Commit Graph

41452 Commits

Author SHA1 Message Date
Mathias Bynens
f4b2b9bef7 Ship RegExp dotAll mode / s flag
Intent to ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/0uSHjqvgAwQ/CqmFd6KNAwAJ

BUG=v8:6172

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I50fab93516065195b4e9eea0d3be14ccf935a04f
Reviewed-on: https://chromium-review.googlesource.com/589150
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46960}
2017-07-28 08:17:38 +00:00
jgruber
d4c1b2aaeb [coverage] Include catch and finally keywords in ranges
This includes the catch and finally keywords in the respective range.
For instance:

// Catch range previously:  |<--------->|
try { /* ... */ } catch (e) { /* ... */ }
// Now:           |<------------------->|

Bug: v8:6000
Change-Id: I1bd9f7fce8bb7de945da83ab512833841b9d956a
Reviewed-on: https://chromium-review.googlesource.com/586598
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46959}
2017-07-28 08:06:08 +00:00
Jaroslav Sevcik
b87ba9f2f8 [logging] Add an option to log source code in v8.log.
Bug: v8:6239
Change-Id: I87f72cb97616e28cb44f7160d5170ff740422419
Reviewed-on: https://chromium-review.googlesource.com/584612
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46958}
2017-07-28 07:18:18 +00:00
Benedikt Meurer
3fba4b7089 [js-perf-test] Add microbenchmarks for Array.prototype.join/toString.
Bug: v8:1956
Change-Id: Ic4c67392af2337ac35f9473073dae01264c5ac00
Reviewed-on: https://chromium-review.googlesource.com/590428
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46957}
2017-07-28 05:11:38 +00:00
v8-autoroll
222aceab5b Update V8 DEPS.
Rolling v8/build: 11685b6..ece477b

Rolling v8/third_party/catapult: 0f1f20d..cc7953a

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: Ic687cb5f878438e46a9a64d67aaa7adc8519fb62
Reviewed-on: https://chromium-review.googlesource.com/590613
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46956}
2017-07-28 03:45:42 +00:00
Daniel Clifford
68a58016a1 [csa] Add IsArrayProtectorCellInvalid utility method
Change-Id: I8ecca14e1d65aeed59cd55626e41f9863d58be50
Reviewed-on: https://chromium-review.googlesource.com/589431
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46955}
2017-07-28 03:44:38 +00:00
Jaideep Bajwa
de9b0a071c PPC/s390: [objects] Make feedback vector a first-class object
Port 37680d6563

Original Commit Message:

    Instead of having feedback vector as a subtype of FixedArray with
    reserved slots, make it a first-class variable-sized object with a
    fixed-size header. This allows us to compress counters to ints in the
    header, rather than forcing them to be Smis.

R=leszeks@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia835942de292c4e4b802e34672f1e8bf8a2491c7
Reviewed-on: https://chromium-review.googlesource.com/590168
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46954}
2017-07-28 03:38:22 +00:00
pan.deng@intel.com
eaec875f7f X64: Remove redundant mov instructions.
Bug: None
Change-Id: I31f6c6aba48076b26971ba828411b61ed7e9bae9

Contribute by kanghua.yu@intel.com

Change-Id: I31f6c6aba48076b26971ba828411b61ed7e9bae9
Reviewed-on: https://chromium-review.googlesource.com/567861
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Pan Deng <pan.deng@intel.com>
Cr-Commit-Position: refs/heads/master@{#46953}
2017-07-28 03:37:18 +00:00
Jaroslav Sevcik
a27daf04a3 [turbofan] Revert "Load elimination for Map.prototype.(has|get)."
This reverts commit 3ca6408511.

Reason: it does not seem to improve anything (including microbenchmarks
that only do "if (m.has(x)) s += m.get(x);" in a tight loop).

Bug: v8:6410
Change-Id: I025bf885f313ac5e54ca450ae9cff5b4a15b04fd
Reviewed-on: https://chromium-review.googlesource.com/574020
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46952}
2017-07-27 18:53:17 +00:00
Adam Klein
48a903eb3f Properly fix-up ClassLiterals in ReparentExpressionScope()
Everything inside a class lives inside the class scope, so
reparenting the class scope is the only operation that
should be done to ClassLiterals during reparenting.

Bug: chromium:740591
Change-Id: Ia5b96b44ff1ca6cfa274effb5a04651809bab9bd
Reviewed-on: https://chromium-review.googlesource.com/588054
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46951}
2017-07-27 18:22:57 +00:00
jing.bao
100513c0d0 [ia32][wasm] Add more I32x4 BinOp and ShiftOp
I32x4 Mul, MinS,MaxS,MinU,MaxU, Shl,ShrS,ShrU
Rename WASM_SIMD_TEST(I32x4Min) to WASM_SIMD_TEST(I32x4MinS)

Bug: 
Change-Id: I6c721496bbf772ee734c21a3e98176699b01f890
Reviewed-on: https://chromium-review.googlesource.com/586430
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46950}
2017-07-27 17:37:37 +00:00
Jaideep Bajwa
a2388599db PPC/s390: Reland "[arm] Restrict grouping pushes before a TailCall to registers only"
Port 79bcb45447

Original Commit Message:

    This is a reland of a72b2f88a8
    Original change's description:
    > [arm] Restrict grouping pushes before a TailCall to registers only
    >
    > We optimize parallel moves performed before a TailCall by grouping adjacent
    > pushes. This way, we may use a single instruction to push multiple registers at
    > once. However, we also have support for pushing immediates and stack slots for
    > which the benefit is questionnable therefore this patch removes support for
    > them.
    >
    > Concerning immediate pushes, it looks like a mistake since we do not have
    > support for this case in `AssembleMove` so this patch removes it. Furthermore,
    > if we add a test for this case, we see that a `push ip` instruction is
    > generated, effectively pushing whatever was in `ip` at the time instead of
    > pushing a constant.
    >
    > Concerning stack slot pushes, we generate a more or less equivalent sequence of
    > instructions.
    >
    > Finally, grouping floating point pushes is not used anywhere so this patch
    > removes support for this also.
    >
    > Bug: v8:6553
    > Change-Id: I9b820d33361fc442dd813f66e1f96cda41009110
    > Reviewed-on: https://chromium-review.googlesource.com/567191
    > Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
    > Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
    > Cr-Commit-Position: refs/heads/master@{#46718}

R=pierre.langlois@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I8790c7a72f92803ea8fda3c6dc7e6b013e2e09e9
Reviewed-on: https://chromium-review.googlesource.com/588471
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46949}
2017-07-27 17:27:37 +00:00
Ross McIlroy
3b334b73e9 [Compiler] Remove ability to create CompilerDispatcher jobs from parsed literal.
The approach to creating compiler dispatcher jobs for inner functions after
they had been parsed didn't provide the startup benifits we hoped for due
to the need to hold onto the whole zone memory AST while waiting for the
jobs to complete.

This CL removes the ability to create these compilation jobs (which was never
enabled by default anyway). Going forward we will potentially use the
parser task approach to parse+compile inner functions in their own job.

BUG=v8:5203

Change-Id: I63134746aa23b4aa6e3bfa17c539954890fd9b0f
Reviewed-on: https://chromium-review.googlesource.com/590007
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46948}
2017-07-27 16:50:47 +00:00
Alexey Kozyatinskiy
c5e9416b1d [inspector] move stack trace and scope inspection to native
This CL moves us much closer to the point where we can remove debugger-script.js and usage of debugger context from inspector.
There are three main parts left:
- managing breakpoints,
- inspecting stack and scopes (this CL),
- LiveEdit.

In this CL I moved all stack/scope inspection to native. As side effect running debugger and inspector tests are 10-20% faster (it's significant since not all of tests requesting break).

R=yangguo@chromium.org,jgruber@chromium.org

Bug: chromium:652939
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I409396a687e18e9c0554c0c9c35b6e1064627be8
Reviewed-on: https://chromium-review.googlesource.com/580645
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46947}
2017-07-27 15:57:30 +00:00
Rodolph Perfetta
b4f1e24078 [instruction scheduler] deal with CSP/JSSP disparity on arm64.
This is preparation work to re-enable the scheduler: on arm64 some opcodes will
be neutral wrt the stack (JSSP) but will modify the underlying CSP. Identify
those opcode as such until JSSP is removed.

Bug: 
Change-Id: Iae633382c5ed38b01edaec896f2ce44d76931fc8
Reviewed-on: https://chromium-review.googlesource.com/568822
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Rodolph Perfetta <rodolph.perfetta@arm.com>
Cr-Commit-Position: refs/heads/master@{#46946}
2017-07-27 15:41:18 +00:00
jgruber
ffeea0fe05 [coverage] Add continuation counters for catch and finally blocks
These counters handle cases in which the catch/finally block contains a jump
statement.

Bug: v8:6000
Change-Id: Ic83f11ee431edabe61f129c9abc3adc12a79c338
Reviewed-on: https://chromium-review.googlesource.com/586595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46945}
2017-07-27 15:31:58 +00:00
Vyacheslav Chigrin
bde4dc8eda Fix serializing objects that may require non-world aligning.
We must ensure required root objects will be filled when such
objects will be deserialized.

Change-Id: I25136d31cb2e0c0a69a51c5635192f17bbe2a9ba
Reviewed-on: https://chromium-review.googlesource.com/579768
Commit-Queue: Vyacheslav Chigrin <vchigrin@yandex-team.ru>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46944}
2017-07-27 15:30:28 +00:00
Mircea Trofin
be915fd7d1 [wasm] Explicit opt-out of stack checks and traps
We've been passing a context to the compiler, which turns out to be
solely used to determine if we're executing in a specific cctest configuration.

This change adds a configuration to the graph builder that we can use to
explicitly opt out of stack checks and traps. CcTests default to opting out,
except for the few that don't.

Bug: 
Change-Id: I4724e31c2a62e9b3ab4feadb788287c374b39f53
Reviewed-on: https://chromium-review.googlesource.com/585779
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46943}
2017-07-27 14:52:27 +00:00
Michael Starzinger
44f88dcd87 [turbofan] Fix missing callability check on Array callbacks
This fixes the second-order Array.prototype function {forEach} and {map}
to now perform a callability check of the given callback function. For
empty arrays it is observable whether such a check outside the loop has
been elided or not.

R=mvstanton@chromium.org
TEST=mjsunit/regress/regress-crbug-747062
BUG=chromium:747062

Change-Id: I1bbe7f44b3b3d18e9b41ad0436975434adf84321
Reviewed-on: https://chromium-review.googlesource.com/588893
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46942}
2017-07-27 14:49:58 +00:00
Mircea Trofin
bee5436777 [regalloc] Fix for verifier overwritting final assessments.
This fixes a subtle register allocation verifier bug: depending on how moves are 
optimized, and when having duplicate phis, we may end up overwriting a final
assessment.

Bug: 
Change-Id: I8b7891efbdd075aae0219d60270f405b13d50f40
Reviewed-on: https://chromium-review.googlesource.com/577288
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46941}
2017-07-27 14:47:21 +00:00
Leszek Swirski
c80ff604a2 [compiler-dispatcher] Make compiler jobs abstract (reland)
Reland of https://chromium-review.googlesource.com/c/558290/

Makes compiler dispatcher jobs an abstract interface, with unoptimized
compile jobs as an implementation of this interface.

Bug: v8:6537
Change-Id: Ia85781f72c7aaca497896ca4efa91ada97e43b1c
Reviewed-on: https://chromium-review.googlesource.com/589154
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46940}
2017-07-27 14:31:46 +00:00
Michael Lippautz
f3817e9bd7 [heap] Scavenger: Cache compacting property
Bug: chromium:738865
Change-Id: I02cb7ea48a1dfaec25bf702b09242d537fe612f4
Reviewed-on: https://chromium-review.googlesource.com/589271
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46939}
2017-07-27 14:15:23 +00:00
Daniel Clifford
8bc526bcf9 Modify StubTester to test both code stubs and builtins
In the process, cleanup some of the maths and functionality used to setup
descriptors and compute parameters. Also cleanup and correct the context
passing.

Change-Id: I6b6629bc81ef1c03425332dd6eadf3085efec7c9
Reviewed-on: https://chromium-review.googlesource.com/588892
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46938}
2017-07-27 14:09:13 +00:00
Michael Starzinger
e398bf81d7 [test] Remove deprecated "fullcode" test variant.
Note that this also renames the existing "asm_wasm" variant to use the
more appropriate "stress_asm_wasm" name.

R=rmcilroy@chromium.org
BUG=v8:6409

Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: I1f9550cd03874c678f4583047a4e123a6f090250
Reviewed-on: https://chromium-review.googlesource.com/584879
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46937}
2017-07-27 14:01:03 +00:00
Ulan Degenbaev
1d32273a49 [base] Align the address hint in VirtualMemory.
BUG=chromium:739644

Change-Id: I6c7d0f48c959826dd2a8587d7a321be4387ef39f
Reviewed-on: https://chromium-review.googlesource.com/586529
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46936}
2017-07-27 13:50:06 +00:00
Leszek Swirski
37680d6563 [objects] Make feedback vector a first-class object
Instead of having feedback vector as a subtype of FixedArray with
reserved slots, make it a first-class variable-sized object with a
fixed-size header. This allows us to compress counters to ints in the
header, rather than forcing them to be Smis.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icc5f088ffbc2e2651b845bc71ea42060639e3e48
Reviewed-on: https://chromium-review.googlesource.com/585129
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46935}
2017-07-27 13:31:55 +00:00
Jaideep Bajwa
9836cdb1ad PPC/s390: Switch JSFunction::code to be a tagged value.
Port 4e207a429a

Original Commit Message:

    This switches the "code entry" field on JSFunction to no longer be an
    inner pointer into a Code object (i.e. to the start of the instruction
    stream), but a properly tagged pointer instead.

    Motivation behind this is the ability to treat this field regularly as
    part of escape analysis in the optimizing compiler. Also simplifies the
    object visitation for JSFunction objects.

R=mstarzinger@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ifa5998551e041c8de647df7306dd549455936699
Reviewed-on: https://chromium-review.googlesource.com/588468
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46934}
2017-07-27 12:57:55 +00:00
Mike Stanton
950e4f4631 [TurboFan] Improved unit test for optimized Array.prototype.map.
Test mjsunit/optimized-map walked an array through different
ElementsKind transitions, but it failed to verify that the
expected ElementsKind was in place. Although we have a regression
test for the bug, it's a good idea to make sure the basic
test covers all paths.

Bug: chromium:747075
Change-Id: I1424880801857f3356bfd63839d351d6fd1521e0
Reviewed-on: https://chromium-review.googlesource.com/584837
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46933}
2017-07-27 12:39:44 +00:00
Leszek Swirski
b1e10f4b49 Revert "[compiler-dispatcher] Make compiler jobs abstract"
This reverts commit e4bbf92be3.

Reason for revert: Crashes: https://build.chromium.org/p/client.v8/builders/V8%20Linux64/builds/19156

Original change's description:
> [compiler-dispatcher] Make compiler jobs abstract
> 
> Makes compiler dispatcher jobs an abstract interface, with unoptimized
> compile jobs as an implementation of this interface.
> 
> Bug: v8:6537
> Change-Id: I6569060a89c92d35e4bc7962623f77082a354934
> Reviewed-on: https://chromium-review.googlesource.com/558290
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46931}

TBR=rmcilroy@chromium.org,neis@chromium.org,leszeks@chromium.org

Change-Id: I023c0455929180fdcde3caf581f483f794ca2368
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6537
Reviewed-on: https://chromium-review.googlesource.com/589153
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46932}
2017-07-27 11:49:47 +00:00
Leszek Swirski
e4bbf92be3 [compiler-dispatcher] Make compiler jobs abstract
Makes compiler dispatcher jobs an abstract interface, with unoptimized
compile jobs as an implementation of this interface.

Bug: v8:6537
Change-Id: I6569060a89c92d35e4bc7962623f77082a354934
Reviewed-on: https://chromium-review.googlesource.com/558290
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46931}
2017-07-27 11:21:26 +00:00
Benedikt Meurer
6a75fcd4df [ignition] Improve code generation for TestTypeOf.
The code generated for the TestTypeOf bytecode was not ideal, mostly
because of the default case that just aborted. If we do CSA_ASSERT to
check the validity of the literal_flag instead anf then just use the
last label as the default, the bytecode handler no longer builds a
stack frame and generated code quality is now really close to ideal.

The TestTypeOf bytecode handler was found to be among the three
hottest bytecode handlers in the Speedometer/AngularJS benchmark.

R=jarin@chromium.org

Change-Id: I47705a0ca0a436d5c42899001064e77d44845a64
Reviewed-on: https://chromium-review.googlesource.com/589207
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46930}
2017-07-27 11:19:44 +00:00
Ulan Degenbaev
2cc8fdfb47 [heap] Re-implement weak cell tracking in the marker.
This replaces the linked list of weak cells with a worklist.

TBR=yangguo@chromium.org

BUG=chromium:694255

Change-Id: Ia877e25010ebbec9c05fbbe48cff460a92d3a132
Reviewed-on: https://chromium-review.googlesource.com/587067
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46929}
2017-07-27 11:09:24 +00:00
Michael Lippautz
20f870c729 [heap] Scavenger: Fix benign race with forwarding pointer load
NOTRY=true

Bug: chromium:738865
Change-Id: I8e3ac86bf6f0b3356398053b157ec03217e78a08
Reviewed-on: https://chromium-review.googlesource.com/589129
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46928}
2017-07-27 09:55:54 +00:00
Leszek Swirski
80f6c19f32 [csa] Fix MSVC handling of VA_ARGS in CSA_ASSERT
MSVC's macro VA_ARGS support behaves slightly differently from
gcc/clang, where VA_ARGS is treated as a single token when passed to
other macros, e.g.

    #define FIRST(X, ...) 'X'
    #define FOO(...) FIRST(__VA_ARGS__)
    FOO(a,b,c)

expands to

    gcc/clang: 'a'
    MSVC: 'a,b,c'

The workaround to this is to wrap the call in a no-op macro, which
expands VA_ARGS first, and only then passes it through:

    #define EXPAND(x) x
    #define FOO(...) EXPAND(FIRST(__VA_ARGS__))

This was causing errors on windows builds when CSA_ASSERT was passed
multiple additional expressions.

Change-Id: Ia40bf23baf97af29c7f6f67c8a83918ecca15364
Reviewed-on: https://chromium-review.googlesource.com/586831
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46927}
2017-07-27 09:17:55 +00:00
Ulan Degenbaev
a61fec358b Do not clear of inline caches in SharedFunctionInfo::ResetForNewContext.
This is a step in making shared function info visitor side effect free.

Change-Id: I5e7a713d2d782590c4988abc69b2068dc85b9bae
Reviewed-on: https://chromium-review.googlesource.com/586927
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46926}
2017-07-27 08:41:14 +00:00
jgruber
e567e5ca16 [coverage] Handle repeated CoverageInfo deletions
Debug::ClearCoverageInfo may be called multiple times, for example
whenever coverage mode is switched to BestEffort. When encountering a
DebugInfo that does not have a CoverageInfo attached, simply do nothing
instead of failing a DCHECK.

TBR=yangguo@chromium.org

Bug: v8:6000
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I3910b21ab40e7db02af5f3b6add3ec3f86e5bd91
Reviewed-on: https://chromium-review.googlesource.com/588788
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46925}
2017-07-27 08:36:54 +00:00
Michael Lippautz
bb840f4fca [heap] Scavenger: Fix benign race in LayoutDescriptor access
We need to write the slot with a relaxed write. No additional barrier is
needed because the new object has been published using Release_CAS and
reading either value is fine (as long as all initializing stores have
been published).

NOTRY=true

Bug: chromium:738865
Change-Id: Ieeacccf00e0a7e8eb950eee01060bd1963e30a42
Reviewed-on: https://chromium-review.googlesource.com/589007
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46924}
2017-07-27 08:24:19 +00:00
Michael Achenbach
f5d42fc417 Revert "[coverage] Ship block coverage"
This reverts commit 7bb6cd63ed.

Reason for revert: layout tests

Original change's description:
> [coverage] Ship block coverage
> 
> Enables block coverage by default.
> 
> Design doc: http://goo.gl/hSJhXn
> Tracking bug: http://crbug.com/v8/6000
> 
> Bug: v8:6000
> Change-Id: I8c56474473b60e4707b75dc601b3e88455861a27
> Reviewed-on: https://chromium-review.googlesource.com/583093
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46898}

NOTRY=true
TBR=yangguo@chromium.org,jgruber@chromium.org

Change-Id: I51d6f13d3ad0d2d2262bdd8d67135931cbc27032
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6000
Reviewed-on: https://chromium-review.googlesource.com/588789
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46923}
2017-07-27 07:38:46 +00:00
Juliana Franco
337f38e0ec Deoptimizer tests
Adding (very) small tests for deoptimization.
Some of these tests were failing when the safepoints were not found,
after setting the return address.

BUG=V8:6563

Change-Id: I3af36b193a5982cd73414cc1884c5f0a7a727f5a
Reviewed-on: https://chromium-review.googlesource.com/584751
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Juliana Patricia Vicente Franco <jupvfranco@google.com>
Cr-Commit-Position: refs/heads/master@{#46922}
2017-07-27 07:21:46 +00:00
Igor Sheludko
10e4fe3d32 [runtime] Don't create class field types for arrays' fields.
... when generalizing const fields to mutable fields.

Bug: chromium:748539, chromium:747979, chromium:738763
Change-Id: Iee772a5d0cddd23599f1f68bca00b8beecb76da0
Reviewed-on: https://chromium-review.googlesource.com/586709
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46921}
2017-07-27 07:11:05 +00:00
Michael Lippautz
e70969a10a [heap] Enable parallel scavenge
-+ssssssyyssssooossooooooo+:`                   
                    :ys+///////oyo//////////////+oy:                  
                   +y+///////////ss///////////////+y/        ``       
                  +y//////////////oy+///////////////yo`   .:o/        
                `oy////////////////sy+///////////////ss-/syh/         
               `ss////////////////+y/yo///////////////oo+oy:          
              .ss////////////////oy- .ss////////////////oy-           
             .yo////////////////oy.   `os//////////////oy.            
             +ss+//////////////ss.     `+y+///////////ss.             
              `./oso+/////////ss`     `-+yo//////////ss.     `        
                  `-+oso+////so`   .:oyysoooooooooooso`  `-/os/       
./ooooooooooooooooo: `.:+ss+y+`  .:///::::-----.....``.:+so+/+y+      
  `-+sso+/////////+y/    `-//                     `-/oso+//////yo`    
     `/yo///////////so`                        .:+oo+///////////ss`   
     :yo/////////////ss.                      .sy+///////////////ss.  
    /y+///////////////oy-                      -yo////////////////oy- 
   +y+//////////////+o++y/                   `  .ss////////////////oy-
  :h///////////////+y+ossy+`                `o   .ss////////////////ss
  :h//////////////oy-  `:+so.              `oy    `os///////////////oy
   oy////////////ss.      `-/`            `sys     `+y+/////////////y/
    +y//////////so`                      .ssss       /y+//////////oy/ 
     +y+///////yyo++++++++++++++++      .yo/ss::::::--oyo++++++osyy-  
      /y+////+yo////////////////sy     -yo//++++++++++ooooooo++oyo.   
       /y+//+yo/////////////////oy    -yo/////////////////////+y+`    
        /y++y+//////////////////oy   :y+/////////////////////+y:      
         :yys///////////////////oy  -y+/////////////////////os-       
          :ys///////////////////oy  `os////////////////////so`        
           -y+//////////////////oy   `oy/////////////////+y+          
            -ss/////////////////oy     +y+//////////////oy:           
             `:ossooooooooooooooss      :y+/oyssssssssso/`            
                 `................       -yooy                        
                                          .yyy                        
                                           `sy                        
                                            `+                        

Bug: chromium:738865
Change-Id: I202f9c61c13fcacfb8fff37458931d91c6f831e5
Reviewed-on: https://chromium-review.googlesource.com/584835
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46920}
2017-07-27 06:50:23 +00:00
Mircea Trofin
c2928fe48d Revert "Revert "[wasm] Consolidate function table representation.""
This reverts commit 862d605c13.

Reason for revert: fixed compile issue

Original change's description:
> Revert "[wasm] Consolidate function table representation."
> 
> This reverts commit 4a45f35f26.
> 
> Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/25471 
> 
> Original change's description:
> > [wasm] Consolidate function table representation.
> > 
> > This CL avoids the need to reference the function tables (and signatures)
> > as either fixed arrays or vectors, preferring vectors.
> > 
> > The only place we need fixed arrays is on the compiled module, to support
> > serialization. When we move off the GC heap, we'll also move away
> > from fixed arrays in that last case.
> > 
> > The CL aids with getting wasm of the GC heap, by reducing the places 
> > and representations we'll need to change  when changing the way we 
> > reference fixed tables.
> > 
> > Bug: 
> > Change-Id: Id4e43905a3df39062bf2839fa72dd5d9a0fe87da
> > Reviewed-on: https://chromium-review.googlesource.com/588334
> > Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> > Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#46917}
> 
> TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org
> 
> Change-Id: Ie7d04f7ec74d6d0b3783df1c78c91c100ab784f4
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/588627
> Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46918}

TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: Ic0ba8097c13f2b1afd263b6243360e8ab95ae474
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/588667
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46919}
2017-07-27 05:57:02 +00:00
Mircea Trofin
862d605c13 Revert "[wasm] Consolidate function table representation."
This reverts commit 4a45f35f26.

Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20-%20debug%20builder/builds/25471 

Original change's description:
> [wasm] Consolidate function table representation.
> 
> This CL avoids the need to reference the function tables (and signatures)
> as either fixed arrays or vectors, preferring vectors.
> 
> The only place we need fixed arrays is on the compiled module, to support
> serialization. When we move off the GC heap, we'll also move away
> from fixed arrays in that last case.
> 
> The CL aids with getting wasm of the GC heap, by reducing the places 
> and representations we'll need to change  when changing the way we 
> reference fixed tables.
> 
> Bug: 
> Change-Id: Id4e43905a3df39062bf2839fa72dd5d9a0fe87da
> Reviewed-on: https://chromium-review.googlesource.com/588334
> Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#46917}

TBR=bradnelson@chromium.org,titzer@chromium.org,mtrofin@chromium.org,ahaas@chromium.org

Change-Id: Ie7d04f7ec74d6d0b3783df1c78c91c100ab784f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/588627
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46918}
2017-07-27 05:32:42 +00:00
Mircea Trofin
4a45f35f26 [wasm] Consolidate function table representation.
This CL avoids the need to reference the function tables (and signatures)
as either fixed arrays or vectors, preferring vectors.

The only place we need fixed arrays is on the compiled module, to support
serialization. When we move off the GC heap, we'll also move away
from fixed arrays in that last case.

The CL aids with getting wasm of the GC heap, by reducing the places 
and representations we'll need to change  when changing the way we 
reference fixed tables.

Bug: 
Change-Id: Id4e43905a3df39062bf2839fa72dd5d9a0fe87da
Reviewed-on: https://chromium-review.googlesource.com/588334
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46917}
2017-07-27 05:17:40 +00:00
v8-autoroll
675e00d8eb Update V8 DEPS.
Rolling v8/build: b77c52d..11685b6

Rolling v8/third_party/catapult: b5d2ffa..0f1f20d

TBR=machenbach@chromium.org,hablich@chromium.org

Change-Id: I65a486293524354675f999f328bf5c286947d4c0
Reviewed-on: https://chromium-review.googlesource.com/588467
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Commit-Queue: v8 autoroll <v8-autoroll@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46916}
2017-07-27 03:57:03 +00:00
Karl Schimpf
23e882eb20 Fix missing (function decoding time/function size) UMA metrics.
Check for these UMA stats were in functions only used for testing. Moved the
checks to code inside module decoding.

Note that the module decoder is used both to validate and generate the
intermediate (turbofan) graph of function bodies.  This CL assumes
that the validation phase (of function bodies) is the correct place to
track decoding time.

Bug: v8:6361
Change-Id: I791281daae96473d53cb8ae332fff8bb2673bf6c
Reviewed-on: https://chromium-review.googlesource.com/586974
Commit-Queue: Karl Schimpf <kschimpf@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46915}
2017-07-27 01:27:01 +00:00
Jaideep Bajwa
1af12c3c77 PPC/s390: [builtins] Introduce ConstructProxy builtin based on CSA
Port fe046627db
Port d594a6d9cd
Port 53553f5dcb

R=mslekova@google.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I2c160f8e3a1c3a809de6a6631864104ed95900d7
Reviewed-on: https://chromium-review.googlesource.com/587610
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46914}
2017-07-26 21:15:28 +00:00
Alexei Filippov
927322652d [heap-profiler] Fix reporting of fake global objects.
The global objects lookup code mistakingly reports weakly referenced
JSGlobalObject's as normal one. It should not.

The fix just adds is_weak check into V8HeapExplorer::SetGcSubrootReference
the rest is formatting.

Bug: chromium:747382
Change-Id: I3fc62317dd3d8728d261f27bd58654aff13eb6fe
Reviewed-on: https://chromium-review.googlesource.com/585385
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46913}
2017-07-26 20:26:40 +00:00
Jaideep Bajwa
c28d39f093 PPC/s390: [builtins] Introduce CallProxy builtin based on CSA
Port 7f50476b83
Port 1769f892ce

Original Commit Message:

    - Add more conformance tests for proxy call and calling undetectable
    - This improves the performance of calling a proxy by ~5x

R=mslekova@google.com, adamk@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: If5e66093aee815225053c1d3d2a99cfac270aea4
Reviewed-on: https://chromium-review.googlesource.com/587228
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Jaideep Bajwa <bjaideep@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#46912}
2017-07-26 18:20:53 +00:00
Georg Neis
e017463189 [modules] Fix mapping of internal status to external status.
Internally, the module status type has one additional value, namely
PreInstantiating. I previously mapped this to Instantiating when
crossing the API boundary but it really should be mapped to
Uninstantiated. That's because when instantiation fails, typically all
modules not yet visited will remain in the PreInstantiating state, yet
they must appear Uninstantiated to the outside.

A relevant test will be added to chromium shortly.

Bug: v8:1569, chromium:748544
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Icb33c7f90db5e62375b6c09d14e3d2d5342b0879
Reviewed-on: https://chromium-review.googlesource.com/586602
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46911}
2017-07-26 17:55:25 +00:00