Commit Graph

44026 Commits

Author SHA1 Message Date
Clemens Hammacher
d43c6e59fc Decouple SourcePositionTableBuilder from Zone
Currently the SourcePositionTableBuilder requires a Zone because it
holds a ZoneVector<byte> of the encoded entries. Since ZoneVector is a
suboptimal data structure anyway, and for Liftoff we don't even have a
Zone allocated currently, this CL replaces the ZoneVector by
std::vector.

R=mstarzinger@chromium.org

Bug: v8:6600
Change-Id: I8010143e917e2351664e2b53746753b597f4407a
Reviewed-on: https://chromium-review.googlesource.com/779181
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49534}
2017-11-21 12:56:13 +00:00
Camillo Bruni
82ca51467f Harden isolate initialization
In the case of a corrupted snapshot we fall back to initializing the isolate
from scratch. Howver, we don't ship the full SetupIsolateDelegate. This causes
spurious failures during later initialization.

This CL mostly turns the DCHECKs in SetupIsolateDelegate into hard CHECKs making
it easier to spot these kind of failures.


Bug: chromium:767846
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ibe8a5beece27433439b1b09412f6110be703ff86
Reviewed-on: https://chromium-review.googlesource.com/779189
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49533}
2017-11-21 12:55:06 +00:00
Michael Starzinger
ffd36179b9 [heap] Move code mutation scope into {Heap::AllocateCode}.
This makes sure the {CodeSpaceMemoryModificationScope} for the common
allocation path is inside the {Heap} component. This will in turn enable
finer-grained control of the modification scope in the future.

R=hpayer@chromium.org
BUG=v8:6792

Change-Id: I6c3bc457bac641e79b2786cf78557b26aa2027e7
Reviewed-on: https://chromium-review.googlesource.com/779399
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49532}
2017-11-21 12:15:13 +00:00
Clemens Hammacher
412f1568f2 Reland "[test] Add Liftoff variant"
This is a reland of 712fa67554.

Original change's description:
> [test] Add Liftoff variant
>
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
>
> R=machenbach@chromium.org, hablich@chromium.org
>
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org
CC=hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: Ieb20020f07c70acaa64bb421763a41aa163a261b
Reviewed-on: https://chromium-review.googlesource.com/781499
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49531}
2017-11-21 12:10:53 +00:00
jgruber
71b9018c47 [regexp] Avoid integer overflow in callable @@replace
The integer value denoting the number of captures (and thus the size
of the list of captures created in @@replace [0]) can be controlled by
the user.  This CL ensures we don't overflow and respect
Code::kMaxArguments, but note that it is still possible to trigger
OOMs through large lists.

Bug: chromium:786573
Change-Id: I19c88908c594487818d083b2ba423764ef91eae0
Reviewed-on: https://chromium-review.googlesource.com/779001
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49530}
2017-11-21 12:09:13 +00:00
Sergiy Byelozyorov
da82b257a3 Whitespace CL to test CQ after migrating builders to LUCI
TBR=machenbach@chromium.org

Bug: chromium:748002, chromium:773606, chromium:748003, chromium:748035
Change-Id: Ibe24a76598daa8af1fe5530859a8a657c54c3b9b
Reviewed-on: https://chromium-review.googlesource.com/779434
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49529}
2017-11-21 12:00:04 +00:00
Georg Neis
dbb52a1c21 [bigint,compiler] Fully implement ToNumeric bytecode.
TBR: rmcilroy@chromium.org
Bug: v8:6791
Change-Id: I4ac2bdce353d987a2fe45149d8556b6591569a01
Reviewed-on: https://chromium-review.googlesource.com/771191
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49528}
2017-11-21 11:56:34 +00:00
Mike Stanton
a815265848 [TurboFan] Verify that return statements are 'outside' loops
Bug: 
Change-Id: Ib9ca5458554ed23e94e85e2a9cb42d816649c881
Reviewed-on: https://chromium-review.googlesource.com/781661
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49527}
2017-11-21 11:37:53 +00:00
Jakob Gruber
0645bf3446 [snapshot] Flip --lazy-handler-deserialization
This enables lazy bytecode handler deserialization by default.

Design doc: http://goo.gl/QxZBL2

TBR=hablich@chromium.org

Bug: v8:6624
Change-Id: I89a17e16a4ee18ee1bfca75a1d61f7a11cdc211f
Reviewed-on: https://chromium-review.googlesource.com/776836
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49526}
2017-11-21 11:25:03 +00:00
Andreas Haas
0eb62c2ca1 [wasm] Cleanup ProcessXXX methods in streaming compilation
R=clemensh@chromium.org

Change-Id: Ifb5c02698b5ad9189283e227e89fa020f92186a8
Reviewed-on: https://chromium-review.googlesource.com/781720
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49525}
2017-11-21 11:23:27 +00:00
Michael Achenbach
00a225e0fe Whitespace change to trigger bots
Change-Id: I3f54db032526e4253adacbff8c50393392aad852
Reviewed-on: https://chromium-review.googlesource.com/781629
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49524}
2017-11-21 11:18:06 +00:00
Andreas Haas
6607bac5f4 [wasm-streaming] Fix function index calculation
The index of a function in the WasmModule data structure is offset by
the number of imported functions in the module. The {DecodeFunctionBody}
function of the module decoder, however, requires the function index
without this offset. The streaming processor mixed up these two ranges
of function indices. This is fixed in this CL.

R=clemensh@chromium.org

Bug: chromium:781507
Change-Id: Ie3e0c4703b06ecb923c98ffb961844915323197c
Reviewed-on: https://chromium-review.googlesource.com/776680
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49523}
2017-11-21 10:51:13 +00:00
Sergiy Byelozyorov
b34e2d3a02 Migrate more builders to LUCI and sort LUCI builders by name
R=machenbach@chromium.org

Bug: chromium:748002, chromium:773606, chromium:748003, chromium:748035
No-Try: true
Change-Id: I80ec2a4bf8cb1193c4f31ae1dc84e7f88a2011b4
Reviewed-on: https://chromium-review.googlesource.com/779431
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49522}
2017-11-21 10:28:09 +00:00
Hannes Payer
09658ff714 [heap] Initialize the write_unprotect_counter_ of new code pages with the number of open CodeSpaceMemoryModificationScopes.
Bug: chromium:774108,v8:6792
Change-Id: Ib5306075aeff61160762c685c343970ceb32b66a
Reviewed-on: https://chromium-review.googlesource.com/779201
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49521}
2017-11-21 10:26:24 +00:00
Michael Achenbach
1cd6fd9ff8 [build] Drop Chromium-specific features from V8's MB fork
V8 passes the command explicitly to each swarming task, hence it's
not necessary to store the command in the isolate.

This drops the Chromium-specific code in MB that creates the
swarming command based on Chromium test features.

This also makes the swarming targets option a no-op to allow
activating it on the infra side without disruption.

Bug: chromium:669910
Change-Id: I6cb03f05d034092a25d879d52b4d64952493f55b
Reviewed-on: https://chromium-review.googlesource.com/779148
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49520}
2017-11-21 10:25:19 +00:00
Ulan Degenbaev
4cc5520a77 [heap] Fix the guard for expanding the heap during evacuation.
Currently the size of compaction spaces is not taken into account in
the Heap::CanExpandOldGeneration predicate. This can push the heap size
over the hard limit in some cases.

This patch makes Heap::CanExpandOldGeneration stricter and also fixes
the SelectGarbageCollector to prefer Mark-Compact near the hard limit.

Bug: chromium:784077
Change-Id: I00c7295eba8794a342dd6277a45f995529054b64
Reviewed-on: https://chromium-review.googlesource.com/779265
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49519}
2017-11-21 10:19:04 +00:00
Marja Hölttä
7d77d3d619 [interpreter|cleanup] Less variable shadowing.
This code was confusing, since "target" declared in one of the subscopes
shadowed a parameter with the same name.

Change-Id: Ibf694c94f0a26ca65609cb80d22c40a8fa98f4f3
Reviewed-on: https://chromium-review.googlesource.com/779261
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49518}
2017-11-21 10:17:59 +00:00
Michael Starzinger
184de6af73 [objects] Remove some obsolete {Code} setter methods.
R=jarin@chromium.org
BUG=v8:6792

Change-Id: Id97c7a9911eb2c0606f8ea25d0a2c8ebcb4c8ccd
Reviewed-on: https://chromium-review.googlesource.com/753729
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49517}
2017-11-21 09:51:58 +00:00
Camillo Bruni
b636408fa9 [ic] Reset profiler ticks in property adding N to N transitions
Not resetting the ticks regresses optimization time without substantial
performance benenfits on twitter, facebook, youtube, linkedin and wikipedia.

There was no net positive effect visible otherwise.

Bug: chromium:786908
Change-Id: I98237dee170e7a387f09ccfbad178793361d4a67
Reviewed-on: https://chromium-review.googlesource.com/779435
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49516}
2017-11-21 08:47:47 +00:00
v8-autoroll
47383c20ce Update V8 DEPS.
Rolling v8/build: 5718716..6167734

Rolling v8/tools/clang: 509676b..bd3b137

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I70c12249d7946044d7049f5cf03357c5a2d1fbaf
Reviewed-on: https://chromium-review.googlesource.com/780865
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49515}
2017-11-21 04:56:47 +00:00
Alexei Filippov
8c5e2d758d [cpu-profiler] Deprecate Isolate::GetCpuProfiler and CpuProfiler::CollectSample functions.
BUG=v8:7070

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I92d7c61afa88e0a52c8eed0c2a44a4e49847e83b
Reviewed-on: https://chromium-review.googlesource.com/767618
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49514}
2017-11-21 00:56:56 +00:00
Ben Smith
44c52f7bb5 Enforce restriction on ARM strex{b,h} instruction
The strex (Store Exclusive) instruction has the form:

    strex rd, rt, [rn]

It stores the value in register rt at the address in register rn. If the
store succeeds, then 0 is stored in rd, otherwise 1 is stored. The ARM
manual says that behavior is "unpredictable" if d == n || d == t (i.e.
those registers are aliased).

We were not checking for this behavior in the assembler or simulator,
and as a result were generating output where it occurred. This didn't
always break; the tests we run on ARM hardware run this instruction and
pass.

BUG: chromium:786168

Change-Id: I57fe3a1db406eac96eb04ef2246f6970548d3cf9
Reviewed-on: https://chromium-review.googlesource.com/777777
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49513}
2017-11-20 23:14:06 +00:00
Mircea Trofin
0cd6166c45 Reland "[wasm] Data structures for JIT-ing wasm to native memory."
This is a reland of c71fd20cf9
Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
>
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
>
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
>
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable
> JITing using the new data structures.
>
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}

Bug: v8:6876
Change-Id: Ifd1a4c23de8150dbdc75f059cd657e9670b15c9b
Reviewed-on: https://chromium-review.googlesource.com/779680
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49512}
2017-11-20 22:06:46 +00:00
Michael Achenbach
7e2033eb48 [test] Run the future variant on a subset of bots.
TBR=sergiyb@chromium.org

Bug: chromium:786938,v8:7106
Change-Id: Id60354be899187e4c09d53434ad70019c857f9e9
Reviewed-on: https://chromium-review.googlesource.com/779725
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49511}
2017-11-20 21:05:59 +00:00
Michael Achenbach
f93b14b0df [test] Prepare activating future variant on bots
TBR=sergiyb@chromium.org

Bug: v8:7106,chromium:786938
Change-Id: Iddd573013cb9322d1df06038f10f0e49a6497110
Reviewed-on: https://chromium-review.googlesource.com/779721
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49510}
2017-11-20 18:22:21 +00:00
Georg Neis
a4637502ed [bigint,compiler] Support bigints in typeof operator.
This adds a bigint branch to the typed-optimization of the TypeOf
bytecode. The implementation of the TestTypeOf bytecode already supports
bigints, as does the Typeof stub.

R=jarin@chromium.org

Bug: v8:6791
Change-Id: Ib9a21f3fc48d57873b014a01c68a143bfb8ac6c6
Reviewed-on: https://chromium-review.googlesource.com/778880
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49509}
2017-11-20 17:45:53 +00:00
Clemens Hammacher
3380e9a4d9 Reland "[wasm] Unify deoptimization data"
This is a reland of 236298acbf.

Original change's description:
> [wasm] Unify deoptimization data
>
> Add methods to add deoptimization data and use them from all the places
> where we currently add them manually. Also add them to wasm-to-wasm
> wrappers compiled on table set, which was missing before, leading to
> the referenced bug.
>
> R=ahaas@chromium.org
>
> Bug: chromium:779292
> Change-Id: Ib9132d9faeb1092c46e22dd8196d201ce5c0942f
> Reviewed-on: https://chromium-review.googlesource.com/774838
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49452}

Bug: chromium:779292
Change-Id: I8219305fc894c50904db57e51245733f6613dcd3
Reviewed-on: https://chromium-review.googlesource.com/778159
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49508}
2017-11-20 17:37:01 +00:00
Michael Achenbach
b5bdb762ac Revert "[test] Add Liftoff variant"
This reverts commit 712fa67554.

Reason for revert: Infra side change was reverted. Please reland
after it stays in for a bot cycle...

Original change's description:
> [test] Add Liftoff variant
> 
> Add a variant for testing the current state of the Liftoff
> implementation.
> This variant will only run on a subset of the bots, just like the
> --future variant.
> 
> R=​machenbach@chromium.org, hablich@chromium.org
> 
> Bug: v8:7088, v8:6600
> Change-Id: If49fad3a8ed579356504b821a787326754f24e78
> Reviewed-on: https://chromium-review.googlesource.com/779420
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49504}

TBR=machenbach@chromium.org,hablich@chromium.org,clemensh@chromium.org

Change-Id: Ib6b2e79cea5d9f99f8933c72bbb9d9dddbd6ae07
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7088, v8:6600
Reviewed-on: https://chromium-review.googlesource.com/779719
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49507}
2017-11-20 17:35:58 +00:00
Brad Nelson
fa268032fc [wasm] Disallow calling wasm constructors without new.
BUG=chromium:786021
R=titzer@chromium.org

Change-Id: I188ea4d639ef9d5ceeab5052e043ec1c9150bd77
Reviewed-on: https://chromium-review.googlesource.com/778282
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49506}
2017-11-20 17:34:51 +00:00
Peter Marshall
d8981833eb reland: [heap] Concurrently free ArrayBuffer allocations.
Free ArrayBuffer backing stores on a background thread, rather than
blocking the main thread after processing. Could potentially cause
contention with the array buffer allocator once JS execution resumes.

The new ArrayBufferCollector class tracks these dead allocations.

Later, the processing of array buffers can happen in parallel.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng;master.tryserver.v8:v8_linux64_tsan_rel;master.tryserver.v8:v8_linux64_tsan_concurrent_marking_rel_ng;master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Bug: v8:6992
Change-Id: I2b74f008f79521414374f607ed510f66508af160
Reviewed-on: https://chromium-review.googlesource.com/779182
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49505}
2017-11-20 17:31:56 +00:00
Clemens Hammacher
712fa67554 [test] Add Liftoff variant
Add a variant for testing the current state of the Liftoff
implementation.
This variant will only run on a subset of the bots, just like the
--future variant.

R=machenbach@chromium.org, hablich@chromium.org

Bug: v8:7088, v8:6600
Change-Id: If49fad3a8ed579356504b821a787326754f24e78
Reviewed-on: https://chromium-review.googlesource.com/779420
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49504}
2017-11-20 17:30:51 +00:00
Mircea Trofin
9e45be0933 Revert "[wasm] Data structures for JIT-ing wasm to native memory."
This reverts commit c71fd20cf9.

Reason for revert: msvc is unhappy (https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/208)

Original change's description:
> [wasm] Data structures for JIT-ing wasm to native memory.
> 
> This CL introduces the structures for JIT-ing wasm on the native heap.
> They are described in detail at go/wasm-on-native-heap-stage-1
> 
> Briefly:
> - WasmCodeManager manages memory for modules and offers an interior
> pointer lookup (i.e. PC -> WasmCode)
> - WasmCode represents code, including reloc info. It holds wasm
> specific data, like function index, and runtime information, like trap
> handler info.
> - NativeModule manages memory for one module.
> 
> Tests cover the allocation and lookup aspects, following that current
> regression tests cover the JITed code. A separate CL will enable JITing
> using the new data structures.
> 
> Bug: v8:6876
> Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
> Reviewed-on: https://chromium-review.googlesource.com/767581
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49501}

TBR=bradnelson@chromium.org,ulan@chromium.org,mstarzinger@chromium.org,titzer@chromium.org,mtrofin@chromium.org,mlippautz@chromium.org

Change-Id: Id54deb74782c6f0fd06c61ddcabb727eb7010333
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6876
Reviewed-on: https://chromium-review.googlesource.com/779679
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49503}
2017-11-20 17:29:44 +00:00
Toon Verwaest
8077ec87f6 [json] Simplify JSValue serialization
Bug: v8:7067
Change-Id: Ie9c0a84492965d08f67c910c489e59cbc50a5918
Reviewed-on: https://chromium-review.googlesource.com/778819
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49502}
2017-11-20 16:53:51 +00:00
Mircea Trofin
c71fd20cf9 [wasm] Data structures for JIT-ing wasm to native memory.
This CL introduces the structures for JIT-ing wasm on the native heap.
They are described in detail at go/wasm-on-native-heap-stage-1

Briefly:
- WasmCodeManager manages memory for modules and offers an interior
pointer lookup (i.e. PC -> WasmCode)
- WasmCode represents code, including reloc info. It holds wasm
specific data, like function index, and runtime information, like trap
handler info.
- NativeModule manages memory for one module.

Tests cover the allocation and lookup aspects, following that current
regression tests cover the JITed code. A separate CL will enable JITing
using the new data structures.

Bug: v8:6876
Change-Id: I1731238409001fe97c97eafb7a12fd3922da6a42
Reviewed-on: https://chromium-review.googlesource.com/767581
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49501}
2017-11-20 16:41:51 +00:00
Andreas Haas
8c68bc83fa [wasm] Rename bytes_needed to bytes_consumed in streaming-decoder.cc
R=clemensh@chromium.org

Change-Id: Ie66315bc3fdb44387f4dc8e4dd6e1058c173b786
Reviewed-on: https://chromium-review.googlesource.com/779123
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49500}
2017-11-20 16:40:21 +00:00
Sergiy Byelozyorov
28980b997c Whitespace CL to test CQ
TBR=machenbach@chromium.org

Bug: 
Change-Id: Ic95d5fc96fd6546709c024f6f772fb3308e93887
Reviewed-on: https://chromium-review.googlesource.com/779459
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49499}
2017-11-20 16:28:00 +00:00
Andreas Haas
3896e61775 [test] Add TaskRunners to the platform in the compiler dispatcher tests
I just pass a pointer of the platform to the task runner so that the
task runners can put tasks directly into the platform data structures.

R=rmcilroy@chromium.org

Change-Id: I7c1c56c3b9f550c0fe80012abcd31011e69f3d5d
Reviewed-on: https://chromium-review.googlesource.com/771751
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49498}
2017-11-20 15:54:11 +00:00
Michael Lippautz
5cf75a1ad3 Global handles: More test coverage
Bug: 
Change-Id: Ia3e42c8bfc8773fbd160f4200337617afd54d445
Reviewed-on: https://chromium-review.googlesource.com/779196
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49497}
2017-11-20 14:48:04 +00:00
Michal Majewski
5bd4e2d893 [test] Change wildcards to prefix rules.
Test suite contract changes:
- support * only at the end of the rule.
- loading status file is mandatory before filtering by status file.

Bug: v8:6917
Change-Id: Ia345ebfa7827c50f13f20e5cb7489e62c53f3357
Reviewed-on: https://chromium-review.googlesource.com/779185
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49496}
2017-11-20 14:25:04 +00:00
Michal Majewski
657e726a0d [test] Common statusfile flag format for mozilla and test262.
Bug: v8:6917
Change-Id: Ida8594caead9119b7b5dad6209017e2eae9cd3aa
Reviewed-on: https://chromium-review.googlesource.com/776799
Commit-Queue: Michał Majewski <majeski@google.com>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49495}
2017-11-20 14:20:24 +00:00
Andreas Haas
d9b42b7b34 [wasm] Handle modules without code in streaming compilation
Streaming compilation started the compilation of a module at the
beginning of the code section. However, there exist valid modules which
do not contain a code section. In this CL we check for the existence of
a code section when we finish the stream. We do this by checking if the
module compiler in the AsyncCompileJob exists, because the module
compiler gets initialized at the beginning of the code section.

If we detect that compilation has not been started because there was no
code section, then we start compilation when the stream finishes.

R=clemensh@chromium.org

Bug: chromium:771973
Change-Id: I7c95a7a791d02254f086961e7cd81885eec27382
Reviewed-on: https://chromium-review.googlesource.com/778541
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49494}
2017-11-20 13:58:04 +00:00
Michael Achenbach
209d379083 [test] Enable future variant as part of the extra suite set
Bug: chromium:786938
Change-Id: Ib8041c3cfe2237922824d783ebf8f0bb4d967a53
Reviewed-on: https://chromium-review.googlesource.com/779259
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49493}
2017-11-20 13:43:34 +00:00
Georg Neis
c57c529f87 [code-assembler] Check that a variable's value is never accessed outside a block.
We should only ever call value() on a variable while we are inside a block.
This CL adds a DEBUG check to this effect.

Bug: 
Change-Id: Ic85fae70e2c3543ff79e3234ba26e1daa234f7e3
Reviewed-on: https://chromium-review.googlesource.com/772233
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49492}
2017-11-20 13:24:04 +00:00
Michael Lippautz
a9cab08e6c [heap] Re-enable parallel marking
Bug: chromium:750084
Change-Id: I3d449ab76101100866b18db776b9f282154a77d9
Reviewed-on: https://chromium-review.googlesource.com/768679
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49491}
2017-11-20 13:03:03 +00:00
Mike Stanton
83319454c5 [TurboFan] Verify the graph against floating effectful control
Bug: v8:7002
Change-Id: Id8a7362f199ee776c0eade4cdbb9d3e413c17ead
Reviewed-on: https://chromium-review.googlesource.com/778164
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49490}
2017-11-20 12:51:13 +00:00
Michael Achenbach
0efc615c4a Revert "[heap] Concurrently free ArrayBuffer allocations."
This reverts commit b6658adee0.

Reason for revert: TSAN detects data race when running mksnapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/18354

Original change's description:
> [heap] Concurrently free ArrayBuffer allocations.
> 
> Free ArrayBuffer backing stores on a background thread, rather than
> blocking the main thread after processing. Could potentially cause
> contention with the array buffer allocator once JS execution resumes.
> 
> The new ArrayBufferCollector class tracks these dead allocations.
> 
> Later, the processing of array buffers can happen in parallel.
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> 
> Bug: v8:6992
> Change-Id: I49ae4db12ed62d8400ba2bbafeda05a11479d904
> Reviewed-on: https://chromium-review.googlesource.com/739829
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49485}

TBR=hpayer@chromium.org,mlippautz@chromium.org,petermarshall@chromium.org

Change-Id: I293440b5f2602ca1c8ad120003f551bc8db6b75f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6992
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/779199
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49489}
2017-11-20 12:31:07 +00:00
Peter Marshall
3b31e5beef Revert "[heap] Concurrently free ArrayBuffer allocations."
This reverts commit b6658adee0.

Reason for revert: Breaks TSAN :(

Original change's description:
> [heap] Concurrently free ArrayBuffer allocations.
> 
> Free ArrayBuffer backing stores on a background thread, rather than
> blocking the main thread after processing. Could potentially cause
> contention with the array buffer allocator once JS execution resumes.
> 
> The new ArrayBufferCollector class tracks these dead allocations.
> 
> Later, the processing of array buffers can happen in parallel.
> 
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> 
> Bug: v8:6992
> Change-Id: I49ae4db12ed62d8400ba2bbafeda05a11479d904
> Reviewed-on: https://chromium-review.googlesource.com/739829
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#49485}

TBR=hpayer@chromium.org,mlippautz@chromium.org,petermarshall@chromium.org

Change-Id: If6743b83f871c0fd0d6e83a3083dce0eecd99021
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6992
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/779159
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49488}
2017-11-20 12:29:48 +00:00
Michael Achenbach
41d9e85714 [build] Update MB fork with upstream changes
This updates the V8 side MB fork with all upstream changes until:
https://chromium.googlesource.com/chromium/src/+/f4d92a15f/tools/mb/mb.py

This includes a required feature for mapping isolate targets to
runtime deps.

Bug: chromium:669910
Change-Id: I22244455b22737cfbfc45adef93581ef44cf4151
Reviewed-on: https://chromium-review.googlesource.com/778879
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49487}
2017-11-20 12:29:12 +00:00
Benedikt Meurer
842303a637 [turbofan] Fix printing of FieldAccess.
Avoid the stupid newline when the name is a String, which is
automatically appended by the Object::Print() method. Just use
the Name::NamePrint() method instead.

Bug: v8:5267
Change-Id: I12ec878325b6f6ecdd8633a5ac8129b2398ddf9a
Reviewed-on: https://chromium-review.googlesource.com/778823
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49486}
2017-11-20 12:11:55 +00:00
Peter Marshall
b6658adee0 [heap] Concurrently free ArrayBuffer allocations.
Free ArrayBuffer backing stores on a background thread, rather than
blocking the main thread after processing. Could potentially cause
contention with the array buffer allocator once JS execution resumes.

The new ArrayBufferCollector class tracks these dead allocations.

Later, the processing of array buffers can happen in parallel.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng

Bug: v8:6992
Change-Id: I49ae4db12ed62d8400ba2bbafeda05a11479d904
Reviewed-on: https://chromium-review.googlesource.com/739829
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49485}
2017-11-20 12:10:34 +00:00