Commit Graph

48727 Commits

Author SHA1 Message Date
Sigurd Schneider
38bec2eadc [TurboFan] Don't generate reloc info for builtin calls at runtime
If a call to a builtin is generated at run-time (vs at snapshot time)
we don't need to tag the call/jump with relocation info, as the builtin
address will not change.

The only way to generate a builtin call at snapshot time is via

MacroAssembler::JumpToInstructionStream where we keep OFF_HEAP_TARGET.
The reloc info for builtin calls and jumps is set to NONE.

Bug: v8:6666
Change-Id: I9e8ad9f23481a2177e69352a56010084336402e7
Reviewed-on: https://chromium-review.googlesource.com/1105758
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53835}
2018-06-19 11:34:08 +00:00
Michael Starzinger
c5dd9f40b2 [turbofan] Use std::setw to print instruction block.
R=jarin@chromium.org

Change-Id: I369684ee6ccff83329bcc4f463b922e0263ae0b0
Reviewed-on: https://chromium-review.googlesource.com/1105823
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53834}
2018-06-19 11:29:58 +00:00
Clemens Hammacher
e69b8f8969 [wasm] Create WasmCompiledModule together with WasmModuleObject
We need to create one {WasmCompiledModule} before creating the
{WasmModuleObject}. This CL refactors the code such that the
{WasmModuleObject} itself creates the {WasmCompiledModule}. This moves
us closer to removing the {WasmCompiledModule}.

R=titzer@chromium.org

Change-Id: I9f85e47f643c39840036f4f1f92df736732c8f74
Reviewed-on: https://chromium-review.googlesource.com/1105762
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53833}
2018-06-19 10:48:28 +00:00
Michael Achenbach
0256c6d0cd [build] Add ubsan blacklist file
The blacklist is needed to make compilation work.

TBR=sergiyb@chromium.org
NOTRY=true

Bug: chromium:853202
Change-Id: Ie867b3605a42ddbcf02514965652ff89121be14d
Reviewed-on: https://chromium-review.googlesource.com/1105830
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53832}
2018-06-19 10:46:53 +00:00
Clemens Hammacher
e238791024 [iwyu] Add missing includes in frame-constants-*.h
This also restores some uniformity in these headers.

R=mstarzinger@chromium.org

Change-Id: Ic3a941bce287596f564ba9f87f3a8ca2c46c2ee2
Reviewed-on: https://chromium-review.googlesource.com/1105763
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53831}
2018-06-19 10:45:48 +00:00
Michael Achenbach
bd4a4e11b8 Revert "[test] Initialize slow-dcheck runtime flag with compile time value"
This reverts commit 2c1e4aa990.

Reason for revert:
https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/11591

Original change's description:
> [test] Initialize slow-dcheck runtime flag with compile time value
> 
> This makes sure slow dchecks are part of the snapshot when the compile
> time flag is set. It'll also obviate the need to set the runtime flag
> in general, making configurations simpler.
> 
> It's still possible to opt out at runtime for the non-snapshot dchecks
> using the negated runtime flag.
> 
> Bug: v8:7853
> Change-Id: Iadfc46ed691d32e9d39717e2ea0383e784660d1d
> Reviewed-on: https://chromium-review.googlesource.com/1105050
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53819}

TBR=machenbach@chromium.org,cbruni@chromium.org,jgruber@chromium.org,szuend@google.com

Change-Id: If209aa824749f358a892218dda99c30b1a63b99d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7853
Reviewed-on: https://chromium-review.googlesource.com/1105857
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53830}
2018-06-19 10:41:09 +00:00
Clemens Hammacher
5f56641b41 Reland "[wasm] Introduce jump table"
This is a reland of 733b7c8258.
The arm64 bug was fixed in https://crrev.com/c/1105051.

Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}

TBR=titzer@chromium.org,mstarzinger@chromium.org

Bug: v8:7758
Change-Id: I68555230c6db97e70f0b8fef784188f55ee04794
Reviewed-on: https://chromium-review.googlesource.com/1105158
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53829}
2018-06-19 10:29:48 +00:00
Leszek Swirski
58339dfe39 [GetIsolate] Add a mixin for safe GetIsolate types
To avoid repeating code for the few places where we can call GetIsolate
and GetHeap safely.

Bug: v8:7786
Change-Id: I6c6de81488bfa79dca50cfd2b6356f432401b68e
Reviewed-on: https://chromium-review.googlesource.com/1104684
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53828}
2018-06-19 10:16:48 +00:00
Michael Achenbach
97f0ddfa77 [build] Add MB config for ubsan bot
TBR=sergiyb@chromium.org
NOTRY=true

Bug: chromium:853202
Change-Id: Ibdb74e840820a7524db7767f94afb84768773da5
Reviewed-on: https://chromium-review.googlesource.com/1105824
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53827}
2018-06-19 10:10:38 +00:00
Dan Elphick
1b0d4a151a [explicit isolates] Remove GetIsolates from Map
This removes several GetIsolate calls from Map:: methods and instead
passes the Isolate in. This is a very noisy change but mostly it is just
adding Isolate to method declarations and forwarding it on.

Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I159505e50a9462d01066f14da0fcc29762bd5531
Reviewed-on: https://chromium-review.googlesource.com/1075267
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53826}
2018-06-19 09:59:58 +00:00
Simon Zünd
af9e4ba2ca [jstests] Change sorting benchmarks to run setup for each iteration
This CL changes all ArraySort benchmarks to execute the setup
function for each iteration (one run call), instead of only once for
all iterations.

Even though we now also measure the time needed to copy and prepare
the array, this is needed, otherwise we would mainly measure sorting
already sorted arrays.

R=cbruni@chromium.org, jgruber@chromium.org

Change-Id: I2e0e301b52b0288b8c825c3c8401c348c4a0dee7
Reviewed-on: https://chromium-review.googlesource.com/1105045
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53825}
2018-06-19 09:40:39 +00:00
Sigurd Schneider
0db5e7b80d [TurboFan] Return MaybeHandle from TurboFan compiler
TurboFan returned null handles if compilation did not succeed. This CL
changes that to a MaybeHandle to make it explicit that client code needs
to handle the error.

Bug: v8:7856
Change-Id: I6087e6263faa1150b9788213dd22c398b4a2fc2d
Reviewed-on: https://chromium-review.googlesource.com/1104688
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53824}
2018-06-19 09:33:18 +00:00
Toon Verwaest
6394fd3571 Mark context slots with the parameter they represent so we can easily compute arguments objects
Change-Id: I566ab09800f4a2873aca86423c858b63c58d6d98
Reviewed-on: https://chromium-review.googlesource.com/1105049
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53823}
2018-06-19 09:25:29 +00:00
Leszek Swirski
89270b1ef8 [GetIsolate] Inline GetIsolate into ScopeInfo::ContextSlotIndex
We want to remove GetIsolate calls, but this particular one is safe
and necessary to avoid either storing the isolate in the parser/scopes,
or passing it through as a parameter throughout the parser.

Bug: v8:7786
Change-Id: I07765f5c20b2c9925bb0b980bc9fe850c91d7811
Reviewed-on: https://chromium-review.googlesource.com/1104685
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53822}
2018-06-19 09:23:59 +00:00
Simon Zünd
ee9c34c5ac [cleanup] Replace custom type with constexpr String in TypedArray.p.sort
R=jgruber@chromium.org

Change-Id: Ibb35c1ae090cd8e79e48c977735af1188414f531
Reviewed-on: https://chromium-review.googlesource.com/1105054
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53821}
2018-06-19 09:20:23 +00:00
Dan Elphick
52e2b5aa38 [explicit isolates] Replace every Handle(T*) in parsing/
Replace all but one Handle<T*>(T*) calls with ones that explicitly pass
in an Isolate.

Requires plumbing Isolate* through several Parser functions which
previously avoided it because of worries about accessing the heap off
the main thread. In all off-main-thread cases, isolate will be nullptr
and every such function asserts with:
DCHECK_EQ(parsing_on_main_thread_, isolate != nullptr);

Also deletes unused function ParseInfo::ReopenHandlesInNewHandleScope.

Bug: v8:7786
Change-Id: I3dd9c49dcde49fdbcb684ba73f47a30d00fc495e
Reviewed-on: https://chromium-review.googlesource.com/1087272
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53820}
2018-06-19 09:19:18 +00:00
Michael Achenbach
2c1e4aa990 [test] Initialize slow-dcheck runtime flag with compile time value
This makes sure slow dchecks are part of the snapshot when the compile
time flag is set. It'll also obviate the need to set the runtime flag
in general, making configurations simpler.

It's still possible to opt out at runtime for the non-snapshot dchecks
using the negated runtime flag.

Bug: v8:7853
Change-Id: Iadfc46ed691d32e9d39717e2ea0383e784660d1d
Reviewed-on: https://chromium-review.googlesource.com/1105050
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53819}
2018-06-19 09:13:38 +00:00
Michael Achenbach
7f28ed7f88 [test] Skip flaky test
TBR=yangguo@chromium.org
NOTRY=true

Bug: v8:7859
Change-Id: Ie3d21f21b12bc2d36eb1b0ea798e2d6030342492
Reviewed-on: https://chromium-review.googlesource.com/1105760
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53818}
2018-06-19 08:43:02 +00:00
Clemens Hammacher
49946f02bb [arm64] Fix WasmCompileLazyFrameConstants
{WasmCompileLazyFrameConstants::kFixedFrameSizeFromFp} did not
incorporate padding. This CL fixes that.

R=mstarzinger@chromium.org

No-Try: true
Bug: chromium:853468
Change-Id: I042e68623bdfd81c96180a39c29ecd70271ba1be
Reviewed-on: https://chromium-review.googlesource.com/1105051
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53817}
2018-06-19 08:41:58 +00:00
Sigurd Schneider
335d162556 [cctest] Bump max old space size for isolate creation
Bump limit for isolate creation in cctest; the test started crashing recently
on nosnap.debug builds, hence we bump the limit.

Bug: v8:7856
Change-Id: I7c2396c7f112a2ed7fc189f0fa72658e0ed75050
Reviewed-on: https://chromium-review.googlesource.com/1104691
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53816}
2018-06-19 08:01:07 +00:00
Clemens Hammacher
0181cf0b31 Revert "[runtime][gc] Drop AllocationSite::weak_next field for sub-literals"
This reverts commit 380dba0a5c.

Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/1471

Original change's description:
> [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
> 
> Use AllocationSite without Weaknext field for all the allocations in nested
> literal except for Root. The nested field is sufficient to link all the
> allocations in a nested literal. Only the Root is added to heap weak_alloc_list
> for GC to traverse
> 
> Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
> Reviewed-on: https://chromium-review.googlesource.com/1101323
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53813}

TBR=ulan@chromium.org,cbruni@chromium.org,chandanreddy@google.com

Change-Id: Icc87027f14f917da3033db256c2535e08e2a4a34
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1105159
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53815}
2018-06-19 07:54:09 +00:00
Théotime Grohens
33f45e32fc [torque] Add constexpr String handling to Torque
This CL adds a 'constexpr String' type to Torque, which gets compiled
to 'const char*'.

It makes it easier to pass strings around in Torque files,
especially when trying to Print() them.

Bug: v8:7793
Change-Id: I2d4feac7012f5401f2b467475f8df086e46ac18a
Reviewed-on: https://chromium-review.googlesource.com/1104466
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53814}
2018-06-19 07:27:17 +00:00
Creddy
380dba0a5c [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
Use AllocationSite without Weaknext field for all the allocations in nested
literal except for Root. The nested field is sufficient to link all the
allocations in a nested literal. Only the Root is added to heap weak_alloc_list
for GC to traverse

Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
Reviewed-on: https://chromium-review.googlesource.com/1101323
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53813}
2018-06-19 07:14:17 +00:00
Simon Zünd
5b4b151478 [CSA] OOB check for Load/StoreFixedArrayElement from slow to normal assert
This CL enables out-of-bounds checks for debug builds when loading or
storing FixedArray elements. Since "--enable-slow-asserts" is not passed
through to mksnapshot, the OOB checks were basically never executed.

Bug: v8:7853
Change-Id: I81bdd9ac04868f9ffc362c3f4fd8fa3ddd122ee1
Reviewed-on: https://chromium-review.googlesource.com/1103568
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53812}
2018-06-19 05:46:04 +00:00
Simon Zünd
ce3c0064cd [array] Fix OOB load/stores when underlying FixedArray changed
This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.

R=jgruber@chromium.org

Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}
2018-06-19 05:19:44 +00:00
Anna Henningsen
e980d0e860 [SAB] Fix flake in Atomics.wait, part II
Refs: https://ci.chromium.org/buildbot/client.v8/V8%20Linux64%20TSAN/21047

Bug: v8:7836
Change-Id: Ic825065de419bbab97972d9b7a2beb6527b0a48a
Reviewed-on: https://chromium-review.googlesource.com/1103560
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53810}
2018-06-19 00:10:59 +00:00
Alexey Kozyatinskiy
71892ad96c [inspector] added blink try bots on inspector tests change
Inspector test expectations may be changed without changes inside
src/inspector directory.

R=dgozman@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3196209a4b974d4cf32c76c51116d77e589a9dbb
Reviewed-on: https://chromium-review.googlesource.com/1104303
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53809}
2018-06-18 21:38:59 +00:00
Alexey Kozyatinskiy
0b690227f8 Reland "[inspector] fixed location of top level function return"
This is a reland of 4363a69335

Original change's description:
> [inspector] fixed location of top level function return
>
> We should pass false as has_braces argument to create FunctionLiteral
> for top level function.
>
> R=dgozman@chromium.org,bmeurer@chromium.org
> TBR=bmeurer@chromium.org
>
> Bug: none
> Change-Id: I397f31b562d32c71f3a12bfc9ceeed16c367aa80
> Reviewed-on: https://chromium-review.googlesource.com/1098018
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53769}
TBR=dgozman@chromium.org

Bug: v8:7858
Change-Id: Ie636bc101f9d29d9d40bd10b96e62da6505c2734
Reviewed-on: https://chromium-review.googlesource.com/1104497
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53808}
2018-06-18 21:37:49 +00:00
Clemens Hammacher
33f6c3e10e Revert "[wasm] Introduce jump table"
This reverts commit 733b7c8258.

Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659

Original change's description:
> [wasm] Introduce jump table
> 
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
> 
> R=​mstarzinger@chromium.org, titzer@chromium.org
> 
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}

TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com

Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7758
Reviewed-on: https://chromium-review.googlesource.com/1105157
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53807}
2018-06-18 20:38:50 +00:00
Igor Sheludko
a2b5e64cfc [builtins] Remove BuiltinDescriptor.
Now TFJ builtins can use their own descriptors so there's no need to
keep the hacky BuiltinDescriptor around.

Bug: v8:7754
Change-Id: Ia7f23a21fb979370fd2149fef13186b83a3d5d30
Reviewed-on: https://chromium-review.googlesource.com/1104428
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53806}
2018-06-18 17:16:59 +00:00
Clemens Hammacher
733b7c8258 [wasm] Introduce jump table
This introduces the concept of a jump table for WebAssembly, which is
used for every direct and indirect call to any WebAssembly function.
For lazy compilation, it will initially contain code to call the
WasmCompileLazy builtin, where it passes the function index to be
called.
For non-lazy-compilation, it will contain a jump to the actual code.
The jump table allows to easily redirect functions for lazy
compilation, tier-up, debugging and (in the future) code aging. After
this CL, we will not need to patch existing code any more for any of
these operations.

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:7758
Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
Reviewed-on: https://chromium-review.googlesource.com/1097075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53805}
2018-06-18 16:38:09 +00:00
Dominik Inführ
3e5db48751 [heap] Move RecordSlot to concurrent marking
Move Slot recording to concurrent and incremental marking phase and
out of the atomic pause. Records more slots to remove
slot recording completely from the pause.

Bug: chromium:844008
Change-Id: I13ba20b4839990134dc37bd909fb0a2d66e13c64
Reviewed-on: https://chromium-review.googlesource.com/1104348
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53804}
2018-06-18 16:04:23 +00:00
Clemens Hammacher
3cb376dc83 Make CallInterfaceDescriptor isolate-independent
Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.

Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.

This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.

R=mstarzinger@chromium.org, titzer@chromium.org

Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}
2018-06-18 15:55:53 +00:00
Toon Verwaest
467eb1497e Drop stack-locals from ScopeInfo
For now we keep params since NewSloppyArguments uses it to figure out how to structure the arguments object. We should be able to only keep params in case we have a special case though. E.g., leaf functions with no duplicate parameters don't need special treatment. Or we simply encode the parameter index for each context slot. (I'm not sure duplicates need special treatment.)


Change-Id: Icfbb844e5331aeb93c50bc07edd58246c8aeb1d7
Reviewed-on: https://chromium-review.googlesource.com/1104420
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53802}
2018-06-18 15:21:13 +00:00
Clemens Hammacher
6be6ec0091 [wasm] Store WasmModule in shared_ptr during async compilation
We currently store the {WasmModule} (generated during decoding) in a
unique_ptr and pass ownership to the {WasmModuleObject} after
compilation.
I plan to move the {Managed<NativeModule>} from {WasmCompiledModule} to
{WasmModuleObject}, which will force us to create the
{WasmModuleObject} *before* compilation, so that the {CompilationState}
is available during compilation.

This CL prepares that refactoring by storing the {WasmModule} in a
{shared_ptr} in the {AsyncCompileJob}. Note that it will eventually be
stored in a {shared_ptr} in the {Managed} anyway.

R=titzer@chromium.org

Change-Id: Iac5e3c1067af2801e938f77a455a68807801526a
Reviewed-on: https://chromium-review.googlesource.com/1104117
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53801}
2018-06-18 15:10:03 +00:00
Théotime Grohens
e947d21e3d [dataview]: Move DataView setters to Torque.
This CL completely reimplements the DataView setters in Torque, and
removes the former C++ runtime implementation.

Change-Id: I66cdd35712e46f3931d6530a4512fa3c8eb3b3bf
Reviewed-on: https://chromium-review.googlesource.com/1104162
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53800}
2018-06-18 15:02:44 +00:00
Sigurd Schneider
8f8c53ba75 [mjsunit] Improve long-running test
Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837

Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}
2018-06-18 14:45:23 +00:00
Igor Sheludko
412ec7539d [builtins] Relax type check in a slow path of Object.assign.
Bug: chromium:851393
Change-Id: I53cbf16068efbf24a2bd233c0b4c56e8361f9931
Reviewed-on: https://chromium-review.googlesource.com/1104317
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53798}
2018-06-18 14:37:38 +00:00
Georg Neis
402c300c23 [turbofan] Eliminate handle dereference in JSGraph::Constant.
This adds an overload of JSGraph::Constant that takes an ObjectReference
rather than a Handle<Object>.

ObjectReference is a new superclass of HeapReference.

Also several refactorings and renaming, e.g.:
- Rename HeapReference to HeapObjectRef.
- Rename ContextHeapReference to ContextRef.
- ...
- Rename HeapReferenceType to HeapObjectType.

Bug: v8:7790
Change-Id: Id3e567cbaf7c326189b99b2fd4ced6bff02f9640
Reviewed-on: https://chromium-review.googlesource.com/1104337
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53797}
2018-06-18 14:36:33 +00:00
Igor Sheludko
90e464a277 Interface descriptors cleanup: JSTrampolineDescriptor added.
This CL also adds macros for defining JS-compatible interface descriptors that
has additional parameters.
ArrayConstructorDescriptor is redefined using the new macros.

Bug: v8:7754
Change-Id: Id39cac9f234666576f35de755d11aba198248bea
Reviewed-on: https://chromium-review.googlesource.com/1100833
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53796}
2018-06-18 14:35:29 +00:00
Sigurd Schneider
a64c62393a [infra] Disable failing test
The test test-api/InitializeDefaultIsolateOnSecondaryThread1 has been
failing since at least 6.8, but our infra only recently realized that.

NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true

Bug: v8:7856
Change-Id: I8cbfd4ea554bb32c50c01d437efa5b18f60c2fde
Reviewed-on: https://chromium-review.googlesource.com/1104458
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53795}
2018-06-18 14:34:24 +00:00
Igor Sheludko
2b0f66549b [builtins] Don't refer to builtin's parameters from helper methods.
This is a preliminary step before removing BuiltinDescriptor.

Bug: v8:7754
Change-Id: I752134aa29431e5773c9813361a3c6bda6f8872d
Reviewed-on: https://chromium-review.googlesource.com/1104169
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53794}
2018-06-18 12:46:52 +00:00
Igor Sheludko
e602c90abc Properly set enumeration order for accessor properties in class literals.
Bug: chromium:848165
Change-Id: I1ec18bf12f53c24f388dbd529fe62e990fbc8783
Reviewed-on: https://chromium-review.googlesource.com/1104175
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53793}
2018-06-18 12:45:02 +00:00
Théotime Grohens
6e47d31fca [torque] Fix Signature printing
The operator<< for Signature objects in Torque incorrectly counted
the number of named parameters instead of the total number
of parameters when displaying them.

This would cause the displayed signature to be "()" when no
parameters were named, instead of the actual signature.

Change-Id: I32572da5f5a378b71749515d89429172129bbcb9
Reviewed-on: https://chromium-review.googlesource.com/1104172
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#53792}
2018-06-18 12:38:22 +00:00
Clemens Hammacher
fffa33179d [wasm] Register and release protected instructions only once
We currently have a system where the protected instructions are
unregistered when the last instance dies, and registered again on the
next instantiation. This is triggered by {WasmCompiledModule::Reset}.
Since the reference to the {NativeModule} will move to the
{WasmModuleObject}, and this object stays alive even if the last
instance dies, this will become hard to maintain.
It will also make it harder to share wasm code across isolates.
This CL refactors this to register trap handler data once when the code
is added to the {NativeModule}, and releases it if the code dies.

R=mstarzinger@chromium.org
CC=​eholk@chromium.org

Bug: v8:5277
Change-Id: I3f1b336095230b255f3849c271b37b62f2b96cd6
Reviewed-on: https://chromium-review.googlesource.com/1103567
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53791}
2018-06-18 12:25:32 +00:00
Sigurd Schneider
feef6195a2 [mjsunit] Improve speed with OptimizeOsr
Bug: v8:7783
Change-Id: I3c6a229b5a1a30ea089ffeef920bf48b27bc86ab
Reviewed-on: https://chromium-review.googlesource.com/1101030
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53790}
2018-06-18 12:13:02 +00:00
Toon Verwaest
0a846a0e84 Don't expose GetFunction on the scope iterator. Simply take it into account for GetFunctionDebugName
This is a step towards avoiding materializing function_ altogether if we deoptimize. Typically we only need the SharedFunctionInfo.

Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idee78f02d1afe3d2cb70e93a6d96a5a33907f892
Reviewed-on: https://chromium-review.googlesource.com/1100474
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53789}
2018-06-18 12:03:59 +00:00
Simon Zünd
bef673403e [array] Add fastpath for dictionary elements to Array.p.sort
R=cbruni@chromium.org, jgruber@chromium.org

Bug: v8:7382
Change-Id: I45f2517afa8ecb3ddb1f77f845e9ce88f69d4eef
Reviewed-on: https://chromium-review.googlesource.com/1092500
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53788}
2018-06-18 11:31:59 +00:00
Clemens Hammacher
eaf03c0c90 [wasm][cleanup] Remove {CompileToModuleObjectInternal}
It only has one call size ({CompileToModuleObject}), which just tail
calls into {CompileToModuleObjectInternal}. Thus, merge the two.

R=titzer@chromium.org

Bug: v8:7754
Change-Id: I6344f257279f049fd6cab51114988f7e1c019272
Reviewed-on: https://chromium-review.googlesource.com/1104157
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53787}
2018-06-18 11:26:19 +00:00
Michael Starzinger
8d82cddbcc [turbofan] Remove obsolete Linkage::GetAllocateCallDescriptor.
R=ishell@chromium.org

Change-Id: I84288cc16297dbe33adddbdf08b689db95d0fc04
Reviewed-on: https://chromium-review.googlesource.com/1104164
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53786}
2018-06-18 10:58:18 +00:00