Commit Graph

46088 Commits

Author SHA1 Message Date
Clemens Hammacher
d7e59efa35 Revert "Reland: [Compiler] Use CompilationCache for StreamedScript compilation."
This reverts commit 2542720357.

Reason for revert: code-coverage failures on gc-stress bot: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/17956

Original change's description:
> Reland: [Compiler] Use CompilationCache for StreamedScript compilation.
> 
> Previously GetSharedFunctionInfoForStreamedScript didn't either check the
> compilation cache or put the result of compilation into the compilation
> cache. This would mean future compiles would need to re-parse / compile
> the same script even if the isolate had already seen it. This CL
> fixes this.
> 
> Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
> for all script compiles even when loading from a cache.
> 
> BUG=v8:5203
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
> 
> Change-Id: I0a74c5b67bfaca5e50511d5f72da0ab53d8457f6
> Reviewed-on: https://chromium-review.googlesource.com/937724
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51594}

TBR=rmcilroy@chromium.org,yangguo@chromium.org,mythria@chromium.org

Change-Id: I784b9eeff75a677b9f2276fa05a0d1af09772baa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/939401
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51596}
2018-02-27 13:05:44 +00:00
Clemens Hammacher
bd2c9d560c [wasm][testing] Fix definition of kSig_f_v
There is a clear mistake of using kWasmF64 instead of kWasmF32.

R=ahaas@chromium.org

Change-Id: I638d568b3736fdb8417f17bcd04d17268a45b965
Reviewed-on: https://chromium-review.googlesource.com/939178
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51595}
2018-02-27 12:52:23 +00:00
Ross McIlroy
2542720357 Reland: [Compiler] Use CompilationCache for StreamedScript compilation.
Previously GetSharedFunctionInfoForStreamedScript didn't either check the
compilation cache or put the result of compilation into the compilation
cache. This would mean future compiles would need to re-parse / compile
the same script even if the isolate had already seen it. This CL
fixes this.

Also refactors the compilation pipelines to ensure we call debug->OnAfterCompile()
for all script compiles even when loading from a cache.

BUG=v8:5203
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng

Change-Id: I0a74c5b67bfaca5e50511d5f72da0ab53d8457f6
Reviewed-on: https://chromium-review.googlesource.com/937724
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51594}
2018-02-27 12:29:43 +00:00
Georgia Kouveli
277d8d50d3 [snapshot] Print lazily deserialized builtins.
Change-Id: I0e9ad97eb55e2bd206626e1f0734a05da3ba904c
Reviewed-on: https://chromium-review.googlesource.com/934287
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51593}
2018-02-27 10:57:43 +00:00
Ulan Degenbaev
4f43be96ca [heap] Fix a data race in Scavenger.
Scavenger::PromoteObject and Scavenger::SemiSpaceCopyObject load and
dereference the map of the object to compute the alignment.

This is unsafe because the object can be already migrated by another
thread and the map word can contain the forwarding address.

This patch removes the map load and uses the provided map argument to
compute the alignment.

Bug: chromium:811278,chromium:807178
Change-Id: I7343344dc65ae26eefb2602c55dee87bb511bc72
Reviewed-on: https://chromium-review.googlesource.com/939172
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51592}
2018-02-27 10:48:53 +00:00
Marja Hölttä
10d8aab1de [objects.h splitting] Move Microtask-related classes.
BUG=v8:5402,v8:7310

Change-Id: I5861e6508668a751e458216961edd1a03192236b
Reviewed-on: https://chromium-review.googlesource.com/934282
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51591}
2018-02-27 10:44:53 +00:00
sreten.kovacevic
fc23e97467 [Liftoff][mips] Fix problem with Load instructions on MIPS
Implemented missing code for some LoadTypes.
Use unaligned instructions for I64 Loads.

Bug: v8:6600
Change-Id: I6ceb623005464c623eaa7512d3f1e4b0ebace86d
Reviewed-on: https://chromium-review.googlesource.com/939167
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51590}
2018-02-27 10:25:53 +00:00
Michael Starzinger
fafd1cdd35 Move exception handler table into instruction stream.
This changes the encoding of the {HandlerTable} from an array of Smi
values to a byte array. It allows embedding of said array into the
instruction stream of {Code} objects (similar to how safepoint tables
work). For interpreted bytecode the table is attached as a {ByteArray}
to the bytecode.

The advantage of this approach is a more compact encoding and also the
ability to move such tables easily off the GC'ed heap if needed (as is
done for WebAssembly code for example).

R=jarin@chromium.org

Change-Id: I3320415dff69b3d1053825bda0d667a28232bf6d
Reviewed-on: https://chromium-review.googlesource.com/934642
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51589}
2018-02-27 10:20:35 +00:00
Choongwoo Han
1a1e93526e [builtins] Sort only up to a given length in Array.p.sort
Always return the given length (limit) for typed arrays in PrepareElementsForSort
since typed arrays do not have holes.

Bug: v8:6719
Change-Id: Ic455ceca6563fc66a4e4a78c7bf5df1ad17afb4a
Reviewed-on: https://chromium-review.googlesource.com/615104
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51588}
2018-02-27 10:17:03 +00:00
Camillo Bruni
78cba2ae00 [tools] Add support for new stack error messages and js stack traces
Change-Id: I809b10935c92a129bd633c98759ba9d800aaa91c
Reviewed-on: https://chromium-review.googlesource.com/934503
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51587}
2018-02-27 09:48:13 +00:00
Peter Marshall
ea97a8fb32 [cleanup] Use the typed LoadObjectField in internal-gen CSA
Bug: v8:7310
Change-Id: I73f59cb4119e7f27828f09ac33fc247fc4983742
Reviewed-on: https://chromium-review.googlesource.com/937723
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51586}
2018-02-27 09:24:56 +00:00
Kim-Anh Tran
b3ed3cc5df [wasm] Clone export wrappers when cloning the compiled module
Currently all instances share the exact same export wrappers (pointed
to by the corresponding compiled module). This bug, however, does not
cause a problem at runtime. This CL makes sure that all compiled modules
have their own export wrapper table during instance instantiation.

Change-Id: I385d79ab8ad42672f7ab72755387d161b1e9ee81
Reviewed-on: https://chromium-review.googlesource.com/937715
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51585}
2018-02-27 07:47:15 +00:00
Jakob Kummerow
ef2aba3325 [test][cleanup] Clean up value-serializer-unittest.cc
Refactor the helpers to use return values instead of continuation functors.
This reduces compilation time in Release mode from 30s to 10s (Debug: 10->7s).
Also shorten the boilerplate code a bit.

Bug: v8:7310
Change-Id: Icf6309e4fd5478a1f55979112d1219bc7eaf4e6d
Reviewed-on: https://chromium-review.googlesource.com/938316
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51584}
2018-02-27 02:05:55 +00:00
Adam Klein
0084d42dc9 [cctest] Avoid redundant call in cctest/test-api/CallAsFunction
R=jkummerow@chromium.org

Bug: v8:7497
Change-Id: I4b75fde49a352a6e8d99211efdbb09d77aa88069
Reviewed-on: https://chromium-review.googlesource.com/938183
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51583}
2018-02-26 21:21:41 +00:00
Adam Klein
8fa85efd27 [esnext] Remove always-disabled support for function.sent
This proposal has not moved beyoned stage 2 in two years, and has never
moved past the HARMONY_INPROGRESS state in flag-definitions.h.

It was originally added to aide in desugaring yield*, but is no longer
used for that purpose.

Bug: v8:4700, v8:7310
Change-Id: Ieca40d8e4bf565516bbe71e47b996daa70d2e835
Reviewed-on: https://chromium-review.googlesource.com/935297
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51582}
2018-02-26 20:01:41 +00:00
Adam Klein
3669c00e7e Remove v8-x87-ports@ from WATCHLIST
The x87 port itself has been gone for awhile.

Bug: v8:7310
Change-Id: I1c938ba93720af361733f2c09dc5f128173b5675
Reviewed-on: https://chromium-review.googlesource.com/935198
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51581}
2018-02-26 19:56:21 +00:00
Junliang Yan
8733be1307 s390: Refactor atomic ops to distinguish Int32/Int64 ops
Port 3db1d4a55e

Original Commit Message:

    Currently, atomic operations assume the default to be 32-bit
    operations, fix opcode names for differentiation between 32/64-bit
    operations.

R=gdeepti@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I79c195ce7474f329ccb2446fad1f81bab41e7329
Reviewed-on: https://chromium-review.googlesource.com/937921
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51580}
2018-02-26 19:01:31 +00:00
Wez
6fd918a233 Clean up usage of POSIX APIs that are unsupported under Fuchsia.
Recent Fuchsia SDKs have begun removing both symbols for unsupported
POSIX APIs, and also the relevant definitions, and even headers.

This CL:
- Removes dependencies on <sys/resource.h>.
- Adds a working implementation of GetUserTime().
- Fixes GetCurrentThreadId() to use the native (32-bit) Fuchsia thread
  handle, rather than the (64-bit) pthread*, to avoid potential for id
  clashes when truncating the value into a 32-bit int.

Bug: chromium:707030
Change-Id: Ic5774e138f7657123dd65d0fb7ef5d87876766e8
Reviewed-on: https://chromium-review.googlesource.com/933247
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51579}
2018-02-26 18:21:20 +00:00
Adam Klein
797d3df0bf Revert "[turbofan] Masking/poisoning in codegen (optimized code, arm64)"
This reverts commit 800daded0b.

Reason for revert: breaks arm64 build

Original change's description:
> [turbofan] Masking/poisoning in codegen (optimized code, arm64)
> 
> This introduces masking of loads with speculation bit during code generation.
> At the moment, this is done only under the
> --branch-load-poisoning flag, and this CL enlarges the set of supported
> platforms from {x64, arm} to {x64, arm, arm64}.
> 
> Overview of changes:
> - new register configuration configuration with one register reserved for
>   the speculation poison/mask (kSpeculationPoisonRegister).
> - in codegen, we introduce an update to the poison register at the starts
>   of all successors of branches (and deopts) that are marked as safety
>   branches (deopts).
> - in memory optimizer, we lower all field and element loads to PoisonedLoads.
> - poisoned loads are then masked in codegen with the poison register.
>   * only integer loads are masked at the moment.
> 
> Bug: chromium:798964
> Change-Id: Ie6bc9c3bdac9998b0ef81f050a9c844399ca3ae4
> Reviewed-on: https://chromium-review.googlesource.com/928724
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51576}

TBR=rmcilroy@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,jarin@chromium.org,rodolph.perfetta@arm.com,martyn.capewell@arm.com,pierre.langlois@arm.com

Change-Id: I1b5dad27f9620c7da3277602081f392de6221caf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/937861
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51578}
2018-02-26 17:49:04 +00:00
Gabriel Charette
2ba05d6781 Revert "Revert "Use all available workers for concurrent marking.""
This reverts commit c41c7a0943.

Reason for revert: relanding now that the perf waterfall has had a stab at this revert.

Original change's description:
> Revert "Use all available workers for concurrent marking."
> 
> This reverts commit 3c62f7ae07.
> (and commit 4939463c77)
> 
> The goal of this revert is to contrast the effect on perf bots of
> landing it vs reverting it to more easily attribute its impact.
> 
> R=​hpayer@chromium.org
> 
> Bug: chromium:812178
> Change-Id: I7c977b1b0b587f787263272400d87f6aae7af634
> Reviewed-on: https://chromium-review.googlesource.com/936761
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51546}

TBR=gab@chromium.org,hpayer@chromium.org

Change-Id: I1ecfc70867dc5424cba1a9ecd229ae031c3e9aa4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:812178
Reviewed-on: https://chromium-review.googlesource.com/937725
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51577}
2018-02-26 17:22:39 +00:00
Mike Stanton
800daded0b [turbofan] Masking/poisoning in codegen (optimized code, arm64)
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64, arm} to {x64, arm, arm64}.

Overview of changes:
- new register configuration configuration with one register reserved for
  the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
  of all successors of branches (and deopts) that are marked as safety
  branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
  * only integer loads are masked at the moment.

Bug: chromium:798964
Change-Id: Ie6bc9c3bdac9998b0ef81f050a9c844399ca3ae4
Reviewed-on: https://chromium-review.googlesource.com/928724
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51576}
2018-02-26 16:47:32 +00:00
sreten.kovacevic
3e92808a8b [Liftoff][mips] Implement Load and Store instructions
Implement Load and Store instructions for liftoff on MIPS.
Function CallTrapCallbackForTesting also implemented  to prevent
test from failing when address is out of range.

Bug: v8:6600
Change-Id: I85e48334d171ad6d86a02eeba51e4f07edaf9648
Reviewed-on: https://chromium-review.googlesource.com/934133
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51575}
2018-02-26 16:18:32 +00:00
Peter Marshall
6b25ab2e8c [typedarray] Extend ElementsAccessor::CopyElements to all Object types
Previously, Strings without an iterator would go to the runtime path
and fail on because it expected a JSReceiver type. This was in-line
with what the elements accessor expected. We can actually handle all
object types in the final slow path (using LookupIterator) so it is no
problem to change the accept types.

Bug: chromium:816289
Change-Id: Iebb8de0bb7551aee3894c8a23836d079c93726a7
Reviewed-on: https://chromium-review.googlesource.com/937461
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51574}
2018-02-26 15:51:31 +00:00
Clemens Hammacher
ecb77978c7 Reland "[Assembler][x64] Make Operand immutable"
This is a reland of e7f9fb4a0d.

Original change's description:
> [Assembler][x64] Make Operand immutable
> 
> This CL removes all setters from the Operand and removes the friendship
> relation between Assembler and Operand. All data fields of the Operand
> are set exactly once in the constructor, the Operand is immutable
> afterwards.
> In order to construct the data of an Operand easily, the OperandBuilder
> is introduced. After building an Operand, the data is copied to the
> const field of the Operand.
> 
> R=mstarzinger@chromium.org
> 
> Bug: v8:7310
> Change-Id: I1628052b8a0c47cbfbc3645dfdac5a0e9705977b
> Reviewed-on: https://chromium-review.googlesource.com/936741
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51563}

Bug: v8:7310
Change-Id: I84df5e11b1811585fbba7309e3bb9c6b17e18c0b
Reviewed-on: https://chromium-review.googlesource.com/936628
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51573}
2018-02-26 15:38:21 +00:00
jgruber
0ad8033bca [code] Add Code::Instruction{Start,End,Size} helpers
These helpers support off-heap code objects, for which they return
start, end, and size of the off-heap instruction stream.

Bug: v8:6666
Change-Id: Ib5e819d976eee3073b0354b8d8ce324b691f1b15
Reviewed-on: https://chromium-review.googlesource.com/937281
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51572}
2018-02-26 14:53:31 +00:00
jgruber
d6a88d05c5 Reland "[builtins] Update off-heap-safe list"
This is a reland of 087e9daa79.

Original change's description:
> [builtins] Update off-heap-safe list
>
> TBR=yangguo@chromium.org
>
> Bug: v8:6666
> Change-Id: I70ba2ecbc259431b571a2e5611494dd7725f2aa6
> Reviewed-on: https://chromium-review.googlesource.com/937302
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51567}

TBR=yangguo@chromium.org

Bug: v8:6666
Change-Id: I9475c8e412f765623131f168e9fe25d8082d061e
Reviewed-on: https://chromium-review.googlesource.com/937541
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51571}
2018-02-26 14:42:20 +00:00
Yang Guo
b04c87d84c [regexp] fix v8_interpreted_regexp build.
R=jgruber@chromium.org

Change-Id: I8328fdaf5d53850b87dd16867255d4325ab9cd9c
Reviewed-on: https://chromium-review.googlesource.com/936644
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51570}
2018-02-26 13:53:33 +00:00
Jakob Gruber
9ea4a95a61 Revert "[builtins] Update off-heap-safe list"
This reverts commit 087e9daa79.

Reason for revert: https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/15549

Original change's description:
> [builtins] Update off-heap-safe list
> 
> TBR=yangguo@chromium.org
> 
> Bug: v8:6666
> Change-Id: I70ba2ecbc259431b571a2e5611494dd7725f2aa6
> Reviewed-on: https://chromium-review.googlesource.com/937302
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51567}

TBR=yangguo@chromium.org,jgruber@chromium.org

Change-Id: If37f28e0bfbd1fe495ec425d8306aa081e75eca4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/937303
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51569}
2018-02-26 13:50:54 +00:00
Clemens Hammacher
c9f7431cbb [Liftoff] Refactor unops
Refactor EmitUnOp to be templatized in the type and the emit function,
similar to EmitBinOp. This simplified adding f32 and f64 unops.

R=ahaas@chromium.org

Bug: v8:6600
Change-Id: Iaab473a3bbcc45673ff6190d6b56244c48bfa5a6
Reviewed-on: https://chromium-review.googlesource.com/937201
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51568}
2018-02-26 13:44:33 +00:00
jgruber
087e9daa79 [builtins] Update off-heap-safe list
TBR=yangguo@chromium.org

Bug: v8:6666
Change-Id: I70ba2ecbc259431b571a2e5611494dd7725f2aa6
Reviewed-on: https://chromium-review.googlesource.com/937302
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51567}
2018-02-26 13:43:28 +00:00
Peter Marshall
ec5c342798 [typedarray] Fix failing DCHECK for TA.from with a length getter.
I loosened the DCHECKs here but I think they are still fundamentally
safe: `length` must be <= the actual length of the source (so that
there are actually enough elements to copy), and `length` must also be
<= the destination length, minus the offset (so there is enough space
to copy the elements into).

Bug: chromium:816317
Change-Id: Ice00ac60f4884363f6065ffee71f6ab1d1b32dbc
Reviewed-on: https://chromium-review.googlesource.com/937209
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51566}
2018-02-26 13:42:23 +00:00
Marja Hölttä
dd3c4fca2f [objects.h splitting] Move Promise-related classes.
BUG=v8:5402,v8:7310

Change-Id: Ic3ee7d2dec0403e7831f51735365c26caadc6a7b
Reviewed-on: https://chromium-review.googlesource.com/934136
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51565}
2018-02-26 13:19:00 +00:00
Clemens Hammacher
d18125e7df Revert "[Assembler][x64] Make Operand immutable"
This reverts commit e7f9fb4a0d.

Reason for revert: msvc compile error: https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20msvc/builds/1573

Original change's description:
> [Assembler][x64] Make Operand immutable
> 
> This CL removes all setters from the Operand and removes the friendship
> relation between Assembler and Operand. All data fields of the Operand
> are set exactly once in the constructor, the Operand is immutable
> afterwards.
> In order to construct the data of an Operand easily, the OperandBuilder
> is introduced. After building an Operand, the data is copied to the
> const field of the Operand.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: v8:7310
> Change-Id: I1628052b8a0c47cbfbc3645dfdac5a0e9705977b
> Reviewed-on: https://chromium-review.googlesource.com/936741
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51563}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I8ae40de35e81765549f93ffe58f1b12286de6333
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7310
Reviewed-on: https://chromium-review.googlesource.com/936627
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51564}
2018-02-26 12:51:11 +00:00
Clemens Hammacher
e7f9fb4a0d [Assembler][x64] Make Operand immutable
This CL removes all setters from the Operand and removes the friendship
relation between Assembler and Operand. All data fields of the Operand
are set exactly once in the constructor, the Operand is immutable
afterwards.
In order to construct the data of an Operand easily, the OperandBuilder
is introduced. After building an Operand, the data is copied to the
const field of the Operand.

R=mstarzinger@chromium.org

Bug: v8:7310
Change-Id: I1628052b8a0c47cbfbc3645dfdac5a0e9705977b
Reviewed-on: https://chromium-review.googlesource.com/936741
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51563}
2018-02-26 12:17:00 +00:00
jgruber
9cd019543c [builtins] Add IsBuiltin convenience predicate
With this, `Builtins::IsBuiltinId(code->builtin_index())` turns into
`Builtins::IsBuiltin(code)`.

Bug: v8:6666
Change-Id: Id731299cf5eb3f213933d3a9b3ae78d9bb95e757
Reviewed-on: https://chromium-review.googlesource.com/937205
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51562}
2018-02-26 12:12:40 +00:00
jgruber
d7a9ca5de9 [safepoints] Support off-heap safepoint tables
There's two considerations involving off-heap code and safepoint
tables.

1. Since the safepoint table is embedded within the instructions area
of code objects, we need to ensure that the actual instruction size
(i.e.  safepoint_table_offset if a code object has safepoints) is
large enough for the off-heap trampoline.

2. The pc-relative calculation in SafepointTable::FindEntry must be
able to handle off-heap pcs.

Bug: v8:6666
Change-Id: I92a5ecc49d0a78755b89c3c5774523afb21cd724
Reviewed-on: https://chromium-review.googlesource.com/934242
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51561}
2018-02-26 12:09:30 +00:00
Predrag Rudic
330ad4f2fd MIPS64 Fix mjsunit/compiler/reflect-construct test failure
Change-Id: I9185b17c73ad4486b81538a8ce2f84271b820919
Reviewed-on: https://chromium-review.googlesource.com/936763
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51560}
2018-02-26 11:36:50 +00:00
Ulan Degenbaev
e8925ad509 [heap-profiler] Show key as the value retainer for weak maps.
The key -> value edge is shown as "<index> / WeakMap", where <index> is
the index of the edge in the key.

Bug: chromium:778739, chromium:749502
Change-Id: I657051695f2a171372788dbb777543a55a35d554
Reviewed-on: https://chromium-review.googlesource.com/926524
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51559}
2018-02-26 11:35:45 +00:00
Yang Guo
5d3c5784f5 [debug] remove ScriptBreakPointType from debug test api wrapper.
R=jgruber@chromium.org

Bug: v8:5530
Change-Id: I1680beaa665b6937df2e26d20cb69cc8577a21a9
Reviewed-on: https://chromium-review.googlesource.com/937203
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51558}
2018-02-26 11:34:40 +00:00
Yang Guo
9a561c82af [debug] remove outdated regression test.
TBR=jgruber@chromium.org
NOTREECHECKS=true
NOTRY=true

Change-Id: Id5d81f863fa6d14ac86d49b6516e577c2da7a999
Reviewed-on: https://chromium-review.googlesource.com/936543
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51557}
2018-02-26 11:27:40 +00:00
Sigurd Schneider
c64a32b1fc [turbofan] Change interface of builtin StringSubstring
This CL changes the builtin
  StringSubstring(string, start, end)
to take start and end as untagged IntPtr values.

Bug: v8:7250, v8:7340

Change-Id: I39700d087da903f076a6ca163a8f880d31eea3a0
Reviewed-on: https://chromium-review.googlesource.com/923961
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51556}
2018-02-26 10:46:11 +00:00
Clemens Hammacher
c1eaae646b [Assembler][ia32] Pass Operand by value
The Operand class is small enough to be efficiently passed by value.
This saves binary size and performance because the Operand does not need
to be emitted to the caller's frame and loaded in the callee.
Binary saving is 37kB in release mode on ia32.

R=mstarzinger@chromium.org

Bug: v8:7310
Change-Id: Ibc103622ec216725c762c2ba4bb96451c99db556
Reviewed-on: https://chromium-review.googlesource.com/934264
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51555}
2018-02-26 10:27:59 +00:00
Nico Weber
bd7204998a Disable snapshots in 64-bit win/cross builds for now.
Snapshots don't yet work in 64-bit win/cross builds, so disable them
until they do.

No behavior change in builds that aren't 64-bit win/cross builds.

Bug: chromium:803591
Change-Id: I7a04c7e01a58a95a2bfb78c7d2593c7c5c5041cf
Reviewed-on: https://chromium-review.googlesource.com/936668
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51554}
2018-02-26 10:13:49 +00:00
Michael Starzinger
be4cd67ce2 [turbofan] Support poisoning arguments in JavaScript.
This adds support for poisoning the stack pointer and implicit register
arguments like the context register and the function register in the
prologue of generated code with JavaScript linkage. The speculation
poison is computed similarly to the interpreter by matching expected
with actual code start addresses.

R=jarin@chromium.org,rmcilroy@chromium.org
BUG=chromium:798964

Change-Id: I5fa48844745459cf7b3d00c407a7b835f61c857b
Reviewed-on: https://chromium-review.googlesource.com/919167
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51553}
2018-02-26 10:04:59 +00:00
Yang Guo
175fc49c6e [debug] remove legacy implementation for break points.
R=herhut@chromium.org, jgruber@chromium.org

Bug: v8:7310, v8:5510
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Icefd10b6cc210e5bb2684d18b091179ead387326
Reviewed-on: https://chromium-review.googlesource.com/934445
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51552}
2018-02-26 10:01:39 +00:00
Benedikt Meurer
d504203e93 [turbofan] Consistently use String feedback for JSAdd.
Currently we didn't always consistently use the String feedback on
JSAdd, but only if JSTypedLowering would already figure out statically
that one of the inputs is already a String. That leads to some odd
performance cliffs, as highlighted in the referenced bug.

This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
String feedback. This improves the relevant performance tests from the
bug from

  console.timeEnd: Runtime join3, 967.512000
  console.timeEnd: Runtime join, 1004.599000
  console.timeEnd: Runtime join3, 1124.764000
  console.timeEnd: Runtime join, 966.164000
  console.timeEnd: Runtime join3, 1145.296000
  console.timeEnd: Runtime join, 966.176000
  console.timeEnd: Runtime join3, 1145.272000
  console.timeEnd: Runtime join, 931.266000

to

  console.timeEnd: Runtime join3, 903.050000
  console.timeEnd: Runtime join, 856.509000
  console.timeEnd: Runtime join3, 945.144000
  console.timeEnd: Runtime join, 840.038000
  console.timeEnd: Runtime join3, 927.965000
  console.timeEnd: Runtime join, 841.263000
  console.timeEnd: Runtime join3, 929.342000
  console.timeEnd: Runtime join, 858.143000

which corresponds to an 8-18% improvement.

Bug: v8:7415
Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
Reviewed-on: https://chromium-review.googlesource.com/936643
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51551}
2018-02-26 09:57:09 +00:00
Marja Hölttä
80e0a759fd [iwyu] More iwyu fixes (date, execution etc.)
Removing includes which are not needed and also not indirectly pulled in.

BUG=v8:7490, v8:7310

Change-Id: I219ba92c3281c3c245cc6c5574c85c2d51a217a9
Reviewed-on: https://chromium-review.googlesource.com/934722
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51550}
2018-02-26 08:59:59 +00:00
jgruber
f352bbdcd3 [contexts] Remove unused native context slots
Bug: v8:7310
Change-Id: Ib9c40bababbb688305be7bea262a4348805a1f18
Reviewed-on: https://chromium-review.googlesource.com/936762
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51549}
2018-02-26 08:32:19 +00:00
Benedikt Meurer
597852f815 [turbofan] Further harden the JSCreateClosure nodes.
The CreateClosureMode introduced with 2ece046c5 is still not 100%
fail-safe and doesn't scale. What we really need instead, especially
when we might start removing the SharedFunctionInfo::code field
eventually, is to tell the JSCreateClosure node which code object to
use. So instead of adding magic around it, let's just pass it to the
node.

Bug: v8:2206, v8:7253, v8:7310
Change-Id: Iedb6ae468a763643617975f47d96854d1aeafbe9
Reviewed-on: https://chromium-review.googlesource.com/937121
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51548}
2018-02-26 07:35:32 +00:00
Benedikt Meurer
2ece046c5b [turbofan] Introduce explicit CreateClosureMode.
We use JSCreateClosure to also constructs closures for builtins, i.e.
for the callbacks created by the Promise constructor. For these builtins
we cannot set code to CompileLazy builtin, but need to use the code from
the SharedFunctionInfo. The explicit mode tells the lowering what it
should do (instead of relying on SharedFunctionInfo::native(), which is
not the right bit).

Bug: v8:2206, v8:7253, v8:7310
Change-Id: Ic956814e137c57b36ebb5d7b4d964dde5ee51a0d
Reviewed-on: https://chromium-review.googlesource.com/930964
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51547}
2018-02-26 04:30:10 +00:00