Commit Graph

56890 Commits

Author SHA1 Message Date
Michael Starzinger
b5fe1b4b4c [asm.js] Re-enable lazy validation for asm.js modules.
The modules generated by translation from asm.js to WebAssembly are
valid by construction, an eager sequential validation is not required.
This behavior has been the default and recently broke by a refactoring,
hence this just re-enables the path in question.

R=ahaas@chromium.org
BUG=chromium:969368

Change-Id: I29811a7f278aed0f34c09483394a60b4b865ab6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664335
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62248}
2019-06-18 14:48:18 +00:00
Michael Achenbach
6f7ebd0385 Make nested DEPS files commonly owned
NOTRY=true

Change-Id: Ic57b26b9a2732a43dcac4445be4f57d3bb5e7396
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664071
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62247}
2019-06-18 14:31:05 +00:00
Georg Schmid
389c2e3ccc [ptr-compr] Extend Decompression Elimination to Compress/Decompress pairs
We previously only optimized cases like

  Parent <- Decompression <- Compression <- Child

to

  Parent <- Child

This CL also adds the complementary optimization, namely, it reduces

  Parent <- Compression <- Decompression <- Child

as above.

Such a cases became apparent after a recent extension of CSA load elimination (see https://chromium-review.googlesource.com/c/v8/v8/+/1660626), breaking a load elimination test case and thus the pointer compression build.

R=jarin@chromium.org, solanes@chromium.org

Change-Id: Ic730d05175f214e7055f94704141744ca44fefe5
Bug: v8:9353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664070
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62246}
2019-06-18 14:30:04 +00:00
Georg Neis
ab9f69e131 [turbofan] Remove STYLE file
What it says is can be summarized as "follow the style guide" plus some
notes about TODOs that don't reflect reality.

Change-Id: I058a2d11a505c4f9a57f518daa142cc1240109d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1649354
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62245}
2019-06-18 13:46:49 +00:00
Sigurd Schneider
19eb7234ba [arm64] Ensure pools are emitted before emitting large branch tables
Change-Id: Iedb78a62886177f5c603b2f3ce9b586ac1320d31
Bug: chromium:968078
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664067
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62244}
2019-06-18 13:42:22 +00:00
Mythri A
fd074f9a80 [ic] Don't handle stores with TypedArrays in the prototype chain in ICs
We don't want to handle even non-growing stores when there are TypedArrays
in the prototype chain. Typed arrays handle the out-of-bounds accesses by
ignoring the stores unlike the regular array writes. We just let runtime
handle these cases instead of making ICs more complex.

There was an earlier cl (https://chromium-review.googlesource.com/c/v8/v8/+/1609790)
that fixed it for growing stores. This cl extends it for non-growing stores
as well to handle more cases.

Bug: chromium:961709
Change-Id: I65e079b88c10d2ba343f69a67134893319cd8f8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662305
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62243}
2019-06-18 13:34:11 +00:00
Jakob Gruber
6155b33a9c [regexp] Remove dead DispatchTableConstructor
Bug: v8:9359
Change-Id: I1b490c928ed884f4ad33e005699f98614be75233
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662306
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62242}
2019-06-18 12:40:50 +00:00
Jakob Gruber
2c2dd893fa [regexp] Move AddRange utility function
Move this straggler to its use-site in regexp-compiler.cc.

Bug: v8:9359
Change-Id: Ia5393140de5a1c8d70ac410ef6239eabfec130b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662303
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62241}
2019-06-18 12:27:56 +00:00
Jakob Gruber
a8c62102e1 [regexp] Further narrow public API and restrict includes to regexp.h
This CL renames jsregexp.{h,cc} to regexp.{h,cc}, hides all non-public
functions of RegExpImpl in the .cc file, and renames the public parts
of RegExpImpl to just RegExp. Include directives from outside the
src/regexp directory are limited to regexp.h, regexp-stack.h, and
regexp-utils.h. We also expose all result codes that can be returned
by irregexp code (including RETRY) on the public header since they
are needed elsewhere, e.g. in builtins.

Bug: v8:9359
Change-Id: Iae1a01ac9f6e1e4dc168f3fbe8fe8679cb6b1259
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662297
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62240}
2019-06-18 12:23:16 +00:00
Tobias Tebbi
92fdbc1c42 [turbofan] fix escape analysis bug: revisit phis
Bug: chromium:974476
Change-Id: I719812e93345b5f7aa9b1e4e594d02ae9a1c4208
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664063
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62239}
2019-06-18 12:10:46 +00:00
Michael Achenbach
e733bb376e Whitespace change to trigger builders
Change-Id: I4337832c99c3644fba085102d4e7f32f5ba545e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664332
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62238}
2019-06-18 12:03:35 +00:00
Sigurd Schneider
e93d244f23 Reland "[arm64] Refactor constant pool implementation"
This is a reland of ac79b539ec

This CL adds a missing BlockPoolsScope to guard a RequestHeapObject
call. This fixes a latend bug that the original land flushed out.

Original change's description:
> [arm64] Refactor constant pool implementation
>
> This refactors the constant pool handling for arm64. The immediate goal
> is to allow 32bit compressed pointers in the pool. The mediate goal is
> to unify the implementation with the arm constant pool, which will be
> done in a follow-up CL.
>
> Bug: v8:8054
> Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62209}

TBR=mstarzinger@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com

Bug: v8:8054
Change-Id: I1e3ab13619a48caad33d77ed8bed86782f9d9674
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664054
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62237}
2019-06-18 11:34:26 +00:00
Mike Stanton
c03ca58fed [Turbofan] Make JSCallReducer::ReducePromise* concurrent
This CL is an improvement on
https://chromium-review.googlesource.com/c/v8/v8/+/1664052
which introduced unnecessary boilerplate (now reverted).

The code objects for resolve/reject handlers are builtins, and
therefore already serialized.

R=jarin@chromium.org

Bug: v8:7790
Change-Id: I6a49110aa794d4bd380cabd40e67fba7783e642a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664055
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62236}
2019-06-18 11:28:25 +00:00
Benedikt Meurer
523be745d2 [turbofan] Properly handle -0 in Word32->Word64 conversion.
This adds missing support when converting a Word32 value (either in
Signed32 or Unsigned32 range) to Word64 representation, for which the
type also includes MinusZero. This conversion is fine as long as the
difference between 0 and -0 is not observable (in other words, as long
as the truncation identifies zeros).

Bug: chromium:971782, chromium:225811, v8:4153, v8:7881, v8:8171, v8:8383
Change-Id: I9d350a25f57b1342eb7fd1279d55a8610bdaf7cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664062
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62235}
2019-06-18 11:17:25 +00:00
Michael Achenbach
bc4eb0599c [build] Add config for noi18n compile-only trybot
NOTRY=true

Bug: v8:9361
Change-Id: I6caa0d7609cdbf5fd5ff3f4ae668403c31af9ca3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664058
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62234}
2019-06-18 11:01:06 +00:00
Darius Mercadier
c849d9cd4f [heap] Remove FreeList::FindNodeIn
This function was functionnaly equivalent to FreeList::TryFindNodeIn.

They probably were different when FindNodeIn was iterating through
the empty FreeListCategories, but since CL 1648476, FreeListCategories
in the FreeList can't be empty, and there was therefore never more than
a single iteration of FindNodeIn's while loop.

Bug: v8:9329
Change-Id: Ief7275ef55edb46b8bb35bce0783fbfd28534925
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660615
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62233}
2019-06-18 10:31:28 +00:00
Georg Schmid
16893bda75 [csa] Track stores and perform simple alias analysis in CSA Load Elimination
This CL allows CsaLoadElimination to retain some information in the presence of StoreToObject nodes. Two stores to an object don't alias if either the objects or the offsets don't alias. The analysis approximates either of these two conditions conservatively as follows:
- Freshly allocated, distinct objects cannot alias.
- Two objects cannot alias if one of is freshly allocated and the other was passed as a parameter or is a heap constant.
- Two offsets cannot alias if they are both constant and distinct from each other.

R=jarin@chromium.org, tebbi@chromium.org

Change-Id: Ibec81913b413f81a3f7cbd40544a22d3711e6e5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660626
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62232}
2019-06-18 08:46:55 +00:00
Michael Stanton
597d048b81 Revert "[Turbofan] Make JSCallReducer::ReducePromiseConstructor concurrent"
This reverts commit 0c5479df6d.

Reason for revert: Turns out there is a simpler way to do this.

Original change's description:
> [Turbofan] Make JSCallReducer::ReducePromiseConstructor concurrent
> 
> The only piece missing at this point was to serialize the code
> objects for the resolve and reject handlers.
> 
> Bug: v8:7790
> Change-Id: If636f9d74dfc9606cf5f45c4f02dd118fb5d8f00
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662295
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62215}

TBR=mvstanton@chromium.org,jarin@chromium.org

Change-Id: Ie67326c850623eede8a63b50c5705682db784212
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1664052
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62231}
2019-06-18 07:17:27 +00:00
v8-ci-autoroll-builder
f4053b3131 Update V8 DEPS.
Rolling v8/build: 8ef7aaa..be684b6

Rolling v8/buildtools: 6ae683b..6f3775a

Rolling v8/buildtools/linux64: git_revision:8c7f49102234f4f4b9349dcb258554675475e596..git_revision:81ee1967d3fcbc829bac1c005c3da59739c88df9

Rolling v8/third_party/android_sdk/public: ki7EDQRAiZAUYlnTWR1XmI6cJTk65fJ-DNZUU1zrtS8C..xhyuoquVvBTcJelgRjMKZeoBVSQRjB7pLVJPt5C9saIC

Rolling v8/third_party/android_sdk/public: iIwhhDox5E-mHgwUhCz8JACWQCpUjdqt5KTY9VLugKQC..ppQ4TnqDvBHQ3lXx5KPq97egzF5X2FFyOrVHkGmiTMQC

Rolling v8/third_party/android_sdk/public: 4Y2Cb2LGzoc-qt-oIUIlhySotJaKeE3ELFedSVe6Uk8C..MSnxgXN7IurL-MQs1RrTkSFSb8Xd1UtZjLArI8Ty1FgC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e4b470..f6c289d

Rolling v8/third_party/depot_tools: bc23ca1..2313020

Rolling v8/third_party/googletest/src: 076b7f7..d700357

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: Ibee14c27a78dbb0c30494bdac8d663a61dc9535d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662979
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62230}
2019-06-18 03:44:26 +00:00
Igor Sheludko
a58bbd5ebc Fix TSAN build broken by poor rebasing
... in b9591a58e9
and then in 595813c6c4.

Tbr: verwaest@chromium.org
Change-Id: I0336cc5729532e23597aaab6966dfa602f84bc73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662575
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62229}
2019-06-17 20:55:32 +00:00
Seth Brenith
15ea19dbca [torque] Stricter object field verification, part 2
This change removes the special case in the Torque compiler for types
that descend from JSObject: they will no longer get implicit
"| Undefined" appended to their types for verification purposes. It
removes any additional custom verification steps in objects-debug that
are made redundant by that change.

In order to do so safely, I categorized all cases where we were
implicitly adding "| Undefined" to the field type, as follows:

1. Classes that aren't using the generated verifier function (we should
   probably revisit these, but for now we at least know they're safe):
   - JSGlobalObject
   - JSFinalizationGroup
   - JSFinalizationGroupCleanupIterator

2. Classes where the existing verifier is already at least as strict as
   what we would get after removing the implicit "| Undefined":
   - JSDate
   - JSPromise
   - JSRegExp
   - JSRegExpStringIterator
   - WasmMemoryObject
   - JSWeakRef
   - JSStringIterator
   - WasmExceptionObject
   - JSListFormat (fixed in part 1)
   - JSPluralRules (fixed in part 1)
   - JSRelativeTimeFormat (fixed in part 1)
   - JSSegmenter (fixed in part 1)
   - JSArrayBufferView (fixed in part 1)
   - JSTypedArray (fixed in part 1)

3. Classes where, to the best of my knowledge based on code inspection,
   we already initialize the object correctly to pass the new stricter
   generated verifier:
   - JSFunction
   - JSArrayIterator
   - JSMessageObject
   - JSBoundFunction
   - JSAsyncFromSyncIterator
   - WasmModuleObject
   - JSAsyncFunctionObject

4. Classes that needed some adjustment to their initialization order to
   avoid exposing uninitialized state to the GC:
   - JSArray (only in Factory::NewJSArray; Runtime_NewArray and
              CodeStubAssembler::AllocateJSArray already behave fine)
   - WasmTableObject
   - JSDateTimeFormat
   - JSNumberFormat
   - JSCollator
   - JSV8BreakIterator
   - JSLocale
   - JSSegmentIterator
   - JSModuleNamespace

5. Classes that had incorrect type definitions in Torque:
   - WasmGlobalObject (category 4 after correction)

6. Classes that weren't fully initialized due to bugs:
   - JSGeneratorObject
   - JSAsyncGeneratorObject

Bug: v8:9311
Change-Id: I99ab303d3352423f50a3d0abb6eb0c9b463e7552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1654980
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62228}
2019-06-17 18:34:21 +00:00
Z Nguyen-Huu
f021c622a9 add micro-benchmark for proxy trap getPrototypeOf
Bug: v8:664
Change-Id: I180a59462bd22a1f2378a59fd31edbb539603a1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659569
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62227}
2019-06-17 18:16:11 +00:00
Michael Starzinger
b8474e7022 [asm.js] Check that function table indices are intish.
R=titzer@chromium.org
TEST=mjsunit/regress/regress-crbug-969368
BUG=chromium:969368

Change-Id: If8cdd3a170c3c0e487daa2c2dd9e347fb8eabafd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662571
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62226}
2019-06-17 16:59:50 +00:00
Igor Sheludko
595813c6c4 [ptr-compr] Use TaggedField<> in DescriptorArray
Bug: v8:9353
Change-Id: I2824e237ce52cd7434e181d033b346e603fe61c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662296
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62225}
2019-06-17 16:54:30 +00:00
Ross McIlroy
2425885552 [cleanup] Add missing %PrepareFunctionForOptimize in mjsunit tests
Bug: v8:8801,v8:8394,v8:9183
Change-Id: I5ceaf731a1b2720f086e6791fe08caaaa55de030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662568
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62224}
2019-06-17 16:48:50 +00:00
Mythri A
d22884ef02 [cleanup] Add %PrepareFunctionForOptimize in mjsunit tests
Bug: v8:8801, v8:8394, v8:9183
Change-Id: Ie2858af4863511d5f67b662ac6f6f79512f55e7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662307
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62223}
2019-06-17 16:28:50 +00:00
Jaroslav Sevcik
7d4b5893e1 Handlify bytecode array accessor's constant getters.
This in in preparation for generic (off-heap/on-heap) bytecode
array accessor.

Bug: v8:7790
Change-Id: Ib419831ba1db95ab938179723ef5f130f01ae0d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1635895
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62222}
2019-06-17 16:13:30 +00:00
Igor Sheludko
b9591a58e9 [ptr-compr] Using TaggedField<> in more places
Bug: v8:9353
Change-Id: Ie090f8f89eb4372845fe2c9d6aa74154c36f2d53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662291
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62221}
2019-06-17 15:48:11 +00:00
Jakob Kummerow
b1c2160c2f [bigint] Drop duplicate interrupt check
which was probably added by mistake.

Change-Id: Iba265309710115aae8d9a0b7c0ede7e0160a662a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662302
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62220}
2019-06-17 15:41:31 +00:00
Ben L. Titzer
d05871bf08 [test-api] Extract arraybufs and typed arrays
Extract tests related to array buffers and typed arrays to their own
.cc files.

R=mstarzinger@chromium.org

Change-Id: Ic80205d02b62db1565670ecf2bb4c0dbe52fab49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662301
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62219}
2019-06-17 15:27:01 +00:00
Jakob Gruber
c7d57dd309 [regexp] Reduce public API surface
This further reduces the number of things declared in the public
regexp API file, currently still named jsregexp.h.

* Move JSRegExp::Flags convenience functions to regexp-compiler.h.
* Set RegExpImpl methods private if possible (these will later be
  moved to a new hidden impl class).
* Merge RegExpEngine::CompilationResult into RegExpCompileData.
* Move remaining RegExpEngine methods to RegExpImpl and delete
  RegExpEngine.
* Extract RegExpGlobalCache.
* Document a few data structures.

Upcoming CLs will rename RegExpImpl to RegExp and jsregexp.h to
regexp.h. This should then be the only header included from other
directories.

Bug: v8:9359
Change-Id: I78c8f4cca495a2b95735a48b6181583bc3310bdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662294
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62218}
2019-06-17 15:10:24 +00:00
Maciej Goszczycki
8e53e4b2e3 [cleanup][heap] Improve heap iterator naming
Rename LargeObjectIterator to LargeObjectSpaceObjectIterator.
Rename SemiSpaceIterator to SemiSpaceObjectIterator.
Rename CombinedHeapIterator to CombinedHeapObjectIterator.
Rename ReadOnlyHeapIterator to ReadOnlyHeapObjectIterator.
Rename HeapIterator to HeapObjectIterator.
Rename HeapObjectIterator to PagedSpaceObjectIterator.
Rename PagedSpaces to PagedSpaceIterator.

Bug: v8:9183
Change-Id: If4bd65d81e50bb45d207a897baaca8b723e4f10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645914
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#62217}
2019-06-17 14:38:02 +00:00
Mythri A
9b77a149a6 [test] Add %PrepareFunctionForOptimize in mjsunit tests
Bug: v8:8801, v8:8394, v8:9183
Change-Id: Ic31f97a1b591317a004dc52c8eee777dd6353487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662299
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62216}
2019-06-17 14:13:02 +00:00
Mike Stanton
0c5479df6d [Turbofan] Make JSCallReducer::ReducePromiseConstructor concurrent
The only piece missing at this point was to serialize the code
objects for the resolve and reject handlers.

Bug: v8:7790
Change-Id: If636f9d74dfc9606cf5f45c4f02dd118fb5d8f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662295
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62215}
2019-06-17 14:05:02 +00:00
Ross McIlroy
994db73210 [cleanup] Add missing %PrepareFunctionForOptimize in mjsunit tests
Bug: v8:8801,v8:8394,v8:9183
Change-Id: I55027b3ba0c78f40d82aaf2d160aaf957d02cab5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662292
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62214}
2019-06-17 13:14:51 +00:00
Dan Elphick
df202cfe7e [codegen] Default to inlining off-heap builtin trampolines
Previously only AssemblerOptions created by AssemblerOptions::Default()
could have inline_offheap_trampolines set to true.

This fixes OutOfLineTruncateDoubleToI from generating calls via the
DoubleToI trampoline.

Bug: v8:9338
Change-Id: Ia4638cd185e9041c7c69996783d0ce5600e9723a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662288
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62213}
2019-06-17 12:55:39 +00:00
Michael Achenbach
d4191cdc9a [foozzie] Reduce no-ic experiment until bugs are fixed
We have too many dupes in the no-ic comparisons. We'll increase the
experiment size again once bugs are fixed.

TBR=jarin@chromium.org
NOTRY=true

Bug: chromium:961709
Change-Id: Ic946100b45fd73e1bee59f188a766384836bcdcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660624
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62212}
2019-06-17 12:17:39 +00:00
Sigurd Schneider
81fc0c462e Revert "[arm64] Refactor constant pool implementation"
This reverts commit ac79b539ec.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/18611

Original change's description:
> [arm64] Refactor constant pool implementation
> 
> This refactors the constant pool handling for arm64. The immediate goal
> is to allow 32bit compressed pointers in the pool. The mediate goal is
> to unify the implementation with the arm constant pool, which will be
> done in a follow-up CL.
> 
> Bug: v8:8054
> Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62209}

TBR=mstarzinger@chromium.org,sigurds@chromium.org,jgruber@chromium.org,georgia.kouveli@arm.com

Change-Id: Iff03e81a2e70d125ef2c06b6ff3aff8d0e3688ef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1662293
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62211}
2019-06-17 11:50:13 +00:00
Michael Starzinger
f066d764cc [wasm] Support {WebAssembly.Function} in tables.
This adds preliminary support for storing constructed WebAssembly
functions in tables. Note that for now only tables at index #0 are
supported, extending it to other tables indexes will be done as a
follow-up.

R=ahaas@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742

Change-Id: I9aa07813e07f0ceb4eafe37af412b45c7d235722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1640209
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62210}
2019-06-17 11:07:19 +00:00
Sigurd Schneider
ac79b539ec [arm64] Refactor constant pool implementation
This refactors the constant pool handling for arm64. The immediate goal
is to allow 32bit compressed pointers in the pool. The mediate goal is
to unify the implementation with the arm constant pool, which will be
done in a follow-up CL.

Bug: v8:8054
Change-Id: I74db4245e5e1025f2e4de4144090fa4ce25883ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645316
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62209}
2019-06-17 10:53:39 +00:00
Mike Stanton
c5b9eda7ca [Turbofan] Brokerize more promise reductions in JSCallReducer
The functions

 * JSCallReducer::ReducePromisePrototypeThen
 * JSCallReducer::ReducePromisePrototypeFinally
 * JSCallReducer::ReducePromisePrototypeCatch

need the prototype for all receiver maps to be serialized in order
to take effect. We can do this by processing our receiver hints
when processing a builtin call in the serializer.

Bug: v8:7790
Change-Id: I3d9144924cf6926cfcd93b60ac703cfba2d3d93a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660623
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62208}
2019-06-17 10:44:09 +00:00
Jakob Gruber
45a751a187 [regexp] Fix up includes for noi18n builds
The breaking change was
https://chromium-review.googlesource.com/c/v8/v8/+/1658157

Bug: v8:9359
Change-Id: I6fa956631a8e475123cf6f8f44e66f2c499d47b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660627
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62207}
2019-06-17 10:42:29 +00:00
Thibaud Michaud
ac9a9bd70e [cleanup] Transfer ownership for compilation jobs
Make NewCompilationJob methods return a unique_ptr to explicitly
transfer ownership.

R=mstarzinger@chromium.org

Bug: v8:9183
Change-Id: I1cc6614cc1941b1b27489443a3c330cf6e88f089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660474
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62206}
2019-06-17 10:23:04 +00:00
Thibaud Michaud
f45c25f785 [cleanup] Remove dead code
R=mstarzinger@chromium.org

Bug: v8:9183
Change-Id: Id64bffd899afe1389748a0cd3527e41d1e028bad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660472
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62205}
2019-06-17 10:21:59 +00:00
Toon Verwaest
2a2994080f [cleanup] Remove forward declaration for dead ContextSlotCache
Change-Id: Iacfa08afd809f5edba8e5e4e45ebe6e9c87b9814
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660625
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62204}
2019-06-17 10:14:30 +00:00
Andreas Haas
0403003beb [wasm] Refactor {unreachable} validation
In the existing code, whenever unreachable control instructions needed
values from the stack which were not available, values of type kWasmVar
were put on the stack. When these values were type-checked the first
time, the expected type was assigned to them for later validation. This
behavior has several draw-backs:
* In an unobservable way, this implementation does not match the
  requirements of the spec. With the anyref proposal, this difference
  becomes observable.
* Type checking functions were not read-only anymore, because if
  unreachable code was validated, the stack got manipulated in these
  functions.

With the refactoring, I pulled out the handling of unreachable code
out of the type checking functions. These checking functions can be
validation-only functions.

For type checking unreachable code, I start by popping values of the
expected types off the stack. Thereby all available values on the stack
get type-checked. Afterwards, I push all values again on the stack with
the expected type if needed. This allows to continue the expected type
checking for later instructions.

R=clemensh@chromium.org

Bug: v8:7581
Change-Id: Ib98e70a44bf9780626d4aa8a3e5fe8c2f230b787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1645328
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62203}
2019-06-17 09:41:43 +00:00
Georg Schmid
9681601bb8 Reland "[csa] Tweak CSA pipeline to eliminate more redundant checks"
This is a reland of a66e3e5744

Original change's description:
> [csa] Tweak CSA pipeline to eliminate more redundant checks
>
> - Lower LoadObjectField to LoadFromObject
> - Mark LoadFromObject and StoreToObject as non-allocating
> - Use optimizable BitcastTaggedSignedToWord in TaggedIsNotSmi check
>
> R=jarin@chromium.org, tebbi@chromium.org
>
> Change-Id: I42992d46597be795aee3702018f7efd93fcc6ebf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657926
> Commit-Queue: Georg Schmid <gsps@google.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62173}

R=tebbi@chromium.org

Change-Id: Id7ae13ba17a2083fd4109f34ce026030716ececb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660622
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62202}
2019-06-17 09:40:29 +00:00
Jakob Gruber
c51e4f3c66 [regexp] Rewrite certain Assertion sequences
RegExp assertions (e.g.: '^', '$', '\b', ...) sequences have certain
properties that this rewriter exploits:

1. They are zero-width and order-independent, thus one can remove all
duplicate assertions.
2. If a subsequence is guaranteed to fail, the entire sequence fails.
Any sequence always known to fail (e.g. containing both '\b' and '\B')
can be rewritten to a single node that triggers failure.

This CL generalizes the previous optimization for repeated assertions
to be order-independent, i.e. assertions only have to be in the same
sequence but not next to each other.

Bug: v8:6515, v8:6126
Change-Id: I3f92f081ce8a55ad8c34c269a09a6686e3b008f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657925
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62201}
2019-06-17 09:21:58 +00:00
Jakob Kummerow
6b1b510553 [wasm-c-api] Un-.gitignore third_party/wasm-api/
Drive-by cleanup: alpha-sort entries in .gitignore

NOTRY=true

Change-Id: I14cd97d256a3bc370daad5f64e389d1efb7d50ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1660613
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62200}
2019-06-17 08:52:37 +00:00
Yu Yin
212c962fee [mips][builtins] Make ContinueToBuiltinHelper skip off-heap builtin trampolines
Port 7b48dd55 https://crrev.com/c/1648155

Original Commit Message:

    This changes Generate_ContinueToBuiltinHelper to generate code to load
    the builtin address directly from the builtins table rather than going
    via the executable code in the trampoline's code object.

    The set up for Generate_ContinueToBuiltinHelper is changed so that the
    builtin index is stored on the stack in place of the builtin Code
    object which is no longer needed.

Change-Id: I1c8a5a18ac998b16d84556f08637b32d758f44da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1659992
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Yu Yin <xwafish@gmail.com>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62199}
2019-06-17 08:47:17 +00:00