Commit Graph

56305 Commits

Author SHA1 Message Date
Mythri A
61b56e19f8 [lite] Don't set bailout reason to NeverOptimize in lite mode
We used to set disable optimization bits in SFI to NeverOptimize in lite
mode to avoid optimizing in tests. Now, tests that need optimization use
intrinsics to force feedback vector allocation. Hence this is no longer
necessary.

Bug: v8:8394
Change-Id: I0aeaeacc34d838cf15698a9227b6964292b97240
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611545
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61513}
2019-05-15 09:43:13 +00:00
Igor Sheludko
a6dcbc545b [heap][ptr-compr] Use Heap::CopyRange() instead of tight copy loops
Also remove unused Factory::CopyFeedbackVector().

Bug: v8:7703
Change-Id: I75e16a55967e5970e4cbe3babae3a09d2a647313
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611542
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61512}
2019-05-15 09:26:25 +00:00
Jakob Kummerow
94f9c4afec [wasm-c-api] Faster types handling when calling into Wasm
We don't need the full "types" array, just the number of parameters
and the type of the result. Avoiding unnecessary malloc/free calls
significantly cuts down on overhead.

Change-Id: I738f0ee4c269731cf1ff79a56f910e8f7e97c83e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601505
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61511}
2019-05-15 09:24:35 +00:00
Michael Starzinger
946929f406 [wasm] Make interpreter clear reference stack slots.
This makes sure the interpreter clears any stale references from the
reference stack when they are popped/dropped. Otherwise stale values
would unnecessarily increase lifetime of operand stack slots.

R=ahaas@chromium.org
BUG=v8:7581

Change-Id: I6b8be56a815327229a66ea0c97b3646ac64f6461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612905
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61510}
2019-05-15 09:19:14 +00:00
Mythri A
97204f8e10 [lite] Don't skip tests that need feedback vector in lite mode
Tests that expect type feedback vector ensure it by using
%EnsureFeedbackVector intrinsic. These tests now work with lazy feedback
allocation as well. Hence it is no longer required to initialize the
shared function info with a special bailout id.

Bug: v8:8394
Change-Id: Iba2f94be7e5651b4faeb8b3bf604d17fb4b146ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609542
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61509}
2019-05-15 09:10:00 +00:00
Benedikt Meurer
c7ca8dacd2 [turbofan] Use CheckHeapObject only for StoreField.
Previously we had to use CheckHeapObject in front of every CheckMaps,
CompareMaps and TransitionElementsKind operation. Now these operators
request HeapObject representation themselves (requiring for CompareMaps
and TransitionElementsKind to remove the kNoDeopt property). This means
we only do CheckHeapObject for StoreField to a field that has HeapObject
representation.

This not only leads to smaller graphs in the compiler, but also removes
most uses of the CheckHeapObject operator, which doesn't express a real
semantic property in the compiler frontend.

Bug: v8:9183, v8:9250
Refs: nodejs/node#27667
Change-Id: Ie3d83de69583b1bed6c1c53444bfc97aaef624bb
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612902
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61508}
2019-05-15 09:08:55 +00:00
Nico Hartmann
099669ecf3 [js-perf-test] Add additional benchmarks for boolean constructor
Bug: v8:9240
Change-Id: I704e0932b00baf84c4203baa8336809b250855d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611681
Commit-Queue: Nico Hartmann <nicohartmann@google.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61507}
2019-05-15 09:07:15 +00:00
Georg Schmid
376d242fbf Make LoadElimination aware of const fields
Change-Id: I28f2c87ffae32d16bcfb7cb17ec6e607e7fa2285
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1599172
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61506}
2019-05-15 08:46:16 +00:00
Clemens Hammacher
05c3f23c6e [wasm][gc] Exclude asm.js and small modules from sampling
The histograms currently mostly contain very small modules (having
0 MB generated and 0 MB freed). Many of those are asm.js modules.
Just recording the modules that are actually interesting for wasm
code GC will give us more meaningful data.

R=mstarzinger@chromium.org

Bug: v8:8217
Change-Id: I1d9ba8134c2f3617f896afc42dc9e87c7852c319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611679
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61505}
2019-05-15 08:05:44 +00:00
Ujjwal Sharma
e7e512da66 [turbofan] Add fast path for single-character String#startsWith()
This CL adds a fast path to String#startsWith(s) if s is a
single character string.

Bug: v8:8400
Change-Id: Ibd6a9d1e46d98f41c198d2b579208e25003eedb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525362
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61504}
2019-05-15 07:33:54 +00:00
Benedikt Meurer
cca9ae3c9a [turbofan] Remove recursion from NeedsCheckHeapObject.
We use the predicate NeedsCheckHeapObject in the compiler frontend to
determine whether we can skip introducing CheckHeapObject nodes. But
this predicate would also walk up the graph in case of Phis, which can
result in really long compilation times (on the main thread). In the
report in https://github.com/nodejs/node/issues/27667, the compiler
frontend alone took around 4-5mins of main thread time for a single
function. With this patch the time goes down to 4-5ms.

Bug: v8:9250
Refs: nodejs/node#27667
Change-Id: I231eb780ff04f949fa1669714f9af6ebfbcade05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612897
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61503}
2019-05-15 07:16:44 +00:00
Richard Townsend
d07a30ba64 build: Add V8_EXPORT_PRIVATE to PushPopQueue
Fixes a link error for Windows on Arm component builds.

Change-Id: I848c3aac710b6cbb099011d9c56d7cbc8b5b97fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611683
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61502}
2019-05-15 07:01:34 +00:00
Mythri A
d9cff61e56 [future] Enable lazy feedback allocation in 'future' configuration
Bug: v8:8394
Change-Id: I5b4c02f5f36710b3fa15037e1fa1520b759447c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611798
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61501}
2019-05-15 06:32:33 +00:00
v8-ci-autoroll-builder
d482ee8d50 Update wasm-spec.
Rolling v8/test/wasm-js/data: 022589c..263af5a

[spec] Replace URLs with bikeshed biblio refs (#1018) (Ben Smith)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/263af5a

+ Security and Privacy Considerations on Core and JS-API (#1015) (Eric Prud'hommeaux)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/5baa425

[spec] Fix ToC of Appendix in w3c version (#1017) (Ben Smith)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/74dd66b

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I4336ff78d519d7af026198b27117635b097ce3c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612782
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61500}
2019-05-15 04:56:04 +00:00
v8-ci-autoroll-builder
e2043d3b15 Update V8 DEPS.
Rolling v8/build: ebde73c..9f8db49

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/95764ff..578d0b9

Rolling v8/third_party/depot_tools: 6a9b00e..b77f2db

Rolling v8/third_party/googletest/src: 3f5b5b8..9d4cde4

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ie433749a621fae680970b546410add834aa344c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1612536
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61499}
2019-05-15 03:53:34 +00:00
Z Duong Nguyen-Huu
bfc3e8bc6b Port StringToList to Torque
Bug: v8:8996
Change-Id: I264781f35b7b98cd7c34fc39b9c2451ea6c58ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1606544
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61498}
2019-05-14 22:30:41 +00:00
Z Duong Nguyen-Huu
2dd0db19ba Reland of Port Proxy SetProperty trap builtin to Torque
Reverted CL is in https://chromium-review.googlesource.com/c/v8/v8/+/1585269
This includes fix for ThrowTypeErrorIfStrict and add regression test.

Spec: https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-set-p-v-receiver
Bug: v8:6664, v8:9234
Change-Id: I785df3f12f619e2e0fe7b011b72043758e4083e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1604071
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61497}
2019-05-14 18:06:46 +00:00
Maciej Goszczycki
92337f242b [tests] Clear ro-heap after ReinitializeStringHashSeed isolate has been disposed
Bug: v8:7464
Change-Id: I522efa3718d04398d2096262a5507b1eb3cfd28a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611546
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61496}
2019-05-14 18:04:07 +00:00
Sigurd Schneider
4d05884e7f [torque] Introduce @abstract annotation for Torque classes
This annotation indicates that the class itself is not instantiated,
and does not have its own instance type: The instance types that
logically belong to the class are the instance types of the derived
classes.

Currently, we need the indication @dirtyInstantiatedAbstractClass
for several classes that are used as both, abstract base classes
and concrete classes. The prime example is JSObject which is the
base for many other classes, and also serves as the class to allocate
plain JSObjects. The annotation is purposefully ugly because in the
future we should refactor code to make it unnecessary.

Another annotation we introduce is @hasSameInstanceTypeAsParent,
which indicates another design pattern that currently occurs in the
code-base: Some Torque classes have the same instance types as their
parent class, but rename some fields, or possibly have a different map.
In such cases, the parent class is not abstract and the derived classes
can be seen as refinements of this class (that, for example, narrows the
type of a field). In the future, Torque should accomodate this pattern
better, but at moment we are content with just indicating where it is
used.

Bug: v8:7793
Change-Id: I1892dcc7325250df75d80308bf3d767d6d43bcc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607761
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61495}
2019-05-14 16:58:53 +00:00
Yang Guo
617b990fa6 Add OWNERS file for samples/
R=mathias@chromium.org

BUG: v8:9247
Change-Id: I6dd7f2c80e2345038550051c634ce7338edade0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611680
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61494}
2019-05-14 16:55:03 +00:00
Richard Townsend
b0a2a56753 fix: remove some unnecessary V8_EXPORT_PRIVATE annotations
When building in debug mode for Windows on Arm, Clang reports the
following error without this patch:

  error: attribute 'dllexport' cannot be applied to member of
  'dllexport' class.

Change-Id: Ib3b12fce7daa368f9464b080ac7a7bce1ddd5370
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611799
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Richard Townsend <richard.townsend@arm.com>
Cr-Commit-Position: refs/heads/master@{#61493}
2019-05-14 16:51:53 +00:00
Ben L. Titzer
7cba46adee [tools] Import gdbinit from Chromium
This CL imports some gdbinit magic from Chromium's tools. This fixes
gdb warnings about differences between psymtab and symtab.

R=bmeurer@chromium.org
CC=leszeks@chromium.org

Change-Id: I06e67c17e03b803c516ab59aeb6c17435b81d6d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611540
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61492}
2019-05-14 16:39:08 +00:00
Sigurd Schneider
bdff71b648 [torque] Add helpers for C++ code generation
Change-Id: I75a4a2af4bbe9d495d583b13fb6d885d8509c2b8
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611797
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61491}
2019-05-14 15:02:54 +00:00
Sigurd Schneider
f6f31d154e [torque] Rename ...from-dsl... to ...tq...
This CL introduces the new suffix '-tq' for Torque generated files,
and replaces the infix 'FromDSL' in type names with a prefix
'TorqueGenerated'.

Change-Id: I1e90460cc0c666da6cf5017e8b3cb7c39c6ac668
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609798
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61490}
2019-05-14 14:49:23 +00:00
Maciej Goszczycki
8dc7f24913 Reland "[heap] Skip read-only space in Heap::Contains"
This is a reland of 2b24cd035a

Original change's description:
> [heap] Skip read-only space in Heap::Contains
> 
> Bug: v8:7464
> Change-Id: I27e82cdf0f8cc56ff68dcfaecab9644fe74916c7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559861
> Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61350}

Bug: v8:7464
Change-Id: Ic5a9221f62537c1711c70b48fc0069288bfda80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601509
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61489}
2019-05-14 14:06:23 +00:00
Benedikt Meurer
d2ea316f2a [map] Properly share the map for builtin iterator result objects.
Previously we had a special, unshared map on the native context that was
used for results of builtin iterators, which was different from the map
that is created from an object literal like `{value, done}`. This not
only leads to unnecessary polymorphism, but also makes it impossible
for user defined iterators to take the fast-paths that we have in
various places (i.e. in collections or promises).

With this change we now properly share the map for `{value, done}` and
use that for the builtin iterator result objects, as well as the
fast-paths.

Drive-by-fix: Remove the restrictions on map caching and transition
caching during bootstrapping. This no longer makes sense.

Bug: v8:9114, v8:9243
Change-Id: I19eb9071f7ec0ed58f8a6f87eed781bc790174b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609794
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61488}
2019-05-14 14:02:29 +00:00
Igor Sheludko
f7602bb832 [heap][ptr-compr] Optimize range write barrier
... by combining generational and marking write barriers in one loop.

Bug: v8:7703
Change-Id: I825d530040d3f39143dd2d051dc5a9916e2f2997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611541
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61487}
2019-05-14 14:01:22 +00:00
Simon Zünd
a41aaf78e1 [torque-ls] List macros and builtins as document symbols
This CL adds support for macros, builtins, generics and specializations
for the "textDocument/symbol" request. To filter out implicitly
created specializations, the "is_user_defined" flag is hoisted from
Macro to the Declarable super class. As a side-effect, errors thrown
during specialization now have the correct SourcePosition.

Drive-by-change: Using "Goto Definition" on the identifier of the
specialization will jump to the associated generic.

Bug: v8:8880
Change-Id: I0c60571c58107375c1b5d2a8e620cf12a0f0f3fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609795
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61486}
2019-05-14 13:47:27 +00:00
Benedikt Meurer
f0234f75af [typedarray] Change JSTypedArray::length field to uintptr_t.
This is a mostly mechanical change that updates the JSTypedArray::length
field to have uintptr_t storage. It doesn't change the allowed ranges
for this field yet, that will be done separately later on.

Bug: v8:4153, v8:7881
Change-Id: Ia4b6f5455bd97b82a4b980d77bda0b09cfa845f5
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607647
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61485}
2019-05-14 13:40:22 +00:00
Benedikt Meurer
f0e054c2c6 [constant-tracking] Disable delete optimization for constant fields.
When using the fast-properties optimization for `delete` with constant
fields we don't properly invalidate the constness on the original map
and might thereby just follow the same transition again later with the
same object, effectively violating the constness of that field. This
disables the fast-properties optimization for `delete` in case of a
field marked as "const" as a quick-fix. We might still want to change
the logic to properly invalidate the "const" bit later.

Bug: chromium:962588, v8:9233
Change-Id: I1d0a8649d117731a0cd5ebdb4b6d0b22a900f33d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609796
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61484}
2019-05-14 13:36:37 +00:00
Tobias Tebbi
ec2c299c42 [torque] check runtime function signatures properly
The missing check that runtime function parameters have to be tagged
lead to a bug: https://chromium-review.googlesource.com/c/v8/v8/+/1604071

drive-by-fix: Remove obsolete verbose mode. It hasn't been maintained
since the very early Torque versions, and the remaining printf's are
rather useless.

Bug: v8:7793
Change-Id: I59adf4c6c5d92a8838cdc638afb2ab7a41550b55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609910
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61483}
2019-05-14 13:35:32 +00:00
Tobias Tebbi
4329354ae8 Reland "[turbofan] re-wire Unreachable to the graph end at EffectPhi's"
This is a reland of 2c0b1f6e9d

This fixes two bugs:
- Unreachable might have value uses even after being connected
to Throw, so the solution is to just not replace them with the Dead node
anymore.
- We didn't trigger initial visitation of the new Throw node.
  Re-visiting the changed End node takes care of this.


Original change's description:
> [turbofan] re-wire Unreachable to the graph end at EffectPhi's
>
> This avoids the EffectControlLinearizer stumbling upon unreachable
> code.
>
> Bug: chromium:958718
> Change-Id: I135c17813741e48e878a4624370eee1e06081031
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605737
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61434}

Bug: chromium:958718 chromium:962475 chromium:962474
Change-Id: I388a59912e6260a221cccc76102e0c4b00bff93e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609791
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61482}
2019-05-14 13:17:11 +00:00
Mythri A
c9a83486f3 [ic] Fix GenericKeyedLoadIC to correctly handle when receiver is null
When receiver is null or undefined we should not look into key. Calling
ToName on key is observable. This cl fixes the GenericKeyedLoadIC to
miss into runtime when the receiver is null or undefined.

Bug: v8:8394
Change-Id: Iaed07cd1b77b63e550284108777e165141af57a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605948
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61481}
2019-05-14 13:07:21 +00:00
Andreas Haas
a1a7be4d90 [wasm] Allow ref.func to initialize globals
Bug: v8:7581
Change-Id: I7ec9a7dbfb57cd6b5d985a7dc664ca3c0965969c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1605726
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61480}
2019-05-14 13:05:21 +00:00
Sigurd Schneider
cd574c152d [torque] Remove objects.h include from class-verifiers
and replace it with forward declarations of all occuring classes.

R=tebbi@chromium.org

Bug: v8:7793
Change-Id: I337b069ef10d52e7e42332c977284b4d2ae8fafb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609836
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61479}
2019-05-14 12:43:41 +00:00
Clemens Hammacher
758a668b18 [arm][simulator] Fix tests build
test-sampler-api.cc calls {Simulator::get_pc} and
{Simulator::get_register}, hence these methods need to be exported.

R=ahaas@chromium.org

Change-Id: I5ba48d877f7101d1e8527c8138fa2e930ba686ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611678
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61478}
2019-05-14 12:08:45 +00:00
Clemens Hammacher
077c897c92 [wasm][arm] Cleanup LTO bug avoidance
We landed two mitigations for the bug, and crash data shows that it is
indeed fixed. It is still not clear whether this is a compiler bug,
wrong use of inline assembly, or LTO. The original fix to move the call
to {FlushInstructionCache} should not be needed any more though.
This CL thus reverts https://crrev.com/c/1571619 and uses V8_NOINLINE
instead of the noinline attribute.
If this reintroduces any crashes, please revert. We are far enough away
from the branch to detect this on canary without too much trouble.

R=jkummerow@chromium.org

Bug: chromium:952759
Change-Id: I76f9850d8d6a8af0926b88e961f89df41b662ae7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611677
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61477}
2019-05-14 11:59:02 +00:00
Igor Sheludko
c57e8f1434 [heap] Refactor elements write barrier to range write barrier
... in order to make it optimizable for enabled pointer compression.

Bug: v8:9183
Change-Id: I8b92e48cc43dcc823eefb5a8a4a29de7a8ba0e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609545
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61476}
2019-05-14 11:54:12 +00:00
Jakob Kummerow
d0e889b07d [bigint] Fix toJSON function lookup
When looking up toJSON function presence on the BigInt prototype,
we must pass the original primitive value as the receiver to any
getter calls. Thanks to the magic of the LookupIterator, this is
actually easier than the alternative.

Bug: v8:9048
Change-Id: I72e144dbfa2862df479fd4deee40acd5dd468243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611538
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61475}
2019-05-14 11:53:07 +00:00
Z Duong Nguyen-Huu
ea575e8283 Optimize array.indexOf, array.includes builtins for frozen, sealed objects
Introduce FastJSArrayForRead to include sealed, frozen elements kind objects and apply for related builtins

In micro-benchmark, it shows ~10x improvement.
Before:
ArrayIndexOf
ArrayIndexOf-Numbers(Score): 0.0780
ArrayIncludes
ArrayIncludes-Numbers(Score): 0.0773
After:
ArrayIndexOf
ArrayIndexOf-Numbers(Score): 0.621
ArrayIncludes
ArrayIncludes-Numbers(Score): 0.608


Bug: v8:6831
Change-Id: Ic79c0ba7e85c40625ecb42faed16816fa066b1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1604322
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61474}
2019-05-14 11:52:03 +00:00
Santiago Aboy Solanes
23834cbdfd [ptr-compr][Turbofan] Adding the DecompressionElimination AdvancedReducer
After introducing explicit compress and decompress nodes for each load
and store we are left with many nodes that are redundant.

This CL aims to eliminate redundant decompressions and compressions in the
"direct decompression & compression" category.

Also added tests to test the new reducer.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I93e024d13af34d484086b7983f379265d16ac154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1602702
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61473}
2019-05-14 11:32:22 +00:00
Georg Schmid
37ab663ae5 Improve SameValue folding in TypedOptimization to ignore renames
R=jarin@google.com, tebbi@google.com

Change-Id: I23b92df275ce294d62c906a0b94dcb9b15f6be39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609803
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61472}
2019-05-14 11:29:42 +00:00
Joey Gouly
eb04aaab26 [arm64] Use PokePair when preparing arguments
v8_Default_embedded_blob_size from the generated file gen/embedded.S
Before: 4984544
 After: 4979200

This gives a 0.1% size decrease to the embedded builtins.

Change-Id: Ie21c4360bd520380c779fc417185a1e4049c60ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601253
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61471}
2019-05-14 10:24:34 +00:00
Mike Stanton
e347e266ea [ptr-compr] Fix macro assembler test for CFI failure
Use the GeneratedCode construct in the EmbeddedObj test to ensure
clang with cfi support is happy.

Bug: v8:7703
Change-Id: Ib80add62127049ee5a763c6a4320add11682395d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1611537
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61470}
2019-05-14 10:07:45 +00:00
Sigurd Schneider
41897941c9 [torque] Remove LookupType(std::string&)
Change-Id: Idaa8776eea68fd264785c06355842daa6bfa30e0
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585849
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61469}
2019-05-14 09:35:53 +00:00
Georg Neis
9b81e4a8d7 [turbofan] Pass CallFrequency by reference to work around GCC bug
This work-around got lost in the recent refactorings.

Bug: v8:8193
Change-Id: I81d22e0702666d1d8ef954cd3d074e22c89378cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609806
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#61468}
2019-05-14 08:55:21 +00:00
Peter Marshall
ae26b34e20 [cpu-profiler] Fix script attribution for cross-script inlining
Previously we would attribute some frames of inline stacks to the wrong
line number.

For inlined frames, the source position table contains the line number
of the most-inlined frame (innermost). It's quite possible that this
function is within another script though, in which case the line number
will be wrong. Fix that here by taking the script from the
InliningStack, rather than assuming it is the same script as the
original code entry.

Bug: v8:7203, chromium:953309
Change-Id: Ia8795dbdd97d2f24f4bc685565d1e3a94e6067b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1403114
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61467}
2019-05-14 08:25:05 +00:00
Anna Henningsen
c8aa71dcb3 [api] Strengthen GC second pass callback API guarantees
Previously, processing second pass callbacks could have been called
recursively, and depending on the source of the GC, either with the
ability to call into JS or not.

Make the behaviour consistent by a) no iterating over the second pass
callback list when we are already doing so and b) explicitly allowing
JS execution.

Refs: https://github.com/nodejs/node/issues/27577
Change-Id: Ia13f775b323df4e49e28429ca88cf7d3a77883e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1607762
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61466}
2019-05-14 08:15:35 +00:00
Benedikt Meurer
bd17f12a4b [ic] Disallow growing stores with TypedArrays in the prototype chain.
For keyed stores to JSArrays we can generally allow the receiver to grow
to the necessary size by bumping the magical length property. This works
for regular Arrays, but not in the case the prototype chain contains a
TypedArray, as that is going to swallow all stores that are considered
out-of-bounds for it.

We don't wanna deal with that kind of complexity in the IC handlers, so
we just refuse to handle that case (also giving TurboFan the signal that
it shouldn't attempt to handle growing stores in that case).

Bug: chromium:960134, chromium:961709
Change-Id: Ia886de590c32ae51ed4ebe38fc237ed975a635aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609790
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61465}
2019-05-14 07:43:05 +00:00
Benedikt Meurer
4ef714a619 [dataview] Introduce JSDataView::data_pointer field.
This is a preparation for doing a similar change to JSTypedArrays to
be able to finally access huge ArrayBuffers with TypedArrays. This CL
itself improves the performance of DataViews, sometimes to be even
faster than TypedArrays now. On the test case[1] we go from

  testDataViewGetUint8: 711 ms.
  testUint8Array: 654 ms.
  testDataViewGetUint16: 801 ms.
  testUint16Array: 649 ms.
  testDataViewGetInt32: 699 ms.
  testInt32Array: 648 ms.
  testDataViewGetFloat64: 701 ms.
  testFloat64Array: 650 ms.

to

  testDataViewGetUint8: 622 ms.
  testUint8Array: 656 ms.
  testDataViewGetUint16: 634 ms.
  testUint16Array: 656 ms.
  testDataViewGetInt32: 629 ms.
  testInt32Array: 655 ms.
  testDataViewGetFloat64: 631 ms.
  testFloat64Array: 661 ms.

so the performance improves by up to **20%**.

[1] https://github.com/bmeurer/js-micro-benchmarks/blob/master/bench-dataview.js

Tbr: ulan@chromium.org
Bug: chromium:225811, v8:4153, v8:8383
Change-Id: Ie4409e2fe96e5085ddcf5eb3f24f3cacfb3afe02
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1601144
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61464}
2019-05-14 06:22:15 +00:00