Commit Graph

44168 Commits

Author SHA1 Message Date
Tobias Tebbi
a600a84353 [base] Add compile-time error when Zone* is used for plain placement new.
Bug: 
Change-Id: Idca921bde6f10d8e9809c0b3a83cc3a8d3f135af
Reviewed-on: https://chromium-review.googlesource.com/779424
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49676}
2017-11-28 15:42:05 +00:00
Michael Starzinger
6ea63a122b [heap] Safety check for {CodePageMemoryModificationScope}.
R=hpayer@chromium.org
BUG=v8:6792,chromium:774108

Change-Id: I202993ddf5bb11d238ed173197657c6546dd4a37
Reviewed-on: https://chromium-review.googlesource.com/789865
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49675}
2017-11-28 15:32:32 +00:00
Ross McIlroy
8bad78f673 [Histograms] Only add AggregatableHistogram samples if non-zero.
AggregatableHistogramTimer will always add a sample when it is destroyed,
even if there were no AggregatedHistogramTimerScope called within it. This
makes the V8.CompileLazyMicroSeconds histogram not particularly useful since
it is 90% filled with zero entries where v8 execute didn't require any
lazy function compilation

Change-Id: Ia75c8596237b22528cbba3e8ae2b67e28ea54097
Reviewed-on: https://chromium-review.googlesource.com/793452
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49674}
2017-11-28 15:25:05 +00:00
jgruber
5d3824e241 [objects] Clarify 32-bit offsets in 64-bit fields
These fields relied on the assumption that 64-bit big-endian
architectures had sizeof(int) == 4. Any architecture violating this
assumption would result in an OOB access.

Bug: 
Change-Id: I682ecb6a2da2cf84e8b24f1c1e608d7fc23f5bdc
Reviewed-on: https://chromium-review.googlesource.com/793431
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49673}
2017-11-28 15:16:49 +00:00
Sathya Gunasekaran
ffda54fbd4 [class] Throw early errors for fields with constructor and prototype name
See https://tc39.github.io/proposal-class-fields/#sec-static-semantics-early-errors

Bug: v8:5367
Change-Id: I0329d1b41c4658b733df47397fbcc2c16bad117e
Reviewed-on: https://chromium-review.googlesource.com/792946
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49672}
2017-11-28 15:00:18 +00:00
Ulan Degenbaev
904050276a [heap] Tune incremental marking step size.
The main thread now can reduce marking step size if concurrent marking
tasks are making progress and the bailout worklist is empty.

Bug: chromium:694255
Change-Id: I2f58530f184c03667ab3a170a1f6309929645c7c
Reviewed-on: https://chromium-review.googlesource.com/735859
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49671}
2017-11-28 14:56:05 +00:00
Clemens Hammacher
f962341975 [Liftoff] Introduce register classes
Many methods which currently receive a {ValueType} really just need to
know the register class. Thus introduce a {RegClass} enum with values
{kGpReg} and {kFpReg}, and change some methods to use it. For most
methods, only the {kGpReg} case is implemented for now. Support for
{kFpReg} will be added later.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I1db793c59270862c4e1b877e6e4bd81020a650f8
Reviewed-on: https://chromium-review.googlesource.com/793159
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49670}
2017-11-28 14:29:05 +00:00
Clemens Hammacher
95d13c2ee3 [wasm] Add tracing for lazy compilation
This CL adds the --trace-wasm-lazy-compilation flag, to track which
function is being compiled, and how many locations in the caller and in
function tables are actually being patched.
It seems that we currently don't patch the caller correctly when
calling through wasm-to-wasm stubs, and this tracing helps to find the
issue.

Drive-by: Fix order and location of macro undefs.

R=titzer@chromium.org

Bug: chromium:788441
Change-Id: I6091c0d490a729f8e3cb759cd661cf52129d2211
Reviewed-on: https://chromium-review.googlesource.com/793157
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49669}
2017-11-28 14:26:50 +00:00
Junliang Yan
d949c2b673 [csa] Fix initialization of Name::kHashFieldSlot
On 64-bit architectures, an IntPtr-sized write of Name::kEmptyHashField
will properly initialize the relevant Int32-sized payload of
Name::kHashFieldOffset, as well as zero out the unused portion of the
slot.

Bug: v8:7065
Change-Id: I93113c9744377e76cd0d264568c49b31a1e822a1
Reviewed-on: https://chromium-review.googlesource.com/788530
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49668}
2017-11-28 14:25:45 +00:00
Georg Neis
64030c6b56 [interpreter] Fix feedback collection for negation.
We'd sometimes forget that the input was not originally a numeric.

Bug: v8:7135
Change-Id: I8bc690cc0c2dfac8a2a218ca56352b6a569825dc
Reviewed-on: https://chromium-review.googlesource.com/793039
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49667}
2017-11-28 13:46:23 +00:00
Predrag Rudic
25d4f93740 Reland "MIPS[64] Implementation of MSA instructions on builtin simulator"
This is reland of 3e0bf580e8
Original change's description:
> This commit is a step toward enabling test-run-wasm-simd tests for MIPS.
> 36 of those were failing in V8 builtin simulator because some instructions
> were not implemented.  Also there are minor fixes to some of the already
> implemented instructions.
>
> This commit has only 32-bit implementation. After review I will add
> 64-bit version.
>
> Bug:
> Change-Id: I25b0cac352db3efb56b922ace64ab2aaef82472d
> Reviewed-on: https://chromium-review.googlesource.com/744008
> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Cr-Commit-Position: refs/heads/master@{#49439}

Bug: 
Change-Id: I3a904caf675d314186c02c1c843d1e6a91a21a14
Reviewed-on: https://chromium-review.googlesource.com/776813
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#49666}
2017-11-28 13:43:23 +00:00
Sathya Gunasekaran
42bc9e8c64 [class] Expand bytecode expectations coverage for class fields
Bug: v8:5367
Change-Id: Ib24190f6cfc0765794a1a5d9ac33cf1c1e2b6fba
Reviewed-on: https://chromium-review.googlesource.com/793150
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49665}
2017-11-28 13:21:36 +00:00
Benedikt Meurer
301bc628d6 [turbofan] Handle JSBoundFunction targets for JSConstruct.
Properly handle known JSBoundFunction instances as targets to
JSConstruct by inlining the construction of the eventual target.
Also if the target is the result of a JSCreateBoundFunction call,
where we can also fold the construction and construct the bound
target function directly instead.

This addresses half of the TODO in the JSConstruct lowering in the
JSCallReducer where so far we didn't handle bound functions.

Bug: v8:5267, v8:7109
Change-Id: I022dc7d4fbbe2c9972472e78a6d64f51e3134c94
Reviewed-on: https://chromium-review.googlesource.com/792947
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49664}
2017-11-28 11:52:55 +00:00
Michael Achenbach
10f4e6c379 Revert "[platform][cleanup] Fix --enable-tracing"
This reverts commit 61367a25fa.

Reason for revert: http://shortn/_amqTfxgjk0

Original change's description:
> [platform][cleanup] Fix --enable-tracing
> 
> The flag --enable-tracing can be used to measure how much time is spent
> in a scope. In d8 this flag did not work properly for the following
> reasons:
> 
> * The tracing file is not written when the JavaScript code calls quit().
> 
> * The tracing file is not written when the JavaScript code throws an
> uncaught exception, except if the --throws flag is passed to d8.
> 
> The reason for these two issues is that both call Shell::Exit(), which
> end d8 immediately without calling any destructors. In addition I moved
> in a recent CL the destruction of the platform after the destruction of
> the file handle for the tracing file. Thereby the tracing file did not
> get filled with content even destructors were executed.
> 
> With this CL I also call the destructors of the platform and of the file
> handle in the Shell::Exit() function. For this I make Shell::Exit()
> platform independent and let it call the platform dependent
> Shell::OSExit() at the end.
> 
> R=​rmcilroy@chromium.org
> 
> Change-Id: I14425b6a5c25b757211bc8b9959a9cc8bfa0602c
> Reviewed-on: https://chromium-review.googlesource.com/789038
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49659}

TBR=rmcilroy@chromium.org,ahaas@chromium.org

Change-Id: I17c6f19c38cb337b00707f606f267b52b7f2c1e6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/792991
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49663}
2017-11-28 11:51:16 +00:00
Andreas Haas
c7fb0e0947 [wasm] Remove fine-grained CodeSpaceMemoryModificationScopes
In a recent CL I introduced module-level CodeSpaceMemoryModificationScopes,
which means that the number of CodeSpaceMemoryModificationScopes which
are opened aside from TurboFan compilation is not linear in the number
of functions anymore. In that CL, however, I did not remove scopes which
became obsolete. This CL removes now these obsolete scopes, and
introduces some scopes where shared code was used from outside the
compilation logic.

R=mstarzinger@chromium.org, clemensh@chromium.org

Bug: chromium:787731
Change-Id: I37d514efa3a4b10adb7008986a9c91e4557ce618
Reviewed-on: https://chromium-review.googlesource.com/790490
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49662}
2017-11-28 10:34:39 +00:00
Sathya Gunasekaran
94dfb8a1f4 [class] Add harmony-public-fields flag
Change the existing uses of the harmony-class-fields flag to
harmony-public-fields so that we can stage this separately
from the upcoming harmony-private-fields to get some
clusterfuzz coverage.

Bug: v8:5367
Change-Id: I76cdefa4faf34eae73d3a5f6d6089cf75677732a
Reviewed-on: https://chromium-review.googlesource.com/792940
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49661}
2017-11-28 10:19:29 +00:00
Sathya Gunasekaran
34657ab30b [class] Implement super property access in instance fields
Bug: v8:5367
Change-Id: Ic725c5ef22ab05891764d3ebf9a99c0d383e6d90
Reviewed-on: https://chromium-review.googlesource.com/789939
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49660}
2017-11-28 10:14:19 +00:00
Andreas Haas
61367a25fa [platform][cleanup] Fix --enable-tracing
The flag --enable-tracing can be used to measure how much time is spent
in a scope. In d8 this flag did not work properly for the following
reasons:

* The tracing file is not written when the JavaScript code calls quit().

* The tracing file is not written when the JavaScript code throws an
uncaught exception, except if the --throws flag is passed to d8.

The reason for these two issues is that both call Shell::Exit(), which
end d8 immediately without calling any destructors. In addition I moved
in a recent CL the destruction of the platform after the destruction of
the file handle for the tracing file. Thereby the tracing file did not
get filled with content even destructors were executed.

With this CL I also call the destructors of the platform and of the file
handle in the Shell::Exit() function. For this I make Shell::Exit()
platform independent and let it call the platform dependent
Shell::OSExit() at the end.

R=rmcilroy@chromium.org

Change-Id: I14425b6a5c25b757211bc8b9959a9cc8bfa0602c
Reviewed-on: https://chromium-review.googlesource.com/789038
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49659}
2017-11-28 09:58:09 +00:00
Georg Neis
9bf0002176 [bigint,compiler] Support bigints in increment (++) and decrement (--).
... in the same style as the previous CLs for negation and bitwise-not.

R=jarin@chromium.org

Bug: v8:6791
Change-Id: I0aa96a72421e90c8c82a39dd4264fdcf00967504
Reviewed-on: https://chromium-review.googlesource.com/779141
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49658}
2017-11-28 09:45:49 +00:00
Igor Sheludko
a70344c63a [test] Reduce max depthness of nested objects in JSON-stringify.js test.
Modification of InstanceType enum caused JsonStringifier::Serialize_() function
to consume more stack space (because of a switch statement) in non-optimized
debug build which now causes stack overflow on certain depth of nested objects.
The modification affects neither optimized debug nor release builds.

Change-Id: Ia2925d9abbd1c32c5a4694e14c49b2d0bd119419
Reviewed-on: https://chromium-review.googlesource.com/789074
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49657}
2017-11-28 09:40:49 +00:00
Michael Lippautz
4cb6ef8374 [heap] Move sweeper to separate file
Bug: 
Change-Id: Ie516167f047e48cda47a5dbfb156ea9ae164046c
Reviewed-on: https://chromium-review.googlesource.com/789878
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49656}
2017-11-28 09:22:09 +00:00
Igor Sheludko
888acb2f3c [runtime] Properly deal with prototype setup mode during class literal instantiation.
1) Make sure we don't enable prototype setup mode for parent class and its prototype
objects.
2) Make sure we create builtins and their prototypes with completed setup mode.
3) Drive-by-fix: setup typed array classes in bootstrapper.cc instead of typedarray.js,
and drop %FunctionSetPrototype().

Bug: v8:7115, v8:5902
Change-Id: I58ac091d85647abc3307bd47baf48e378e3695c5
Reviewed-on: https://chromium-review.googlesource.com/790992
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49655}
2017-11-28 09:11:59 +00:00
Tobias Tebbi
904c3a1f09 [turbofan] fix dead code elimination: propagate DeadValue along FrameState inputs
Bug: chromium:788539
Change-Id: I75b6ef7e486b578f123747d79f52c9eb45a0370e
Reviewed-on: https://chromium-review.googlesource.com/792050
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49654}
2017-11-28 09:09:09 +00:00
Georg Neis
aa7d1438df [parsing] Fix bug in rewriter concerning a breakable try-finally.
R=adamk@chromium.org

Bug: chromium:787698
Change-Id: I873debe61b152a9e88ce22d95a69f27eab2d0f55
Reviewed-on: https://chromium-review.googlesource.com/787473
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49653}
2017-11-28 09:07:51 +00:00
Benedikt Meurer
e797f9fb34 [turbofan] Improve typing rule for NumberTrunc.
This extends the typing rule for NumberTrunc to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.

Bug: v8:5267, v8:7109
Change-Id: Iedc541a0f4619f37da37ea36940f92472034cdf2
Reviewed-on: https://chromium-review.googlesource.com/792932
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49652}
2017-11-28 08:31:39 +00:00
Benedikt Meurer
71f3ab8e76 [turbofan] Improve typing rule for NumberRound.
This extends the typing rule for NumberRound to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.

Bug: v8:5267, v8:7109
Change-Id: Ia865ec1d6f8d96f20641bee96891740a9fc6e627
Reviewed-on: https://chromium-review.googlesource.com/792931
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49651}
2017-11-28 08:22:19 +00:00
Benedikt Meurer
c7742e4953 [turbofan] Improve typing rule for NumberCeil.
This extends the typing rule for NumberCeil to deal with general number
inputs properly, thus addressing a long-standing TODO. We also add test
cases to ensure that the typing rule gets the corner cases for NaN and
-0 right.

Bug: v8:5267, v8:7109
Change-Id: I9154e47e58ad106791613db0030051f2a802a981
Reviewed-on: https://chromium-review.googlesource.com/792930
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49650}
2017-11-28 07:00:59 +00:00
jing.bao
6aaf71d795 [ia32][wasm] Add I8x16 BinOp and CompareOp.
Add/AddSaturateS/Sub/SubSaturateS/AddSaturateU/SubSaturateU
MinS/MaxS/MinU/MaxU
Eq/Ne/GtS/GeS/GtU/GeU

Bug: 
Change-Id: Ib802dcfceac073090602d09a7fb037ec498e493d
Reviewed-on: https://chromium-review.googlesource.com/788595
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49649}
2017-11-28 05:44:09 +00:00
v8-autoroll
714d268edd Update V8 DEPS.
Rolling v8/build: 75cefe9..cc674b0

Rolling v8/third_party/android_tools: https://chromium.googlesource.com/android_tools/+log/9914c57..a2e9bc7

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/030b060..884db23

Rolling v8/third_party/icu: 5ed2698..741688e

Rolling v8/third_party/instrumented_libraries: ebf8d92..2841745

Rolling v8/tools/clang: 8427dae..8688d26

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I5a9241d5275de50effc511edec163319e6497c03
Reviewed-on: https://chromium-review.googlesource.com/792278
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49648}
2017-11-28 05:05:49 +00:00
Adam Klein
a868f6e3fc [cctest] Add a bit of test coverage for disallowing await in async params
This enforces that we use ParseExpressionCoverGrammar, and not ParseExpression,
for several tricky cases. Also clarify comment on ParserBase::ParseExpression().

Change-Id: I1d1289abdf539c96f4b42f97c79a8adf3c06e728
Reviewed-on: https://chromium-review.googlesource.com/783171
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49647}
2017-11-27 23:35:28 +00:00
Adam Klein
bfa90f7e7c Move function name var initialization to BytecodeGenerator
Besides avoiding the weird hack of inserting a statement at the 0th
index of the function body, we also avoid allocating (and initializing)
the variable if it's unreferenced (which I'd wager is the common case).

Bug: v8:6092
Change-Id: If917d422bb4818cf21e8272aa786ca84d4472802
Reviewed-on: https://chromium-review.googlesource.com/784092
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49646}
2017-11-27 18:37:47 +00:00
Adam Klein
87e7fc94fe [parser cleanup] Remove a few impl() calls, replace a CHECK with DCHECK
Bug: v8:6092
Change-Id: I518516d3600458faba5ace1eee1e5b5c3cc560ce
Reviewed-on: https://chromium-review.googlesource.com/784127
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49645}
2017-11-27 18:33:37 +00:00
Martyn Capewell
c1e9b34fa0 [arm64] Align caller saved register list ops.
Align Push/PopCallerSaved register list, and remove unused options for two and
three exclusion registers.

Bug: v8:6644
Change-Id: I70df24837b09402e32ddc2a25a3061cd61ec0301
Reviewed-on: https://chromium-review.googlesource.com/790290
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#49644}
2017-11-27 17:51:36 +00:00
Jakob Gruber
dd15e30b25 [typedarray] Widen set fast path for JSTypedArray source arguments
Pull most JSTypedArray source arguments onto the fast path.

Same source & target elements-kinds simply call memmove. Other
combinations call directly into C and reuse ElementsAccessor logic.

Only overlapping source & target args with differing elements-kinds
remain on the slow runtime path.

Bug: v8:7123, v8:3590
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I80284b61478b0e3266b8f16bde8a56bd90f080b0
Reviewed-on: https://chromium-review.googlesource.com/788857
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49643}
2017-11-27 17:32:15 +00:00
Michal Majewski
f2150dbd76 [test] Add switch to always use slow path.
Introduce new runtime flag that forces to always use
slow path for regex, promise and array builtins. It
works in DEBUG or with new compile time flag
ENABLE_FASTSLOW_SWITCH.

It will be used in the fast/slow path fuzzer or as a
testing variant to ensure that slow path implementation
behave equivalent to corresponding fast paths (where
applicable).

Bug: v8:7120
Change-Id: Ia2a4ab7aca5051e852723782c529bd2e8e5925ca
Reviewed-on: https://chromium-review.googlesource.com/787291
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49642}
2017-11-27 15:53:20 +00:00
Clemens Hammacher
b0a87c8532 [Liftoff] Store ValueType in each VarState
In order to implement CacheState merging correctly, we need to know at
least the register type to be used for each stack slot. For stack
slots, this is not stored currently. Since there is enough space
available in the VarState anyway, we just always store the full type,
which will allow also for other optimizations like not always spilling
and filling the full 8 bytes.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I6c7c1d39847063591bf72b7f186a2128295d889b
Reviewed-on: https://chromium-review.googlesource.com/789861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49641}
2017-11-27 15:51:20 +00:00
Clemens Hammacher
617e285cd4 [Liftoff] [cleanup] Use default copy and move semantics
Just use the default operators instead of reimplementing them for
{Steal} and {Split}.

Drive-by: Remove unactionable TODO.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I7556cbf7264cf271b2e8966a5e96ca8e41eb3e73
Reviewed-on: https://chromium-review.googlesource.com/789862
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49640}
2017-11-27 15:41:30 +00:00
Peter Marshall
9d906310e1 [typedarray] Fix a spec violation in the constructor.
Implement the new spec behavior that says construction from a neutered
buffer should throw after the ToIndex call on the length argument.

Bug: v8:6216
Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I219a107730b53fca639bc813f68f7ddc27e79017
Reviewed-on: https://chromium-review.googlesource.com/789847
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49639}
2017-11-27 15:37:30 +00:00
Michael Starzinger
dd2b5b19cf [heap] Remove some overzealous includes from heap-inl.h.
R=mlippautz@chromium.org

Change-Id: Ic86b8b2bcdedeb148c31a965816a864e8e2b2247
Reviewed-on: https://chromium-review.googlesource.com/789866
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49638}
2017-11-27 14:26:44 +00:00
Sathya Gunasekaran
5c59fe02e3 [class] Fix preparsed scope data mismatch for computed class fields
Previously we only created synthetic variables in the parser and not
in the preparser, causing mismatch in the preparsed scope data.

This patch creates the variables in both parsers.

Bug: v8:5367
Change-Id: I9c511d0b9212bd36816956b06dc204b0b5920e1c
Reviewed-on: https://chromium-review.googlesource.com/789848
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49637}
2017-11-27 14:18:04 +00:00
Michael Achenbach
abbd856e22 [build] Stop using sysroot on legacy gyp bots
The updated stretch sysroot doesn't work anymore with gyp.

Bug: chromium:788679
Change-Id: I26e196f29eeda3914399655a156b39ba26c9e988
Reviewed-on: https://chromium-review.googlesource.com/789940
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49636}
2017-11-27 14:12:04 +00:00
Andreas Haas
e21bac5b0b [wasm] Open CodeSpaceMemoryModificationScope after imports got sanitized
Within SanitizeImports it is possible that JavaScript code gets executed
therefore we have to open the CodeSpaceMemoryModificationScope after
SanitizeImports.

R=clemensh@chromium.org

Bug: chromium:788469
Change-Id: Ide9bbd4ee4613b28380979d4a6c66d26e6a9406f
Reviewed-on: https://chromium-review.googlesource.com/789936
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49635}
2017-11-27 13:48:34 +00:00
jgruber
e815149402 [typedarray] Add set fast path for JSArray source arguments
This adds a fast path that avoids the runtime transition for JSArray
source arguments with {packed,holey} {smi,double} elements kinds.

The fast path currently calls straight into C and copies there using
elements accessor logic.

Local tests show a 4x speedup when copying from 1-element JSArrays.
As the source array becomes larger, the time spent copying elements
begins to dominate.

Bug: v8:3590
Change-Id: I05ebe54d7b255d0a76ad46ac11ce7cfd516b8ac8
Reviewed-on: https://chromium-review.googlesource.com/789010
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49634}
2017-11-27 13:11:31 +00:00
Michael Achenbach
a2aff67f69 [test] Simplify flags for configuring testing variants.
This deprecates --exhaustive-variants and --no-variants flags to
simplify code configuring variants.

Simplification after:
https://crrev.com/c/789831

Bug: chromium:788104
Change-Id: Ie77d48eca083e7721e02d34bc1e9aa1b1f0d0202
Reviewed-on: https://chromium-review.googlesource.com/789836
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49633}
2017-11-27 13:10:26 +00:00
Clemens Hammacher
91ff16193a [Liftoff] [cleanup] Make VarState a proper class
VarState was a struct so far, but gained more and more functionality.
Even more will be added for supporting floating point operations.
Thus, make this a proper class.

Drive-by: Order all switch cases to first handle the stack case, then
register, then constant.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: I694613ebc4910bcf74a1617485bd72878f46e987
Reviewed-on: https://chromium-review.googlesource.com/789937
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49632}
2017-11-27 13:01:01 +00:00
Michael Starzinger
4ad9430c39 [objects] Fix flag in {Map::AddMissingTransitions}.
This fixes the computation of the {may_have_interesting_symbols} flag
for the last map computed in {Map::AddMissingTransitions} method. The
last map is allocated ahead of time, but the flag is only correct once
the descriptors are actually installed in the end.

R=bmeurer@chromium.org
TEST=mjsunit/regress/regress-crbug-786020
BUG=chromium:786020

Change-Id: Iff97780609fe596437eb6bea85606a1c3bb2ac4c
Reviewed-on: https://chromium-review.googlesource.com/789839
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49631}
2017-11-27 12:49:01 +00:00
Michael Lippautz
9af72045af [heap] Move support for inner pointer lookups into heap/
The GcSafe* methods rely on Heap internals and should thus belong to Heap.

Bug: 
Change-Id: I4e6468d51c4dda1d10e94568698e05bee1b56b40
Reviewed-on: https://chromium-review.googlesource.com/789935
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49630}
2017-11-27 12:37:41 +00:00
Ivica Bogosavljevic
70dbac4b63 Fix compilation failures with GCC 6.3.0
Bug: 
Change-Id: If2468dab0ce2ef59a1f9cc8e4d8dc57b320f8c5f
Reviewed-on: https://chromium-review.googlesource.com/789041
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49629}
2017-11-27 11:30:11 +00:00
Sathya Gunasekaran
4ca9d843f8 [class] Store class fields initializer on the constructor
Previously, the class fields initializer function was stored on a
synthetic context allocated variable. This approach had sevaral
problems:

- We didn't know that class literal had fields until after we had
completely parsed the class literal. This meant that we had to go back
and fix up the scope of the constructor to have this synthetic
variable. This resulted in mismatch between parser and preparsed scope
data.

- This synthetic variable could potentially resolve to an initializer
of an outer class.

For ex:
class X extends Object {
  c = 1;
  constructor() {
    var t = () => {
      class P extends Object {
        constructor() {
          var t = () => { super(); };
          t();
        }
      }
      super();
    }
    t();
  }
}

In this the inner class P could access the outer class X's initiliazer
function. We would have to maintain extra metadata to make sure this
doesn't happen.

Instead this new approach uses a private symbol to store the
initializer function on the class constructor itself.

For the base constructor case, we can simply check for a bit on the
constructor function literal to see if we need to emit code that loads
and calls this initializer function. Therefore, we don't pay the cost
of loading this function in case there are no class fields.

For the derived constructor case, there are two possiblities:
(a) We are in a super() call directly in the derived constructor:

In this case we can do a check similar to the base constructor check,
we can check for a bit on the derived constructor and emit code for
loading and calling the initializer function.

This is usually the common case and we don't pay any cost for not using
class fields.

(b) We are in a super() call inside an arrow function in the derived
constructor:

In this case, we /always/ emit code to load and call the initializer
function. If the function doesn't exist then we have undefined and we
don't call anything. Otherwise we call the function.

super() can't be called twice so even if we emit code to load and call
the initializer function multiple times, it doesn't matter because it
would have already been an error.

Bug: v8:5367
Change-Id: I7f77cd6493ff84cf0e430a8c1039bc9ac6941a88
Reviewed-on: https://chromium-review.googlesource.com/781660
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49628}
2017-11-27 10:35:11 +00:00
Yang Guo
925ed598e3 [gn] Add v8_monolith static library target.
R=machenbach@chromium.org

Bug: v8:6105
Change-Id: I51d7d38897d1b20469304345d11228a8f78d3489
Reviewed-on: https://chromium-review.googlesource.com/788376
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49627}
2017-11-27 10:07:51 +00:00