Commit Graph

45898 Commits

Author SHA1 Message Date
Georg Neis
8076b28012 Revert "[ic] EmitElementStore: don't miss when hitting new space limit."
This reverts commit af677f29b1.

Reason for revert: Clusterfuzz found an issue.

Original change's description:
> [ic] EmitElementStore: don't miss when hitting new space limit.
> 
> CSA::EmitElementStore used to bail out (IC miss) via
> CSA::CheckForCapacityGrow when the capacity hits the new space
> limit, causing the store IC to go megamorphic in my example (see
> referenced bug). With this CL, we do what TF'ed code does already:
> call into Runtime::kGrowArrayElements (in this situation), thus
> staying monomorphic.
> 
> Here's a contrived test case:
> 
> ////////////////////////
> let x = [];
> 
> function bar() {
>   for (let i = 0; i < 50000; ++i) x[i] = i;
> }
> 
> function foo() {
>   for (let i = x.length; i < 100e6; ++i) x[i] = i;
> }
> 
> bar();
> foo();
> ////////////////////////
> 
> This took about 4s on my machine, now it takes 3s.
> 
> Bug: v8:7447
> Change-Id: I7f268fc55835f363d250613ce0357444a663051c
> Reviewed-on: https://chromium-review.googlesource.com/918723
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51297}

TBR=neis@chromium.org,bmeurer@chromium.org

Change-Id: I34eef5919cbdef1b35512aa98ac2de0ae5fcc7cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7447
Reviewed-on: https://chromium-review.googlesource.com/921121
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51306}
2018-02-15 09:30:39 +00:00
Andreas Haas
0ee594ddfc [wasm][api] Remove the WasmModuleObjectBuilder
The WasmModuleObjectBuilder was the first interface for streaming
compilation of WebAssembly. Over time we realized that the interface
is insufficient, and we introduced the WasmModuleObjectBuilderStreaming
class, which is used now for streaming compilation. Since the
WasmModuleObjectBuilder was never fully functional, I think it is okay
to remove it without a deprecation period.

R=clemensh@chromium.org, adamk@chromium.org

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia3ac5f150fdad7bc1ad04ba89aee53538d43ce01
Reviewed-on: https://chromium-review.googlesource.com/913614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51305}
2018-02-15 09:24:28 +00:00
Marja Hölttä
841763bea0 [parser] Skipping inner funcs: Fix variable name debug mode check.
Apparently it can happen that the variable to which we're restoring to has a
two-byte name corresponding to the one-byte name we expect. Modify the debug-mode
name check to allow this.

BUG=v8:7428

Change-Id: I94c56a4b2de3c58b50246fecaead332b0f9679b4
Reviewed-on: https://chromium-review.googlesource.com/911801
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51304}
2018-02-15 08:16:38 +00:00
v8-autoroll
7402841e2a Update V8 DEPS.
Rolling v8/build: 39738e7..89fa02a

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I1e1b8d8fa430e7ecc4ce6fe57de64ff7442245c2
Reviewed-on: https://chromium-review.googlesource.com/920706
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51303}
2018-02-15 05:01:28 +00:00
Michael Achenbach
76e8ff2c25 Whitespace change to trigger bots
Change-Id: Idb8fd2593f65a74f4f8fd71129f9780bfb08219a
Reviewed-on: https://chromium-review.googlesource.com/920650
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51302}
2018-02-15 02:46:20 +00:00
Michael Achenbach
09c27dae61 Whitespace change to trigger bots
TBR=easterbunny

Change-Id: Iac8be5eb68c99ad953960b4776181c4ba305d3b8
Reviewed-on: https://chromium-review.googlesource.com/920767
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51301}
2018-02-15 01:30:31 +00:00
Sergiy Byelozyorov
78835fdc53 Trigger v8_linux64_perf_try on swarming
R=machenbach@chromium.org
NOTRY=true

Bug: chromium:616879
Change-Id: Ie732c5432cc0b69a28b4e356d9cead5855d00a7c
Reviewed-on: https://chromium-review.googlesource.com/915361
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51300}
2018-02-15 01:09:34 +00:00
Michael Achenbach
d9c1dee446 [test] Skip test for endurance fuzzer
TBR=cbruni@chromium.org
NOTRY=true

Bug: v8:7438
Change-Id: Ibfd56a095a302782876b57e01325fadd2657d574
Reviewed-on: https://chromium-review.googlesource.com/919007
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51299}
2018-02-15 00:30:34 +00:00
Michael Achenbach
73991f944e Whitespace change to trigger bots
TBR=easterbunny

Change-Id: I9b2ada2fe81319c0344a8b5d416a82d5fa64af17
Reviewed-on: https://chromium-review.googlesource.com/919684
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51298}
2018-02-15 00:27:44 +00:00
Georg Neis
af677f29b1 [ic] EmitElementStore: don't miss when hitting new space limit.
CSA::EmitElementStore used to bail out (IC miss) via
CSA::CheckForCapacityGrow when the capacity hits the new space
limit, causing the store IC to go megamorphic in my example (see
referenced bug). With this CL, we do what TF'ed code does already:
call into Runtime::kGrowArrayElements (in this situation), thus
staying monomorphic.

Here's a contrived test case:

////////////////////////
let x = [];

function bar() {
  for (let i = 0; i < 50000; ++i) x[i] = i;
}

function foo() {
  for (let i = x.length; i < 100e6; ++i) x[i] = i;
}

bar();
foo();
////////////////////////

This took about 4s on my machine, now it takes 3s.

Bug: v8:7447
Change-Id: I7f268fc55835f363d250613ce0357444a663051c
Reviewed-on: https://chromium-review.googlesource.com/918723
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51297}
2018-02-14 19:47:33 +00:00
Jakob Kummerow
bedff08691 [bigint] Implement BigInt.prototype.toLocaleString
It does the same as .toString, which is "permissible but not encouraged"
per the spec and matches our behavior for Number.prototype.toString.

Bug: v8:6791
Change-Id: I25a565391abe0d055b8ef814214ecdad254f75e2
Reviewed-on: https://chromium-review.googlesource.com/917025
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51296}
2018-02-14 19:12:33 +00:00
Camillo Bruni
1827b521fb [errors] Encapsulate error message in stack allocated objects
This CL introduces the FailureMessage and StackTraceFailureMessage objects.
They are force to be stack allocated and their first and last member contain
marker values. With the help of these markers we can easily extract the stored
information in external tools such as grokdump and crash.

Change-Id: Iec4f5195eec5a2bf08e1f674c9ced13d2345f030
Reviewed-on: https://chromium-review.googlesource.com/915067
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51295}
2018-02-14 19:11:03 +00:00
Predrag Rudic
4b1451480d [Liftoff]MIPS[64]: Fix RunWasmLiftoff_Int32Clz test failing
Change-Id: I2590121275b83cc564c5e9041e25eb94f4cd5839
Reviewed-on: https://chromium-review.googlesource.com/918722
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51294}
2018-02-14 16:19:45 +00:00
Tobias Tebbi
3df2b3ade0 [test] make test runner less passive-aggressive
Change-Id: I31d5dddd74aa8b1bcd386a13fe34449dd6933547
Reviewed-on: https://chromium-review.googlesource.com/919163
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51293}
2018-02-14 15:49:25 +00:00
Junliang Yan
50151a1ef2 [disassembler] Set proper constant pool to relocinfo
set constant_pool_ to proper value before trying to print it

Change-Id: Iee0da126dd3641f40c1d1847e7f1ef5d6e3e58fd
Reviewed-on: https://chromium-review.googlesource.com/916890
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51292}
2018-02-14 14:53:46 +00:00
Michael Starzinger
a56d6169f7 [compiler] Remove obsolete {CompilationInfo::mode}.
This makes compilation mode predicates delegate to the underlying code
kind that is already stored in each {CompilationInfo}, thereby removing
potential ambiguity between these two values.

R=mvstanton@chromium.org

Change-Id: I9f4d1bb723074488cc47bdc275984b1abc960069
Reviewed-on: https://chromium-review.googlesource.com/916195
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51291}
2018-02-14 14:36:04 +00:00
Andreas Haas
97a2654633 [wasm] Update spec tests
I fixed some spec tests since the last update, so we can turn them on
again. The problem was in the spec test itself and not in V8.

R=titzer@chromium.org

Change-Id: Id2755138293d22d49e0393b884df797a1134b6f9
Reviewed-on: https://chromium-review.googlesource.com/919041
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51290}
2018-02-14 14:17:44 +00:00
Tobias Tebbi
5c5a6214e7 [turbofan] address nits for "[turbofan] Masking/poisoning in codegen (optimized code, x64)"
https://chromium-review.googlesource.com/c/v8/v8/+/901625 was committed without the nits addressed. This addresses the outstanding comments.

Change-Id: Ibefca64ddcfddf1d6c4138647434af331c18a801
Reviewed-on: https://chromium-review.googlesource.com/918762
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51289}
2018-02-14 12:35:30 +00:00
Choongwoo Han
972f5d4b9d [typedarray] Port TA.p.filter to CSA
- Remove JS implementation of TA.p.filter
- Reimplement TA.p.filter as CSA
- This CL makes TA.p.filter 3x faster in microbenchmark
- Fix a spec bug: throw if buffer is detached while executing callback

Bug: v8:5929
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2e14b6001d354ca6659cf65fff4ead2942ddc9ff
Reviewed-on: https://chromium-review.googlesource.com/912989
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51288}
2018-02-14 12:20:09 +00:00
Michael Starzinger
e53807fb80 [assembler] Removed dead {JSCallerSavedCode} and friends.
R=bmeurer@chromium.org

Change-Id: I99013e446635aa4555cf03ebb201a65434542f35
Reviewed-on: https://chromium-review.googlesource.com/918661
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51287}
2018-02-14 11:43:04 +00:00
Ulan Degenbaev
bba08b3314 [heap] Add description parameter to RootVisitor methods.
The description will be used to annotate roots in the heap snapshot.

Bug: chromium:811842
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ic5c9a89d1921cabddb06783f08ba63740e72820d
Reviewed-on: https://chromium-review.googlesource.com/916564
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51286}
2018-02-14 10:17:34 +00:00
Michael Starzinger
e16e6ceee2 [compiler] Remove obsolete {CompilationInfo::parameter_count}.
R=bmeurer@chromium.org

Change-Id: If92f245852183c85772f25a2e48893a5cfc59dc8
Reviewed-on: https://chromium-review.googlesource.com/916282
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51285}
2018-02-14 10:16:29 +00:00
Predrag Rudic
a9493cf493 [wasm] Big endian support for simd lowering for I32x4AddHoriz
Change-Id: Idad7f62ca0dcec5ceec33e8d517f05351cacc012
Reviewed-on: https://chromium-review.googlesource.com/915064
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51284}
2018-02-14 09:26:18 +00:00
Camillo Bruni
2ead8034bd [tools] Add loader to heap stats visualizer
- Add busy loader loop
- Drop type attributes as per suggestion
- Hide details view until loading data
- Move instruction below details section

Bug: v8:7266
Change-Id: If37699243e935a4918a4a7f7968553c2ba490c67
No-try: true
Reviewed-on: https://chromium-review.googlesource.com/916006
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51283}
2018-02-14 08:31:10 +00:00
Camillo Bruni
e0fd42770c [tools] Add Isolate model to heap stats visualizer
- Display details in isolate selection dropdown
- Sort isolates by peak live heap memory

Bug: v8:7266
Change-Id: I01dd6cced4a5febd8e58cc4b7e2bb337c30f0812
No-try: true
Reviewed-on: https://chromium-review.googlesource.com/916062
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51282}
2018-02-14 08:22:51 +00:00
v8-autoroll
7a51f1fa9c Update V8 DEPS.
Rolling v8/build: 1ae61ca..39738e7

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Id1cd19d308a3faf0067073ffc7ea7144ab429eca
Reviewed-on: https://chromium-review.googlesource.com/918161
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51281}
2018-02-14 05:00:40 +00:00
Adam Klein
53338cbef5 Revert "[parser] Remove pretenuring of closures assigned to properties"
This reverts commit 20e346bd08.

Reason for revert: tanks bluebird-doxbee

Original change's description:
> [parser] Remove pretenuring of closures assigned to properties
> 
> This pretenuring was added in https://codereview.chromium.org/5220007,
> back when it was necessary in order to allow use of the closure
> as a "constant function" property. This should no longer be the case,
> and the pretenuring causes some unfortunate downstream effects.
> 
> This patch removes the parser's setting of this bit. If it doesn't
> cause regressions on the perf bots, followup CLs will remove the
> rest of the support for this feature.
> 
> Bug: v8:7442
> Change-Id: I27c43dd4293ce5de921be6c78571e712778d138a
> Reviewed-on: https://chromium-review.googlesource.com/914610
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51254}

Change-Id: I3e133046a4df64792a6652227d419239c628dbfb
Tbr: gsathya@chromium.org
Bug: v8:7442
Reviewed-on: https://chromium-review.googlesource.com/917701
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51280}
2018-02-14 02:09:30 +00:00
Junliang Yan
5095d00323 PPC/s390: Skip regress/regress-crbug-808192
Change-Id: I7f89980ff9f6b17a7cc2513f18368642b70a5673
Reviewed-on: https://chromium-review.googlesource.com/917213
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51279}
2018-02-14 00:17:30 +00:00
Junliang Yan
66ff72a772 Reland "PPC/s390: [turbofan] Masking/poisoning in codegen (optimized code, x64)"
This is a reland of cee362afdb.

Original change's description:
> PPC/s390: [turbofan] Masking/poisoning in codegen (optimized code, x64)
> 
> Port 8f489e73b2
> 
> Original Commit Message:
> 
>     This introduces masking of loads with speculation bit during code generation.
>     At the moment, this is done only for x64 optimized code, under the
>     --branch-load-poisoning flag.
> 
>     Overview of changes:
>     - new register configuration configuration with one register reserved for
>       the speculation poison/mask (kSpeculationPoisonRegister).
>     - in codegen, we introduce an update to the poison register at the starts
>       of all successors of branches (and deopts) that are marked as safety
>       branches (deopts).
>     - in memory optimizer, we lower all field and element loads to PoisonedLoads.
>     - poisoned loads are then masked in codegen with the poison register.
>       * only integer loads are masked at the moment.
> 
> R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
> 
> Change-Id: I7decc16bbadf87a8c8b178278eb79a9b783f79e1
> Reviewed-on: https://chromium-review.googlesource.com/916744
> Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#51275}

Change-Id: Id22416487b05bef06c4cfdae35811a22f21cd0a0
Reviewed-on: https://chromium-review.googlesource.com/916865
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51278}
2018-02-13 20:32:47 +00:00
Camillo Bruni
52b3b491a5 [errors] Use FATAL macro where possible
FATAL(...) avoid creating literal strings for line number in release
mode.

Bug: v8:7310
Change-Id: I6a3e329adce36b0efcc240068f6a241d1cca4b6f
Reviewed-on: https://chromium-review.googlesource.com/915066
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51277}
2018-02-13 20:02:58 +00:00
Junliang Yan
4513ee2eca Revert "PPC/s390: [turbofan] Masking/poisoning in codegen (optimized code, x64)"
This reverts commit cee362afdb.

Reason for revert: forget to upload latest version

Original change's description:
> PPC/s390: [turbofan] Masking/poisoning in codegen (optimized code, x64)
> 
> Port 8f489e73b2
> 
> Original Commit Message:
> 
>     This introduces masking of loads with speculation bit during code generation.
>     At the moment, this is done only for x64 optimized code, under the
>     --branch-load-poisoning flag.
> 
>     Overview of changes:
>     - new register configuration configuration with one register reserved for
>       the speculation poison/mask (kSpeculationPoisonRegister).
>     - in codegen, we introduce an update to the poison register at the starts
>       of all successors of branches (and deopts) that are marked as safety
>       branches (deopts).
>     - in memory optimizer, we lower all field and element loads to PoisonedLoads.
>     - poisoned loads are then masked in codegen with the poison register.
>       * only integer loads are masked at the moment.
> 
> R=​mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
> 
> Change-Id: I7decc16bbadf87a8c8b178278eb79a9b783f79e1
> Reviewed-on: https://chromium-review.googlesource.com/916744
> Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#51275}

TBR=mvstanton@chromium.org,michael_dawson@ca.ibm.com,jyan@ca.ibm.com,joransiu@ca.ibm.com

Change-Id: I7e56cdcd99b3c6004803b4502ec1054e89c1e212
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/916864
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51276}
2018-02-13 19:52:28 +00:00
Junliang Yan
cee362afdb PPC/s390: [turbofan] Masking/poisoning in codegen (optimized code, x64)
Port 8f489e73b2

Original Commit Message:

    This introduces masking of loads with speculation bit during code generation.
    At the moment, this is done only for x64 optimized code, under the
    --branch-load-poisoning flag.

    Overview of changes:
    - new register configuration configuration with one register reserved for
      the speculation poison/mask (kSpeculationPoisonRegister).
    - in codegen, we introduce an update to the poison register at the starts
      of all successors of branches (and deopts) that are marked as safety
      branches (deopts).
    - in memory optimizer, we lower all field and element loads to PoisonedLoads.
    - poisoned loads are then masked in codegen with the poison register.
      * only integer loads are masked at the moment.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I7decc16bbadf87a8c8b178278eb79a9b783f79e1
Reviewed-on: https://chromium-review.googlesource.com/916744
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51275}
2018-02-13 19:41:28 +00:00
Andreas Haas
1e9504ba9e [heap] Make setting use_tasks_ explicit
At the moment the flag is set too late, it is possible that the GC still
tries to post tasks in Isolate::Deinit when the isolate is already
disconnected from the platform, see the referenced bug.

R=ulan@chromium.org

Bug: chromium:810739
Change-Id: Ibcd226cb44cc903f2a46e7cccf682b3938c9d408
Reviewed-on: https://chromium-review.googlesource.com/915942
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51274}
2018-02-13 17:32:15 +00:00
Junliang Yan
abac06aa3e PPC/s390: [Ignition] [TurboFan] Generate speculation poison in code generator.
Port a021b6c42d

Original Commit Message:

    Moves generation of speculation poison to be based on the PC target vs the
    actual PC being executed. The speculation poison is generated in the prologue
    of the generated code if CompilationInfo::kGenerateSpeculationPoison is set.
    The result is stored in a known register, which can then be read using the
    SpeculationPoison machine node.

    Currently we need to ensure the SpeculationPoison node is scheduled right after
    the code prologue so that the poison register doesn't get clobbered. This is
    currently not verified, however it's only use is in RawMachineAssembler where
    it is manually scheduled early.

    The Ignition bytecode handlers are updated to use this speculation poison
    rather than one generated by comparing the target bytecode.

R=rmcilroy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=chromium:798964
LOG=N

Change-Id: I4b9a1b0865b6164171cf83f0e45c36c69ac08a18
Reviewed-on: https://chromium-review.googlesource.com/914848
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51273}
2018-02-13 17:31:10 +00:00
Mike Stanton
8f489e73b2 [turbofan] Masking/poisoning in codegen (optimized code, x64)
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only for x64 optimized code, under the
--branch-load-poisoning flag.

Overview of changes:
- new register configuration configuration with one register reserved for
  the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
  of all successors of branches (and deopts) that are marked as safety
  branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
  * only integer loads are masked at the moment.

Bug: chromium:798964
Change-Id: Ie51fdbde578fc289dff029794f3cfe8eaf33e1ef
Reviewed-on: https://chromium-review.googlesource.com/901625
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51272}
2018-02-13 15:19:17 +00:00
Michael Starzinger
c74af694b7 [assembler] Fix compilation for non-simulator builds.
R=mvstanton@chromium.org

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I6175fd4c4e2999667ba04c89df5cd3f2b380ae0a
Reviewed-on: https://chromium-review.googlesource.com/916263
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51271}
2018-02-13 14:43:17 +00:00
Michael Starzinger
5586ecfc68 [turbofan] Better checking of code start register.
This decouples the checking of the {kJavaScriptCallCodeStartRegister}
from the deoptimization checks. We now rely more heavily on the above
register and should check its validity more broadly. Note that there
also is a bug fix for the ARM port contained in this change.

R=mvstanton@chromium.org

Change-Id: I27d8b72cb2b36a85dae4bbbf35e4dbcf150eac01
Reviewed-on: https://chromium-review.googlesource.com/916242
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51270}
2018-02-13 14:14:47 +00:00
Michael Starzinger
a740255899 [assembler] Make {RelocInfo} independent of the Isolate.
Now that instruction cache flushing is process-wide and no longer bound
to a specific {Isolate}, we can also make setters on the {RelocInfo}
structure equally independent of the {Isolate} and remove the respective
parameter everywhere.

R=ahaas@chromium.org

Change-Id: I7b21f6f79d0d6cf73424019b9e808c3ec76de08e
Reviewed-on: https://chromium-review.googlesource.com/915922
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51269}
2018-02-13 14:13:43 +00:00
sreten.kovacevic
1e89fed0b7 [Liftoff] Refactor conditional instructions
Change prototypes of conditional jump and set instructions,
change their implementation accordingly and port these instructions
to MIPS.

Bug: v8:6600
Change-Id: I8e2c9c874f2fde9a1c1b5a34eaa9e72475e69bc5
Reviewed-on: https://chromium-review.googlesource.com/913252
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51268}
2018-02-13 13:12:43 +00:00
Peter Marshall
5bc393606f [promise] Construct promises through API in C++, rather than CSA.
We don't need to pay the cost of going to JS to simply stamp out a
new object.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I8942771ff9c19dff1908243fd6d3bd701d3fb5a3
Reviewed-on: https://chromium-review.googlesource.com/897803
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51267}
2018-02-13 12:54:13 +00:00
Michael Starzinger
fc04f8ce43 [assembler] Remove dead {kNoCodeAgeSequenceLength} constant.
R=clemensh@chromium.org

Change-Id: Ife4b31e5484314e3e9d51344c446fae4952bbbbf
Reviewed-on: https://chromium-review.googlesource.com/913616
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51266}
2018-02-13 10:12:43 +00:00
Sigurd Schneider
bb282636cf Reland "[cleanup] Harden the SubString CSA/Runtime implementations."
This is a reland of 6d5b54df82e27a82811a836dcdbbfe26829f0e6d
Original change's description:
> [cleanup] Harden the SubString CSA/Runtime implementations.
>
> Remove the self-healing for invalid parameters in the
> CodeStubAssembler::SubString helper and the %SubString runtime function,
> which is used as a fallback for the CodeStubAssembler implementation.
> All call sites must do appropriate parameter validation anyways now that
> the self-hosted JavaScript builtins using these helpers are gone, and we
> have proper contracts with the uses.
>
> Also remove the context parameter from the CodeStubAssembler::SubString
> method, which is unnecessary, since this can no longer throw an
> exception.
>
> Bug: v8:5269, v8:6936, v8:7109, v8:7137
> Change-Id: I19d93bad5f41faa0561c4561a48f78fcba99a549
> Reviewed-on: https://chromium-review.googlesource.com/795720
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49702}

Bug: v8:5269, v8:6936, v8:7109, v8:7137
Change-Id: I5e84998a2dd3990d7981505b401ffc770e0b7ac5
Reviewed-on: https://chromium-review.googlesource.com/913130
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51265}
2018-02-13 09:07:35 +00:00
Georg Neis
58807a6f1f [ic] Remove impossible cases from FeedbackNexus::ConfigureUninitialized().
Change-Id: I835e6c7b5520b5ab5ad796e25a197e5b43cb9e58
Reviewed-on: https://chromium-review.googlesource.com/913569
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51264}
2018-02-13 09:02:15 +00:00
Clemens Hammacher
b61b715c18 [Liftoff] Add f64 support
This CL adds support for f64.const, f64.add, f64.sub and f64.mul.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I7374ede800db83303c8fa647a183fdda53a151cd
Reviewed-on: https://chromium-review.googlesource.com/913613
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51263}
2018-02-13 07:59:02 +00:00
v8-autoroll
da4f911953 Update V8 DEPS.
Rolling v8/build: 792040c..1ae61ca

Rolling v8/buildtools: 2637e7e..a09e064

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c60b98d..e7298f3

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I267b24e59799c9e18735851336d7787252dc59e2
Reviewed-on: https://chromium-review.googlesource.com/915702
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51262}
2018-02-13 05:40:38 +00:00
Benedikt Meurer
1f8dcc5d2e [builtins] Optimize PromiseResolveThenableJob for the common case.
The idea here is that in case the `thenable` is a JSPromise and `then`
is the initial `Promise.prototype.then` method, and the @@species lookup
chain is intact, we can skip creating the temporary promise and the
closures (with the shared context), and instead directly call into our
PerformPromiseThen. This is sound since - given above mentioned
conditions - our short-cut

  PerformPromiseThen(thenable, undefined, undefined, promise_to_resolve)

is not observably different from the actual

  resolve, reject = CreateResolvingFunctions(promise_to_resolve)
  result_capability = NewPromiseCapability(%Promise%)
  PerformPromiseThen(thenable, resolve, reject, result_capability)

except through PromiseHooks (and potentially via the async stack
traces). So we disable the fast-path if either promise hooks are enabled
or the debugger is active for now.

This improves the performance on the wikipedia benchmark by 20-25% and
the bluebird-doxbee benchmark by around 20%.

Bug: v8:7253
Change-Id: I23c92ad365c2b71d65057573f2d8febe2afe00b0
Reviewed-on: https://chromium-review.googlesource.com/911800
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51261}
2018-02-13 05:36:39 +00:00
Benedikt Meurer
c041296189 [builtins] Refactor the promise resolution and rejection logic.
This introduces dedicated builtins

  - FulfillPromise,
  - RejectPromise, and
  - ResolvePromise,

which perform the corresponding operations from the language
specification, and removes the redundant entry points and the
excessive inlining of these operations into other builtins. We
also add the same logic on the C++ side, so that we don't need
to go into JavaScript land when resolving/rejecting from the
API.

The C++ side has a complete implementation, including full support
for the debugger and the current PromiseHook machinery. This is to
avoid constantly crossing the boundary for those cases, and to also
simplify the CSA side (and soon the TurboFan side), where we only
do the fast-path and bail out to the runtime for the general handling.

On top of this we introduce %_RejectPromise and %_ResolvePromise,
which are entry points used by the bytecode and parser desugarings
for async functions, and also used by the V8 Extras API. Thanks to
this we can uniformly optimize these in TurboFan, where we have
corresponding operators JSRejectPromise and JSResolvePromise, which
currently just call into the builtins, but middle-term can be further
optimized, i.e. to skip the "then" lookup for JSResolvePromise when
we know something about the resolution.

In TurboFan we can also already inline the default PromiseCapability
[[Reject]] and [[Resolve]] functions, although this is not as effective
as it can be right now, until we have inlining support for the Promise
constructor (being worked on by petermarshall@ right now) and/or SFI
based CALL_IC feedback.

Overall this change is meant as a refactoring without significant
performance impact anywhere; it seems to improve performance of
simple async functions a bit, but otherwise is neutral.

Bug: v8:7253
Change-Id: Id0b979f9b2843560e38cd8df4b02627dad4b6d8c
Reviewed-on: https://chromium-review.googlesource.com/911632
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51260}
2018-02-13 04:18:12 +00:00
Sergiy Byelozyorov
0795537250 Add Peter as an owner of the JSTests benchmark
This information is useful to know whom to assign bugs to when these tests are
crashing on our infrastructure.

R=petermarshall@chromium.org

No-Try: true
Change-Id: Ia165e0236602cae73e144011537d642e3535fa6b
Reviewed-on: https://chromium-review.googlesource.com/908563
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51259}
2018-02-13 02:49:25 +00:00
Sergiy Byelozyorov
5e006978c9 Whitespace CL
R=sergiyb@google.com

No-Try: true
Bug: chromium:616879
Change-Id: If52f419c7447c88313526fceed10e7dd2e89b10c
Reviewed-on: https://chromium-review.googlesource.com/913948
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51258}
2018-02-13 01:06:39 +00:00
Sergiy Byelozyorov
d8dc1fc5c9 Correct try bucket name for internal V8 bots on swarming
TBR=machenbach@chromium.org

No-Try: true
Bug: chromium:616879
Change-Id: I49d3f12216cdc2d26761e8f82fef18512d8eb6fd
Reviewed-on: https://chromium-review.googlesource.com/915141
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51257}
2018-02-13 00:25:18 +00:00