Commit Graph

54297 Commits

Author SHA1 Message Date
Georg Neis
b73d941441 [turbofan] Refactor ReduceKeyedAccess for readability
...by moving a special case into a separate method.

Change-Id: I880768ed6fbb7d29b94588435c9da65b01f07fde
Reviewed-on: https://chromium-review.googlesource.com/c/1462960
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59555}
2019-02-13 13:46:39 +00:00
Georg Neis
793f025bc5 [turbofan] Clarify purpose of bytecode_array in InlinedFunctionHolder
Change-Id: I7716dab4d6d0ff582acdffb988a05429bccab2ad
Reviewed-on: https://chromium-review.googlesource.com/c/1462006
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59554}
2019-02-13 13:42:59 +00:00
Toon Verwaest
2d9a9ed2dc [runtime] Change FIELD_ADDR to .ptr() instead of ->ptr()
We should just always get an Object in rather than both Object and Object*
where the former is dealt with through operator->.

Change-Id: I2d2542f37a357d4c410cc5f07c8e3563e66660b7
Reviewed-on: https://chromium-review.googlesource.com/c/1470104
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59553}
2019-02-13 13:23:59 +00:00
Georg Neis
87c985f50a [turbofan] Fix optimization of global loads and stores
They didn't take the new premonomorphic state into account. My bad.

Bug: chromium:931424
Change-Id: I74ad1f0f8ce0eb764d63c2a3527e597962baca6d
Reviewed-on: https://chromium-review.googlesource.com/c/1470125
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59552}
2019-02-13 12:26:59 +00:00
Benedikt Meurer
c142e0a2b1 [builtins] Improve CallApiCallback calling convention.
Refactor the CallApiCallback builtin to

- pass the context as with other stubs, and
- pass holder and call data in registers.

This avoids having to place holder and call data onto the stack, and
thus makes it possible to easily call the CallApiCallback builtin from
other builtins while just forwarding the (stack) arguments. The idea
is to use this in the future to optimize the general case of calling
into any API method via a FunctionTemplateInfo and doing appropriate
security and/or interface checks upfront as necessary (eventually making
the HandleApiCall C++ builtin obsolete at some point).

Bug: v8:8820, chromium:913553
Change-Id: I10c0065016df4d0c24bac3d46945ea597b65ed02
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1469821
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59551}
2019-02-13 12:15:29 +00:00
Georg Neis
1534781f3e [turbofan] Refactor ComputePropertyAccessInfo for readability
...mainly by moving two big chunks into separate methods.

Change-Id: I048a8d27c28bc171559190a915616efbebdfe6cc
Reviewed-on: https://chromium-review.googlesource.com/c/1462957
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59550}
2019-02-13 11:28:50 +00:00
Georg Neis
6f66dcefda [build] Avoid 'using namespace' in gen-postmortem-metadata.py
This fixes jumbo builds with enabled v8_postmortem_support.

Bug: v8:8838
Change-Id: Idf2efc3b94104ca1921b6de121df1c0aa7f3452c
Reviewed-on: https://chromium-review.googlesource.com/c/1470102
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59549}
2019-02-13 11:08:00 +00:00
Pierre Langlois
da2300f66e [heap] Relax accesses to a page's live byte count.
Each page has a `live_byte_count_` field in its header and it is always accessed
with atomic operations. However, apart from one corner case, this field is only
accessed by the main thread so let's remove the atomicity by default.

To summarise, this changes the MarkingState accessors in the following way:

- IncrementalMarkingState:

Accesses of live_byte_count_ are now non-atomic. Concurrent marking uses local
maps of live bytes per page so we have exclusive access to the field when using
this.

- MajorAtomicMarkingState:

This accessor does not guarantee exclusive access to live_byte_count_ so we need
to keep the access atomic. This is used by the scavenger when migrating an
object that was marked black, since marking an object black will implicitly
increment the live_byte_count_.

Additionally, the live_bytes() and SetLiveBytes() accessor methods were not used
so remove them.

- MajorNonAtomicMarkingState:

Accesses of live_byte_count_ are not actually non-atomic.

- MinorNonAtomicMarkingState:

The `young_generation_live_byte_count_` field is atomic so we can set the memory
order manual to relax accesses.

Change-Id: I4c6457843783157ca878540e34ad50878afee20c
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1456095
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#59548}
2019-02-13 10:33:09 +00:00
Sigurd Schneider
82faa6d315 [array] Fix Array#map storing signaling NaNs
Bug: chromium:930948
Change-Id: I7567fec06ec4bad11e8b8336ac13fdfc225b632c
Reviewed-on: https://chromium-review.googlesource.com/c/1466503
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59547}
2019-02-13 10:23:19 +00:00
Sigurd Schneider
e7063b3d6b [GC] Small clean-ups
- const return type on Full{,Maybe,Heap}ObjectSlot::operator*
- Removed stale friend declarations
- Moved a method to the right section

Bug: v8:8557
Change-Id: I0bd3efdb96a7d997b4404d3a247bea55b083d611
Reviewed-on: https://chromium-review.googlesource.com/c/1467781
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59546}
2019-02-13 09:49:39 +00:00
Andrew Comminos
44483152c5 [cpu-profiler] Only record SIGPROF-based samples for samplers that request samples
Sets an atomic field on each sampler when it requests a sample, to be
checked when the SIGPROF handler is executed. A counter is not used
since signals may be coalesced.

Prior to this change, all samplers attached to an isolate received
samples when other samplers sent SIGPROF to the VM thread. This change
alters the behaviour of different CpuProfiler instances on the same
isolate to be in line with the Windows / Fuchsia behaviour.

Bug: v8:8835
Change-Id: I0caaa845b596efc9d8b1cd7716c067d9a6359c57
Reviewed-on: https://chromium-review.googlesource.com/c/1468941
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59545}
2019-02-13 09:29:38 +00:00
Simon Zünd
6e05eefe78 [stack trace] Introduce StackTraceFrame object
The StackTraceFrame object will be used in a future CL to replace
StackFrameInfo as the object returned by the inspector API, as well
as the object used in the stack_frame_cache.

The object itself is a simple wrapper around a reference to a
FrameArray plus an index, as well as a reference to a
StackFrameInfo object that will get lazily initialized.

This is the first step towards unifying stack trace representation
and collection.

R=jgruber@chromium.org

Bug: v8:8742
Change-Id: Iefc7d734fd274ffd164ddf6f43c226531aa26d4c
Reviewed-on: https://chromium-review.googlesource.com/c/1458017
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59544}
2019-02-13 07:24:18 +00:00
tzik
2497023acb Refine the type of Context to NativeContext around JSObject
This updates the type of contexts to NativeContext instead of Context,
namely on GetFunctionRealm(), GetCreationContext(), and
JSGlobalObject::native_context.

They should be semantically NativeContexts, but the return type hides
the underlying NativeContext, and causes its user to cast the context
to native.

Change-Id: I2f234b0df8c2dcaeab25cb543e09d80d12ca7369
Reviewed-on: https://chromium-review.googlesource.com/c/1469541
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59543}
2019-02-13 05:58:58 +00:00
Pavel Feldman
8bf60985da Roll third_party/inspector_protocol to a0abcb6bfbd8d13071bb0d2ac4ee1066703eb60a.
Drive-by utf8 serialization exposed on StringUtil for inspector protocol.

Bug: chromium:929862
Change-Id: I930cd43fef9038471908280f15e65a4edec5c6d1
Reviewed-on: https://chromium-review.googlesource.com/c/1468702
Commit-Queue: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59542}
2019-02-13 00:12:13 +00:00
Pavel Feldman
5dffb59630 DevTools: roll third_party/inspector_protocol, wire binary operation.
Bug: chromium:929862
Change-Id: I8c23be1d22f70d1143d570050514c36ecfb30fc7
Reviewed-on: https://chromium-review.googlesource.com/c/1466003
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59541}
2019-02-12 19:55:12 +00:00
Matt Gardner
ba78fef1f2 Improve IC hole-to-underfined conversion heuristics
This CL reuses the logic to determine if out of bounds loads should be allowed
to determine whether in bounds hole loads should be converted to undefined or
handled as IC misses.

bug: v8:8561
Change-Id: I1da859aba082cf21c67e7202b1e308ac4614b64a
Reviewed-on: https://chromium-review.googlesource.com/c/1465182
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59540}
2019-02-12 18:30:59 +00:00
Maciej Goszczycki
1eec85bb66 [cleanup] Remove LoadAndUntagToWord32Root
It's unused and hinders separating read-only roots into a shared table.

Bug: v8:8562
Change-Id: I4a2889d9be5df877b2f9d11ce5146a091d864cd3
Reviewed-on: https://chromium-review.googlesource.com/c/1466963
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#59539}
2019-02-12 16:51:57 +00:00
Tamer Tas
baeb4e324d [testrunner] enable the progress indicator
Using test generators meant that we had to remove the progress indicator since
the total number of tests weren't known before-hand.

This CL implements a progress indicator using test number estimations.

cctest and unittests progress indicator is accurate, however estimating
means the progress will terminate over 100% in big test suites and sometimes
under 100%.

R=machenbach@chromium.org
CC=​sergiyb@chromium.org,yangguo@chromium.org

Bug: v8:8769
Change-Id: I40ca5b40f9b1223376d33707f0945900ea98cea3
Reviewed-on: https://chromium-review.googlesource.com/c/1460471
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59538}
2019-02-12 16:03:17 +00:00
Michael Achenbach
9d863741fd [test] Bump shards on slow bots
NOTRY=true

TBR=sergiyb@chromium.org

Change-Id: Iaff2d456af6e6494c725efa60cbdc9895201bef5
Reviewed-on: https://chromium-review.googlesource.com/c/1466962
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59537}
2019-02-12 15:36:57 +00:00
Benedikt Meurer
5a4e0959e0 [turbofan] Tweak JSCallReducer::ReduceCallApiFunction a bit more.
The previous change to JSCallReducer::ReduceCallApiFunction regressed
the case a bit where the optimized graph has some knowledge about the
receiver already, but the API callback didn't need any receiver checks,
as in that case we unnecessarily added a ConvertReceiver node. This
change refactors the code to first see if there's information in the
graph about the receiver, and only if none is found, introduce the
ConvertReceiver node.

It also removes the unnecessary context load from the target function,
since the API callback doesn't care about the concrete context, and
we never inline cross native contexts, so using whatever incoming
context we have is perfectly fine (and saves us from unnecessarily
materializing the target just to load the native context off of it).

Drive-by-fix: Remove bogus comment about CallApiCallbackStub parameters.

Bug: v8:8820
Change-Id: Ide1b283d9e448c3f0ae8f2daf4b1ad0202eae09e
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1466881
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59536}
2019-02-12 15:25:14 +00:00
Tamer Tas
e2207c6766 [fuzzer] create a test-suite for the fuzzer
Testrunner test-suite doesn't have automated tests for the Fuzzer. A significant
change for the testrunner may break the fuzzers. We don't have a way to catch
even the syntax errors for the fuzzer before landing CLs.

This CL creates a rudimentary test-suite that runs the fuzzer without any tests
to see if APIs still work as intended.

R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org

No-Try: true
Bug: v8:8763
Change-Id: Ib4519ca093de2af5279964edd164cee04aae77a8
Reviewed-on: https://chromium-review.googlesource.com/c/1466301
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59535}
2019-02-12 15:11:24 +00:00
Maya Lekova
7b69507ca6 [turbofan] Add handling of jumps to the serializer
Implemented branching and merging of Environments to facilitate handling of
conditional and unconditional jumps in the SerializerForBackgroundCompilation.
Added tests and printing helpers for the Environment. The internal structure
of the hints was changed to ZoneSet to support avoiding of duplicates.
Alternative implementation considerations were documented here:
https://docs.google.com/document/d/1vCQYhtFPqXafSMweSnGD8l0TKEIB6cPV5UGMHJtpy8k/edit?ts=5bf7d341#heading=h.jx4br0df5qzm

R=neis@chromium.org

Bug: v8:7790
Change-Id: Ib929c75ddb7f7fb290a5ca28d4422680a1514a4f
Reviewed-on: https://chromium-review.googlesource.com/c/1451847
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59534}
2019-02-12 14:36:18 +00:00
Michael Lippautz
0a78f454cc Reland "[global-handles] Do not clear finalization callback on moving"
This is a reland of d8a457cbb7

Original change's description:
> [global-handles] Do not clear finalization callback on moving
>
> Bug: chromium:923361
> Change-Id: Id4a0f6515f6b17cec2732df561c1e82080dc29c8
> Reviewed-on: https://chromium-review.googlesource.com/c/1462963
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59498}

Bug: chromium:923361
Tbr: mlippautz@chromium.org
Change-Id: I05bbaa05daf07232f5356cb0a71d6d1c959ddadd
Reviewed-on: https://chromium-review.googlesource.com/c/1466648
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59533}
2019-02-12 14:35:13 +00:00
Georg Neis
a439a7a210 [ic] Rename FindFirstName & FindFirstMap to GetName & GetFirstMap
... as there's no search involved and there are never multiple names.

Change-Id: Ice88c4d98195e74f6540926b0a1199df62b42da2
Reviewed-on: https://chromium-review.googlesource.com/c/1466645
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59532}
2019-02-12 13:48:13 +00:00
peterwmwong
c9ef0405c7 [builtins]: Optimize CreateTypedArray to use element size log 2 for calculations.
TypedArrayElementsInfo now represents an element's size as a log 2 and typed as
uintptr.  This simplifies and speeds up (avoids possible HeapNumber allocations) a
number of calculations:

  - Number of Elements (length) -> Byte Length - is now a WordShl
  - Byte Length -> Number of Elements (length) - is now a WordShr
  - Testing alignment (byte offset or length)  - is now a WordAnd

These element/byte length related calculations are encapsulated in
TypedArrayElementsInfo as struct methods.

This reduces the size of CreateTypedArray by 2.125 KB (24%) on Mac x64.release:
  - Before: 9,088
  - After:  6,896

This improves the performance of the following microbencmarks
  - TypedArrays-ConstructWithBuffer: ~87%
  - TypedArrays-SubarrayNoSpecies:   ~28%

Bug: v8:7161
Change-Id: I2239fd0e0af9d3ad55cd52318088d3c7c913ae44
Reviewed-on: https://chromium-review.googlesource.com/c/1456299
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59531}
2019-02-12 13:47:05 +00:00
Tamer Tas
ad5b6d7dcb [testrunner] enable variant sharding
Testrunner runs variants of a test sequentially without taking sharding into
account. A slow test with slow variants slows down the whole test run no matter
the sharding configuration.

This CL implements a test hashing algorithm and variant sharding for test
variants.

R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org

Bug: v8:8174
Change-Id: I15f8c547fa2f361fb6c53bf8d5df055d3df38d3e
Reviewed-on: https://chromium-review.googlesource.com/c/1458016
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59530}
2019-02-12 13:40:33 +00:00
Andreas Haas
01dc5707e4 [wasm] Generate code for the table.get and table.set instructions
This CL contains the following changes:
(1) Allocate memory for WasmTables in the WasmInstance.
    - We extend the WasmInstance by a FixedArray which stores
      references to the WasmTables.
(2) Rename the name of the backing store of WasmTables from `functions`
    to `elements`.
    - The name `functions` just does not fit anyref tables.
(3) Generate code with TurboFan for table.get and table.set.
(4) Extend wasm-module-builder.js to be able to generate modules with
    multiple tables.
(5) Add  mjsunit tests to test table.get and table.set.

R=mstarzinger@chromium.org

Bug: v8:7581
Change-Id: I44af4838ee7a37b394841a2f673ecae5734a4d1c
Reviewed-on: https://chromium-review.googlesource.com/c/1463519
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59529}
2019-02-12 13:10:53 +00:00
Tamer Tas
f269293af6 [test] migrate mkgrokdump suite to TestLoader
R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org

Bug: v8:8728
Change-Id: Ia45bd1f19f97c7c3491b57e6808f2c27643f5521
Reviewed-on: https://chromium-review.googlesource.com/c/1466561
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59528}
2019-02-12 12:59:43 +00:00
Mythri Alle
9fecc3b4ec Revert "[global-handles] Do not clear finalization callback on moving"
This reverts commit d8a457cbb7.

Reason for revert: I suspect that this caused the recent spike in the crashes on Canary. So, speculatively reverting this to see if things improve. More details on this bug:  chromium:931181

Original change's description:
> [global-handles] Do not clear finalization callback on moving
> 
> Bug: chromium:923361
> Change-Id: Id4a0f6515f6b17cec2732df561c1e82080dc29c8
> Reviewed-on: https://chromium-review.googlesource.com/c/1462963
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59498}

TBR=ulan@chromium.org,mlippautz@chromium.org

Change-Id: Id4d2f49be2a6a913f51f35db9877c5b098f9e20a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:923361, chromium:931181
Reviewed-on: https://chromium-review.googlesource.com/c/1466646
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59527}
2019-02-12 12:32:55 +00:00
Benedikt Meurer
cd1063cac1 [turbofan] Generalize and optimize API calls a bit.
When calling API functions (i.e. Blink C++ DOM methods and accessors)
directly from TurboFan we currently only optimize that to a fast call
via the CallApiCallback builtin when TurboFan is able to find reliable
map information about the receiver in the graph. This is usually only
the case when the call is preceeded by a monomorphic or polymorphic
property access on the receiver, i.e. something like

```js
element.hasAttribute("bar");
```

will work, since the call to the `hasAttribute` method is immediately
preceeded by a `CheckMaps(element)` in the monomorphic/polymorphic case.
However this no longer works when the responsible LOAD_IC was
megamorphic or the method is called via `Function#call()` for example:

```js
const hasAttribute = Element.prototype.hasAttribute;
// ...
hasAttribute.call(element, "bar");
```

This change allows for more optimizations in two cases:

1. When the method accepts any receiver (i.e. no signature type and no
   access checks needed), and
2. when we find information about the receiver in the graph, but that
   information is not reliable.

For the first case, when the API method accepts any receiver and doesn't
limit it to specific types of receivers (aka no compatible receiver
check is required), we just insert a ConvertReceiver receiver and pass
the result as both the receiver and the holder to the API callback.

For the second case, we lift the current restriction of only supporting
reliable, stable receiver map information, because we only need to know
two things:

a. The Map::constructor field on the root map satisfies the compatible
   receiver check.
b. If the receiver is a JSObject, then the "access check needed" bit
   is not set (or the API method accepts any receiver).

Both of these cannot change with map transitions. So if at some point in
the past we knew that this held for a given receiver (by looking into
the TurboFan graph), we definitely know that it's still going to hold at
any later point.

Bug: v8:8820
Change-Id: I2316e8a4e2b3b7560e5c5d2b7d1569ebe1d3a1c8
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1466562
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59526}
2019-02-12 12:31:23 +00:00
Georg Neis
63851f8577 Add helper for lossless conversion of 31-bit pattern to Smi
R=sigurds@chromium.org

Change-Id: Ia6874ba5a705dda3a6f2b971cf50618a2229a40f
Reviewed-on: https://chromium-review.googlesource.com/c/1466502
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59525}
2019-02-12 10:54:01 +00:00
Georg Neis
f4b7d4426e [turbofan] Remove a bogus comment.
R=sigurds@chromium.org

Change-Id: Ia89018f414f83665e836eb1d1ead036fc5043d0a
Reviewed-on: https://chromium-review.googlesource.com/c/1466501
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59524}
2019-02-12 10:32:56 +00:00
Ulan Degenbaev
933dfb1ea7 [heap] Replace InNewSpace checks with InYoungGeneration checks
Most of the users of InNewSpace actually mean InYoungGeneration.
Subsequent CL will remove InNewSpace to avoid confusion.

Bug: chromium:852420
Tbr: mlippautz@chromium.org
Change-Id: I6234d162d51c215787972e7ada1cd5b804b60fda
Reviewed-on: https://chromium-review.googlesource.com/c/1463521
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59523}
2019-02-12 10:22:51 +00:00
Georg Neis
1bd2d7d1fe [turbofan] Rename CodeGenerator's "code" to "instructions"
This avoids confusion with the code that is being generated.

R=sigurds@chromium.org

Change-Id: Icb5bd417ca8502553af201654cca1419b9eac87d
Reviewed-on: https://chromium-review.googlesource.com/c/1462001
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59522}
2019-02-12 10:21:20 +00:00
Santiago Aboy Solanes
3abc01f284 [ptr-compr][arm64] Implementing SmiUntagField which loads a field
containing smi value and untags it.

This CL finishes up the parity with x64 with regards to
(https://chromium-review.googlesource.com/c/v8/v8/+/1382740)

Bug: v8:7703
Change-Id: I3c88fbbfd3e47e944a6891171d6555f330cd5fd2
Reviewed-on: https://chromium-review.googlesource.com/c/1463523
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59521}
2019-02-12 10:01:31 +00:00
Sigurd Schneider
a4669ba16c Add target for common test headers
Change-Id: I2bd8027801e978a4469aa18daedf2d7b3a6a0322
Reviewed-on: https://chromium-review.googlesource.com/c/1463524
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59520}
2019-02-12 09:30:01 +00:00
Tamer Tas
616510fe1b [auto-roller] flatten the recursive deps for chromium buildtools
This CL adds the recursive deps of buildtools to the top-level DEPS which is now
mandatory due to the recent changes in the buildtools repo.

R=machenbach@chromium.org
CC=yangguo@chromium.org,sergiyb@chromium.org

Bug: chromium:930050
Change-Id: I0eba652078de75fb22942dd2f5434cd3bd65ada1
Reviewed-on: https://chromium-review.googlesource.com/c/1466302
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59519}
2019-02-12 09:14:01 +00:00
Georg Neis
96585c3a14 Reland^4 "[turbofan] Use feedback when reducing global loads/stores."
This is a reland of 8683116e64 without
changes. The previous issues should be gone thanks to
ba1d0f25d5.

Original change's description:
> Reland^3 "[turbofan] Use feedback when reducing global loads/stores."
>
> This is a reland of 2d2c137492 without
> changes. Offending chromium tests have been modified.
>
> Original change's description:
> > Reland^2 "[turbofan] Use feedback when reducing global loads/stores."
> >
> > This reverts commit ac85ab0a3d. A
> > chromium test caused trouble and was taken care of in
> > https://chromium-review.googlesource.com/c/1384064.
> >
> > Original change's description:
> > > [turbofan] Use feedback when reducing global loads/stores.
> > >
> > > We already record the script context location or the property cell
> > > as feedback of the global load/store IC, so Turbofan doesn't need
> > > to do the lookups again.
> >
> > TBR=sigurds@chromium.org
> >
> > Change-Id: I58bcd9bceec2f9cf401f7b0fc4460a6da6cd0abc
> > Reviewed-on: https://chromium-review.googlesource.com/c/1386404
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#58393}
>
> Change-Id: Ic6734201a6c45f2752488ab44b16859776802f51
> Reviewed-on: https://chromium-review.googlesource.com/c/1408252
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58769}

TBR=bmeurer@chromium.org

Change-Id: I80890e2605711045ec6997843d031b61ea27d5e4
Reviewed-on: https://chromium-review.googlesource.com/c/1463779
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59518}
2019-02-12 09:11:01 +00:00
tzik
df95cff995 Move MicrotasksPolicy management to MicrotaskQueue
This CL moves MicrotasksPolicy from Isolate's HandleScopeImplementer
to MicrotaskQueue for better non-default MicrotaskQueue support.

After this:
 * MicrotaskPolicy is per-MicrotaskQueue rather than single global one.
 * ENTER_V8 runs MicrotaskQueue associated to the current Context, rather
   than the default_microtask_queue().
 * SuppressMicrotaskExecutionScope and MicrotasksScope are ready to
   take MicrotaskQueue parameter, rather than using the default one.

Note that there's no way to use a non-default microtask queue until we
expose it as a V8 API.

Bug: v8:8124
Change-Id: I79cbc53d26d9f3f4cfb7c64d303b12e395b76815
Reviewed-on: https://chromium-review.googlesource.com/c/1429720
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59517}
2019-02-12 06:06:15 +00:00
Alexei Filippov
e7561c0b17 Redisable test-cpu-profiler/TracingCpuProfiler
TBR=petermarshall@chromium.org
NOTRY=true
BUG=v8:8821

Change-Id: I5493047aed19e664f2ee4e2a2e90ad035c12c175
Reviewed-on: https://chromium-review.googlesource.com/c/1464940
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59516}
2019-02-11 20:25:25 +00:00
Caitlin Potter
1483561328 [parser] don't accept PRIVATE_NAME for object literal property names
Currently, PRIVATE_NAME / PrivateIdentifier is not valid in
ObjectLiterals or other places expecting the PropertyName production.
A SyntaxError here prevents an access violation later on when attempting
to dereference a null property key

BUG=v8:8808
R=gsathya@chromium.org, littledan@chromium.org

Change-Id: Idde9c669cb48c1595b83115351a8fe0caed40eef
Reviewed-on: https://chromium-review.googlesource.com/c/1461161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#59515}
2019-02-11 18:17:32 +00:00
Alexei Filippov
855623a493 [profiler] Provide line-level info in streaming profiles
The line number is associated with each sample along with pointer
to the ProfileNode and timeDelta. Once collected line numbers are
streamed as an array of integers in "ProfileChunk" trace events.

If all the line numbers are zero, the array may be omitted. Otherwise
the array length matches length of samples and timeDeltas arrays.

BUG=chromium:925089

Change-Id: I1ef5cd1b208b03bb127f4d17b1efa74c01959542
Reviewed-on: https://chromium-review.googlesource.com/c/1459739
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59514}
2019-02-11 18:11:12 +00:00
Z Duong Nguyen-Huu
3263c82eb2 Add interface descriptor for ASM builtins
This will happen incrementally.

Bug: v8:8553
Change-Id: If92eacf85044bfcbc30d5551b817725c1fe1a937
Reviewed-on: https://chromium-review.googlesource.com/c/1457436
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59513}
2019-02-11 18:03:52 +00:00
Toon Verwaest
7991362a67 [parser] Drop explicit shorthand property LET detection
It's automatically detected in VariableDeclarationParsingScope::Declare.

Change-Id: I2cf406ebd2dcd66eefb3d709289e0a8d162d0251
Reviewed-on: https://chromium-review.googlesource.com/c/1463783
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59512}
2019-02-11 17:28:30 +00:00
Ulan Degenbaev
93b3c7e0be [heap] Handle young large objects in global handles
Bug: chromium:852420
Change-Id: I9c86353734055ef08ab5b2d3c55bf5dd0a870335
Reviewed-on: https://chromium-review.googlesource.com/c/1463520
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59511}
2019-02-11 17:01:49 +00:00
Dan Elphick
cbd8f4269f [api] Remove several deprecated methods
Removes deprecated platform::CreateDefaultPlatform,
Object::GetPropertNames/GetOwnPropertyNames/HasRealNamedProperty/
HasRealIndexedProperty/HasRealNamedCallbackProperty,
Function::New/Call and Isolate::SetWasmCompileStreamingCallback.

Change-Id: I00c73576bbfbdc6bbe72bad9ac9d7a338a5bf068
Reviewed-on: https://chromium-review.googlesource.com/c/1460952
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59510}
2019-02-11 16:55:11 +00:00
Michael Lippautz
1bcf6265ba JS WeakMap: Test collection of chained WeakMaps
Change-Id: I9544759a42f66dc384d354204be64081c5cc39fe
Reviewed-on: https://chromium-review.googlesource.com/c/1461996
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59509}
2019-02-11 16:44:59 +00:00
Jaroslav Sevcik
a953f8d4ee Fix map equivalence check.
Given a map, its HasNonInstancePrototype bit in bit_field can differ
from the same bit in that map's root map. If that is the case just
return false from the equivalence check. (Currently, we just assert
that bit_field is the same for a map and its root map.)

Bug: chromium:930486
Change-Id: Ic0eb83f80725fb1224e0f97927127e1cb8ad92e6
Reviewed-on: https://chromium-review.googlesource.com/c/1462004
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59508}
2019-02-11 16:31:35 +00:00
Igor Sheludko
34bcb7f062 [ptr-compr] Fix tests that write tagged values to off-heap locations
Bug: v8:7703
Change-Id: I8fa2659814f1d9585d0e2313540e8c11997eec6b
Reviewed-on: https://chromium-review.googlesource.com/c/1459636
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59507}
2019-02-11 16:13:21 +00:00
Andrew Comminos
08c4224de0 Update the CodeEventObserver of a ProfilerListener when a v8::CpuProfiler is restarted
Fixes a segfault that occurs when v8::CpuProfilers are restarted caused
by the reuse of a stale CodeEventObserver.

Bug: chromium:929928
Change-Id: I5d5f7eaf5cd903910130cdb0cfec8c3fd6608edd
Reviewed-on: https://chromium-review.googlesource.com/c/1459740
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59506}
2019-02-11 16:12:17 +00:00