Commit Graph

43650 Commits

Author SHA1 Message Date
Jakob Kummerow
ec2f4acf4b [ubsan] Clean up macro usage in *-inl.h
The incremental migration required several pairs of functionally
equivalent macros. This patch consolidates everything onto the
respective new version and drops the obsolete versions.

Bug: v8:3770
Change-Id: I4fb05ff223e8250c83a13f46840810b0893f410b
Reviewed-on: https://chromium-review.googlesource.com/c/1398223
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58659}
2019-01-09 12:05:15 +00:00
Michael Starzinger
56bed77bd5 [arm] Enable write-protected code pages.
R=hablich@chromium.org
BUG=chromium:845877

Change-Id: Ia5ede7b5aaa4d5937160b1e0733132c47afeb712
Reviewed-on: https://chromium-review.googlesource.com/c/1400407
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58658}
2019-01-09 11:18:15 +00:00
Toon Verwaest
5b4d4c2401 [parser] Parenthesized identifiers are invalid as part of a declaration
Bug: v8:8659
Change-Id: I7208589dcb5c40dd915a50517f83f3da646202be
Reviewed-on: https://chromium-review.googlesource.com/c/1402547
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58657}
2019-01-09 11:02:55 +00:00
Clemens Hammacher
c26b4977d6 [wasm] Create runtime objects later
For compilation we only need the NativeModule. Thus only create this
before compilation, create other runtime objects later.
This is a first step towards removing the deferred handles and
clustering all foreground work in one chunk after compilation.

R=ahaas@chromium.org

Bug: v8:7921, v8:8423
Change-Id: If62387d68ddf0f5e067adbaef5fbeca7178958a4
Reviewed-on: https://chromium-review.googlesource.com/c/1402544
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58656}
2019-01-09 11:01:15 +00:00
Predrag Rudic
b0dc60f6b3 MIPS[64]: Port '[Deopt] Remove jump table in prologue of deopt entries.'
Port commit 4ab96a9a81

Original message:
> Remove the use of a jump table in the prologue of the deopt entries
> and instead pass the bailout id explicitly in a register when calling
> the deopt entry routine from optimized code. This unifies the logic
> with the way the Arm64 code works. It saves the following amount of
> memory in code stubs:
>
>  - arm:  384KB
>  - ia32: 480KB
>  - x64:  240KB
>
> This could be offset by a slight increase in the size of optimized code
> for loading the immediate, however this impact should be minimal and
> will scale with the maximum number of bailout ids (e.g., the size of
> code will increase by one instruction per bailout id on Arm, therefore
> ~98,000 bailouts will be needed before the overhead is greater than
> the current fixed table size).
>
> Change-Id: I838604b48fa04cbd45320c7b9dac0de08fd8eb25
> Reviewed-on: https://chromium-review.googlesource.com/c/1398224
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58636}

Change-Id: I4d070b90ebd4f9d4e82eaa74fe6d41c3a39d93e8
Reviewed-on: https://chromium-review.googlesource.com/c/1400848
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Commit-Queue: Sreten Kovacevic <skovacevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#58655}
2019-01-09 10:14:59 +00:00
Jakob Gruber
ba712bf89f [csa] Call FatalProcessOutOfMemory in OOM situations
OOMs in CSA code would trigger fairly arbitrary assertion failures on
some paths. This changes CSA::AllocateRaw to call
FatalProcessOutOfMemory (just like runtime methods).
CSA::AllocateFixedArray additionally checks for
FixedArray::kMaxLength.

This increases overall builtin code size on x64 release by 28K / 2.5%.

Bug: chromium:917561, chromium:848672
Change-Id: I757271264f396e0df8d8fe0570bad078075c27d5
Reviewed-on: https://chromium-review.googlesource.com/c/1400414
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58654}
2019-01-09 10:08:39 +00:00
Tom Tan
934af8dde9 .rodata from embedded.S should be read only
.rodata usually hosts read only data. MSVC link.exe complains mismatch when
merging this read/write .rodata from embedded.S with .rodata from other object
file.

Bug: chromium:919180
Change-Id: I7789e42afe116cc4bf772e2cbb312d19e4ce7fe5
Reviewed-on: https://chromium-review.googlesource.com/c/1396361
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58653}
2019-01-09 07:58:51 +00:00
Joyee Cheung
c8561b1ad4 [parser] add source posisionts to private field synthetic variables
Bug: v8:8354
Change-Id: I20bb169695d7ecca739f14f9a3ddfafed0dcb964
Reviewed-on: https://chromium-review.googlesource.com/c/1393284
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58652}
2019-01-09 05:11:24 +00:00
Sathya Gunasekaran
f417b4aad8 [class] Fix early error for duplicate private fields
Bug: v8:8656
Change-Id: I86f00d377ac99a065c4ecf02abed08ec4feb3686
Reviewed-on: https://chromium-review.googlesource.com/c/1401214
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58650}
2019-01-09 00:53:05 +00:00
Deepti Gandluri
f8e2634e96 [wasm] Add SIMD Shuffles for x64
Change-Id: I241565dea56db982a46eed8ecdd2fd2692c368ce
Reviewed-on: https://chromium-review.googlesource.com/c/1395800
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58648}
2019-01-08 21:46:39 +00:00
Frank Tang
c985078234 [Intl] Fix -0 formatting bugs
The spec changed in 7/2018 to treat -0 and 0 differently.
https://github.com/tc39/ecma402/pull/232

Bug: v8:7474, v8:8099
Change-Id: I77db4ae716b081b7628dc7ee253a463520c7f6e9
Reviewed-on: https://chromium-review.googlesource.com/c/1400403
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58645}
2019-01-08 19:10:42 +00:00
Clemens Hammacher
d953d9fb24 [compiler] Add fast path for simple parallel moves
Most parallel moves do not actually require the heavy analysis in the
GapResolver since there is no overlap between source and destination
registers. Handle some of these cases by a fast-path to avoid the
quadratic behaviour in the general case.
The fast path is taken for about 2/3 of the non-empty parallel moves on
wasm workloads.

R=herhut@chromium.org, titzer@chromium.org

Bug: v8:8423
Change-Id: I026256fd6cf268f176fccc97f0f427e07629aeb3
Reviewed-on: https://chromium-review.googlesource.com/c/1400410
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58644}
2019-01-08 17:50:40 +00:00
Mike Stanton
780818726a [Torque] Array.prototype.filter moves to Torque.
Change-Id: Ifc71ae885b2a08b898ace7f75a8df0ca2b9c3a3d
Reviewed-on: https://chromium-review.googlesource.com/c/1275820
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58643}
2019-01-08 16:13:50 +00:00
Peter Marshall
8784512feb [cpu-profiler] Add logging to flaky tests
These flakes can't be reproduced locally so we need more information
when they fail. Add some logging so that we can figure out why they
are breaking.

Bug: v8:8649, v8:8648
Change-Id: I2fb1384bb7592c6fc68c08952505e79329f00bec
Reviewed-on: https://chromium-review.googlesource.com/c/1400418
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58641}
2019-01-08 15:38:42 +00:00
Yang Guo
052083f1f8 [d8] no longer require js2c for d8
R=jgruber@chromium.org

Bug: v8:7624
Change-Id: I357e0b9d497ebff03e0e41a3495621c5b4c63464
Reviewed-on: https://chromium-review.googlesource.com/c/1400402
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58640}
2019-01-08 15:11:30 +00:00
Peter Marshall
9e15860520 [cpu-profiler] De-duplicate CodeEntry objects for inline stacks
Within an inline stack we would have multiple copies of the exact same
CodeEntry object to represent an inline frame. We had one copy for every
time that the frame appeared in an inline stack. One CodeEntry can have
multiple inline stacks and each stack can have multiple inline frames.
In the common case, the stacks overlap and repeat frames.

This CL creates a single CodeEntry object to represent each inlined
function as an inline frame (for a given CodeEntry with inlinings). This
removes most of the duplication of inline CodeEntry objects. We still
have some duplication, e.g. if we inline bar() into foo() and foo2() but
they are not themselves inlined into anything, then we will have two
inline CodeEntry objects for bar(). Removing all duplication is harder
to achieve because the lifetime of the inlined frame CodeEntry is now no
longer tied to the inliner.

Get rid of the InlineEntry struct as it is now indentical to
CodeEntryAndLineNumber.

We store the list of canonical inline CodeEntry objects on the
CodeObject of the inlining function so that it can own the lifetimes of
inlined frames.

Also rename inline_locations_ to inline_stacks_ to be clearer.

Bug: v8:7719

Change-Id: Ied765b4cce7fd33f3290798331f1e6767cc42e8c
Reviewed-on: https://chromium-review.googlesource.com/c/1396086
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58639}
2019-01-08 14:57:46 +00:00
Toon Verwaest
379095c1e1 [parser] Simplify assignment parsing
Change-Id: Ie157933d32acf89ff3c1571c843f07ff6fd1c525
Reviewed-on: https://chromium-review.googlesource.com/c/1400782
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58638}
2019-01-08 14:56:10 +00:00
Toon Verwaest
7c3595effa [parser] Reparse arrow functions with unidentified syntax errors in the correct scope
Bug: chromium:919710
Change-Id: I5a04e76fbc925a89b0ebe1916637f6ae5d109b24
Reviewed-on: https://chromium-review.googlesource.com/c/1400419
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58637}
2019-01-08 14:46:07 +00:00
Ross McIlroy
4ab96a9a81 [Deopt] Remove jump table in prologue of deopt entries.
Remove the use of a jump table in the prologue of the deopt entries
and instead pass the bailout id explicitly in a register when calling
the deopt entry routine from optimized code. This unifies the logic
with the way the Arm64 code works. It saves the following amount of
memory in code stubs:

 - arm:  384KB
 - ia32: 480KB
 - x64:  240KB

This could be offset by a slight increase in the size of optimized code
for loading the immediate, however this impact should be minimal and
will scale with the maximum number of bailout ids (e.g., the size of
code will increase by one instruction per bailout id on Arm, therefore
~98,000 bailouts will be needed before the overhead is greater than
the current fixed table size).

Change-Id: I838604b48fa04cbd45320c7b9dac0de08fd8eb25
Reviewed-on: https://chromium-review.googlesource.com/c/1398224
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58636}
2019-01-08 14:14:10 +00:00
Camillo Bruni
9cd84510be [parser] Avoid processing empty preparse data objects
Always precheck that the PreparseData has data before serializing it.

Drive-by-fix:
- rename preparsed_scope_data_builder_ to preparse_data_builder_

Change-Id: I8e709af8f69db44e03caa9132f06a7b8c906bfdb
Reviewed-on: https://chromium-review.googlesource.com/c/1387305
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58635}
2019-01-08 14:03:03 +00:00
Michael Achenbach
58ca563860 Revert "[wasm] Remove finisher task"
This reverts commit ac2fb66b65.

Reason for revert: Flakily crashes on several bots:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win32/18524
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20msvc/6824
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20-%20internal%20snapshot/19766

Original change's description:
> [wasm] Remove finisher task
> 
> This removes the finisher task and instead finishes compilation units
> from the background.
> It also changes ownership of the AsyncCompileJob to be shared among all
> tasks that still operate on it. The AsyncCompileJob dies when the last
> reference dies.
> 
> R=​ahaas@chromium.org
> CC=​​​mstarzinger@chromium.org
> 
> Bug: v8:7921, v8:8423
> Change-Id: Id09378327dfc146459ef41bc97176a8716756ae4
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/1335553
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58630}

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: I6b332b66adaec8f713fb31f4c8517cae7ebb4645
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7921, v8:8423
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1400420
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58634}
2019-01-08 13:58:12 +00:00
Stephan Herhut
2dfba659dd [regalloc] Prefer registers that are not used for arguments.
Simple experiment that prefers free registers that are not used for
arguments to prevent cases where we allocate a free register without
hint and thereby block later uses of that register for no good
reason.

Bug: v8:8311
Change-Id: I95e96b150410e97937cb72d575ae6bece9ee08f9
Reviewed-on: https://chromium-review.googlesource.com/c/1397668
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58633}
2019-01-08 13:33:00 +00:00
Andreas Haas
0adcb82a8b [wasm][anyref] Allow export of mutable anyref globals
R=titzer@chromium.org

Bug: v8:7581
Change-Id: I4725eada889cc8cf6a3ca537f05b1da2f5e83f2b
Reviewed-on: https://chromium-review.googlesource.com/c/1400413
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58632}
2019-01-08 13:30:59 +00:00
peterwmwong
7164251aec [js] Remove macros.py and simplify js2c.py
- Remove macros.py
- Inlines macros into d8.js
- Remove dead code (macros and message templates)
  from js2c.py
- Remove empty src/js directory

Bug: v8:7624
Change-Id: I8dfb69f2f8cb3746b67de816ffc8eb305cbcdee6
Reviewed-on: https://chromium-review.googlesource.com/c/1400150
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58631}
2019-01-08 13:26:02 +00:00
Clemens Hammacher
ac2fb66b65 [wasm] Remove finisher task
This removes the finisher task and instead finishes compilation units
from the background.
It also changes ownership of the AsyncCompileJob to be shared among all
tasks that still operate on it. The AsyncCompileJob dies when the last
reference dies.

R=ahaas@chromium.org
CC=​​mstarzinger@chromium.org

Bug: v8:7921, v8:8423
Change-Id: Id09378327dfc146459ef41bc97176a8716756ae4
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1335553
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58630}
2019-01-08 13:24:57 +00:00
Toon Verwaest
f9529f6b45 [parser] Disambiguate variables through expression-scope
Previously we'd always push variable proxies into the unresolved list of the
current scope, and possibly delete them from the list later in case they end up
being declarations. If variables become assigned, there were two ways to mark
them as such: The preparser would marked the variables tracked on the
PreParserExpression, and the parser would traverse the LHS AST to find and mark
all variables.

After this CL, if the scope already knows it's tracking declarations, the
variables are never added to the unresolved list in the first place. If the
scope is ambigous, it tracks the variable proxies on the side and only adds
them to the unresolved list if they end up being references rather than
declarations. The same list is now used to bulk mark all LHS variables as
assigned; uniformely for both the parser and the preparser.

In a next step we'll also use the scope to create declarations. That way we can
stop tracking variables_ on PreParserExpression altogether.

Change-Id: I6ada37006cc2e066731f29cd4ea314550fc7959f
Reviewed-on: https://chromium-review.googlesource.com/c/1397669
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58629}
2019-01-08 13:21:56 +00:00
Jakob Kummerow
683dd5fe17 [ubsan] Misc post-Object-migration cleanup
Bug: v8:3770
Change-Id: I9214212454034cf1238cab43dc34d8d9f8ed2d37
Reviewed-on: https://chromium-review.googlesource.com/c/1398222
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58627}
2019-01-08 12:34:34 +00:00
Clemens Hammacher
495c24b276 [compiler] Cleanup owners file
Backend is split out, so remove backend owners from src/compiler. Also,
mention explicitly in src/compiler/backend that also all src/compiler
owners are owners there.

R=titzer@chromium.org

No-Try: true
Change-Id: I5409946f65bf27337b715af555083a4804fbb8dd
Reviewed-on: https://chromium-review.googlesource.com/c/1400411
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58626}
2019-01-08 12:08:41 +00:00
Andreas Haas
741f2312d1 [wasm][anyref] Allow anyref values in WebAssembly.Global objects
This CL adds support for anyref in WebAssembly.Global objects. Note
that the specification is not complete yet in this area.

I did the following changes:
- I renamed the `array_buffer` field of WasmGlobalObject to
  `untagged_buffer`
- I added an additional field of type FixedArray, `tagged_buffer`.
  - In the constructor of WasmGlobalObject I allocate either the former
    or the latter, but not both.
- In the WebAssembly.Global constructor I added special handling for
  the case where no initial value is provided. In that case I set the
  inital value to `null` and not to `undefined`.

R=titzer@chromium.org

Bug: v8:7581
Change-Id: I7e4855d7e6c04a9bcdc7ebd450caca5819d060e2
Reviewed-on: https://chromium-review.googlesource.com/c/1398226
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58625}
2019-01-08 12:02:51 +00:00
Clemens Hammacher
f1fb7bca44 [Liftoff] Fix corner case of register moves
If we have both f32 and f64 locals, we use the same register to hold
their zero value. On stack transfers, we might thus encounter the same
fp register with both the f32 and f64 type. Explicitly allow that case
to happen.

R=ahaas@chromium.org

Bug: chromium:918917, v8:6600
Change-Id: I6937008d38853fe2bdccd9715e1a2499cf6bf7c6
Reviewed-on: https://chromium-review.googlesource.com/c/1398225
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58623}
2019-01-08 10:57:05 +00:00
Stephan Herhut
69cd305206 [wasm] Enfore valid register for SignExtendWord8ToInt32.
On ia32, the instruction selector uses movsx_b to compile the wasm
SignExtendWord8ToInt32 instruction. movsx_b requires a byte register
as input. However, not all allocatable registers on ia32 are. As we
cannot currently express constraints on subsets of registers, this
change now forces the input to movsx_b into eax.

Bug: chromium:919572
Change-Id: I39bd391974954ec9044940c3164398109eb78908
Reviewed-on: https://chromium-review.googlesource.com/c/1400409
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58622}
2019-01-08 10:50:55 +00:00
Jakob Kummerow
f49efaef06 [ubsan] Drop old NeverReadOnlySpaceObject class
Two uses in the API needed adaptation; all other uses have already
been subsumed by the new implementation (previously known as
NeverReadOnlySpaceObjectPtr, here renamed to NeverReadOnlySpaceObject).

Bug: v8:3770
Change-Id: Idf0e4a98a407b9afea22e8790da34cf017b892a5
Reviewed-on: https://chromium-review.googlesource.com/c/1397671
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58620}
2019-01-08 10:42:35 +00:00
Jakob Kummerow
40e8378f05 [ubsan] Fix "this == nullptr" in stack unwinding
StackHandlers form a chain, where the last element is nullptr,
so calling "handler->next()->foo()" is unsafe because "foo"
might see "this == nullptr".

Bug: v8:3770
Change-Id: Ic989384fa192e29d4d8cb76ff01b32173bf55fd9
Reviewed-on: https://chromium-review.googlesource.com/c/1400406
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58619}
2019-01-08 10:07:50 +00:00
Sigurd Schneider
5a9fa8f304 [turbofan] Restrict redundancy elimination from widening types
This CL prevents redundancy elimination from widening types, which
can cause problems if the input of a DeadValue (which has type None)
is replaced by an equivalent node that does not have type None. This
can happen because load elimination does not re-type nodes, for
example.

Bug: chromium:919340
Change-Id: I89e872412edbcdc610e70ae160cde56cd045006c
Reviewed-on: https://chromium-review.googlesource.com/c/1397709
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58617}
2019-01-08 09:48:28 +00:00
Jakob Gruber
9525443498 Fix windows compilation
Prior to this CL compilation fails with:

- 'error: offset of on non-standard-layout type' due to offsetof()
- 'Assertion failed: vector subscript out of range' due to the OOB vector subscripts

Change-Id: I8751fafd1058ca839de832267811f8f1f47c53fe
Reviewed-on: https://chromium-review.googlesource.com/c/1400404
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58616}
2019-01-08 09:10:03 +00:00
Jakob Kummerow
ae8f83fe08 [ubsan] Rename ObjectPtr to Object
The two names refer to the same thing by now, so this patch is
entirely mechanical.

Bug: v8:3770
Change-Id: Ia360c06c89af6b3da27fd21bbcaeb2bdaa28ce22
Reviewed-on: https://chromium-review.googlesource.com/c/1397705
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58615}
2019-01-08 09:08:59 +00:00
tzik
088f9c6013 Pass argc of JSEntry as intptr_t
|argc| parameter of JSEntry is passed as int from C++ code, and loaded
into a register on the asm code. As int is 32 bit, and registers are
64 bit on 64 bit platforms, upper 32 bits of the loaded value may be
contaminated by a random value if it's passed as a stack parameter.

For now, |argc| is passed as a register parameter on all platforms, and
the upper 32 bits of |argc| is filled by zero, fortunately. However, if
we shuffle the order of parameters, |argc| can be passed as a stack
parameter and its value may be broken.

Specifically on x64 Windows, the first 4 parameters are passed as
register parameters and the rest are stack parameters. As |argc| is the
4th parameter, if we prepend another parameter and shift |argc| to
the 5th parameter, |argc| will become a stack parameter and its load
to 64 bit register breaks the value.

This CL converts the type of the |argc| parameter to intptr_t, so that
it's safe to load from stack to full width registers.

Bug: v8:8124
Change-Id: Ie7407cf5e6252ed7323a9c42389db387b0064673
Reviewed-on: https://chromium-review.googlesource.com/c/1400326
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58614}
2019-01-08 08:24:33 +00:00
Toon Verwaest
09674b9283 WIP: [parser] Fix arrow function name inferring
This is a reland of part of
https://chromium-review.googlesource.com/c/v8/v8/+/1397664.

It drops the explicit fni_.Infer() call after parsing arrow functions. We'll
want to avoid inferring if the arrow function is an argument to a function
call.

It also avoids adding the single argument of "name => " to the inferred name.

Bug: chromium:916975
Change-Id: I96a934408113483d73eba14073fe21e8cfe2ada6
Reviewed-on: https://chromium-review.googlesource.com/c/1397665
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58613}
2019-01-08 08:10:03 +00:00
Stephan Herhut
a76d560ef8 [wasm] Always restore context in OnFinishedCompile
The callback to AsyncStreamingProcessor::OnFinishedStream would
call into v8 internals without restoring the current context if
the processed module had no code. Instead, now always restore the
context before doing any finishing work.

Bug: chromium:915493
Change-Id: Ib779df81301ad1e3597515a4173c9a57efc593ac
Reviewed-on: https://chromium-review.googlesource.com/c/1397672
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58612}
2019-01-08 08:08:20 +00:00
Clemens Hammacher
afa95fb4e4 [Liftoff] Avoid redundant reg list in register moves
We currently hold the register list for {move_src_regs_} in the
{StackTransferRecipe} class, and only compute src use counts for
executing the moves. Since the use counts and the register list are
redundant, just compute the use counts right away, and get rid of the
register list.
This saves one iteration of the register list in {ExecuteMoves}.

R=ahaas@chromium.org

Bug: v8:6600, v8:8423
Change-Id: I832fb0d1c1d3afe536289162a81a49b73313e7f4
Reviewed-on: https://chromium-review.googlesource.com/c/1397670
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58611}
2019-01-08 08:04:33 +00:00
Maxim Mazurok
58ef241d9e Fixed typos
- "constuctor" -> "constructor"
- "dependendencies" -> "dependencies"
- "develpers" -> "developers"
- ["nonexistant"][1] -> ["nonexistent"][2]
- "reponsible" -> "responsible"

  [1]: https://en.wiktionary.org/wiki/nonexistant
  [2]: https://en.wiktionary.org/wiki/nonexistent

Change-Id: I8bb482d03c391bd0d37afd5d616229fa50a4ab77
Reviewed-on: https://chromium-review.googlesource.com/c/1390203
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58610}
2019-01-08 07:31:02 +00:00
tzik
2bcbeeb87d Use V8_NOEXCEPT consistently between decls and impls
noexcept keyword needs to be consistent between the declaration and
implementation in C++17.

Bug: v8:8616, chromium:752720
Change-Id: Iff4022c8c4b861ebdbe8e08995af1bc4da866dae
Reviewed-on: https://chromium-review.googlesource.com/c/1396459
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58609}
2019-01-08 04:36:18 +00:00
Frank Tang
8b16a54ff5 [Intl] Implement nu/numberingSystem
Sync with latest Intl.RelativeTimeFormat spec.
See https://github.com/tc39/proposal-intl-relative-time/pull/99
See https://github.com/tc39/proposal-intl-relative-time/pull/100

Bug: v8:8613
Change-Id: Icc5bb73ecf65e979abc23cc430259584a7bf4b48
Reviewed-on: https://chromium-review.googlesource.com/c/1385930
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58607}
2019-01-08 03:17:07 +00:00
Frank Tang
6bff5d7974 [Intl] Reland part of "Validate u extension type"
Fix intl402/*/ignore-invalid-unicode-ext-values
intl/*/check-*

Bug: v8:7481
Change-Id: I5c9d7e19c010953ff9503a2e0981fa148278a451
Reviewed-on: https://chromium-review.googlesource.com/c/1396739
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58606}
2019-01-08 02:10:56 +00:00
Sathya Gunasekaran
64c85cf403 [parser] Refactor class field declaration
Change-Id: Ieed2a202cbbceaad8a598d359fcbd02944edfdb4
Reviewed-on: https://chromium-review.googlesource.com/c/1398685
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58605}
2019-01-08 01:54:31 +00:00
Sven Sauleau
4365bf23aa [wasm] fix js-api global/constructor
Fix WebAssembly's global/constructor js-api. Globals with a value
of i64 is now valid even if Wasm BigInt feature isn't activated.

Bug: v8:8319
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: Ia41ad69efa5253064ecdb8f59b149393cd672b68
Reviewed-on: https://chromium-review.googlesource.com/c/1382747
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58603}
2019-01-07 22:56:18 +00:00
Sathya Gunasekaran
0bd4e348e0 [dict] Add more useful methods
Change-Id: I1bed84a7aa2004f13a51cc60c4d6596b21968ba8
Bug: v8:6443, v8:7569
Reviewed-on: https://chromium-review.googlesource.com/c/1387995
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58602}
2019-01-07 19:39:34 +00:00
Joyee Cheung
5d40e9de86 [class] show private name in invalid private field access
This patch sets the name slot of the private name symbols for
private fields and display the names in error messages of invalid
private field accesses.

TBR: adamk@chromium.org
Bug: v8:8144
Change-Id: Id34c468e2bddd1c3001517b4d447c7497402df76
Reviewed-on: https://chromium-review.googlesource.com/c/1374332
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#58601}
2019-01-07 19:26:23 +00:00
Peter Marshall
9fc55a9dc9 [cpu-profiler] Reduce size of circular queue to 512 KiB
This queue is used for transferring tick samples between the foreground
thread which creates them and the background thread which processes
them.

I've tested this on the node server example that we are using to
measure memory use and found that we never fill the queue at this size.

The load factor of the queue is basically a measure of how fast the
producer pushes to it and how fast the consumer processes samples from
it. To load test the configuration a bit I reduced the sampling
interval from 1000us (1000 samples/sec) to 50us (20,000 samples/sec).
At this rate we still only use 196/251 available slots in the queue at
peak load (measurement taken by keeping a running max of #slots used,
taken at StartEnqueue()).

The default sampling interval is 1000us. 512 KiB ought be enough for
anybody!

Bug: v8:7719

Change-Id: I93cc1119d3549a319d2db8b831781712bfb88613
Reviewed-on: https://chromium-review.googlesource.com/c/1397704
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58600}
2019-01-07 17:33:12 +00:00
Junliang Yan
44b9f84c16 PPC/s390: Fix native compilation failures on ppc
R=joransiu@ca.ibm.com

Drive-by: clean up the macro on s390x since it's not used.
Change-Id: I317508c1f8a1520ee8873b4323cacd63b8a7cce2
Reviewed-on: https://chromium-review.googlesource.com/c/1398121
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#58599}
2019-01-07 16:49:18 +00:00