Commit Graph

52535 Commits

Author SHA1 Message Date
Jakob Kummerow
4f79c30583 Speed up two tests by skipping slow asserts
pending a better approach.

Bug: v8:8516
Change-Id: Ic107184b46c85ae5724619cc82c99686aee7edb9
Reviewed-on: https://chromium-review.googlesource.com/c/1352794
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57893}
2018-11-28 09:17:23 +00:00
Toon Verwaest
bd114da7c3 [parser] Set rewritable_length to the correct length rather than 0
Bug: chromium:908975
Change-Id: I3dd9cf32de5b11554c2e1cbc0538c9b11ecda09d
Reviewed-on: https://chromium-review.googlesource.com/c/1352286
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57892}
2018-11-28 08:53:26 +00:00
tzik
894cc02144 Free empty MicrotaskQueue buffer on GC
MicrotaskQueue didn't free its buffer on GC phase if it's empty.

Bug: v8:8124
Change-Id: Icdd6a67873cab164dcf67ed1caf5cca55e3f7954
Reviewed-on: https://chromium-review.googlesource.com/c/1351856
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57891}
2018-11-28 07:24:29 +00:00
v8-ci-autoroll-builder
e3f6dff547 Update V8 DEPS.
Rolling v8/build: 076d347..bbd67a3

Rolling v8/test/wasm-js/data: e822213..3dc2dc2

Rolling v8/third_party/depot_tools: 6c18a1a..44d4b29

Rolling v8/tools/clang: 7fa2bdf..8a671fe

Rolling v8/tools/swarming_client: b6e9e23..157bec8

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I1ca88060fc4d1f9ca46ca68ba295f76fd50926f8
Reviewed-on: https://chromium-review.googlesource.com/c/1352793
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57890}
2018-11-28 07:23:25 +00:00
Ben Smith
b9c269a55e [wasm] Check decoder in {memory,table}.init
The MemoryInitImmediate and TableInitImmediate read a Memory/Table
index, followed by a segment index. If reading the first index fails, we
need to stop reading, or the decoder will read past the end.

Bug: chromium:907324
Change-Id: I3eb46c08d03e3b2e44ed4081d307b32c799abcec
Reviewed-on: https://chromium-review.googlesource.com/c/1351502
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57889}
2018-11-28 07:22:19 +00:00
Michael Achenbach
b115752cb3 Revert "[Intl] Handle invalid values in locale"
This reverts commit d37f6fd6a7.

Reason for revert:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20gc%20stress/19643

Original change's description:
> [Intl] Handle invalid values in locale
> 
> Fix the bug that we call setKeywordValue w/o convert the key to legacy key.
> 
> Bug: v8:7481
> Change-Id: I5a743e41d02b64385c5050fc1d83279741e24659
> Reviewed-on: https://chromium-review.googlesource.com/c/1339243
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Jungshik Shin <jshin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57886}

TBR=jshin@chromium.org,gsathya@chromium.org,ftang@chromium.org

Change-Id: I3765eed7a9bdf123321c6d0589dfb72ab8ae2b2f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7481
Reviewed-on: https://chromium-review.googlesource.com/c/1352284
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57888}
2018-11-28 07:20:20 +00:00
Aseem Garg
46186c50af [wasm] fix data race in futex-emulation wait
waiting_ flag is now set inside a lock to prevent data race. This means
that waiting_ is false when callback is called at start of wait. To deal
with the new behavior, NotifyWake now always tries to Notify and sets
interrupted_ flag which will be handled by any future wait.

R=binji@chromium.org
BUG=v8:8497

Change-Id: Ia4fd39bcf18875d9be21bafc176ab562b083e68b
Reviewed-on: https://chromium-review.googlesource.com/c/1351237
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57887}
2018-11-28 00:54:14 +00:00
Frank Tang
d37f6fd6a7 [Intl] Handle invalid values in locale
Fix the bug that we call setKeywordValue w/o convert the key to legacy key.

Bug: v8:7481
Change-Id: I5a743e41d02b64385c5050fc1d83279741e24659
Reviewed-on: https://chromium-review.googlesource.com/c/1339243
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57886}
2018-11-28 00:50:54 +00:00
Sven Sauleau
5686d294f6 [wasm] fix testharness - unreached_func
See usage in the js-api tests; previously it would have thrown without
executing any tests. Now, it can be used to generate trapping functions.

Bug: v8:8319
Change-Id: Ia1643d8f337a10ea86c1e700c7702ed7d3ed0c97
Reviewed-on: https://chromium-review.googlesource.com/c/1352298
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57885}
2018-11-27 22:37:56 +00:00
Jakob Kummerow
449fe71924 [ubsan] Port SmallOrderedHashTable and subclasses
to the new design.

Bug: v8:3770
Change-Id: Ic77a4f645a1ca3ed9be87690155e988723132471
Reviewed-on: https://chromium-review.googlesource.com/c/1350285
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57884}
2018-11-27 22:27:07 +00:00
Igor Sheludko
74f363a835 [heap] Update a check in incremental marker for Contexts
which are no longer derived from FixedArray and therefore IsFixedArray()
check no longer includes Contexts.

Bug: chromium:908877
Change-Id: I3aed0d38f5b1c00c9e27b7d5b6d29cdd5666ba86
Reviewed-on: https://chromium-review.googlesource.com/c/1352280
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57883}
2018-11-27 20:48:42 +00:00
Hannes Payer
bf5cc5624f [heap] Don't reset objects_size_ counter before freeing new LOs.
Bug: chromium:852420
Change-Id: I12cac5981cbb2af1c1bd150bfb5fcec028e8876d
Reviewed-on: https://chromium-review.googlesource.com/c/1352297
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57882}
2018-11-27 18:24:11 +00:00
Toon Verwaest
61cedbb6d6 [parser] Only take Scope::Snapshot when it's more likely we'll have an arrow function
That reduces the overhead of ParseAssignmentExpression at the cost of a few
more branches in the possible arrow head paths.

This also fixes the case where an outer scope of an arrow function didn't call eval
but a parameter initializer does. Previously the outer scope was also marked as
calling eval, causing worse performance. (Unlikely to happen though.)

Change-Id: I5263ef342f14e97372f5037fa659f32ec2ad6d34
Reviewed-on: https://chromium-review.googlesource.com/c/1352275
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57881}
2018-11-27 17:39:21 +00:00
Hannes Payer
db4287274f [heap] Fix various new LO space related DCHECKs.
Bug: chromium:852420
Change-Id: Ie3c2bb4d1d329e84e2cb9431cca129bdd7d09271
Reviewed-on: https://chromium-review.googlesource.com/c/1352291
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57880}
2018-11-27 17:36:02 +00:00
Caitlin Potter
3729410578 [cloneobjectic] initialize property array before filling it
This avoids leaving the heap in an invalid state if a GC occurs during
population of the cloned property array, as is done in other IC
builtins.

BUG=chromium:904167, v8:7611
R=jkummerow@chromium.org, ishell@chromium.org

Change-Id: I0350ed2d65b72e299f7109b7d5aa86331f60e940
Reviewed-on: https://chromium-review.googlesource.com/c/1350282
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57879}
2018-11-27 17:24:21 +00:00
Igor Sheludko
3649dc187d [ptr-compr] Use [Maybe]ObjectSlots as bottlenecks for accessing tagged fields
This CL introduces Tagged_t and AtomicTagged_t typedefs which represent
the storage type of tagged values in V8 heap.

Bug: v8:7703
Change-Id: Ib57e85ea073eaf896b6406cf0f62adcef9a114ce
Reviewed-on: https://chromium-review.googlesource.com/c/1352294
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57878}
2018-11-27 16:06:46 +00:00
Igor Sheludko
43a532fc38 [cleanup] Templatize AsAtomicWordX and AsAtomicPointer definitions
Bug: v8:8238
Change-Id: I7fa1538909bfaf368498ebcc1c59eed258e81a16
Reviewed-on: https://chromium-review.googlesource.com/c/1352272
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57877}
2018-11-27 14:54:40 +00:00
Joyee Cheung
535542a822 [parser] use ParsePropertyInfo as out parameter in object/class literals
This patch refactors the parsing of object literal properties and
class literal properties, putting the out parameters into a pointer of
struct `ParsePropertyInfo`. This struct is also aware of its potition
so `ParsePropertyName()` can also use this information to error
when parsing a private name in an object literal. It also makes
sure that the `ClassLiteralProperty::Kind` are all inferred
from the `ParsePropertyKind` and get used right away instead of
being passed around as out parameters.

Bug: v8:8330
Change-Id: I4c52592dfcaa3c8df30c4aba4c46e5c675acb394
Reviewed-on: https://chromium-review.googlesource.com/c/1347904
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57876}
2018-11-27 14:42:36 +00:00
Ross McIlroy
6292fdb84e [Debug] Special case DebugBreakOnBytecode for cases where we restart the frame.
When restarting a frame on returning from a debug break, we are going
to drop the current function frame, therefore the return value and
next bytecode are not going to be used. Special case these situations
since with bytecode flushing it is possible the SFI for the
executing function might have been flushed (if edited by liveedit)
which causes failures when trying to read from the bytecode array.

BUG=v8:8395

Change-Id: I18adaa5d91c244e6d13e8703ed41c300f793681d
Reviewed-on: https://chromium-review.googlesource.com/c/1352270
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57875}
2018-11-27 14:12:50 +00:00
Camillo Bruni
8e80210fe8 [log] Improve --trace-maps logging
Only log incrementally deserialized maps with --trace-maps instead of
iterating the whole heap and print all existing maps on every partial
deserialization for new contexts. This should greatly improve
performance of --trace-maps on websites with many iframes.

- Add helpers to share code: LogNewObjectEvents, LogScriptEvents,
  LogNewMapEvents
- Link AllocationSites before any GC

Change-Id: I5322421a83e057518f871540691511c80bc7786a
Reviewed-on: https://chromium-review.googlesource.com/c/1342029
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57874}
2018-11-27 14:02:25 +00:00
Sigurd Schneider
22f9a8e158 [tools] Improve locs.py
This CL fixes some style issues and improves json output for the LoC
counting script tools/locs.py.

Notry: true
Change-Id: I0805904e44ab240945ef88dd8214abb8ae02cf7d
Reviewed-on: https://chromium-review.googlesource.com/c/1352271
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57873}
2018-11-27 13:42:54 +00:00
Toon Verwaest
de20e6d3a8 [zone] Revert to previous zone allocation strategies due to severe memory regressions.
Unfortunately the previous strategy was slower but more memory efficient. For now simply revert.

Revert "[zone] Use 32kb instead of 1MB as high zone page size"
Revert "[zone] Get rid of the Zone's segment pool"
Revert "[zone] Further simplify zone expansion, use single default page size"

Bug: chromium:908359
Change-Id: I649542e7e61eef0c14a26ffd21039e8340ab4d04
Reviewed-on: https://chromium-review.googlesource.com/c/1351027
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57872}
2018-11-27 12:55:45 +00:00
Igor Sheludko
a31ffef811 [heap] Take expected OS page size into account for kStoreBufferSize
This CL fixes allocation size alignment violation when allocating store buffer.
If the actual CommitPageSize happens to be bigger than kMinExpectedOSPageSize
we will have a bit of memory wastage but that's a fair trade-off for having
fast store buffer overflow check in write barriers.

Change-Id: I1d775aa8b203cb198e8332477b0bc2befcd9b006
Reviewed-on: https://chromium-review.googlesource.com/c/1351007
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57871}
2018-11-27 12:46:58 +00:00
tzik
33ff811d86 Use NativeContext's embedder field for MicrotaskQueue
A pointer to MicrotaskQueue is stored in a NativeContext field as a Smi,
that is discouraged. This CL replaces it to use the dedicated field.

Bug: v8:8124
Change-Id: I5a770624b3a9c922051e86243da2ae216aaacf3a
Reviewed-on: https://chromium-review.googlesource.com/c/1351855
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57870}
2018-11-27 12:26:53 +00:00
Michael Starzinger
64d373e51e [heap] Fix i-cache flushing operation order.
This unifies the order of i-cache flushing and permission changing
throughout V8. According to cctest/test-icache flushing after the
permission change is not robust on some ARM32 and ARM64 devices.

There have been observed failures of {TestFlushICacheOfExecutable} on
some devices. So far there haven't been any observed failures of the
corresponding {TestFlushICacheOfWritable} test.

Also the order of flushing before the permission change is the natural
order in which the GC currently performs operations. Until we see
concrete data substantiating the opposite, the following is the
supported and intended order throughout V8:

  exec -> perm(RW) -> patch -> flush -> perm(RX) -> exec

This CL tries to establish said order throughout the codebase.

R=ulan@chromium.org
TEST=cctest/test-icache
BUG=v8:8507,chromium:845877

Change-Id: Ic945082e643aa2d142d222a7913a99816aff4644
Reviewed-on: https://chromium-review.googlesource.com/c/1351025
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57869}
2018-11-27 12:16:43 +00:00
Toon Verwaest
cbe1cfa249 [scopes] Push unresolved variables at the back so we can MoveTail to rescope
Pushing unresolved variables at the front was an optimization for the case
where we didn't have an end pointer. That forces us to do an O(<new elements>)
walk to rescope variables. The implementation was more generic and even did
O(<all elements>). Now that we have an end pointer we can simply push at the
end and MoveTail which is O(1).

Change-Id: I65cd5752b432223d95cd529452a064d8dcc812e1
Reviewed-on: https://chromium-review.googlesource.com/c/1351010
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57868}
2018-11-27 11:55:46 +00:00
Toon Verwaest
0851de1023 [parser] Combine UnaryExpression and CountExpression behind single range-check
Change-Id: I8704003f05e74d55e724d669f5bbcef5c2214bf4
Reviewed-on: https://chromium-review.googlesource.com/c/1351018
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57867}
2018-11-27 11:54:41 +00:00
Camillo Bruni
7a3cb59fad Fix Reflect.construct with constructors without a prototype slot
Bug: chromium:907714
Change-Id: Ie8eacff1b12ec74faa392a1d2c8545f873ab13a1
Reviewed-on: https://chromium-review.googlesource.com/c/1351023
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57866}
2018-11-27 11:52:41 +00:00
Yang Guo
3a437ce47a Reland "Implement Faster MicrotaskQueue Step 2"
This is an attempt to reland https://crrev.com/1d726111ab7087a5, that
was reverted at https://crrev.com/0a820125230bec24.

Tbr: bmeurer@chromium.org
Bug: chromium:887920, v8:7253
Change-Id: I785417de7d0560b93bda5ade623fa5be3647d7dd
Reviewed-on: https://chromium-review.googlesource.com/c/1350530
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57865}
2018-11-27 11:27:46 +00:00
Sigurd Schneider
ca39f55ae1 Revert "Use CopyElements (which uses memcpy) to copy FixedDoubleArray."
This reverts commit fac6f63eb8.

Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=907479

Original change's description:
> Use CopyElements (which uses memcpy) to copy FixedDoubleArray.
> 
> This improves the performance of ExtractFixedArray and
> CloneFastJSArray for double arrays, which in turn improve the
> performance of cloning double arrays with slice() or spreading.
> 
> This, however, does not improve performance of spreading holey
> double arrays, because spreading needs extra work to convert
> holes to undefined.
> 
> Bug: v8:7980
> Change-Id: Ib8aed74abbb0b06982a3b754e134fa415cb7de2d
> Reviewed-on: https://chromium-review.googlesource.com/c/1280308
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Hai Dang <dhai@google.com>
> Cr-Commit-Position: refs/heads/master@{#56680}

TBR=mvstanton@chromium.org,neis@chromium.org,sigurds@chromium.org,dhai@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7980, chromium:907479
Change-Id: Iacf37fa3276345fe8e264fe976d296b015ed6790
Reviewed-on: https://chromium-review.googlesource.com/c/1351003
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57864}
2018-11-27 11:04:43 +00:00
Dan Elphick
a8152aac70 [cleanup] Move ReturnValue::Set to V8_DEPRECATED
Moves ReturnValue::Set from V8_DEPRECATE_SOON to V8_DEPRECATED now that
chromium no longer uses it.

Bug: v8:7289, v8:8238
Change-Id: Ib705f62dcaa508a8b42a67ed7eaafe7860e3e848
Reviewed-on: https://chromium-review.googlesource.com/c/1351020
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57863}
2018-11-27 10:53:03 +00:00
Ulan Degenbaev
276c56269f Add date range validity check to the date parser.
Now the parser rejects dates outside the [-8640e12ms, 8640e12ms] range
as specified by ES6 section 20.3.1.1.

Bug: chromium:908248, v8:7781
Change-Id: I3391ce7398c971d54794e5011564a0527794667a
Reviewed-on: https://chromium-review.googlesource.com/c/1350996
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57862}
2018-11-27 10:28:30 +00:00
Clemens Hammacher
2fd073764f Revert "[wasm] Add more unit tests for trap handler"
This reverts commit 4644b32e02.

Reason for revert: Link errors on win64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20debug/25950

Original change's description:
> [wasm] Add more unit tests for trap handler
> 
> The unittests test if the trap handler only handles those traps it
> is supposed to handle:
> * Only handle traps when the thread-in-wasm flag is set.
> * Only handle traps of the right type, i.e. memory access violations.
> * Only handle traps at recorded instructions.
> 
> The tests also test the consistency of the thread-in-wasm flag. I made
> one change in the trap handler where that consistency could be
> violated.
> 
> All tests are executed with the default trap handler provided by V8,
> and with the trap handler callback installed in a test signal/exception
> handler.
> 
> Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
> Reviewed-on: https://chromium-review.googlesource.com/c/1340246
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57858}

TBR=mstarzinger@chromium.org,ahaas@chromium.org,mark@chromium.org

Change-Id: Iac2f20c73744226885ea1810813863a21c5faf8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1351021
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57861}
2018-11-27 10:26:41 +00:00
Clemens Hammacher
2cdd38e57a [wasm][test] Remove redundant function
The {setTableLength} method is redundant and has a single user. Remove
it, use {setTableBounds} instead.

Drive-by: Add default to the table max, to document that this can
actually be {undefined}, in which case the table has no maximum.

R=binji@chromium.org

Bug: v8:8238
Change-Id: I0d7a2f4d49d083f7adadbb4b6cd4933bcb1dc174
Reviewed-on: https://chromium-review.googlesource.com/c/1350126
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57860}
2018-11-27 10:13:32 +00:00
Ross McIlroy
a13550347f [Cleanup] Deprecate non-maybe versions of Function::New/Call
These functions have been marked V8_DEPRECATE_SOON for a long time,
now all uses have been removed from Chrome, mark them as deprecated.

BUG=v8:7290,v8:8238

Change-Id: If39a971a32b06ad3c32ce121db2effa23fce45fe
Reviewed-on: https://chromium-review.googlesource.com/c/1350124
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57859}
2018-11-27 10:03:20 +00:00
Andreas Haas
4644b32e02 [wasm] Add more unit tests for trap handler
The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.

The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.

All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.

Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
Reviewed-on: https://chromium-review.googlesource.com/c/1340246
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57858}
2018-11-27 09:59:49 +00:00
Michael Achenbach
ac97d522f9 [test] Skip tests unsuitable for gc fuzzing
See:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20NumFuzz%20-%20TSAN/3778

TBR=mslekova@chromium.org
NOTRY=true

Change-Id: I655a251a8c2364d0bc69b9b2e612967c29d49541
Reviewed-on: https://chromium-review.googlesource.com/c/1350999
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57857}
2018-11-27 09:11:41 +00:00
Michael Achenbach
369ff0767f [test] Bump shards on slow bot
NOTRY=true
TBR=sergiyb@chromium.org

Change-Id: I61597a265e5d98479cb88f5c8e01fed317044dd6
Reviewed-on: https://chromium-review.googlesource.com/c/1350998
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57856}
2018-11-27 09:06:28 +00:00
Daniel Clifford
1d08ecafbe [torque] Simplify and cleanup Cast and UnsafeCast
Change-Id: I57e21c5bc754ca07f52032f85ec8aeff96448dd0
Reviewed-on: https://chromium-review.googlesource.com/c/1342929
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57855}
2018-11-27 06:50:30 +00:00
v8-ci-autoroll-builder
524ab4e106 Update V8 DEPS.
Rolling v8/build: 2339062..076d347

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Id8a3dca4c41f178d2e267bc4f0e066a22886de18
Reviewed-on: https://chromium-review.googlesource.com/c/1351247
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57854}
2018-11-27 03:31:50 +00:00
Jakob Kummerow
0f581e4b99 [ubsan] Port Name/String/Symbol to the new design
Bug: v8:3770
Change-Id: I4da6404aa968adca1fbb49029fc304622101d6c3
Reviewed-on: https://chromium-review.googlesource.com/c/1349112
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57853}
2018-11-27 01:42:36 +00:00
Jakob Kummerow
fe0d26534c [cleanup] Drop ObjectSlot::Relaxed_Load(int, ...)
and Relaxed_Store(int, ...) by migrating the only call site
to using slot increment/decrement instead of offset calculations.
Also use SlotBase::location() more consistently.

Bug: v8:8238
Change-Id: I3099884a2a9e05041114205e7fb81691261afe19
Reviewed-on: https://chromium-review.googlesource.com/c/1349731
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57852}
2018-11-27 00:16:24 +00:00
Ben Smith
3896c04767 [wasm] Use uint32_t instead of unsigned
The style guide says that only `int` should be used of the builtin
integer types. Instead, we should use the stdint types.

See https://google.github.io/styleguide/cppguide.html#Integer_Types

Change-Id: I1af53a3bceefbfed85589b74a602c8ebe1c7ee25
Reviewed-on: https://chromium-review.googlesource.com/c/1342663
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57851}
2018-11-26 19:58:20 +00:00
Hannes Payer
9266bc2453 Reland: [heap] Release dead young generation large objects in the Scavenger.
This reverts commit 33713b5b61.

Bug: chromium:852420
Change-Id: I45f447b690af8534aeec8630a717abe92f4099f8
Reviewed-on: https://chromium-review.googlesource.com/c/1350997
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57850}
2018-11-26 19:47:20 +00:00
Hannes Payer
8930ad2bb9 [heap] Flip between large object and new large object allocation mode based on --young_generation_large_objects.
Bug: chromium:852420
Change-Id: I5bb03c6ab14b4e42988e917f7ca7d449d53723d8
Reviewed-on: https://chromium-review.googlesource.com/c/1350995
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57849}
2018-11-26 18:13:00 +00:00
Igor Sheludko
a86739187c [cleanup] Make Context independent of FixedArray
This CL makes it easier to organize the Context classes hierarchy and
simplifies Context class definition.

Bug: v8:8238
Change-Id: I65b8255daf255649c597dc195edf436d9471e3ea
Reviewed-on: https://chromium-review.googlesource.com/c/1350109
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57848}
2018-11-26 17:57:45 +00:00
Michael Lippautz
c32a378f48 [heap] Reland improvements for embedder tracing
Add a path into embedder tracing on allocation. This is safe as as Blink
is not allowed to call into V8 during object construction.

This is a reland of caed2cc033.

Also relands the cleanups of ce02d86bf2.

Bug: chromium:843903
Change-Id: Ic89792fe68337c540a1a93629aee2e92b8774ab2
Reviewed-on: https://chromium-review.googlesource.com/c/1350992
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57847}
2018-11-26 17:44:10 +00:00
Sergiy Belozorov
bf6b6fe6c9 [tools] Rename master.tryserver.blink:linux_trusty_blink_rel to luci.chromium.try:linux-blink-rel
TBR=machenbach@chromium.org

No-Try: true
No-Tree-Checks: true
Bug: chromium:868202
Change-Id: I0cfbd995d83733b30e58246b2faccc51379957a6
Reviewed-on: https://chromium-review.googlesource.com/c/1351017
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57846}
2018-11-26 16:52:36 +00:00
Ulan Degenbaev
1ad0cd560e Separate DescriptorArray from WeakFixedArray
This patch gives DescriptorArray its own visitor id and its
own layout that is independent from the layout of WeakFixedArray.
This allows us to use raw 16-bit integers for keeping track of
the number of descriptors (total, non-slack, and marked).

As a side-effect, we save one word per descriptor array on 64-bit.

v8:8486

Change-Id: If8389dde446319e5b3491abc948b52539dba235c
Reviewed-on: https://chromium-review.googlesource.com/c/1349245
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57845}
2018-11-26 16:41:20 +00:00
Ben L. Titzer
0397f782cd [wasm] Enable intrinsification of math imports
Flag flip to enable this feature.

R=mstarzinger@chromium.org

Bug: v8:8423
Change-Id: I59ee8c49c2f0323a32e8c7e6c9cf8d929b4a8bb4
Reviewed-on: https://chromium-review.googlesource.com/c/1349239
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57844}
2018-11-26 16:26:55 +00:00