Commit Graph

59796 Commits

Author SHA1 Message Date
Igor Sheludko
ea79fb8cc0 [builtins] Fix assertion failure in TypedArray.from()
Bug: chromium:1029658
Change-Id: I4cb201bbf0a05d2673fcb8a5d19e34a969294c5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946335
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65304}
2019-12-03 12:02:47 +00:00
Ng Zhi An
45ee6f4048 [liftoff] Change PatchPrepareStackFrame to use bytes
Calculate the number of bytes of the stack frame used in
PatchPrepareStackFrame using the size of the spill instead of the number
of slots.

We only need the number of bytes spilled (without adding the number of
locals) because whenever we spill, we already track the largest offset,
with RecordUsedSpillSlot. GetTotalFrameSlotCount can also be changed to
remove the num_locals, in a future patch.

Change-Id: I08fe3e81eaebf5f2cf1e11292645663474483447
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1945944
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65303}
2019-12-03 11:11:07 +00:00
v8-ci-autoroll-builder
73a1a844ec Update V8 DEPS.
Rolling v8/build: 00a14de..a82ba26

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0317de9..ca84a42

Rolling v8/third_party/depot_tools: 5ae4817..6d31ed5

Rolling v8/tools/clang: ae5343c..d1940b1

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I9bc8f7f48dccef25770eeaa081b36444b79b0913
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1948103
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65302}
2019-12-03 04:02:57 +00:00
Jakob Kummerow
c8ed19ac49 Yet more size_t-index fixes
CSA::TryLookupElement must check the upper bound for dictionary-mode
indices.
The "stable map + accessor" branch of FastGetOwnValuesOrEntries must
construct its LookupIterator such that it handles the named/indexed
distinction correctly.

Bug: chromium:1029338,chromium:1029369
Change-Id: I17e74ed24c260c5cfc20c61616e75db7d347f7a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943164
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65301}
2019-12-02 17:49:37 +00:00
Georg Neis
a453f701af [turbofan] Move return-value hints out of serializer environment
These hints are different from the rest (they only ever grow) and
there's no need to have them in each environment.

Bug: v8:7790
Change-Id: I56ed9671f602bcb6faba4003d84fee8b1d6e0128
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944156
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65300}
2019-12-02 17:46:51 +00:00
Jakob Kummerow
f33902c05b Fine-tune cached array indices on strings
When converting a Smi to a String, we can skip the check for a
cached array index on the result in case of a number-to-string
cache hit. When trying to convert a String back to an index, the
inlined fast path can check for a cached index (in addition to
checking for a cached known negative).
Locally this yields about 5% on the JSTests/Proxies/GetIndex* tests.

Bug: chromium:1028021
Change-Id: I117eae01b1ad9c5d107ad7e598464b96dae9a6b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943160
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65299}
2019-12-02 17:17:21 +00:00
Maya Lekova
7ecb124a67 [turbofan] Add missing data for Function.apply and .call
Add serialization of the virtual closures for Function.ptototype.apply
and Function.prototype.call. Also add tests for those.

Bug: v8:7790
Change-Id: I26374009c09958943ef36eae283a270875234e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943155
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65298}
2019-12-02 17:13:21 +00:00
Maya Lekova
69fa5f794f Revert "[wasm] Share native modules compiled from the same bytes"
This reverts commit c509bb8c55.

Reason for revert: Breaks arm64 - sim - MSAN, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/30050

Original change's description:
> [wasm] Share native modules compiled from the same bytes
> 
> Cache native modules in the wasm engine by their wire bytes. This is to
> prepare for sharing {Script} objects between multiple {WasmModuleObject}
> created from the same bytes. This also saves unnecessary compilation
> time and memory.
> 
> R=​clemensb@chromium.org
> 
> Bug: v8:6847
> Change-Id: Iad5f70efbfe3f0f134dcb851edbcec50691677e0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916603
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65296}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: I908b0f59bce26678d0b5d7fddc986384c40b4709
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946334
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65297}
2019-12-02 16:51:44 +00:00
Thibaud Michaud
c509bb8c55 [wasm] Share native modules compiled from the same bytes
Cache native modules in the wasm engine by their wire bytes. This is to
prepare for sharing {Script} objects between multiple {WasmModuleObject}
created from the same bytes. This also saves unnecessary compilation
time and memory.

R=clemensb@chromium.org

Bug: v8:6847
Change-Id: Iad5f70efbfe3f0f134dcb851edbcec50691677e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1916603
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65296}
2019-12-02 16:31:51 +00:00
Joshua Litt
e9811a74f3 [promises] Add back deferred labels to PromiseThen
Bug: v8:9838, chromium:1028016
Change-Id: Iae195ac12c8fc01506f04ed5e62fc3c0983c56e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944280
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65295}
2019-12-02 16:09:41 +00:00
Milad Farazmand
cfd32bee74 s390: [wasm-simd] Implement Simd128 Load and Store
Change-Id: I01a449f098c7be3f1e071f57542dac6b67fb366d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944279
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65294}
2019-12-02 16:03:26 +00:00
Georg Neis
647a0719bb [turbofan] Weaken a condition in ProcessHintsForPromiseResolve
... in order to be in sync with JSNativeContextSpecialization. This
probably doesn't allow any more optimizations but avoids confusing
misses in the broker trace.

Bug: v8:7790
Change-Id: Ia99a5828651468af8450028a351692482c21670c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944155
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65293}
2019-12-02 15:47:47 +00:00
Dan Elphick
6dcfaf1224 [cleanup] Remove various unused IO functions from utils.h
Removes the following functions:
Flush
AppendChars
WriteAsCFile (only from header since impl was already removed)

and moves local function AppendChars into anonymous namespace block.

Bug: v8:9810
Change-Id: Icc3ca8458eed4711f25514ac71aa0e6b413ed281
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1921797
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65292}
2019-12-02 15:41:26 +00:00
Mike Stanton
b8b6075021 [TurboFan] Loop variable analysis requires more sensitivity
Loop variable analysis doesn't recognize that the initial type of the
loop variable phi combined with the increment type may produce a NaN
result through the addition of two infinities of differing sign.

This leads to unreachable code and a SIGINT crash.

The fix is to consider this case before typing the loop variable phi,
falling back to more conservative typing if discovered.

R=neis@chromium.org

Bug: chromium:1028863
Change-Id: Ic4b5189c4c50c5bbe29e46050de630fd0673de9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946352
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65291}
2019-12-02 15:20:52 +00:00
Mike West
0da7ca8781 Add a UseCounter for SharedArrayBuffer creation.
Blink CL: https://chromium-review.googlesource.com/c/chromium/src/+/1944474

Bug: chromium:1029700
Change-Id: I91936942b21d133e06f2583a4e3c70951e5e86f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946348
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65290}
2019-12-02 15:16:46 +00:00
Dan Elphick
a38b010c5a [compiler] Add runtime stats for every pipeline phase
Each Pipeline phase now declares kRuntimeCallCounterId which is used to
record the runtime stats for the duration of the phase. As a result
some manually instantiated counters are removed.

All counters have the same name as the phase name with the v8.TF prefix
replaced with Optimize. To enforce this, the existing phase_name
declaration in each phase has been replaced with a macro that also
declares the counter id and its mode.

Bug: v8:10006
Change-Id: I836582298b60c30eb794f4c45a8bb16efa17a38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943161
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65289}
2019-12-02 14:12:03 +00:00
Clemens Backes
db2f0f0aae [wasm] Log code objects only once
Code objects are scheduled for logging during compilation. In
{CompileToNativeModule}, we then only need to ensure that these objects
are actually logged. {LogWasmCodes} would log them independently, which
leads to duplicate logging.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: I6a187f4d7adcf7ac057f3a266f66244ef7e7102f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946353
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65288}
2019-12-02 13:37:33 +00:00
Clemens Backes
5c1ed319d7 [wasm] Fix logged name of wasm-to-js wrappers
Instead of logging them as "wasm-unnamed" functions, log them as
"wasm-to-js", and append the signature.

This moves and generalizes the {AppendSignature} method that was already
used to produce the signature string for other wrappers.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: Ic911cb19a49dcbc332bf5a4aa195107522ac6945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946350
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65287}
2019-12-02 13:34:03 +00:00
Clemens Backes
5191f664ed [wasm] Also log import wrappers
Import wrappers (wasm-to-js) were missing from profiling, since their
code is never logged.
This CL fixes this by generally logging all wasm code generated, not
just actual wasm functions.

Also, instead of logging each individual code object (which requires a
lock) within another lock, move the code out of the other lock and log
all code objects at once.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: Ia250d7f3f183b2c1d8e6af4e58dd65ee27df545b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943163
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65286}
2019-12-02 12:51:04 +00:00
Clemens Backes
cce670e701 [wasm] Improve wasm code logging
This fixes a few thing regarding code logging for profiling:

1) Append the execution tier, otherwise we get two function of the same
   name.
2) Replace "wasm-function[%d]" by "<wasm-unnamed>", since the index is
   appended later anyway.
3) Avoid unneeded JS heap and C++ heap allocations during logging.

R=jkummerow@chromium.org

Bug: chromium:1029470
Change-Id: Ie7af41f21e4595f8d8c574e4ad18273f89f1cb6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943162
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65285}
2019-12-02 12:46:55 +00:00
Ng Zhi An
44c5262c78 [liftoff] Removes more uses of index
Convert more uses of index into offsets. We record spill in terms of
offsets (bytes) rather than slot index, so the name of the method can be
changed, and in GetTotalFrameSlotCount we calculate the number of slots
used in terms of number of bytes spilled.

Bug: v8:9909
Change-Id: I26484c1b040cd4711cc7998cb29d68955bf8ddb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934528
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65284}
2019-12-02 12:44:03 +00:00
Clemens Backes
17613fabc4 [wasm] Remove unactionable TODO
We already don't do the on-heap round-trip any more.

R=jkummerow@chromium.org

No-Try: true
Change-Id: Ib7223699f6907ca695f17616c280f4aa665e7291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946354
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65283}
2019-12-02 12:41:33 +00:00
Georg Neis
cab15c8190 Don't try to optimize an already-optimized function
Bug: chromium:1028208
Change-Id: I439cb5acf4487ab0e4af0dcd065f1ccb78b2e7a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946351
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65282}
2019-12-02 12:04:23 +00:00
Jakob Kummerow
c1c6e0fcde [test] Fix bigint-int64-lowered test in GC stress mode
The flag combination --gc-interval=500 --stress-compaction
--stress-flush-bytecode, combined with baking mjsunit.js into the
custom snapshot, caused type feedback for "deepEquals" to be
forgotten, leading to an unexpected soft deopt. Forcing type feedback
collection with %PrepareFunctionForOptimization() fixes that.

Change-Id: I954c7ecbe70ca5b803a5fa7cd809c118f7659f21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1946347
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65281}
2019-12-02 11:01:04 +00:00
Ng Zhi An
bb8e7dbda1 [cleanup] Move Pshufd macro into helper
Bug: v8:9810
Change-Id: I1dd90312b4ae1ad9461a27898f66d7c802dbae76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930071
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65280}
2019-12-02 10:54:07 +00:00
Ng Zhi An
d9feec1112 [wasm-simd] Force shuffle32x4 to use register for src0
Fixed: v8:9980
Bug: v8:9198
Change-Id: Idab55a3d7f7ad45a1491dc7657b8a377e569e050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1945943
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65279}
2019-12-02 10:45:23 +00:00
Ulan Degenbaev
d29299f9b7 [heap] Consolidate visiting of objects in MarkCompactCollector
This removes object visiting logic from IncrementalMarking and makes it
call the corresponding methods of MarkCompactCollector. As a result
we have one place where objects are visited (on the main thread), which
is necessary for implementing per-context visitation.

Bug: chromium:973627
Change-Id: Ibdfbb9a910b592307bdba2bd73eada35c80a0d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940154
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65278}
2019-12-02 10:38:53 +00:00
Ng Zhi An
83fc8559fa [wasm-simd] AVX codegen for load splat
Bug: v8:9886
Change-Id: I321e93d02971c6ba568d9d7c52d464ffc2754665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1929837
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65277}
2019-12-02 10:07:23 +00:00
Ng Zhi An
2fb290d79a [liftoff] Add regression test for asan dcheck failure
Adding a regression test for https://crrev.com/c/1930606.

This test was generated using --dump-wasm-module, which created a 6KB
module, and then running binaryen's wasm-reduce on it until it churned
this out, and removing an extra kExprUnreachable.

Bug: chromium:1027410
Change-Id: I14ba6ebe52f45e3b3ba943088807e110eebe0339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933592
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65276}
2019-12-02 09:40:23 +00:00
Ng Zhi An
72b68dee51 [wasm-simd] Implement load splat and load extend on arm
Bug: v8:9886
Change-Id: Idd44fb99be54c56385db55895dba58b35c1b660e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928150
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65275}
2019-12-02 09:22:23 +00:00
Ng Zhi An
5d80a202dd Add missing diasm and impl of AVX instr
This change includes splitting the existing SSE_INSTRUCTION_LIST into two:
1. sse instructions with two-operand AVX
2. sse instructions with three-operand AVX

Also a drive by fix for disasm of pblendw, the printing of imm8 doesn't
not require AND-ing with 3, since all 8 bits are significant.

Bug: v8:9561
Change-Id: I56c93a24bb9905ae6422698c793b27f3b9e66d8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1933593
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65274}
2019-12-02 09:13:53 +00:00
Simon Zünd
5bddc0e142 Implement top-level await for REPL mode
Design doc: bit.ly/v8-repl-mode

This CL allows the usage of 'await' without wrapping code in an async
function when using REPL mode in global evaluate. REPL mode evaluate
is changed to *always* return a Promise. The resolve value of the
promise is the completion value of the REPL script.

The implementation is based on two existing mechanisms:
  - Similar to async functions, the content of a REPL script is
    enclosed in a synthetic 'try' block. Any thrown error
    is used to reject the Promise of the REPL script.

  - The content of the synthetic 'try' block is also re-written the
    same way a normal script is. This is, artificial assignments to
    a ".result" variable are inserted to simulate a completion
    value. The difference for REPL scripts is, that ".result" is
    used to resolve the Promise of the REPL script.

  - ".result" is not returned directly but wrapped in an object
    literal: "{ .repl_result: .result}". This is done to prevent
    resolved promises from being chained and resolved prematurely:

    > Promse.resolve(42);

    should evaluate to a promise, not 42.

Bug: chromium:1021921
Change-Id: I00a5aafd9126ca7c97d09cd8787a3aec2821a67f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900464
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65273}
2019-12-02 09:09:43 +00:00
Bartek Nowierski
78786a2f66 Introduce and emit "function calls in detached window" use counters.
Bug: chromium:1018156
Change-Id: I2133bd8fc4ae4d9ce3c16c50887beb677d979e18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924000
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65272}
2019-12-02 08:56:13 +00:00
v8-ci-autoroll-builder
3cd044ef71 Update V8 DEPS.
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/bcfcc04..0317de9

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I21e8f3bf8a9c0cfdd3c0db2bd49386eede39870e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944233
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65271}
2019-12-02 04:30:33 +00:00
Jakob Kummerow
2fbc8b9f7a Add .clangd to .gitignore
No-Try: true
Change-Id: I9c4d6f02451872dacf6e5e172ec32afde5f80281
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943165
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65270}
2019-12-01 11:39:11 +00:00
v8-ci-autoroll-builder
3557e2021f Update V8 DEPS.
Rolling v8/build: 15fd848..00a14de

Rolling v8/third_party/googletest/src: bf0fe87..5395345

Rolling v8/tools/clang: e3d2982..ae5343c

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I22c818999d745103e09d7438839e03ca80ab7e08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944232
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65269}
2019-12-01 04:02:11 +00:00
v8-ci-autoroll-builder
b69f1a58d2 Update V8 DEPS.
Rolling v8/build: 2fc048c..15fd848

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b97d4ce..bcfcc04

Rolling v8/third_party/depot_tools: 7c62ed6..5ae4817

Rolling v8/third_party/googletest/src: 076c461..bf0fe87

Rolling v8/tools/clang: 05979d8..e3d2982

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I9ff4c73b501e7b99b0ef5e2f491d090333e6a342
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1944231
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65268}
2019-11-30 03:55:04 +00:00
Hannes Payer
f770e6171d [heap] Remove sweeping complexity around page iterability.
Change-Id: I60fdb6af5382e0ccd6bff16f89aad804c13cd900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943147
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65267}
2019-11-29 20:39:55 +00:00
Sigurd Schneider
88f8d801c6 [cctest] Check compilation result in v8_compile
This CL introduces a CHECK in v8_compile that compilation succeedes.
Previously, a failed compilation would lead to undefined behavior or
a crash in CompileRun, because it would call Script::Run on a nullptr.
This CL introduced v8_try_compile that returns a MaybeLocal and supports
test-cases that want to ensure that a compilation fails.

Bug: chromium:1014415
Change-Id: I559190da6049f325e8650e4a29c6e387d8ff7af5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943154
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65266}
2019-11-29 15:43:52 +00:00
Michael Starzinger
6c4cf05863 [wasm] Fix property accessors to not be constructors.
This fixes the accessor functions (getters and setters) for WebAssembly
accessor properties to not have 'prototype' properties and not be marked
as constructors.

R=ahaas@chromium.org
TEST=mjsunit/wasm/js-api
BUG=chromium:1027945

Change-Id: I0288f511fee1f99997031b41354ecf7b8629b783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943157
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65265}
2019-11-29 15:04:03 +00:00
Liviu Rau
dfa569b462 [goma] Whitespace to trigger builders
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: Ib485ec835d73f9da0c5379c80865ad6702293e6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943148
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65264}
2019-11-29 13:19:04 +00:00
Jakob Kummerow
c6f16db2d6 One more LookupIterator indexed/named mode fix
Reported at comment #18 of the linked bug.

Bug: chromium:1027461
Change-Id: I64fb4c4edd4df07ddf86c508dfecec7f509efc9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940262
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65263}
2019-11-29 12:46:09 +00:00
Jakob Kummerow
16342a4b73 [turbofan] Fix bigint-to-word64 constant folding
Replacing a constant BigInt with a constant int64 is only valid
when the use site has truncating semantics. (For non-constant
values, the representation changer did correctly check for this.)

Bug: chromium:1028593
Change-Id: Ib58b16ece6f21ba30153fd6cfa0560cc2d78d6a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940263
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65262}
2019-11-29 12:44:09 +00:00
Mythri A
969f9fe2ef [tools] Fix callstats.py to correctly bucket OptimizeBackground events
This cl: https://chromium-review.googlesource.com/c/v8/v8/+/1924439 has
renamed the optimize passed happening on the backgroudn to
OptimizeBackground instead of OptimizeConcurrent or RecompileConcurrent.
Concurrent optimization has main thread phases so using
OptimizeConcurrent for background computations only was a bit confusing.

Bug: chromium:1029456
Change-Id: Idd0a0ff82597bb18c2d8896c7288f268e59acc05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943156
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65261}
2019-11-29 12:31:09 +00:00
Georg Neis
3363ddd4b9 [turbofan] Fix simplified lowering of SpeculativeNumberModulus
If the inputs are Unsigned32OrMinusZeroOrNaN and we want to compile for
an Unsigned32 result, we still need to deopt if the RHS is zero (because
that must produce NaN).

Bug: chromium:1028862
Change-Id: Ib5b7cd10f8c4ec9a76b75a2b408729f1ca86ea3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943150
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65260}
2019-11-29 11:46:49 +00:00
Toon Verwaest
21ad38ef83 Revert "[runtime] Cache prototype chain enumerable keys in PrototypeInfo"
This reverts commit 5253d7bf15.

Reason for revert: Elements don't properly invalidate the cache.

Original change's description:
> [runtime] Cache prototype chain enumerable keys in PrototypeInfo
> 
> This CL adds a prototype_chain_enum_cache to cache the enumeration of a
> prototype and its entire chain on the PrototypeInfo. It can improve for-in
> performance via simply merging the receiver enumeration with this cache.
> 
> It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook.
> 
> Contributed by tao.pan@intel.com
> 
> Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65224}

TBR=verwaest@chromium.org,shiyu.zhang@intel.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Ic5d476bc8b334241b2accb8344749fcf7dcf5e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943153
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65259}
2019-11-29 11:42:29 +00:00
Sigurd Schneider
b9df6e1c36 Reland "[exceptions] Don't re-request interrupt in InvokeWithTryCatch"
This is a reland of 4ed9d48f34

CompileRun leads to undefined behavior if the compile fails;
CompileRunChecked can be used to assert that the compile must
succeed. I've removed the attempt to compile and rely on a
simpler check in the tests now.

Original change's description:
> [exceptions] Don't re-request interrupt in InvokeWithTryCatch
>
> This CL changes InvokeWithTryCatch to not re-request the terminate
> execution interrupt, but instead schedule the termination exception.
> This ensures that leaving the outermost TryCatch scope will clear
> the exception, and no interrupt remains.
>
> Previously, the interrupt request could remain and prevent further
> JavaScript execution even after the TryCatch scope was left.
>
> Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039
> Bug: chromium:1014415
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65255}

Tbr: yangguo@chromium.org, verwaest@chromium.org
Bug: chromium:1014415
Change-Id: I29444c4b7ea5a158865f54d4608f374914f7b133
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943151
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65258}
2019-11-29 11:10:30 +00:00
Michael Achenbach
e728d90e34 [test] Skip test on fuzzer
R=neis@chromium.org

No-Try: true
Change-Id: I91ebaceb036381f8183b0703ccfed58e1cbbeeb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943152
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65257}
2019-11-29 11:03:29 +00:00
Leszek Swirski
48367856b4 Revert "[exceptions] Don't re-request interrupt in InvokeWithTryCatch"
This reverts commit 4ed9d48f34.

Reason for revert: UBSan failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9084

Original change's description:
> [exceptions] Don't re-request interrupt in InvokeWithTryCatch
> 
> This CL changes InvokeWithTryCatch to not re-request the terminate
> execution interrupt, but instead schedule the termination exception.
> This ensures that leaving the outermost TryCatch scope will clear
> the exception, and no interrupt remains.
> 
> Previously, the interrupt request could remain and prevent further
> JavaScript execution even after the TryCatch scope was left.
> 
> Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039
> Bug: chromium:1014415
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65255}

TBR=yangguo@chromium.org,sigurds@chromium.org,verwaest@chromium.org

Change-Id: Iedefe5320d8bdc442a87e03698a20daf6a0ebf4f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1014415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943149
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65256}
2019-11-29 09:31:58 +00:00
Sigurd Schneider
4ed9d48f34 [exceptions] Don't re-request interrupt in InvokeWithTryCatch
This CL changes InvokeWithTryCatch to not re-request the terminate
execution interrupt, but instead schedule the termination exception.
This ensures that leaving the outermost TryCatch scope will clear
the exception, and no interrupt remains.

Previously, the interrupt request could remain and prevent further
JavaScript execution even after the TryCatch scope was left.

Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039
Bug: chromium:1014415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65255}
2019-11-29 08:55:27 +00:00