Commit Graph

46391 Commits

Author SHA1 Message Date
Taketoshi Aono
f0946c1b71 Reland proposal-numeric-separator.
Revert "Revert "[parser] Implements proposal-numeric-separator.""

This reverts commit 782f6401ee.

Original CL is https://chromium-review.googlesource.com/c/v8/v8/+/923441

Bug: v8:7317
Change-Id: I6f541c038bad0cff625094ba84aebe582bdeb12f
Reviewed-on: https://chromium-review.googlesource.com/945034
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51749}
2018-03-06 01:25:06 +00:00
Junliang Yan
5d72f1ae6f s390: load zero on r0 instead of xgr
xgr kills condition code on the branch

R=joransiu@ca.ibm.com

Change-Id: I90a75760c96319d8f27512395f904796a114c5e9
Reviewed-on: https://chromium-review.googlesource.com/950135
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51748}
2018-03-06 00:24:46 +00:00
Junliang Yan
7b43e11c9b PPC/s390: Reland [in-place weak refs] Add in-place weak references & migrate one WeakCell to it.
Port 88062a2cbc

Original Commit Message:

    Implement in-place weak reference handling in GC.

    Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
    is the only in-place weak reference at this point).

    (See bug for design doc.)

R=marja@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=v8:7308
LOG=N

Change-Id: I00c6aa7c08524b7769d3428d0c18ce334f35a722
Reviewed-on: https://chromium-review.googlesource.com/949368
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51747}
2018-03-05 23:11:55 +00:00
Jakob Kummerow
2ce122e3f2 [bigint] Fix GC unsafety issue
There must not be both an allocating function call and a handle deref
in the list of arguments to a call. Depending on the evaluation order
that the C++ compiler chooses, the deref could happen before the call
and the resulting raw pointer be invalidated by the GC.

Bug: chromium:818424
Change-Id: I525947252ff9d0b048a5bf82c2976e0acce739be
Reviewed-on: https://chromium-review.googlesource.com/949782
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51746}
2018-03-05 22:26:25 +00:00
Clemens Hammacher
1f0419da93 [Liftoff] Add support for f32.div and f64.div
I initially left them out because I thought they are harder to
implement than the other float binops, but it turns out it is actually
just the same.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: I68b98daf4dfaf4e00d57fc68257fe43977c4ae6a
Reviewed-on: https://chromium-review.googlesource.com/948543
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51745}
2018-03-05 19:32:41 +00:00
Camillo Bruni
3fdf554c05 [printing] Improve Map printing
- Only show ElementsKind for JSObject Maps
- Display non-variable instance-size for non-JSObject Maps

Change-Id: I224b6ca2985f9c51635cc44ab5faa4cb977695ba
Reviewed-on: https://chromium-review.googlesource.com/946489
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51744}
2018-03-05 19:12:21 +00:00
Camillo Bruni
bca7242580 [tools] Improve HeapStats category percentages
- Provide sorted instance type contribution per GC
- Visualize percentages per InstanceType based on the selected GC
- Visualize percentags per category
- Use some more arrow functions
- Introduce helper.js file

Bug: v8:7266
Change-Id: I26099cc64d9545b2de9e4574da2faf52d54ad198
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/949222
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51743}
2018-03-05 18:28:51 +00:00
Adam Klein
7c914dd022 [ast] Slim down FunctionLiteral
This patch moves the has_braces_ bool to the bit_field_, and moves
function_literal_id_ into the freed-up slack space. This saves
4 bytes on 32-bit platforms and 8 bytes on 64-bit.

Change-Id: Ib5ba475915e46494c75019cfc184aafe72f6407f
Reviewed-on: https://chromium-review.googlesource.com/947467
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51742}
2018-03-05 17:52:01 +00:00
Ulan Degenbaev
f7a93fbd99 [heap] Fix MockPlatform in IncrementalMarkingUsingTasks test.
Now the mock platform delays all background tasks and forwards them
to the real platform in its destructor.

This fixes a race that happens when the background tasks calls
TestPlatform::MonotonicallyIncreasingTime() while the mock platform
is being destroyed.

BUG: v8:7494
Change-Id: I659ccc19121144152f447d59ff3c5e7ef1bec6d5
Reviewed-on: https://chromium-review.googlesource.com/949202
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51741}
2018-03-05 17:30:21 +00:00
Clemens Hammacher
23520d938e [wasm][cleanup] Use {Read,Write}UnalignedValue
Minor cleanup: Instead of a cryptic memcpy, just use ReadUnalignedValue
and WriteUnalignedValue.
Also add DCHECKs to these helpers to ensure that they are only used for
trivially copyable types.

R=ahaas@chromium.org

Bug: v8:7310
Change-Id: Id5014a828573f8d13a6c3a5380eae2f377e8f130
Reviewed-on: https://chromium-review.googlesource.com/948544
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51740}
2018-03-05 17:24:31 +00:00
Camillo Bruni
d438101070 [object-stats] Improve FixedArray classification
IsFixedArray is too broad in many cases and should be replaced by
IsFixedArrayExact in the objects stats collection.

Bug: v8:7266
Change-Id: I3d5de8b70dc596a391ffdc2a5b4bdeaa5d437712
Reviewed-on: https://chromium-review.googlesource.com/948502
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51739}
2018-03-05 16:49:31 +00:00
Ross McIlroy
9a97d9756d [Compiler] Remove script_data from BackgroundCompileTask.
This field is dead since https://chromium-review.googlesource.com/c/v8/v8/+/916261, but got
accidentally added back by https://chromium-review.googlesource.com/c/v8/v8/+/919481 due to
a bad merge.

BUG=v8:5203,chromium:817258

Change-Id: Id6f06de84de7dcd4e6d467edf28974912ad33571
Reviewed-on: https://chromium-review.googlesource.com/948849
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51738}
2018-03-05 16:21:31 +00:00
Michael Starzinger
0bb70b8f75 [wasm] Stop using {WCM_PROPERTY_TABLE} outside header.
R=ahaas@chromium.org
BUG=v8:7509

Change-Id: I928d01e8789ed3d2620f24e439f5a70117b06928
Reviewed-on: https://chromium-review.googlesource.com/947951
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51737}
2018-03-05 15:32:21 +00:00
Sigurd Schneider
0d5588dc2c [turbofan] Don't drop arguments in fast-path
Math fast-path cannot drop arguments because their side-effects
must be preserved. For example, Math.imul(x) dropped x entirely,
because if x is convertible to an integer, the result is 0.
This, however, is not OK because converting x to an integer might
throw.

Bug: chromium:818070, v8:7250, v8:7240
Change-Id: I8363e6dcd3fc78c879395aacb636d5782c3b023e
Reviewed-on: https://chromium-review.googlesource.com/948523
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51736}
2018-03-05 15:19:11 +00:00
Sigurd Schneider
a233b08249 [cleanup] Add accessors for operators with handles
Bug: v8:7517, v8:7310
Change-Id: Ic9a1ac8f4a928e1d5d8f807a0875c7314a7777fb
Reviewed-on: https://chromium-review.googlesource.com/946095
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51735}
2018-03-05 15:01:01 +00:00
Michael Starzinger
fd541d2e19 [snapshot] Better typing for WasmCompiledModuleSerializer.
R=jgruber@chromium.org
BUG=v8:7509

Change-Id: If5f7829c4f42e6cb2a8f39d2ddb92a6b024c3506
Reviewed-on: https://chromium-review.googlesource.com/948492
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51734}
2018-03-05 14:46:01 +00:00
Georg Neis
bc72a83192 [csa] Make use of CallBuiltin (rather than CallStub) in more places.
This is a cosmetic change only.

Change-Id: I9a0ea9a23b4fc1490759433153c7d47e492b853d
Reviewed-on: https://chromium-review.googlesource.com/936624
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51733}
2018-03-05 14:34:21 +00:00
Michael Starzinger
fdc556b433 [wasm] Remove dead {num_imported_functions} field.
R=clemensh@chromium.org
BUG=v8:7509

Change-Id: Ia423e60f67d3ffa8d8c2250dc9d4cdff89b91076
Reviewed-on: https://chromium-review.googlesource.com/948487
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51732}
2018-03-05 14:27:41 +00:00
Marja Hölttä
88062a2cbc Reland [in-place weak refs] Add in-place weak references & migrate one WeakCell to it.
Implement in-place weak reference handling in GC.

Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
is the only in-place weak reference at this point).

(See bug for design doc.)

BUG=v8:7308
TBR=yangguo@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I16d65dc768f10ed431252e23a0df07bee9063534
Reviewed-on: https://chromium-review.googlesource.com/948493
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51731}
2018-03-05 14:24:21 +00:00
Michael Starzinger
f6ed92d6de [wasm] Turn {WasmCompiledModule} into a proper {Struct}.
This makes sure that the object can be identified by a unique instance
type and hence is not accidentally confused with other FixedArrays on
the heap.

R=clemensh@chromium.org
BUG=v8:7509

Change-Id: I20521cdcabbbddecd89ca8cd4bb203a47e1db0cd
Reviewed-on: https://chromium-review.googlesource.com/946253
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51730}
2018-03-05 13:44:51 +00:00
Vaclav Brozek
44bed6a85e TF stubs out of ArrayIndexOf and ArrayInclude builtins
ArrayIndexOf is a monolithic builtin which does some checking and then handles
three groups of fast arrays: those with holey doubles, compacted doubles and
SMIs+objects. TF cannot reuse this efficiently, because calling the TFJ
ArrayIndexOf duplicates some checks and also does not allow passing arguments
through registers. Similarly for ArrayInclude.

This CL splits the three different types of fast array handling into a separate
TF stubs, and makes the parent TFJ as well as TurboFan itself use them where
appropriate.

The TODOs not tackled in this CL inculde:
* passing an empty context to spare a register when possible
* inlining the search loop if there is any performance gain to it

(This is the contiunation of http://crrev.com/2757853002, moved due to Rietveld
deprecation.)

BUG=v8:5985

Change-Id: I00c97b71be4892f8bc7e1ed6d72e02087618a9a6
Reviewed-on: https://chromium-review.googlesource.com/573020
Commit-Queue: Vaclav Brozek <vabr@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51729}
2018-03-05 13:37:21 +00:00
Sigurd Schneider
efed5562cd [turbofan] Fix undefined behavior in accessing operator parameters
OpParameter<int32_t> was still used for an operator after the operators
parameter changed from int32_t to a struct. Coincidentally, the first
field of the struct holds the value previously stored in that int32_t,
so correctness tests did not catch this.

Bug: chromium:818611, v8:7517
Change-Id: Ie46f084f7fa8117cd3493fc5ceafac11553dc55e
Reviewed-on: https://chromium-review.googlesource.com/948546
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51728}
2018-03-05 13:35:21 +00:00
jgruber
8020b0dda5 [builtins] Only create constants table if serializing
Since we currently only fill the constants table if we're serializing,
we should only create & finalize the table in that case. Otherwise,
leave it initialized to empty_fixed_array.

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:6666
Change-Id: I6ecbfac9dc9a9dac7ff0f11331be09b1cbfb4c18
Reviewed-on: https://chromium-review.googlesource.com/948490
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51727}
2018-03-05 12:54:01 +00:00
Sigurd Schneider
a74b24913b [cleanup] Add DCHECK to uses of OpParameter<int>
Bug: v8:7517, v8:7310
Change-Id: I438bc933d51062bfbb9a419be9c5b67032707fdb
Reviewed-on: https://chromium-review.googlesource.com/946090
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51726}
2018-03-05 12:37:51 +00:00
Benedikt Meurer
06ee127b75 [es2015] Refactor the JSArrayIterator.
This changes the JSArrayIterator to always have only a single instance
type, instead of the zoo of instance types that we had before, and
which became less useful with the specification update to when "next"
is loaded from the iterator now. This greatly simplifies the baseline
implementation of the array iterator, which now only looks at the
iterated object during %ArrayIteratorPrototype%.next invocations.

In TurboFan we introduce a new JSCreateArrayIterator operator, that
holds the IterationKind and get's the iterated object as input. When
optimizing %ArrayIteratorPrototype%.next in the JSCallReducer, we
check whether the receiver is a JSCreateArrayIterator, and if so,
we try to infer maps for the iterated object from there. If we find
any, we speculatively assume that these won't have changed during
iteration (as we did before with the previous approach), and generate
fast code for both JSArray and JSTypedArray iteration.

Drive-by-fix: Drop the fast_array_iteration protector, it's not
necessary anymore since we have the deoptimization guard bit in
the JSCallReducer now.

This addresses the performance cliff noticed in webpack 4. The minimal
repro on the tracking bug goes from

  console.timeEnd: mono, 124.773000
  console.timeEnd: poly, 670.353000

to

  console.timeEnd: mono, 118.709000
  console.timeEnd: poly, 141.393000

so that's a 4.7x improvement.

Also make presubmit happy by adding the missing #undef's.

Bug: v8:7510, v7:7514
Change-Id: I79a46bfa2cd0f0710e09365ef72519b1bbb667b5
Reviewed-on: https://chromium-review.googlesource.com/946098
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51725}
2018-03-05 11:57:28 +00:00
Clemens Hammacher
2e3df6d916 [Liftoff] Implement f32.sqrt and f64.sqrt
On ia32, support for vsqrtss and vsqrtsd was missing, so I add the
implementation of these instructions and disassembly support.
On x64, disassembly support for vsqrtss was missing, while vsqrtsd was
implemented. Now both are implemented.
The implementation of f32.sqrt and f64.sqrt is very straight-forward on
ia32 and x64, we can immediately emit the {v}sqrtss or {v}sqrtsd
instruction.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Icf3ec05a97a23e94cdf70f4a72f30dd02fbddd13
Reviewed-on: https://chromium-review.googlesource.com/944221
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51724}
2018-03-05 11:39:48 +00:00
Sigurd Schneider
73d6037c20 Revert "[in-place weak refs] Add in-place weak references & migrate one WeakCell to it."
This reverts commit 07c1e641d9.

Reason for revert: Breaks TSAN build.

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/19784

Original change's description:
> [in-place weak refs] Add in-place weak references & migrate one WeakCell to it.
> 
> Implement in-place weak reference handling in GC.
> 
> Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
> is the only in-place weak reference at this point).
> 
> (See bug for design doc.)
> 
> BUG=v8:7308
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I0f9f992cb4ee0457c40b7c868317dfb607bfb906
> Reviewed-on: https://chromium-review.googlesource.com/873638
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51722}

TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,ishell@chromium.org,bmeurer@chromium.org

Change-Id: I75a7dd99fbfd2f5922a6c4d2000bea2adfdeac11
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/948522
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51723}
2018-03-05 11:38:41 +00:00
Marja Hölttä
07c1e641d9 [in-place weak refs] Add in-place weak references & migrate one WeakCell to it.
Implement in-place weak reference handling in GC.

Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
is the only in-place weak reference at this point).

(See bug for design doc.)

BUG=v8:7308

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I0f9f992cb4ee0457c40b7c868317dfb607bfb906
Reviewed-on: https://chromium-review.googlesource.com/873638
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51722}
2018-03-05 11:11:48 +00:00
Georg Neis
cf8cd1c444 [interpreter] Only create spread-related feedback slots when necessary.
Only create spread-related feedback slots when the array literal
actually contains a spread.

Bug: v8:5940
Change-Id: I0afad81d4bf1a86ebc1bf81f1213f680eb22bc49
Reviewed-on: https://chromium-review.googlesource.com/947955
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51721}
2018-03-05 11:01:32 +00:00
Sigurd Schneider
d1df563059 [turbofan] Fix bug in Array.p.reduceRight
Bug: v8:7495
Change-Id: Id929804e0d0f78c17d81d07cd6a5c5e571449d35
Reviewed-on: https://chromium-review.googlesource.com/947974
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51720}
2018-03-05 10:52:32 +00:00
Georg Neis
c895a23a99 [ic] Relax a CHECK.
The CHECK didn't account for the recent introduction of
StoreInArrayLiteralIC.

Bug: v8:5940, chromium:818438
Change-Id: I73b4120eb39b16d766f0b1a9cb82ba44804b09a3
Reviewed-on: https://chromium-review.googlesource.com/947950
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51719}
2018-03-05 10:09:01 +00:00
Sigurd Schneider
388e505a24 [cleanup] Remove OpParameter(Node*) helper
This also introduces FrameStateInfoOf helper.

Bug: v8:7517, v8:7310
Change-Id: If2dd1257fb9384fe957a980077a65154cc014d3b
Reviewed-on: https://chromium-review.googlesource.com/946009
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51718}
2018-03-05 10:05:05 +00:00
jgruber
abcc28ced0 [builtins] Enable embedded builtins and add testing variants
This enables the v8_enable_embedded_builtins gn flag on non-ia32 builds
and adds a new --stress-off-heap-code test mode to fyi bots.

v8_enable_embedded_builtins=true changes accesses to constants and
external references to go through the root list in builtins code.

--stress-off-heap-code copies builtins code off-heap on isolate
creation.

A few drive-by-fixes:
- ensure that we actually inspect the correct builtin during
  isolate-independence testing.
- relax tests to decrease maintenance (now we only fail if a builtin
  should be isolate-independent but isn't).
- switch to a different off-heap-trampoline register on arm due to
  conflicts with custom stub linkages.

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:6666
Change-Id: I09ad3c75cb4342f4c548ea780f275993730896c8
Reviewed-on: https://chromium-review.googlesource.com/934281
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51717}
2018-03-05 09:50:01 +00:00
Jaroslav Sevcik
a4353d1464 [turbofan] Only lower to PoisonedLoads when --branch-load-poisoning is on.
Change-Id: I618e357ea0d00b64dd4d8a54e865bed716a460e8
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/947963
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51716}
2018-03-05 07:33:49 +00:00
Mostyn Bramley-Moore
bd6b04fa6f [jumbo] avoid namespace collisions in wasm atomics tests
Followup to https://chromium-review.googlesource.com/c/v8/v8/+/923718

Bug: v8:6532
Change-Id: I4ed3dd94a59172a54cc5cb70730fdffba4efb383
Reviewed-on: https://chromium-review.googlesource.com/947942
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#51715}
2018-03-03 21:26:24 +00:00
Bill Budge
9568cea8bf [API] Remove ArrayBuffer::Allocator virtual memory methods.
- Removes Reserve, Free (overload) and SetProtection methods.
- Updates comment on enum which we still need to distinguish
  between allocated and reserved ArrayBuffers.

Bug: chromium:799573
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I1b4e08f97c22ae6b6af847fbcdde047be62fecf8
Reviewed-on: https://chromium-review.googlesource.com/924603
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51714}
2018-03-03 12:00:24 +00:00
v8-autoroll
8abd973b46 Update V8 DEPS.
Rolling v8/build: 9ca0348..0fc17e2

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/414af52..406b235

Rolling v8/tools/clang: 44042e5..36f3a71

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: Ibb539a47cdda6165ee6da03df253339be5a87bf5
Reviewed-on: https://chromium-review.googlesource.com/947824
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51713}
2018-03-03 04:59:54 +00:00
Jakob Kummerow
4534e8cc47 [DataView] Throw TypeError when buffer is detached
Per spec, accesses to a DataView object must throw a TypeError if
the underlying ArrayBuffer has been detached/neutered. Since that
implies a length of 0, we used to detect this as an out-of-bounds
access and throw a RangeError. Adding a separate check for buffer
detachedness lets us distinguish both cases properly.

Bug: v8:4895
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I1c1d4145dcd77dfb69f61062e14a6e8e538d45eb
Reviewed-on: https://chromium-review.googlesource.com/947585
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51712}
2018-03-03 01:50:22 +00:00
Jakob Kummerow
62d1f78245 [bigint] Fix throwing in Exponentiate()
When the multiplication steps fail, they have already thrown an
exception internally, so we should not throw another.
The power-of-two fast path erroneously did not throw at all for
a few input values.

Bug: chromium:818277
Change-Id: If90f6aa3e77fc72e3434daca3b898c77739933ab
Reviewed-on: https://chromium-review.googlesource.com/947254
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51711}
2018-03-03 00:59:42 +00:00
Jakob Kummerow
a2629d0365 [test] Update test262.status for BigInts
- Merge new fail expectations that are dupes of existing issues
  into the respective sections.
- Stop skipping tests we can run now.

Bug: v8:6791, v8:7511
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I4e17ff8eb5d2596561a138e34c441b00b761d7d2
Reviewed-on: https://chromium-review.googlesource.com/947321
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51710}
2018-03-03 00:30:42 +00:00
Georg Neis
2e2860f74f [ic] Introduce new IC for storing into array literals.
... and use it in the implementation of array literal spreads,
replacing calls to %AppendElement.

Array spreads in destructuring will be taken care of in a separate CL.

Bug: v8:5940, v8:7446
Change-Id: Idec52398902a7fd3c1244852cf73246f142404f0
Reviewed-on: https://chromium-review.googlesource.com/915364
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51709}
2018-03-02 21:12:57 +00:00
Jakob Kummerow
824358f07b [bigint] Make MSan happy: zero-initialize unused bits
There are some unused bits in a BigInt's bit field. We never read their
their values explicitly, but whenever the entire object is moved around
(for serialization, or GC), this uninitialized memory is accessed. This
patch fixes that by initializing the entire field after allocation of a
BigInt, not just the bits we actually use.

Bug: chromium:818109
Change-Id: I5a4d24c3240242157b902c696fa9bb779799280d
Reviewed-on: https://chromium-review.googlesource.com/946676
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51708}
2018-03-02 20:06:57 +00:00
Mathias Bynens
08e168d0ff [builtins] Refactor the ProxyConstructor builtin
This patch removes the ProxyConstructor_ConstructStub builtin,
merging its functionality into the refactored ProxyConstructor
TurboFan builtin.

This brings us closer to our goal of deprecating the `construct_stub`
field in `SharedFunctionInfo`.

Bug: v8:7503, v8:7518
Change-Id: Iee76ba1a116ba61a543da529ec55149df333dcca
Reviewed-on: https://chromium-review.googlesource.com/946488
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51707}
2018-03-02 19:47:27 +00:00
Georg Neis
97b3a968a5 [ic] Remove pointless macros and obsolete comments.
Change-Id: I8f842187d9a02657474c47f5ea1c3257a7ec9317
Reviewed-on: https://chromium-review.googlesource.com/916143
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51706}
2018-03-02 16:50:54 +00:00
Sigurd Schneider
b124085f37 Reland "[turbofan] Remove obsolete fast-path"
This is a reland of fdbb5bebb4

Original change's description:
> [turbofan] Remove obsolete fast-path
> 
> This is subsumed by an optimization is JSCallReducer now.
> 
> Bug: v8:7340, v8:7250
> Change-Id: I6c706177e410abd57ea24a7ffbbe2437733ed7c7
> Reviewed-on: https://chromium-review.googlesource.com/946088
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51697}

Bug: v8:7340, v8:7250
Change-Id: Ic370c82af78ab8916608f8d774ef1b50d99b894e
Reviewed-on: https://chromium-review.googlesource.com/946010
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51705}
2018-03-02 16:20:13 +00:00
Clemens Hammacher
cdf0c2e801 Account for different interpretations of "trivially copyable"
Unfortunately, different runtime libraries and/or compilers differ on
whether a class without any copy constructor, move constructor, copy
assignment and move assignment operator is considered trivially
copyable.
See discussion on https://crrev.com/c/941521.

This CL adds a comment about this, and deletes a test for this specific
case.

R=mstarzinger@chromium.org
CC=jyan@ca.ibm.com, ivica.bogosavljevic@mips.com

Change-Id: Ie07adda370e5e955b782e72356b50121477d4623
Reviewed-on: https://chromium-review.googlesource.com/944081
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51704}
2018-03-02 15:45:14 +00:00
Gabriel Charette
226da60f4a [v8] Do not do rely on hyper-threads for concurrent marking on Mac.
This should recover https://chromeperf.appspot.com/report?sid=4d751475ba95911f865aed7a822d55dde18304bc0cfd2f8409d1de9fe9695343
and https://arewefastyet.com/#machine=28&view=single&suite=octane&subtest=Splay

It will however regress this:
https://chromeperf.appspot.com/report?sid=020744195cfb20c373344b86b76385ce2919b53796b5c0651ba71c0625e8de19&start_rev=531511&end_rev=540262

R=ulan@chromium.org

Bug: chromium:812178, chromium:816541
Change-Id: Ia367d24b013c3f16d1dc2ae56d4c5ef23342845f
Reviewed-on: https://chromium-review.googlesource.com/946099
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51703}
2018-03-02 15:36:54 +00:00
Benedikt Meurer
956ac923e6 [turbofan] Connect non-returning runtime calls to end.
This changes the BytecodeGraphBuilder to connect runtime calls that
don't return normally, but always throw exceptions, to End (via a Throw
node), instead of inserting Phis on the return values. This unblocks
the new optimization approach for array iteration.

Bug: v8:7510, v8:7514
Change-Id: Ic78216cc27034f191c4850e476f24e598c17deca
Reviewed-on: https://chromium-review.googlesource.com/946250
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51702}
2018-03-02 15:11:33 +00:00
Sigurd Schneider
bc9393000b [cleanup] Fix typo
Bug: v8:7310
Change-Id: I2e3c324babc4e7e51791c44290dffcf8829c15ce
Reviewed-on: https://chromium-review.googlesource.com/946252
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51701}
2018-03-02 14:46:13 +00:00
Hannes Payer
9776e267ef [heap] Don't modify free list entries when peeking into the free list top.
Bug: chromium:774108
Change-Id: I2765b5d48a53a5ef88ba0503dd47c7188ef2518a
Reviewed-on: https://chromium-review.googlesource.com/945789
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51700}
2018-03-02 14:39:03 +00:00