Commit Graph

52535 Commits

Author SHA1 Message Date
Yang Guo
2028d1d8b1 Add test case for ValueDeserializer
Bug: chromium:905940
Change-Id: Ifc5e04ea871539af3a690d75b4eddf54168836df
Reviewed-on: https://chromium-review.googlesource.com/c/1340283
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57593}
2018-11-19 09:00:46 +00:00
Jakob Gruber
33da71971f [nojit] Move several IC stubs to builtins
KeyedLoadSloppyArguments -> KeyedLoadIC_SloppyArguments
KeyedStoreSloppyArguments -> KeyedStoreIC_SloppyArguments
LoadIndexedIntercepter -> LoadIndexedInterceptorIC
StoreInArrayLiteralSlowStub -> StoreInArrayLiteralIC_Slow
StoreInterceptor -> StoreInterceptorIC
StoreSlowElementStub -> KeyedStoreIC_Slow

A few Store stubs were parameterized for the sole purpose of
determining the KeyedAccessStoreMode later on. These are now
implemented as a dedicated builtin for each store mode.

Bug: v8:7777
Change-Id: I743474b0e6c5d6ec2513bb9f8f3a93c5c0535927
Reviewed-on: https://chromium-review.googlesource.com/c/1339859
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57592}
2018-11-19 08:32:55 +00:00
v8-ci-autoroll-builder
c18dc78584 Update V8 DEPS.
Rolling v8/build: 1caa03d..2fb6537

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I68d342787770515ebbd38b81c341202026b24a25
Reviewed-on: https://chromium-review.googlesource.com/c/1341462
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57591}
2018-11-19 03:29:23 +00:00
Jungshik Shin
197a2c42f2 Drop regress-{8432,8413} from intl.status.
Both regress-8432 and regress-8413 pass with the latest ICU
roll to 407b393.

TBR=ftang@chromium.org,gsathya@chromium.org,machenbach@chromium.org

Bug: v8:8432,v8:8414
Change-Id: I56f3d88c1f90021ad51062bc5f26a9e88877f954
Reviewed-on: https://chromium-review.googlesource.com/c/1341455
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57590}
2018-11-18 09:07:16 +00:00
v8-ci-autoroll-builder
27eeb711a3 Update V8 DEPS.
Rolling v8/third_party/icu: 45f655f..407b393

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I66c8e7e5cb96dbaa4a2e80d0eaace3dfd1624c79
Reviewed-on: https://chromium-review.googlesource.com/c/1341454
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57589}
2018-11-18 03:46:57 +00:00
v8-ci-autoroll-builder
076ea0b9c9 Update V8 DEPS.
Rolling v8/build: e983b53..1caa03d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e69406d..b81a9c7

Rolling v8/third_party/depot_tools: 8ada4d5..c6ffd7a

Rolling v8/tools/clang: b19f15a..1d879ce

Rolling v8/tools/swarming_client: f78187a..7f463e6

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Idd64c2a6be6f1664a19e84376d2d19d0fc68dbc6
Reviewed-on: https://chromium-review.googlesource.com/c/1341128
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57588}
2018-11-17 03:29:23 +00:00
Mathias Bynens
eb93a84632 Roll Test262
This roll should cover the last batch of upstream $DONOTEVALUATE
updates.

TBR=gsathya@chromium.org

Bug: v8:7834, v8:8467
Change-Id: Ia1c6e8fa2fd7fd020c5499b3825a8c1e6c14db47
Reviewed-on: https://chromium-review.googlesource.com/c/1338348
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57587}
2018-11-17 03:04:01 +00:00
Junliang Yan
d6d0c160c4 PPC/s390: [heap] Removed unused slow object lookup functions.
Port 01079cb82f

R=hpayer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I4b107ecdcd0759296daf6f6eb06b522bdfb36f44
Reviewed-on: https://chromium-review.googlesource.com/c/1340460
Reviewed-by: Muntasir Mallick <mmallick@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#57586}
2018-11-16 20:19:21 +00:00
Johannes Henkel
f0d703bce7 [DevTools] CheckProtocolCompatibility.py -> check_protocol_compatibility.py
The CamelCase file is deprecated and I'd like to remove it at some point.

Change-Id: Iba491b01e5993ce2778c2ec58123e3aecafaf0ae
Reviewed-on: https://chromium-review.googlesource.com/c/1338346
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57585}
2018-11-16 20:10:31 +00:00
Ulan Degenbaev
6b55356d3a [heap] Decouple code deoptimization from clearing weak objects.
This patch allows the deoptimizer to keep embedded pointers intact.
Previously, the deoptimizer had to clear embedded pointers because
the mark-compactor relied on the Code::marked_for_deoptimization flag
to indicate whether the embedder pointers were cleared or not.

This patch adds a new flag called Code::embedded_objects_cleared()
and thus can correctly clear dead weak objects in deoptimized code.

Bug: v8:8459
Change-Id: I6eb6ff3aa2182bc41730e0a249965f8d8c0525ce
Reviewed-on: https://chromium-review.googlesource.com/c/1335943
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57584}
2018-11-16 18:31:06 +00:00
Michael Hablich
f09bec92c1 Revert "[wasm] Open HandleScope in LogCode"
This reverts commit 2035042e87.

Reason for revert: Blocks the roll, see https://chromium-swarm.appspot.com/task?id=41356e9eff2a5010&refresh=10&show_raw=1 for error message

Original change's description:
> [wasm] Open HandleScope in LogCode
>
> In WasmCode::LogCode we allocate handles, but not all callers of LogCode
> open a HandleScope. Since the handles do not escape LogCode, we can just
> open a Handlescope in the function.
>
> R=​herhut@chromium.org
>
> Bug: v8:8461
> Change-Id: I2031b467f976a9af6f541b60af245573f33d9676
> Reviewed-on: https://chromium-review.googlesource.com/c/1337736
> Reviewed-by: Stephan Herhut <herhut@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57550}

TBR=ahaas@chromium.org,herhut@chromium.org

NOTRY=true

Bug: v8:8461
Change-Id: I4c95c79c029f4eed2bbaf1fcf7ccb04203335659
Reviewed-on: https://chromium-review.googlesource.com/c/1340287
Commit-Queue: Michael Hablich <hablich@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57583}
2018-11-16 18:00:58 +00:00
Ben L. Titzer
12d146cf23 [turbofan] Enable loop rotation
R=mstarzinger@chromium.org

Bug: v8:8423
Change-Id: Iefa50c221f38d1548ca2298e3c03c42d03d1c2d8
Reviewed-on: https://chromium-review.googlesource.com/c/1340281
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57582}
2018-11-16 16:44:49 +00:00
Michael Lippautz
e495884618 heap: Disallow allocation in first round of weak callbacks
Weak callbacks should not trigger recursive GCs during first round callbacks.
Any non-trivial work is supposed to be enqueued in the second round of
callbacks.

Bug: chromium:843903
Change-Id: Ieba58f31bab54c95b7d4027d3e16ee2d765438e7
Reviewed-on: https://chromium-review.googlesource.com/c/1340285
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57581}
2018-11-16 16:26:56 +00:00
Mythri
a6cb49032d Update bytecode handlers to work without feedback vectors
This is the first in a series of patches for adding support to execute
without feedback vectors. This cl updates some of the bytecode handlers
to check for feedback before using them. All these bytecodes only collect
type feedback, so their funcitonality would not change. This cl changes the
implementation for following bytecode:
  BinaryOperation
  CompareOperation
  UnaryOperation
  Call

Bug: v8:8394
Change-Id: I284bf9c010718c65f3fe76b6f3f4461b5bfa6742
Reviewed-on: https://chromium-review.googlesource.com/c/1333667
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57580}
2018-11-16 16:22:55 +00:00
Toon Verwaest
83fd98abe9 [parser] Track the correct entry-point for with/sloppy eval
This way we'll always only use the variables_ map of the first ScopeInfo-backed
Scope in the Scope chain.

Change-Id: I9187f7ef0b300b3ee36184d6dddd37242786c19a
Reviewed-on: https://chromium-review.googlesource.com/c/1340284
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57579}
2018-11-16 16:03:16 +00:00
Clemens Hammacher
1952f92838 [iwyu] Ensure that macro assembler includes happen correctly
The platform specific macro assembler headers can not be included
directly. They require symbols declared in macro-assembler.h.
We also cannot include macro-assembler.h from the platform specific
headers, because that would form a cycle, and the include in
macro-assembler.h would be skipped, which then also fails.

This CL documents and enforces this unfortunate situation.
This helps with further iwyu cleanups.

Note that current code which includes the platform specific headers
only works because we transitively included macro-assembler.h already
before.

R=mstarzinger@chromium.org

Bug: v8:8238, v8:7490
Change-Id: I2dc65ad950400941406e1f2f8969d0d15f524bf8
Reviewed-on: https://chromium-review.googlesource.com/c/1340240
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57578}
2018-11-16 15:52:56 +00:00
Stephan Herhut
b344f31cde [wasm] Commit code space eagerly when profiling
Under normal execution, we commit code space in page chunks as we
need it. However, this confuses linux perf, as it generates mmap
events in the trace that seem to override the synthetic ones that
are inserted by perf inject.

Instead, when profiling with perf, we now commit the maximum code
space size upfront, leading to a single mmap event early on. While
this significantly increases memory use, it should not impact
profiling of running wasm code.

Bug: v8:8462
Change-Id: I078e9e486fe4ddecdea0b58543cc6bc5873cdfee
Reviewed-on: https://chromium-review.googlesource.com/c/1340279
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57577}
2018-11-16 15:38:53 +00:00
Georg Neis
f28a753354 [bigint] Make competing read/write operations on bitfield atomic.
GC needs to be able to read a bigint's length while the main thread may
change the length and the sign (bigints are intentionally mutable as
long as they haven't escaped to user code). Since both values are stored
in the same bitfield, we need to make these accesses atomic.

Also change right-trimming to not insert a filler when the object is
in large object space (it makes no sense there).

Bug: v8:8440
Change-Id: I72a1b6f1eda54566d3cfad554dda1a98ddd61975
Reviewed-on: https://chromium-review.googlesource.com/c/1337737
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57576}
2018-11-16 15:01:08 +00:00
Clemens Hammacher
42ece78cbb [wasm] Remove unused CompilationEnv for wrappers
R=titzer@chromium.org

Bug: v8:8238
Change-Id: I458656fcd04b7d27054717842910d563d81c5392
Reviewed-on: https://chromium-review.googlesource.com/c/1332301
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57575}
2018-11-16 14:55:27 +00:00
Toon Verwaest
61029a5cf0 [parser] Only lookup in entry_point->variables_ of the ScopeInfo-backed chain.
We now only cache Variable* in entry_point->variables_ so there's no point in
looking at all variables_ in the entire chain.

Change-Id: I3d1f389a9ad7d790d2e778a72cd5f7fc47880233
Reviewed-on: https://chromium-review.googlesource.com/c/1340245
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57574}
2018-11-16 14:44:27 +00:00
Clemens Hammacher
e5847dd82a [fuzzer] Improve wasm-compile fuzzer
For short inputs (<= size of the type we want to generate), we fell back
to just generating constants. This CL changes that to only fall back to
constants once a single byte remains, and adds options to use constants
already before that.

R=ahaas@chromium.org

Bug: v8:894307
Change-Id: Ic4bf05d06090f52b67de2b322a9d5dcab6bbbe39
Reviewed-on: https://chromium-review.googlesource.com/c/1337739
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57573}
2018-11-16 14:15:48 +00:00
Ben L. Titzer
c01bfa9af9 [turbofan] Implement loop rotation
This CL implements an assembly order optimization that moves blocks
that end a loop with an unconditional backedge to the beginning of
the loop, saving a branch.

R=jarin@chromium.org,mstarzinger@chromium.org
BUG=v8:8423

Change-Id: I8a5d25f5472d71227af0f623277ea8d0a8d69867
Reviewed-on: https://chromium-review.googlesource.com/c/1335944
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57572}
2018-11-16 13:52:12 +00:00
Jaroslav Sevcik
7a682a38a9 Revert "[regexp] Introduce species constructor protector for regexps."
This reverts commit 3ca32e9828.

Reason for revert: Breaks waterfall (V8 fuzzer)

Original change's description:
> [regexp] Introduce species constructor protector for regexps.
> 
> Bug: v8:8445
> Change-Id: Iea69c65d0054b24b3f8c7234c4c556ebee2dd45f
> Reviewed-on: https://chromium-review.googlesource.com/c/1335696
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57564}

TBR=ulan@chromium.org,jarin@chromium.org,jgruber@chromium.org

Change-Id: I8f926abdd129d9868f2c9c5dbb29096c08bd1ff7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8445
Reviewed-on: https://chromium-review.googlesource.com/c/1340239
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57571}
2018-11-16 12:46:18 +00:00
Benedikt Meurer
7303633b1c [api] Introduce Object::New() pendant of Object.create().
This adds a new C++ API method

```cpp
Local<Object> Object::New(
  Isolate* isolate,
  Local<Value> prototype_or_null,
  Local<Name>* keys,
  Local<Value>* values,
  size_t size);
```

which is similar to the `Object.create()` builtin exposed by JavaScript.
This new API is supposed to be used by the `http2` (in Node.js) to speed
up the creation of the HTTP header object.

Bug: v8:8422
Change-Id: I9910e88de0af2cbd8ce8a1d6cb6caa9451fb8cb4
Design-Document: http://bit.ly/v8-fast-object-create-cpp
Reviewed-on: https://chromium-review.googlesource.com/c/1337569
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57570}
2018-11-16 12:15:00 +00:00
Ross McIlroy
f2ea65d927 [Debugger] Hold a strong reference to debug bytecode from DebugInfo.
With BytecodeArray flushing the SFI->BytecodeArray pointer will become pseudo weak.
In order to prevent instrumented bytecode from being flushed while the function is
being debugged, hold onto the instrumented bytecode strongly.

BUG=v8:8395

Change-Id: Ie346732b77833afa0595a84a4956295e50855392
Reviewed-on: https://chromium-review.googlesource.com/c/1312849
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57569}
2018-11-16 11:55:18 +00:00
Toon Verwaest
c8cbf23a83 [scanner] Reset invalid_template_escape_message during Bookmark::Apply
Bug: chromium:905587
Change-Id: I168fdfd433edcda61dcefd0df9df8a12c5294339
Reviewed-on: https://chromium-review.googlesource.com/c/1340040
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57568}
2018-11-16 10:43:24 +00:00
Georg Neis
b3614b0037 [runtime] Add missing include in runtime-interpreter.cc
This fixes building with 'v8_enable_trace_ignition = true'.

Change-Id: I991b3eaba2e1a50fe9f08ae5dec765c8257a5c26
Reviewed-on: https://chromium-review.googlesource.com/c/1340039
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57567}
2018-11-16 10:40:04 +00:00
Yang Guo
206b8e0851 Check array element length in ValueDeserializer
Bug: chromium:905940

Change-Id: I1d0cd85e7d8b32c08a6b680af5c2bde5adeb9259
Reviewed-on: https://chromium-review.googlesource.com/c/1339699
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57566}
2018-11-16 10:18:54 +00:00
Toon Verwaest
7762b23087 [parser] Declare scope-info deserialized function var on the cache scope
Bug: chromium:905907
Change-Id: I889a47dac1f240f3d656f41f43425cd7cd764c79
Reviewed-on: https://chromium-review.googlesource.com/c/1339862
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57565}
2018-11-16 10:12:21 +00:00
Jaroslav Sevcik
3ca32e9828 [regexp] Introduce species constructor protector for regexps.
Bug: v8:8445
Change-Id: Iea69c65d0054b24b3f8c7234c4c556ebee2dd45f
Reviewed-on: https://chromium-review.googlesource.com/c/1335696
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57564}
2018-11-16 10:07:03 +00:00
Jakob Gruber
6e5671e1cd [nojit] Embed InterpreterEntryTrampoline
This marks the InterpreterEntryTrampoline as isolate-independent. With
this change, all builtins are now embedded.

Slight changes were needed to how we deopt into the trampoline. We now
store the entry address within the Interpreter class instead of
embedding the builtin code target.

Bug: v8:7777
Change-Id: If781bf6f06cb2efbab1369ece757f04c343a1b38
Reviewed-on: https://chromium-review.googlesource.com/c/1337734
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57563}
2018-11-16 09:36:05 +00:00
Jakob Gruber
ca38b84bb1 [builtins] Pull EmbeddedData and InstructionStream into one file
This pulls both classes into a dedicated file. InstructionStream may
be removed in a follow-up.

Tbr: mlippautz@chromium.org
Bug: v8:6666
Change-Id: Ibd374eba25cebf7495390ec13f6b4aeac5e1dc01
Reviewed-on: https://chromium-review.googlesource.com/c/1337738
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57562}
2018-11-16 09:35:00 +00:00
v8-ci-autoroll-builder
c0281e928d Update V8 DEPS.
Rolling v8/build: ccf9ff5..e983b53

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8a6451c..e69406d

Rolling v8/third_party/depot_tools: f66e551..8ada4d5

Rolling v8/tools/clang: fa8094f..b19f15a

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Id7245fc90eee541a03b16d30b337db4afb07bc7f
Reviewed-on: https://chromium-review.googlesource.com/c/1339239
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57561}
2018-11-16 09:33:55 +00:00
Jakob Kummerow
df99becfca [ubsan] Check valid types on ExternalReference-called functions
All C++ functions called directly from generated code must have
a predictable ABI. We ensure that by requiring their return and
argument types to be scalars -- in particular, they must not be
non-pointer ObjectPtr or ObjectSlot types, which is easy to get
wrong and difficult to debug. This patch adds compile-time type
checks enforcing the requirement to the macro used for creating
ExternalReferences for functions.

Bug: v8:3770
Change-Id: I442cf25e2f72b7ea84d4a50c9c665b187b179ca0
Reviewed-on: https://chromium-review.googlesource.com/c/1334974
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57560}
2018-11-16 09:32:51 +00:00
Jakob Gruber
6bafa880b4 Revert "[turbofan] Use feedback when reducing global loads/stores."
This reverts commit 9c91b6877a.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm%20GC%20Stress/8864

Original change's description:
> [turbofan] Use feedback when reducing global loads/stores.
> 
> We already record the script context location or the property cell
> as feedback of the global load/store IC, so Turbofan doesn't need
> to do the lookups again.
> 
> Change-Id: I6cbd2937de344729cd8e146b4ff85ddf3de6a56e
> Reviewed-on: https://chromium-review.googlesource.com/c/1335691
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57555}

TBR=neis@chromium.org,ishell@chromium.org,bmeurer@chromium.org

Change-Id: I99d72075e01348733fecdffc6b5572b96eb577b4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1339860
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57559}
2018-11-16 09:31:46 +00:00
Sergiy Byelozyorov
f401cd4b2c [tools] Re-land: Add retries when trying to discover the device
This is an experimental change that may help mitigate the issue.

TBR=machenbach@chromium.org

No-Try: true
No-Tree-Checks: true
Bug: chromium:893593
Change-Id: Idf15a63006c2c7ba2c31482e5103b2a0b1d64510
Reviewed-on: https://chromium-review.googlesource.com/c/1339401
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57558}
2018-11-16 07:03:37 +00:00
Sergiy Byelozyorov
02f1529b1b Revert "[tools] Add retries when trying to discover the device"
This reverts commit f1741bdd2b.

Reason for revert: forgot to import 'time' module

Original change's description:
> [tools] Add retries when trying to discover the device
> 
> This is an experimental change that may help mitigate the issue.
> 
> TBR=machenbach@chromium.org
> 
> No-Try: true
> No-Tree-Checks: true
> Bug: chromium:893593
> Change-Id: Ideb74a83b9937dbe917e8c7c93305d9824b48a93
> Reviewed-on: https://chromium-review.googlesource.com/c/1339419
> Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57556}

TBR=machenbach@chromium.org,sergiyb@chromium.org

Change-Id: I5ae591e099f630fdb4cd63d18bfb2f1bf347f929
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:893593
Reviewed-on: https://chromium-review.googlesource.com/c/1339519
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57557}
2018-11-16 06:54:07 +00:00
Sergiy Byelozyorov
f1741bdd2b [tools] Add retries when trying to discover the device
This is an experimental change that may help mitigate the issue.

TBR=machenbach@chromium.org

No-Try: true
No-Tree-Checks: true
Bug: chromium:893593
Change-Id: Ideb74a83b9937dbe917e8c7c93305d9824b48a93
Reviewed-on: https://chromium-review.googlesource.com/c/1339419
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57556}
2018-11-16 06:36:32 +00:00
Georg Neis
9c91b6877a [turbofan] Use feedback when reducing global loads/stores.
We already record the script context location or the property cell
as feedback of the global load/store IC, so Turbofan doesn't need
to do the lookups again.

Change-Id: I6cbd2937de344729cd8e146b4ff85ddf3de6a56e
Reviewed-on: https://chromium-review.googlesource.com/c/1335691
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57555}
2018-11-15 17:40:21 +00:00
Predrag Rudic
b2f7f40a13 MIPS[64]: Fix build failure.
On MIPS and MIPS64 build began to fail after this commit:
01079cb82f.

Change-Id: Ib967fc0d17ce1d10fdfa97d541ce9e761508593f
Reviewed-on: https://chromium-review.googlesource.com/c/1337741
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#57554}
2018-11-15 17:09:18 +00:00
Mathias Bynens
837efe703f Roll Test262
Bug: v8:7834
Change-Id: I1986c55cb884acfce11f779a23d303cd126c43d7
Reviewed-on: https://chromium-review.googlesource.com/c/1336471
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57553}
2018-11-15 16:44:41 +00:00
Clemens Hammacher
59a8eba8d7 [Liftoff] Fix 64bit shift on ia32
With just five cache registers, Liftoff can run out of memory on a
64bit shift. This CL solves this by using a parallel register move and
pinning less registers.

R=ahaas@chromium.org

Bug: chromium:894307
Change-Id: I91ed0fee00ceb452841e5d1bb10905be6702dcce
Reviewed-on: https://chromium-review.googlesource.com/c/1337580
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57552}
2018-11-15 16:43:34 +00:00
Hannes Payer
01079cb82f [heap] Removed unused slow object lookup functions.
Change-Id: Ic9be35646beb47d0074154aa2e38dc9527911b01
Reviewed-on: https://chromium-review.googlesource.com/c/1327046
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57551}
2018-11-15 15:55:37 +00:00
Andreas Haas
2035042e87 [wasm] Open HandleScope in LogCode
In WasmCode::LogCode we allocate handles, but not all callers of LogCode
open a HandleScope. Since the handles do not escape LogCode, we can just
open a Handlescope in the function.

R=herhut@chromium.org

Bug: v8:8461
Change-Id: I2031b467f976a9af6f541b60af245573f33d9676
Reviewed-on: https://chromium-review.googlesource.com/c/1337736
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57550}
2018-11-15 15:44:30 +00:00
Predrag Rudic
f1d2400b37 MIPS[64]: Fix Dlsa/Lsa instructions emission.
Emit Dlsa/Lsa only on revision 6 or when MSA is supported. Since we
support MSA only on r6, it is the only thing that is checked.
Added check if shift of Dlsa/Lsa is in range 0<shift<=31

Change-Id: Ic3902fcccc1a2e3ecc5f550ea3b7980bd2bb4c27
Reviewed-on: https://chromium-review.googlesource.com/c/1337581
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#57549}
2018-11-15 15:23:56 +00:00
Jakob Gruber
a6e7d781ee [nojit] Store a dedicated InterpreterEntryTrampoline copy on roots
V8 supports a mechanism to generate better profiling information for
ticks in bytecode execution. Usually, these would find the IET but would
not know which JS function is currently being executed. With
--interpreted_frames_native_stack, we create a dedicated copy of the
IET for each JS function, which the profiler can use the infer the
current function.

This mechanism doesn't work when IET is embedded. But JIT-less V8 will
require all builtins to be embedded.

This CL implements a workaround that should keep all configuration
happy: We keep a full copy of IET on the root list for sole purpose of
using it as a template to create copies for profiling later on. The
'real' IET builtin itself can be embedded in a follow-up CL.

Change-Id: Iaf1629708f0e41c3683979245019fbd3e3153c97
Reviewed-on: https://chromium-review.googlesource.com/c/1335700
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57548}
2018-11-15 15:06:53 +00:00
Peter Marshall
8f4c5abf90 [cpu-profiler] Fix flaky MultipleIsolates test
This test is only flaky because the js code being profiled causes a
'fast-c-call' which is a call from JS to C without an exit frame.

The profiler stumbles on these and reads the stack of C++ frames when
it shouldn't, causing ASAN errors. This is not actually related to
the multiple isolates, so I'm changing the test to profile different
JS code that does not cause these types of calls. There is already a
test for fast-c-calls - NativeFrameStackTrace (which currently fails).

Bug: v8:8464
Change-Id: I32818f0894e5680cf5a39779a2779eda36dfe9f1
Reviewed-on: https://chromium-review.googlesource.com/c/1337571
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57547}
2018-11-15 15:03:33 +00:00
Jakob Gruber
bd8ed720cf Reland "[snapshot] Emit the embedded blob as assembly instead of inline assembly"
This is a reland of 0b13f0f517

Original change's description:
> [snapshot] Emit the embedded blob as assembly instead of inline assembly
>
> The motivation behind this is that MSVC doesn't support inline assembly
> on x64. Emitting the embedded blob as a plain assembly file will give us
> MSVC support (and possibly faster compilation times as a side-effect).
>
> Bug: v8:6666,v8:8349
> Change-Id: I2e6cf072faa9ef406fe721a05b63912c655546c2
> Reviewed-on: https://chromium-review.googlesource.com/c/1329205
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57524}

Tbr: yangguo@chromium.org,mvstanton@chromium.org
Bug: v8:6666, v8:8349
Change-Id: Ib35696b60a9cd01bc2edf459c8e8d84716e3438d
Reviewed-on: https://chromium-review.googlesource.com/c/1337733
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57546}
2018-11-15 14:53:51 +00:00
Mike Stanton
66e0c16424 ScheduleLateNodeVisitor: check if dominator block is marked
R=mstarzinger@chromium.org

Change-Id: Ifc6411f4825b5056ab35f9b7d0a604bed4004110
Reviewed-on: https://chromium-review.googlesource.com/c/1337732
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57545}
2018-11-15 14:48:21 +00:00
Toon Verwaest
9486f220c2 [parser] Remove ContextSlotCache
Now that we always cache lookups through scope-info-backed scopes on the
entry-point scope-info-backed scope, we don't need additional caching
per scope-info. The one missing piece was negative lookups, but they
automatically turn into DynamicGlobals which we also cache on the entry
scope.

The one possible difference is that we don't cache across compilation,
but seems unlikely to be very beneficial. We'll keep an eye out for
regressions though.


Change-Id: I23186d2b085d2042fafa32fb3cca88f88c61074c
Reviewed-on: https://chromium-review.googlesource.com/c/1337731
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57544}
2018-11-15 14:31:50 +00:00