Commit Graph

49777 Commits

Author SHA1 Message Date
Michael Lippautz
a6938128f4 [embedder-tracing] Add GarbageCollectionForTesting call
This call can be used by embedder to request a GC for testing reasons.
The GC also takes the current embedder stack state as an argument that
is forwarded to the embedder when entering the atomic pause.

This way embedders can request garbage collections for testing and set
how the embedder should treat the stack.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id10604565b4457dd0fca402afeb5f8e592fa0bae
Reviewed-on: https://chromium-review.googlesource.com/1183431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55285}
2018-08-21 18:42:05 +00:00
Ben L. Titzer
3d35921eb3 [wasm] Unify all enums representing execution tiers
R=mstarzinger@chromium.org

Change-Id: Iacdff28dd1383d77d7708de4ee22d9f2a77d872a
Reviewed-on: https://chromium-review.googlesource.com/1183440
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55284}
2018-08-21 15:45:18 +00:00
Benedikt Meurer
2650fc335d [builtin] Further cleanup %ArrayIteratorPrototype%.next().
Refactor the ArrayIteratorPrototypeNext CSA builtin to handle the
JSArray element access in a dedicated helper macro, very similar
to how it's done for JSTypedArray's. Also add support for dictionary
elements to this helper macro using the existing dictionary access
logic in the CodeStubAssembler.

This improves the readability of the builtin significantly and the
performance of iterating arrays with dictionary elements goes up by
a factor of ~3.5x.

Bug: v8:8015, v8:8070
Change-Id: Ibfee760ea1e4bc0fffb42b232fb1d097b706bd1f
Reviewed-on: https://chromium-review.googlesource.com/1183305
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55283}
2018-08-21 15:42:58 +00:00
Florian Sattler
4ea8e7778d [inspector] Updated third_party inspector_protocol
This pull in noexcept changes in inspector_protocol

Bug: v8:7999
Change-Id: I6db9ad419d6c1a11fee4379004435e76bbedcead
Reviewed-on: https://chromium-review.googlesource.com/1182804
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#55282}
2018-08-21 15:28:08 +00:00
Bret Sepulveda
6bf31c7260 Refactor test-log.cc.
This patch splits the log file into a vector of std::strings when
logging is stopped, so verifying that lines are present can be done in
terms of std library functions. Verifications are now done by simple
substring matching instead of via a prefix or suffix, in preparation for
a new test that needs to match the middle of a line.

This patch also deletes some dead/debugging code.

Change-Id: I5c6b75b0807c41312d35208deda26546dc0f7216
Reviewed-on: https://chromium-review.googlesource.com/1183187
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Bret Sepulveda <bsep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55281}
2018-08-21 15:18:26 +00:00
Alexey Kozyatinskiy
1b3b808a54 inspector: find magic comment using V8 scanner
Inspector tries to provide sourceURL and sourceMappingURL for scripts
with parser errors. Without this CL we convert source of each script
to inspector string and search for magic comment there. Some web sites
use pattern when they get some data from network and constantly try to
parse this data as JSON, in this case we do a lot of useless work.

So we can parse magic comments on V8 side only for compilation errors
(excluding parse JSON errors), to do it we can reuse scanner by running
it on each potential comment.

R=alph@chromium.org,verwaest@chromium.org,yangguo@chromium.org

Bug: chromium:873865,v8:7731
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I77c270fd0e95cd7b2c9ee4b7f72ef344bc1fa104
Reviewed-on: https://chromium-review.googlesource.com/1182446
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55280}
2018-08-21 15:17:07 +00:00
Toon Verwaest
7fb6109b1e [scanner] Add Skip to be used after successful Peek
Change-Id: Ic3df370e2859bf77572b34a314ad8ed17b75b942
Reviewed-on: https://chromium-review.googlesource.com/1183485
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55279}
2018-08-21 15:09:06 +00:00
Igor Sheludko
ca688f269c Make gdb macros work in Chrome when V8 is built in component mode.
... by properly exporting respective functions from the binary.

Change-Id: I6f9b63f65a886e430c1b0e431ebf62e589f4d455
Reviewed-on: https://chromium-review.googlesource.com/1183493
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55278}
2018-08-21 15:04:13 +00:00
Benedikt Meurer
2345f9526b [cleanup] Cleanup unused macros/intrinsics.
This removes a couple of intrinsics/runtime functions/macros that are no
longer needed at all (or not in TurboFan for performance reasons).

Bug: v8:8015
Change-Id: I08ae8de7cc63019eb30d3b71dd1c824d6392076a
Reviewed-on: https://chromium-review.googlesource.com/1183481
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55277}
2018-08-21 14:38:20 +00:00
Michael Starzinger
0f5973d6ce [wasm] Remove unused compilation event.
R=ahaas@chromium.org

Change-Id: I92d6e7fc41c9cbb3792a66c9ea8996efe1c8d87d
Reviewed-on: https://chromium-review.googlesource.com/1183434
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55276}
2018-08-21 14:36:01 +00:00
Florian Sattler
167f9546fa [parser] Mark recursive descent parse functions for inline to avoid excessive calls
Bug: v8:7926
Change-Id: I237428af129fd19dbca39c1e243252774e26902c
Reviewed-on: https://chromium-review.googlesource.com/1182805
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55275}
2018-08-21 14:01:19 +00:00
Ivica Bogosavljevic
a4211ad6ee [wasm]: Load and store globals properly on big-endian
TEST=wasm-spec-tests/tests/exports,wasm-spec-tests/tests/data

Change-Id: I5c1001b00f2a7eab41e6e143afa19803969c0fe4
Reviewed-on: https://chromium-review.googlesource.com/1181022
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#55274}
2018-08-21 13:57:37 +00:00
Benedikt Meurer
4f0e9d6cb7 [csa] Introduce ThrowIfArrayBufferIsDetached() helper.
This adds new CSA helpers ThrowIfArrayBufferIsDetached() and
ThrowIfArrayBufferViewBufferIsDetached() which check whether
ArrayBuffers or ArrayBufferViews have been detached. This
improves readability of the code that has to deal with typed
arrays.

Bug: v8:8015
Change-Id: Iafab86c418bd0e12bb7d7ec803151a1f6b786400
Reviewed-on: https://chromium-review.googlesource.com/1183422
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55273}
2018-08-21 13:55:31 +00:00
Toon Verwaest
60cbde18a6 [scanner] Reduce reliance on PushBack by Peeking more
Change-Id: I50f729eac8d8b0c25a1f83f2b1f86800f21a8a8b
Reviewed-on: https://chromium-review.googlesource.com/1183301
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55272}
2018-08-21 13:13:42 +00:00
Michael Starzinger
eedc7dbf7e [wasm] Simplify compilation state callback mechanism.
R=titzer@chromium.org

Change-Id: If459225345f8a94eb566334e15331f7741c952d4
Reviewed-on: https://chromium-review.googlesource.com/1183103
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55271}
2018-08-21 13:10:43 +00:00
Ross McIlroy
20122d46f2 [Tests] Disable regress-752764 on Android since it's still flaky
BUG=v8:8040

Change-Id: I004f5748bafeff60885fd85f1b1a6ea44af06340
Reviewed-on: https://chromium-review.googlesource.com/1183196
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55270}
2018-08-21 13:07:38 +00:00
Igor Sheludko
bf1e47e6ff [ptr-compr] Switch Smis to 31-bit on 64-bit platforms.
This is prerequisite for V8 heap pointer compression.

Bug: v8:7703
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2cdf02bd4cd535beb78a5db5b7cbdf67433a6d16
Reviewed-on: https://chromium-review.googlesource.com/1181136
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55269}
2018-08-21 13:06:31 +00:00
Toon Verwaest
a1995eca83 [scanner] Mark source_ and is_module as const and initialize in constructor
Change-Id: I692ce8dbe3169cfb912647c31a9e8121dc5eff5d
Reviewed-on: https://chromium-review.googlesource.com/1183306
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55268}
2018-08-21 12:46:49 +00:00
Dan Elphick
d9770a27b5 [gdb] Move stack frame up to frame above V8_Fatal
UNREACHABLE and CHECK call V8_Fatal directly so treat them like
V8_Dcheck, but also ensure that the frame is moved up to the DCHECK
frame even if it calls V8_Fatal.

Change-Id: Iad5f2e3ea95182bed473d6b2d843a0c1e111911d
Reviewed-on: https://chromium-review.googlesource.com/1183303
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55267}
2018-08-21 12:32:03 +00:00
Georg Neis
6ec7771491 Revert "[turbofan] Force creation of initial maps upfront."
This reverts commit acf0925255.

Reason for revert: Undesired side effects.

Original change's description:
> [turbofan] Force creation of initial maps upfront.
> 
> When encountering a JSFunction, generate its initial map (if
> appropriate).  This ensures that we can depend on the initial
> map during optimization.
> 
> We are not sure about the performance impact of this change, it
> might cause regressions.
> 
> R=​jarin@chromium.org, mslekova@chromium.org
> 
> Bug: v8:7790, chromium:875175
> Change-Id: I4bbf62e30730f55a53d9bb7eee62c87d820616fb
> Reviewed-on: https://chromium-review.googlesource.com/1180970
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55253}

TBR=jarin@chromium.org,neis@chromium.org,mslekova@chromium.org

Change-Id: I322f504d068f752b218680f633b8719864ca4950
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790, chromium:875175
Reviewed-on: https://chromium-review.googlesource.com/1183341
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55266}
2018-08-21 12:06:45 +00:00
jgruber
6ab1908775 [builtins] Mark initial builtins on ia32 isolate-independent
This populates the isolate-independent builtin whitelist with initial
builtins that do not access any isolate-dependent data and thus don't
need the root register at all.

Unlike most other platforms, we can't use a scratch register in the
off-heap trampoline since there's no free register available. The
trampolines on ia32 are thus implemented as pc-relative jumps
(thankfully we can address the entire address space).

Drive-by: Made Code::IsIsolateIndependent consistent with
FinalizeEmbeddedCodeTargets. Code targets are only allowed on some
platforms.

Bug: v8:6666
Change-Id: I0bf02eecba8a099afa7b7c892188cd377cbda840
Reviewed-on: https://chromium-review.googlesource.com/1183224
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55265}
2018-08-21 11:52:24 +00:00
jgruber
e44e4636b1 [builtins] Add --print-embedded-builtin-candidates
When enabled, this will print all builtins that could, in theory, be
marked as isolate-independent (because their reloc info only contains
viable entries), but are not. This is only intended for use while
implementing embedded builtins on ia32 and can be removed afterwards.

Bug: v8:6666
Change-Id: I2cb54c851391480824f15f6e5ddb7919e179da4a
Reviewed-on: https://chromium-review.googlesource.com/1183222
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55264}
2018-08-21 11:43:34 +00:00
Tobias Tebbi
cdaaa31151 [builtins] Reland Array.prototype.splice() Torque implementation.
Before, splice was implemented with a C++ fast path and a
comprehensive JavaScript version.

This impl. is entirely in Torque with a fastpath for SMI,
DOUBLE and OBJECT arrays, and a comprehensive slow path.
The same level of "sparse" array support as given by the
array.js implementation is included.

Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia7334a30b401988309e9909cfa0069da0bb6fb9f
Reviewed-on: https://chromium-review.googlesource.com/1169466
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55263}
2018-08-21 11:40:19 +00:00
Andreas Haas
41819b39c4 [wasm][threads] Do not overwrite the V8 flag with the origin trial flag
R=titzer@chromium.org

Bug: chromium:868844
Change-Id: Ib96416dc6ae36e024e90187944f2e9ca92e8b83b
Reviewed-on: https://chromium-review.googlesource.com/1183200
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55262}
2018-08-21 11:39:17 +00:00
Benedikt Meurer
6031f172ed [es2015] Use [[ArrayIteratorNextIndex]] to indicate exhaustion.
Instead of changing the [[IteratedObject]] field to undefined to mark an
array iterator as exhausted, store the appropriate maximum value into
the [[ArrayIteratorNextIndex]] field such that the iterator will never
produce any values again.

Without this change the map check and the "length" access on the
[[IteratedObject]] cannot be eliminated inside the loop, since the
object can either be the array or undefined. Even with this change
it's still not possible immediately due to missing aliasing
information in the LoadElimination, but it paves the way for follow
up improvements. Eventually the goal is to have `for..of` as fast as
a traditional `for` loop even for really tight loops.

This CL also hardens the implementation of the ArrayIterator by using
proper CASTs and CSA_ASSERTs. The readability of the CSA builtin was
improved by utilizing proper helper functions.

Bug: v8:7510, v8:7514, v8:8070
Change-Id: Ib46604fadad1a0f80e77fe71a1f47b0ca31ab841
Reviewed-on: https://chromium-review.googlesource.com/1181902
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55261}
2018-08-21 11:26:00 +00:00
Ross McIlroy
16fd84f3bd [Tests] Fix regress/regress-599414-array-concat-fast-path on Android.
BUG=v8:8040

Change-Id: I705f9afebfa770a8415fa268dd13ba00e90808d4
Reviewed-on: https://chromium-review.googlesource.com/1181429
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55260}
2018-08-21 11:02:26 +00:00
Sigurd Schneider
41b3955fbf Revert "[Intl] Move ToDateTimeOptions/ToLocaleDateTime to C++"
This reverts commit cabcfb3a5d.

Reason for revert: Breaks a layout test "fast/js/date-proto-generic-invocation.html" as can be seen in 
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25626

Original change's description:
> [Intl] Move ToDateTimeOptions/ToLocaleDateTime to C++
> 
> Bug: v8:7961
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ic414a51a64040f253da1d7ccf03c558ea70ad2bf
> Reviewed-on: https://chromium-review.googlesource.com/1155271
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55199}

TBR=kadams@nvidia.com,jshin@chromium.org,gsathya@chromium.org,ftang@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7961
Change-Id: I39203fb281b9a54236b12a69c1f8389bcb5d411f
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1183165
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55259}
2018-08-21 10:57:26 +00:00
Toon Verwaest
fcfd995aa1 [scanner] Go back to untemplatized scanning with buffering
This reverts the following 3 CLs:

Revert "[scanner] Templatize scan functions by encoding"
Revert "[asm] Remove invalid static cast of character stream"
Revert "[scanner] Prepare CharacterStreams for specializing scanner and parser by character type"

The original idea behind this work was to avoid copying, converting and
buffering characters to be scanned by specializing the scanner functions. The
additional benefit was for scanner functions to have a bigger window over the
input. Even though we can get a pretty nice speedup from having a larger
window, in practice this rarely helps. The cost is a larger binary.

Since we can't eagerly convert utf8 to utf16 due to memory overhead, we'd also
need to have a specialized version of the scanner just for utf8. That's pretty
complex, and likely won't be better than simply bulk converting and buffering
utf8 as utf16.

Change-Id: Ic3564683932a0097e3f9f51cd88f62c6ac879dcb
Reviewed-on: https://chromium-review.googlesource.com/1183190
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55258}
2018-08-21 10:52:52 +00:00
Hai Dang
f30b43ed95 Add bytecode generation tests for array spreads.
Bug: v8:7973
Change-Id: I44ad457c3a103c36bd7b928cc64a056c1a1afc46
Reviewed-on: https://chromium-review.googlesource.com/1183102
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Hai Dang <dhai@google.com>
Cr-Commit-Position: refs/heads/master@{#55257}
2018-08-21 10:51:51 +00:00
Michael Lippautz
8b2cee550c [heap] Fix ArrayBufferTracker processing
Avoid accessing |byte_length| during processing buffers. The length
might be a HeapNumber that has already been processed (e.g. moved) in
the current garbage collection cycle.

Bug: v8:8076
Change-Id: I6d79631e300845a29f15a9f60933ee41ffc95300
Reviewed-on: https://chromium-review.googlesource.com/1183193
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55256}
2018-08-21 10:50:46 +00:00
Jakob Gruber
dcc09b60ab Revert "[x64] Apply rip-relative call/jump for OFF_HEAP_TARGET"
This reverts commit ad5b736500.

Reason for revert: https://crbug.com/875678

Original change's description:
> [x64] Apply rip-relative call/jump for OFF_HEAP_TARGET
>
> Merge rip-relative loading and call/jump into one instruction for
> OFF_HEAP_TARGET call/jump. For example,
>
>   REX.W movq r10,[rip+#disp]
>   call r10
>
> turns into:
>
>   call [rip+#disp]
>
> Change-Id: I17e115d054b4b352bdaf8eba2e6ac4054bbedaca
> Reviewed-on: https://chromium-review.googlesource.com/1172152
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55150}

TBR=sigurds@chromium.org,jgruber@chromium.org,shiyu.zhang@intel.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:875678
Change-Id: I5a9dd6e29cc53566d681864f7e275a70ccdcb0cb
Reviewed-on: https://chromium-review.googlesource.com/1183164
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55255}
2018-08-21 10:39:27 +00:00
Dominik Inführ
32ec3c1c5e [heap-profiler] Generate location for generators
Add source code location for generators into heap snapshot file.

Bug: chromium:854097
Change-Id: I726b245a707515502976476703e57b7f58c92782
Reviewed-on: https://chromium-review.googlesource.com/1174433
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55254}
2018-08-21 10:32:56 +00:00
Georg Neis
acf0925255 [turbofan] Force creation of initial maps upfront.
When encountering a JSFunction, generate its initial map (if
appropriate).  This ensures that we can depend on the initial
map during optimization.

We are not sure about the performance impact of this change, it
might cause regressions.

R=jarin@chromium.org, mslekova@chromium.org

Bug: v8:7790, chromium:875175
Change-Id: I4bbf62e30730f55a53d9bb7eee62c87d820616fb
Reviewed-on: https://chromium-review.googlesource.com/1180970
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55253}
2018-08-21 10:24:41 +00:00
Benedikt Meurer
932faf95b3 [cleanup] Use ThrowIfNotInstanceType() more consistently.
There were still a few places left in builtins where we have custom
logic to check for a certain instance type and raise the incompatible
receiver error.

Bug: v8:8015
Change-Id: Ic5ed80aa6327b2902209b1822677f75b19d8a715
Reviewed-on: https://chromium-review.googlesource.com/1183183
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55252}
2018-08-21 10:11:28 +00:00
Maya Lekova
fc41794efa Revert "[Intl] remove unused js"
This reverts commit 2dc505a418.

Reason for revert: Breaks a layout test "fast/js/date-proto-generic-invocation.html" as can be seen in 
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25626

Original change's description:
> [Intl] remove unused js
> 
> Bug: v8:8066
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I9d86577540cf227e038354d9661c60fcdc644b3f
> Reviewed-on: https://chromium-review.googlesource.com/1179467
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55200}

TBR=gsathya@chromium.org,ftang@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:8066
Change-Id: I4b6c7163a48f6f7fe439f8fd678abd053f60b020
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1183163
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55251}
2018-08-21 09:56:09 +00:00
Maya Lekova
67c1f8fea0 Revert "[Intl] move Date.prototype.toLocale{,Date,Time}String to C++"
This reverts commit 8e57cd51fd.

Reason for revert: Breaks a layout test "fast/js/date-proto-generic-invocation.html" as can be seen in 
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/25626

Original change's description:
> [Intl] move Date.prototype.toLocale{,Date,Time}String to C++
> 
> Bug: v8:7961
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ie75eb443fc0907a4e1e4cafd4f5c06c23794f5a9
> Reviewed-on: https://chromium-review.googlesource.com/1156123
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55239}

TBR=jshin@chromium.org,gsathya@chromium.org,ftang@chromium.org

Change-Id: Iafc2541185f8a6e44088432b3de58bdb53854e1b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7961
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1183162
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55250}
2018-08-21 09:10:58 +00:00
Ben L. Titzer
438e7ec6dc Reland "[asmjs] Properly validate asm.js heap sizes"
This is a reland of 5c3092718e
(the CL was reverted because of a Chromium test that is now fixed)

Original change's description:
> Reland "[asmjs] Properly validate asm.js heap sizes"
>
> This is a reland of 5d69010e26
>
> Original change's description:
> > [asmjs] Properly validate asm.js heap sizes
> >
> > Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> > limitations on the size of asm.js heaps.
> >
> > R=clemensh@chromium.org
> > CC=​mstarzinger@chromium.org
> >
> > Bug: chromium:873600
> > Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> > Reviewed-on: https://chromium-review.googlesource.com/1174411
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55163}
>
> Bug: chromium:873600
> Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
> Reviewed-on: https://chromium-review.googlesource.com/1179681
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55193}

Bug: chromium:873600
Change-Id: I6eca2a89589070837b109278f964fc8e9a0fd6f1
Reviewed-on: https://chromium-review.googlesource.com/1183081
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55249}
2018-08-21 09:00:04 +00:00
Georg Neis
c4d1a00873 [turbofan] Serialize SharedFunctionInfo.
GetBytecodeArrayRegisterCount is still missing.

Bug: v8:7790
Change-Id: I7255e60ef13e48a514cc09231cdb3cc42328d441
Reviewed-on: https://chromium-review.googlesource.com/1181568
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55248}
2018-08-21 08:57:15 +00:00
Creddy
29a112bbad Enable one shot flag by default
By default, enable one-shot optimization.

BUG=v8:8072

Change-Id: I353eb05325b9abfa9b9fab48cf47bad2891798e9
Reviewed-on: https://chromium-review.googlesource.com/1181901
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#55247}
2018-08-21 08:38:57 +00:00
Hai Dang
bbe3d9913d Change CloneFastJSArray to use ExtractFixedArray.
This makes CloneFastJSArray allocate exact memory needed for the elements
to be copy, instead of over-allocating.

Bug: chromium:875723
Change-Id: Id8e14cff3caf42eb0fb4090ec755f1cadcf518e6
Reviewed-on: https://chromium-review.googlesource.com/1180893
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55246}
2018-08-21 08:37:56 +00:00
Dominik Inführ
64e04c96af [heap-profiler] Store locations in snapshot
Start storing locations in heap snapshot file. Initial support
for closure, additional object types might be added in the future.
Needed to show source code locations for objects in the DevTools
heap snapshot viewer.

Bug: chromium:854097
Change-Id: I12659373ce1adf67b55c6a10ea1d0465fcdb4a10
Reviewed-on: https://chromium-review.googlesource.com/1174257
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55245}
2018-08-21 08:23:00 +00:00
Dan Elphick
fe5e07d763 Reland "[builtins] Start adding byte code handlers to builtins"
This is a reland of 041ae1f879

The clashing method has been fixed.

Original change's description:
> [builtins] Start adding byte code handlers to builtins
>
> Adds a new build flag, v8_enable_embedded_bytecode_handlers, that adds
> the bytecode handlers to the BUILTIN_LIST macros.
>
> Currently it's not connected up to the code-generation so it actually
> does nothing except expand the builtins table.
>
> Bug: v8:8068
> Change-Id: Iaecc3982cf22d04e6c46169b86c9d694952fd091
> Reviewed-on: https://chromium-review.googlesource.com/1179887
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55215}

Bug: v8:8068
Change-Id: Ibc98929a9ad464e9d4c9fc7d43401f0fb0df9a00
Reviewed-on: https://chromium-review.googlesource.com/1181981
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55244}
2018-08-21 07:42:52 +00:00
Rodrigo Bruno
cd2126fedd [heap] split ExternalStringTable verify into new space and full (new and old)
Bug: chromium:875847
Change-Id: I1412b25c667dc007dd4f605ec9abe20670e75836
Reviewed-on: https://chromium-review.googlesource.com/1181567
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Cr-Commit-Position: refs/heads/master@{#55243}
2018-08-21 07:09:22 +00:00
Aseem Garg
dd65e4b837 Revert "Reland "[asmjs] Properly validate asm.js heap sizes""
This reverts commit 5c3092718e.

Reason for revert: Broke fast/workers/worker-shared-asm-buffer.html

Original change's description:
> Reland "[asmjs] Properly validate asm.js heap sizes"
>
> This is a reland of 5d69010e26
>
> Original change's description:
> > [asmjs] Properly validate asm.js heap sizes
> >
> > Enforce both engine limitations and spec (http://asmjs.org/spec/latest/)
> > limitations on the size of asm.js heaps.
> >
> > R=clemensh@chromium.org
> > CC=​mstarzinger@chromium.org
> >
> > Bug: chromium:873600
> > Change-Id: I104c23bbd0a9a7c494f97f8f9e83ac5a37496dfd
> > Reviewed-on: https://chromium-review.googlesource.com/1174411
> > Commit-Queue: Ben Titzer <titzer@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#55163}
>
> Bug: chromium:873600
> Change-Id: Id24070bda3aafb9e1a32af0732a1b18f633ef932
> Reviewed-on: https://chromium-review.googlesource.com/1179681
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55193}

TBR=mstarzinger@chromium.org,titzer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:873600
Change-Id: I5845c584c7ac399b9b7939f5fd50c09b7b2cc3d2
Reviewed-on: https://chromium-review.googlesource.com/1182616
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55242}
2018-08-21 00:51:54 +00:00
Aseem Garg
a4235f0093 Revert "[runtime] Improve for-in performance"
This reverts commit 8fa7f9ed93.

Reason for revert: Speculating that this breaks GC stress

Original change's description:
> [runtime] Improve for-in performance
> 
> - Add fast-path String conversion for Smi (which is the most common case)
>   This improves for-in by ~10% on non-initialized enum-caches
> - Don't use the NumberStringCache for large indices to not overflow the cache
>   during key collection. This improves worst-case performance by ~2.5x
> - Drop number_to_string_native and number_to_string_runtime counters
> 
> Bug: v8:7717
> Change-Id: Ic1ff385e3374e6a7e7e7bdb9ae75fb8c238105d1
> Reviewed-on: https://chromium-review.googlesource.com/1167049
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55233}

TBR=ulan@chromium.org,cbruni@chromium.org,verwaest@chromium.org

Change-Id: I8d0332478afcd7c6a3f8fbf1f044b9aa870b6b13
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7717
Reviewed-on: https://chromium-review.googlesource.com/1182676
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55241}
2018-08-21 00:34:43 +00:00
Ujjwal Sharma
126e88db07 [intl] Port DateTimeFormat.prototype.format and bound format function to C++
This increases the size of a DateFormat instance by a word to store
the bound format function.

The instance to be bound is stored on the context of this builtin function.

Bug: v8:7800
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I05968251d3411f5126dba3ce9b5b6b29836fd5dc
Reviewed-on: https://chromium-review.googlesource.com/1178763
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55240}
2018-08-21 00:00:08 +00:00
Frank Tang
8e57cd51fd [Intl] move Date.prototype.toLocale{,Date,Time}String to C++
Bug: v8:7961
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ie75eb443fc0907a4e1e4cafd4f5c06c23794f5a9
Reviewed-on: https://chromium-review.googlesource.com/1156123
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55239}
2018-08-20 22:17:40 +00:00
Vasili Skurydzin
97473f49e5 ppc: Allow passing r0 as a second argument to instructions in
PPC_X_OPCODE_D_FORM_LIST.

Change-Id: Ia4fbe3f81bdc8569f7b168c11362e3d99c1d2188
Reviewed-on: https://chromium-review.googlesource.com/1181646
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#55238}
2018-08-20 21:29:47 +00:00
Ross McIlroy
454f19e6c6 [Tests] Fix math-log2-log10.js on Android
BUG=v8:8074

Change-Id: I012666ff1a06d0a53f893031a3caf38ed0d40229
Reviewed-on: https://chromium-review.googlesource.com/1181421
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55237}
2018-08-20 20:06:13 +00:00
Georg Neis
72188ea993 [turbofan] Serialize feedback vector.
R=jarin@chromium.org

Bug: v8:7790
Change-Id: Id73084879bb0d03327e871bdd063353495c07a5b
Reviewed-on: https://chromium-review.googlesource.com/1180894
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55236}
2018-08-20 20:00:30 +00:00