Commit Graph

51815 Commits

Author SHA1 Message Date
Georg Neis
cc5e11f4b0 Array.prototype.indexOf: Be more careful about handle creation.
The slow path in Runtime_ArrayIndexOf allocates handles in each
iteration over the input object. This CL gives each iteration its
own handle scope in order to avoid consuming more and more memory
the longer the loop runs.

This can be observed e.g. by executing
 console.log(new Proxy(new Array(2**30), {}).indexOf(42))
which used to run out of memory on my machine.

Bug: v8:8386
Change-Id: Idab98ef7e1e4047c21c1dc0e01ba2d3d363c1f09
Reviewed-on: https://chromium-review.googlesource.com/c/1309759
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57173}
2018-10-31 14:24:59 +00:00
Toon Verwaest
fd22cfc8a4 [parser] Remove RETURN_IF* part 16
Bug: v8:8363, v8:7926
Change-Id: I9f0b9e25cf6b47c8ff32451880e348b92ab3cfaa
Reviewed-on: https://chromium-review.googlesource.com/c/1309760
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57172}
2018-10-31 14:18:10 +00:00
Jakob Gruber
517331c56e [csa] Return HeapObject from CSA allocation helpers
This addresses comments remaining from

https://crrev.com/c/1301512

Bug: v8:8238
Change-Id: Ia7687d65e90f061bb3bb87c37b84ec5559083816
Reviewed-on: https://chromium-review.googlesource.com/c/1309819
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57171}
2018-10-31 14:10:20 +00:00
Toon Verwaest
3f967aedee [parser] Get rid of the last remaining 'bool ok'
Bug: v8:7926
Change-Id: I012b5bbf25b7aa4cbef64cce302c8ae971589663
Reviewed-on: https://chromium-review.googlesource.com/c/1309758
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57170}
2018-10-31 13:58:38 +00:00
Daniel Clifford
0f15ed05b9 [torque]: Implement catch handlers for try blocks
In addition (and in combination), try statements now support "catch"
clauses at the end that catch JavaScript exceptions throw by any builtin
or runtime function contained in the try block:

  try {
    ThrowTypeError(context, ...);
  }
  catch (e) {
    // e has type Object
  }

Bug: v8:7793
Change-Id: Ie285ff888c49c112276240f7360f70c8b540ed19
Reviewed-on: https://chromium-review.googlesource.com/c/1302055
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57169}
2018-10-31 13:41:34 +00:00
Toon Verwaest
6627bdb14c [parser] Use has_error rather than has_parser_error and inline.
Bug: v8:7926
Change-Id: Icbdd05b799afd26a8eaaa67905516d82f4b1d2bd
Reviewed-on: https://chromium-review.googlesource.com/c/1309815
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57168}
2018-10-31 12:51:03 +00:00
Clemens Hammacher
ed2dd24087 [liftoff] Remove unused kNoParamRegister
R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ib926c068b468df6fcbaab9ef4734e9cd90ba553c
Reviewed-on: https://chromium-review.googlesource.com/c/1309814
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57167}
2018-10-31 11:53:58 +00:00
Toon Verwaest
70ce3103bd [parser] Remove RETURN_IF* part 15
Bug: v8:8363, v8:7926
Change-Id: I227febcb3aafb56e1c5138650b6639ddeb883b52
Reviewed-on: https://chromium-review.googlesource.com/c/1309813
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57166}
2018-10-31 11:52:52 +00:00
Clemens Hammacher
1c2394dd45 [wasm] Log code objects in a separate task
Move code logging out of the finisher task. Schedule a separate task
for logging, but only if logging is actually enabled.

R=mstarzinger@chromium.org

Bug: v8:7921
Change-Id: Ib2c7db22c87e60e204096df3e8ef5b354802984f
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/1308113
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57165}
2018-10-31 11:04:19 +00:00
Sigurd Schneider
949dffc9ed [turbolizer] Display highest node id in phase selection drop-down
Notry: true
Change-Id: Ia3cb4872703a6d1e5f6d0007a5e59afcd743907d
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1309754
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57164}
2018-10-31 10:59:14 +00:00
Sigurd Schneider
b14a2a5032 [turbolizer] Add dev server
You can now serve the page locally by running

npm i
npm run-script build
npm run-script dev-server

Notry: true
Change-Id: Iefe8459a8c53445570ecfed4cc843a4e8ed9c42d
Bug: v8:7327
Reviewed-on: https://chromium-review.googlesource.com/c/1309753
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57163}
2018-10-31 10:45:54 +00:00
Toon Verwaest
e10607a3ff [parser] Annotate ReportMessage with NOINLINE and Expect with V8_UNLIKELY
This allows the compiler to generate slightly better code and actually reduces
binary size a little.

Bug: v8:7926
Change-Id: Ib43ff1508ab85b5ffabfa4338d4f0ebacb7eac0c
Reviewed-on: https://chromium-review.googlesource.com/c/1309637
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57162}
2018-10-31 10:32:04 +00:00
Toon Verwaest
8097107a23 [parser] Remove RETURN_IF* part 14
Bug: v8:8363, v8:7926
Change-Id: Ibecb5c8df0703249207c1541ae42e60dd9f50d80
Reviewed-on: https://chromium-review.googlesource.com/c/1309635
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57161}
2018-10-31 10:26:31 +00:00
Jakob Gruber
4ef0e79cba [snapshot] Remove the builtins snapshot
Now that lazy deserialization has been removed, we can roll back all
the mechanisms we introduced to support lazy single-builtin
deserialization.

This CL moves serialized builtin code objects (i.e.
off-heap-trampolines in most cases) back into the startup snapshot.
Support classes for builtin serialization and deserialization, as well
as the builtins snapshot itself are removed. Templatization on the
allocator class is removed as well.

Tbr: delphick@chromium.org
Bug: v8:6666, v8:7990
Change-Id: I2a910f8d3278b7e27b5f18ad408361ebd18871cc
Reviewed-on: https://chromium-review.googlesource.com/c/1304539
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57160}
2018-10-31 10:18:28 +00:00
Jakob Gruber
c2f9da8246 [array] Remove invalid assertion in Array.p.reverse
Obvious in hindsight. The problem wasn't that a signaling nan snuck
into the array, but that equality comparisons always return false if
either operand is a nan.

Bug: chromium:900133
Change-Id: I9cf82afd1ad1fcc3bf7138b612f615b1bd51b98a
Reviewed-on: https://chromium-review.googlesource.com/c/1309634
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57159}
2018-10-31 09:11:59 +00:00
Toon Verwaest
bdd4a88fd9 [parser] Restore RETURN_IF after export default var decl
Bug: chromium:900383, v8:8363, v8:7926
Change-Id: I6e3e38ee4cc986757926ef745d2e35865ba797a1
Reviewed-on: https://chromium-review.googlesource.com/c/1309633
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57158}
2018-10-31 09:10:55 +00:00
Sigurd Schneider
4dff27edfc [instruction-selector-x64] Add missing CanCover check
CanCover is not transitive. The counter example are Nodes A,B,C such
that CanCover(A, B) and CanCover(B,C) and B is pure. In this case the
effect level of A and B might differ.

This CL adds a missing CanCover check to a case of shift reduction where
we assumed transitivity.

Change-Id: I9f368ffa6907d2af21bbc87b3e6570d0d422e125
Bug: v8:8384
Reviewed-on: https://chromium-review.googlesource.com/c/1307419
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57157}
2018-10-31 08:08:40 +00:00
Mathias Bynens
591c92acac [js-perf-test] Add Array#{indexOf,includes} micro-benchmark
This patch adds a micro-benchmark comparing Array#indexOf,
Array#includes, and a roughly equivalent `for` loop.

The benchmark can be used to measure any Array#{indexOf,includes}
optimizations we implement in the future.

Test:

    tools/run_perf.py --binary-override-path=out/x64.release/d8 \
      --filter=JSTests/ArrayIndexOfIncludesPolymorphic \
      --extra-flags=--trace-turbo test/js-perf-test/JSTests.json

Bug: v8:8388
Change-Id: I9150d3e56e9d4cb2ffe6baa50ee8cddf8df0ac74
Reviewed-on: https://chromium-review.googlesource.com/c/1307430
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57156}
2018-10-31 07:55:24 +00:00
Yang Guo
b32ee7b0f2 [d8] pass --no-arguments to omit top-level arguments
TBR=petermarshall@chromium.org

Bug: v8:8385
Change-Id: Iba13004e0fd03a82cb65ed497d4bd2b4d006b424
Reviewed-on: https://chromium-review.googlesource.com/c/1307417
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57155}
2018-10-31 07:42:22 +00:00
Jakob Kummerow
5cce694d60 [ubsan] More Object** replacements
mostly in HandleScopeImplementer and related classes.

Bug: v8:3770
Change-Id: I9da757c60be99434b711fe74a5f5d296a0f08b22
Reviewed-on: https://chromium-review.googlesource.com/c/1300854
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57154}
2018-10-31 05:17:16 +00:00
Jakob Kummerow
9392727982 [ubsan] Replace Object** in GlobalHandles
as part of the continuing quest to get rid of Object*/Object** entirely.
Since it fits nicely, this CL as a bonus includes the planned change to
make Handle::location() return an Address*, in the process dropping the
temporarily needed duplicate Handle::location_as_address_ptr().

Bug: v8:3770
Change-Id: I87480289ce2a62ea1ae503e73d179256b7108c5c
Reviewed-on: https://chromium-review.googlesource.com/c/1298389
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57153}
2018-10-31 00:28:40 +00:00
Junliang Yan
3d60549e73 PPC/s390: [turbofan] Add support for huge DataViews.
Port 15c31fe461

Original Commit Message:

    This introduces Word64 support for the CheckBounds operator, which now
    lowers to either CheckedUint32Bounds or CheckedUint64Bounds after the
    representation selection. The right hand side of CheckBounds can now
    be any positive safe integer on 64-bit architectures, whereas it remains
    Unsigned31 for 32-bit architectures. We only use the extended Word64
    support when the right hand side is outside the Unsigned31 range, so
    for everything except DataViews this means that the performance should
    remain the same. The typing rule for the CheckBounds operator was
    updated to reflect this new behavior.

    The CheckBounds with a right hand side outside the Unsigned31 range will
    pass a new Signed64 feedback kind, which is handled with newly introduced
    CheckedFloat64ToInt64 and CheckedTaggedToInt64 operators in representation
    selection.

    The JSCallReducer lowering for DataView getType()/setType() methods was
    updated to not smi-check the [[ByteLength]] and [[ByteOffset]] anymore,
    but instead just use the raw uintptr_t values and operate on any value
    (for 64-bit architectures these fields can hold any positive safe
    integer, for 32-bit architectures it's limited to Unsigned31 range as
    before). This means that V8 can now handle huge DataViews fully, without
    falling off a performance cliff.

    This refactoring even gave us some performance improvements, on a simple
    micro-benchmark just exercising different DataView accesses we go from

      testDataViewGetUint8: 796 ms.
      testDataViewGetUint16: 997 ms.
      testDataViewGetInt32: 994 ms.
      testDataViewGetFloat64: 997 ms.

    to

      testDataViewGetUint8: 895 ms.
      testDataViewGetUint16: 889 ms.
      testDataViewGetInt32: 888 ms.
      testDataViewGetFloat64: 890 ms.

    meaning we lost around 10% on the single byte case, but gained 10% across
    the board for all the other element sizes.

R=bmeurer@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia86089ca9ccc75405aa13600b031c72bac0279dd
Reviewed-on: https://chromium-review.googlesource.com/c/1305035
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#57152}
2018-10-30 23:45:13 +00:00
Frank Tang
38e046df6e Roll Test262
Bug: v8:7834
Change-Id: I2016b8d5e561546ec2f9b81d24c75bff0b950367
Reviewed-on: https://chromium-review.googlesource.com/c/1306896
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57151}
2018-10-30 23:42:52 +00:00
Alexey Kozyatinskiy
7e079c660b inspector: move injected script source to native
- introduced ValueMirror interface, this interface contains methods to generate
  different protocol entities,
- introduced DebugPropertyIterator, this iterator iterates through object properties
  in the following order: exotic indices, enumerable strings, all other properties,
- removed all injected script infra, e.g. closure compiler,

R=dgozman@chromium.org
TBR=yangguo@chromium.org

Bug: chromium:595206
Change-Id: Idcfc04489ee52e015ad1d1d191c3474cc65e63f2
Reviewed-on: https://chromium-review.googlesource.com/c/1308353
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57150}
2018-10-30 21:30:55 +00:00
Michael Lippautz
2995df7d30 [api] Fix AdjustAmountOfExternalAllocatedMemory memory reducer
The reduer should only fire on increasing memory.

R=ulan@chromium.org

Change-Id: I4abd956ea14730b223724a01af819be574b1aa3a
Reviewed-on: https://chromium-review.googlesource.com/c/1308354
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57149}
2018-10-30 20:51:37 +00:00
v8-ci-autoroll-builder
81ee4aa934 Update V8 DEPS.
Rolling v8/build: c55a0b9..49671d3

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/985e130..36a23a7

TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org

Change-Id: I2aeb099485078312a09866964253ba87fa714447
Reviewed-on: https://chromium-review.googlesource.com/c/1306904
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#57148}
2018-10-30 18:29:08 +00:00
Sergiy Byelozyorov
cd3f9f8d8b [tools] Remove tools/presubmit.py and move unittests/PRESUBMIT.py into its place
R=machenbach@chromium.org

No-Try: true
Bug: chromium:899028
Change-Id: I1de1f393989a63d165209e78f19284053c73ba08
Reviewed-on: https://chromium-review.googlesource.com/c/1307423
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57147}
2018-10-30 17:12:35 +00:00
Toon Verwaest
3a9668abab [parser] Remove invalid DCHECK, we can hit a stack overflow
Even though we know we're simply parsing a string as statement, we can still
hit a stack overflow on the way there.

Bug: v8:8392
Change-Id: I2471cf8273789aa33239f5c137cc2f54454acb32
Reviewed-on: https://chromium-review.googlesource.com/c/1307429
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57146}
2018-10-30 17:07:27 +00:00
Georg Neis
a1d7dc4059 Array.prototype.indexOf: Don't exclude length 2**32-1 from fast path.
I see no reason why it was excluded.

Bug: v8:8386
Change-Id: I291b12444b890db1636b00dec1837e1634b23b35
Reviewed-on: https://chromium-review.googlesource.com/c/1307428
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57145}
2018-10-30 17:06:23 +00:00
Clemens Hammacher
192bee6bac Revert "inspector: move injected script source to native"
This reverts commit 34686abe40.

Reason for revert: Compile errors on several bots, e.g. https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug%20builder/33299

Original change's description:
> inspector: move injected script source to native
> 
> - introduced ValueMirror interface, this interface contains methods to generate
>   different protocol entities,
> - introduced DebugPropertyIterator, this iterator iterates through object properties
>   in the following order: exotic indices, enumerable strings, all other properties,
> - removed all injected script infra, e.g. closure compiler,
> 
> R=​dgozman@chromium.org
> TBR=yangguo@chromium.org
> 
> Bug: chromium:595206
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I077c1879622aa0d9900d719b80d2ef5ba4221a22
> Reviewed-on: https://chromium-review.googlesource.com/c/1295550
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57142}

TBR=dgozman@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org

Change-Id: I6e4ccaf1d6b151fbc0ffe4f26daa584433321c77
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:595206
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1307432
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57144}
2018-10-30 17:04:54 +00:00
Michael Lippautz
3a85e0c602 [heap] Remove custom Scavenger trace events
Those trace events are too fine grained and heavily impact metrics
computation.

No-try: true
Change-Id: Ica07bfdf8e695689795abb1d6b215c329413ba3b
Reviewed-on: https://chromium-review.googlesource.com/c/1307431
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57143}
2018-10-30 16:48:23 +00:00
Alexey Kozyatinskiy
34686abe40 inspector: move injected script source to native
- introduced ValueMirror interface, this interface contains methods to generate
  different protocol entities,
- introduced DebugPropertyIterator, this iterator iterates through object properties
  in the following order: exotic indices, enumerable strings, all other properties,
- removed all injected script infra, e.g. closure compiler,

R=dgozman@chromium.org
TBR=yangguo@chromium.org

Bug: chromium:595206
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I077c1879622aa0d9900d719b80d2ef5ba4221a22
Reviewed-on: https://chromium-review.googlesource.com/c/1295550
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57142}
2018-10-30 16:43:55 +00:00
Sathya Gunasekaran
c65dbd5153 [class] Rewrite destructuring assignment in class field initializers
Bug: v8:5751, chromium:899537
Change-Id: I4c072727dffc9381a81eb8711c4114220345914d
Reviewed-on: https://chromium-review.googlesource.com/c/1304538
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57141}
2018-10-30 16:34:04 +00:00
Frank Tang
78c053a5c1 [Intl] Hide Intl["SegmentIterator"]
Fix the code incorrctly exposed Intl["SegmentIterator"] that caused
Unreachable code in builtins-internal.cc

Bug: chromium:900013
Change-Id: I50d457a9f065d597b3bbb77a7a45011335c959da
Reviewed-on: https://chromium-review.googlesource.com/c/1306906
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57140}
2018-10-30 16:32:54 +00:00
Toon Verwaest
f72c118d88 [ast] Drop Statement::IsEmpty
Change-Id: I45e004a64c03f31253cbbca2976894c63b0d515e
Reviewed-on: https://chromium-review.googlesource.com/c/1307427
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57139}
2018-10-30 16:24:42 +00:00
Ivica Bogosavljevic
93169821d4 MIPS: Implement AtomicPairCompareExchange through runtime
MIPS32r2 doesn't have load-linked/store-conditional instructions
that work with 64-bit values and these are now implemented through
runtime.

TEST=mjsunit/wasm/compare-exchange64-stress

Change-Id: I70d8a454dcbbdac6f30e30ec3ac0eb4d429ef62e
Reviewed-on: https://chromium-review.googlesource.com/c/1296211
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57138}
2018-10-30 15:55:43 +00:00
Peter Marshall
bd39d92272 [typedarrays] Fix invalid optimization in From for detached arrays
We didn't check if the input typed array was neutered before going to
the fast path, so we hit a CHECK in this case.

Fix this by just checking if the buffer was neutered and then going to
the 'check iterator' case if it is. This will cause a TypeError via
IterableToList, which was the same as the behavior before the
optmization was landed.

Bug: chromium:899519
Change-Id: I09e6389ea2ab1e3bef01e616721b48a9b66c1b2a
Reviewed-on: https://chromium-review.googlesource.com/c/1307422
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57137}
2018-10-30 15:53:04 +00:00
Toon Verwaest
e5e468586a [parser] Cache EmptyStatement and always kNoSourcePosition
Change-Id: I27e2e0529281008b8350e1dd219c0d38bdcb66f5
Reviewed-on: https://chromium-review.googlesource.com/c/1307424
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57136}
2018-10-30 15:22:51 +00:00
Clemens Hammacher
fd56473742 [wasm] Abort compilation from background tasks
This removes another liability of the finisher: to abort compilation
and publish errors once an error state has been set by a background
compile unit.
This CL makes background threads set the error state directly and
schedule a foreground task to actually publish the error (e.g. via the
promise).

R=mstarzinger@chromium.org

Bug: v8:7921
Change-Id: I7a6a7ca4f235c2ad374b6ffc434eb6ac7d5f54ae
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/1307425
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57135}
2018-10-30 15:16:00 +00:00
Sergiy Byelozyorov
af120db4af [tools] Correctly identify and report test crashes and infra failures
We define a TestFailedError exception and raise it when we can reliably detect
that a test has crashed. All other exceptions are treated as infra failures and
are captured by the try-catch clause in MainWrapper function.

This also fixes all tests in run_perf_test.py, run_tests_test.py and makes sure
that both are run on any changes in tools directory.

R=machenbach@chromium.org

Bug: chromium:899028
Change-Id: I283bc87b31c814be476bebe9fdda414975494183
Reviewed-on: https://chromium-review.googlesource.com/c/1303293
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57134}
2018-10-30 15:05:40 +00:00
Toon Verwaest
6d9c30cd94 [parser] Remove RETURN_IF* part 13
Bug: v8:8363, v8:7926
Change-Id: Id892a084d3c1097d8faf3cca379300f791dd942b
Reviewed-on: https://chromium-review.googlesource.com/c/1307426
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57133}
2018-10-30 14:59:08 +00:00
Alexey Kozyatinskiy
5502a8510b inspector: liveedit: update all constant pools in new_script
Change-Id: I3605ecf593c32743f5401b5e8a2d57e877ebcc7c
Reviewed-on: https://chromium-review.googlesource.com/c/1306898
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57132}
2018-10-30 14:47:57 +00:00
Igor Sheludko
2e2604b967 [ptr-compr] Introduce IsolateAllocator
to control how the memory for Isolate object is allocated.
This is the support for pointer-compression friendly heap layout.

Bug: v8:8182
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ida36b81ee22bd865005c394748b62d4c0897d746
Reviewed-on: https://chromium-review.googlesource.com/c/1251548
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57131}
2018-10-30 14:38:07 +00:00
Michael Lippautz
f46456a35c [heap] Add timeout to Scavenger barrier
Speculatively mitigation for renderer hangs in Scavenger
while waiting in a barrier.

Bug: 
Change-Id: I48520e0ffd99123dbe352d2012c911186c187e4b
Reviewed-on: https://chromium-review.googlesource.com/c/1296463
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57130}
2018-10-30 14:28:49 +00:00
Toon Verwaest
9f75c14878 [parser] Simplify StatementList parsing by splitting out directive parsing
Change-Id: I233a3f6d8b19b945cfc3572d72237ec5619d8cbc
Reviewed-on: https://chromium-review.googlesource.com/c/1307414
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57129}
2018-10-30 14:21:37 +00:00
Ivica Bogosavljevic
503cf13b76 MIPS64: Port [turbofan] Add support for huge DataViews.
Port 15c31fe461

Change-Id: Ia611585f862196d97e701b5e15560044e42b1a12
Reviewed-on: https://chromium-review.googlesource.com/c/1306439
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#57128}
2018-10-30 14:02:49 +00:00
Clemens Hammacher
fac176d813 [wasm] Fix memory limit checks
For memory limit checks, we should use the minimum of the
--wasm-max-mem-pages flag and kV8MaxWasmMemoryPages. The former is a
limit set by the user, the latter is the maximum we can handle
internally.

R=titzer@chromium.org

Bug: chromium:898677
Change-Id: I3c549f4e90dd016b5d07475d9353f30134f76dcc
Reviewed-on: https://chromium-review.googlesource.com/c/1305274
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57127}
2018-10-30 13:44:48 +00:00
Clemens Hammacher
1ff8045530 Reland "[wasm] Store compile errors in CompilationState"
This is a reland of bf3d7b9ae3

Original change's description:
> [wasm] Store compile errors in CompilationState
> 
> We are currently storing compilation errors in the individual
> compilation units and pass it to the ErrorThrower during finishing.
> This CL changes that to store errors on the CompilationState directly.
> From there, it is propagated to the ErrorThrower in the compilation
> state callback.
> This removes more work from the finisher task and slims down the
> WasmCompilationUnits.
> 
> R=mstarzinger@chromium.org
> 
> Bug: v8:8343, v8:7921
> Change-Id: Id332add43d4219d2a30fee653ed4e53a9b2698d9
> Reviewed-on: https://chromium-review.googlesource.com/c/1303720
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57091}

Bug: v8:8343, v8:7921
Change-Id: Iaa5c89d224cb2bcfca2d12eba305413a9ad95618
Reviewed-on: https://chromium-review.googlesource.com/c/1304547
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57126}
2018-10-30 13:35:00 +00:00
Hai Dang
c5c6b8bc03 Fix typing of binary operators on BigInt.
BinaryNumberOpTyper was not monotonic: if one input changes
from Number to Numeric, while the other input stays BigInt,
the result would change from Number to BigInt.

We have some fuzzing tests for monotonicity but unfortunately
they never generated the inputs required for triggering this bug.
We'll look into improving our tests.

Bug: v8:8380
Change-Id: I7320d9ae4b89ad8798bf9e97cc272edba2162a77
Reviewed-on: https://chromium-review.googlesource.com/c/1307418
Commit-Queue: Hai Dang <dhai@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57125}
2018-10-30 13:33:55 +00:00
Jakob Gruber
9eca2d3c37 [array] Keep large array allocations on the fast path
Until this CL, CSA array allocation methods only handled arrays that
could fit into new space. This behavior was preserved in a bunch
of related builtins (e.g. Array.p.map), which completely bailed out to
the slow path if larger allocations were required.

This CL adds large object space handling to array allocation functions,
which means that callers can use the more permissive kMaxFastArrayLength
boundary instead of kInitialMaxFastElementsArray.

Bug: chromium:890599
Change-Id: Idabb0ef232c2896cd453e2ae10b479bf24cbb1c1
Reviewed-on: https://chromium-review.googlesource.com/c/1301483
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57124}
2018-10-30 13:30:56 +00:00