Commit Graph

38875 Commits

Author SHA1 Message Date
mlippautz
eddf90c4a7 Revert of [heap] Fix CompactionSpace test and move to unittests (patchset #3 id:40001 of https://codereview.chromium.org/2796033002/ )
Reason for revert:
Breaks
https://uberchromegw.corp.google.com/i/client.v8/builders/V8%20Linux%20-%20shared/builds/17291

Original issue's description:
> [heap] Fix CompactionSpace test and move to unittests
>
> BUG=chromium:651354
>
> Review-Url: https://codereview.chromium.org/2796033002
> Cr-Commit-Position: refs/heads/master@{#44382}
> Committed: ce9a2db1e1

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2793033004
Cr-Commit-Position: refs/heads/master@{#44383}
2017-04-04 14:47:06 +00:00
mlippautz
ce9a2db1e1 [heap] Fix CompactionSpace test and move to unittests
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2796033002
Cr-Commit-Position: refs/heads/master@{#44382}
2017-04-04 14:28:21 +00:00
jgruber
10e77dfbaf Revert "Skip flaky debug-scopes test"
This reverts 1c1edda7db. I can't reproduce
the flakes locally anymore, let's see if this sticks.

BUG=v8:5619

Review-Url: https://codereview.chromium.org/2796053002
Cr-Commit-Position: refs/heads/master@{#44381}
2017-04-04 14:27:12 +00:00
Michael Achenbach
164c4298b0 [test] Skip flaky cpu profiler tests
Bug: v8:5193
NOTRY=true
TBR=hablich@chromium.org

Change-Id: I54861956c1a7b3c3e5048946618ea98fbe0a7066
Reviewed-on: https://chromium-review.googlesource.com/467246
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44380}
2017-04-04 14:26:20 +00:00
vchigrin
ddb67ec9da Encode any deoptimizer entry in serialized data.
This removes kDeoptTableSerializeEntryCount heuristic constant.

Review-Url: https://codereview.chromium.org/2790573002
Cr-Commit-Position: refs/heads/master@{#44379}
2017-04-04 14:25:57 +00:00
pierre.langlois
21f064fcdc [perf-prof] Fix erroneous code offsets in unwinding info
The unwinding information we emit wrongly encodes code locations as relative
offsets. If we look at the .eh_frame section of shared object generated by "perf
inject" using "objdump -g":

~~~
00000000 0000000000000018 00000000 CIE
(snip)
0000001c 0000000000000028 00000020 FDE cie=00000000 pc=fffffffffffffee8..00000000000017f8
(snip)
00000048 ZERO terminator
~~~

We can see the range that the FDE entry covers is incorrect, it should point to
where the .text section is, at address 0x40 on a 64-bit architecture.

The reason for this was that the PerfJitLogger logs a code size that is
different from the one we've used when encoding the unwinding information. The
logger will ignore the safepoint table while the unwinding info assumes it is
part of the code.

BUG=

Review-Url: https://codereview.chromium.org/2790403002
Cr-Commit-Position: refs/heads/master@{#44378}
2017-04-04 14:24:47 +00:00
machenbach
c766727ae6 Revert of [heap] Refactor evacuation verifier (patchset #1 id:1 of https://codereview.chromium.org/2790373002/ )
Reason for revert:
Speculative revert. Breaks https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20debug/builds/16112 and seems to lead to flakes.

Original issue's description:
> [heap] Refactor evacuation verifier
>
> BUG=chromium:651354
>
> Review-Url: https://codereview.chromium.org/2790373002
> Cr-Commit-Position: refs/heads/master@{#44375}
> Committed: 396f1e2421

TBR=ulan@chromium.org,mlippautz@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2795903004
Cr-Commit-Position: refs/heads/master@{#44377}
2017-04-04 14:06:12 +00:00
Marja Hölttä
e0af473c61 [parser] Enhance debug prints: --print-scopes --print-ast
This makes it easier to match VariableProxys against variables in
Scopes (allocation-based prints such as local[0] or context[0] are not
unique).

R=vogelheim@chromium.org

Bug:

Change-Id: I8f86504f5e1657633286561e032805a8f6cff06e
Reviewed-on: https://chromium-review.googlesource.com/467486
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44376}
2017-04-04 13:24:16 +00:00
mlippautz
396f1e2421 [heap] Refactor evacuation verifier
BUG=chromium:651354

Review-Url: https://codereview.chromium.org/2790373002
Cr-Commit-Position: refs/heads/master@{#44375}
2017-04-04 13:05:33 +00:00
Camillo Bruni
84a4930e47 [runtime] Harden %ArrayBufferNeuter
Support arbitrary arguments in %ArrayBufferNeuter without aborting for
future exposure in ClusterFuzz.

Change-Id: I3053a2139af215c9d417356bdeeda58d594d16aa
Reviewed-on: https://chromium-review.googlesource.com/465830
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44374}
2017-04-04 13:01:39 +00:00
Loo Rong Jie
2b1b32253b [typedarray] ToNumber coercion is done only once for TA.p.fill
Update according to new spec change at
https://github.com/tc39/ecma262/pull/856

- Call ToNumber only once in BUILTIN
- Remove unused FillNumberSlowPath
- FillImpl assumes obj_value->IsNumber() is true
- Update test

Bug:v8:5929,chromium:702902

Change-Id: Ic83e6754d043582955b81c76e68f95e1c6b7e901
Reviewed-on: https://chromium-review.googlesource.com/465646
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44373}
2017-04-04 12:51:56 +00:00
Franziska Hinkelmann
f9d2c5123e [cleanup] Make ArrayList functions const.
Getting elements, querying length or copying elements
are now const functions.

Drive-by fix: Noticed a few more getters that should be const.
Add a comment to ArrayList functions that are static functions. 
BUG=

Change-Id: I5de1aed97510dea4e47cb974b3259da51ae663af
Reviewed-on: https://chromium-review.googlesource.com/467249
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44372}
2017-04-04 12:06:56 +00:00
Michael Achenbach
8ffcc288d7 [tools] Fix node update unittest.
Broke after:
https://codereview.chromium.org/2757593002

NOTRY=true
TBR=yangguo@chromium.org
BUG=v8:6091

Change-Id: Id06860ad6519966a31d768ec9608b48786397e8f
Reviewed-on: https://chromium-review.googlesource.com/467209
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44371}
2017-04-04 11:57:11 +00:00
Franziska Hinkelmann
52e4bc962f [cleanup] Add documentation to ArrayList.
BUG=

Change-Id: Ia02787bef5fcd38397977d0ba2298d216f25f0df
Reviewed-on: https://chromium-review.googlesource.com/467386
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44370}
2017-04-04 11:21:53 +00:00
Marja Hölttä
f44759d9ff [objects.h splitting] Move out Dictionary and related classes.
BUG=v8:5402
R=mstarzinger@chromium.org

Change-Id: Ib53721867e0978b6f4f127883ae1b72145adb6e8
Reviewed-on: https://chromium-review.googlesource.com/461863
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44369}
2017-04-04 10:48:07 +00:00
Clemens Hammacher
d1b4d4fea6 [wasm] [interpreter] Fix GC issue
Make sure that we call the destructors on all embedded object by
replacing the WasmInterpreterInternals::Delete method by an actual
destructor. This way, the compiler automatically calls destructors on
all embedded objects, in particular the IdentityMap in the CodeMap.

This change also requires to release managed objects *before*
tearing down the heap, because the wasm interpreter, referenced via
Managed<>, contains global handles. When those are destroyed, the
isolate still needs to be intact.

Drive-by: Fix include guard in managed.h.

R=ahaas@chromium.org, ulan@chromium.org, mvstanton@chromium.org
BUG=v8:5822

Change-Id: I9a067f037e013c84e4d697a1e913b27c683bb529
Reviewed-on: https://chromium-review.googlesource.com/466187
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44368}
2017-04-04 10:39:57 +00:00
Michael Starzinger
ce06d1f232 [asm.js] Fix nested function table calls.
This makes temporary variables nestable and fixes borked nesting with
function table calls by introducing a {TemporaryVariableScope} helper.

R=clemensh@chromium.org
TEST=mjsunit/regress/regress-6196
BUG=v8:6196

Change-Id: Ie760f27ce9ede3d4d5dacdebdc295c56cc666970
Reviewed-on: https://chromium-review.googlesource.com/467327
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44367}
2017-04-04 10:28:06 +00:00
ivica.bogosavljevic
74b8ef6cea MIPS: Fix [builtins] Reland of Port TypedArrayInitialize to CodeStubAssembler.
Fix ff8b1abb1a

This fixes the problem with the alignment of typed arrays in turbofan. Namely,
Float64 typed arrays weren't properly aligned on 32bit architectures,
and this causes crashes on those architectures that do not support misaligned
memory access.

TEST=mjsunit/es6/typedarray-*
BUG=v8:6075

Review-Url: https://codereview.chromium.org/2784253002
Cr-Commit-Position: refs/heads/master@{#44366}
2017-04-04 09:18:56 +00:00
Franziska Hinkelmann
45e3c56d40 [cleanup] Add Elements() to ArrayList.
ArrayList is a FixedArray where kFirstIndex is > 0. The
Elements() methods returns a copy of the elements starting at
kFirstIndex, i.e., without the length that is stored in the first
slot.

Drive-by fix: Rename some variables.

BUG=

Change-Id: Ia1de73c4780a179301007f2ab9080fd08e8ea99d
Reviewed-on: https://chromium-review.googlesource.com/466186
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44365}
2017-04-04 09:16:09 +00:00
Franziska Hinkelmann
28a3e34bdd [type-profile] Return type profile object.
Return a structured objet with the type profile
information.

Move the test from message to mjsunit.

BUG=v8:5933

Change-Id: I3e1c592697924d87f82d46b0ddbdb6d82d9c8467
Reviewed-on: https://chromium-review.googlesource.com/464847
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44364}
2017-04-04 09:02:49 +00:00
bmeurer
e8c109e278 [turbofan] Relax constraints on apply with arguments optimization.
For sloppy arguments in functions with declared formal parameters, the
apply with arguments optimization in TurboFan wouldn't kick in
currently, because so far there was no guard to see if using the
arguments from the stack or the frame state is safe. One easy to check
guard here is to just check that there's no observable side-effect
between the actual arguments creation and the call to apply.

BUG=v8:5267,v8:6200
R=danno@chromium.org

Review-Url: https://codereview.chromium.org/2789113004
Cr-Commit-Position: refs/heads/master@{#44363}
2017-04-04 08:04:37 +00:00
machenbach
68c14892cb Revert of [typedarrays] Check detached buffer at start of typed array methods (patchset #10 id:180001 of https://codereview.chromium.org/2778623003/ )
Reason for revert:
Breaks layout tests:
https://build.chromium.org/p/tryserver.v8/builders/v8_linux_blink_rel/builds/18499

Changes:
https://storage.googleapis.com/chromium-layout-test-archives/v8_linux_blink_rel/18499/layout-test-results/results.html

See:
https://github.com/v8/v8/wiki/Blink-layout-tests

Original issue's description:
> [typedarrays] Check detached buffer at start of typed array methods
>
> - Throw TypeError in ValidateTypedArray, matching JSC, SpiderMonkey
>   and ChakraCore.
> - Validate typed arrays at start of each typed array prototype
>   methods in src/js/typedarrays.js
> - Add tests to check detached buffers
> - Remove an unnecessary parameter of TypedArraySpeciesCreate
>   in src/js/typedarrays.js
> - Standardize TypedArray.prototype.subarray
> - Update test262.status to pass detached buffer tests
>
> BUG=v8:4648,v8:4665,v8:4953
>
> Review-Url: https://codereview.chromium.org/2778623003
> Cr-Commit-Position: refs/heads/master@{#44357}
> Committed: 238d5b4453

TBR=cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org,littledan@chromium.org,petermarshall@chromium.org,cwhan.tunz@gmail.com
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:4648,v8:4665,v8:4953

Review-Url: https://codereview.chromium.org/2793233003
Cr-Commit-Position: refs/heads/master@{#44362}
2017-04-04 08:01:02 +00:00
Michael Starzinger
6a3756f9de [asm.js] Fix names for forward declared functions.
This fixes the name stored with functions where the declaration was
hoisted above the actual function definition. It also extends test
coverage and emits proper source position mapping for such cases.

R=clemensh@chromium.org
TEST=mjsunit/wasm/asm-wasm-stack
BUG=v8:6127

Change-Id: I675a98b244fe2157925e799b5c46b7f6bd53c9da
Reviewed-on: https://chromium-review.googlesource.com/466247
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44361}
2017-04-04 07:55:54 +00:00
jgruber
31700b7fbd [regexp] Stage the dotall flag
BUG=v8:6172

Review-Url: https://codereview.chromium.org/2795693002
Cr-Commit-Position: refs/heads/master@{#44360}
2017-04-04 07:04:20 +00:00
dusan.simicic
5606d50ff6 MIPS[64]: Support for some SIMD operations (2)
Add support for F32x4Splat, F32x4ExtractLane,
F32x4ReplaceLane, F32x4SConvertI32x4, F32x4UConvertI32x4
operations for mips32 and mips64 architectures.

BUG=

Note: Depends on https://codereview.chromium.org/2753903004/
Review-Url: https://codereview.chromium.org/2780503002
Cr-Commit-Position: refs/heads/master@{#44359}
2017-04-04 07:03:06 +00:00
machenbach
7c10795209 Revert of [inspector] move console to builtins (patchset #7 id:140001 of https://codereview.chromium.org/2785293002/ )
Reason for revert:
http://crbug.com/v8/6198

Original issue's description:
> [inspector] move console to builtins
>
> What will we get:
> - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
> - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
> - console calls are ~ 15% faster.
>
> BUG=v8:6175
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Original-Commit-Position: refs/heads/master@{#44353}
> Committed: 55905f85d6
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Commit-Position: refs/heads/master@{#44355}
> Committed: cc74ea0bc4

TBR=dgozman@chromium.org,kozyatinskiy@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6175

Review-Url: https://codereview.chromium.org/2790343002
Cr-Commit-Position: refs/heads/master@{#44358}
2017-04-04 06:48:04 +00:00
cwhan.tunz
238d5b4453 [typedarrays] Check detached buffer at start of typed array methods
- Throw TypeError in ValidateTypedArray, matching JSC, SpiderMonkey
  and ChakraCore.
- Validate typed arrays at start of each typed array prototype
  methods in src/js/typedarrays.js
- Add tests to check detached buffers
- Remove an unnecessary parameter of TypedArraySpeciesCreate
  in src/js/typedarrays.js
- Standardize TypedArray.prototype.subarray
- Update test262.status to pass detached buffer tests

BUG=v8:4648,v8:4665,v8:4953

Review-Url: https://codereview.chromium.org/2778623003
Cr-Commit-Position: refs/heads/master@{#44357}
2017-04-04 03:48:48 +00:00
v8-autoroll
6cdd377586 Update V8 DEPS.
Rolling v8/build: e00daf3..58260ed

Rolling v8/third_party/catapult: 6b686d1..7726dac

TBR=machenbach@chromium.org,vogelheim@chromium.org,hablich@chromium.org

Change-Id: I3468312d0d9b98886299d0b89bb75cdd328603db
Reviewed-on: https://chromium-review.googlesource.com/466868
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44356}
2017-04-04 03:22:28 +00:00
kozyatinskiy
cc74ea0bc4 [inspector] move console to builtins
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.

BUG=v8:6175
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2785293002
Cr-Original-Commit-Position: refs/heads/master@{#44353}
Committed: 55905f85d6
Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44355}
2017-04-04 00:38:38 +00:00
kozyatinskiy
6ecbb8572a Revert of [inspector] move console to builtins (patchset #6 id:120001 of https://codereview.chromium.org/2785293002/ )
Reason for revert:
console.toString() should return "[object Object]"

Original issue's description:
> [inspector] move console to builtins
>
> What will we get:
> - console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
> - it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
> - console calls are ~ 15% faster.
>
> BUG=v8:6175
> R=dgozman@chromium.org
>
> Review-Url: https://codereview.chromium.org/2785293002
> Cr-Commit-Position: refs/heads/master@{#44353}
> Committed: 55905f85d6

TBR=dgozman@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6175

Review-Url: https://codereview.chromium.org/2795003003
Cr-Commit-Position: refs/heads/master@{#44354}
2017-04-03 23:29:34 +00:00
kozyatinskiy
55905f85d6 [inspector] move console to builtins
What will we get:
- console would be included into snapshot and allow us to reduce time that we spent in contextCreated function (~5 times faster),
- it allows us to make further small improvement of console methods, e.g. we can implement super quick return from console.assert if first argument is true,
- console calls are ~ 15% faster.

BUG=v8:6175
R=dgozman@chromium.org

Review-Url: https://codereview.chromium.org/2785293002
Cr-Commit-Position: refs/heads/master@{#44353}
2017-04-03 23:00:49 +00:00
Josh Wolfe
0bd428ffea [api] Fix harmony formatting for CompileFunctionInContext
Add newline at the start of the function body.

BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, caitp@igalia.com

Change-Id: I10db088ac9807a503382fd5080ad955e418d8b45
Reviewed-on: https://chromium-review.googlesource.com/466566
Reviewed-by: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Josh Wolfe <jwolfe@igalia.com>
Cr-Commit-Position: refs/heads/master@{#44352}
2017-04-03 20:05:06 +00:00
Caitlin Potter
44b5be0473 Reland Stage --harmony-function-tostring"
Relanding now that v8:6190 has been fixed

BUG=v8:4958
R=adamk@chromium.org, littledan@chromium.org, jwolfe@igalia.com

Change-Id: I2732dbf96c5f9f899cee826dd2fdc621098a87e5
Reviewed-on: https://chromium-review.googlesource.com/466226
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44351}
2017-04-03 16:50:55 +00:00
Clemens Hammacher
7e39ba18e8 [tools] Fix error message for patch failure
Minor fix: Provide a string for "%s".

R=hablich@chromium.org

Change-Id: Ibae24688c5f69e0fee5108701aa7f483117aea8c
Reviewed-on: https://chromium-review.googlesource.com/457998
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44350}
2017-04-03 16:31:18 +00:00
Peter Marshall
f9e28bf4e0 [cleanup] Rename internal fields -> embedder fields when printing.
Seems to have been missed in this cleanup: crrev.com/2741683004.
Also updates a comment referring to internal fields.

Change-Id: I44b5fd49f5fb4b67b5288a6af959e4e963544368
Reviewed-on: https://chromium-review.googlesource.com/466147
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44349}
2017-04-03 16:21:07 +00:00
Michael Starzinger
0cb5ba0ef0 [asm.js] Fix function table call position tracking.
This adds test coverage for the source position tracking of function
table calls in asm.js and fixes the discovered issues. It also fixes
function start positions (used by errors thrown at stack checks).

R=clemensh@chromium.org
TEST=mjsunit/wasm/asm-wasm-stack
BUG=v8:6127,v8:6166

Change-Id: Id6ab6dc72bcedb0d838eed315e2a05fbc59039f4
Reviewed-on: https://chromium-review.googlesource.com/465949
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44348}
2017-04-03 15:33:53 +00:00
cwhan.tunz
8c2af03791 Use internal byteOffset in TypedArray.prototype.set
Since byteOffset is configurable, we need to access byteOffset by
%_ArrayBufferViewGetByteOffset, instead of accessing .byteOffset
property.

BUG=v8:6120

Review-Url: https://codereview.chromium.org/2761673003
Cr-Commit-Position: refs/heads/master@{#44347}
2017-04-03 15:21:18 +00:00
Clemens Hammacher
7a3a1eec12 [wasm] [interpreter] Fix receiver on calling imports
When calling imported functions, we were always using the global object
as receiver. This is incorrect for strict functions, which should have
undefined as receiver.
This CL fixes this also for the interpreter, making us pass
test/mjsunit/wasm/receiver.js with --wasm-interpret-all.

R=ahaas@chromium.org
BUG=v8:5822
TEST=test/mjsunit/wasm/receiver

Change-Id: Ib7d637083245f67b668c11540e3c3473bc167129
Reviewed-on: https://chromium-review.googlesource.com/465986
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44346}
2017-04-03 15:02:31 +00:00
Clemens Hammacher
d38334c575 [wasm] [interpreter] Fix integer underflow in mem access
For OOB checks on memory accesses, we first subtracted the size of the
type to load/store from the memory size, and then compared against this
effective_size. If the memory size is smaller than the size of the type,
this would lead to an integer underflow, and we would try to load the
value.
This CL fixes this, and adds a test case for this.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I26fcba0be7343c88b8459d029b0c0af095d2466a
Reviewed-on: https://chromium-review.googlesource.com/465946
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44345}
2017-04-03 15:00:00 +00:00
kozyatinskiy
dc662e5b74 [inspector] store stack frame in struct instead of JSObject
JSObject is slow: creating strings for keys and storing values by these keys after takes significant amount of time.
With this CL console methods (most of them collect top stack frame to calculate source location) are ~33% faster.
V8Debugger::captureStackTrace is ~50% faster.

BUG=v8:6189
R=yangguo@chromium.org
TBR=bmeurer@chromium.org

Review-Url: https://codereview.chromium.org/2789073002
Cr-Commit-Position: refs/heads/master@{#44344}
2017-04-03 14:58:49 +00:00
jgruber
32d4d8e93d [regexp] Fix check for FLAG_harmony_regexp_dotall
Bool flags can be as small as one byte, so testing an IntPtr-sized value
is incorrect.

BUG=v8:6172

Review-Url: https://codereview.chromium.org/2792963002
Cr-Commit-Position: refs/heads/master@{#44343}
2017-04-03 14:36:46 +00:00
Michael Achenbach
668dcf3b56 Revert "[wasm] Make WebAssembly.compile() asynchronous"
This reverts commit 7a6e6bb1e2.

Reason for revert: breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/14688

See:
https://github.com/v8/v8/wiki/Blink-layout-tests

Original change's description:
> [wasm] Make WebAssembly.compile() asynchronous
> 
> titzer@ originally created this
> CL (https://codereview.chromium.org/2757903002). I fixed crashing tests
> and adressed some comments of the reviewers.
> 
> R=​bradnelson@chromium.org, clemensh@chromium.org, mtrofin@chromium.org
> BUG=v8:6003
> 
> Change-Id: I4ab6d503909402d24043657a896200032e6d1023
> Reviewed-on: https://chromium-review.googlesource.com/464887
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44333}

TBR=bradnelson@chromium.org,mtrofin@chromium.org,ahaas@chromium.org,clemensh@chromium.org,titzer@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:6003

Change-Id: I87dbdbba0be4624828b6b0a94e02b6681593e335
Reviewed-on: https://chromium-review.googlesource.com/465813
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44342}
2017-04-03 14:34:38 +00:00
rmcilroy
f4f58e31c1 [Interpreter] Optimize code of the form 'if (x === undefined)'.
Translates code of the form 'if (x === undefined)' into the JumpIfUndefined
bytecode, and similarly for comparisons with null. Also adds bytecodes for
JumpIfNotUndefined / Null.

Moves the peephole optimization for CompareUndefined out of the peephole
optimizer and into the BytecodeGenerator, having the side-effect of enabling
it for comparisons with undefined on both side of the compare operation.

BUG=v8:6107

Review-Url: https://codereview.chromium.org/2793923002
Cr-Commit-Position: refs/heads/master@{#44341}
2017-04-03 14:17:16 +00:00
Caitlin Potter
d73b11ecd2 [api] fix incorrect parameter end position in CompileFunctionInContext
With --harmony-function-tostring enabled (now enabled by --harmony),
CompileFunctionInContext would produce incorrect results whenever called
with 1 or more argument parameters, due to specifying an incorrect end
position for the parameters.

BUG=v8:6190, v8:4958
R=littledan@chromium.org, adamk@chromium.org, jwolfe@igalia.com

Change-Id: Ied2bcba44116311ebcae3967963472b4e1058fd3
Reviewed-on: https://chromium-review.googlesource.com/465515
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44340}
2017-04-03 14:16:57 +00:00
Camillo Bruni
e24b0e1ef1 [tools] Directly show message from PushStackTraceAndDie in grokdump.py
This CL adds support to parse a PushStackTraceAndDie dump on a windows
minidump:
  Stack Message:
    magic1:        00000000bbbbbbbb
    magic2:        00000000bbbbbbbb
    ptr1:          00000015f9ca78d1 T
    ptr2:          0000000000000000
    message start: 00000000002c58f0 S
    stack_start:   00000000002cd8f0 S

All addresses within the message are annotated with the address marker to
make it easier to spot objects that are contained in the minidump.
Currently this doesn't work on OSX yet as we do not correctly push the two
magic markers on the stack.

Change-Id: I8385bb66a76bd253c4014bc7e25971d03830dd4d
Reviewed-on: https://chromium-review.googlesource.com/466007
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44339}
2017-04-03 14:12:15 +00:00
Camillo Bruni
28ae216877 [tools] Show first V8 branch in mergeinfo.py
Change-Id: I169b4d91463cb59aa2a91e79eda2d7e877f88d72
Reviewed-on: https://chromium-review.googlesource.com/456319
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44338}
2017-04-03 13:28:44 +00:00
ivica.bogosavljevic
928a9462c9 MIPS[64]: Fix [es2015] Simplify contract between parser and stub for derived constructors.
Fix 776d89f9ce

Fix typo in MIPS implementation
BUG=

Review-Url: https://codereview.chromium.org/2788123002
Cr-Commit-Position: refs/heads/master@{#44337}
2017-04-03 13:12:20 +00:00
Peter Marshall
c5ad59f4d4 [builtins] Use length field in TypedArrayConstructByArrayLike.
The byte_length field of the TypedArray is not set to 0 on neutering,
but JSArrayBufferView::byte_length() returns 0 if WasNeutered() is
true. We should use the length property here instead.

We can just short-circuit if the length is 0. Added checks to the
memcpy path that assert length and neutered status are sane.

Bug:chromium:707472,chromium:707595,chromium:707364,chromium:707410

Change-Id: Ia1dec53f175357673012cbbc5e2fc40207e03623
Reviewed-on: https://chromium-review.googlesource.com/465987
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44336}
2017-04-03 12:45:22 +00:00
Michael Starzinger
953bdee0ef [asm.js] Track token positions in scanner.
This adds support for tracking token positions in the asm.js scanner and
uses these positions to emit a mapping from WASM to asm.js positions.
Note that the mapping is still incomplete (some call sites are not yet
covered).

R=clemensh@chromium.org
TEST=debugger/debug/wasm/asm-debug
BUG=v8:6127

Change-Id: Ic8aad1a85e7d9e19da2eec523fcc73d4984afcc8
Reviewed-on: https://chromium-review.googlesource.com/466046
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44335}
2017-04-03 11:58:52 +00:00
tgfjt.mail
e43cc913f9 Fix comment of quicksort bailout parameter on array.js
This comment was just left behind: https://codereview.chromium.org/6006

BUG=v8:5413

Review-Url: https://codereview.chromium.org/2794863002
Cr-Commit-Position: refs/heads/master@{#44334}
2017-04-03 11:14:39 +00:00