenbach
470aaf6699 Revert "[wasm] Implement table.init for interpreter"
This reverts commit 63608968b6.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19535

Original change's description:
> [wasm] Implement table.init for interpreter
> 
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
> 
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}

TBR=binji@chromium.org,mstarzinger@chromium.org

Change-Id: Iee528ac2f16988b25579af3555e6f17974cb0b05
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8965
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539498
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60474}
2019-03-26 19:27:00 +00:00
Ben Smith
63608968b6 [wasm] Implement table.init for interpreter
This also fixes CheckCallViaJS when a trap occurs. In that case, the
trap callback is called instead of an exception being thrown, so if it
isn't handled, a bogus result will be returned instead.

Bug: v8:8965
Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60473}
2019-03-26 18:49:16 +00:00
Deepti Gandluri
fff8b5ca1d [wasm-simd] Fix Interpreter BitSelect and Boolean reductions
- Swap BitSelect operand order
 - Simplify, fix bugs for reductions

Bug: v8:8636, v8:8665
Change-Id: I9f43ac8007f9ecb317b1ffa4f99e9c249c58a2dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534972
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60472}
2019-03-26 18:12:02 +00:00
Sigurd Schneider
6d0fe3e45a [cleanup] Free 400 targets from the draconic reign of..
..ordered-hash-table.h.

Bug: v8:8834
Change-Id: Ibb79006beb020d06bc516d9a2dac81015a403728
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538518
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60461}
2019-03-26 10:56:21 +00:00
Georg Neis
294671e832 [turbofan] Support GetSuperConstructor in serializer
Drive-by: also add support for trivial bytecodes such as LdaFalse.

Bug: v8:7790
Change-Id: I72626500096310899d37d57e3d0dd3bd54fddff4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532066
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60460}
2019-03-26 10:23:55 +00:00
Mike Stanton
539017b0b6 [Builtins] Make it harder to store signalling NaNs in Torque/CSA
The bottlenecks to prevent storing signalling NaNs in backing stores
were not perfect. This change makes it harder by ensuring that all
the Torque-side "[]=" operator overloads for FixedDoubleArray stores
have signalling NaNs silenced.

Bug: chromium:944435
Change-Id: I295d9b34f4c896db30989bb9db1a2b452daa03ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538517
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60459}
2019-03-26 10:22:50 +00:00
Frank Tang
7b2d7d4528 [Intl] Only use DecimalFormat
Force to use locale with extension if the created NumberFormat
is not a DecimalFormat.
Check the dynamic class id.
Guard DecimalFormat casting code

Bug: v8:9035
Change-Id: Id32a3f652b93ddfca82f95f30ad2107b364ee7fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536571
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60452}
2019-03-26 00:28:47 +00:00
Mythri
7629afdb9d [lite] Allocate feedback vectors lazily
Allocate feedback vectors lazily when the function's interrupt budget has
reached a specified threshold. This cl introduces a new field in the
ClosureFeedbackCellArray to track the interrupt budget for allocating
feedback vectors. Using the interrupt budget on the bytecode array could
cause problems when there are closures across native contexts and we may
delay allocating feedback vectors in one of them causing unexpected
performance cliffs. In the long term we may want to remove interrupt budget
from bytecode array and use context specific budget for tiering up decisions
as well.

Bug: v8:8394
Change-Id: Ia8fbb71f5e8543a92f14c44aa762973da82d445c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520719
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60450}
2019-03-25 16:02:38 +00:00
Igor Sheludko
26ffe82e70 [classes] Properly handle static length computed property
Bug: chromium:913943
Change-Id: I2f7774ca1ea0a7855620a99d7e26cd764260129b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538124
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60449}
2019-03-25 15:35:08 +00:00
Benedikt Meurer
a2af7e1101 [tracing] Improve tracing signals for compilation/optimization.
This adds OBJECT/SNAPSHOT trace events for Script and SharedFunctionInfo
objects, logging their creation with appropriate information to make
sense of them.

Based on that we introduces five flow events to model the optimized
compilation via tracing in the "disabled-by-default-v8.compile" category:

  - "v8.optimizingCompile.start" logs the creation of the
    PipelineCompilationJob (for TurboFan JavaScript optimization)
    with the "function" argument referring to the trace event
    object created for the SharedFunctionInfo.
  - "v8.optimzingCompile.prepare" logs the preparation of the
    PipelineCompilationJob on the main thread, also carrying the
    "function" argument. This connects the flow event to the actual
    tracing duration event associated with the preparation phases.
  - "v8.optimizingCompile.execute" logs the (usually concurrent)
    optimization of the TurboFan graph (again with "function").
  - "v8.optimizingCompile.finalize" logs the main thread phase which
    finalizes the optimized code and eventually installs it (in case
    of success).
  - "v8.optimizingCompile.end" signals the end of the
    PipelineCompilationJob, which carries the "compilationInfo",
    that contains the interesting bits of the OptimizedCompilationInfo,
    specifically whether the compile was successfull and which functions
    were inlined for example.

This also adds two instant events "V8.AbortOptimization" and
"V8.RetryOptimization" in "disabled-by-default-v8.compile" category
that are emitted when TurboFan cannot optimize a certain function.
In case of "V8.RetryOptimization", TurboFan might be able to optimize
it later, whereas "V8.AbortOptimization" permanently disables the
optimization of a given function. The JSON representation of this is

```js
{
  "pid": 256639,
  "tid": 256639,
  "ts": 6935411377801,
  "tts": 159116,
  "ph": "I",
  "cat": "disabled-by-default-v8.compile",
  "name": "V8.AbortOptimization",
  "dur": 0,
  "tdur": 0,
  "args": {
    "reason": "Function is too big to be optimized",
    "function": {
      "id_ref": "0x600000001",
      "scope": "v8::internal::SharedFunctionInfo"
    }
  }
},
```

where the "function" refers to a previously emitted SNAPSHOT for the
function in question. In the trace viewer it will show up as instant
event under "v8.optimizingCompile.prepare" in case of the relevant
example where optimization is disabled due to reaching the bytecode
limit (as in the JSON above), i.e. it'll look something like this

  https://i.paste.pics/aafc2de9df10ea8f5acc1a761d80f07b.png

for the example highlighted in the recent blog post

  https://ponyfoo.com/articles/javascript-performance-pitfalls-v8

that describes the optimization limit. The "v8.optimizingCompile.end"
duration event will also carry this information as part of the
"compilationInfo" object, but specifically for CI tools, etc. it might
be a whole lot easier to just look for the "V8.AbortOptimization"
instant event.

Bug: v8:8598, v8:9039
Tbr: ulan@chromium.org
Doc: bit.ly/v8-tracing-signals
Change-Id: Ic87ac336004690c65b6b15ad73bc6fbd4b5f12c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511483
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60448}
2019-03-25 14:49:08 +00:00
Sigurd Schneider
24038b9357 Revert "[heap] Clean-up keys of oldspace weakmaps during scavenge"
This reverts commit 6604f1826d.

Bug: chromium:945341

Original change's description:
> [heap] Clean-up keys of oldspace weakmaps during scavenge
> 
> This CL adds handling for cleaning up weakmap (EphemeronHashTable)
> keys during scavenge, even if the weakmap resides in oldspace.
> 
> Change-Id: If8d711c050ddbcae4dd6e8da549e0c0d08ba47b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523787
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60432}

TBR=ulan@chromium.org,jarin@chromium.org,sigurds@chromium.org,leszeks@chromium.org

Change-Id: I9dd9b11990a262a457fd1bedc2b45b4a786a81f7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538133
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60447}
2019-03-25 14:31:03 +00:00
Michael Starzinger
080fa87143 [asm.js] Fix break depth calculation for named blocks.
The target of a 'break' statement without a provided label must be a
regular block belonging to a surrounding loop or switch statement, named
blocks (i.e. the one that just define a label) on the other hand must be
targeted specifically with the provided label (and not implicitly). This
fixes the behavior by introducing a dedicated {BlockKind::kNamed} for
this purpose.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-9022
BUG=v8:9022

Change-Id: I94c3d5b1196ed94b8b1b31f6eb3b68070cf324e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538126
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60445}
2019-03-25 14:00:58 +00:00
Sigurd Schneider
368d04bd1b Revert "[debug] Mark toLocaleString and TA#join builtins as side-effect free."
This reverts commit 660d828790.

Reason for revert: breaks no-i18n build:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/25919

Original change's description:
> [debug] Mark toLocaleString and TA#join builtins as side-effect free.
> 
> Bug: chromium:940373
> Change-Id: If5f90ff5f873f0687c6a6a4063e0d09d6bbbd556
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533157
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#60440}

TBR=yangguo@chromium.org,peter.wm.wong@gmail.com,petermarshall@chromium.org,szuend@chromium.org

Change-Id: I5ee52f8f37bea83e80c53838d232332cb3486640
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:940373
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538132
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60444}
2019-03-25 13:57:10 +00:00
Peter Marshall
bad7b827f0 [cleanup] Clean up trace event tests by removing macros
The macros take implicit local arguments and make the tests harder to
read. Remove the macros and add a helper to get size directly given
this is the only use of the helper that returns the whole list.

Remove the typedef of vector of trace events, because it is only used
in two places now and is also called 'list' not vector.

Use unique pointers for the ownership of MockTraceObject.

Change-Id: Iec495c436cf7326224137321a84035c817622eaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538131
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60443}
2019-03-25 13:46:58 +00:00
peterwmwong
660d828790 [debug] Mark toLocaleString and TA#join builtins as side-effect free.
Bug: chromium:940373
Change-Id: If5f90ff5f873f0687c6a6a4063e0d09d6bbbd556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533157
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60440}
2019-03-25 13:20:14 +00:00
Jaroslav Sevcik
149b82230e [turbofan] Only lower constant load if feedback agrees with receiver map.
Bug: chromium:945187
Change-Id: I564a4495f13651ea9fdf1b95c25658b92ff9de49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538125
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60437}
2019-03-25 13:06:04 +00:00
Sigurd Schneider
6604f1826d [heap] Clean-up keys of oldspace weakmaps during scavenge
This CL adds handling for cleaning up weakmap (EphemeronHashTable)
keys during scavenge, even if the weakmap resides in oldspace.

Change-Id: If8d711c050ddbcae4dd6e8da549e0c0d08ba47b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523787
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60432}
2019-03-25 10:52:57 +00:00
Clemens Hammacher
83f76ba3b5 [wasm] Rename inl headers that can be plain headers
Both js-to-wasm-wrapper-cache-inl.h and wasm-import-wrapper-cache-inl.h
do not include any inl headers, thus they can be plain headers. If they
ever need to include inl headers again, we should split out the
respective functions into a separete inl header to follow the usual
pattern to have *both* a plain header *and* an inl header.

R=mstarzinger@chromium.org

Bug: v8:8834
Change-Id: I1b1b917a8e2c47f1354522479f8c57475bee6244
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535826
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60431}
2019-03-25 10:48:34 +00:00
Sigurd Schneider
9298d21863 [js-perf-test] Add more WeakMap perf tests
Bug: v8:8557
Change-Id: I213b5944de72eb09a18e44789539b6b420e68068
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538117
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60430}
2019-03-25 10:47:29 +00:00
Andreas Haas
8cbcae37db [wasm] Handle rejected input promise in WebAssembly.compileStreaming
In the implementation of WebAssembly.compileStreaming and
WebAssembly.instantiateStreaming, we did not handle the case where the
input, which is a Promise, gets rejected. When this Promise got
rejected, the Promise returned by compileStreaming remained pending
forever.

With this CL, the rejection object of the input Promise gets forwarded
to the result Promise.

I also extended the --wasm-test-streaming flag to provide
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming
in d8. The difference to the Chrome versions of these function is
that d8 does not know about Response objects. That's why in d8
compileStreaming and instantiateStreaming expect a Promise to an
ArrayBuffer or a TypedArray and not to a Response object.

Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Bug: chromium:943487
Change-Id: I77f789e9ae5d50ae9c9bc92bf27dbfe338fe0f13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535817
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60427}
2019-03-25 10:18:23 +00:00
Frank Tang
73c56a507a [Intl] Implement proposal-intl-DateTimeFormat-formatRange
https://rawgit.com/fabalbon/proposal-intl-DateTimeFormat-formatRange/master/out/

Design Doc https://goo.gl/PGUQ1d

Bug: v8:7729
Change-Id: I38b53ffdf610400b4132a25da99dac4be67bdf4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510574
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60418}
2019-03-24 16:35:01 +00:00
Sathya Gunasekaran
33fa605a86 [test262] Clean up Test262 status file
These flags are no longer necessary.

Change-Id: Id686b2820ba05d7400cdb8ef9bb7f95c01cbe698
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536451
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60416}
2019-03-22 23:26:49 +00:00
Bill Budge
aa706218d6 [wasm simd] Make F32x4Min/Max IEEE 754 compliant
- Changes min and max sequences to propagate NaNs and signed
  zeroes.

- Note that NaN propagation must preserve canonical NaNs. This is
  achieved by always returning canonical NaNs. This is also
  consistent with the WebAssembly scalar math spec.

Bug: v8:8639
Change-Id: I04fdefabc54ea60f4d02e2081c32444a02dd6a83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524634
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60414}
2019-03-22 18:26:23 +00:00
Georg Neis
95b09e3e98 [turbofan] Support named access on global proxy in serializer
Process feedback and hints for Lda/StaNamed bytecodes w.r.t. access on
the global proxy. This stores the property cells (or their absence) on
the JSGlobalProxyData.

Bug: v8:7790
Change-Id: Iadedea5494611c1b2ed38b6ce75687e084cc27f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499499
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60411}
2019-03-22 14:23:53 +00:00
Sigurd Schneider
85017f0428 Reland "Reland "[regalloc] Introduce deferred fixed ranges""
This is a reland of 1ca088652d

Original change's description:
> Reland "[regalloc] Introduce deferred fixed ranges"
> 
> This is a reland of b176931311
> 
> Original change's description:
> > [regalloc] Introduce deferred fixed ranges
> > 
> > Fixed ranges are used to express register constraints in the
> > allocator. This change splits these fixed ranges into one for
> > normal code and deferred code. The former are handeled as before
> > whereas the latter are only made visible while allocating
> > registers for deferred code.
> > 
> > This prevents forward looking decisions in normal code to be
> > impacted by register constraints from deferred code.
> > 
> > Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60322}
> 
> Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60364}

Change-Id: If4a956716e7e4de132f706be2c395cdfdc04ec94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532328
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60408}
2019-03-22 10:49:16 +00:00
Sven Sauleau
b2de74410c [wasm] fix special parameter in int64-lowering
In the int64 lowering pass some parameter nodes are considered special
and don't require any transformation. For instance the Wasm instance.

With the experimental-wasm-bigint proposal, two new special parameters
are going through the pass, this CL avoids transforming them.

Change-Id: Ie99ffaff125b9ef8c56e1883aac9e18e4072fc3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532336
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60404}
2019-03-22 07:49:31 +00:00
Georg Neis
e80082bf54 [turbofan] Add missing map checks in a reducer
ReduceArrayIndexOfIncludes didn't account for kUnreliableReceiverMaps.
Will think about a more robust mechanism for this.

Bug: chromium:944062
Change-Id: Ib2bdaf4399225de4413e12c5684f58dfe524a2cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532331
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60400}
2019-03-21 21:25:01 +00:00
Sergiy Belozorov
aca2c9e606 Remove old JSTests config
R=machenbach@chromium.org, tmrts@chromium.org

Bug: chromium:923304
Change-Id: I65898b7edea8d696d957a8ba19809484e663cb27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533864
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60399}
2019-03-21 21:16:02 +00:00
Ben Smith
8a7f562e14 [wasm] Implement bulk memory table.copy in interpreter
Most of the mjsunit/wasm/table-copy.js tests have been ported to
cctests, so they can be tested with all execution tiers.

Bug: v8:8965
Change-Id: I448719be30a4b2bddb9e2cffb4c74d3134db2f50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529548
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60396}
2019-03-21 16:26:20 +00:00
Sergiy Belozorov
a617f38fd1 Split JSTests benchmark into 5 smaller shards
The original config will be removed after infra-side change will land and start
using new configs.

R=machenbach@chromium.org, tmrts@chromium.org

Bug: chromium:923304
Change-Id: I5323f0d01724cef2472592bd8e5beb15de232346
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533863
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60395}
2019-03-21 16:01:20 +00:00
Santiago Aboy Solanes
c0556c162b [Turbofan][ptr-compr] Handle "compress changes" in the instruction selector
Said instructions look like ChangeTaggedXXXToCompressedXXX and
ChangeCompressedXXXToTaggedXXX for XXX in ("", "Pointer", "Signed").

This change only affects 64 bit architectures (both for x64 and arm64).

Also added tests for the machine operators.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977
Change-Id: I239d9de7f214424852e75b5d56996e8dfdacd400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526009
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60393}
2019-03-21 14:46:11 +00:00
Milad Farazmand
872e6e887e PPC skipping regress-crbug-941743 test on simulator
Above test passes on simulator but may take up to a few mintues. Test passes normally on native PPC.

Change-Id: I89b8feca1f6f0da41a5aff7c004718f0b63f76ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532343
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60387}
2019-03-21 12:08:32 +00:00
Michael Lippautz
c4eae87a1a heap: Fix incremental-concurrent processing of large FixedArray
FixedArray object in LO space are processed incrementally in ranges of slots
size kProgressBarScanningChunk to reduce latency when returning to the
processing loop is critical. A progress bar stores how much slots have been
processed already.

In the case of regular concurrent marking there was a guarantee that the
object was only processed by one thread (main *or* concurrent marking
thread) at the same time.

However, some optimizations that avoid write barriers for each
individual write operation emit a batched write barrier that requires
re-visiting the FixedArray for the marking barrier. In such cases, the
progress bar would be reset using relaxed stores which is problematic as
the concurrent marking thread could race on setting its own progress on the
progress bar. As a result, the array would only be re-scanned partially.

The fix involves using CAS to set the progress bar and bail out in the
case an inconsistent state was observed.

In the following:
MT... main thread
CM... concurrent marking thread

The interesting cases are:
1. MT *or* CM processes the array without interfering: Progress bar is
   updated monotonically without failing.
3. MT interferes with itself: The progress bar is just reset and the main
   thread will restart scanning from index 0. The object is added twice to
   the marking worklist and processed each time one of the entries is
   retrieved from the worklist.
4. MT interferes with CM:
   4.a.: CM processes a range of slots and re-adds the left overs by
   setting the progress bar and re-adding the array to the worklist.  In
   this case CM *and* MT process the array from index 0. The first time
   the CAS for setting the progress bar fails on either of the threads,
   the looser will bail out and leave processing for the winner.
   4.b.: CM is interrupted while processing a range of the array and
   fails in setting the progress bar for the left overs. In this case
   the CM bails out right away and the main thread starts processing
   from index 0.

In addition, there is a transition from index 0 to the index of the
first actual slot. This transition makes it possible to observe a reset
while processing the first actual chunk of slots.

Bug: chromium:942699
Change-Id: I0b06f47ee075030dadfc959528cd77b6b69bbec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532325
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60385}
2019-03-21 09:21:58 +00:00
Pierre Langlois
2970249a72 [mjsunit] Do not generate compiler traces for the entire snapshot.
The `compiler-trace-flags.js` test just makes sure the various --trace-turbo*
flags do not cause V8 to crash. However, on builds with no snapshot, they would
generate a *lot* of output as they were tracing the compiler while generating
the snapshot.

Let's set the `--trace-turbo-filter` flag to make sure we only trace the test
functions. Sadly, WASM functions do not have a name, just an index, so we have
to split this test into two.

Bug: chromium:943064
Cq-Include-Trybots: luci.v8.try:v8_win_nosnap_shared_rel_ng
Change-Id: I30b3935f63d412ab8c96cc5156d342c428229865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532078
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#60383}
2019-03-21 09:01:29 +00:00
Andreas Haas
2d9ec0a420 Reland: [wasm][anyref] Add support of call-indirect for multiple tables
The reason for the revert was that Liftoff did not bail out on indirect
calls to tables other than table 0. Whenever the Liftoff code got
executed, the test would fail.

Original message:
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.

The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.

R=mstarzinger@chromium.org

Bug: v8:7581
Change-Id: Iedd56ee7acb281441bca32ffd3dc7157203ee1ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532072
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60382}
2019-03-21 08:42:48 +00:00
Sigurd Schneider
21a471f2d8 Revert "Reland "[regalloc] Introduce deferred fixed ranges""
This reverts commit 1ca088652d.

Reason for revert: Regressions across the board

Original change's description:
> Reland "[regalloc] Introduce deferred fixed ranges"
> 
> This is a reland of b176931311
> 
> Original change's description:
> > [regalloc] Introduce deferred fixed ranges
> > 
> > Fixed ranges are used to express register constraints in the
> > allocator. This change splits these fixed ranges into one for
> > normal code and deferred code. The former are handeled as before
> > whereas the latter are only made visible while allocating
> > registers for deferred code.
> > 
> > This prevents forward looking decisions in normal code to be
> > impacted by register constraints from deferred code.
> > 
> > Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60322}
> 
> Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60364}

TBR=jarin@chromium.org,sigurds@chromium.org,herhut@chromium.org

Change-Id: Id8ad6c39774e38dd67decea997e08a4c58c452ec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532327
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60381}
2019-03-21 08:34:17 +00:00
Ben Smith
1a88414c41 [wasm] Call through dispatch table in interpreter
When running wasm tests, the interpreter previously used a static
collection of function indexes stored in WasmTable to perform
call_indirect calls internal to that module. This has the wrong behavior
if the table is changed (via WasmTableObject::Set, `table.copy`, or
`table.init`).

This CL changes the cctests to always generate an intepreter entry for
all functions, and stores those entries in the dispatch table. This
allows us to use the same execution path as for non-testing code.

The interpreter entry compiler needed to be changed to support
multi-value returns too, since a 64-bit integer return value may be
lowered to two 32-bit integer returns.

Bug: v8:9016
Change-Id: I277df21ffde5c2eee0b691fcc9bab2b1a43eeffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1531137
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60380}
2019-03-21 07:35:27 +00:00
Frank Tang
fb63e5cf55 [Intl] Fix output of hour:'2-digit', hour12: true
Bug: chromium:527926
Change-Id: I783ba59c6e4b117163e058032fb04283e1f43c46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529260
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60379}
2019-03-21 07:34:22 +00:00
Suraj Sharma
f43e8845b5 [parser] Improve parse error message for missing name in FunctionDeclaration
Added a new Error Message for Missing Function Name.

The program:

function(){}

...now produces:
	SyntaxError: Function statements require a valid function name.

...instead of:
	SyntaxError: Unexpected Token (

Bug: v8:3698, v8:6513
Change-Id: I3c12dfcfe80b94209aa9af434ae1d212970cf362
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1500914
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60376}
2019-03-20 16:46:29 +00:00
Leszek Swirski
9f6ddb48a0 Revert "V8 x64 backend doesn't emit ABI compliant stack frames"
This reverts commit 3cda21de77.

Reason for revert: Breaks the roll on Windows (see https://cr-buildbucket.appspot.com/build/8918477701097622400)

Original change's description:
> V8 x64 backend doesn't emit ABI compliant stack frames
> 
> On 64 bit Windows, the OS stack walking does not work because the V8 x64
> backend doesn't emit unwinding info and also because it doesn't emit ABI
> compliant stack frames. See
> https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0/edit
> for more details.
> 
> This problem can be fixed by observing that V8 frames usually all have the same
> prolog and epilog:
> 
> push rbp,
> mov rbp, rsp
> ...
> pop rbp
> ret N
> 
> and that it is possible to define XDATA (UNWIND_CODEs) that specify how Windows
> should walk through V8 frames. Furthermore, since V8 Code objects are all
> allocated in the same code-range for an Isolate, it is possible to register a
> single PDATA/XDATA entry to cover stack walking for all the code generated
> inside that code-range.
> 
> This PR contains changes required to enable stack walking on Win64:
> 
> EmbeddedFileWriter now adds assembler directives to the builtins
> snapshot source file (embedded.cc) to emit additional entries in the .pdata and
> in the .xdata section of the V8 executable. This takes care of stack walking
> for embedded builtins. (The case of non-embedded builtins is not supported).
> The x64 Assembler has been modified to collect the information required to emit
> this unwind info for builtins.
> 
> Stack walking for jitted code is handled is Isolate.cpp, by registering
> dynamically PDATA/XDATA for the whole code-range address space every time a new
> Isolate is initialized, and by unregistering them when the Isolate is
> destroyed.
> 
> Stack walking for WASM jitted code is handled is the same way in
> wasm::NativeModule (wasm/wasm-code-manager.cpp).
> 
> It is important to note that Crashpad and Breakpad are already registering
> PDATA/XDATA to manage and report unhandled exceptions (but not for embedded
> builtins). Since it is not possible to register multiple PDATA entries for the
> same address range, a new function is added to the V8 API:
> SetUnhandledExceptionCallback() can be used by an embedder to register its own
> unhandled exception handler for exceptions that arise in v8-generated code.
> V8 embedders should be modified accordingly (code for this is in a separate PR
> in the Chromium repository:
> https://chromium-review.googlesource.com/c/chromium/src/+/1474703).
> 
> All these changes are experimental, behind:
> 
> the 'v8_win64_unwinding_info' build flag, and
> the '--win64-unwinding-info' runtime flag.
> 
> Bug: v8:3598
> Change-Id: Iea455ab6d0e2bf1c556aa1cf870841d44ab6e4b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1469329
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#60330}

TBR=bbudge@chromium.org,ulan@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,gdeepti@chromium.org,jgruber@chromium.org,paolosev@microsoft.com

Change-Id: If8470da94c58df8c800cbe8887f9f86236e43353
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:3598
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532321
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60372}
2019-03-20 14:36:04 +00:00