Commit Graph

46458 Commits

Author SHA1 Message Date
jgruber
f8fb4a5c74 [builtins] Verify process-independence in release mode
These checks are critical even in release mode. They won't impact
runtime performance since this happens at snapshot-time.

TBR=yangguo@chromium.org

Bug: v8:6666
Change-Id: I342d9f80c6b882363da00630385686ac6a02cf5d
Reviewed-on: https://chromium-review.googlesource.com/964524
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51966}
2018-03-15 16:58:12 +00:00
Benedikt Meurer
d6e2398a9d Reland "[turbofan] Consistently use String feedback for JSAdd."
This is a reland of d504203e93

Original change's description:
> [turbofan] Consistently use String feedback for JSAdd.
> 
> Currently we didn't always consistently use the String feedback on
> JSAdd, but only if JSTypedLowering would already figure out statically
> that one of the inputs is already a String. That leads to some odd
> performance cliffs, as highlighted in the referenced bug.
> 
> This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
> String feedback. This improves the relevant performance tests from the
> bug from
> 
>   console.timeEnd: Runtime join3, 967.512000
>   console.timeEnd: Runtime join, 1004.599000
>   console.timeEnd: Runtime join3, 1124.764000
>   console.timeEnd: Runtime join, 966.164000
>   console.timeEnd: Runtime join3, 1145.296000
>   console.timeEnd: Runtime join, 966.176000
>   console.timeEnd: Runtime join3, 1145.272000
>   console.timeEnd: Runtime join, 931.266000
> 
> to
> 
>   console.timeEnd: Runtime join3, 903.050000
>   console.timeEnd: Runtime join, 856.509000
>   console.timeEnd: Runtime join3, 945.144000
>   console.timeEnd: Runtime join, 840.038000
>   console.timeEnd: Runtime join3, 927.965000
>   console.timeEnd: Runtime join, 841.263000
>   console.timeEnd: Runtime join3, 929.342000
>   console.timeEnd: Runtime join, 858.143000
> 
> which corresponds to an 8-18% improvement.
> 
> Bug: v8:7415
> Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
> Reviewed-on: https://chromium-review.googlesource.com/936643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51551}

Bug: v8:7415
Change-Id: Idbc889dc070f764dacf3bf535e41d0e66ab09bea
Reviewed-on: https://chromium-review.googlesource.com/964421
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51965}
2018-03-15 16:12:50 +00:00
Sathya Gunasekaran
acae2f2b65 [ignition] Set correct expression position for ObjectLiteral keys/values
Given the following input,
  const config = {
    min: Math.min(1, 2),
    func: myfunc(),
  }

Previously, the error was,
  ➜ ./out.gn/x64.release/d8 _test.js
  _test.js:3: ReferenceError: myfunc is not defined
    min: Math.min(1, 2),
              ^
  ReferenceError: myfunc is not defined
      at _test.js:3:13

Now, the error is,
  ➜ ./out.gn/x64.release/d8 _test.js
  _test.js:4: ReferenceError: myfunc is not defined
    func: myfunc(),
          ^
  ReferenceError: myfunc is not defined
      at _test.js:4:9

Bug: v8:7507
Change-Id: Ia65b445fdbc1369ecce80f4fc2040e500c807d40
Reviewed-on: https://chromium-review.googlesource.com/964182
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51964}
2018-03-15 15:36:41 +00:00
Benedikt Meurer
ef546d6872 [turbofan, ia32] Fix moves from constant to poison register.
This makes the moves from constants to the poisoning register
explicit so that the register allocator does not have to burn
a register on it.

Bug: chromium:798964, chromium:820726, v8:7503, v8:7518
Change-Id: Ifc8f9a2f685405dd38fec583bb0e20c3f0320903
Reviewed-on: https://chromium-review.googlesource.com/964202
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51963}
2018-03-15 15:05:08 +00:00
Jakob Gruber
fda0d684c3 Revert "[builtins] Remove off-heap builtins from the snapshot"
This reverts commit f1b1ec70a6.

Reason for revert: Tentative revert for https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8.fyi%2FV8-Blink_Mac%2F13696%2F%2B%2Frecipes%2Fsteps%2Fwebkit_unit_tests%2F0%2Fstdout

Original change's description:
> [builtins] Remove off-heap builtins from the snapshot
> 
> This CL is the final major step towards shipping off-heap-safe builtins
> embedded into the binary.
> 
> Prior to snapshot serialization, we now:
> * create the embedded blob containing off-heap instruction streams,
> * use that to generate embedded.cc (containing embedded binary data),
> * replace off-heap-safe builtins with trampolines,
> * and serialize those into the final snapshot.
> 
> The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
> targets on deserialization.
> 
> Bug: v8:6666
> Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
> Reviewed-on: https://chromium-review.googlesource.com/950775
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51960}

TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org

Change-Id: I58dd4bf9a99d37416855b48807150e1dd9ecd9e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/964363
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51962}
2018-03-15 14:25:10 +00:00
Hannes Payer
ef99ff6ed4 [heap] Don't spawn new GC tasks when the heap is in TEAR_DOWN state.
Change-Id: I57da95525e09820ed1a1697cc4eb1e39ecb7c7cc
Reviewed-on: https://chromium-review.googlesource.com/964282
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51961}
2018-03-15 14:23:58 +00:00
jgruber
f1b1ec70a6 [builtins] Remove off-heap builtins from the snapshot
This CL is the final major step towards shipping off-heap-safe builtins
embedded into the binary.

Prior to snapshot serialization, we now:
* create the embedded blob containing off-heap instruction streams,
* use that to generate embedded.cc (containing embedded binary data),
* replace off-heap-safe builtins with trampolines,
* and serialize those into the final snapshot.

The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
targets on deserialization.

Bug: v8:6666
Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
Reviewed-on: https://chromium-review.googlesource.com/950775
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51960}
2018-03-15 13:51:29 +00:00
Ben L. Titzer
c5253448c2 [wasm] Refactorings to improve naming
- Rename WasmCode::owner() to WasmCode::native_module() and
- Make {shared} field of WasmCompiledModule no-longer const, since
  it had a setter masquerading under the
  {OnWasmModuleDeserialization()}.
- Refactor and simplify the flow of "owner" in module-compiler.cc

R=mstarzinger@chromium.org

Change-Id: If9ee371124678fbbc845fc4e93279bf14f8f7ce8
Reviewed-on: https://chromium-review.googlesource.com/964263
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51959}
2018-03-15 13:47:58 +00:00
Sathya Gunasekaran
4c09a92fc4 [numeric separator] Stage numeric separators
Bug: v8:7317
Change-Id: I44713155597549a148bdab7a6f16641cc3918a66
Reviewed-on: https://chromium-review.googlesource.com/962147
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51958}
2018-03-15 13:11:58 +00:00
Michael Achenbach
19e1100c15 [build] Don't generate snapshot.cc with external startup data
Bug: v8:7441
Change-Id: I4dda34f22a1281c869fdf7b31108908f834ab30c
Reviewed-on: https://chromium-review.googlesource.com/960034
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51957}
2018-03-15 12:50:57 +00:00
Ulan Degenbaev
6ad63309ed [api] Restore v8::V8::InitializeICU API.
This function re-uses the implementation of InitializeICUDefaultLocation.

Removal of the API breaks embedders' code without providing any benefit.

Bug: v8:7561
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I006cd307887ac132f574af26ca9cd1d5e5317644
Reviewed-on: https://chromium-review.googlesource.com/963024
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51956}
2018-03-15 12:32:21 +00:00
Hannes Payer
ab0565af06 [heap] Add a TEAR_DOWN state to heap states which is set when the heap is tearing down.
Bug: chromium:818585
Change-Id: I31032ba230ee2eb9f0bbcab0af720e23c3d6ae11
Reviewed-on: https://chromium-review.googlesource.com/962428
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51955}
2018-03-15 12:31:17 +00:00
Michael Starzinger
56d7986f39 [wasm] Remove obsolete parameter from {ModuleCompiler}.
R=clemensh@chromium.org
BUG=v8:7549

Change-Id: I713b458236cd0257eeb468caa2c6cfb68afb7a37
Reviewed-on: https://chromium-review.googlesource.com/964122
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51954}
2018-03-15 12:21:16 +00:00
Daniel Clifford
9d043828f2 Remove extraneous include from objects.h
Change-Id: Ic682a8e0a3340fe20a0f6300508197e6ec8f211d
Reviewed-on: https://chromium-review.googlesource.com/963710
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51953}
2018-03-15 12:20:12 +00:00
Clemens Hammacher
0fc3634047 [d8] Don't process message queues in load
After processing the string loaded from a file, don't process message
queues. Otherwise, stack traces generated in any processed task will
contain the stack trace of the load. This also introduces
nondeterminism, since it depends on the timing whether something will
be processed inside the load or outside.

Drive-by: Introduce enums for the different bools, to make their
meaning more obvious at call sites.

R=yangguo@chromium.org
CC=herhut@chromium.org

Change-Id: Ib48ee01be8c443a2a408ecb1c9e34bb9ba5a8fe7
Reviewed-on: https://chromium-review.googlesource.com/964141
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51952}
2018-03-15 12:19:07 +00:00
Ulan Degenbaev
9fe417cb7f [api] Restore the simple version of Message::GetEndColumn API.
This also undeprecates Message::GetStartColumn API.

The simple versions are easier to use for the embedders and have the
same implementation as the complex versions.

Bug: v8:7560
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I656161b04c5d9de6d1de9435b7825009f96572a5
Reviewed-on: https://chromium-review.googlesource.com/963322
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51951}
2018-03-15 12:16:38 +00:00
Sathya Gunasekaran
e77eebfe3b [numeric separator] Simplify error handling
Pointing to the exact spot of the incorrect numeric separator seems
clearer both in terms of the error itself, and the resulting code in
scanner because we don't have to keep track of the start position.

Previously, the error was:
  ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
  unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
  0x1__1
  ^^^^
  SyntaxError: Only one underscore is allowed as numeric separator

Now, the error is:
  ➜ ./out.gn/x64.release/d8 --harmony-numeric-separator -e '0x1__1'
  unnamed:1: SyntaxError: Only one underscore is allowed as numeric separator
  0x1__1
      ^
  SyntaxError: Only one underscore is allowed as numeric separator


Bug: v8:7317
Change-Id: I7df1b39816e51a97234da6ed0fca1bf8c0223c3e
Reviewed-on: https://chromium-review.googlesource.com/962241
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51950}
2018-03-15 12:09:06 +00:00
Tobias Tebbi
a1fe961c7c Revert "[turbofan] Consistently use String feedback for JSAdd."
This reverts commit d504203e93.

Reason for revert: b/74469145

Original change's description:
> [turbofan] Consistently use String feedback for JSAdd.
> 
> Currently we didn't always consistently use the String feedback on
> JSAdd, but only if JSTypedLowering would already figure out statically
> that one of the inputs is already a String. That leads to some odd
> performance cliffs, as highlighted in the referenced bug.
> 
> This CL fixes the JSTypedLowering::ReduceJSAdd to always bake in the
> String feedback. This improves the relevant performance tests from the
> bug from
> 
>   console.timeEnd: Runtime join3, 967.512000
>   console.timeEnd: Runtime join, 1004.599000
>   console.timeEnd: Runtime join3, 1124.764000
>   console.timeEnd: Runtime join, 966.164000
>   console.timeEnd: Runtime join3, 1145.296000
>   console.timeEnd: Runtime join, 966.176000
>   console.timeEnd: Runtime join3, 1145.272000
>   console.timeEnd: Runtime join, 931.266000
> 
> to
> 
>   console.timeEnd: Runtime join3, 903.050000
>   console.timeEnd: Runtime join, 856.509000
>   console.timeEnd: Runtime join3, 945.144000
>   console.timeEnd: Runtime join, 840.038000
>   console.timeEnd: Runtime join3, 927.965000
>   console.timeEnd: Runtime join, 841.263000
>   console.timeEnd: Runtime join3, 929.342000
>   console.timeEnd: Runtime join, 858.143000
> 
> which corresponds to an 8-18% improvement.
> 
> Bug: v8:7415
> Change-Id: I62e008298e4ee0864885b37817c91d055acf2a09
> Reviewed-on: https://chromium-review.googlesource.com/936643
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51551}

TBR=jarin@chromium.org,bmeurer@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:7415
Change-Id: I106a314bcd4187abdad6dc11306226d0c28ef524
Reviewed-on: https://chromium-review.googlesource.com/963522
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51949}
2018-03-15 11:44:36 +00:00
Vasili Skurydzin
3032a9ffb5 PPC/s390: [TurboFan] Use the FlagsContinuation more effectively
Port ab9ac99458

Original Commit Message:

    We can reduce boilerplate if we pass the continuation to
    some InstructionSelector::Emit.* methods.

R=mvstanton@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia9ddd0dcf5d6115ee9f8c35e1b05c10f9f0c4b39
Reviewed-on: https://chromium-review.googlesource.com/959441
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#51948}
2018-03-15 11:43:16 +00:00
Clemens Hammacher
410893e9a9 [Liftoff][x64] Assert that 32-bit values are zero extended
On x64, the upper 32 bit of a register holding a 32-bit value are
always zero. Add several assertions to check that. This is particularly
important for memory accesses, where the whole 64-bit register is used
as offset for the memory access.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Ifd3c6e90bb0056dbc2b8c66de919f35c7787965b
Reviewed-on: https://chromium-review.googlesource.com/963321
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51947}
2018-03-15 11:28:12 +00:00
Sathya Gunasekaran
ad6c11f2df [numeric-separator] Enable test262 tests
Bug: v8:7317
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2920abc732b9006a24fcf11edb6bb779ac627d5a
Reviewed-on: https://chromium-review.googlesource.com/961064
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51946}
2018-03-15 11:23:06 +00:00
Ulan Degenbaev
29471bdb36 [heap-profiler] Annotate "const/let" refs in top level script context.
This patch extends ExtractContextReferences to handle all declaration
contexts, not only function/module/eval contexts.

Bug: chromium:817954
Change-Id: Ibe2827a9d6b2939552da26a60df959c9b22ea059
Reviewed-on: https://chromium-review.googlesource.com/962763
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51945}
2018-03-15 11:20:26 +00:00
Junliang Yan
7c8476a2b6 [memory] fix endian issue on FeedbackMetadata::synchronized_slot_count
Bug: v8:7558
Change-Id: I7f4eae87fad6b707c5defa033f4eaf6037c864ba
Reviewed-on: https://chromium-review.googlesource.com/963166
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51944}
2018-03-15 10:36:26 +00:00
Sathya Gunasekaran
9c98391015 [numeric separator] Ban implicit octal support
Bug: v8:7317
Change-Id: I20fb706c05852668a5a6ae8b69c150ae2e6b2f65
Reviewed-on: https://chromium-review.googlesource.com/960901
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51943}
2018-03-15 10:34:56 +00:00
sreten.kovacevic
0b67384afd [Liftoff][mips] Implement CallerFrameSlot instructions
Implement Push and Load CallerFrameSlot instructions.
Also, fix some issues that was revealed after these changes.

Bug: v8:6600
Change-Id: I658c26b0dcec489e7e549d4f1fbd4ccd89a6ea99
Reviewed-on: https://chromium-review.googlesource.com/964001
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51942}
2018-03-15 10:24:27 +00:00
Michael Starzinger
b20aafb967 [wasm] Remove dead exported wrapper handling from {NativeModule}.
R=titzer@chromium.org

Change-Id: I9c947440e4e92ff7176d8dc2f334182c524898f9
Reviewed-on: https://chromium-review.googlesource.com/962451
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51941}
2018-03-15 10:12:46 +00:00
Ilija Pavlovic
8581e30929 [mips]: Skip mjsunit/harmony/bigint/regressions.
This test creates a BigInt object with size more then 250 MB. On certain
test systems, this large memory consumption will cause the test failing.
Therefore, this test will be skipped for MIPS32 architecture.

TEST=mjsunit/harmony/bigint/regressions
BUG=

Change-Id: I21bf86c3e6058818c6db3ed8970c0f1e3873e0a6
Reviewed-on: https://chromium-review.googlesource.com/962381
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#51940}
2018-03-15 09:34:46 +00:00
Yang Guo
aaa854d6b4 Also install sysroot for building Node.
Previously install-sysroot.py relied on gyp. This should be fixed now.
This way, tools/node/fetch_deps.py can also be used to fetch
dependencies when building V8 to run V8 tests from a Node.js checkout.

R=machenbach@chromium.org

Change-Id: Ic4ee425d6ae744c32f604d14fbfdb0554a00c486
Reviewed-on: https://chromium-review.googlesource.com/962421
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51939}
2018-03-15 08:24:56 +00:00
Erik Luo
d452a7f63a [inspector] queryObjects() should take objectGroup
Now, 'queryObjects' takes an optional 'objectGroup' argument,
allowing the frontend to release the response value.

This is important because each call produces a new Array, which
could not be released before.

Bug: chromium:815263
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I18c9a68c4ba45020fce9eea63cb263396a18d498
Reviewed-on: https://chromium-review.googlesource.com/935153
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51938}
2018-03-14 20:12:56 +00:00
Junliang Yan
25363b8f2e [wasm] Make NativeModule::LinkAll to use CodeSpecialization
- Update CodeSpecialization::RelocateDirectCalls and ApplyToWholeInstance to take a native module instead
- Use CodeSpecialization on NativeModule::LinkAll

Bug: v8:7539
Change-Id: I71ceb3114e8a0fca71dfa32f0721ef5fb4485eb4
Reviewed-on: https://chromium-review.googlesource.com/959592
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51937}
2018-03-14 19:58:03 +00:00
Michael Lippautz
a07b245e01 [heap-profiler] Annotate global handle
Annotate global handle with label to identify the context held alive for
debugging in DevTools

Bug: chromium:811842
Change-Id: I24f08b4d01939421ba1b7ec7b03982f00ebbdd1a
Reviewed-on: https://chromium-review.googlesource.com/962788
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51936}
2018-03-14 19:49:03 +00:00
Corentin Wallez
7b88f3569e auto_roll.py: use LUCI for the optional GPU tests on Linux
TBR=machenbach@chromium.org

BUG=chromium:815092

Change-Id: Ib49dc50e41f0a7ec26d974b3d9d302003230f6e4
Reviewed-on: https://chromium-review.googlesource.com/962993
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51935}
2018-03-14 19:21:04 +00:00
Sergiy Byelozyorov
083171e989 Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Bug: chromium:821689
Change-Id: Ia4010368738791ded4f0b27ef28d54ca3961e165
Reviewed-on: https://chromium-review.googlesource.com/962790
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51934}
2018-03-14 18:44:02 +00:00
Caitlin Potter
b8229612bf Reland "[esnext] re-implement template strings"
- Add a new bytecode for the ToString operation, replacing the old
intrinsic call (currently does not collect type feedback).
- Add a new AST node to represent TemplateLiterals, and avoid
generating unnecessary ToString operations in some simple cases.
- Use a single feedback slot for each string addition, because the
type feedback should always be the same for each addition

This seems to produce a very slight improvement on JSTests benchmarks
and bench-ruben.js from v8:7415, and it's possible that type feedback
for the ToString bytecode could provide more opportunities to eliminate
the runtime call in TurboFan.

Doesn't touch tagged templates

[esnext] fix OOB read in ASTPrinter::VisistTemplateLiteral

Fixes an error where TemplateLiteral printing in --print-ast
would try to read an element beyond the length of a vector.

BUG=v8:7415, chromium:820596
R=adamk@chromium.org, gsathya@chromum.org, rmcilroy@chromium.org, ishell@chromium.org, bmeurer@chromium.org

Change-Id: Ie56894f73a6445550a5f95f42160c4e29ab1da42
Reviewed-on: https://chromium-review.googlesource.com/958408
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#51933}
2018-03-14 18:12:09 +00:00
Ben L. Titzer
39bc48e283 [wasm] Add untagged context properties to WasmInstanceObject
This CL is preparation for moving the contents of the WasmContext
directly into the WasmInstanceObject. The moved fields are all untagged
pointers to C++ memory or untagged sizes which will be used in
generated machine code for WASM. They are not currently used, but
they are all set to kHeapObjectTag to make sure they are not
interpreted as tagged by the GC, using a custom object descriptor.

R=mstarzinger@chromium.org
CC=clemensh@chromium.org

Bug: v8:7424
Change-Id: Ie5d5161df32564dcac74c6ff659f1a38ddca3cb0
Reviewed-on: https://chromium-review.googlesource.com/961065
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51932}
2018-03-14 17:59:59 +00:00
Sergiy Byelozyorov
507fe1d105 Whitespace CL
TBR=sergiyb@chromium.org

No-Try: true
No-Presubmit: true
Bug: chromium:821689
Change-Id: Ia5c13fb9d22a5695025434f3e48821469a79a0a3
Reviewed-on: https://chromium-review.googlesource.com/963021
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51931}
2018-03-14 17:58:41 +00:00
Clemens Hammacher
92a37d0218 [Liftoff] Add integer conversions
This adds support for i32.wrap/i64, i64.extend_s/i32, and
i64.extend_u/i32.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: Iaeac1d24a53d044151cb244fffe3eab04314d908
Reviewed-on: https://chromium-review.googlesource.com/962281
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51930}
2018-03-14 15:41:19 +00:00
Dan Elphick
7f44053c9e [builtins] Skip redundantly setting array length in Array.from
Now that Array.from() always calls the runtime to set the length if it's
not equal to the current length, don't actually set it on the fast path
since it's unobservable and doesn't change anything.

Also remove check for the array being writable since it's no longer
needed.

Change-Id: I0928d80b445807912fd925f7957c9a76385fc6bc
Reviewed-on: https://chromium-review.googlesource.com/961403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51929}
2018-03-14 14:39:26 +00:00
Michael Starzinger
4dc6889753 [objects] Remove unused {Code::trap_handler_index} field.
R=titzer@chromium.org
BUG=v8:7549

Change-Id: Ie77a22f0a6204d673d130be45ca20d5986cddd88
Reviewed-on: https://chromium-review.googlesource.com/962423
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51928}
2018-03-14 14:21:34 +00:00
Michael Starzinger
662cfb44e4 [wasm] Remove obsolete {WasmFunctionInfo} structure.
R=titzer@chromium.org
BUG=v8:7549

Change-Id: Ibae3ea41306ae89ee5caaa6ab2fdec6f08f2040c
Reviewed-on: https://chromium-review.googlesource.com/962361
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51927}
2018-03-14 13:46:08 +00:00
Ben L. Titzer
9123f3a490 [wasm] Remove WASM_TABLE_SIZE_REFERENCE and related
This removes the relocation mode and code specialization for table
sizes. These are now stored in the context and not inlined into code.

Bug: v8:7549, v8:7424

R=mstarzinger@chromium.org

Change-Id: I4cec78fdd365cd0c1dab9f5f4b40ffb69f540bda
Reviewed-on: https://chromium-review.googlesource.com/962221
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51926}
2018-03-14 13:45:03 +00:00
Michael Starzinger
a7aa926459 [wasm] Remove unused {WasmCompiledModule::function_tables} field.
R=clemensh@chromium.org
BUG=v8:7549

Change-Id: Ied73ba2c146441c87c5ada65285037b68a83abe1
Reviewed-on: https://chromium-review.googlesource.com/962026
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51925}
2018-03-14 13:14:32 +00:00
Benedikt Meurer
c54d93d6d0 [turbofan] Fix inconsistent treatment of SpeculativeToNumber.
This is a partial revert of e583fc836b.
The reasoning here is that the treatment of SpeculativeToNumber[hint]
was not consistent (which led to the original bug that caused the
performance regression): The semantics of the operator is that it turns
its input into a number, and might bailout if the input is too complex
to accomplish that within optimized code. It can use the hint to handle
even fewer cases without the risk of a deoptimization loop. However it
cannot rely on the hint influencing the output, especially not before
SimplifiedLowering ran. The code for the OOB element access however
relied on the hint being enforced, which caused the original bug.

This CL repairs that and instead uses CheckSmi for the OOB element
access guard.

Also-By: tebbi@chromium.org
Bug: chromium:819298, chromium:820729
Change-Id: I9b2170ccf9b5561d698c0108e93e538cac1e708c
Reviewed-on: https://chromium-review.googlesource.com/961066
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51924}
2018-03-14 13:13:13 +00:00
Michael Starzinger
23d7fb69e2 [wasm] Remove obsolete {WasmCodeWrapper} class.
R=clemensh@chromium.org
BUG=v8:7549

Change-Id: Ie2d9d9b569b46396e78b3a6c39fe7e36b6090608
Reviewed-on: https://chromium-review.googlesource.com/962247
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51923}
2018-03-14 12:33:02 +00:00
Stephan Herhut
484b743872 [wasm] Do not skip wasm frames when iterating
SafeStackFrameIterator used to skip over wasm frames, thus hiding them
for example in the Chrome profiler.

Change-Id: I81b1d73ab0b4fb1886f3300083a9550dc0f55525
Reviewed-on: https://chromium-review.googlesource.com/955697
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51922}
2018-03-14 12:17:53 +00:00
Benedikt Meurer
39933b4aba [turbofan] Optimize typed array accesses for Node.js.
In case of Node.js (and Electron) we are guaranteed to always have only
off-heap typed arrays, indicated by V8_TYPED_ARRAY_MAX_SIZE_IN_HEAP
being 0. So we can leverage this fact in TurboFan to generate more
efficient code, avoiding the offset computation.

Bug: v8:7253
Change-Id: I97db0dfec21c594ff8be0f1d405e828c7ae38c33
Reviewed-on: https://chromium-review.googlesource.com/962243
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51921}
2018-03-14 12:10:12 +00:00
Clemens Hammacher
95ef7e776e [Liftoff] Implement reinterpretations
This adds support for i32.reinterpret/f32, i64.reinterpret/f64,
f32.reinterpret/i32, and f64.reinterpret/i64.
On x64, all operations are straight-forward. On ia32, conversions from
or to i64 are done via the stack.

R=titzer@chromium.org

Bug: v8:6600
Change-Id: If5562caf7367726904c6e405ad4fc5436d21144e
Reviewed-on: https://chromium-review.googlesource.com/962224
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51920}
2018-03-14 11:43:42 +00:00
Dan Elphick
b5da57a06d [builtins] Fix OOB read/write using Array.from
Always use the runtime to set the length on an array if it doesn't match
the expected length after populating it using Array.from.

Bug: chromium:821137
Change-Id: I5a730db58de61ba789040e6dfc815d6067fbae64
Reviewed-on: https://chromium-review.googlesource.com/962222
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51919}
2018-03-14 11:31:42 +00:00
Kevin Gibbons
1dab065bb4 [errors] Give a more informative error message for new Map(1)
Previously the error was "undefined is not a function". Now it is
"1 is not iterable".

Bug: v8:6522
Change-Id: If338ddefca78fd6a10cc12b26f0dec632900f32b
Reviewed-on: https://chromium-review.googlesource.com/959728
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51918}
2018-03-14 11:07:52 +00:00
Georg Neis
43726eef8c [test] Increase timeout for tests run by predictable_wrapper.py.
R=machenbach@chromium.org, sigurds@chromium.org

Bug: v8:7551
Change-Id: If7aca6477acc86eddd2ca7d96a8b222dca9298c2
Reviewed-on: https://chromium-review.googlesource.com/960662
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51917}
2018-03-14 09:09:22 +00:00