Commit Graph

59620 Commits

Author SHA1 Message Date
Michael Achenbach
1d493d31ce [foozzie] Refactor command abstraction
This moves code for running d8 into its own class. No functional
changes intended.

No-Try: true
Bug: chromium:1023091
Change-Id: I7cbfeebd2911dc758322f89cf93666550f2956d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906378
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64928}
2019-11-13 08:29:27 +00:00
Zhao Jiazhong
1319356430 [mips] Add missing functions due to former clean up.
Patch af608d4 https://crrev.com/c/1903969 removed some functions used on mips platform.

Original Commit Message:

  [utils] Remove unused classes and functions

  This removes dead classes and functions from utils.h.

Change-Id: I558de38370b51a3f7dd0ea9712d9c9dc47fa05a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909747
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64927}
2019-11-13 06:35:57 +00:00
Leszek Swirski
97bda678dd [objects] Move SFI init from factory to Init method
After allocation of an object, we need to initialize it to make it safe
for the GC to see it. For complex objects like SharedFunctionInfo, this
initialization code is long and requires understanding of the object. So,
it makes sense for the initialization to live in the SharedFunctionInfo
code itself (as an Init method) rather than in the factory.

Aside from being a neat cleanup, this will allow us to share this
initialization logic between different allocation methods, as part of the
off-thread allocation project:
https://docs.google.com/document/d/1-_96kok0AcavkbcdqqZvpqt_2q-_XWAsAJwbRXlfwCo/

Bug: chromium:1011762
Change-Id: Ie276eb711423272f85abfeb3d88df1826a77b984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1872402
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64926}
2019-11-12 22:33:24 +00:00
Zhao Jiazhong
165d11f1d9 [mips][ptr-compr] Remove CompressedSigned MachineRepresentation
port 80dc6a3 https://crrev.com/c/1903445

Original Commit Message:

  [ptr-compr] Remove CompressedSigned MachineRepresentation

  Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
  bits used. This renders CompressedSigned useless.

Change-Id: I3d656752bb81a09bd3985bd39ab9f656504f4da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911268
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64925}
2019-11-12 20:06:50 +00:00
Ross McIlroy
5792f35871 [Cleanup] Delete unused function SkipZeroBits.
Change-Id: I2b1cf44670e12b22bbf5115742e1d62dafec7304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1912220
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64924}
2019-11-12 17:59:17 +00:00
Joshua Litt
8fe297617f [promises] Port PromiseCapabilityDefault* to torque.
Bug: v8:9838
Change-Id: I8f1ca56517c4de097cab7e5fbd63ef3fe56d8f8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1904120
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64923}
2019-11-12 17:24:17 +00:00
Joshua Litt
72b652e8f7 Revert "[ic] Migrate Code-based handlers to use data driven handler."
This reverts commit d46bd852ad.

Reason for revert: I suspect this breaks the 'V8 Linux - predictable' bot. Specifically, 'typedarray-copywithin' has been failing since this landed. I am not exactly sure what is wrong from the tests error message, but see this link for more information:
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8896980452133814304/+/steps/Check_-_d8__flakes_/0/logs/typedarray-copywithin/0

Original change's description:
> [ic] Migrate Code-based handlers to use data driven handler.
> 
> All usage of KeyedLoadIC_Slow, HasIC_Slow, StoreInArrayLiteralIC_Slow
> and KeyedStoreIC_Slow now use data driven handlers
> 
> Bug: v8:9779
> Change-Id: Idd888c5c10b462a5fe155ba0add36f95169bd76d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895988
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#64918}

TBR=rmcilroy@chromium.org,verwaest@chromium.org,surshar@microsoft.com

Change-Id: Id7c2b553f85b46048bed2c633b8bd24098f67147
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9779
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1912092
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64922}
2019-11-12 17:17:49 +00:00
Clemens Backes
c60c2e3e7d [base] Make DCHECK_EQ and other constexpr
This allows us to use them in constexpr contexts, just as DCHECK.
There were some "constexpr" keywords missing, and we cannot have
explicit template instantiations for constexpr.

R=jkummerow@chromium.org

Bug: v8:9810
Change-Id: Iba7c6ed4a16ea5077324880f59f7f0e17d1757a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910956
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64921}
2019-11-12 16:54:33 +00:00
Ross McIlroy
ae4506e2a5 [TurboProp] Optimize BitVector::Iterator::Advance.
Optimizes BitVector::Iterator::Advance by using base::bits::CountTrailingZeros to
skip through bitvector. Also inlines Advance in the header. This reduces the
LiveRangeAnalysis phase of TurboFan/Prop by about 2-5% on Octane.

BUG=v8:9684

Change-Id: I3954d50d8ae9bd062a153e1fa2cb0abfd43d73eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910948
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64920}
2019-11-12 16:32:33 +00:00
Michael Achenbach
502261d982 Revert "[build] Simplify snapshot target"
This reverts commit f616b37235.

Reason for revert: Might break incremental build: https://crbug.com/v8/9966

Original change's description:
> [build] Simplify snapshot target
> 
> Drops unnecessary visibility exception and uses minimum deps required
> for snapshot target.
> 
> Change-Id: I4098a443e9df31c25551540a0b6edfe9500f7bcd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910943
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64907}

TBR=machenbach@chromium.org,jgruber@chromium.org

Change-Id: I01b087406e913faca42e21572d2fb62116c8c222
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9966
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1912219
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64919}
2019-11-12 16:21:35 +00:00
Suraj Sharma
d46bd852ad [ic] Migrate Code-based handlers to use data driven handler.
All usage of KeyedLoadIC_Slow, HasIC_Slow, StoreInArrayLiteralIC_Slow
and KeyedStoreIC_Slow now use data driven handlers

Bug: v8:9779
Change-Id: Idd888c5c10b462a5fe155ba0add36f95169bd76d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1895988
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64918}
2019-11-12 16:13:52 +00:00
Santiago Aboy Solanes
e6acd1ae99 [test] Mark try as SLOW for non pointer compression arm64 sim
Fixed: v8:9949
Change-Id: I3e27660f3f3e679988e780a050050ffd5ae9f584
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910946
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64917}
2019-11-12 15:47:22 +00:00
Clemens Backes
12aedf5bf7 [base] Skip unneeded masks in CountPopulation
Out of the six masks (for 64 bit value), three can be skipped because
the values are known to be within certain bounds.

R=jkummerow@chromium.org

Bug: v8:9810
Change-Id: I50c3bf2d374b14456aa0cbec076e894f25779151
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910110
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64916}
2019-11-12 14:57:02 +00:00
Clemens Backes
7c3ffd8a30 Revert "[turbofan] Simplified LowerCheckedInt(32|64)ToTaggedSigned"
This reverts commit 75a6132505.

Reason for revert: Fails arm64 gc stress (see bisect): https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/16691

Original change's description:
> [turbofan] Simplified LowerCheckedInt(32|64)ToTaggedSigned
> 
> Merge duplicate LowerCheckedInt32ToTaggedSigned code.
> 
> Skip ChangeInt32ToInt64:
> * In 32 bit archs, ChangeInt32ToInt64 is a no-op.
> * In 64 bit archs with 31 bit smis and smi corrupting enabled,
> ChangeInt32ToIntPtr can be skipped. This is because it would only
> change the upper bits, and those upper bits are not significant
> since we are smi-corrupting.
> 
> Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64906}

TBR=jgruber@chromium.org,tebbi@chromium.org,solanes@chromium.org

Change-Id: I6586a6f226537acba988afa1be7454c2c3e6ee54
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910955
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64915}
2019-11-12 14:27:54 +00:00
Michael Achenbach
06f1864aeb [test] Simplify test exceptions for force-slow-path
This allows the tests to continue running on the gc fuzzers while
staying compatible with the --force-slow-path flag being passed
randomly.

When run in slow_path variants these tests are no-ops, but that's
negligible as the tests are also fast without slow_path.

Change-Id: I461c47b669b163e1e1594ea1a941f63e90f2221e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910947
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64914}
2019-11-12 12:54:42 +00:00
Clemens Backes
aadf812c8e [wasm] Improve code size estimates
UMA data shows that we currently still allocate up to ten code spaces
per module. This is because the code size estimates are vastly off,
especially if both Liftoff and TurboFan is being used.
Also, code sizes differ by platform.

This CL adds more logic to the {EstimateNativeModuleCodeSize} function
to distinguish Liftoff and TurboFan, and to use different constants per
platform. A largeish comment explains how the numbers were generated,
and that they are an extreme over-generalization. However, without
further information about the module, this is the best we can do.
After all, being off even by a factor of two does not hurt too much, as
explained in the comment.

R=jkummerow@chromium.org

Change-Id: Icd178f5f4d0c7c8fa29b11b6eff7d14e64a1af1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910102
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64913}
2019-11-12 12:45:21 +00:00
Jakob Gruber
fb5c7c879e Revert "[regalloc] Use an adaptive data structure for live sets"
This reverts commit b3d748a282.

Reason for revert: Regressions, see https://crbug.com/1023423.

Original change's description:
> [regalloc] Use an adaptive data structure for live sets
> 
> Live sets represent sets of live virtual registers at block entry and
> exit points. They are usually sparsely populated; for example, a sample
> taken from Octane2 shows 80% of sampled live sets with a fill ratio of
> 10% or less.
> 
> Prior to this CL, live sets were implemented as a statically-sized bit
> vector. This is fine for low-ish virtual register counts, but becomes
> wasteful at higher numbers.
> 
> This CL attempts to address this issue through an adaptive
> implementation. Small live sets remain bit vectors, while larger sets
> switch to a PersistentMap-based implementation. PersistentMap has very
> memory-efficient add/remove/copy operations.
> 
> Of course, with adaptive data structures we enter the territory of
> parameter fiddling. In this case, two parameters are used:
> kMaxSmallSetSize controls when to switch implementations, and
> kMaxDeletionsBeforePrune controls when pruning (= managing the # of
> deleted entries in the map) sets in.
> 
> On the (degenerate) test case from the linked bug, the register
> allocation zone shrinks from 1008MB to 475MB. For more realistic cases
> I expect savings on the order of 10s of KB.
> 
> Bug: v8:9574
> Change-Id: Id903bbe23f030b418e8d887ef4839c8d65126c52
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1891693
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64872}

TBR=jgruber@chromium.org,tebbi@chromium.org,thibaudm@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9574
Change-Id: I5d684198f9c4575a0c892076459cc2c20dce9aec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910944
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64912}
2019-11-12 12:24:02 +00:00
Clemens Backes
c91284ee1d [wasm] Avoid overallocation of far jump table
On platforms that do not require the far jump table for wasm calls (32
bit platforms currently), we do not need to include a far jump table
slot per wasm function. Other places already used the
{NumWasmFunctionsInFarJumpTable} helper function, but in the actual
allocation of the far jump table, it was missing.

R=jkummerow@chromium.org

Change-Id: I30734a1a25cc80e38c47abfd39059d56c9e5de57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910101
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64911}
2019-11-12 12:22:57 +00:00
Michael Achenbach
14314ab3c7 [foozzie] Remove per-testcase random seed
We used the same random seed for all test cases of a fuzz session
for transitioning from choosing the flags on V8 side.

Since the grace period for stable bisection is over, we now use
the same random number generator throughout the fuzz session which
leads to a wider range of differently chosen flags.

TBR=tmrts@chromium.org

No-Try: true
Bug: chromium:813833
Change-Id: I07b9fe5de378c01344afd486bfd85fcbf0fcd8d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906377
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64910}
2019-11-12 12:21:51 +00:00
Santiago Aboy Solanes
4d1b7af7b1 [turbofan][64] Remove Smi Untagging extra nodes for 31 bit smis
There are some cases where we can ignore some truncations or
change nodes for Smi Untagging, when we are using 31 bit smis
in 64 bit architectures.

Updated DecompressionOptimizer to match the new pattern.

Change-Id: I89d34407e6f780ec0399cd427cf9d3e24ee5669a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1889877
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64909}
2019-11-12 12:06:11 +00:00
Clemens Backes
52baf4c464 [test] Remove always-on flag from test variant
Wasm code GC is on by default now.

R=machenbach@chromium.org

No-Try: true
Change-Id: Ib24e68f431876ecb91e7ae6ef6bc6cc08c2ea0c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910942
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64908}
2019-11-12 11:56:11 +00:00
Michael Achenbach
f616b37235 [build] Simplify snapshot target
Drops unnecessary visibility exception and uses minimum deps required
for snapshot target.

Change-Id: I4098a443e9df31c25551540a0b6edfe9500f7bcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910943
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64907}
2019-11-12 11:55:06 +00:00
Santiago Aboy Solanes
75a6132505 [turbofan] Simplified LowerCheckedInt(32|64)ToTaggedSigned
Merge duplicate LowerCheckedInt32ToTaggedSigned code.

Skip ChangeInt32ToInt64:
* In 32 bit archs, ChangeInt32ToInt64 is a no-op.
* In 64 bit archs with 31 bit smis and smi corrupting enabled,
ChangeInt32ToIntPtr can be skipped. This is because it would only
change the upper bits, and those upper bits are not significant
since we are smi-corrupting.

Change-Id: Ia217773fc7fccdd6227f66fbd600326ebbe9b86d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1893193
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64906}
2019-11-12 11:54:03 +00:00
Michael Achenbach
a42a0b722a Reland "[test] Add more flags to numfuzz flags fuzzer"
This is a reland of ab1b511c16

The offending flags are removed.

Original change's description:
> [test] Add more flags to numfuzz flags fuzzer
>
> This adds a selection of flags to numfuzz that are already used
> for different testing variants or on clusterfuzz for
> correctness testing.
>
> No-Try: true
> Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64884}

No-Try: true
Change-Id: Ie01f244147be0b0fda8cec83f48ac3f73c5a81ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910113
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64905}
2019-11-12 11:33:31 +00:00
Michael Achenbach
e207845060 [build] Unify snapshot targets
Change-Id: I208b0e39b3755e84683aae9f6e23053858120b6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906383
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64904}
2019-11-12 11:14:11 +00:00
Michael Achenbach
2afd61fb65 [build] Remove unused trace-pc-guard coverage from clusterfuzz builds
This ports:
https://crrev.com/c/1538805

Bug: chromium:1023757
Change-Id: I664c07bd2fe9c93861cdeb9c5bb0af6c8a426e7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910941
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64903}
2019-11-12 10:41:22 +00:00
Johannes Henkel
b67cafe716 [DevTools] Roll inspector_protocol (v8) (file split)
This decomposes the crdtp library into multiple files.
Since it wasn't previously rolled
it's a bit more than just that.

Upstream review: https://chromium-review.googlesource.com/c/deps/inspector_protocol/+/1907115

New Revision: d020a9e614d4a5116a7c71f288c0340e282e1a6e

Change-Id: I5c588469654bec3e933804ac706fa967c6fe57bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907973
Auto-Submit: Johannes Henkel <johannes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64902}
2019-11-12 10:27:01 +00:00
v8-ci-autoroll-builder
36e812bee7 Update V8 DEPS.
Rolling v8/build: 789c8f5..8929104

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/56af378..3992f65

Rolling v8/third_party/googletest/src: f2fb48c..076c461

Rolling v8/tools/clang: 596e92a..ebea19a

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I7250b847fdbd3c683aa970784443f8d8e56c99a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1911401
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#64901}
2019-11-12 03:49:11 +00:00
Shu-yu Guo
c9600b4b3d Roll test262
21195de..1bc19352

Bug: v8:7834, v8:9808
Change-Id: I97b26749acf56f3db63b3989441ac4c2b8642807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910859
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64900}
2019-11-12 00:29:02 +00:00
Joyee Cheung
572234aa6b [class] exclude brand symbols in JSReceiver::GetPrivateEntries
This patch excludes brand symbols from the result of
JSReceiver::GetPrivateEntries so that the brands do not show up
when the instances are inspected from the DevTools (e.g. via
`Runtime.getProperties()`).

To implement this, we use a bit in the Symbols to denote whether
it's a brand symbol. A brand symbol is also a private name
symbol so that we can just reuse the IC for accessing private
names and do not need to jump through extra ORs.

Design doc: https://docs.google.com/document/d/1N91LObhQexnB0eE7EvGe57HsvNMFX16CaWu-XCTnnmY/edit

Bug: v8:8671, v8:9839, v8:8330
Change-Id: I24346aeedce3602395289052d1e1350ae9390354
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1909757
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#64899}
2019-11-11 23:40:47 +00:00
Adam Klein
b9cc056976 [builtins] TNodify builtins-math-gen
Bug: v8:9810
Change-Id: I5d0341d9602c3df8b158227c6647414fc66481e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907634
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64898}
2019-11-11 22:01:20 +00:00
Igor Sheludko
6ff3b3703e [builtins] Allow 2Gb TypedArrays on 64-bit architectures
... even with ptr-compr.

Although full uintptr-sized TypedArrays are not supported yet
we may already start using uint32-sized typed arrays as we no
longer rely on TypedArray length to be a Smi.

Bug: v8:4153
Change-Id: If179541ad4f02c4ec7de9d1f3836138fe526d8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1905847
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64897}
2019-11-11 21:42:56 +00:00
Sathya Gunasekaran
1a1a9cca42 [ic] Do string to array index conversion in element loads only
Instead of changing all of TryToName to do the conversion to array
index, this patch narrows this fast path just to the element load IC
handler.

This patch also restores the HeapNumber conversion in TryToIntPtr and
in Turbofan inlining as per the original state of things.

Bug: v8:9449, chromium:1016738, chromium:1016709
Change-Id: Ibf3a2c38637fc36e0ee037dc740f273848d1e8a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1902386
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64896}
2019-11-11 21:02:49 +00:00
Michael Achenbach
2750dc9ed9 Revert "[test] Add more flags to numfuzz flags fuzzer"
This reverts commit ab1b511c16.

Reason for revert: too many spurious errors

Original change's description:
> [test] Add more flags to numfuzz flags fuzzer
> 
> This adds a selection of flags to numfuzz that are already used
> for different testing variants or on clusterfuzz for
> correctness testing.
> 
> No-Try: true
> Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64884}

TBR=machenbach@chromium.org,clemensb@chromium.org,almuthanna@google.com,liviurau@chromium.org

Change-Id: Iba9cfa8e6e8e2cb3b9fe0f803b07376ae55d783c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910112
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64895}
2019-11-11 17:54:33 +00:00
Michael Achenbach
fd282c820e Revert "[numfuzz] Remove jitless from flags experiment"
This reverts commit 509995d371.

Reason for revert: want to revert first CL

Original change's description:
> [numfuzz] Remove jitless from flags experiment
> 
> Produces too many spurious errors with tests that normally get
> skipped in jitless variant.
> 
> TBR=clemensb@chromium.org
> 
> No-Try: true
> Change-Id: Iddf0e39e4c454a3b17568ba17a014e8d38922052
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910107
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64889}

TBR=machenbach@chromium.org,clemensb@chromium.org,almuthanna@google.com,liviurau@chromium.org

Change-Id: I238323289fd29fec82c58795c2ad829e7c0a073a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910111
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64894}
2019-11-11 17:53:26 +00:00
Clemens Backes
5b25335e0f [wasm][cleanup] Avoid unneeded functors
They were there to avoid a GCC bug. Now that we do not support GCC 4 any
more, we can remove this workaround.

R=ahaas@chromium.org

Bug: v8:9810
Change-Id: I9346671cc1c5f0c83b47d0cfbd313cd1eb2179a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910104
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64893}
2019-11-11 16:57:53 +00:00
Tobias Tebbi
5bf81318f8 [torque] split base.tq
This creates a .tq file in src/objects for each src/objects/*.h file
with Torque-defined classes and moves the object definitions and
corresponding helpers/macros there.
In addition, we create files convert.tq and cast.tq in src/builtins
to move the casts and conversions to.

Since Torque-generated .cc files end up as .o files in the same
directory, there cannot be two .tq files of the same name. Thus it
was necessary to rename src/builtins/arguments.tq and
src/builtins/string.tq to not clash with the new files in src/objects.

This is a mechanical change that only moves code.

Design doc: http://doc/1fh4OUMjQMnQdJm3aiAPXQUNdgbQugkRGdJzDh8hmyzk

Bug: v8:9861 v8:9810 v8:7793
Change-Id: I9c54cb50f32b9ae0fb41752199515133eb59ea5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910100
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64892}
2019-11-11 16:15:33 +00:00
Milad Farazmand
b98a304686 PPC/s390: [ptr-compr] Remove CompressedSigned MachineRepresentation
Port 80dc6a3394

Original Commit Message:

    Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
    bits used. This renders CompressedSigned useless.

R=solanes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia3daa8e8fe60e8046784436b3dfcdad63b6597c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907442
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64891}
2019-11-11 16:04:13 +00:00
Santiago Aboy Solanes
f5ce3c082c [CSA] TNodify low-hanging fruits
There were a couple of low-hanging fruits in code-stub-assembler. Tried
to keep it short to avoid conflicts with other CLs.

Bug: v8:9810
Change-Id: If23e16019116c22ddd6282867d9dd0b2e65a23f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906570
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64890}
2019-11-11 15:57:03 +00:00
Michael Achenbach
509995d371 [numfuzz] Remove jitless from flags experiment
Produces too many spurious errors with tests that normally get
skipped in jitless variant.

TBR=clemensb@chromium.org

No-Try: true
Change-Id: Iddf0e39e4c454a3b17568ba17a014e8d38922052
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1910107
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64889}
2019-11-11 15:18:14 +00:00
Jakob Gruber
cebfde6769 [interpreter] Move function-entry stack check to start of bytecode array
The function-entry stack check should dominate all other
instructions in a function. Prior to this CL it was possible to create
paths not including a stack check due to SwitchOnGeneratorState: the
generator-creation branch had a stack check, while generator-resume
branches did not.

  0 : af fb 00 01       SwitchOnGeneratorState r0, [0], [1] { 0: @22 }
  4 : 27 fe fa          Mov <closure>, r1
  7 : 27 02 f9          Mov <this>, r2
 10 : 64 0a fa 02       InvokeIntrinsic [_CreateJSGeneratorObject], r1-r2
 14 : 26 fb             Star r0
 16 : a7                StackCheck
 17 : b0 fb fb 01 00    SuspendGenerator r0, r0-r0, [0]
 22 : b1 fb fb 01       ResumeGenerator r0, r0-r0
                        [... no stack check here ...]

This CL moves the stack check to the beginning of the bytecode array,
i.e. before SwitchOnGeneratorState.

Bug: chromium:1020031
Change-Id: I8ba8cba99611ddbe50c76023129d926cc84b1d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903440
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64888}
2019-11-11 15:00:09 +00:00
Santiago Aboy Solanes
421eaeefb9 [CSA][cleanup] TNodify builtins-string-gen
Bug: v8:9810
Change-Id: I915e0b1f903e8c5aa75280965819b2efb9fdc6dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906206
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64887}
2019-11-11 14:57:29 +00:00
Maya Lekova
db49e2238c [turbofan] Add serializer support for JSCreate
When the serializer encounters a JSConstruct, it now serializes the
initial map of the new_target to enable further opitmizations in
JSNativeContextSpecialization.

Add regression tests as well.

Bug: v8:7790
Change-Id: Ifab2b58c64a341744e833ed063e9695d74a5cdce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900457
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64886}
2019-11-11 14:43:59 +00:00
Milad Farazmand
03d37fc113 PPC/s390: [ptr-compr] Remove Compressed mentions from in the pipeline
Port 6e90f2f292

Original Commit Message:

    Including but not limiting to removing:
     * BitcastCompressedXXX
     * CheckedCompressedXXX
     * ChangeXXXToCompressedYYY
     * ChangeCompressedXXX

    As a note, ChangeTaggedToCompressed can't be removed just yet as it
    is still in use.

R=solanes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I0974b300654f61d152ea65016a0e278ea4ba1b60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1907440
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64885}
2019-11-11 14:32:38 +00:00
Michael Achenbach
ab1b511c16 [test] Add more flags to numfuzz flags fuzzer
This adds a selection of flags to numfuzz that are already used
for different testing variants or on clusterfuzz for
correctness testing.

No-Try: true
Change-Id: I79745b281b001f57d2b24977f3a8e9ce3bbab2a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906573
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64884}
2019-11-11 14:20:08 +00:00
Santiago Aboy Solanes
80dc6a3394 [ptr-compr] Remove CompressedSigned MachineRepresentation
Since smi-corrputing, TaggedSigned (aka known smis) only have the lower
bits used. This renders CompressedSigned useless.

Bug: v8:7703
Change-Id: Id59aaebc24d670ed32c483ceecf77fd194405ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903445
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64883}
2019-11-11 14:02:28 +00:00
Dominik Inführ
e1f90f936a Revert "[heap] Promote young objects by default in MC"
This reverts commit 5e97378f92.

Reason for revert: Caused multiple regressions.

Original change's description:
> [heap] Promote young objects by default in MC
> 
> Start experiment to promote all young live objects during mark-compact.
> 
> The last CL https://crrev.com/c/1879938 got reverted because of a flaky
> test, see v8:9192.
> 
> Change-Id: I16897f45fffeafbb7e70c21899976a4c026e69ba
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903432
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64832}

TBR=ulan@chromium.org,dinfuehr@chromium.org
Bug: chromium:1023308, chromium:1022708

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Ie551f0765fb54a36e52c20da8b026e2c0ebf0451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906385
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64882}
2019-11-11 13:39:43 +00:00
Ross McIlroy
8d2376a159 [CSA][cleanup] Tnodify builtins-internal-gen
Also Tnodifies TryPrototypeChainLookup.

Bug: v8:9810
Change-Id: I4950ad3bbcfcf3528589d343282517ee0b57e65f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906375
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64881}
2019-11-11 13:11:41 +00:00
Santiago Aboy Solanes
6e90f2f292 [ptr-compr] Remove Compressed mentions from in the pipeline
Including but not limiting to removing:
 * BitcastCompressedXXX
 * CheckedCompressedXXX
 * ChangeXXXToCompressedYYY
 * ChangeCompressedXXX

As a note, ChangeTaggedToCompressed can't be removed just yet as it
is still in use.

Bug: v8:7703
Change-Id: I98cf88a32adfa976d419e69702d1cac4d3e811a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1903435
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64880}
2019-11-11 12:23:41 +00:00
Santiago Aboy Solanes
9d2629c8b7 [CSA][cleanup] TNodify builtins-proxy-gen
Bug: v8:9810
Change-Id: Ic7909dcec624fdd95548a32f2fa760d5e9c67636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1906567
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64879}
2019-11-11 12:14:41 +00:00