Commit Graph

48777 Commits

Author SHA1 Message Date
Clemens Hammacher
720218c2a8 [Liftoff][arm64] Fix i64 constants passed via stack
We need to push the sign-extended constant instead of just the lower 32
bits. Otherwise, the callee might read stale data from the stack.

Bug: chromium:854011, v8:6600

R=ahaas@chromium.org
CC=rodolph.perfetta@arm.com

Change-Id: Iafcfd6ba9532771615b41215fb4d1a2b85ce5623
Reviewed-on: https://chromium-review.googlesource.com/1124683
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54185}
2018-07-03 17:04:49 +00:00
Clemens Hammacher
ca4a8f9eed [wasm] Add regression test for issue 7914
I forgot to add this test to the previous CL:
https://crrev.com/c/1122409

R=ahaas@chromium.org

Bug: v8:7914
Change-Id: I4ed3bce37ce1e42a56eabc02647d8cf91e4492c9
Reviewed-on: https://chromium-review.googlesource.com/1124687
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54184}
2018-07-03 17:03:37 +00:00
Dan Elphick
61f174a23e [explicit isolates] Convert runtime/ to ReadOnlyRoots
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.

Bug: v8:7786
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ifd2f75298bacd2f6a89c551f689d269a59d87e97
Reviewed-on: https://chromium-review.googlesource.com/1124470
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54183}
2018-07-03 16:39:04 +00:00
Dan Elphick
1fd8207b97 [explicit isolates] Convert objects* to ReadOnlyRoots
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.

Bug: v8:7786
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia24803003f1e6ce0782dffe448c662695620f026
Reviewed-on: https://chromium-review.googlesource.com/1124326
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54182}
2018-07-03 16:33:04 +00:00
Dan Elphick
7a58e6e884 [explicit isolates] Convert builtins/ to ReadOnlyRoots
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.

Bug: v8:7786
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2cc63ffc5b6df537fa7772356acd9e8b3cf59352
Reviewed-on: https://chromium-review.googlesource.com/1124322
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54181}
2018-07-03 16:30:34 +00:00
Alexei Filippov
f77aa8d035 [cpu-profiler] Make tracing-based CPU profile ids unique
Using CpuProfile pointer is not safe for id as the profile objects
can be recreated on the same memory address.
Use sequential numbers instead.

Change-Id: I7253605819055bc3396b797f9ce27669e8c2584d
Reviewed-on: https://chromium-review.googlesource.com/1123325
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54180}
2018-07-03 15:51:24 +00:00
Georg Neis
1ba5d5ba76 Clean up DependentCode class.
Also move some helpers there.

Bug: v8:7902
Change-Id: I1ef3d1e8317102afae2861382e9ba60b0ef6bba4
Reviewed-on: https://chromium-review.googlesource.com/1121461
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54179}
2018-07-03 15:32:44 +00:00
Dan Elphick
f9c4d0008f [explicit isolates] Move remaining roots to ReadOnyRoots
Moves STRUCT_LIST AND ALLOCATION_SITE_LIST into roots.h and adds access
to their associated maps using ReadOnlyRoots.

Also corrects the location of external_map, message_object_map,
empty_script, many_closures_cell, invalid_prototype_validity_cell and
builtins_constants_table which are not in RO_SPACE.

Finally this adds a convenience ReadOnlyRoots(Isolate*) constructor.

Bug: v8:7786
Change-Id: I4982dd0cbea2062a124605678599ba48831f020f
Reviewed-on: https://chromium-review.googlesource.com/1124319
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54178}
2018-07-03 15:26:04 +00:00
Toon Verwaest
37dd992c51 [scanner] Move table-based one-char-token handling from Next to Scan
Change-Id: I21b0dfb572efab3257e25f2f3b81689c07f8f2d7
Reviewed-on: https://chromium-review.googlesource.com/1124562
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54177}
2018-07-03 15:07:24 +00:00
Predrag Rudic
3852804216 [wasm] Skip wasm simd tests for big endian.
Tests cctest/test-run-wasm-simd/RunWasm_I16x8ConvertI32x4_turbofan
and cctest/test-run-wasm-simd/RunWasm_I8x16ConvertI16x8_simd_lowered
will be skipped for big endian until implementation for big endian is
done correctly.

Change-Id: Ia6253070ede207f437e4b710a656bce8d65e412e
Reviewed-on: https://chromium-review.googlesource.com/1113307
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54176}
2018-07-03 14:55:05 +00:00
Clemens Hammacher
e89c253760 [Liftoff][arm64] Skip unneeded register move
An i64 to i32 conversion within the same register is a noop on arm64,
since i32 operations just use the "W" part of the register anyway.

R=ahaas@chromium.org
CC=rodolph.perfetta@arm.com

Bug: v8:6600
Change-Id: Ia7cb49673c4997dc095736a054d052ffd91bb957
Reviewed-on: https://chromium-review.googlesource.com/1124449
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54175}
2018-07-03 14:50:54 +00:00
Simon Zünd
26ac072990 [array] Add regression test that causes left trimming while sorting
This CL adds a regression test that will check that the elements
pointer is properly reloaded after the JavaScript comparison
function is called during Array.p.sort.

R=jgruber@chromium.org

Bug: chromium:859809
Change-Id: I15f55fcc1906bd8d0751596e5457367a643b92da
Reviewed-on: https://chromium-review.googlesource.com/1124475
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54174}
2018-07-03 14:16:14 +00:00
Michael Starzinger
1e2617dcac [liftoff] Further reduce use of Isolate in LiftoffCompiler.
R=clemensh@chromium.org

Change-Id: I2a935d87d6f9688af9bd983fc95ae87476c1f612
Reviewed-on: https://chromium-review.googlesource.com/1124464
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54173}
2018-07-03 14:08:33 +00:00
Toon Verwaest
02b6178cef [scanner] Push surrogate pair handling down into identifier scanning
Most scanner logic doesn't need to care about surrogate pairs, so we can just
push it down to identifier scanning.

This CL additionally drops some explicit kEndOfInput checks that are subsumed
by predicates seemlessly returning false for kEndOfInput (-1).

Change-Id: If031a9355ab5fbca0c3b647045e3034f42923979
Reviewed-on: https://chromium-review.googlesource.com/1124447
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54172}
2018-07-03 13:51:50 +00:00
Tobias Tebbi
9bbb0cd2f6 [torque] remove fake initialization of return variable
It turns out we can just remove kReturnVariable from the normal change
tracking, since it's always set when jumping to the final label anyway.

Bug: v8:7793
Change-Id: I6d0a777016047aa31b0edddd19c661e2631e1078
Reviewed-on: https://chromium-review.googlesource.com/1124471
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54171}
2018-07-03 13:38:35 +00:00
Georg Neis
52a10e5081 [turbofan] Rewrite CompilationDependencies
Instead of installing code dependencies during graph reduction,
install them after code generation.

Bug: v8:7902, v8:7790
Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
Reviewed-on: https://chromium-review.googlesource.com/1119913
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54170}
2018-07-03 13:37:30 +00:00
Tobias Tebbi
506f969a26 [torque] annotate generated source with original source positions
Bug: v8:7793
Change-Id: Ifb03938e15307910ef25b2b95c32fe69bfec1441
Reviewed-on: https://chromium-review.googlesource.com/1124458
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54169}
2018-07-03 13:11:51 +00:00
Michael Starzinger
ec9cba9824 [liftoff] Make LiftoffAssembler independent of Isolate.
R=clemensh@chromium.org

Change-Id: Ia3856921a707e7d58d55a74d3f14cbdc0d69eaa5
Reviewed-on: https://chromium-review.googlesource.com/1124332
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54168}
2018-07-03 12:54:39 +00:00
Tobias Tebbi
81186ff41d [torque] fix variables, returns and conditionals with constexpr
Variables/return values with constexpr type cannot have multiple
assignments. We check this now.
For conditionals, it is important to always infer a non-constexpr type.
This CL adds the ability to map any type (including union types) to be
mapped to their non-constexpr variant. Conditionals infer their type as
the non-constexpr version of a combination of the two branch types.

In addition, this improves subtyping for constexpr types:
If A extends B, then constexpr A extends constexpr B.
This makes it necessary to clean up "constexpr String", which has nothing
to do with tagged values.

Bug: v8:7793
Change-Id: Ia4d3cd5dc98f45b0ec89adf05c5c6111a0e51cc6
Reviewed-on: https://chromium-review.googlesource.com/1122864
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54167}
2018-07-03 12:45:40 +00:00
Simon Zünd
f7bad08397 [array] Revert "Implement Array.p.sort in Torque"
This CL is a manual revert of the Array.p.sort Torque QuickSort
implementation.

The plan is to ship TimSort in either Chromium 69 or 70 and not ship
Torque-QuickSort at all (to keep disruption to a minimum). For this
reason we revert back to the implementation in array.js.

R=jgruber@chromium.org

Bug: chromium:859809, v8:7382
Change-Id: I92eb70408883f51d98311e78642f554316bc1e76
Reviewed-on: https://chromium-review.googlesource.com/1124334
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54166}
2018-07-03 12:42:20 +00:00
Simon Zünd
08d11cd80e [torque] Fix crash when calling builtin via function pointer
When calling a builtin via a function pointer, torque tries to find any
builtin with the same parameter types for a descriptor. If no such
builtin exist, we currently crash.

Example:

type DoesNotExistFn = builtin(Context, Smi, Smi, Smi) => Smi;
macro TestMacro(c: Context, fn: DoesNotExistFn) {
  let result: Smi = fn(c, 1, 2, 3);
}

R=tebbi@chromium.org

Bug: v8:7793
Change-Id: Ia7436dc6541aca5de2e8dcb6b2a09978a1af9d39
Reviewed-on: https://chromium-review.googlesource.com/1123821
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54165}
2018-07-03 12:03:09 +00:00
Clemens Hammacher
2bc78a1c9e [wasm][fuzzer] Improve error output for exception mismatch
The current output of release builds is not very helpful, as it does
not contain the line number, nor the values of {expect_exception} or
{i_isolate->has_pending_exception()}.

R=ahaas@chromium.org

Bug: chromium:854011
Change-Id: I0bc1b8be6151d5420310eb67b2ebd0dc866fc9a6
Reviewed-on: https://chromium-review.googlesource.com/1122869
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54164}
2018-07-03 11:55:34 +00:00
Hannes Payer
d7c86de853 [heap] Remove obsolete owner field initialization code.
Change-Id: I66426ab06f8cc3f138a9cdd60063a3da1dc4a954
Reviewed-on: https://chromium-review.googlesource.com/1123824
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54163}
2018-07-03 11:48:44 +00:00
Georgia Kouveli
8e39af62df [arm64] Use root register for addressing external references.
This optimization is already done on x64 (7500e507).

Bug: v8:7844
Change-Id: Iccc3bb55aa79ef1d4423576c79d9ce6f829f2828
Reviewed-on: https://chromium-review.googlesource.com/1120343
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54162}
2018-07-03 11:20:44 +00:00
Andreas Haas
f50747b1b5 [wasm] Update spec tests
R=binji@chromium.org
Bug: v8:7846

Change-Id: I0843c11a3034062182be99514d092c474116c25c
Reviewed-on: https://chromium-review.googlesource.com/1122415
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54161}
2018-07-03 10:37:55 +00:00
Dan Elphick
ff32ba8e54 [explicit isolates] Add ReadOnlyRoots
Adds a ReadOnlyRoots class trivially constructable from a Heap* or
Isolate* and which can be obtained from a any HeapObject which provides
access to roots objects that will always be in RO_SPACE. In the longer
term this object will be accessed via a global variable without
requiring an Isolate or using the memory address of a HeapObject to
infer it.

Moves the list macros in heap.h to roots.h and splits some of them into
two parts (read-only and mutable).

Convert cases of heap_object->GetHeap()->root_accessor() to
heap_objects->GetReadOnlyRoots().root_accessor().

Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I14b01052adb2af9a5ec82b970e933d6a423d17a5
Reviewed-on: https://chromium-review.googlesource.com/1122127
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54160}
2018-07-03 10:33:10 +00:00
Camillo Bruni
a8582eb2f1 [tools] parse-processor improvements
- display script size overview
- color scripts in overview depending on eval, streaming or other scripts
- fix stats to always take own-bytes into accout
- rename all *Time properties to *Duration for consistency
- extract ScriptSource log event into separate method
- support script source events in parse-processor

Bug: chromium:757467, chromium:850038
Change-Id: I227d1d5952ae9e508ab1a01146fcf47f74a3f7ea
Reviewed-on: https://chromium-review.googlesource.com/1117195
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54159}
2018-07-03 09:12:44 +00:00
Théotime Grohens
e14699c520 [dataview] Improve JS performance test coverage for DataView
This CL adds a comparison for the performance of getting and setting
float32 and float64 values with DataViews and with TypedArrays.

Since TypedArrays do not specify endianness, we can't compare
performance across both possible endiannesses, but this is better
than no comparison at all.

Change-Id: Iea54b942c0bb8168e9d8002d94e2bb9bc6566331
Reviewed-on: https://chromium-review.googlesource.com/1120250
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54158}
2018-07-03 09:06:24 +00:00
Théotime Grohens
249f6069b6 [turbofan] Inline DataView Int8 and Uint8 getters
This CL adds code to inline the Int8 and Uint8 getters for DataView
objects in TurboFan in js-call-reducer.cc, as well as a new test file.

It already improves execution speed compared to the Torque baseline
implementation, and implements most of the architecture needed
for inlining the other DataView getters and setters as well.

Change-Id: I0e62b98fd6ec995f7db5ec42ea1eff1f03572f97
Reviewed-on: https://chromium-review.googlesource.com/1119909
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54157}
2018-07-03 08:36:25 +00:00
jgruber
c23a662322 Replace V8_EMBEDDED_BUILTIN by runtime flag
This CL replaces most uses of the V8_EMBEDDED_BUILTIN define
by a new read-only runtime flag called FLAG_embedded_builtins.

The flag is true iff V8_EMBEDDED_BUILTINS is defined.

Bug: v8:6666
Change-Id: Ifcc909dc9b028a2c967f8a0e45029df5e71072df
Reviewed-on: https://chromium-review.googlesource.com/1122401
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54156}
2018-07-03 08:22:19 +00:00
Clemens Hammacher
0d926cb951 [wasm] Fix pc output for wasm compiled frames
This fixed the {WasmCompiledFrame::Print} method to print the pc offset
(an integer) in hexadecimal notation, and not print it as a pointer
value, which somehow produced weird output in my case.

R=mstarzinger@chromium.org

Change-Id: I417e980d2bf1448f5694a32c28a7c7bca1de9703
Reviewed-on: https://chromium-review.googlesource.com/1122866
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54155}
2018-07-03 08:09:24 +00:00
Clemens Hammacher
dbfb80f988 Reland^3 "[wasm] Enable Liftoff by default on ia32 and x64"
This is a reland of 20f33823c9.
Win32 failures should be fixed by https://crrev.com/c/1120175.

Original change's description:
> [wasm] Enable Liftoff by default on ia32 and x64
>
> R=titzer@chromium.org, hablich@chromium.org
>
> Bug: v8:6600, chromium:787421
> Change-Id: Ia8ae56ddef3b27b0721d5a66ff19abe098a2c6ca
> Reviewed-on: https://chromium-review.googlesource.com/1109899
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Hablich <hablich@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53965}

TBR=titzer@chromium.org, hablich@chromium.org

Bug: v8:6600, chromium:787421
Change-Id: Ia0fc1f152988a2df95d94d002b9ddfdc0a9c4abd
Reviewed-on: https://chromium-review.googlesource.com/1120205
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54154}
2018-07-03 07:31:54 +00:00
Dominik Inführ
f176e1aa3f [heap] Rename IsGlobalEmpty to IsEmpty
Rename method to IsEmpty for Worklist. IsGlobalEmpty is easy to
confuse with IsGlobalPoolEmpty.

Change-Id: Id9744cef2630f7c0642ec37ef9a18296acee87e3
Reviewed-on: https://chromium-review.googlesource.com/1115222
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54153}
2018-07-03 07:15:34 +00:00
Clemens Hammacher
ed64d25feb [Liftoff][arm64] Fix i32.popcnt
Only use the "W" part (lower 32 bit) of the src register. Otherwise, we
can get results larger than 32.

R=ahaas@chromium.org
CC=​rodolph.perfetta@arm.com

Bug: v8:7914, chromium:854011
Change-Id: I6329231e6cc0ae537c165b2d383fc5a14bd28ca3
Reviewed-on: https://chromium-review.googlesource.com/1122409
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54152}
2018-07-03 07:01:14 +00:00
Yang Guo
22594d1092 Revert "[debug] liveedit in native"
This reverts commit 3dfaf8264f.

Reason for revert: Failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20gcc%204.8/20394

Original change's description:
> [debug] liveedit in native
> 
> Liveedit step-by-step:
> 1. calculate diff between old source and new source,
> 2. map function literals from old source to new source,
> 3. create new script for new_source,
> 4. mark literals with changed code as changed, all others as unchanged,
> 5. check that for changed literals there are no:
>   - running generators in the heap,
>   - non droppable frames (e.g. running generator) above them on stack.
> 6. mark the bottom most frame with changed function as scheduled for
>    restart if any.
> 7. for unchanged functions:
>   - deoptimize,
>   - remove from cache,
>   - update source positions,
>   - move to new script,
>   - reset feedback information and preparsed scope information if any,
>   - replace any sfi in constant pool with changed one if any.
> 8. for changed functions:
>   - deoptimize
>   - remove from cache,
>   - reset feedback information,
>   - update all links from js functions to old shared with new one.
> 9. swap scripts.
> 
> TBR=ulan@chromium.org
> 
> Bug: v8:7862,v8:5713
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
> Reviewed-on: https://chromium-review.googlesource.com/1105493
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54146}

TBR=dgozman@chromium.org,ulan@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

Change-Id: I45df5b6f3abaf29e593c6ac11edefbd0177d0109
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7862, v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1124159
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54151}
2018-07-03 06:43:04 +00:00
Simon Zünd
93f59deef8 [array] Throw TypeError for read-only properties on fast-path
This CL changes the NumberDictionary fast-path for Array.p.sort to
throw a TypeError when trying to write to a read-only property.

Previously, the fast-path simply bailed to the slow-path which could
swallow the TypeError by accident. I.e. because the fast-path could
leave the array in an inconsistent state that is already sorted.

Example:

let arr = new Array(10);
Object.defineProperty(arr, 0, {value: 2, writable: false});
Object.defineProperty(arr, 2, {value: 1, writable: false});
arr.sort();

The pre-processing step will move the value 1 to index 1: {0: 2, 1: 1}
When trying to swap those 2 values, the fast-path will write the 2 at
index 1, then try to write the 1 at index 0 and fail, bailing to the
slow-path. As the array looks like {0: 2, 1: 2} its already sorted
and the TypeError will not be thrown.

R=jgruber@chromium.org

Bug: v8:7382, v8:7907
Change-Id: I5d2f2d73478fdca066ce1048dcb2b8301751cb1f
Reviewed-on: https://chromium-review.googlesource.com/1122120
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54150}
2018-07-03 06:38:00 +00:00
Jakob Kummerow
34225a6afb Fix overzealous assert in CallOrConstructVarArgs
For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.

Bug: chromium:856095
Change-Id: I0227f4ccbc6c61c8f5f7669a266ef7a64c6a9a43
Reviewed-on: https://chromium-review.googlesource.com/1117922
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54149}
2018-07-03 03:42:20 +00:00
v8-ci-autoroll-builder
55930aadc7 Update V8 DEPS.
Rolling v8/build: 213a0e3..7ac2934

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/34f0d7e..153acbd

Rolling v8/third_party/depot_tools: 024a331..605dd31

Rolling v8/tools/clang: dec27d7..39163b8

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I3ab6664ff80919f7169a14a9522c32b4c432a169
Reviewed-on: https://chromium-review.googlesource.com/1123884
Commit-Queue: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Reviewed-by: V8 Autoroller <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#54148}
2018-07-03 03:38:00 +00:00
jing.bao
a078297789 [ia32][wasm] Disallow using the same register for input and temp for I8x16Mul
Also improve its code generation.

Change-Id: I4358500a66b0d21cdc8850a4e63986c4901d3cf4
Reviewed-on: https://chromium-review.googlesource.com/1118005
Commit-Queue: Jing Bao <jing.bao@intel.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54147}
2018-07-03 02:15:40 +00:00
Alexey Kozyatinskiy
3dfaf8264f [debug] liveedit in native
Liveedit step-by-step:
1. calculate diff between old source and new source,
2. map function literals from old source to new source,
3. create new script for new_source,
4. mark literals with changed code as changed, all others as unchanged,
5. check that for changed literals there are no:
  - running generators in the heap,
  - non droppable frames (e.g. running generator) above them on stack.
6. mark the bottom most frame with changed function as scheduled for
   restart if any.
7. for unchanged functions:
  - deoptimize,
  - remove from cache,
  - update source positions,
  - move to new script,
  - reset feedback information and preparsed scope information if any,
  - replace any sfi in constant pool with changed one if any.
8. for changed functions:
  - deoptimize
  - remove from cache,
  - reset feedback information,
  - update all links from js functions to old shared with new one.
9. swap scripts.

TBR=ulan@chromium.org

Bug: v8:7862,v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
Reviewed-on: https://chromium-review.googlesource.com/1105493
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54146}
2018-07-03 00:44:50 +00:00
Sathya Gunasekaran
e04b1986f6 [intl] Port receiver unwrapping logic to c++
Removes JS version and creates a runtime functions for now to
interface with existing JS uses.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I150701d338a0951a5e5da1aca667c65f941850d9
Reviewed-on: https://chromium-review.googlesource.com/1122024
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54145}
2018-07-02 17:50:06 +00:00
Ulan Degenbaev
34c46997e6 [heap] Ensure phantom callbacks are invoked before the next GC.
Currently we rely on tasks to invoke the second pass phantom callbacks.

This may accumulate phantom callbacks and make GCs ineffective if we
do not enter the message loop to run the tasks between the GCs.

Bug: v8:7912
Change-Id: I799c97ff99ed6967480bda24ea0bf1c6a7dd69be
Reviewed-on: https://chromium-review.googlesource.com/1122621
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54144}
2018-07-02 17:44:35 +00:00
Sathya Gunasekaran
f03a754c25 [intl] Refactor instance type checks
Adds Intl::IsObjectOfType method to do type checks. This will make it
easier to port the methods using the runtime type check calls as we
won't have to create a v8::string for type checks.

Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0babdc8709564be693ce808e2ef3ffef7b24ceec
Reviewed-on: https://chromium-review.googlesource.com/1121943
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54143}
2018-07-02 17:30:25 +00:00
Tobias Tebbi
7da34b9650 [compiler] register allocator: Replace std::priority_queue with std::multiset
This should restore the old behavior of giving low priority to
newly-added live ranges.

Bug: chromium:859021
Change-Id: If22c9a1d0897d82623eb141fa03c30110e68bfc4
Reviewed-on: https://chromium-review.googlesource.com/1122402
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54142}
2018-07-02 16:11:08 +00:00
Clemens Hammacher
f52f66e541 [Liftoff][win32] Emit explicit stack limit checks
On Windows (32-bit), we need to emit explicit stack limit checks for
stack frames bigger than one page (4kB). This CL implements this by
emitting corresponding code at the end of Liftoff functions if needed.

R=mstarzinger@chromium.org

Bug: v8:7908, v8:6600
Change-Id: Iacb3e7afdd433a4e68620d9230bd0ba473611da8
Reviewed-on: https://chromium-review.googlesource.com/1120175
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54141}
2018-07-02 16:03:02 +00:00
Michael Starzinger
406f4ffaca [wasm] Fix serialization of {WasmCode} with jump tables.
This correctly serializes {RelocInfo::INTERNAL_REFERENCE} addresses in a
position-independent form, so that they can be properly relocated when
the code is deserialized again. We store the offset within the code in
the serialized stream.

R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049

Change-Id: Ie8c84ee67bdfc17a65faa159a21cc1f2a78ac924
Reviewed-on: https://chromium-review.googlesource.com/1122414
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54140}
2018-07-02 14:41:13 +00:00
Leszek Swirski
110f78f026 [GetIsolate] More low-hanging GetIsolate fruit
FeedbackVector and AllocationSite are now NeverReadOnlySpaceObjects

Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6109c0c4a391b19c5c77c61b52aae989707fecc4
Reviewed-on: https://chromium-review.googlesource.com/1120532
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54139}
2018-07-02 14:34:22 +00:00
Dan Elphick
b3aefb324b [explicit isolates] Delete last GetIsolate in parsing
Pass Isolate to ConsumedPreParsedScopeData::SetData (guaranteed to be
called on main thread) and use it to create the handle in
ConsumedPreParsedScopeData::GetDataForSkippableFunction, rather than
calling GetIsolate.

Bug: v8:7786
Change-Id: Ibd632bb57f35a921f37c620d77dd6dfdb1f092c6
Reviewed-on: https://chromium-review.googlesource.com/1088703
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54138}
2018-07-02 14:29:12 +00:00
Predrag Rudic
7b3ad00adb MIPS R6 Fix jump when called with RelocInfo::NONE
Change-Id: Ia5028a01c302c100169c24140e1bde2dce76ce4a
Reviewed-on: https://chromium-review.googlesource.com/1120182
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#54137}
2018-07-02 13:06:21 +00:00
jgruber
a99df0b39a Remove unused external references
git grep 'V(\w*' src/external-reference.h | sed 's/.*V(\(\w*\).*/\1/' | sort | uniq | while read e; do echo -n "$e "; git grep "ExternalReference::$e" | wc -l; done

Bug: v8:7754
Change-Id: I702ada4a98a1f1d51b2f4e890dbb5a7abb8c5731
Reviewed-on: https://chromium-review.googlesource.com/1122227
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54136}
2018-07-02 12:39:01 +00:00