Commit Graph

59620 Commits

Author SHA1 Message Date
Ng Zhi An
ca16eb1d6b [liftoff] Add a regression test for msan failures
This test was generated following instructions in
https://crbug.com/1026680#c4, it seg faults with
https://crrev.com/c/1922489 and passes with the reland
https://crrev.com/c/1925131.

Bug: chromium:1026680
Change-Id: Ia8ef9878c06c50adeaa1a441524b5555b6869f97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930604
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65128}
2019-11-22 22:21:49 +00:00
Mike Stanton
03324e6c03 [TurboFan] Fix bug in FunctionBlueprint::operator==()
FunctionBlueprint holds a SharedFunctionInfo, FeedbackVector and a
Hints object that represents what we know about the Context of
the "function-to-be." Since we occasionally synthesize a
FunctionBlueprint object from a JSFunction (when we have it),
it can happen that sometimes the Context hint is a concrete
Context object, and other times it's a VirtualContext, representing
a context created sometime during the bytecode execution of the
function under optimization. Moreover, both such FunctionBlueprints
can exist in the same run due to the vagaries of CALL_IC feedback
(ie, sometimes you have a JSFunction, other times you don't).

More details in doc:
https://docs.google.com/document/d/1F1FxoDzlaYP5l5T6ZcZacV3LCUp5elcez05KWj-Mp78/edit?usp=sharing

Bug: crbug:1024282
Change-Id: Id4055531333b3dcbdb93afd23d9a226728292e11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926151
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65127}
2019-11-22 21:14:59 +00:00
Zhao Jiazhong
4a9a836833 [mips][wasm-simd] Implement i64x2 shifts
port aafbc13 https://crrev.com/c/1900662

Original Commit Message:

  [wasm-simd] Implement i64x2 shifts for arm

Change-Id: I036610bdcf8e36879cf7a47fbf6e28034345a945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928499
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65126}
2019-11-22 19:34:39 +00:00
Dan Elphick
90c6444292 [counters] Make RuntimeCallStats aware of thread status
RuntimeCallTimerScope can now be called with the optional flag
kThreadSpecific, which chooses the appropriate RuntimeCounterId given
whether the RuntimeCallStats object is for the main isolate thread or a
worker thread.

While this doesn't change any existing timers over to use this flag it
does add checks that in the default case that any thread-specific
counters are the correct one given the thread status.

Bug: v8:10006
Change-Id: Idb545714284bcd2e2fdca991918ddf976dcbdf70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928863
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65125}
2019-11-22 18:45:17 +00:00
Zhao Jiazhong
f6f0646d2d [mips][wasm-simd] Implement i64x2 add sub
port ea06b01 https://crrev.com/c/1925613

Original Commit Message:

  [wasm-simd] Implement i64x2 add sub for arm

  Also some cleanup reordering of instruction codes.

Change-Id: I151668f4125c46b35b08ddd3640341125f6fdbdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928500
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65124}
2019-11-22 18:42:37 +00:00
Zhao Jiazhong
1547b8ffbc [mips64][liftoff] Fix i64 clz, ctz, popcnt, shift with immediate.
The previous implementation incorrectly used instructions for 32-bit
data, this CL fixes it to implement 64-bit operations.

Change-Id: Ib8e5236ea35f3a2c0e37e647ea89aad6a1127425
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928501
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65123}
2019-11-22 18:39:47 +00:00
Z Nguyen-Huu
271bb94a62 [wasm] Support stepping back to Javascript from Wasm
This scenario is where user is at the end of Wasm execution and do
some stepping. Hence, user should be back at Javascript frame. We
can detect that stepping as it exits Wasm Interpreter and prepare
debugging as a step-out-ish in Javascript.

Bug: chromium:823923, chromium:1019606, chromium:1025151
Change-Id: I29022af0d5e5dcf78d87e83193f6e16fec954e87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1912985
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65122}
2019-11-22 17:16:17 +00:00
Ng Zhi An
f7333fd2f1 Mark frozen-array-reduce as slow on arm64
Bug: v8:10007
Change-Id: Ic65bb2846ee21f7ec58ced8b2d3bcf2cbb810da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928622
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65121}
2019-11-22 17:02:40 +00:00
Ulan Degenbaev
3eea45f455 [heap, perfetto] Emit MinorGC/MajorGC trace events for each GC
Currently these events are emitted by Blink in GC prologue/epilogue.
That however does not respect event nesting and breaks with future
perfetto changes. This CL emits the events inside V8 using a scope to
guarantee proper event nesting. The events are same except for the
"type" argument that now gets more detailed information.

The corresponding Blink CL that removes these trace events:
https://chromium-review.googlesource.com/c/chromium/src/+/1929227

Bug: chromium:1026658
Change-Id: Ifbfab647f40f81af7acf315ff4608b9dc9444f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928857
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65120}
2019-11-22 16:59:08 +00:00
Toon Verwaest
93f189f19a [ic] Fix non-GlobalIC store to interceptor on the global object
We possibly need to load the global object from the global proxy as the holder
of the named interceptor.

Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65119}
2019-11-22 16:49:25 +00:00
Joshua Litt
d8cb3b3f33 [promises] Port PerformPromiseThen to torque
Bug: v8:9838
Change-Id: I7597e55744c577bd1a7619110db88e1adb4239a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922488
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65118}
2019-11-22 16:34:25 +00:00
Tobias Tebbi
1a639cf0b4 [torque] use LocationReference for local bindings
This is a first step towards allowing expressions for array sizes.

So far, local variable bindings used a VisitResult and a const flag.
This doesn't allow for local bindings to alias other things, like
heap references. While this is not generally a feature we need,
it will be helpful to create bindings when evaluating array sizes,
since we want to grant access to the preceding already initialized
object fields, but not to the whole object, which is not completely
initialized yet.

LocationReference already captures the notion of any readable and
assignable location, so it is a good fit to be used for local bindings.
The const attribute is no longer needed, since LocationReference already
has a notion of constness for stack ranges (that is,
LocationReference::Temporary vs LocationReference::VariableAccess).

Bug: v8:10004 v8:7793
Change-Id: Ibe0a43e898e5c2c10d6739e2496d92dda542e6cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928852
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65117}
2019-11-22 14:57:05 +00:00
Liviu Rau
292def513e Whitespace
NOTRY=true

Bug: chromium:1018724
Change-Id: If98362a88d3a52840c3189d9c8592d07366d3912
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930555
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65116}
2019-11-22 14:55:25 +00:00
Dan Elphick
1269498fa7 [gcmole] Handlify script in code-serializer.cc
R=mslekova@chromium.org

Bug: v8:9992
Change-Id: I970b919e456257f5776454edceb0bcc1c40eff7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930556
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65115}
2019-11-22 13:54:01 +00:00
Steve Blackburn
8e8fe47505 [heap] Introduce third-party heap interface
This CL adds build flags for pluging in third-party heap implementation.
Additionally it redirects allocation requests when the flags are on.

Bug: v8:9533

Change-Id: I7ef300ca9dc2b5f498a13211611ae4b4b3df8fa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928860
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65114}
2019-11-22 13:36:31 +00:00
Clemens Backes
caf005e8fc Hash all strings as unsigned values
A previous CL (https://crrev.com/c/1926769) changed hashing to always
treat the input as signed values. This causes problems, since the hash
of a one-byte string differs the hash of the identical two-byte string.
Hence this CL switches to treating all values as unsigned in hashing.

The bug cannot easily be reproduced in v8 alone, since we would need to
create an internalized two-byte string, which contains one-byte data.
Blink manages to create such a string via external strings.

R=jkummerow@chromium.org

Bug: chromium:1025184, chromium:1027131
Change-Id: Id41aa0e463691c02099a08c6e9d837a079c872df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930615
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65113}
2019-11-22 13:27:31 +00:00
Clemens Backes
8764dbc54c Make DebugPrint use Object::Print if available
If v8_enable_object_print is set to true, we should use Object::Print
instead of Brief(Object).

R=jkummerow@chromium.org

Change-Id: I70583c15834f9332aba7760b5e104136712d4e0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930613
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65112}
2019-11-22 11:56:01 +00:00
Liviu Rau
fe201628e7 [v8] White space
Bug: v8:9898
Change-Id: Id8a5ca983e80c00d23180ff3bcff51571513961b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900456
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65111}
2019-11-22 08:22:19 +00:00
v8-ci-autoroll-builder
941976e46d Update V8 DEPS.
Rolling v8/build: a5a3b9f..1ab161c

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/988a272..536c641

Rolling v8/third_party/depot_tools: 2e2f587..c50b096

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Icbbd441aff681b39273b1c10832750b788d968b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928889
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65110}
2019-11-22 04:28:32 +00:00
Ng Zhi An
aaf5c12439 [liftoff] Convert callers to use offset
This patch changes many callers of GetStackOffsetFromIndex to directly
use the offset that is stored in the VarState (and other structures).

The tricky part here is that in all archs, GetStackSlotOffset no longer
relies on kFirstStackSlotOffset, because the offset stored in VarState
is relative to the constant space (instance offset), and not offset of
the first stack slot.

For example, for slot 0, the offset was also 0, because it was relative
to the first stack slot offset (which in x64 is fp-24). With this
change, the offset of slot 0 is now 8, but since GetStackSlotOffset is
relative to fp-16, it ends up being fp-24 still.

Because of this change, callers of GetStackOffsetFromIndex need to add
1 to whatever index they were passing. Instead of doing that, we change
GetStackOffsetFromIndex to add 1 inside the body.

After this change, the only callers of GetStackOffsetFromIndex will be
inside of FillStackSlotsWithZero, because they still rely on index to
keep track of how many params were processed, and also how many locals
there are in order to zero those slots, and these is relied on by
RecordUsedSpillSlot to allocate sufficient stack space.

Bug: v8:9909
Change-Id: I52aa4572950565a39e9395192706a9934ac296d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925524
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65109}
2019-11-21 23:11:42 +00:00
Tobias Tebbi
cfab650576 [torque] shape: define in-object properties properly
This introduces a new keyword "shape" in addition to "class",
which allows the definition of a type that extends a JSObject
subclass and specifies one or several maps with statically
known in-object properties.
Differences compared to normal classes:
- Shapes are transient since they specify maps instead of
  instance types.
- Shapes have a known size.
- Fields of shapes are always in-object properties. In particular,
  this means that their offset is after kHeaderSize.
- It's forbidden to inherited from shapes.
- Since shapes usually specify NativeContext-dependent maps, it's
  not possible to write runtime type-checks for them. Thus this CL
  avoids mapping them to their own TNode type, as the CAST macro
  won't work properly. We had runtime-checks for some of them
  nevertheless, some of them scarily confusing like
  IsJSSloppyArgumentsObject, that actually just checked the instance
  type.

Drive-by cleanups and simplifications:
- Allow subclassing from non-abstract classes and remove
  @dirtyInstantiatedAbstractClass. This attribute stems from a mis-
  conception of how instance types work, and with this change it
  ceases to have semantic influence.
- Replace the existing JSArgumentsObject subclasses into two shapes.
  JSArgumentsObjectWithLength had to be removed since shapes don't
  support subclassing.
- Place kHeaderSize correctly for objects with indexed fields.

Design doc:
https://docs.google.com/document/d/1zPy2ZYfNFjeEuw6Mz3YJA-GaPGbdcSYam3SrS7ETzRU

Bug: v8:8944

Change-Id: Iabf185ccd27d0900e0890539a7fe9eaa8bf2d50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1917140
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65108}
2019-11-21 19:29:24 +00:00
Ng Zhi An
d3cd27022c Reland "[liftoff] Use stack slot offsets instead of indices"
This is a reland of 2072772592

The fix is in liftoff-assembler-arm64.h in FillStackSlotsWithZero,
in the else case for bigger counts to fill, the argument passed to Sub
was incorrect. We were passing offset relative to first slot, but it
should be offset relative to instance, so there is an off by 1 slot error
when zeroing, and ended up zeroing the stack slot holding instance.

Original change's description:
> [liftoff] Use stack slot offsets instead of indices
>
> Spill/fill now take offsets instead of indices. We provide a
> helper, GetStackOffsetFromIndex, for callers. This is currently only
> useful while slot sizes are still fixed to 8 bytes.
>
> StackTransferRecipe's RegisterLoad now works in terms of offset.
>
> LiftoffStackSlots work in terms of offset as well.
>
> TransferStackSlot currently still works in terms of indicies, but can be
> converted to use offsets in a subsequent change.
>
> Bug: v8:9909
> Change-Id: If54fb844309bdfd641720d063135dd59551813e0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922489
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65049}

Bug: v8:9909
Change-Id: I311da9d3bb1db8faf8693079177c77a7b3754243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925131
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65107}
2019-11-21 19:14:58 +00:00
Johannes Henkel
f6a76fad93 [DevTools] Roll inspector protocol (Cleanup) (V8)
New revision: 4c2a3acaea9f2e7958081dd361f81e20e9eff5e7

This cleanup cl does not change any behavior, it just
cleans up some headers and does a class rename
(StreamingParserHandler->ParserHandler). It was reviewed
upstream
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1924792
https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1925679
and does not touch V8 code. Would like to get
this in to make it easier to review subsequent changes.

Thanks!

Change-Id: Ie9fe1434bafeb4f5090244f823d1e482ff805dd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925721
Auto-Submit: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Johannes Henkel <johannes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65106}
2019-11-21 19:13:53 +00:00
Milad Farazmand
316036bc87 PPC/s390: [wasm-simd] Implement i64x2 shifts for arm
Port aafbc13834

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I1b6f70fbf58dc9e32f37ecd5e2030f6966a90842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929074
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65105}
2019-11-21 16:41:54 +00:00
v8-ci-autoroll-builder
e841566204 Update V8 DEPS.
Rolling v8/build: 9f9c46f..a5a3b9f

Rolling v8/third_party/android_ndk: https://chromium.googlesource.com/android_ndk/+log/89e8db0..27c0a8d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4c9781e..988a272

Rolling v8/third_party/depot_tools: 639872c..2e2f587

Rolling v8/tools/clang: 7506d59..5b2f5c6

TBR=machenbach@chromium.org,tmrts@chromium.org

Bug: chromium:1027059
Change-Id: I4aee68f37435c918a5e228ee96417f9e2462cd38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928258
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65104}
2019-11-21 16:14:13 +00:00
Zhao Jiazhong
aadcef1cac [mips][wasm-simd] Implement i64x2 neg
port a7b9e58 https://crrev.com/c/1900661

Original Commit Message:

  [wasm-simd] Implement i64x2 neg for arm

Change-Id: Ia4f52b26e4c3d6e2833b01246bd917d5e62ca79d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924003
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#65103}
2019-11-21 16:07:33 +00:00
Igor Sheludko
31fab144f0 Ensure root maps do not have slack in descriptor array
Drive-by-fix: enable heap verification in mksnapshot.

Bug: chromium:1025468
Change-Id: Ieb52d5139fa37df4ff0d8e8d46c3e0e6d14c2c8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924363
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65102}
2019-11-21 16:05:03 +00:00
Mythri A
28fb79c8f5 [Turboprop] Add implication for a lower interrupt budget
Make --turboprop imply a lower interrupt budget (10 * k).

Bug: v8:9684
Change-Id: I6e4bac1a77755e5bc8c7433503fe985cbc6db7ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928859
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65101}
2019-11-21 15:22:04 +00:00
Santiago Aboy Solanes
2223918677 [turbolizer] Make use of deadWidth to snap panels if close to the edge
Remove sep(Left|Right)Snap as they were never read from

Bug: v8:7327
Change-Id: Id09fa0ec606a75d40cc946b354bc1a260f3b68ac
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928855
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65100}
2019-11-21 15:20:43 +00:00
Milad Farazmand
947c422eea PPC/s390: [wasm-simd] Implement i64x2 add sub for arm
Port ea06b01e52

Original Commit Message:

    Also some cleanup reordering of instruction codes.

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I9e299c6c226d4fedf33bbaeba6242771d4947816
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929073
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65099}
2019-11-21 15:04:03 +00:00
Emanuel Ziegler
4b6a699208 [wasm][bulk-memory] Adjust throw behavior to match new proposal
InstanceBuilder::LoadTableSegments - Throw RuntimeError instead of
  LinkError
WasmGraphBuilder::TableInit & WasmGraphBuilder::MemoryInit - Do not
  check for active/dropped status if size == 0
WasmGraphBuilder::MemoryFill - Throw out-of-bounds error BEFORE
  attempting any memory operations if necessary

R=ahaas@chromium.org

Bug: v8:9865
Change-Id: I6a67779dc99fdc1c6bda6a2526d0e9ee5385f3ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924442
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65098}
2019-11-21 14:37:43 +00:00
Santiago Aboy Solanes
83bd11c8eb [x64][ptr-compr][cleanup] Remove DecompressRegisterAnyTagged
It was just an add used only in one place, so I inlined it.

I also noticed that some methods were using scratch registers as
parameters but didn't really need to do so.

Bug: v8:7703
Change-Id: Ia1e5570d478673cb0835cff97e3a37d9a35c60a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924266
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65097}
2019-11-21 13:09:43 +00:00
Joshua Litt
10540937bc Reland "[regexp] Re-execute regexp when '.indices' is accessed."
This is a reland of f2a74165bf

Original change's description:
> [regexp] Re-execute regexp when '.indices' is accessed.
>
> Instead of storing a pointer to the last_match_info, which may
> change, this cl modifies JSRegExpResult to store a pointer to
> the original JSRegExp which generated it, as well as additional
> data needed to re-execute the match.
>
> Basically a straight copy and tidy off jgruber@'s prototype:
> https://chromium-review.googlesource.com/c/v8/v8/+/1876810
>
> Bug: v8:9548
> Change-Id: I11b7deae681b8287e41e8d0e342291ff484751fb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910129
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65053}

Bug: v8:9548
Change-Id: Ieeba4b1ae59ef0c7946d654dc314adfae09d24b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925554
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65096}
2019-11-21 13:01:48 +00:00
Jakob Gruber
002d5be898 [gasm] Implement parts of js call reducer using the graph assembler
An initial investigation of using GraphAssembler in JSCallReducer.

This CL ports two simple reductions (ReduceMathUnary,
ReduceMathBinary) as well as a slightly more involved reduction with
branching control flow (ReduceStringPrototypeSubstring). The graph
assembler abstracts away the details of maintaining effect and control
edges. Resulting code ends up looking very similar to CSA.

Newly introduced:
- Typing through TNode.
- IfBuilder1 for nicer if-then-else sequences that return exactly 1
  value. Future CLs will add more convenience builders that follow this
  pattern.
- Many small readability improvements through helper functions.

Bug: v8:9972
Change-Id: Iaa186b76c006e07c8d69a74f340a4912577a32a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914204
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65095}
2019-11-21 13:00:44 +00:00
Georg Neis
438f72f406 [turbofan] Don't expect framestate input to be a Framestate
It could also be a DeadValue.

A regression test will take a while but the fix is straightforward.

Bug: chromium:1027045
Change-Id: I49a66668b7189b7ea7d6d79d514b9e0de3edc966
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928853
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65094}
2019-11-21 12:41:33 +00:00
Clemens Backes
5cf61684fb Reland "[wasm] Prevent breakpoints on nonbreakable positions"
This is an unmodified reland of 3c98a2a36a.
The actual issue was fixed in https://crrev.com/c/1926769.

Original change's description:
> [wasm] Prevent breakpoints on nonbreakable positions
>
> If a breakpoint is set on a non-breakable position, the wasm interpreter
> just stores the value 0xFF (kInternalBreakpoint) in the function body
> (actually, a copy of the function body). This might overwrite immediates
> and cause subsequent failures in the wasm interpreter.
>
> In JavaScript, breakpoints are just forwarded to the next breakable
> position. This CL implements the same for WebAssembly.
> A cctest tests this behavior, and the existing
> wasm-stepping-byte-offsets.js inspector test is extended to also set the
> breakpoint within an i32 constant immediate.
>
> R=leese@chromium.org, mstarzinger@chromium.org
> CC=​bmeurer@chromium.org
>
> Bug: chromium:1025184
> Change-Id: Ia2706f8f1c3d686cbbe8e1e7339d9ee86247bb4a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925152
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65070}

Bug: chromium:1025184
Change-Id: I5e16df645bbacf039b7a5e55a0c2a64cdb4c6a32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926152
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65093}
2019-11-21 12:33:43 +00:00
Jakob Kummerow
dbfb14bf52 Fix roll-blocking issue
Follow-up to c968607e12 to make
LayoutTests happy.

Tbr: verwaest@chromium.org
Change-Id: I02758faa8ed1f06f1faf615047a40ec115887a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928856
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65092}
2019-11-21 12:26:03 +00:00
David Benjamin
9ef4e8f18c Fix some issues caught by _LIBCPP_DEBUG=0
&vector[i] is invalid unless 0 <= i < vector.size(). This means:

- &vector[0] is invalid if the vector is empty.

- &vector[vector.size()] is not a valid way to point past the end of the
  vector.

Fix these to use vector.data() + vector.size() which is the defined to
get begin and end pointers for a vector.

Bug: chromium:1027059
Change-Id: Ife1f0e64807b32ebdca66dba8ffc206d90a0de75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929071
Auto-Submit: David Benjamin <davidben@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65091}
2019-11-21 12:17:03 +00:00
Clemens Backes
25a4f4d997 Hash all strings as signed values
Hashing should ignore the signedness of the type, since different
platforms might define standard types like {char} as either signed or
unsigned. This leads to problems if hashes are included in test
expectations, see https://crrev.com/c/1926032 and
https://crbug.com/1025184#c26.

This CL avoid such problems by always treating the input as signed
values. This also reduces binary size, since the instantiations for
int8_t and uint8_t are identical now and are folded together by the
compiler / linker.

R=jkummerow@chromium.org

Bug: chromium:1025184
Change-Id: I3fee4d8662dd1c31cd6483639fe4edd4511662c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926769
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65090}
2019-11-21 10:03:32 +00:00
Tobias Tebbi
dddc6a90f1 [torque] add %SizeOf intrinsic
This replaces the fragile hand-coded SizeOf function.

Bug: v8:7793
Change-Id: I6bd84f367182b947486192f8968c56723f29efaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924265
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65089}
2019-11-21 09:47:42 +00:00
Ng Zhi An
ea06b01e52 [wasm-simd] Implement i64x2 add sub for arm
Also some cleanup reordering of instruction codes.

Bug: v8:9813
Change-Id: I35caad0b84dd5824090046cba964454eac45d5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925613
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65088}
2019-11-21 00:18:31 +00:00
Ng Zhi An
aafbc13834 [wasm-simd] Implement i64x2 shifts for arm
Bug: v8:9813
Change-Id: Ibfac9453a035bb00020b4d062e1445410644f16a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900662
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65087}
2019-11-20 23:18:17 +00:00
Suraj Sharma
46759fb37e Reland "[ic] Migrate Code-based handlers to use data driven handler."
This is a reland of d46bd852ad

Original change's description:
> [ic] Migrate Code-based handlers to use data driven handler.
> 
> All usage of KeyedLoadIC_Slow, HasIC_Slow, StoreInArrayLiteralIC_Slow
> and KeyedStoreIC_Slow now use data driven handlers
> 
> Bug: v8:9779
> Change-Id: Idd888c5c10b462a5fe155ba0add36f95169bd76d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895988
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#64918}

Bug: v8:9779
Change-Id: I8fb9359752d6b8e8211c37e15e8f1bf61dd6532a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916684
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65086}
2019-11-20 22:31:38 +00:00
Santiago Aboy Solanes
2187575733 [turbolizer] Toggling maximize keeps the side panels size consistent
We now keep the same percentage of the window occupied by the panel
when toggling Maximize (both maximizing, or un-maximizing). This
also means that it no longer forces the side panels open when
toggling maximizing.

Also took the opportunity and cleaned up names and resizer.ts.

Bug: v8:7327
Change-Id: I60b574a833f3059e447aa17fae8a687d32ac29d5
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903970
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65085}
2019-11-20 19:08:57 +00:00
Santiago Aboy Solanes
14190afd11 [turbolizer] Focus on the svg after searching
After searching now we are focused on the svg, which allows using
the keyboard shortcuts after searching.

Bug: v8:7327
Change-Id: I57f5490ecb9858971aefae66b9808460108dc936
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925147
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65084}
2019-11-20 17:57:20 +00:00
Santiago Aboy Solanes
7d470998d2 [turbolizer][cleanup] Remove focusable attribute. It doesn't exist
Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes

Bug: v8:7327
Change-Id: I2f91b7dc619d70ae29600ae7f304d9944994c863
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925151
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65083}
2019-11-20 17:56:15 +00:00
Georg Neis
9da8b1aa88 [runtime] Fix an object reference in WriteJSRegExp
... by handlifying its argument.

Bug: v8:9989
Change-Id: Ie56a8beb52372c6f77aa855319c3af5e429bfd04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926149
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65082}
2019-11-20 17:51:05 +00:00
Georg Neis
3dbc1a8e41 [runtime] Avoid a gcmole warning in AddToDictionaryTemplate
... by making explicit that the value is a Smi.

Bug: v8:9989
Change-Id: I9f65030cf665e16c2fb22f5f77e25daf3cfb1cf1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924260
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65081}
2019-11-20 17:44:45 +00:00
Zhi An Ng
960badd140 Revert "[liftoff] Use stack slot offsets instead of indices"
This reverts commit 2072772592.

Reason for revert: Many bugs/crashes, https://crbug.com/v8/9999 https://crbug.com/1026500 https://crbug.com/1026514

Original change's description:
> [liftoff] Use stack slot offsets instead of indices
> 
> Spill/fill now take offsets instead of indices. We provide a
> helper, GetStackOffsetFromIndex, for callers. This is currently only
> useful while slot sizes are still fixed to 8 bytes.
> 
> StackTransferRecipe's RegisterLoad now works in terms of offset.
> 
> LiftoffStackSlots work in terms of offset as well.
> 
> TransferStackSlot currently still works in terms of indicies, but can be
> converted to use offsets in a subsequent change.
> 
> Bug: v8:9909
> Change-Id: If54fb844309bdfd641720d063135dd59551813e0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922489
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65049}

TBR=clemensb@chromium.org,zhin@chromium.org

Change-Id: I972b72346c87d1d55488911938e3f3cdbe69abe5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925560
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65080}
2019-11-20 17:25:58 +00:00
Seth Brenith
6b11b700d7 [torque][tools] Define layout of DescriptorArray for postmortem tools
This change defines a way that v8_debug_helper can describe object
fields which are packed structs, and uses it for the "descriptors" field
in DescriptorArray.

In more detail:
- debug-helper.h (the public interface for v8_debug_helper) adds a size
  and an optional list of struct properties to ObjectProperty.
- debug-helper-internal.h mirrors those changes to the internal class
  hierarchy which maintains proper unique_ptr ownership.
- In src/torque/class-debug-reader-generator.cc,
  - Some existing logic is moved into smaller functions.
  - New logic is added to generate the field list for structs. Example
    output is included in a comment above the function
    GenerateGetPropsChunkForField.

Bug: v8:9376
Change-Id: I531acac039ccb42050641448a4cbaec26186a7bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1894362
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65079}
2019-11-20 16:56:39 +00:00