Commit Graph

56331 Commits

Author SHA1 Message Date
Andreas Haas
9155ea6196 [wasm] Allow table.fill of size 0 at position table.length
This CL fixes an issue where V8 does not satisfy the WebAssembly spec of
the anyref proposal.

The table.fill instruction has 3 parameters, {start_index}, {length},
and {value}. V8 trapped with table-out-of-bounds when
{start_index >= table_size}. However, the spec requires that
{start_index == table_size} is valid when {length == 0}.

R=mstarzinger@chromium.org

Bug: v8:7581
Change-Id: I5f83a03fb8e349b48c887535f6f065492feb9ac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609537
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61689}
2019-05-21 12:46:08 +00:00
Peter Marshall
5cba781036 [cleanup] Remove WasDetached() helper in elements.cc
This is not needed as this is already a method on all ArrayBufferViews
and there is only one caller which actually uses the cast.

Bug: v8:9183
Change-Id: Ic45b40bf433c870bc8cb0121c24755fd03ce405b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1622106
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61688}
2019-05-21 12:37:48 +00:00
Clemens Hammacher
426bba708e [wasm] Fix names of struct members
In contrast to (private) class fields, struct fields are public and
accessed directly, and do not end in an underscore.
This CL fixes naming in struct fields in the recently introduces
{CompilationUnitQueues} class.

R=ahaas@chromium.org

Bug: v8:9183
Change-Id: I87d80650dc4a1c58cf8067ebb4ecfadf929545ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621936
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61687}
2019-05-21 12:36:28 +00:00
Clemens Hammacher
2aa0f934cc Remove FixedArray::GetValue
The semantics of that method are not obvious (it returns an empty
MaybeHandle if the element is undefined, otherwise it assumes it is of
type T). Since there is only a single use of that method in the whole
code base, just having that logic there explicitly is much simpler.

Potential future uses of that method are probably also easier to
understand if they just to the checks explicitly.

Drive-by: Document semantics of {FixedArray::GetValueChecked}. Also for
this method it's quesionable whether it is useful overall.
Drive-by^2: Avoid else after return (see style guide).

R=mstarzinger@chromium.org

Bug: v8:9183
Change-Id: I88dcb0f080d728bbe55932f17cf4d7eb25ab5928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619761
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61686}
2019-05-21 11:20:21 +00:00
Yang Guo
786ce26341 Move sanitizer-related files
TBR=hpayer@chromium.org
NOPRESUBMIT=true

Bug: v8:9247
Change-Id: I3d49c1c748fe5109523d4cd122ba925f20cfc60b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619755
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61685}
2019-05-21 11:13:41 +00:00
Andreas Haas
9a858df67a [wasm][test] Do not add table in addElementSegment
This is just for convenience, and actually surprising behavior.

R=clemensh@chromium.org

Bug: v8:9183
Change-Id: I3316856e63b97bfb06da897c6f8b716bc988aa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621932
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61684}
2019-05-21 11:05:18 +00:00
Simon Zünd
193a261775 Reland "[stack-trace] Include API functions in Error.stack stack trace"
This is a reland of 3dd5661204

The reland introduces a new flag "--experimental-stack-trace-frames".
The flag is disabled by default, but enabled for relevant tests.
The flag stays disabled by default until API frames are eagerly
symbolized to prevent leaks in blink web tests.

Original change's description:
> [stack-trace] Include API functions in Error.stack stack trace
>
> This CL extends Error.stack to include frames of functions declared
> with the C++ FunctionTemplate API. For example, "print" in d8.
>
> Two changes are necessary:
>   - HandleApiCall and friends need to go through an BUILTIN_EXIT frame
>     instead of an EXIT frame. The existing stack-trace machinery will
>     then pick up FunctionTemplate frames without additional changes.
>   - Turbofan doesn't go through HandleApiCall, but instead uses an
>     ASM builtin to enter FunctionTemplate functions. A "marker"
>     frame state is needed to include these frames in the stack trace.
>
> Note: This CL only includes these frames in Error.stack,
> but not (yet) in the stack-trace API (v8.h).
>
> Bug: v8:8742,v8:6802
> Change-Id: Ic0631af883cf56e0d0122a2e0c54e36fed324d91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609835
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61602}

Bug: v8:8742, v8:6802
Change-Id: I1d3b79cdf0b2edcbaeff1ec15e10deeca725f017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621925
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61683}
2019-05-21 10:40:30 +00:00
Yang Guo
a6eeea35cb Move code generation related files to src/codegen
Bug: v8:9247

TBR=bmeurer@chromium.org,neis@chromium.org
NOPRESUBMIT=true

Change-Id: Ia1e49d1aac09c4ff9e05d58fab9d08dd71198878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621931
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61682}
2019-05-21 10:33:39 +00:00
Andreas Haas
0e89afaa63 [wasm][test] Get rid of the imported parameter in addElementSegments
This parameter was just for convenience but did not end up in the
generated bytes.

R=clemensh@chromium.org

Bug: v8:9183
Change-Id: Id4faf5b9ad20a357c069c3189db6ed14945dea8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621929
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61681}
2019-05-21 10:03:55 +00:00
Toon Verwaest
84841783e8 [json] Speed up two-byte json substring internalization
Inputs to JSON can be two-byte because payload strings can contain two-byte
characters, without actually having any one-byte property key. Rather than
eagerly converting the string to one-byte, we can perform a string-table lookup
with a two-byte string key; only converting the result to one-byte if it's a
new key.

This speeds up json parsing of two-byte json from the Youtube benchmark by 20%.

Change-Id: If6d4a37d331724f48b008aef8ec3e28d366cd038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619866
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61680}
2019-05-21 09:50:38 +00:00
Sigurd Schneider
eca505afcf [factory] Fully initialize StackFrameInfo for GC verifier safety
Factory::NewStackFrameInfo was leaving fields with the default
initialization to 'undefined' for fields marked as Smi type in base.tq.
Our heap verifier dutifully found and reported the discrepancy. This CL
initializes all fields of the struct to values compatible with the Torque
specification. In the future, this should probably be done automatically.

Change-Id: I30c2e2830300d9d84af663384dd7e0283ec39b77
Bug: chromium:965042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621928
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61679}
2019-05-21 09:09:47 +00:00
Yang Guo
925f98b655 Remove unused snapshot_toolchain.gni
It has previously been moved to gni/

R=machenbach@chromium.org

Change-Id: If838616d28b9eaaea2bff0496a1ad2535845f420
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621926
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61678}
2019-05-21 07:26:44 +00:00
Simon Zünd
bd9a71c96b [cleanup] Remove unused IsTypedArray runtime function
This CL also removes the corresponding intrinsic lowering of
IsTypedArray in TurboFan and Ignition.

Drive-by: Remove unused ArrayBufferViewWasDetached runtime function.

Bug: v8:9183
Change-Id: I2767b22fbdfb679cba30b9fbc555c8d41c7f4345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617930
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61677}
2019-05-21 07:25:39 +00:00
Yang Guo
be014256ad Move string-related files to src/strings
Bug: v8:9247
Change-Id: I9bcf2694b449f79cdbe03f5fde59cb21b8cad418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619758
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61676}
2019-05-21 07:17:48 +00:00
Yang Guo
93d3b7173f Move JSON files to src/json
R=verwaest@chromium.org

Bug: v8:9247
Change-Id: I747c13cc8517858872c85fc93d0e95af4968e1b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617934
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61675}
2019-05-21 06:32:29 +00:00
v8-ci-autoroll-builder
e534271e81 Update V8 DEPS.
Rolling v8/build: eaddee0..12e7bf6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4d85003..5655d8f

Rolling v8/third_party/depot_tools: cf6269b..5716400

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ib0164d126269ca0974252536b9556ceae731e247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1621488
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#61674}
2019-05-21 03:43:02 +00:00
Suraj Sharma
73be7554d7 [torque] Derive TemplateObjectDescription directly from Struct.
Bug: v8:8952
Change-Id: I36ee0d6793a4a9715360c155636f6e19db2119bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1616015
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61673}
2019-05-20 23:46:24 +00:00
Tobias Tebbi
0dc9b63ed3 [torque] explicit exports of macros to CSA
Macros are now inaccessible from CSA except if their declaration is
marked with the "export" keyword. The implicit field accessors for class
fields are always exported.

In this CL, unwarranted access from CSA is prevented by appending a
pseudo-random suffix to non-exported names. This is to be replaced by
something more principled, namely by not including these macros at all in
the headers included from CSA.

Bug: v8:7793
Change-Id: I3ffb2e91a616623f81b4b4508e001ad0cf65d2c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615258
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61672}
2019-05-20 22:53:35 +00:00
Suraj Sharma
42fee61a97 Reland "[torque] Convert few class layout to torque."
This is a reland of b9bfd006f6

Original change's description:
> [torque] Convert few class layout to torque and updated torque code formatter.
>
> 1. Converted Module, JSModuleNameSpace, JSCollator, JSV8BreakIterator,
>       TemplateList,
>       JSStrictArgumentsObject to torque.
> 2. Updated torque code formatter to now handle multi-line
>             declarations correctly.
>
> Bug: v8:8952
> Change-Id: I97846b1bc0d2cba5d7a68468fc263423b1b55d19
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1536988
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#61624}

Removed the Torque code Formatter update from this CL

Bug: v8:8952
Change-Id: I01e88ac36acd7ba18791bec609e5ae737672c731
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619146
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61671}
2019-05-20 21:40:14 +00:00
Z Duong Nguyen-Huu
8cbb60f30c Elements kind should not change after dictionary elements kind.
When reconfigure data field (e.g. change representation), it was allowed to transition from dictionary elements kind to sealed elements kind. With this change, this transition is forbidden.

Bug: chromium:963346
Change-Id: I6c9a5f6f269bc5ee4cd6176ff5e8d803f08dba1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613840
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61670}
2019-05-20 21:31:24 +00:00
Z Duong Nguyen-Huu
9ccad33c97 Optimize spread call for sealed, frozen objects
Also add mjsunit test for spread call with non-extensible objects

Micro-benchmark JSTests/ObjectFreeze shows ~7x improvement

Before:
SpreadCall
SpreadCall-Numbers(Score): 239

After:
SpreadCall
SpreadCall-Numbers(Score): 1461

Bug: v8:6831
Change-Id: Icefd89ad790ac159b7f0617d0a012eefd90d3b1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1614296
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61669}
2019-05-20 20:36:32 +00:00
Hannes Payer
3bebee412f [heap] Increment MarkCompact epoch right after marking.
Bug: v8:9093
Change-Id: I69aa3edddf5ea52e1cca185fa03f51122cdf02c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617937
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61668}
2019-05-20 19:02:51 +00:00
Pierre Langlois
990084bafc [tracing] Emit heap statistics at every GC.
When the 'disabled-by-default-v8.gc' category is enabled, emit an instant event
with heap statistics after every GC. The data that's emitted is the same as what
the V8 API gives you with `GetHeapStatistics()` and `GetHeapSpaceStatistics()`.

We generate JSON with the following format:

```
{
 "isolate": "0x55dd5cf03b50",
 "id": 1,
 "time_ms": 42.619,

 "total_heap_size": 3981312,
 "total_heap_size_executable": 573440,
 "total_physical_size": 2820440,
 "total_available_size": 2195254440,

 "used_heap_size": 1799616,
 "heap_size_limit": 2197815296,
 "malloced_memory": 251024,
 "external_memory": 2981,
 "peak_malloced_memory": 589280,

 "spaces": [
   {
     "name": "read_only_space",
     "size": 262144,
     "used_size": 32568,
     "available_size": 229256,
     "physical_size": 32888
   },
   {
     "name": "new_space",
     "size": 2097152,
     "used_size": 903392,
     "available_size": 143904,
     "physical_size": 1856136
   },
   ...
 ]
}
```

Bug: v8:9186
Change-Id: I0d07aa37b65d45778d6b47dbe6e07a9dd25d1097
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619763
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#61667}
2019-05-20 17:56:19 +00:00
Jaroslav Sevcik
5504068f49 Revert "[cleanup] Remove the now-unused deopt_count from feedback vector."
This reverts commit ad1fcd4343.

Reason for revert: Breaks waterfall.

Original change's description:
> [cleanup] Remove the now-unused deopt_count from feedback vector.
> 
> Bug: v8:9183
> Change-Id: Iceeccc8ab1e4e77b428e7e2feec39bff3317f241
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617675
> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61665}

TBR=mstarzinger@chromium.org,jarin@chromium.org

Change-Id: Iea0e6a329f55a3a941f0b976925b2abdf7eece38
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9183
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619867
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61666}
2019-05-20 17:29:54 +00:00
Jaroslav Sevcik
ad1fcd4343 [cleanup] Remove the now-unused deopt_count from feedback vector.
Bug: v8:9183
Change-Id: Iceeccc8ab1e4e77b428e7e2feec39bff3317f241
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617675
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61665}
2019-05-20 15:48:33 +00:00
Sigurd Schneider
d300350fcd Reland "Enable alignment checks when reading object fields"
This is a reland of 5ce68669be

TBR=ishell@chromium.org

Original change's description:
> Enable alignment checks when reading object fields
>
> Drive-by: Fix alignment bugs caused by DCHECKS.
>
> Bug: v8:9264
>
> Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61643}

Bug: v8:9264
Change-Id: Ice9b819cc29eec0c341f16ef35fad4867f5df85b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619754
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61664}
2019-05-20 15:26:06 +00:00
Dan Elphick
36634adcf8 [cpu-profiler] Force detailed source positions for Inlining2
This test needs detailed source positions which aren't available with
lazy source positions enabled so force them to always be present.

Bug: v8:8510
Change-Id: I1faf3d5614742b4181facc18eaf1d73d6a5712d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617677
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61663}
2019-05-20 14:57:56 +00:00
Peter Marshall
76f8519953 [tracing] Use ChromeTracePacket to save binary size with perfetto
Previously, compiling with perfetto would add 2.3 MiB to the d8 release
binary. With this change it's 472 KiB.

This is because trace:lite pulls in many more compiled proto classes
than we need, e.g. a bunch of stuff under ftrace/ which is only used
on Android.

Chrome uses a 'mirror proto' ChromeTrackPacket to only provide
compiled protos for the types of packets it will actually see, which on
non-android devices does not include anything under ftrace/.

We use the same trick here in the JSON consumer.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Iae1f74eec3bd93b18e9f069701fc016440d3ce5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619759
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61662}
2019-05-20 14:32:07 +00:00
Maciej Goszczycki
8d695a44a2 [snapshot][roheap] Abstract away read-only object cache storage
The read_only_object_cache call cannot return a vector when it is backed
by the embedded heap, so this adds a few methods to abstract this away.

ExtendReadOnlyObjectCache will eventually have a check to reject adding
objects to the embedded read-only object cache.

Prior to this change the read-only object cache would only be extended
conditionally if needed. Since it started out empty it was always
extended, so this removes this logic.

Bug: v8:7464
Change-Id: I5b172f629ac48be5cbb8f78b03a0a213ebd570e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619745
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61661}
2019-05-20 14:26:46 +00:00
Clemens Hammacher
e6bef62ce1 [wasm] Add message tests for streaming API
This adds two more message tests to test compile errors in
WebAssembly.compileStreaming and WebAssembly.instantiateStreaming.

R=mstarzinger@chromium.org

Bug: v8:9266
Change-Id: I34d1df4ce0fb02e14f3e5011569c8ba1d1374658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619746
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61660}
2019-05-20 14:16:56 +00:00
Michael Starzinger
92ef97d57c [wasm] Add argument checking to {WebAssembly.Function}.
This adds proper loading and parsing of the arguments that are being
passed to the {WebAssembly.Function} constructor function, including
tests covering most of the negative cases.

R=jkummerow@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: Id4d67789604ee72aec5ad831004a01434c1c6d6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619748
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61659}
2019-05-20 14:11:06 +00:00
Andreas Haas
2ca2f37073 [wasm][asan][windows] Reset thread-in-wasm flag in memory_fill_wrapper
ASAN on Windows uses exceptions to manage its shadow memory. However,
this behavior can conflict with WebAssembly trap handler, because
WebAssembly trap handler are executed before the ASAN exception handler.

For some WebAssembly instructions we do not generate assembly code but
call to C functions instead. Since these functions are very simple, we
do not want to reset the thread-in-wasm flag before calling them.
However, when these functions trigger the ASAN exceptions, the
thread-in-wasm flag gets out-of-sync. This happened for the
memory_fill_wrapper function. Originally we thought that it's sufficient
to just mark the function with DISABLE_ASAN. However, this is not enough
because clang compiles the function to use memset, and memset gets
replaced by ASAN with asan_memset.

Therefore I decided now that just for sanitizer builds on Windows, we
reset the thread-in-wasm flag in memory_fill_wrapper. This is not ideal
because it's test-specific code within production code. However, the
alternatives also don't sound convincing.

Alternatives would be:
* Resetting the thread-in-wasm flag whenever we call a c-function
  - This would be unnecessary performance overhead for production code
    just to make a test work.
* Configure ASAN to not change memset.
  - This would weaken ASAN also for other cases.
* Disable ASAN for trap handlers, or trap handlers in ASAN builds.
  - This would reduce test coverage.

R=binji@chromium.org

Bug: chromium:957405
Change-Id: Ibd13c6fe7b898238f636db576552e3e4b278c04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617671
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61658}
2019-05-20 14:09:15 +00:00
Benedikt Meurer
437d710fc5 [map] Move Map::IsInRetainedMapListBit out of Map::bit_field2.
The invariant is that Map::bit_field2 shouldn't change, and the
IsInRetainedMapListBit apparently changes when the map is held
weakly from optimized code. This causes TurboFan compilations to
change the Map::Hash() result, which in turn causes lookups on
the normalized map cache to miss (and maybe other bad consequences).

With this change we swap Map::IsInRetainedMapListBit (previously in
bit_field2) and Map::HasHiddenPrototypeBit (previously in bit_field3)
to address this problem.

Bug: chromium:963411, v8:9114, v8:9267
Change-Id: I040a27c37305fa602649750bd93bee40c91fca78
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619747
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61657}
2019-05-20 14:01:46 +00:00
Toon Verwaest
2f8a7538ce Revert "[test] Skip debugger tests failing with JSON parsing"
This reverts commit 0607f8aeb2.

Reason for revert: We should be able to reenable those tests now.

Original change's description:
> [test] Skip debugger tests failing with JSON parsing
> 
> NOTRY=true
> 
> Bug: v8:9257
> Change-Id: I4713fd90c2a8b544def09d7305fe84d789ed60c4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1613250
> Auto-Submit: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61543}

TBR=verwaest@chromium.org,mslekova@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9257
Change-Id: Ieb28de987b0bfc7b408d3fe9bfe1f0a50c9db0c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617932
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61656}
2019-05-20 13:58:05 +00:00
Daniel Bratell
8852d85487 [jumbo] Rename one of the ResolveRenames
Recently* a second ResolveRenames appeared in
typed-optimization.cc. In some extreme (non-default) jumbo
builds that file shared translation unit (and thus anonymous
namespace) with load-elimination.cc which also has a
ResolveRenames which is slightly different.

To avoid that name clash and failed compilation, this
renames ResolveRenames -> ResolveRenamesForOpt.

*) It appeared in
 https://chromium-review.googlesource.com/c/v8/v8/+/1609803

Change-Id: Ia175468a8e978e93e95da1d28f74cee8dce253d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615465
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#61655}
2019-05-20 13:28:00 +00:00
Clemens Hammacher
9a6f52f519 [wasm] Fix error message for async instantiation
This fixes the error message generated for compile errors during
asynchronous instantiation. It shows "WebAssembly.instantiate()" now
instead of "WebAssembly.compile()".

R=mstarzinger@chromium.org

Bug: v8:9266
Change-Id: Ieae478d1c4f6843fbc17e15debb6c49f72059d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617940
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61654}
2019-05-20 13:22:50 +00:00
Clemens Hammacher
617b7266bf [wasm] Add message test for compilation failure
This adds three message tests to test the message stack trace we show
for
- synchronous compilation,
- asynchronous compilation, and
- asynchronous instantiation.

Note that the message for the asynchronous cases currently contain the
"WebAssembly.Module()" prefix, which will be fixed in a separate CL.

R=mstarzinger@chromium.org

Bug: v8:9266
Change-Id: I370f4211b5f577ea1b5da026a78b292b50c6a339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617938
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61653}
2019-05-20 13:05:40 +00:00
Yang Guo
5bfe84a0da Reland "Move deoptimizer files"
This reverts commit a769552055.

Reason for revert: Was not the culprit.

Original change's description:
> Revert "Move deoptimizer files"
> 
> This reverts commit 61523c45a3.
> 
> Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20396
> 
> Original change's description:
> > Move deoptimizer files
> > 
> > Bug: v8:9247
> > Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667
> > Commit-Queue: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#61648}
> 
> TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org
> 
> Change-Id: Icf258f7bc409ef0c360cfa82029bfc45a41dc75f
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:9247
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619749
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61650}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org

Change-Id: Ic2aa07ccd08b6070222ec7a65b92b7afb9db484c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619753
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61652}
2019-05-20 13:01:13 +00:00
Clemens Hammacher
441ab8192b Revert "Enable alignment checks when reading object fields"
This reverts commit 5ce68669be.

Reason for revert: Fails on win32 debug: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20394

Original change's description:
> Enable alignment checks when reading object fields
> 
> Drive-by: Fix alignment bugs caused by DCHECKS.
> 
> Bug: v8:9264
> 
> Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61643}

TBR=ulan@chromium.org,jkummerow@chromium.org,sigurds@chromium.org,petermarshall@chromium.org,ishell@chromium.org

Change-Id: I0ac73a880f2b7bd718e23e90c0867192def39dbb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619750
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61651}
2019-05-20 12:54:02 +00:00
Yang Guo
a769552055 Revert "Move deoptimizer files"
This reverts commit 61523c45a3.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/20396

Original change's description:
> Move deoptimizer files
> 
> Bug: v8:9247
> Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61648}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,bmeurer@chromium.org

Change-Id: Icf258f7bc409ef0c360cfa82029bfc45a41dc75f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1619749
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61650}
2019-05-20 12:50:42 +00:00
Joey Gouly
456e5687a7 [arm64] Avoid padding poke when unnecessary
This also fixes a bug in 'InitializeCallBuffer', where it wouldn't claim enough
slots for each parameter. This caused the Simd128 instruction selector test to
only claim 3 slots (rather than 4) and then perform an unnecessary padding poke.

v8_Default_embedded_blob_size from the generated file gen/embedded.S
  Before: 4957056
   After: 4954368

This gives a 0.05% size decrease.

Change-Id: Ic9bb998fb8a9111fb90e1c3e537ea0f2a5fa7b33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617665
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61649}
2019-05-20 12:35:48 +00:00
Yang Guo
61523c45a3 Move deoptimizer files
Bug: v8:9247
Change-Id: I6287907edb8a36225bfa9fe864305ea59c20dd8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617667
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61648}
2019-05-20 11:33:07 +00:00
Santiago Aboy Solanes
6a7fd05df3 [ptr-compr][Turbofan] Reducing the comparison of two decompresses
Added the comparison of two decompresses to the DecompressionElimination
AdvancedReducer. Note that it works in the case that lhs is equal to rhs.

Also added tests for its implementation.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I21676a78b592859692768c3499ea11117d3bb5a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1609793
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61647}
2019-05-20 10:12:57 +00:00
Santiago Aboy Solanes
823ad57637 [ptr-compr] Decompress when doing map and equality checks
Fixes the crash stated in the chromium bug.

We weren't decompressing before CheckMap which resulted in a crash.
Implemented the same for CompareMap.

Bug: chromium:963917
Change-Id: I1dcaf6845758c7266bbc7d9ecc9e43cf8d6b639a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617252
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61646}
2019-05-20 10:02:22 +00:00
Santiago Aboy Solanes
9850002401 [ptr-compr][cleanup] Removing AccessBuilder::ForCompressedMap
Now that we introduced the Compressed representation, we can simply use
AccessBuilder::ForMap. AccessBuilder::ForCompressedMap was introduced
as a placeholder previously.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I15b559c27641e6a673862c86be176e259835308e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617664
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61645}
2019-05-20 10:01:17 +00:00
Simon Zünd
9f773b6e8d [cleanup] Remove unused HasComplexElements runtime function
This CL also removes "HasComplexElements" helpers on JSReceiver
and NumberDictionary.

Drive-by: Remove unused SmiLexicographicCompare runtime function.
The C++ funtion is still used, but it is entered using a fast
C call from Array#sort.

Bug: v8:9183
Change-Id: Ibb5d54cca623486806587bc90506af8d97910dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617929
Commit-Queue: Simon Zünd <szuend@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61644}
2019-05-20 09:57:07 +00:00
Sigurd Schneider
5ce68669be Enable alignment checks when reading object fields
Drive-by: Fix alignment bugs caused by DCHECKS.

Bug: v8:9264

Change-Id: I0836b1d08fea2ce11d8f7929e12f303b6ae06efe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617676
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61643}
2019-05-20 09:56:02 +00:00
Yang Guo
bf372a73d8 Reland "Move logging and diagnostics related source files"
TBR=verwaest@chromium.org,rmcilroy@chromium.org
NOTREECHECKS=true
NOPRESUBMIT=true

Bug: v8:9247
Change-Id: I9ddfb6e56ca8e47c4ac186a8df5f442d26420a69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617661
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61642}
2019-05-20 09:54:57 +00:00
Peter Marshall
d5c4d577c4 [tracing] Convert COMPLETE events to BEGIN/END pairs for perfetto
COMPLETE events are being deprecated and don't work well with perfetto
because we can't give out a handle into the buffer like we used to so
that the caller can update the existing event with the duration.

BEGIN/END pairs should be used instead to add two separate trace events
to the buffer which can be associated with one another by the trace
processor e.g. the trace viewer UI.

Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Ib73c19d77ad58456ce23d15f0b658c26f3dc3d53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1615257
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61641}
2019-05-20 09:13:25 +00:00
Peter Marshall
fac30cc62d [benchmarks] Move Array slice benchmarks to js-perf-test
These were leftover in another directory and can be incorporated into
our standard benchmark runner. We already had some Array slice cases
in js-perf-test so just add some of the important cases from the other
directory to the existing implementation.

Bug: v8:9254
Change-Id: I4cc235b8d3719ecd729f23fe9705ea36d445c340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1617258
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61640}
2019-05-20 09:05:52 +00:00