Commit Graph

57245 Commits

Author SHA1 Message Date
Patrick Thier
d4d28b73cb [regexp] Call the regexp interpreter without CEntry overhead
Previously all RegExp calls went through Runtime_RegExpExec when --regexp-interpret-all was set.

This CL avoids the runtime overhead by calling into the interpreter directly from the RegExpExec Builtin when the regular expression subject was already compiled to ByteCode (i.e. after the first call).

Bug: v8:8954
Change-Id: Iae9dfcef3370b772a05b2942305335d592f6f15a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698391
Commit-Queue: Patrick Thier <pthier@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62753}
2019-07-17 06:44:31 +00:00
v8-ci-autoroll-builder
010d54b0b5 Update V8 DEPS.
Rolling v8/build: 71a5c6e..fdb6fae

Rolling v8/buildtools: 95c72f3..7b7a5c0

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/43959e2..96450ca

Rolling v8/third_party/depot_tools: 2c92208..9217ff8

Rolling v8/third_party/instrumented_libraries: 27b2da1..db728d7

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I655d538af49df4f3dbdccf21b621b9ad79739394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704628
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62752}
2019-07-17 03:41:10 +00:00
Ng Zhi An
45730a0baa Fix RunF32x4UnOpTest to run on array values intead of indices
Change-Id: I99fe89a679e6a628bd6fa7600f756d9a35450243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695203
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62751}
2019-07-17 00:47:34 +00:00
Ng Zhi An
b479bed1e0 Fix disassembly of pcmpgtq
pcmpgtq was added in https://crrev.com/c/1684362 but not to the
disasembler.

Bug: v8:8460
Change-Id: Id30f9ece015713e8597f5e218dc066ab75ccec96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703766
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62750}
2019-07-17 00:46:19 +00:00
Tianyou Li
3e068605da cputracemark extension
Add CPU trace mark extension for adding a magic instruction like 'cpuid'
to the code stream when perform trace collection.

This feature can be enabled by --expose-cputracemark-as=THE_NAME_YOU_SPECIFIED option.

Change-Id: I33e94793cddf4956dbb3ddddf2f599420aa4a945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1699749
Commit-Queue: Tianyou Li <tianyou.li@intel.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62749}
2019-07-16 21:09:54 +00:00
zhiguo
ed9154168f Add Base64 VLQ decoding support
This CL adds the support for Base64 VLQ decoding, which is the base of
parsing source map files (Version 3). With this support, the mappings of
C/C++ source code and WASM bytecode could be built in V8 engine. The
newly-added function is called VLQBase64Decode, which accepts two
character to be decoded. Upon its return, the position is updated with
the next start position. The unittest of this support is also added in
this CL.

argument: the Base64-encoded VLQ string and the position of first
Change-Id: If0f32972ecd7488844478a7b93a0f10cc38b6a5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1657421
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#62748}
2019-07-16 16:16:24 +00:00
Z Nguyen-Huu
2547a664ae Use GetPropertyWithReceiver stub in Reflect.get
Bail out if name in proxy is private symbol.
Also, do stack check to avoid deeply nested proxy.

Spec: https://tc39.es/ecma262/#sec-reflect.get
Change-Id: I0761762b074d5af892e8d7e419c87c9bbea99241
Bug: v8:8958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1682680
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62747}
2019-07-16 16:15:14 +00:00
Dominik Inführ
da5a277ade Revert "Use list of invalidated objects for old-to-new refs"
This reverts commit dcac02ee81.

Reason for revert: TSAN discovered issue with cleaning invalidated slots in sweeper threads and inserting new slots in the main thread.

Original change's description:
> Use list of invalidated objects for old-to-new refs
> 
> Instead of inserting "deletion" entries into the store buffer, keep
> a list of invalidated objects to filter out invalid old-to-new slots.
> 
> Bug: v8:9454
> Change-Id: Icd21d8cb2159190457f54d0f8b56742ecc820419
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695474
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62744}

TBR=ulan@chromium.org,petermarshall@chromium.org,dinfuehr@chromium.org

Change-Id: I4278e9100c76657663e0a6a62f5d86bb3a343c0e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9454
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704109
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62746}
2019-07-16 15:55:37 +00:00
Darius Mercadier
40b9bb669a [heap] clean implementations of freelists
In particular, some methods were public even though they should have
been protected/private (FreeListCategoryType), and some other methods
were declared but not defined (SearchForNodeInList).

Bug: v8:9329
Change-Id: I7a1e97c82395c5907b750d89057b37b64bc0c253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704096
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#62745}
2019-07-16 15:28:54 +00:00
Dominik Inführ
dcac02ee81 Use list of invalidated objects for old-to-new refs
Instead of inserting "deletion" entries into the store buffer, keep
a list of invalidated objects to filter out invalid old-to-new slots.

Bug: v8:9454
Change-Id: Icd21d8cb2159190457f54d0f8b56742ecc820419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695474
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62744}
2019-07-16 15:15:25 +00:00
Santiago Aboy Solanes
3d3ef0d3fd [ptr-compr][codegen] Combine loads and decompressions with poison too
Also add the poison to x64 decompresses which were missing.

Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I87fd8e56ad8132b4996749be034093566bb88301
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700061
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62743}
2019-07-16 13:32:04 +00:00
Simon Zünd
48da24bb48 Change how start and end addresses of young strings are retrieved
This CL changes how the start and end address for the iteration are
retrieved from an std::vector that won't cause a failed assertion.

There are some std::vector implementations that contain bounds checks.
The string table iteration code uses an access like
{&young_strings_[young_strings_.size()]} to retrieve the end address
for an iteration. This results in a out of bounds exception on such a
std::vector implementation even though the "element" itself is not actually
accessed.

Change-Id: I31db8994a7ff613897ad9deac953a1ee91f322b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704097
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62742}
2019-07-16 13:22:24 +00:00
Thibaud Michaud
fac5898d2b Revert "reland [wasm] Compile JS to WASM wrappers asynchronously"
This reverts commit 117ddc8f6d.

Reason for revert: The isolate is needed for accessing builtins, and can die during async compilation.

Original change's description:
> reland [wasm] Compile JS to WASM wrappers asynchronously
> 
> The context was not set during streaming compilation.
> The initial upload is the original CL and patch set 1 is the fix.
> 
> Original CL:
> 
> > [wasm] Compile JS to WASM wrappers asynchronously
> >
> > R=mstarzinger@chromium.org, ahaas@chromium.org
> >
> > Bug: v8:9231
> > Change-Id: I9e18073bbe25bf8c9c5f9ace102316e6209d0459
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669699
> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#62672}
> 
> R=​mstarzinger@chromium.org, ahaas@chromium.org
> 
> Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
> Bug: v8:9231
> Change-Id: I61fc11a6de54cc6e93f3600487a89fa5d2350f0e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701850
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62721}

TBR=mstarzinger@chromium.org,ahaas@chromium.org,thibaudm@chromium.org

Change-Id: Ie258317f04a944e8e08993dbffb524f722cceddc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9231
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704094
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62741}
2019-07-16 11:39:53 +00:00
Milad Farazmand
55f7b1bbbe PPC/s390: [wasm] Split jump table and lazy compile table
Port 56eaec9d49

Original Commit Message:

    We had both jump slots and lazy compile slots in the same table. This
    increases the space per slot to the maximum of the two, even though we
    often do not use lazy compilation and could have smaller jump slots.
    This CL splits the two into two separate tables. The lazy compile table
    will only be created on demand, and will never be patched.
    The jump table now only contains jumps, and is more compact (which
    might improve performance because of improved locality).

R=clemensh@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I7bece77c02f8075da54d664215989339f2958ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702126
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62740}
2019-07-16 11:37:30 +00:00
Santiago Aboy Solanes
c85afa2668 [cleanup][turbofan] Remove empty else if in RegisterAllocator.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:9396
Change-Id: Ie00cb7de1b16525553baf9b555b3f84e8d86d073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702617
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62739}
2019-07-16 11:35:30 +00:00
Sigurd Schneider
47e077a28a [deoptimizer] Check whether output frames fit into stack space
Change-Id: I7af0fe843f73b702b03ffa50ecca19aabd7583b8
Bug: chromium:983850
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701858
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62738}
2019-07-16 11:14:10 +00:00
Simon Zünd
8ae4143a24 [wasm] Fix alloc/dealloc size mismatch for WasmInstructionBuffer
On newer compilers the {operator delete} with explicit {size_t}
argument would be instantiated for {WasmInstructionBuffer} and used
in the destructor of {std::unique_ptr<WasmInstructionBuffer>}. The
{size_t} argument is wrong though, since the pointer actually points
to a {WasmInstructionBufferImpl} object.
The solution is to explicitly provide a {operator delete}, preventing
an implicitly generated {size_t} operator.

R=clemensh@chromium.org

Change-Id: I2cc22078d03a523121309bae94f5b612cb98e112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702613
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62737}
2019-07-16 10:00:20 +00:00
Clemens Hammacher
ee45ce9c09 Revert "[wasm] Update spec tests"
This reverts commit ee2b5a567c.

Reason for revert: wasm-spec-tests\tests\conversions.js fails on win32-debug: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/21210

Original change's description:
> [wasm] Update spec tests
> 
> R=​clemensh@chromium.org
> 
> Change-Id: Ia4c70327861d5025f4a09513a02bc6176e7b8f18
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702606
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62733}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I16382ab16681660ef2042027ce0cb87d5b4af3ee
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62736}
2019-07-16 09:45:44 +00:00
Tamer Tas
d270056f25 [perf] mask timeout failures if they succeed after retries
perfrunner returns a failure if the build timeouts at any point even if it's
successful after retries. It tries to surface up the timeout issue. Due to this,
some bots stay red consistently, and confuses the sheriffs.

This CL masks the timeouts if the suite succeeds in the end.

TBR=verwaest@chromium.org,sergiyb@chromium.org

Bug: v8:9494
Change-Id: I8e107e80dfaa51095501bb2e855d9fbbe4023da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702612
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62735}
2019-07-16 09:38:40 +00:00
Ng Zhi An
4334e2b85f Fix ubsan errors in tests
See https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/7102

Change-Id: I2c6577be06dbcafe11f7911cc6b3ec4b7bea5c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703764
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62734}
2019-07-16 09:18:40 +00:00
Andreas Haas
ee2b5a567c [wasm] Update spec tests
R=clemensh@chromium.org

Change-Id: Ia4c70327861d5025f4a09513a02bc6176e7b8f18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702606
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62733}
2019-07-16 08:47:09 +00:00
Maya Lekova
27debb8ce2 Reland "Temporarily remove --concurrent-inlining from --future"
This reverts commit 6805395d9b.

Reason for revert: Breaks Speedometer, blocking the roll. See attached bug.

Original change's description:
> Revert "Temporarily remove --concurrent-inlining from --future"
> 
> This reverts commit 060b9ec4a8, as the
> issue has been resolved.
> 
> Bug: v8:7790
> Change-Id: Id8a56ad50a508eacd191f2777cc5afc0b838364f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700078
> Commit-Queue: Georg Neis <neis@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62713}

TBR=mvstanton@chromium.org,neis@chromium.org,mslekova@chromium.org

Change-Id: If952cc8c8b6017c4d41e92df56acc4b80670e2c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790, v8:9491
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702607
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62732}
2019-07-16 08:07:22 +00:00
Darius Mercadier
bcd00b2ad6 [heap] Add FreeListMany stragety (--gc-freelist-strategy=2)
This CL adds a new FreeList strategy, that can be turned on by using
flag `--gc-freelist-strategy=2`. It uses a lot (about 50)
FreeListCategories instead of the 6 ones used in FreeListLegacy.
Allocation is done using a best-fit strategy. However, FreeListMany
could be subclassed in order to change the allocation strategy while
still using the same freelists.

Using this strategy is expected to reduce memory usage but to also
reduce allocation performances.

Bug: v8:9329
Change-Id: I201be863270a3287701fefdd9e14ba7849a8a551
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698392
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62731}
2019-07-16 08:02:29 +00:00
Shawn Presser
23d485508b Update v8 to run on iPhone
iOS uses 16kb memory pages. This change modifies OS::GetRandomMmapAddr()
to return a 16kb-aligned address on apple ARM64.

The mrs instruction is invalid on iOS. This change modifies
CacheLineSizes::CacheLineSizes() so that mrs is not executed.

Change-Id: I13fcc8498e715c03432c7a652ee723660f746069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701127
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62730}
2019-07-16 07:31:39 +00:00
Frank Tang
4babedaeeb Roll test262
https://chromium.googlesource.com/external/github.com/tc39/test262/+log/6cb0a5..26a2268

Bug: v8:7834
Change-Id: Iaf99fd0a8f53554fbe36f66c2e9c2527ab2001f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702634
Auto-Submit: Frank Tang <ftang@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62729}
2019-07-16 07:05:59 +00:00
Ng Zhi An
57406c3d46 [wasm simd] Implement F64x2 Gt Ge Lt Le on x64
Bug: v8:8460
Change-Id: I98ae0b9cf90201ddf61488104f4c49df4e73b8dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690201
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62728}
2019-07-16 05:13:19 +00:00
Ng Zhi An
40d7e1a624 [wasm simd] Implement I64x2Mul
Bug: v8:8460
Change-Id: Ie7df93babd3b3345166890d57e341b5f8ddac01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687776
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62727}
2019-07-16 04:58:19 +00:00
v8-ci-autoroll-builder
81b289a0c5 Update V8 DEPS.
Rolling v8/build: 0998f8c..71a5c6e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/982e952..43959e2

Rolling v8/third_party/depot_tools: d3af699..2c92208

Rolling v8/third_party/instrumented_libraries: 523c0fd..27b2da1

TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org

Change-Id: I76ac00d67537b1e8cf8a09a27f732638bb4b5b80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701923
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#62726}
2019-07-16 03:34:59 +00:00
Ng Zhi An
0860288c5e [wasm simd] Implement F64x2Eq and F64x2Ne on x64
Bug: v8:8460
Change-Id: Iae23899d74b563d9f0e7c65aeceee723d0e1d098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690200
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62725}
2019-07-16 03:30:29 +00:00
Ng Zhi An
30663c88ac [wasm simd] Implement I64x2AllTrue and I64x2AnyTrue on x64
Bug: v8:8460
Change-Id: I003972a804df3589ce953dbb294c44b97ab65d88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1686512
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62724}
2019-07-16 03:28:09 +00:00
Ng Zhi An
4edb56afb7 [wasm simd] Implement F64x2ExtractLane F64x2ReplaceLane for x64
Bug: v8:8460
Change-Id: Icd1d047c319450f73f1e728db0ca74fdd70b994d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690709
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62723}
2019-07-16 02:42:09 +00:00
Sathya Gunasekaran
889be09d84 [test262] Remove tests that are already skipped
Private getters and setters are not implemented in v8 and are skipped
already.

Bug: v8:9430
Change-Id: Id59c0757d90ab94b828e5fc7c254d6f209796eea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1702242
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62722}
2019-07-15 22:22:35 +00:00
Thibaud Michaud
117ddc8f6d reland [wasm] Compile JS to WASM wrappers asynchronously
The context was not set during streaming compilation.
The initial upload is the original CL and patch set 1 is the fix.

Original CL:

> [wasm] Compile JS to WASM wrappers asynchronously
>
> R=mstarzinger@chromium.org, ahaas@chromium.org
>
> Bug: v8:9231
> Change-Id: I9e18073bbe25bf8c9c5f9ace102316e6209d0459
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1669699
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62672}

R=mstarzinger@chromium.org, ahaas@chromium.org

Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Bug: v8:9231
Change-Id: I61fc11a6de54cc6e93f3600487a89fa5d2350f0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701850
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Auto-Submit: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62721}
2019-07-15 16:07:03 +00:00
Sathya Gunasekaran
b8a0418d3d [Promise] Close iterator if constructor.resolve throws
If the lookup of the resolve property on the constructor throws, we
need to call IteratroClose before rejecting the promise.

Bug: v8:9431
Change-Id: Idb33ffe09d339723ef0cd2469335598ab27b49bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701857
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62720}
2019-07-15 15:57:23 +00:00
Seth Brenith
14274bb16a [torque] Use @generateCppClass in some simple cases
This change is mostly mechanical, but it's worth mentioning a few
slightly interesting cases:
- A couple of field definitions didn't match the signedness of their
  corresponding accessors.
- The generated accessors for Smi data use Smi values directly, but
  usually we want C++ accessors to use ints instead. I added a macro
  that hides the generated Smi accessors and exposes int accessors,
  but we might consider generating int accessors directly.
- The data held in some fields is described in comments next to the
  accessor definition for those fields. With automatically generated
  accessors, those comments need a new home. In this change I put them
  in the Torque object definition, but I'm open to other suggestions.
- gen-postmortem-metadata couldn't find updated class definitions after
  they got split across multiple lines, so I changed its matching
  logic. (Ideally debug-support.cc should be a Torque compiler output
  rather than something that involves parsing C++ with regexes, but
  this makes it correctly report subclass relationships for now.)
- The end offsets generated by Torque were off by one from the values
  that would be generated by DEFINE_FIELD_OFFSET_CONSTANTS.

Change-Id: I3df4fcd27997b46c41ca879065b9d97f6c939f07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1692192
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#62719}
2019-07-15 15:29:08 +00:00
Nico Hartmann
ab2ebc296e [turbofan] Fix representation changing for bigints
RepresentationChanger::GetTaggedPointerRepresentation did not handle
kCompressed cases correctly for BigInts. This led to a crash of BigInt
benchmarks in js-perf-test.

Bug: v8:9407
Change-Id: Id1d60a81afc528c8d4180bd5de9d237f2f0abd0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701848
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62718}
2019-07-15 15:25:58 +00:00
Michael Starzinger
fd1a211c37 [wasm] Rename "except_ref" to "exnref" throughout the code.
Also see: https://github.com/WebAssembly/exception-handling/pull/84

R=ahaas@chromium.org
BUG=v8:8091

Change-Id: Ibcf9a2bba019cbd634884cb217e1507231a5bcf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700077
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62717}
2019-07-15 15:09:28 +00:00
Clemens Hammacher
9f8d52df20 [wasm] Fix non-const references in Liftoff
R=ahaas@chromium.org

Bug: v8:9429, v8:9396
Change-Id: I06657a7e339ed2f2c93f560bfcd3413761ad0733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701844
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62716}
2019-07-15 14:32:48 +00:00
Georg Neis
01a80fe30b Reland "Disabe FLAG_turbo_control_flow_aware_allocation again"
This is a reland of a6eabacfee. We
decided that this feature needs more work.

Bug: v8:9088
Change-Id: I937f722e9356be5eca72cdf1edd552d132ee25be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701855
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62715}
2019-07-15 14:25:57 +00:00
Jakob Gruber
b67ecd1d2d Add --trace-protector-invalidation flag
This is a convenience flag to trace and debug invalidations. The
assumption used to be that protectors are rarely invalidated, but this
may happen more frequently than expected in practice.

Bug: v8:9463,v8:9466
Change-Id: Ice051593bda647070bc48d535edd03ba96c7dfcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1695469
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62714}
2019-07-15 13:35:17 +00:00
Georg Neis
6805395d9b Revert "Temporarily remove --concurrent-inlining from --future"
This reverts commit 060b9ec4a8, as the
issue has been resolved.

Bug: v8:7790
Change-Id: Id8a56ad50a508eacd191f2777cc5afc0b838364f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700078
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62713}
2019-07-15 12:59:20 +00:00
Georg Neis
e5678a6536 [turbofan] Make serializer properly handle resume targets
The bytecode graph builder may insert additional jumps for the
SwitchOnGeneratorState bytecode and for loop headers. This plays into
what the graph builder considers dead/alive. We want the serializer to
process all the bytecodes that the graph builder will process, so the
serializer needs to do something similar.

Bug: v8:7790
Change-Id: I1f1d51f4a8951149e365b3c998cef7f613bb4953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1647694
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62712}
2019-07-15 12:48:07 +00:00
Georg Neis
b58298803a [turbofan] Move bytecode analysis to the serializer
When --concurrent-inlining is on, run bytecode analysis for all relevant
functions at serialization time, and store the results in the broker.

Change bytecode analysis such that running it for OSR produces information
that subsumes the non-OSR case. This lets us avoid doing and storing two
analyses for the top-level function in case we do OSR and the function
gets inlined into itself.

Bug: v8:7790
Change-Id: I7d5df0b2652e6e5c758c85578e51b4f8d041b0d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690959
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62711}
2019-07-15 12:41:57 +00:00
Yang Guo
4ee7697cd2 Remove unused Scope::force_context_allocation_
R=verwaest@chromium.org

Change-Id: Ibbf382ec1f7200142ebccc8eed6fe5dd1c2804bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701846
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62710}
2019-07-15 12:39:27 +00:00
Benedikt Meurer
2aa9474986 [dx] Support some cross-context async stack traces.
When passing promises from other contexts to an `await`, the
--harmony-await-optimization doesn't kick in, and as such the
promise will be wrapped in a "native promise" (from this context).
That means the promises aren't chained immediately, but delayed
via a PromiseResolveThenableJob, which chains these promises on
the next turn of this contexts' microtask queue.

If there's anything happening on the macro task queue in between
this and the point when an exception is raised, the chaining will
have happened and we actually find our way back via the promise
chains. And this CL adds support for exactly that case. For other
cases, it's currently impossible to reconstruct the async stack
unfortunately, but we hope that this will help with the major
use cases, where the developer awaits on I/O.

Bug: v8:7522, v8:8673, v8:9487
Ref: nodejs/node#28680
Change-Id: Icc06c7df12644c2d8d43b6c7580ee06bb8f1024a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701847
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62709}
2019-07-15 11:57:32 +00:00
Toon Verwaest
8109b4795e [ptr-compr] Remove unnecessary decompression in kArchStoreWithWriteBarrier
The object itself is already decompressed, and we're simply re-decompressing by
nuking the upper bits through sign extension.

Additionally this CL changes the branchless decompression sequence on x64 to be
cmov-based since that's shorter and faster. It's still slower than branchful
though, so we likely won't use it.

Change-Id: Ie6f9d38fb390b7300a236bf85d0db58d1ee959b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701842
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62708}
2019-07-15 11:52:32 +00:00
Clemens Hammacher
56eaec9d49 [wasm] Split jump table and lazy compile table
We had both jump slots and lazy compile slots in the same table. This
increases the space per slot to the maximum of the two, even though we
often do not use lazy compilation and could have smaller jump slots.
This CL splits the two into two separate tables. The lazy compile table
will only be created on demand, and will never be patched.
The jump table now only contains jumps, and is more compact (which
might improve performance because of improved locality).

R=mstarzinger@chromium.org

Bug: v8:9477
Change-Id: Ie182873a1ec612f71d1b54447021a9a8f8ca59db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698393
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62707}
2019-07-15 10:37:02 +00:00
Benedikt Meurer
62c34970b7 [objects] Fix debug printing of JSAsyncFunctionObject and JSAsyncGeneratorObject.
Bug: v8:9487
Change-Id: I38e38195c803d048b858acca577ba43fc5c61ac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701841
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62706}
2019-07-15 10:33:02 +00:00
Georg Neis
db5969cb5f [turbofan] Avoid some non-const reference arguments
... by making them const or converting them to pointers.

Bug: v8:9429
Change-Id: If4a7832944f5dc35cec04c11087499a552a7469a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1700073
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62705}
2019-07-15 10:25:22 +00:00
Peter Marshall
29e70b40d7 [cleanup] Remove parsing for ignored options in D8 TraceConfig
We never call GetTraceRecordMode() on the TraceConfig produced in D8
but instead always create the default ring buffer.

That means we ignore the "record_mode" argument supplied in config json
file.

Given we never use this we can remove the parsing code. The same thing
is true for enable_systrace and enable_argument_filter. All of these
are never used in V8 (they were copied from Chrome) but are part of the
public API so this CL just removes our parsing code for them but leaves
them in the API for now.

Bug: v8:8339
Change-Id: Iab5169536e20c19a784a55d013765125dd701773
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1698397
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62704}
2019-07-15 10:17:32 +00:00