Commit Graph

2427 Commits

Author SHA1 Message Date
Benedikt Meurer
318e5230ea [turbofan] Handle LoadField with type mismatch in LoadElimination.
This allows to replace redundant LoadField's whose type doesn't match
the type of the replacement, by just turning those LoadField's into
TypeGuard's.

Bug: v8:8070
Change-Id: Ia329bb536f8829be27e070e90e9eaae0618dac7a
Reviewed-on: https://chromium-review.googlesource.com/1188131
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55407}
2018-08-24 13:43:54 +00:00
Ben L. Titzer
f0409b91c9 [gcc] Minor syntactic fixes for older gcc
R=ahaas@chromium.org

Change-Id: Ida5a43f65d09a48cce316185932f6d863b0e58a4
Reviewed-on: https://chromium-review.googlesource.com/1184711
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55295}
2018-08-22 10:01:46 +00:00
Peter Marshall
2923d2d44a Fix a bug in ZoneChunkList::Find() at chunk boundaries.
We would return the wrong chunk for the first element past the chunk
boundary, e.g. if the first chunk was size=8, then Find(8) would
return an address in the first block rather than the second one.

Bug: v8:8077
Change-Id: I90281f853dd7ca68dc065ed773d0ae9787f00988
Reviewed-on: https://chromium-review.googlesource.com/1183483
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55294}
2018-08-22 09:37:41 +00:00
Bogdan Lazarescu
f26eaaa9a8 Use TBZ/TBNZ regardless of CanCover() check.
This is useful even if there are other uses of the
arithmetic result, because it moves dependencies further back.

Change-Id: I6136a657b547198cb4ec92f38b89ddf5df334124
Reviewed-on: https://chromium-review.googlesource.com/1179662
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bogdan Lazarescu <bogdan.lazarescu@arm.com>
Cr-Commit-Position: refs/heads/master@{#55292}
2018-08-22 09:35:34 +00:00
Michael Lippautz
a6938128f4 [embedder-tracing] Add GarbageCollectionForTesting call
This call can be used by embedder to request a GC for testing reasons.
The GC also takes the current embedder stack state as an argument that
is forwarded to the embedder when entering the atomic pause.

This way embedders can request garbage collections for testing and set
how the embedder should treat the stack.

Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id10604565b4457dd0fca402afeb5f8e592fa0bae
Reviewed-on: https://chromium-review.googlesource.com/1183431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55285}
2018-08-21 18:42:05 +00:00
Toon Verwaest
fcfd995aa1 [scanner] Go back to untemplatized scanning with buffering
This reverts the following 3 CLs:

Revert "[scanner] Templatize scan functions by encoding"
Revert "[asm] Remove invalid static cast of character stream"
Revert "[scanner] Prepare CharacterStreams for specializing scanner and parser by character type"

The original idea behind this work was to avoid copying, converting and
buffering characters to be scanned by specializing the scanner functions. The
additional benefit was for scanner functions to have a bigger window over the
input. Even though we can get a pretty nice speedup from having a larger
window, in practice this rarely helps. The cost is a larger binary.

Since we can't eagerly convert utf8 to utf16 due to memory overhead, we'd also
need to have a specialized version of the scanner just for utf8. That's pretty
complex, and likely won't be better than simply bulk converting and buffering
utf8 as utf16.

Change-Id: Ic3564683932a0097e3f9f51cd88f62c6ac879dcb
Reviewed-on: https://chromium-review.googlesource.com/1183190
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55258}
2018-08-21 10:52:52 +00:00
Toon Verwaest
daff05a093 [asm] Remove invalid static cast of character stream
TBR=ahaas@chromium.org

Change-Id: I862cae063d85703235ead073b0f23515721a409f
Reviewed-on: https://chromium-review.googlesource.com/1181431
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55226}
2018-08-20 17:04:28 +00:00
Camillo Bruni
e1a76995ef [api][runtime] Support all-in ctors of {Named,Indexed}PropertyHandlerConfiguration
- Explicitly allows construction of
{Named,Indexed}PropertyHandlerConfiguration with all the members filled.

Bug: v8:7612
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I426ea33846b5dbf2b3482c722c963a6e4b0abded
Reviewed-on: https://chromium-review.googlesource.com/1163882
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55142}
2018-08-15 21:28:09 +00:00
Ulan Degenbaev
4d474c51d8 [heap] Reuse freed CodeRange addresses.
This patch adds a singleton that tracks recently freed code range
regions and provides hints for newly created code ranges such that
the freed addresses are reused.

This is a workaround for the CFG leak described in the linked bug.

Bug: chromium:870054

Change-Id: Ice237a056268379f0fef40abdb1accad125a56b3
Reviewed-on: https://chromium-review.googlesource.com/1174837
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55139}
2018-08-15 18:53:11 +00:00
Camillo Bruni
0027c83440 [callbacks] Properly support RCS for ApiAccessors and Callbacks.
Bug: chromium:782550

Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I4426415b55772d82bd16b638c3c533320efa3b72
Reviewed-on: https://chromium-review.googlesource.com/771752
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55138}
2018-08-15 15:25:14 +00:00
Sathya Gunasekaran
7eded3003a Revert "[heap] Attempt to incorporate backing store counters into heap sizing and GC trigger stragery."
This reverts commit ba735dde20.

Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/21991

Original change's description:
> [heap] Attempt to incorporate backing store counters into heap sizing and GC trigger stragery.
> 
> Bug: chromium:845409
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: Ic62a4339110e3dd2a6b1961a246e2bee0c07c03b
> Reviewed-on: https://chromium-review.googlesource.com/1160162
> Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55128}

TBR=ulan@chromium.org,mlippautz@chromium.org,rfbpb@google.com

Change-Id: Iaf65227c65c11effa11662ac7d7bd7736f4d7846
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:845409
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1174858
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55129}
2018-08-14 17:17:17 +00:00
Rodrigo Bruno
ba735dde20 [heap] Attempt to incorporate backing store counters into heap sizing and GC trigger stragery.
Bug: chromium:845409
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic62a4339110e3dd2a6b1961a246e2bee0c07c03b
Reviewed-on: https://chromium-review.googlesource.com/1160162
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55128}
2018-08-14 16:31:32 +00:00
Benedikt Meurer
5fecd146bf [turbofan] Further optimize DataView accesses.
This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).

This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.

Bug: chromium:225811
Change-Id: I7c1ec826faf46a144a5a9068f8f815a5fd040997
Reviewed-on: https://chromium-review.googlesource.com/1174252
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55111}
2018-08-14 09:20:47 +00:00
Leszek Swirski
6a62d88e9b Revert "[turbofan] Further optimize DataView accesses."
This reverts commit c46915b931.

Reason for revert: Disasm failures https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/21727 

Original change's description:
> [turbofan] Further optimize DataView accesses.
> 
> This adds support for unaligned load/store access to the DataView
> backing store and uses byteswap operations to fix up the endianess
> when necessary. This changes the Word32ReverseBytes operator to be
> a required operator and adds the missing support on the Intel and
> ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
> is also mandatory now).
> 
> This further improves the performance on the dataviewperf.js test
> mentioned in the tracking bug by up to 40%, and at the same time
> reduces the code complexity in the EffectControlLinearizer.
> 
> Bug: chromium:225811
> Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
> Reviewed-on: https://chromium-review.googlesource.com/1172777
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55099}

TBR=sigurds@chromium.org,bmeurer@chromium.org

Change-Id: If7a62e3a1a4ad26823fcbd2ab6eb4c053ad11c49
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:225811
Reviewed-on: https://chromium-review.googlesource.com/1174171
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55107}
2018-08-14 08:25:24 +00:00
Benedikt Meurer
c46915b931 [turbofan] Further optimize DataView accesses.
This adds support for unaligned load/store access to the DataView
backing store and uses byteswap operations to fix up the endianess
when necessary. This changes the Word32ReverseBytes operator to be
a required operator and adds the missing support on the Intel and
ARM platforms (on 64-bit platforms the Word64ReverseBytes operator
is also mandatory now).

This further improves the performance on the dataviewperf.js test
mentioned in the tracking bug by up to 40%, and at the same time
reduces the code complexity in the EffectControlLinearizer.

Bug: chromium:225811
Change-Id: I296170b828c2ccc1c317ed37840b564aa14cdec2
Reviewed-on: https://chromium-review.googlesource.com/1172777
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55099}
2018-08-13 19:23:28 +00:00
Camillo Bruni
46f000bc54 [CSA] Replace Word32Not with Word32BitwiseNot
This should make the uses of binary vs. bitwise not very clear:
- Word32BinaryNot for logical negation
- Word32BitwiseNot for bitwise negation

Change-Id: I3345913111da0dbdae6fdf285f090b67eb3f3afc
Reviewed-on: https://chromium-review.googlesource.com/1169205
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55091}
2018-08-13 15:23:35 +00:00
Ben L. Titzer
6aa2a25313 [wasm] Add WasmFeatures to enable/detect features
This CL introduces a set of configuration options implemented as
a struct of booleans that together comprise the set of enabled
or detected features. The configuration options replace command-line
flags that were checked deep in the implementation. As such, it is
necessary to plumb them through multiple levels of abstraction.

R=ahaas@chromium.org
CC=mstarzinger@chromium.org
BUG=chromium:868844

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1b82f5826e4fd263f68e8cafcd923bac5818a637
Reviewed-on: https://chromium-review.googlesource.com/1163670
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55018}
2018-08-09 10:58:22 +00:00
Rodrigo Bruno
ecf51e3477 [heap] refactoring HeapController.
The HeapController is now refactored in a way that new controllers only
need to specify the constants that define how a space grows and shrinks.

Bug: chromium:845409
Change-Id: I804eed440a791d6fbd232b7540a1cbe66b16a5f1
Reviewed-on: https://chromium-review.googlesource.com/1165347
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55006}
2018-08-09 09:04:26 +00:00
Junliang Yan
a27871d527 PPC/s390: Reland "[turboassembler] Introduce hard-abort mode"
Port d324382e1c

and

Port bd3f0a684b

Original Commit Message:

    This is a reland of a462a7854a

    Original change's description:
    > [turboassembler] Introduce hard-abort mode
    >
    > For checks and assertions (mostly for debug code, like stack alignment
    > or zero extension), we had two modes: Emit a call to the {Abort}
    > runtime function (the default), and emit a debug break (used for
    > testing, enabled via --trap-on-abort).
    > In wasm, where we cannot just call a runtime function because code must
    > be isolate independent, we always used the trap-on-abort behaviour.
    > This causes problems for our fuzzers, which do not catch SIGTRAP, and
    > hence do not detect debug code failures.
    >
    > This CL introduces a third mode ("hard abort"), which calls a C
    > function via {ExternalReference}. The C function still outputs the
    > abort reason, but does not print the stack trace. It then aborts via
    > "OS::Abort", just like the runtime function.
    > This will allow fuzzers to detect the crash and even find a nice error
    > message.
    >
    > Even though this looks like a lot of code churn, it is actually not.
    > Most added lines are new tests, and other changes are minimal.
    >
    > R=mstarzinger@chromium.org
    >
    > Bug: chromium:863799
    > Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
    > Reviewed-on: https://chromium-review.googlesource.com/1142163
    > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
    > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#54592}

R=clemensh@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I60023470fa07576fd313f628ade06e279d5f4927
Reviewed-on: https://chromium-review.googlesource.com/1165822
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54980}
2018-08-08 14:41:22 +00:00
Michael Starzinger
7579b1e3c8 [wasm] Support concurrent patching of jump table.
This adds initial support for concurrently patching jump table slots. It
is needed once different Isolates share code (for the --wasm-shared-code
feature). We need to ensure that instructions holding the target address
within a jump table slot do not cross cache-line boundaries. To do this,
the jump table has been split into consecutive pages.

Note that this also adds a stress test for multiple threads hammering at
a single slot concurrently. The test is currently limited to the ia32
and the x64 architecture, but will be extended to cover others. The test
reliably triggers tearing of the target address on almost every run of
the test and hence serves to prevent regressions.

R=clemensh@chromium.org
TEST=cctest/test-jump-table-assembler
BUG=v8:8018

Change-Id: Ife56bbb61ffcae5d8906ca7b8c604b195603707c
Reviewed-on: https://chromium-review.googlesource.com/1163664
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54942}
2018-08-07 11:20:09 +00:00
Ivica Bogosavljevic
65624c9ec6 MIPS: Disable Word32SarWithWord32Shl on MIPSr1
MIPSr1 doesn't support SEB and SEH instructions and this
causes test InstructionSelectorTest.Word32SarWithWord32Shl to fail.

This CL disables this test on MIPSr1.

TEST=unittests/InstructionSelectorTest.Word32SarWithWord32Shl

Change-Id: I284a85210bd0d38374ca339671643560e8a305e2
Reviewed-on: https://chromium-review.googlesource.com/1164363
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#54939}
2018-08-07 09:27:17 +00:00
Florian Sattler
e2201a4458 Reland "Applied noexcept to all mctors and massigns"
This is a reland of baa055c7a6

Original change's description:
> Applied noexcept to all mctors and massigns
> 
> Refactoring the code base to use noexcept for their move constructors and move
> assignment operators.
> 
> Bug: v8:7999
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I13d24eddba3bfa601cff26fd680a040cf4e71426
> Reviewed-on: https://chromium-review.googlesource.com/1152817
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Florian Sattler <sattlerf@google.com>
> Cr-Commit-Position: refs/heads/master@{#54841}

Bug: v8:7999
Change-Id: I72394e326a4f8da462ee6285511d721440ceb21d
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1158646
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#54863}
2018-08-02 10:37:09 +00:00
Ben L. Titzer
99de47f155 [cleanup] Remove redundant wasm:: namespace prefixes
The wasm/ directory is inconsistent in many places, often within the
same file. For all code that exists in a v8::internal::wasm namespace,
this CL removes any wasm:: qualifiers, which is especially helpful
since most types are already Wasm-named, such as WasmCode, WasmModule,
etc. Namespace qualifiers are redundant inside the wasm:: namespace and
thus go against the main point of using namespaces. Removing the
qualifiers for non Wasm-named classes also makes the code somewhat more
future-proof, should we move some things that are not really WASM-specific
(such as ErrorThrower and Decoder) into a higher namespace.

R=clemensh@chromium.org,mstarzinger@chromium.org

Change-Id: Ibff3e1e93c64c12dcb53c46c03d1bfb2fb0b7586
Reviewed-on: https://chromium-review.googlesource.com/1160232
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54862}
2018-08-02 10:36:00 +00:00
Rodrigo Bruno
d623c25a84 [heap] Refactoring HeapController. Created new ExternalMemoryController.
This CL introduces a new MemoryController that will be used to control
the size of external memory (array buffers and external string for now).

Bug: chromium:845409
Change-Id: I119506ce0243ac33cec2b783b888b53ee11225a9
Reviewed-on: https://chromium-review.googlesource.com/1156393
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54854}
2018-08-02 06:52:26 +00:00
Toon Verwaest
2d40e2f445 [scanner] Prepare CharacterStreams for specializing scanner and parser by character type
This templatizes CharacterStream by char type, and makes them subclass ScannerStream.
Methods that are widely used by tests are marked virtual on ScannerStream and final on
CharacterStream<T> so the specialized scanner will know what to call. ParseInfo passes
around ScannerStream, but the scanner requires the explicit CharacterStream<T>. Since
AdvanceUntil is templatized by FunctionType, I couldn't mark that virtual; so instead
I adjusted those tests to operate directly on ucs2 (not utf8 since we'll drop that in
the future).

In the end no functionality was changed. Some calls became virtual in tests. This is
mainly just preparation.

Change-Id: I0b4def65d3eb8fa5c806027c7e9123a590ebbdb5
Reviewed-on: https://chromium-review.googlesource.com/1156690
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54848}
2018-08-01 15:11:50 +00:00
Clemens Hammacher
8332c0ff11 Revert "Applied noexcept to all mctors and massigns"
This reverts commit baa055c7a6.

Reason for revert: mips compile failure: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mips%20-%20builder/18458

Original change's description:
> Applied noexcept to all mctors and massigns
> 
> Refactoring the code base to use noexcept for their move constructors and move
> assignment operators.
> 
> Bug: v8:7999
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I13d24eddba3bfa601cff26fd680a040cf4e71426
> Reviewed-on: https://chromium-review.googlesource.com/1152817
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Florian Sattler <sattlerf@google.com>
> Cr-Commit-Position: refs/heads/master@{#54841}

TBR=marja@chromium.org,yangguo@chromium.org,ahaas@chromium.org,jgruber@chromium.org,sattlerf@google.com

Change-Id: I49757025daac368a647887a63164e927f0106803
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7999
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1158644
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54843}
2018-08-01 13:19:09 +00:00
Florian Sattler
baa055c7a6 Applied noexcept to all mctors and massigns
Refactoring the code base to use noexcept for their move constructors and move
assignment operators.

Bug: v8:7999

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I13d24eddba3bfa601cff26fd680a040cf4e71426
Reviewed-on: https://chromium-review.googlesource.com/1152817
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Florian Sattler <sattlerf@google.com>
Cr-Commit-Position: refs/heads/master@{#54841}
2018-08-01 13:00:30 +00:00
Clemens Hammacher
91ab657e36 Enable TurboAssembler tests on native android
We currently don't execute the tests on android, because the error
message is redirected to the android log. What we can still to though
is ensuring that the call aborts the process, but just ignore the error
message.

R=mstarzinger@chromium.org

Bug: chromium:863799
Change-Id: I54b503849358133ffe647be83eae7a964c2ac49e
Reviewed-on: https://chromium-review.googlesource.com/1148444
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54839}
2018-08-01 12:20:17 +00:00
Georg Neis
bb9cf1cb03 [turbofan] Put some tests under a canonical handle scope.
The heap broker expects that handles get canonicalized.

R=jarin@chromium.org

Bug: v8:7790
Change-Id: If6162316bb2a256e783a8175ac7d4172d040b28b
Reviewed-on: https://chromium-review.googlesource.com/1155123
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54823}
2018-07-31 18:20:53 +00:00
Georg Neis
6034d2f88f Remove unnecessary 'size' argument from TYPED_ARRAYS macro.
Use sizeof of the C type instead.

Also fix a few #undef's that got reported after my changes.

R=jarin@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I30a43b3d93e6df04fb9fb33050b52988edd7fdb1
Reviewed-on: https://chromium-review.googlesource.com/1155108
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54817}
2018-07-31 12:29:13 +00:00
Ivica Bogosavljevic
5f0c25b1c7 Update MIPS file ownership to @wavecomp.com e-mail addresses
MIPS team has moved to new @wavecomp.com e-mail addresses.
This CL is not actually changing owners, it only renames the
owners to the new email addresses.

No-Presubmit: true
Change-Id: Ic334defa06a36d974de87e99ed6c30bdf021958f
Reviewed-on: https://chromium-review.googlesource.com/1151349
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54732}
2018-07-26 16:28:10 +00:00
Michael Lippautz
db02a0eb18 [heap] Fix SpacesTest.WriteBarrierFromHeapObject
Instead of actually allocating an objects just test the corner cases
around the page boundary by casting addresses.

Bug: v8:7984
Change-Id: I27615cc193d6f85abc91cfe898719a4a9b761f23
Reviewed-on: https://chromium-review.googlesource.com/1151114
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54717}
2018-07-26 11:17:14 +00:00
Michael Lippautz
ecae8bae8a [heap] Ignore SpacesTest.WriteBarrierFromHeapObject
The test creates a new spaces without hooking it up into Heap, which
makes allocations crash.

Tbr: leszeks@chromium.org
No-try: true
Bug: v8:7984
Change-Id: I58c43eedd4fbbedfacfdee3a3bae99c4107404ec
Reviewed-on: https://chromium-review.googlesource.com/1151112
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54713}
2018-07-26 09:36:51 +00:00
Georgia Kouveli
079eee4387 [arm][arm64] Fix TurboAssembler tests for hard aborts
The tests were not flushing the i-cache before calling the generated
code. Use Factory::NewCode to make sure that the i-cache is flushed
instead.

Bug: v8:7977
Change-Id: I9c7c6f0d0e31700634e50279e75858a5d74603d8
Reviewed-on: https://chromium-review.googlesource.com/1150165
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#54711}
2018-07-26 09:12:58 +00:00
Michael Lippautz
9e3d6cbec5 [heap,iwyu] Provide slim write barrier header
Move write barrier essentials into heap/heap-write-barrier-inl.h. Avoid
including further heap inline headers by relying on constant to load
flags from.

Bug: v8:7490
Change-Id: I2891299f1b1ca2c3e2031cb9c63b583b1665e3f9
Reviewed-on: https://chromium-review.googlesource.com/1148448
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54710}
2018-07-26 09:04:48 +00:00
Clemens Hammacher
58b98c0e98 [arm] Fix status line to skip flaky test
TBR=mstarzinger@chromium.org

No-Try: true
Bug: v8:7976
Change-Id: I12585016afbf86e3d50bacb45a57ab20b6be72ff
Reviewed-on: https://chromium-review.googlesource.com/1148728
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54667}
2018-07-24 20:41:52 +00:00
Clemens Hammacher
be664ceeb0 Skip new test that crashes flakily on native arm
TBR=mstarzinger@chromium.org

No-Try: true
Bug: v8:7977
Change-Id: Idcf88b884a7ad904243f0046aa0bbef118fb19ad
Reviewed-on: https://chromium-review.googlesource.com/1148576
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54664}
2018-07-24 17:57:25 +00:00
Clemens Hammacher
d324382e1c Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 15:58:46 +00:00
Tobias Tebbi
f31c6419eb [torque] add unittest for Earley parser
Change-Id: I02c117ef66480eb73eb9cc1d4f80bbc64e9d3624
Reviewed-on: https://chromium-review.googlesource.com/1146655
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54649}
2018-07-24 14:01:33 +00:00
Leszek Swirski
40c8184346 [cleanup] Use ZoneChunkList in the parser
Replace most uses of ZoneList in the parser with ZoneChunkList, which is
more Zone allocation friendly. Includes rewriting some index-based loops
as iterator-based, since ZoneChunkList random access isn't constant
time.

Bug: v8:7754
Change-Id: I49052b8afb90a4f3bfbe4076c2f90505b598e47a
Reviewed-on: https://chromium-review.googlesource.com/1145382
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54631}
2018-07-24 09:04:42 +00:00
Michael Starzinger
131fb7248a [wasm] Remove Isolate from module decoder entry points.
R=ahaas@chromium.org

Change-Id: I7c6fd17f36d33451ce7605e74002515295c7ad1c
Reviewed-on: https://chromium-review.googlesource.com/1145195
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54629}
2018-07-24 08:59:32 +00:00
Georg Neis
8994347c35 [turbofan] Prepare broker for serialization.
We'll soon start collecting data from the JS heap prior to the typed
lowering pass, and then refrain from reading the heap in that pass.
This CL prepares the broker machinery by introducing a hash table that
maps an object (handle) to the corresponding cached data. For the time
being, that cached data is essentially just the handle itself.

Bug: v8:7790
Change-Id: I830e9c72faafb7ae1d10e8a111636b3a3762bbc6
Reviewed-on: https://chromium-review.googlesource.com/1143405
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54618}
2018-07-23 17:20:49 +00:00
Stephan Herhut
6d25cab2c8 [cleanup] Split off api-inl.h from api.h to make latter self contained
api.h had an implicit dependency on objects-inl.h.

Bug: v8:7490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I56ef7abefed7205bdbff2aa5f451f1a843bef9f9
Reviewed-on: https://chromium-review.googlesource.com/1145191
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54616}
2018-07-23 16:03:49 +00:00
Ross Mcilroy
64e3912f10 [cleanup] Remove deprecated calls to Write[OneByte/Utf8].
Replace with isolate version.

BUG=v8:7754

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iac7091b983960d22b892074c5fd0a97dee9025c9
Reviewed-on: https://chromium-review.googlesource.com/1146332
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54604}
2018-07-23 09:01:08 +00:00
Sigurd Schneider
039c18e19a Speculatively revert "[turboassembler] Introduce hard-abort mode"
This reverts commit a462a7854a.

Reason for revert: Breaks a TurboAssembler test:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm/7726

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I60c011cfe262ccebbb9abf32699a9fe17e72a3c8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:863799
Reviewed-on: https://chromium-review.googlesource.com/1145431
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54597}
2018-07-20 17:28:49 +00:00
Caitlin Potter
b6f7ea5805 [runtime] use new CloneObject bytecode for some ObjectLiteralSpread cases
As discussed in
https://docs.google.com/document/d/1sBdGe8RHgeYP850cKSSgGABTyfMdvaEWLy-vertuTCo/edit?ts=5b3ba5cc#,

this CL introduces a new bytecode (CloneObject), and a new IC type.

In this prototype implementation, the type feedback looks like the
following:

Uninitialized case:
  { uninitialized_sentinel, uninitialized_sentinel }
Monomorphic case:
  { weak 'source' map, strong 'result' map }
Polymorphic case:
  { WeakFixedArray with { weak 'source' map, strong 'result' map }, cleared value }
Megamorphic case:
  { megamorphic_sentinel, cleared_Value }

In the fast case, Object cloning is done by allocating an object with
the saved result map, and a shallow clone of the fast properties from
the source object, as well as cloned fast elements from the source object.
If at any point the fast case can't be taken, the IC transitions to the
slow case and remains there.

This prototype CL does not include any TurboFan optimization, and the
CloneObject operation is merely reduced to a stub call.

It may still be possible to get some further improvements by somehow
incorporating compile-time boilerplate elements into the cloned object,
or simplifying how the boilerplate elements are inserted into the
object.

In terms of performance, we improve the ObjectSpread score in JSTests/ObjectLiteralSpread/
by about 8x, with substantial improvements over the Babel and ObjectAssign scores.

R=gsathya@chromium.org, mvstanton@chromium.org, rmcilroy@chromium.org, neis@chromium.org, bmeurer@chromium.org
BUG=v8:7611

Change-Id: I79e1796eb77016fb4feba0e1d3bb9abb348c183e
Reviewed-on: https://chromium-review.googlesource.com/1127472
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54595}
2018-07-20 16:48:59 +00:00
Clemens Hammacher
a462a7854a [turboassembler] Introduce hard-abort mode
For checks and assertions (mostly for debug code, like stack alignment
or zero extension), we had two modes: Emit a call to the {Abort}
runtime function (the default), and emit a debug break (used for
testing, enabled via --trap-on-abort).
In wasm, where we cannot just call a runtime function because code must
be isolate independent, we always used the trap-on-abort behaviour.
This causes problems for our fuzzers, which do not catch SIGTRAP, and
hence do not detect debug code failures.

This CL introduces a third mode ("hard abort"), which calls a C
function via {ExternalReference}. The C function still outputs the
abort reason, but does not print the stack trace. It then aborts via
"OS::Abort", just like the runtime function.
This will allow fuzzers to detect the crash and even find a nice error
message.

Even though this looks like a lot of code churn, it is actually not.
Most added lines are new tests, and other changes are minimal.

R=mstarzinger@chromium.org

Bug: chromium:863799
Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
Reviewed-on: https://chromium-review.googlesource.com/1142163
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54592}
2018-07-20 14:44:29 +00:00
Michael Starzinger
bced36d203 [wasm] Remove some dead module decoder entry points.
R=clemensh@chromium.org
BUG=v8:7754

Change-Id: Ia4c2fb2d87c8a5de96fa9f1f0621d21ae3eda611
Reviewed-on: https://chromium-review.googlesource.com/1145181
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54591}
2018-07-20 13:56:04 +00:00
Marja Hölttä
ff5cafd031 [iwyu] api.h iwyu
This reduces the build steps from touching api.h: 269 -> 156

BUG=v8:7754,v8:7490

Change-Id: I75abaeea4cc78027a47304ff9b9f6b12bdb2b75e
Reviewed-on: https://chromium-review.googlesource.com/1144929
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54583}
2018-07-20 11:49:02 +00:00
Leszek Swirski
c941f11abd [sfi] Remove SFI function identifier field
Remove the function identifier field from SharedFunctionInfo. This field
would store one of a) the function's inferred name, b) the "builtin
function id", or c) debug info. We remove these in turn:

a) The function's inferred name is available on the ScopeInfo, so like
   the start/end position we read it off either the ScopeInfo (for
   compiled functions) or the UncompiledData (for uncompiled functions).

   As a side-effect, now both UncompiledData and its subclass,
   UncompiledDataWithPreparsedScope, contain a pointer field. To keep
   BodyDescriptors manageable, we introduce a SubclassBodyDescriptor
   which effectively appends two BodyDescriptors together.

b) The builtin function id is < 255, so we can steal a byte from
   expected no. of properies (also <255) and store these together.
   Eventually we want to get rid of this field and use the builtin ID,
   but this is pending JS builtin removal.

   As a side-effect, BuiltinFunctionId becomes an enum class (for better
   storage size guarantees).

c) The debug info can hang off anything (since it stores the field it
   replaces), so we can attach it to the script field instead.

This saves a word on compiled function (uncompiled functions
unfortunately still have to store it in UncompiledData).

Bug: chromium:818642
Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996
Reviewed-on: https://chromium-review.googlesource.com/1138328
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54543}
2018-07-19 09:07:11 +00:00