Commit Graph

59804 Commits

Author SHA1 Message Date
Nico Hartmann
e76d29b35e [Turbofan] Fixes crash on missing BigInt.asUintN argument
Bug: chromium:1029576
Change-Id: If647f764da2682a0f278b9b8060d0665fab1c40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948711
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65312}
2019-12-03 15:58:07 +00:00
Deepti Gandluri
d406c672bc Force more shuffles to use registers
Bug: chromium:1001376
Change-Id: I63811e33272715dd5b87a6d58ab2d48d3fc096a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948791
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65311}
2019-12-03 15:39:18 +00:00
Seth Brenith
3485a51de5 [compiler] Fold constants for kInt64Mul
I noticed that the generated code from the Torque macro
EnsureArrayLengthWritable included an imul instruction, even though the
inputs to that instruction are both constants. This change adds the
ability for MachineOperatorReducer to get rid of that operation.

Change-Id: Ia2050c888d76f110d1290fd9eab13853c3353a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941138
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65310}
2019-12-03 15:15:47 +00:00
Ng Zhi An
91ee5f0419 [wasm-simd] Implement f64x2 min max for arm
Bug: v8:9813
Change-Id: I8907a207448a6d3a38b5454107100959d485b8e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1925614
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65309}
2019-12-03 15:13:40 +00:00
Joshua Litt
7e632f57a2 Reland "[replaceAll] Stage String.prototype.replaceAll."
This reverts commit 3114000ac1.

Reason for revert: Clusterfuzz issue should be fixed.

Original change's description:
> Revert "[replaceAll] Stage String.prototype.replaceAll."
> 
> This reverts commit 825f65d3bd.
> 
> Reason for revert: Clusterfuzzed
> Bug: chromium:1028475
> 
> Original change's description:
> > [replaceAll] Stage String.prototype.replaceAll.
> > 
> > Intent to ship thread:
> > https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/raep1X9R_SE
> > 
> > Bug: v8:9801
> > Change-Id: I61c559b82b4119084420ffb0a14a27774e37c760
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930608
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65161}
> 
> TBR=adamk@chromium.org,joshualitt@chromium.org
> 
> Change-Id: I7fa44eda475b8f421f74491e60a3131d381eb789
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:9801
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1935024
> Reviewed-by: Joshua Litt <joshualitt@chromium.org>
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65175}

TBR=adamk@chromium.org,joshualitt@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1028475, v8:9801
Change-Id: Idb5fbd1ec38084222357aeb2d9ff05d703f10eb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946737
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65308}
2019-12-03 14:31:07 +00:00
George Wort
9fcbb5e314 [arm][arm64] Use signed extract lane.
Replace unsigned extract lane followed by sign extend
as added here https://chromium-review.googlesource.com/c/v8/v8/+/1846711
with a signed extract lane for I8x16 and I16x8.

Change-Id: I5a701417b772d12f5ef038efbb081716bb27e25a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1873700
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65307}
2019-12-03 14:28:38 +00:00
Ng Zhi An
c31ea1e8d0 [liftoff] Ignore num locals in total frame slot count
Whenever we spill, num_used_spill_bytes_ is already updated using
RecordSpillSpillSlot, so we don't need to add the number of locals.

Bug: v8:9909
Change-Id: Ieecf957e71e0711be744a3f378d8ae11b941fc5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1947349
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65306}
2019-12-03 13:33:37 +00:00
Emanuel Ziegler
7a51fe240b [wasm][bulk-memory] Adjust bulk memory behavior to proposal phase 4
The following changes were introduced with the recent proposal update:
- OOB access with 0 length traps
- Double drop of segments is allowed
- Dropped segments are treated like having size 0 (OOB error)
- Active segments are dropped right after initialization

R=ahaas@chromium.org

Change-Id: I4e9fc4d9212841c7d858585c672143f99287520d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946355
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65305}
2019-12-03 12:21:48 +00:00
Igor Sheludko
ea79fb8cc0 [builtins] Fix assertion failure in TypedArray.from()
Bug: chromium:1029658
Change-Id: I4cb201bbf0a05d2673fcb8a5d19e34a969294c5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946335
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65304}
2019-12-03 12:02:47 +00:00
Ng Zhi An
45ee6f4048 [liftoff] Change PatchPrepareStackFrame to use bytes
Calculate the number of bytes of the stack frame used in
PatchPrepareStackFrame using the size of the spill instead of the number
of slots.

We only need the number of bytes spilled (without adding the number of
locals) because whenever we spill, we already track the largest offset,
with RecordUsedSpillSlot. GetTotalFrameSlotCount can also be changed to
remove the num_locals, in a future patch.

Change-Id: I08fe3e81eaebf5f2cf1e11292645663474483447
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1945944
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65303}
2019-12-03 11:11:07 +00:00
v8-ci-autoroll-builder
73a1a844ec Update V8 DEPS.
Rolling v8/build: 00a14de..a82ba26

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0317de9..ca84a42

Rolling v8/third_party/depot_tools: 5ae4817..6d31ed5

Rolling v8/tools/clang: ae5343c..d1940b1

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I9bc8f7f48dccef25770eeaa081b36444b79b0913
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948103
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65302}
2019-12-03 04:02:57 +00:00
Jakob Kummerow
c8ed19ac49 Yet more size_t-index fixes
CSA::TryLookupElement must check the upper bound for dictionary-mode
indices.
The "stable map + accessor" branch of FastGetOwnValuesOrEntries must
construct its LookupIterator such that it handles the named/indexed
distinction correctly.

Bug: chromium:1029338,chromium:1029369
Change-Id: I17e74ed24c260c5cfc20c61616e75db7d347f7a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943164
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65301}
2019-12-02 17:49:37 +00:00
Georg Neis
a453f701af [turbofan] Move return-value hints out of serializer environment
These hints are different from the rest (they only ever grow) and
there's no need to have them in each environment.

Bug: v8:7790
Change-Id: I56ed9671f602bcb6faba4003d84fee8b1d6e0128
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944156
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65300}
2019-12-02 17:46:51 +00:00
Jakob Kummerow
f33902c05b Fine-tune cached array indices on strings
When converting a Smi to a String, we can skip the check for a
cached array index on the result in case of a number-to-string
cache hit. When trying to convert a String back to an index, the
inlined fast path can check for a cached index (in addition to
checking for a cached known negative).
Locally this yields about 5% on the JSTests/Proxies/GetIndex* tests.

Bug: chromium:1028021
Change-Id: I117eae01b1ad9c5d107ad7e598464b96dae9a6b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943160
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65299}
2019-12-02 17:17:21 +00:00
Maya Lekova
7ecb124a67 [turbofan] Add missing data for Function.apply and .call
Add serialization of the virtual closures for Function.ptototype.apply
and Function.prototype.call. Also add tests for those.

Bug: v8:7790
Change-Id: I26374009c09958943ef36eae283a270875234e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943155
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65298}
2019-12-02 17:13:21 +00:00
Maya Lekova
69fa5f794f Revert "[wasm] Share native modules compiled from the same bytes"
This reverts commit c509bb8c55.

Reason for revert: Breaks arm64 - sim - MSAN, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/30050

Original change's description:
> [wasm] Share native modules compiled from the same bytes
> 
> Cache native modules in the wasm engine by their wire bytes. This is to
> prepare for sharing {Script} objects between multiple {WasmModuleObject}
> created from the same bytes. This also saves unnecessary compilation
> time and memory.
> 
> R=​clemensb@chromium.org
> 
> Bug: v8:6847
> Change-Id: Iad5f70efbfe3f0f134dcb851edbcec50691677e0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916603
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65296}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: I908b0f59bce26678d0b5d7fddc986384c40b4709
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946334
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65297}
2019-12-02 16:51:44 +00:00
Thibaud Michaud
c509bb8c55 [wasm] Share native modules compiled from the same bytes
Cache native modules in the wasm engine by their wire bytes. This is to
prepare for sharing {Script} objects between multiple {WasmModuleObject}
created from the same bytes. This also saves unnecessary compilation
time and memory.

R=clemensb@chromium.org

Bug: v8:6847
Change-Id: Iad5f70efbfe3f0f134dcb851edbcec50691677e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916603
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65296}
2019-12-02 16:31:51 +00:00
Joshua Litt
e9811a74f3 [promises] Add back deferred labels to PromiseThen
Bug: v8:9838, chromium:1028016
Change-Id: Iae195ac12c8fc01506f04ed5e62fc3c0983c56e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944280
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65295}
2019-12-02 16:09:41 +00:00
Milad Farazmand
cfd32bee74 s390: [wasm-simd] Implement Simd128 Load and Store
Change-Id: I01a449f098c7be3f1e071f57542dac6b67fb366d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944279
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65294}
2019-12-02 16:03:26 +00:00
Georg Neis
647a0719bb [turbofan] Weaken a condition in ProcessHintsForPromiseResolve
... in order to be in sync with JSNativeContextSpecialization. This
probably doesn't allow any more optimizations but avoids confusing
misses in the broker trace.

Bug: v8:7790
Change-Id: Ia99a5828651468af8450028a351692482c21670c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944155
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65293}
2019-12-02 15:47:47 +00:00
Dan Elphick
6dcfaf1224 [cleanup] Remove various unused IO functions from utils.h
Removes the following functions:
Flush
AppendChars
WriteAsCFile (only from header since impl was already removed)

and moves local function AppendChars into anonymous namespace block.

Bug: v8:9810
Change-Id: Icc3ca8458eed4711f25514ac71aa0e6b413ed281
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921797
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65292}
2019-12-02 15:41:26 +00:00
Mike Stanton
b8b6075021 [TurboFan] Loop variable analysis requires more sensitivity
Loop variable analysis doesn't recognize that the initial type of the
loop variable phi combined with the increment type may produce a NaN
result through the addition of two infinities of differing sign.

This leads to unreachable code and a SIGINT crash.

The fix is to consider this case before typing the loop variable phi,
falling back to more conservative typing if discovered.

R=neis@chromium.org

Bug: chromium:1028863
Change-Id: Ic4b5189c4c50c5bbe29e46050de630fd0673de9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946352
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65291}
2019-12-02 15:20:52 +00:00
Mike West
0da7ca8781 Add a UseCounter for SharedArrayBuffer creation.
Blink CL: https://chromium-review.googlesource.com/c/chromium/src/+/1944474

Bug: chromium:1029700
Change-Id: I91936942b21d133e06f2583a4e3c70951e5e86f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946348
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65290}
2019-12-02 15:16:46 +00:00
Dan Elphick
a38b010c5a [compiler] Add runtime stats for every pipeline phase
Each Pipeline phase now declares kRuntimeCallCounterId which is used to
record the runtime stats for the duration of the phase. As a result
some manually instantiated counters are removed.

All counters have the same name as the phase name with the v8.TF prefix
replaced with Optimize. To enforce this, the existing phase_name
declaration in each phase has been replaced with a macro that also
declares the counter id and its mode.

Bug: v8:10006
Change-Id: I836582298b60c30eb794f4c45a8bb16efa17a38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65289}
2019-12-02 14:12:03 +00:00
Clemens Backes
db2f0f0aae [wasm] Log code objects only once
Code objects are scheduled for logging during compilation. In
{CompileToNativeModule}, we then only need to ensure that these objects
are actually logged. {LogWasmCodes} would log them independently, which
leads to duplicate logging.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: I6a187f4d7adcf7ac057f3a266f66244ef7e7102f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946353
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65288}
2019-12-02 13:37:33 +00:00
Clemens Backes
5c1ed319d7 [wasm] Fix logged name of wasm-to-js wrappers
Instead of logging them as "wasm-unnamed" functions, log them as
"wasm-to-js", and append the signature.

This moves and generalizes the {AppendSignature} method that was already
used to produce the signature string for other wrappers.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: Ic911cb19a49dcbc332bf5a4aa195107522ac6945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946350
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65287}
2019-12-02 13:34:03 +00:00
Clemens Backes
5191f664ed [wasm] Also log import wrappers
Import wrappers (wasm-to-js) were missing from profiling, since their
code is never logged.
This CL fixes this by generally logging all wasm code generated, not
just actual wasm functions.

Also, instead of logging each individual code object (which requires a
lock) within another lock, move the code out of the other lock and log
all code objects at once.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: Ia250d7f3f183b2c1d8e6af4e58dd65ee27df545b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943163
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65286}
2019-12-02 12:51:04 +00:00
Clemens Backes
cce670e701 [wasm] Improve wasm code logging
This fixes a few thing regarding code logging for profiling:

1) Append the execution tier, otherwise we get two function of the same
   name.
2) Replace "wasm-function[%d]" by "<wasm-unnamed>", since the index is
   appended later anyway.
3) Avoid unneeded JS heap and C++ heap allocations during logging.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: Ie7af41f21e4595f8d8c574e4ad18273f89f1cb6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943162
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65285}
2019-12-02 12:46:55 +00:00
Ng Zhi An
44c5262c78 [liftoff] Removes more uses of index
Convert more uses of index into offsets. We record spill in terms of
offsets (bytes) rather than slot index, so the name of the method can be
changed, and in GetTotalFrameSlotCount we calculate the number of slots
used in terms of number of bytes spilled.

Bug: v8:9909
Change-Id: I26484c1b040cd4711cc7998cb29d68955bf8ddb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934528
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65284}
2019-12-02 12:44:03 +00:00
Clemens Backes
17613fabc4 [wasm] Remove unactionable TODO
We already don't do the on-heap round-trip any more.

R=jkummerow@chromium.org

No-Try: true
Change-Id: Ib7223699f6907ca695f17616c280f4aa665e7291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946354
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65283}
2019-12-02 12:41:33 +00:00
Georg Neis
cab15c8190 Don't try to optimize an already-optimized function
Bug: chromium:1028208
Change-Id: I439cb5acf4487ab0e4af0dcd065f1ccb78b2e7a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946351
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65282}
2019-12-02 12:04:23 +00:00
Jakob Kummerow
c1c6e0fcde [test] Fix bigint-int64-lowered test in GC stress mode
The flag combination --gc-interval=500 --stress-compaction
--stress-flush-bytecode, combined with baking mjsunit.js into the
custom snapshot, caused type feedback for "deepEquals" to be
forgotten, leading to an unexpected soft deopt. Forcing type feedback
collection with %PrepareFunctionForOptimization() fixes that.

Change-Id: I954c7ecbe70ca5b803a5fa7cd809c118f7659f21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946347
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65281}
2019-12-02 11:01:04 +00:00
Ng Zhi An
bb8e7dbda1 [cleanup] Move Pshufd macro into helper
Bug: v8:9810
Change-Id: I1dd90312b4ae1ad9461a27898f66d7c802dbae76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930071
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65280}
2019-12-02 10:54:07 +00:00
Ng Zhi An
d9feec1112 [wasm-simd] Force shuffle32x4 to use register for src0
Fixed: v8:9980
Bug: v8:9198
Change-Id: Idab55a3d7f7ad45a1491dc7657b8a377e569e050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1945943
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65279}
2019-12-02 10:45:23 +00:00
Ulan Degenbaev
d29299f9b7 [heap] Consolidate visiting of objects in MarkCompactCollector
This removes object visiting logic from IncrementalMarking and makes it
call the corresponding methods of MarkCompactCollector. As a result
we have one place where objects are visited (on the main thread), which
is necessary for implementing per-context visitation.

Bug: chromium:973627
Change-Id: Ibdfbb9a910b592307bdba2bd73eada35c80a0d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940154
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65278}
2019-12-02 10:38:53 +00:00
Ng Zhi An
83fc8559fa [wasm-simd] AVX codegen for load splat
Bug: v8:9886
Change-Id: I321e93d02971c6ba568d9d7c52d464ffc2754665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929837
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65277}
2019-12-02 10:07:23 +00:00
Ng Zhi An
2fb290d79a [liftoff] Add regression test for asan dcheck failure
Adding a regression test for https://crrev.com/c/1930606.

This test was generated using --dump-wasm-module, which created a 6KB
module, and then running binaryen's wasm-reduce on it until it churned
this out, and removing an extra kExprUnreachable.

Bug: chromium:1027410
Change-Id: I14ba6ebe52f45e3b3ba943088807e110eebe0339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933592
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65276}
2019-12-02 09:40:23 +00:00
Ng Zhi An
72b68dee51 [wasm-simd] Implement load splat and load extend on arm
Bug: v8:9886
Change-Id: Idd44fb99be54c56385db55895dba58b35c1b660e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928150
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65275}
2019-12-02 09:22:23 +00:00
Ng Zhi An
5d80a202dd Add missing diasm and impl of AVX instr
This change includes splitting the existing SSE_INSTRUCTION_LIST into two:
1. sse instructions with two-operand AVX
2. sse instructions with three-operand AVX

Also a drive by fix for disasm of pblendw, the printing of imm8 doesn't
not require AND-ing with 3, since all 8 bits are significant.

Bug: v8:9561
Change-Id: I56c93a24bb9905ae6422698c793b27f3b9e66d8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933593
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65274}
2019-12-02 09:13:53 +00:00
Simon Zünd
5bddc0e142 Implement top-level await for REPL mode
Design doc: bit.ly/v8-repl-mode

This CL allows the usage of 'await' without wrapping code in an async
function when using REPL mode in global evaluate. REPL mode evaluate
is changed to *always* return a Promise. The resolve value of the
promise is the completion value of the REPL script.

The implementation is based on two existing mechanisms:
  - Similar to async functions, the content of a REPL script is
    enclosed in a synthetic 'try' block. Any thrown error
    is used to reject the Promise of the REPL script.

  - The content of the synthetic 'try' block is also re-written the
    same way a normal script is. This is, artificial assignments to
    a ".result" variable are inserted to simulate a completion
    value. The difference for REPL scripts is, that ".result" is
    used to resolve the Promise of the REPL script.

  - ".result" is not returned directly but wrapped in an object
    literal: "{ .repl_result: .result}". This is done to prevent
    resolved promises from being chained and resolved prematurely:

    > Promse.resolve(42);

    should evaluate to a promise, not 42.

Bug: chromium:1021921
Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65273}
2019-12-02 09:09:43 +00:00
Bartek Nowierski
78786a2f66 Introduce and emit "function calls in detached window" use counters.
Bug: chromium:1018156
Change-Id: I2133bd8fc4ae4d9ce3c16c50887beb677d979e18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924000
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65272}
2019-12-02 08:56:13 +00:00
v8-ci-autoroll-builder
3cd044ef71 Update V8 DEPS.
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/bcfcc04..0317de9

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I21e8f3bf8a9c0cfdd3c0db2bd49386eede39870e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944233
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65271}
2019-12-02 04:30:33 +00:00
Jakob Kummerow
2fbc8b9f7a Add .clangd to .gitignore
No-Try: true
Change-Id: I9c4d6f02451872dacf6e5e172ec32afde5f80281
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943165
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65270}
2019-12-01 11:39:11 +00:00
v8-ci-autoroll-builder
3557e2021f Update V8 DEPS.
Rolling v8/build: 15fd848..00a14de

Rolling v8/third_party/googletest/src: bf0fe87..5395345

Rolling v8/tools/clang: e3d2982..ae5343c

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I22c818999d745103e09d7438839e03ca80ab7e08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944232
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65269}
2019-12-01 04:02:11 +00:00
v8-ci-autoroll-builder
b69f1a58d2 Update V8 DEPS.
Rolling v8/build: 2fc048c..15fd848

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b97d4ce..bcfcc04

Rolling v8/third_party/depot_tools: 7c62ed6..5ae4817

Rolling v8/third_party/googletest/src: 076c461..bf0fe87

Rolling v8/tools/clang: 05979d8..e3d2982

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I9ff4c73b501e7b99b0ef5e2f491d090333e6a342
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944231
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65268}
2019-11-30 03:55:04 +00:00
Hannes Payer
f770e6171d [heap] Remove sweeping complexity around page iterability.
Change-Id: I60fdb6af5382e0ccd6bff16f89aad804c13cd900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943147
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65267}
2019-11-29 20:39:55 +00:00
Sigurd Schneider
88f8d801c6 [cctest] Check compilation result in v8_compile
This CL introduces a CHECK in v8_compile that compilation succeedes.
Previously, a failed compilation would lead to undefined behavior or
a crash in CompileRun, because it would call Script::Run on a nullptr.
This CL introduced v8_try_compile that returns a MaybeLocal and supports
test-cases that want to ensure that a compilation fails.

Bug: chromium:1014415
Change-Id: I559190da6049f325e8650e4a29c6e387d8ff7af5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943154
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65266}
2019-11-29 15:43:52 +00:00
Michael Starzinger
6c4cf05863 [wasm] Fix property accessors to not be constructors.
This fixes the accessor functions (getters and setters) for WebAssembly
accessor properties to not have 'prototype' properties and not be marked
as constructors.

R=ahaas@chromium.org
TEST=mjsunit/wasm/js-api
BUG=chromium:1027945

Change-Id: I0288f511fee1f99997031b41354ecf7b8629b783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943157
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65265}
2019-11-29 15:04:03 +00:00
Liviu Rau
dfa569b462 [goma] Whitespace to trigger builders
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: Ib485ec835d73f9da0c5379c80865ad6702293e6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943148
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65264}
2019-11-29 13:19:04 +00:00
Jakob Kummerow
c6f16db2d6 One more LookupIterator indexed/named mode fix
Reported at comment #18 of the linked bug.

Bug: chromium:1027461
Change-Id: I64fb4c4edd4df07ddf86c508dfecec7f509efc9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940262
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65263}
2019-11-29 12:46:09 +00:00