Commit Graph

27653 Commits

Author SHA1 Message Date
Hannes Payer
70cb6f50d2 Unify invalid size error handling.
Bug: chromium:1198188
Change-Id: Iaf2cdd85124295d842ff6bb139ab0d85371c08ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2833920
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74028}
2021-04-19 10:07:33 +00:00
Jakob Gruber
ccc0711957 [compiler] Skip BreakPointInlinedBuiltin in --stress-concurrent-inlining
Should be unskipped once the linked issue is fixed.

Tbr: mvstanton@chromium.org
Bug: v8:11649
Change-Id: I9916c6f044a9c66d9a55d7783a619b2830a776ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2833916
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74023}
2021-04-19 08:13:23 +00:00
Jakob Gruber
cee234572f [compiler] Don't spawn extra tasks when node_observer is set
The mechanisms don't interact well. NodeObserver assumes synchronous
compilation that finishes within the ObserverNodeScope. One could
ensure all relevant lifetimes (of the NodeObserver itself, and all
captured pointers) exceed that of all spawned jobs, but simply
disabling the additional concurrent job in these cases is a
pragmatic fix for now.

Bug: v8:11658
Change-Id: I41b2f96f0166b661cf0cca94ef809ca99475e420
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2833915
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74022}
2021-04-19 07:36:43 +00:00
Ng Zhi An
ede5e81439 Revert "[wasm-simd] Canonicalize shuffles when creating TurboFan graph"
This reverts commit d16eefe0f2.

It is not correct to check for node equality during the graph
construction phase, because we can have optimizations that will combine
same nodes. So it can happen that in wasm-compiler, the inputs to
shuffle are not the same, so we canonicalize using that knowledge that
it will not be the same, and allow indices > 15. But later we can have
optimizations that combine the 2 inputs (e.g. splat of the same
constants), and the instruction selector will see that the input nodes
are the same.

Bug: v8:11542,chromium:1199662
Change-Id: I21c175f4707708038710147f64d687d1b14c6ecc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2829986
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74017}
2021-04-17 00:07:01 +00:00
Shu-yu Guo
194672378b Revert "[fastcall] Add support for leaf interface type checks"
This reverts commit 6124a534b2.

Reason for revert: On suspicion of blocking V8 roll: https://ci.chromium.org/ui/p/chromium/builders/try/win10_chromium_x64_rel_ng/839568/overview

Original change's description:
> [fastcall] Add support for leaf interface type checks
>
> This CL adds an IsTemplateForApiObject method to FunctionTemplate
> allowing the embedder to check whether a given API object was
> instantiated by this template without including parent templates
> in the search. It also replaces the v8::ApiObject in the fast API
> with a raw v8::Value pointer to allow use of standard C++ casts.
>
> Bug: chromium:1052746
> Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73999}

Bug: chromium:1052746
Change-Id: Ic99ec616310f0f75800c3dad393b5d2d685b76ab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2829988
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74016}
2021-04-16 21:34:13 +00:00
Hannes Payer
7564f6584e Separate array length and capacity errors from OOMs.
Bug: chromium:1198188
Change-Id: I7f4a9e67a435fcb4b564599c5dd27c386bef143b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831480
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74015}
2021-04-16 18:25:01 +00:00
Toon Verwaest
bbc32bd2b5 [keys] Fix dictionary-mode prototype invalidation
When the enumerability flag is flipped we need to invalidate the
prototype info.

Bug: chromium:1163499
Change-Id: Iceeaa5fc47eebfe7d333c9eb594bf0763e6cef92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831871
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74013}
2021-04-16 16:11:35 +00:00
Leszek Swirski
2871e05cc3 Reland "[codegen] Add static interface descriptors"
This is a reland of ae0752df1b

Reland fixes:

  * Remove UNREACHABLE() from constexpr switch, since we don't have a
    CONSTEXPR_UNREACHABLE() (it's ok, the switch is exhaustive for the
    enum anyway).
  * Fix IsRegisterArray trait to use public inheritance and size_t for
    std::array size.

Original change's description:
> [codegen] Add static interface descriptors
>
> Add a new CRTP StaticCallInterfaceDescriptor class, which provides
> static constexpr getters for a descriptor's registers, parameter counts,
> and so on. Each CallInterfaceDescriptor subclass is changed to extend
> StaticCallInterfaceDescriptor, with StaticCallInterfaceDescriptor itself
> extending CallInterfaceDescriptor to still provide a dynamic lookup
> where needed.
>
> StaticCallInterfaceDescriptor provides a couple of customisation points,
> where it reads its CRTP derived descriptor's static fields and
> functions, with default fallbacks where appropriate. With these
> customisation points, the definition of CallInterfaceDescriptor
> subclasses is simplified to:
>
>     a) Providing parameter names (as before)
>     b) Providing parameter types (as before)
>     c) Optionally setting flags (like kNoContext or kAllowVarArgs) as
>        static booleans on the class.
>     d) Optionally providing a `registers()` method that returns a
>        std::array<Register, N> of registers that may be used for
>        parameters (if not provided, this defaults to the implementation
>        specific default register set).
>
> Parameter registers (and register count) are automagically set based on
> the number of parameters and number of given registers, with extra magic
> to ignore no_reg registers (to reduce ia32 special casing). The
> CallInterfaceDescriptorData is initialized based on these static
> functions, rather than manual per-descriptor initializers.
>
> This allows us to skip loading descriptors dynamically for CallBuiltin
> in Sparkplug, and instead lets us use a bit of template magic to
> statically set up arguments for the calls. Any other users of statically
> known descriptors will also benefit, thanks to C++ picking the static
> methods over the dynamic methods on the base class when available.
>
> Because we can remove various virtual functions and trigger heavier
> inlining of constantly known values, binary size slightly decreases with
> this change.
>
> Note that torque-generated descriptors are changed to use the same magic,
> rather than having Torque-specific magic, for consistency.
>
> Bug: v8:11420
> Change-Id: Icc5e238b6313a08734feb564204a13226b450c22
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814518
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73996}

TBR=nicohartmann@chromium.org,clemensb@chromium.org,ishell@chromium.org,clemensb@chromium.org

Bug: v8:11420
Change-Id: Icd1f6cdb3c178e74460044b1e9623139929ceba8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831872
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74010}
2021-04-16 15:43:05 +00:00
Benedikt Meurer
f4573682ed [inspector] Don't show __proto__ in previews of embedder objects.
This change slipped into https://crrev.com/c/2820970 and wasn't
intended. We actually need to rule out __proto__ here explicitly,
otherwise it starts showing up in previews for embedder objects
(i.e. for HTMLAllCollection, etc.).

Bug: chromium:1197019
Change-Id: Iadde73747c157c2b5b013b11a6b8a30cc4394a7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831481
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74009}
2021-04-16 15:37:35 +00:00
Yahan Lu
eac97a970f [riscv64] Fix NaN related issue
Optimize FPUCanonicalizeNaN
Float Round reutrn qNan when input is Nan
FMaxMin return qNan with Nan inputs

Change-Id: I7568be3d27d030e49f292a956b3084b54bdf8577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814725
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74006}
2021-04-16 15:09:35 +00:00
Thibaud Michaud
60dfe6512c [wasm][liftoff] Fix indexing in loop stack check
The "num_exceptions" field of the control block must be updated before
entering the stack check, because it is used in
"GetCurrentDebugSideTable" to compute the correct indices for the debug
side table.

R=clemensb@chromium.org

Bug: chromium:1199526
Change-Id: I54f1e4244bf84d0a78b47a764fedc83b54758d01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831483
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74003}
2021-04-16 14:24:15 +00:00
Leszek Swirski
5dea60d60b Revert "[codegen] Add static interface descriptors"
This reverts commit ae0752df1b.

Reason for revert: Predictably, constexpr issues on non-clang compilers.

Original change's description:
> [codegen] Add static interface descriptors
>
> Add a new CRTP StaticCallInterfaceDescriptor class, which provides
> static constexpr getters for a descriptor's registers, parameter counts,
> and so on. Each CallInterfaceDescriptor subclass is changed to extend
> StaticCallInterfaceDescriptor, with StaticCallInterfaceDescriptor itself
> extending CallInterfaceDescriptor to still provide a dynamic lookup
> where needed.
>
> StaticCallInterfaceDescriptor provides a couple of customisation points,
> where it reads its CRTP derived descriptor's static fields and
> functions, with default fallbacks where appropriate. With these
> customisation points, the definition of CallInterfaceDescriptor
> subclasses is simplified to:
>
>     a) Providing parameter names (as before)
>     b) Providing parameter types (as before)
>     c) Optionally setting flags (like kNoContext or kAllowVarArgs) as
>        static booleans on the class.
>     d) Optionally providing a `registers()` method that returns a
>        std::array<Register, N> of registers that may be used for
>        parameters (if not provided, this defaults to the implementation
>        specific default register set).
>
> Parameter registers (and register count) are automagically set based on
> the number of parameters and number of given registers, with extra magic
> to ignore no_reg registers (to reduce ia32 special casing). The
> CallInterfaceDescriptorData is initialized based on these static
> functions, rather than manual per-descriptor initializers.
>
> This allows us to skip loading descriptors dynamically for CallBuiltin
> in Sparkplug, and instead lets us use a bit of template magic to
> statically set up arguments for the calls. Any other users of statically
> known descriptors will also benefit, thanks to C++ picking the static
> methods over the dynamic methods on the base class when available.
>
> Because we can remove various virtual functions and trigger heavier
> inlining of constantly known values, binary size slightly decreases with
> this change.
>
> Note that torque-generated descriptors are changed to use the same magic,
> rather than having Torque-specific magic, for consistency.
>
> Bug: v8:11420
> Change-Id: Icc5e238b6313a08734feb564204a13226b450c22
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814518
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73996}

Bug: v8:11420
Change-Id: Ie5469c9253fc140590ac30b72db6eb1d93f86806
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831485
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74000}
2021-04-16 13:49:15 +00:00
Maya Lekova
6124a534b2 [fastcall] Add support for leaf interface type checks
This CL adds an IsTemplateForApiObject method to FunctionTemplate
allowing the embedder to check whether a given API object was
instantiated by this template without including parent templates
in the search. It also replaces the v8::ApiObject in the fast API
with a raw v8::Value pointer to allow use of standard C++ casts.

Bug: chromium:1052746
Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73999}
2021-04-16 13:48:07 +00:00
Maya Lekova
45e24fd6d9 Revert "[heap] Do not scan main thread handles when starting marking"
This reverts commit dcd91455fd.

Reason for revert: Breaks TSAN no-concurrent-marking - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3341/overview

Original change's description:
> [heap] Do not scan main thread handles when starting marking
>
> We do not need to scan main thread handles when starting incremental
> marking. This reduces the time to start incremental marking.
>
> Bug: v8:11645
> Change-Id: Ib99a13e7875f50fbfe5346ac0e186d8960ea1337
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826124
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73994}

Bug: v8:11645
Change-Id: I5e2325ef326b79b1807b52384cc5473d126ca6cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831482
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73997}
2021-04-16 13:21:24 +00:00
Leszek Swirski
ae0752df1b [codegen] Add static interface descriptors
Add a new CRTP StaticCallInterfaceDescriptor class, which provides
static constexpr getters for a descriptor's registers, parameter counts,
and so on. Each CallInterfaceDescriptor subclass is changed to extend
StaticCallInterfaceDescriptor, with StaticCallInterfaceDescriptor itself
extending CallInterfaceDescriptor to still provide a dynamic lookup
where needed.

StaticCallInterfaceDescriptor provides a couple of customisation points,
where it reads its CRTP derived descriptor's static fields and
functions, with default fallbacks where appropriate. With these
customisation points, the definition of CallInterfaceDescriptor
subclasses is simplified to:

    a) Providing parameter names (as before)
    b) Providing parameter types (as before)
    c) Optionally setting flags (like kNoContext or kAllowVarArgs) as
       static booleans on the class.
    d) Optionally providing a `registers()` method that returns a
       std::array<Register, N> of registers that may be used for
       parameters (if not provided, this defaults to the implementation
       specific default register set).

Parameter registers (and register count) are automagically set based on
the number of parameters and number of given registers, with extra magic
to ignore no_reg registers (to reduce ia32 special casing). The
CallInterfaceDescriptorData is initialized based on these static
functions, rather than manual per-descriptor initializers.

This allows us to skip loading descriptors dynamically for CallBuiltin
in Sparkplug, and instead lets us use a bit of template magic to
statically set up arguments for the calls. Any other users of statically
known descriptors will also benefit, thanks to C++ picking the static
methods over the dynamic methods on the base class when available.

Because we can remove various virtual functions and trigger heavier
inlining of constantly known values, binary size slightly decreases with
this change.

Note that torque-generated descriptors are changed to use the same magic,
rather than having Torque-specific magic, for consistency.

Bug: v8:11420
Change-Id: Icc5e238b6313a08734feb564204a13226b450c22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814518
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73996}
2021-04-16 13:20:14 +00:00
Dominik Inführ
dcd91455fd [heap] Do not scan main thread handles when starting marking
We do not need to scan main thread handles when starting incremental
marking. This reduces the time to start incremental marking.

Bug: v8:11645
Change-Id: Ib99a13e7875f50fbfe5346ac0e186d8960ea1337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826124
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73994}
2021-04-16 11:57:24 +00:00
Camillo Bruni
c685df3226 Reland "[api] Add v8::Isolate::ThrowError helper"
- This is a reland of d435eaa5e4
- Fix vtunedomain

Original change's description:
> [api] Add v8::Isolate::ThrowError helper
>
> Add a ThrowError helper to encourage throwing full Error objects
> instead of just v8::Strings.
>
> Bug: v8:11195
> Change-Id: I15d75b1d39b817de3b9026a836b57a70d7c16a28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811738
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73958}

Bug: v8:11195
Change-Id: I3cffaa4f122d74705476c3f8791b549f85d8c87b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826534
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73993}
2021-04-16 11:48:05 +00:00
Leszek Swirski
729fbf180a [test] test-js-to-wasm/* is flaky on stress-concurrent-inlining
Bug: v8:11650
Change-Id: Ice830eda80e81faf920c73214f7cd8f4230af6d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2831472
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73989}
2021-04-16 09:13:04 +00:00
Mike Stanton
d75813657d [compiler] Don't migrate boilerplates during TurboFan compile.
Instead, bail out of inline literal creation if a deprecated map is
found. This makes it easier to compile on the background thread.

Bug: v8:7790
Change-Id: I87941938d4f13dcf49230cf246c33bf2f49897f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745134
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73988}
2021-04-16 09:00:44 +00:00
Arno Renevier
7f52e4f92d Heap Number encoding
- represent smis as fake heap numbers
- numbers nodes (both smi and heap numbers) reference a child node whose
  name is "value" and whose entry is the string representation of that
  number

That feature is disabled by default, and can be enabled by passing
captureNumericValue: true when calling HeapProfiler.takeHeapSnapshot

This patch slightly refactors some functions that operate on "essential
objects". We now check that the object is essential before trying to
create the entry. Otherwise, we would end up with smi objects created,
but not referenced anywhere.

Design doc:
https://docs.google.com/document/d/1Qh1zxyn0SS5wzJzitD6ecBJTdFbQkJogSMwxDRsn44o/edit

Change-Id: Ibbe6e79a54c4f9eace72bc0a0ccb622a97698e00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806747
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Arnaud Renevier <arenevier@fb.com>
Cr-Commit-Position: refs/heads/master@{#73985}
2021-04-16 02:29:06 +00:00
Manos Koukoutos
05b385887e [wasm] Update br_table with the latest spec changes
The typing of br_table was relaxed in
https://github.com/WebAssembly/spec/pull/1305. Before, we had to compute
the greatest lower bound of all branch types and make sure that stack
values are subtypes of that type. Now, we have to check that the stack
values are subtypes of each individual branch. This makes a difference
only in polymorphic stacks, but greatly simplifies the code, especially
with the upcoming introduction of a much more complex type system in
wasm-gc.

Change-Id: I6e3b410cfe0e71a97623b3030b3575ef707c4900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2827897
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73982}
2021-04-15 16:55:45 +00:00
Omer Katz
ce23afa723 cppgc: 2nd batch of unittests from heap_test.cc
Drive-by: cleanup PersistentTest and MarkerTest

Bug: chromium:1056170
Change-Id: I85d674cda7d580e8cd7be807791ba883b0f7a111
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2827898
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73979}
2021-04-15 16:22:32 +00:00
Patrick Thier
af59290ffc [test] Force more flags for Sparkplug OSR Test
This test relies on non-concurrent optimizations to precisely test
transitions between the different tiers.

Disable flags that invalidate this test:
--no-always-opt to test transiation from Ignition to Sparkplug
--deopt-every-n-times=0 to test transition from Sparkplug to TF

Bug: v8:11656
Change-Id: I85047015d3f7cfdf00bddad59c9742d5d8f5d223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2827902
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73978}
2021-04-15 16:14:30 +00:00
Jakob Gruber
6a6ef5c86e [compiler] Fix more tsan issues
- Allow pass/fail for all test-heap/LeakNativeContextVia* tests in
stress_concurrent_inlining mode.
- Don't capture stack locations in lambdas passed between threads.

Bug: v8:7790,v8:11650
Change-Id: I6c23b527d5f96f2f4b2354d16f39d832dea17e71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2827895
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73974}
2021-04-15 12:19:10 +00:00
Manos Koukoutos
e1cae86eba [wasm-gc] Implement function subtyping
Changes:
- Implement function subtyping in wasm-subtyping.cc.
- Add Signature::Build(), which takes initializer lists for the return
  and parameter types.
- Only throw kTrapFuncSigMismatch in call_indirect, change that trap's
  message.
- Add a missing "return 0" in function-body-decoder-impl.h
- Fix a faulty check in wasm-objects.cc.
- Improve some comments.
- Write tests. Improve readability of subtyping-unittest.

Bug: v8:7748
Change-Id: I1caba09d5bd01cfd4d6125f300cd9c16af7aba99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2822633
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73972}
2021-04-15 11:01:05 +00:00
Leszek Swirski
0add53a789 [test] test-js-to-wasm/* is flaky on stress-concurrent-inlining
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11650
Change-Id: I12857a479f95f8c60a921118cf68f7f88a81a822
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826537
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73971}
2021-04-15 11:00:01 +00:00
Jakob Gruber
09e0ad9a74 [compiler] Fix more concurrency issues exposed by tsan
- FLAG_turbo_inline_js_wasm_calls data race
- Map::instance_descriptors non-atomic concurrent loads
- Skip one more cctest incompatible with stress_concurrent_inlining

Bug: v8:7790,v8:11648,v8:11651
Change-Id: Ie4833373a1da34497f4cfe129254071d8a5772dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2827891
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73970}
2021-04-15 10:16:09 +00:00
Jakob Gruber
5ecb5bd978 [nci] Remove more NCI-specific logic
Some logic still remains, notably in compiler/.

Bug: v8:8888
Change-Id: I7e7f10a487e1bc8b90bbbfedbc46bf09bae0717e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2825589
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73969}
2021-04-15 09:01:49 +00:00
Jakob Gruber
75c5d82be6 [compiler] Spawn concurrent jobs for --stress-concurrent-inlining
.. to increase coverage of concurrent inlining, at least in this stress
mode. The common pattern in mjsunit tests is to call
`%OptimizeFunctionOnNextCall(f)` for interesting function `f`. This
explicitly triggers non-concurrent compilation, significantly decreasing
relevant coverage of concurrent inlining.

This CL recovers coverage by spawning an additional concurrent compile
job when 1. --stress-concurrent-inlining is enabled, and 2. the
requested compile mode is non-concurrent. The result of these
additional jobs is discarded.

Drive-by: Fix two simple uncovered issues.

Bug: v8:7790,v8:11513,v8:11648
Change-Id: If1e8ca5ba737e3cecdec9e15e4a86b28fe9fb2de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2824440
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73967}
2021-04-15 06:31:36 +00:00
Ng Zhi An
add293e80e [x64][ia32] Move more AVX_OP into SharedTurboAssembler
Bug: v8:11589
Change-Id: I30dbdbc6266d703ce697352780da1d543afbb457
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826711
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73965}
2021-04-14 23:46:56 +00:00
Milad Fa
cb491810aa cppgc: fix compilation error on gcc
The following error occurs without braces:

error: suggest explicit braces to avoid ambiguous 'else'.

Change-Id: Iae1af51dcaf8ab6b34fd9312f3133fbd395a653c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826234
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73963}
2021-04-14 18:05:25 +00:00
Shu-yu Guo
6ac4d69eef Ship the relative indexing method .at
The bricklink.com brickage has since been fixed upstream.

I2S with LGTMs:
https://groups.google.com/a/chromium.org/g/blink-dev/c/I8S78w7aFmE/m/qLHAcjhRCQAJ

Bug: v8:10961
Bug: chromium:1170196
Change-Id: I460e1080aee837bde0e9861d761f2e7dbc8fd6b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2824101
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73962}
2021-04-14 16:45:25 +00:00
Omer Katz
fef7dc0f95 cppgc: Migrate workload tests
Bug: chromium:1056170
Change-Id: I78844ed1921c5558a2c5ab6121208c1887fe8b3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826118
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73961}
2021-04-14 16:35:35 +00:00
Omer Katz
81b74a0fc7 cppgc: First batch of unittest from heap_test.cc
Migrating unittests from Blink that were not already covered by cppgc.

Bug: chromium:1056170
Change-Id: If31591c3f1e99562028087c2b818f5ceb8122ec9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821542
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73960}
2021-04-14 16:32:35 +00:00
Maya Lekova
f9506988bf Revert "[api] Add v8::Isolate::ThrowError helper"
This reverts commit d435eaa5e4.

Reason for revert: Breaks compilation on the vtunejit bot, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20vtunejit/41247/overview

Original change's description:
> [api] Add v8::Isolate::ThrowError helper
>
> Add a ThrowError helper to encourage throwing full Error objects
> instead of just v8::Strings.
>
> Bug: v8:11195
> Change-Id: I15d75b1d39b817de3b9026a836b57a70d7c16a28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811738
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73958}

Bug: v8:11195
Change-Id: I2773d8ca7d73e7952d274381e2e0a2e5733a83da
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826533
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73959}
2021-04-14 15:48:06 +00:00
Camillo Bruni
d435eaa5e4 [api] Add v8::Isolate::ThrowError helper
Add a ThrowError helper to encourage throwing full Error objects
instead of just v8::Strings.

Bug: v8:11195
Change-Id: I15d75b1d39b817de3b9026a836b57a70d7c16a28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811738
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73958}
2021-04-14 15:21:25 +00:00
Andreas Haas
ad973c025f [wasm] Update spec tests
R=manoskouk@chromium.org

Change-Id: Ia5ecd3fac9178f2f9519686e818f9025ae95086d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2824441
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73955}
2021-04-14 13:48:55 +00:00
Ulan Degenbaev
521ae93bf6 [api] Add v8::metrics::LongTaskStats for the LongTasks UKM
Bug: chromium:1173527
Change-Id: If918b739f137b9c09030104b909e7bd2d4cd5984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817616
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73953}
2021-04-14 12:56:34 +00:00
QiuJi
3124e59d6e [riscv64] Implementation of RiscvCmpZero ARCH OPCODE
Change-Id: I3828c6a854d09629784f481c76781003b4030993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814562
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#73952}
2021-04-14 12:54:34 +00:00
Sathya Gunasekaran
867cd0384b [api] Reland "Assign serial numbers when template infos are added to cache"
Instead of assigning serial numbers when the template infos are
created, this patch creates serial numbers only when they are added to
cache.

This way only the ones that are first instantiated are allocated the
fast template cache. Previously, various accessors and methods that
would almost never get instantiated got assigned to the fast template
cache.

Bug: v8:11284
Change-Id: I8f7578aa0dae48267bbc6303515114eb6e24c1c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2621081
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#73655}
TBR: ulan@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2825592
Cr-Commit-Position: refs/heads/master@{#73951}
2021-04-14 12:33:14 +00:00
Ng Zhi An
9d3f354527 [wasm-simd][ia32][x64] Fix swizzle with constant masks
We optimized swizzle with constant mask, but failed to actually swizzle
using the masks...

Bug: v8:10992
Change-Id: If655fdad1e17e92b62e8a2eaabbf1f8d82e4d5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2822951
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73943}
2021-04-13 22:49:36 +00:00
Ng Zhi An
3844a6bdcc [x64][ia32] Reconcile supported extensions
This is similar in spirit to https://crrev.com/c/2808621, which is to
ensure that no matter what combination of --[no-]enable-{extension} flag
is passed, we end up with a set of supported extensions that make sense.

The 2 rules are:

- If a newer extension is supported (SSE4_2), older extensions are
supported (SSE4_1, SSSE3, SSE3),
- If an older extension is not supported (SSE4_1), new extensions are
not supported (SSE4_2, AVX)

Tests have been added to both ia32 and x64 to check that we follow these
above 2 rules.

We change the ProbeImpl to have a reconciliation step to ensure that we
stick to the 2 rules.

E.g. if --enable-avx --no-enable-sse4-2, we will first set AVX to
supported, then in the second step, fix-up AVX to unsupported. In this
sense, the --no version of the flags take priority. This more accurately
follows the intention of the flags.

Bug: chromium:1195579
Change-Id: I0390f24de9d203fe6bbd4cc02a23771a1f052618
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818570
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73942}
2021-04-13 22:05:26 +00:00
Luis Fernando Pardo Sixtos
7cc6127b6a Fix for Issue 10782: Bug in semantics of ArraySetLength.
Added a comparison to throw a TypeError when the "enumerable"
field of the new descriptor doesn't match the one of the old descriptor.

Bug: v8:10782
Change-Id: I2f1acf215e597b85be5d29e22c006cbd79afcb47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818067
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73941}
2021-04-13 16:31:13 +00:00
Patrick Thier
5f49bbdf84 [test][sparkplug] Test Ignition -> Sparkplug OSR
- Add %BaselineOsr to manually trigger OSR to Baseline.
- Add flags to %GetOptimizationStatus to check if the topmost frame is
an Interpreter/Baseline frame.
- Add mjsunit test.

Bug: v8:11420
Change-Id: Id80421ad97ee719a67ef299cc700da9c44f23bae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814567
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73937}
2021-04-13 14:51:28 +00:00
Junliang Yan
7de9631d57 s390x: enable liftoff testing
Change-Id: I35c08f9d64210f0ddbedd2c394f59bc3cb5180fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821635
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73936}
2021-04-13 14:06:09 +00:00
Andreas Haas
9e76247ae8 [wasm][x64] Use the cmov instruction for WebAssembly's Select
R=thibaudm@chromium.org, jgruber@chromium.org

Bug: v8:10740
Change-Id: Iceb20f00f6f8505885856400a0c0228708ff3979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807610
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73933}
2021-04-13 10:37:08 +00:00
Maya Lekova
930f26549f [turbofan] Move large array allocation bailout earlier
The CanAllocateArray used to be executed during JSCreateLowering,
leading to bailouts when large arrays are passed as arguments to
an async function or a bound function. This meant that
JSCreateAsyncFunctionObject or JSCreateBoundFunction will reach
JSGenericLowering, where they are not lowered. This CL moves
the checks earlier in the pipeline during JSNativeContextSpecialization
and JSCallReducer respectively, so that those operators are not
created at all in such cases and we bail out to the runtime instead.

Bug: v8:11564
Change-Id: I232ce7d9378730ae0cc8690e52fde840a484e069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807609
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73928}
2021-04-13 06:48:57 +00:00
Manos Koukoutos
524f41db67 [wasm] Remove multivalue feature flag
Multivalue has been shipped for a while now, so it is time to remove
its experimental feature flag.

Additional change: Set kV8MaxWasmFunctionReturns to the old
kV8MaxWasmFunctionMultiReturns value.

Change-Id: I5c4d33b036e64a7221de17f0e97119bb0a036838
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817790
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73927}
2021-04-13 06:35:34 +00:00
Shu-yu Guo
153f2cea8b [ptr-cage] Deprecate Symbol::Description() in favor of Symbol::Description(isolate)
With a shared cage, there's no easy way to recover an Isolate from a
heap pointer. Symbol::Description relies on RO symbols' description slot
being uncompressed so a Handle could point to it. This isn't possible
with a shared cage without going through TLS to get an Isolate for
Handle construction, so deprecate the method in favor of one that takes
an Isolate directly.

Bug: v8:11460
Change-Id: I69b2b7d77f4c00d0f58954cd80e22cba5ff222e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802860
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73924}
2021-04-12 20:23:53 +00:00
Michael Lippautz
224b7f079c cppgc: Fix trace performance benchmark
Bug: v8:11635
Change-Id: I71c5542a503ca4b94fc3c8746e96fb0bc4e6c1f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2822628
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73922}
2021-04-12 19:31:33 +00:00
Thibaud Michaud
a04c6680e5 [wasm] Fix interpreter EH stack height bug
R=ahaas@chromium.org

Bug: chromium:1197408
Change-Id: I9a9ede5cf141cd7d19b67438465bcba35e2b87f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821543
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73918}
2021-04-12 18:00:33 +00:00
Andreas Haas
db0be02d69 [turbofan][arm64] The input count for selects is not fixed
The existing code assumes that the number of inputs is fixed to 4.
However, the fuzzer says that at least 5 inputs are also possible.
This CL makes the number of inputs more flexible.

CC=sam.parker@arm.com

Bug: chromium:1197393
Change-Id: I487ac96570b96f04b4d0a47065e7b383ba39016f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821435
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73917}
2021-04-12 17:55:23 +00:00
Shu-yu Guo
3ada6f2740 [ptr-cage] Introduce PtrComprCage
The pointer compression cage is the virtual memory reservation
that all compressed pointers fall within. This CL splits pointer
compression into two modes: a per-Isolate cage and a shared cage
among multiple Isolates.

When multiple Isolates are sharing a cage, they can decompress
each others' pointers and share the same virtual memory range.

Bug: v8:11460
Change-Id: I7b89b7413b8e7ca6b8b6faafd083dc387542a8b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783674
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73916}
2021-04-12 17:49:43 +00:00
Wenyu Zhao
5e0b94c4dc Allowing map word to be used for other state in GC header.
This CL adds features to pack/unpack map words.

Currently V8 cannot store extra metadata in object headers -- because V8
objects do not have a proper header, but only a map pointer at the start
of the object. To store per-object metadata like marking data, a side
table is required as the per-object metadata storage.

This CL enables V8 to use higher unused bits in a 64-bit map word as
per-object metadata storage. Map pointer stores come with an extra step
to encode the metadata into the pointer (we call it "map packing").
Map pointer loads will also remove the metadata bits as well (we call it
"map packing").

Since the map word is no longer a valid pointer after packing, we also
change the tag of the packed map word to make it looks like a Smi. This
helps various GC and barrier code to correctly skip them instead of
blindly dereferencing this invalid pointer.

A ninja flag `v8_enable_map_packing` is provided to turn this
map-packing feature on and off. It is disabled by default.

* Only works on x64 platform, with `v8_enable_pointer_compression`
  set to `false`

Bug: v8:11624
Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73915}
2021-04-12 17:34:13 +00:00
Camillo Bruni
e101c057af [logging] Add runtime-call-stats compile-time flag
Make runtime-call-stats a compile-time flag. Disabling RCS saves roughly
1MB binary size on 64bit systems and yields minor performance
improvements.

Bug: v8:11299
Change-Id: Ia1db75e330a665db5251b685c164b96857e38d2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799766
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73910}
2021-04-12 15:53:03 +00:00
Georg Neis
fd29e246f6 [compiler] Fix bug in RepresentationChanger::GetWord32RepresentationFor
We have to respect the TypeCheckKind.

Bug: chromium:1195777
Change-Id: If1eed719fef79b7c61d99c29ba869ddd7985c413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817791
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73909}
2021-04-12 15:02:33 +00:00
Mike Stanton
5636d54c15 [compiler] Handle Dead nodes in ShouldUseCallICFeedback
If a loop is removed in dead code elimination, we may have a dead node
in the control chain. This wasn't expected, and endless recursion could
result.

Bug: chromium:1196185
Change-Id: Id6d69d0eaed11b0c6158b5643d3433b11611af59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817792
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73906}
2021-04-12 12:47:43 +00:00
Maya Lekova
727c648994 [fastcall] Mark test as incompatible with deopt_fuzzer
This CL makes more assumptions in the fast-api-call mjsunit test
explicit and specifies --deopt-every-n-times=0 for it, as it relies
on particular optimization/deoptimization sequences. It also fixes an
inconsistency between the fast/slow path results.

Bug: v8:11620
Change-Id: I385949a04534cd1658236878875efa6622936bc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817607
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73905}
2021-04-12 12:27:43 +00:00
Georg Neis
02f84c745f [compiler][x64] Fix bug in InstructionSelector::ChangeInt32ToInt64
Bug: chromium:1196683
Change-Id: Ib4ea738b47b64edc81450583be4c80a41698c3d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820971
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73903}
2021-04-12 10:05:42 +00:00
Marja Hölttä
a5ce9ac6b1 [web snapshot] Deduplicate SFIs
The de-duplication happens when
1) we have a JSFunction for an outer function and a JSFunction for its
inner function in the snapshot and
2) we call the outer function again after deserializing

Expectation: the created JSFunction for the inner function uses the
SFI which was created when deserializing.

Bug: v8:11525
Change-Id: I80933514873e857452585317248fa34913d8d8e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794438
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73900}
2021-04-12 08:50:52 +00:00
Benedikt Meurer
b1f5eeabe5 Reland "[inspector] Report [[Prototype]] as internal property."
This is a reland of 2b94e5677f

Original change's description:
> [inspector] Report [[Prototype]] as internal property.
>
> Previously the inspector was trying to add a special `__proto__`
> property to every JSObject, which looked and behaved like a real
> data property on the object. But this is confusing to developers
> since `__proto__` is not a real data property, but usually an
> accessor property on the `Object.prototype`.
>
> Additionally all other internal properties are reported using the
> [[Name]] notation, with the [[Prototype]] having been the strange
> outlier.
>
> Drive-by-cleanup: Use an ArrayList to collect the name/value pairs
> inside Runtime::GetInternalProperties(), which makes this function
> more readable and easier to add things.
>
> Bug: chromuium:1162229
> Fixed: chromium:1197019
> Screenshot: https://imgur.com/a/b7TZ32s.png
> Change-Id: Ic4c1e35e2e65f90619fcc12bf3a72806cadb0794
> Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814565
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73881}

Bug: chromuium:1162229, chromium:1197019
Screenshot: https://imgur.com/a/b7TZ32s.png
Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
Change-Id: Ie1e2276b385b18a5f865fdae583d1ce0101157c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2820970
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73899}
2021-04-12 08:44:13 +00:00
Maya Lekova
89f42f9241 [fastcall] Re-enable test on gc_stress variant
This CL enables the fast-api-calls mjsunit test again on gc_stress
with a fix for --stress-flush-bytecode.

Change-Id: I3a65f8cb4ec319945319d533ed92241b14f624c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817604
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73895}
2021-04-12 07:10:00 +00:00
Yahan Lu
151ecb5757 [riscv64]Implement pc-relative builtin-to-builtin calls
Port pc-relative builtin-to-builtin calls.

Port: ccc068d5fd
Change-Id: I1d11dd1e77ca578f7714864e4e090493fa8bca0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814722
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#73894}
2021-04-12 07:01:20 +00:00
Michael Achenbach
0e2d3413ed Revert "[inspector] Report [[Prototype]] as internal property."
This reverts commit 2b94e5677f.

Reason for revert: Speculative based on layout test failures on
win and mac which could block the roll:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Win/5294
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Mac/4955

Original change's description:
> [inspector] Report [[Prototype]] as internal property.
>
> Previously the inspector was trying to add a special `__proto__`
> property to every JSObject, which looked and behaved like a real
> data property on the object. But this is confusing to developers
> since `__proto__` is not a real data property, but usually an
> accessor property on the `Object.prototype`.
>
> Additionally all other internal properties are reported using the
> [[Name]] notation, with the [[Prototype]] having been the strange
> outlier.
>
> Drive-by-cleanup: Use an ArrayList to collect the name/value pairs
> inside Runtime::GetInternalProperties(), which makes this function
> more readable and easier to add things.
>
> Bug: chromuium:1162229
> Fixed: chromium:1197019
> Screenshot: https://imgur.com/a/b7TZ32s.png
> Change-Id: Ic4c1e35e2e65f90619fcc12bf3a72806cadb0794
> Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814565
> Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73881}

Bug: chromuium:1162229
Change-Id: Ia893ad672eb370fa6fce7eddf2947bf8f6755831
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818386
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73886}
2021-04-09 21:43:10 +00:00
Michael Achenbach
b04f6a414d Revert "[wasm] Add CPU time metrics"
This reverts commit dcdaf42fa8.

Reason for revert: This has problems on mac-arm64:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/3591

Original change's description:
> [wasm] Add CPU time metrics
>
> This adds CPU time metrics to the WasmModuleDecoded (except for streaming),
> WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
> to provide this information as UKMs or UMAs.
>
> Bug: v8:11611
> Change-Id: I36818f5efbdcae2d3ed6f27c16db21f9d8440d98
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796952
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73882}

Bug: v8:11611
Change-Id: I1c82c3e4f19b3a486538fd62665669f6c5b98438
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818380
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73884}
2021-04-09 16:01:12 +00:00
Emanuel Ziegler
dcdaf42fa8 [wasm] Add CPU time metrics
This adds CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.

Bug: v8:11611
Change-Id: I36818f5efbdcae2d3ed6f27c16db21f9d8440d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796952
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73882}
2021-04-09 13:51:07 +00:00
Benedikt Meurer
2b94e5677f [inspector] Report [[Prototype]] as internal property.
Previously the inspector was trying to add a special `__proto__`
property to every JSObject, which looked and behaved like a real
data property on the object. But this is confusing to developers
since `__proto__` is not a real data property, but usually an
accessor property on the `Object.prototype`.

Additionally all other internal properties are reported using the
[[Name]] notation, with the [[Prototype]] having been the strange
outlier.

Drive-by-cleanup: Use an ArrayList to collect the name/value pairs
inside Runtime::GetInternalProperties(), which makes this function
more readable and easier to add things.

Bug: chromuium:1162229
Fixed: chromium:1197019
Screenshot: https://imgur.com/a/b7TZ32s.png
Change-Id: Ic4c1e35e2e65f90619fcc12bf3a72806cadb0794
Doc: http://doc/1Xetnc9s6r0yy4LnPbqeCwsnsOtBlvJsV4OCdXMZ1wCM
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814565
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73881}
2021-04-09 12:30:13 +00:00
Michael Lippautz
d12bf3459e Reland "cppgc: Add tests for in-construction during ctor"
This is a reland of 62ff82e44b

Original change's description:
> cppgc: Add tests for in-construction during ctor
>
> Adds explicit tests that check that an object is marked as in
> construction while running the constructor.
>
> Bug: chromium:1056170
> Change-Id: I7f7340832e1bc31cec98784c261ed86deb402e72
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811238
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73869}

Bug: chromium:1056170
Change-Id: I38c8579dc2ed437f2ad530bd552b5ef037ba8621
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2817603
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73880}
2021-04-09 12:18:03 +00:00
Benedikt Meurer
cad99884fb [inspector][wasm] Stop relying on //# sourceURL annotation.
These tests unnecessarily rely on the `//# sourceURL` annotation. This
is preparatory work to eventually move the treatment of `sourceURL` to
the DevTools front-end.

Bug: chromium:1183990
Change-Id: I934eb1580f503b7b9f8d97c250b7c798bc67e268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814568
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73878}
2021-04-09 09:43:53 +00:00
Maya Lekova
a3c143f4f8 [test] Skip mjsunit test that depends on GC timing
This CL temporarily skips the fast-api-calls mjsunit test, as it
fails on GC stress bots for unrelated CLs (see
https://chromium-review.googlesource.com/c/v8/v8/+/2814740).

Change-Id: I884827a0a5fb030d676f9ded738f644cd4086ec6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814564
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73877}
2021-04-09 08:21:03 +00:00
Shu-yu Guo
14e52207d8 [ptr-cage] Rename kPointerCageBaseRegister to kPtrComprCageBaseRegister
For consistency with the PtrComprCageBase struct and the upcoming
PtrComprCage.

Bug: v8:11460
Change-Id: I2e393331c36481ee911edeaf9fb3ff971cfdba83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787701
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73874}
2021-04-09 02:24:23 +00:00
Yahan Lu
5c27726778 [riscv64]port sparkplug and Implement catch with immediate
Port: 3e689a7da6

Bug: v8:11421

Change-Id: I733a68d8ce6d4cbc11a63e82ccb6bd951f5e5870
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2763963
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#73873}
2021-04-09 02:00:03 +00:00
Antoine du Hamel
d59db06bf5 [weakrefs] Remove --no-harmony-weak-refs flag
Bug: v8:8179
Change-Id: I7f699073807d1874d0c10a4f1641de6bfb0efe6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2741582
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73871}
2021-04-08 23:10:53 +00:00
Francis McCabe
67a52e8215 Revert "cppgc: Add tests for in-construction during ctor"
This reverts commit 62ff82e44b.

Reason for revert: compilation failure: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/b8850484852067442832/overview

Original change's description:
> cppgc: Add tests for in-construction during ctor
>
> Adds explicit tests that check that an object is marked as in
> construction while running the constructor.
>
> Bug: chromium:1056170
> Change-Id: I7f7340832e1bc31cec98784c261ed86deb402e72
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811238
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73869}

Bug: chromium:1056170
Change-Id: If9e75ab6da3762553e8e34e851cbf1120cd49925
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2816100
Auto-Submit: Francis McCabe <fgm@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73870}
2021-04-08 21:41:16 +00:00
Michael Lippautz
62ff82e44b cppgc: Add tests for in-construction during ctor
Adds explicit tests that check that an object is marked as in
construction while running the constructor.

Bug: chromium:1056170
Change-Id: I7f7340832e1bc31cec98784c261ed86deb402e72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811238
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73869}
2021-04-08 21:21:33 +00:00
Michael Achenbach
4a17cc7c63 Revert "[api] JSFunction PromiseHook for v8::Context"
This reverts commit d5457f5fb7.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/32999

Original change's description:
> [api] JSFunction PromiseHook for v8::Context
>
> This will enable Node.js to get much better performance from async_hooks
> as currently PromiseHook delegates to C++ for the hook function and then
> Node.js delegates it right back to JavaScript, introducing several
> unnecessary barrier hops in code that gets called very, very frequently
> in modern, promise-heavy applications.
>
> This API mirrors the form of the original C++ function based PromiseHook
> API, however it is intentionally separate to allow it to use JSFunctions
> triggered within generated code to, as much as possible, avoid entering
> runtime functions entirely.
>
> Because PromiseHook has internal use also, beyond just the Node.js use,
> I have opted to leave the existing API intact and keep this separate to
> avoid conflicting with any possible behaviour expectations of other API
> users.
>
> The design ideas for this new API stemmed from discussion with some V8
> team members at a previous Node.js Diagnostics Summit hosted by Google
> in Munich, and the relevant documentation of the discussion can be found
> here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e
>
> A summary of the reasons for why this new design is important can be
> found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing
>
> Bug: v8:11025
> Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73858}

Bug: v8:11025
Change-Id: Ie7345c4505f39c973f9f0dbca745b591cff63f3f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814740
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73862}
2021-04-08 15:48:16 +00:00
Clemens Backes
43b8f03d2b [wasm][test] Fix memory64 test
There are fives bytes total which are expected to be different from
zero. We were only handling one of them when checking random positions
in the array. This was leading to random failures.

R=manoskouk@chromium.org

Bug: v8:11621
Change-Id: Iac231d8b35fcbfbbc837c8e9134401cb8a2519ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810783
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73860}
2021-04-08 10:29:47 +00:00
Stephen Belanger
d5457f5fb7 [api] JSFunction PromiseHook for v8::Context
This will enable Node.js to get much better performance from async_hooks
as currently PromiseHook delegates to C++ for the hook function and then
Node.js delegates it right back to JavaScript, introducing several
unnecessary barrier hops in code that gets called very, very frequently
in modern, promise-heavy applications.

This API mirrors the form of the original C++ function based PromiseHook
API, however it is intentionally separate to allow it to use JSFunctions
triggered within generated code to, as much as possible, avoid entering
runtime functions entirely.

Because PromiseHook has internal use also, beyond just the Node.js use,
I have opted to leave the existing API intact and keep this separate to
avoid conflicting with any possible behaviour expectations of other API
users.

The design ideas for this new API stemmed from discussion with some V8
team members at a previous Node.js Diagnostics Summit hosted by Google
in Munich, and the relevant documentation of the discussion can be found
here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e

A summary of the reasons for why this new design is important can be
found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing

Bug: v8:11025
Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73858}
2021-04-08 10:19:07 +00:00
Thibaud Michaud
b377f67f38 [unittests] Update PlatformUsesGuardPages test status
The test doesn't fail anymore after it was updated to check platforms
with page size > 4096:

402806e87f
("[cppgc][unittests] Only expect guard pages support on 4k platforms.")

R=jkummerow@chromium.org

Bug: v8:11587
Change-Id: I6be93e9561b9db0d0f948c5e12fea6a067eb0a76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2813538
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73857}
2021-04-08 10:14:27 +00:00
Victor Gomes
533cc5125a [Error.cause] Implement error cause tc39 proposal
https://github.com/tc39/proposal-error-cause

Bug: chromium:1192162
Change-Id: If6e2d1f105bb520104bb832ccbc7f660bb8115a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784681
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73855}
2021-04-08 10:05:17 +00:00
Michael Lippautz
143e6a74d8 cppgc: Check for correct base class inheritance
The only valid way to define a GCed type T is by inheriting from
GarbageCollected<T>. Since this is prone to typos (see tests), add a
simple check that covers most interesting use cases.

The static assert covers
  A -> B -> GarbageCollected<C>

The static assert does not cover
 A -> B -> C -> GarbageCollected<B>

(In order to do so, we would need __direct_bases() support which is
not yet available for C++.)

Bug: pdfium:1670, chromium:1056170
Change-Id: I494de48992f8ba9a1f0f9daad60584d828717403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810415
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73854}
2021-04-08 09:23:57 +00:00
Maya Lekova
a19f41db62 [compiler] Make fast API test functions more robust
This CL adds handling of unexpected argument types to the functions
provided by d8.test.fast_c_api.

Bug: chromium:1196598
Change-Id: I7c62280f168817b73e89fdb7457ee9054b51a318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808948
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73852}
2021-04-08 07:09:37 +00:00
Jakob Gruber
efe39d2b74 Move Map::ReconfigureExistingProperty to MapUpdater
This is part of moving towards MapUpdater as the bottleneck for map
updates.

Drive-by: Move helpers.
Drive-by: Use a plain std::queue instead of a ZoneQueue in
UpdateFieldType.

Bug: v8:7790
Change-Id: Iff80a6e9bf3390a010305f7998d6f6dad2bce09f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807602
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73851}
2021-04-08 07:06:37 +00:00
Jakob Gruber
59e218c840 [regexp] Don't propagate lookaround eats_at_least to surroundings
Lookarounds rewind the position after matching, and thus don't play
well with eats_at_least (EAL). This CL disables EAL propagation from
lookarounds.

In the future we could be a bit smarter by skipping over lookarounds
instead of resetting to 0.

Bug: v8:11290
Change-Id: I935400a7f9cda96d9c5a80e412ba7d04de70a84f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808944
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73849}
2021-04-08 06:10:12 +00:00
Jakob Gruber
c977b65bb9 [regexp] Don't use eats_at_least for backwards loops
The eats_at_least (EAL) value is applied in forward-directions only.
Two reasons for that which are relevant to this CL:

- EAL's of neighboring nodes are combined additively, irrespective of
  their read_backward value.
- EatsAtLeastPropagator::VisitText uses the successor's
  eats_at_least_from_not_start value, which doesn't work properly for
  read_backwards successors (which may end at the start).

A symptom of this bug was that we applied an incorrect EAL of 255
starting at the initial 'x' of /x(?<=^x{4})/); for subject strings
shorter than 255 chars, this would result in an incorrect failure
result.

Bug: v8:11616
Change-Id: I4b2b1b78f0cea8f59e4beb1037ee46035d83c927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807596
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73848}
2021-04-08 06:09:07 +00:00
Deepti Gandluri
aa13c15f19 [wasm-simd] Remove ScalarLoweringForTesting
Bug: v8:11613
Change-Id: Ib1ad2dc7bb7235b5f8ef5068a5d3175556d1a65b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806547
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73841}
2021-04-07 18:07:06 +00:00
Etienne Pierre-doray
2df876ce59 [Jobs]: Delete item-parallel-job.
Now that all users are migrated to Jobs API.

Bug: chromium:1196703
Change-Id: Ic48cce441c1793b1b33f0fc3d6a60847f2eefb2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810156
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73838}
2021-04-07 15:59:16 +00:00
Benedikt Meurer
0d5f6a498c [inspector] Skip special __proto__ property if already present.
The inspector has some magic to add a special __proto__ property to
object value mirrors as long as the object itself has a [[Prototype]].
However it doesn't check whether the object already has a regular
property named __proto__ and thus confuses the front-end by sending two
properties with the same name.

Fixed: chromium:1193250
Change-Id: I75a1cd78ba94aeda4afedcc0f1e69b8dadb6673f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810784
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73836}
2021-04-07 14:56:56 +00:00
Thibaud Michaud
7a4cece4d6 [wasm][fuzzer] Fuzz Liftoff debug code paths
Add a flag similar to the tiering mask to choose between regular
baseline code or debug code in Liftoff.

R=clemensb@chromium.org

Bug: chromium:1183774
Change-Id: I0e87154e2e1cd57679ce0c57bb1e075a97691248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807603
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73833}
2021-04-07 14:29:16 +00:00
Maya Lekova
0c3b422051 [compiler] Fix fast_c_api test object constructor
This CL fixes the behaviour of the d8.test.fast_c_api constructor when
the global object has been modified by not allowing calls to it without
the `new` keyword.

Bug: chromium:1196597
Change-Id: I49b4a412d501f5c9adaa72b63beec1483ab4c449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808943
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73831}
2021-04-07 13:51:06 +00:00
Patrick Thier
59807ec552 Fix d8.test.verifySourcePositions
Add check, that passed argument is a HeapObject.

Bug: chromium:1196503
Change-Id: I23d951b5581781ad3c6867d81c765d13c329d3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808936
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73820}
2021-04-07 08:59:13 +00:00
Maya Lekova
6fda802284 [test] Skip incompatible test under deopt_fuzzer
This CL skips the fast-api-calls mjsunit test, as it relies
on particular optimization/deoptimization patterns.

Bug: v8:11620
Change-Id: I4c2fd3b1db8aff73935dd6525fd0ad3edc307dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808935
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73819}
2021-04-07 08:12:13 +00:00
Frank Tang
fb3a854eb7 Fix BestFitMatcher due to invalid locale id in ICU
Somehow we have no-NO-NY locale data in ICU and cause problem.

Bug: v8:11595
Change-Id: I68ba4c4c219bb3fbc88976f901a86219c44ea265
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782602
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73818}
2021-04-07 06:17:53 +00:00
Patrick Thier
69d706dc5f Allow only JSFunction/JSBoundFunction in d8.test.verifySourcePositions
Explicitly check for JSFunction or JSBoundFunction and throw if any other
JS type is passed to d8.test.verifySourcePositions.

Bug: chromium:1195717
Change-Id: Id65875526d5d6b3f720850d41d0a8192ec407035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807607
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73811}
2021-04-06 16:23:42 +00:00
Igor Sheludko
db2acd7a04 [const-tracking] Ensure map is updated before generalizing constness
... when reconfiguring property attributes.

Bug: chromium:1195331
Change-Id: I65a29f0ad303a603207376a283e943480c4b18d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807608
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73810}
2021-04-06 16:13:32 +00:00
Omer Katz
8a26290143 cppgc: Implement testing APIs
These are used by v8_wrapper/heap_test_utilities.* in Blink.
See crrev.com/c/2787126 for usage.

Bug: chromium:1056170
Change-Id: I329b1823f2ac21181a3536577ed72bee3d591347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786842
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73805}
2021-04-06 13:44:29 +00:00
Jakob Gruber
089218a87a Remove two ReconfigureX methods on Map
.. and inline them into callsites. These were thin wrappers around
MapUpdater methods.

This is part of moving towards MapUpdater as the bottleneck for map
updates.

Bug: v8:7790
Change-Id: Ie79ee063b83892d3c233581832361295aeb8e90f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807600
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73804}
2021-04-06 13:39:49 +00:00
Maya Lekova
7a17ddf4c0 Reland "[fastcall] Add fast API testing facilities to d8"
This is a reland of 9eba2d85f4.
The reland fixes a global state variable which was incompatible
with the --isolate flag in d8, which runs the same script in a
different isolate.

Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}

Bug: chromium:1052746
Change-Id: I33b265b97bf7c797eee7d4cce5066999358a8c66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2790174
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73801}
2021-04-06 11:26:09 +00:00
Michael Lippautz
ced669daf9 heap: Remove context disposal GCs
Full GCs on non-main-frame context disposals show up on real-world web
workloads and often cause missed frames. Remove and let the regular
scheduler take over these workloads.

Bug: chromium:1191325
Change-Id: Ib58419e4623c096321860db05c36ddf9c8e9f4e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773347
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73799}
2021-04-06 09:19:09 +00:00
Michael Achenbach
b19385f555 [foozzie] Suppress .caller access with correctness fuzzing
Bug: chromium:1042556, chromium:1186279
Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73798}
2021-04-06 08:49:38 +00:00
Chong Gu
1d92aabc3c [Fuchsia] Deprecate tests-with-exec.cmx from v8
Bug: chromium:1019938
Change-Id: I00fd990329887ca5d9b2aa7e992a7f5aa9df695b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2801170
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Chong Gu <chonggu@google.com>
Cr-Commit-Position: refs/heads/master@{#73786}
2021-04-02 15:04:11 +00:00
Milad Fa
0d87df40c2 PPC [simd]: enable simd on PowerPC 9 and above
This includes the simulator, PPC64 Linux (little endian)
and PPC64 AIX (Big endian) running on P9.

Also enable the related simd tests for PPC64.

Qfma opcodes are added to the selector as part of the enablement.

Change-Id: Idf2bf2eaa9cee489e7315031976bc412358b9868
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799942
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73782}
2021-04-01 19:43:14 +00:00
Ng Zhi An
7514db4b60 [wasm-simd][liftoff][x64][ia32] Fix i64x2.mul codegen
We are overwriting rhs when dst == rhs && dst != lhs. This is not a
problem on TurboFan because we specify unique registers and dst == lhs
in the instruction-selector.

The fix is to use the helper EmitSimdCommutativeBinOp, which will check
for dst == rhs (pmuludq is commutative).

Bug: v8:11612
Change-Id: I38c3a2b7f3c7bcf2d7e8faec1a67f0814d44ed20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2798527
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73780}
2021-04-01 17:22:24 +00:00
Ng Zhi An
ba5fafb05b Reland "[wasm-simd] Move test helpers into wasm-simd-utils"
This is a reland of 9a6567b482

The fix is to specialize float/double compare ops to fix msvc build.
On msvc builds, we were selecting the overloaded Equal/NotEqual (etc)
functions that takes float/double as arguments, but we intended to
refer to the function templates.

Original change's description:
> [wasm-simd] Move test helpers into wasm-simd-utils
>
> Move many test helpers into wasm-simd-utils. These helper functions can
> potentially be useful for relaxed-simd test in the future. I left behind
> simd specific test helpers, like load extend helpers, because those are
> for simd instructions.
>
> Bug: v8:11583,v8:11384
> Change-Id: Id9ed452b06eaf5c97a5dda174b53a37aede2a937
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783295
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73675}

Bug: v8:11583
Bug: v8:11384
Change-Id: Id8895900af2688aee8c67eb937acca12c2d65944
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2792668
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73779}
2021-04-01 16:57:24 +00:00
Jakob Gruber
232bf1ffe4 Clamp properly in the String.p.indexOf reduction
This fixes a bug introduced in crrev.com/c/2660995.
String.prototype.indexOf must clamp the `position` argument as per
step:

  7. Let start be the result of clamping pos between 0 and len.

Source: tc39.es/ecma262/#sec-string.prototype.indexof

Previously, this was done in the StringIndexOf builtin, but the recent
refactor changed builtin implementations to match the spec more
closely (i.e. to clamp in String.prototype.indexOf, not
StringIndexOf). This means we now have to clamp in
JSCallReducer::ReduceStringPrototypeIndexOf.

Tbr: neis@chromium.org
Bug: chromium:1194869
Change-Id: I5af8d41b50f4905453f03079e3ee6d46186536db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799359
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73772}
2021-04-01 13:03:24 +00:00
Jakob Gruber
c76bae7db6 Add a test variant for concurrent_inlining
.. and enable it on fyi bots. Skip one test in this variant due to
incompatible flags.

Bug: v8:7790
Change-Id: I5b8fdd8572435c6f4474c505464ff1a22c830757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73770}
2021-04-01 12:38:14 +00:00
Georg Neis
08a0d3bc9d [dict-proto][compiler] Gracefully deal with AccessorInfo property
Bug: v8:11604
Change-Id: Ic4aa3ae64aa9c9a60aceade9072a5ead1c894b7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2799356
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73767}
2021-04-01 11:57:34 +00:00
Clemens Backes
d3d01303a7 [test] Update comment on skipped test
That test is already slow on non-tsan bots, and we do not need TSan
coverage here. Thus keep it skipped, but update the comment.

R=mslekova@chromium.org

Fixed: v8:11610
No-Try: true
Change-Id: I1dedcc7b4d5736aca7c4cc0dc0526e4df7502440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797290
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73766}
2021-04-01 10:02:13 +00:00
Sam Parker
723cee9a7b [compiler][arm64] fabs(fsub(x, y)) to fabd(x, y)
Introduce two machine nodes for FABD and fold Float32/64 Abs,Sub
during instruction selection.

This gives ~1% speed improvement of the Bullet physics engine
compiled as wasm.

Change-Id: Ifd985538e6ebb280bc0eaf11b0ebfc687891cf91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786854
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#73765}
2021-04-01 09:57:33 +00:00
Leszek Swirski
03f2f68695 Reland "[string] Fix non-SeqStrings in IsEqualTo"
This is a reland of e70cbb83da

Moved the ConsString comparison logic out-of-line, both to make gcc
happy, and to reduce the size of the fast-path in IsEqualToImpl.

Original change's description:
> [string] Fix non-SeqStrings in IsEqualTo
>
> Bug: chromium:1193903
> Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73746}

Bug: chromium:1193903
Change-Id: Iae6f078853438427e86d3ac68bcfed0712a85bf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797288
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73763}
2021-04-01 09:00:44 +00:00
Marja Hölttä
0994019c6c [Atomics.waitAsync] Add a regression test
Bug: chromium:1194026
Change-Id: I3f92b6b36279cc71b97df20ce5a8b4c8ec2b6b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794436
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73760}
2021-03-31 23:45:53 +00:00
Bill Budge
76c6fd5e78 Revert "[string] Fix non-SeqStrings in IsEqualTo"
This reverts commit e70cbb83da.

Reason for revert: Breaks compile on gcc.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20gcc/11148

Original change's description:
> [string] Fix non-SeqStrings in IsEqualTo
>
> Bug: chromium:1193903
> Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73746}

Bug: chromium:1193903
Change-Id: If700cdc7cf8b50a9430d17489485769cb524efd5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2797539
Auto-Submit: Bill Budge <bbudge@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73749}
2021-03-31 16:51:07 +00:00
Junliang Yan
20a6b0e290 Fix stack overflow on regress-1067270.js
Change-Id: I530bd6fc7bf6db32e209b8d180ed1dc8254e6812
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794429
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73747}
2021-03-31 16:04:34 +00:00
Leszek Swirski
e70cbb83da [string] Fix non-SeqStrings in IsEqualTo
Bug: chromium:1193903
Change-Id: I80704dd3cba5754779432356b20bd3ea99630291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794426
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73746}
2021-03-31 15:22:35 +00:00
Frank Emrich
c9b4f3c4a7 [dict-proto] TF support for constants in dictionary mode protos, pt. 4
This CL is part of a  series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.

This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.

This particular CL modifies existing mjsunit tests whose assumptions
don't hold if v8_dict_property_const_tracking is enabled. This is
done by adding special handling for the case that
%IsDictPropertyConstTrackingEnabled() holds.

Bug: v8:11248
Change-Id: Ia36be73e4659a988b2471f0c8151b0442f3a98f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780292
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73745}
2021-03-31 14:53:45 +00:00
Igor Sheludko
4cd6ad9ef2 Reland "[dict-proto] SIMD support for SwissNameDictionary in Torque"
This is a reland of 856e8577e3
The diff compared to the first attempt is that the tests that
require SSSE3/AVX are not run when these CPU features are not
available.

Original change's description:
> [dict-proto] SIMD support for SwissNameDictionary in Torque
>
> This CL adds a Torque-counterpart for swiss_table::GroupSse2Impl in
> Torque. This allows the Torque version of SwissNameDictionary to use
> SSE for lookups, rather than needing to bailout to the runtime on
> x64/ia32.
>
> Bug: v8:11330
> Change-Id: I74e3f97c460a8b89031016967ec0e545265016a9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787485
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73727}

Bug: v8:11330
Cq-Include-Trybots: luci.v8.try:v8_linux_optional_rel_ng
Change-Id: Ibfa5ae5a39333778ea0d0406d5ea4ad683ad0dbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794431
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73740}
2021-03-31 13:01:34 +00:00
Leszek Swirski
4baf07a769 [sparkplug] Add scratch register for arm64
We didn't have enough scratch registers for a suspend generator
whose field write offsets exceeded the immediate value range.

Bug: v8:11420, chromium:1193493
Change-Id: Iee90db4ef1ec00924bcc4791a8e6ffb9138bb388
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794424
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73739}
2021-03-31 12:41:04 +00:00
Maya Lekova
e5b93c8686 [test] Skip flaky inspector test on TSAN
Skip debugger/wasm-inspect-many-registers which started failing
recently on TSAN, until it's investigated further.

Bug: v8:11610
Change-Id: Iaf2115d7cfbe82df279b3c4417c1ccd99a50b3b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796951
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73738}
2021-03-31 12:15:05 +00:00
Leszek Swirski
f0696b4ce9 [cache] Remove native context params from script cache
Remove the requirement to pass the native context into the script cache,
simple to be able to access the empty function. Instead, for script
cache keys, use Smi::zero() in the 'owner function' slot.

This allows CompileUnboundScript to be called outside of a Context
scope.

Change-Id: I9b4fe6dd43f14944728664f7203b748ced750e76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794440
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73737}
2021-03-31 11:50:29 +00:00
Maya Lekova
3f8aa89e1e Revert "[ic] Add a new MegaDOM IC"
This reverts commit c83c9590ba.

Reason for revert: Speculatively reverting for a failure on Arm GC stress bot - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20GC%20Stress/b8851256837192083520/overview

Original change's description:
> [ic] Add a new MegaDOM IC
>
> This patch implements the MegaDOM IC setup and access. A new MegaDOM
> IC state indicates that we've seen only DOM accessors at this access
> site.
>
> This CL only adds support for DOM getters in LoadIC, other kinds of
> access will be added in follow on CLs.
>
> Still remaining TODO before shipping:
> 1. Have a mechanism to invalidate the protector
> 2. Have a mechanism to find the accessors that aren't overloaded
> 3. Use a new builtin to miss to runtime on access check failure
>
> Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
> Bug: v8:11321
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73733}

Bug: v8:11321
Change-Id: Ib6a55796f2a3c345d4923f9eaa215a6ff55ed15b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794437
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73734}
2021-03-31 09:29:15 +00:00
Sathya Gunasekaran
c83c9590ba [ic] Add a new MegaDOM IC
This patch implements the MegaDOM IC setup and access. A new MegaDOM
IC state indicates that we've seen only DOM accessors at this access
site.

This CL only adds support for DOM getters in LoadIC, other kinds of
access will be added in follow on CLs.

Still remaining TODO before shipping:
1. Have a mechanism to invalidate the protector
2. Have a mechanism to find the accessors that aren't overloaded
3. Use a new builtin to miss to runtime on access check failure

Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
Bug: v8:11321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73733}
2021-03-31 08:42:42 +00:00
Adam Klein
6f766cdd95 [test] Widen regress-9017 skipping to all tsan configs
Bug: v8:9337
Change-Id: Ic9b1072007ed19435b8ea669bee7c07c7eef8e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2795274
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73731}
2021-03-30 23:19:27 +00:00
Manos Koukoutos
c9063b7e86 [wasm-gc] Fix and extend JS roundtrip for gc types
Changes:
- Wrap eqref and i31ref objects in the temporary wasm object wrapper
  (in addition to dataref and anyref). Accept those types in
  IsJSCompatibleSignature().
- Handle null correctly in all cases (i.e., do not wrap/unwrap it).
- Improve some error messages.
- Handle kRttWithDepth in one case where it was omitted.
- Some small structure improvements.
- Add an extensive test.

Bug: v8:7748, v8:11606
Change-Id: Ie519f2c87421664dd02cf29fe94f9a9d7510bae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794422
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73725}
2021-03-30 16:09:22 +00:00
Thibaud Michaud
b3d18785b9 [wasm][liftoff] Fix debug side table indexing
Take locals into account when computing the stack index for the next
control. Also include unwind in the list of blocks that have an implicit
exception reference on the stack.

R=ahaas@chromium.org

Bug: chromium:1183774
Change-Id: I29c67d286f1ec5efa9f2f80e13d083d6eff5836e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794421
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73722}
2021-03-30 13:01:01 +00:00
Leszek Swirski
00afef3c7f [sparkplug/ia32] Fix argc clobbering
Fix the InstallBaselineCode path in the InterpreterEntryTrampoline to
restore the clobbered eax (i.e. argc) register.

Bug: v8:11420, chromium:1192459
Change-Id: I97ce5739cf22a08fbb46dbf372ab6276bb802440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791567
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73721}
2021-03-30 12:03:01 +00:00
Thibaud Michaud
948e51fb12 [wasm][eh] Make delegating to an unwind block invalid
The delegate instruction is only allowed inside the try section of a try
block.

R=ahaas@chromium.org

Bug: chromium:1193169
Change-Id: I71756b18903dc39e487721b401d18bc4e213cbff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791565
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73720}
2021-03-30 11:54:22 +00:00
Thibaud Michaud
11110c307c [wasm][fuzzer] Stack overflow is nondeterministic
Before the introduction of exception handling in the compile fuzzer,
stack overflows were deterministic because they always caused the whole
stack to be unwound.
With support for exception handling, the stack overflow exception can be
caught and is a source of nondeterminism. Flag the interpreter result as
such in this case so that we skip the correctness check.

R=ahaas@chromium.org

Bug: chromium:1193212
Change-Id: I7efd38df1b3c108c1c41997395c2b22ded2b4ad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791566
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73719}
2021-03-30 11:05:11 +00:00
Maya Lekova
fc6447c538 [test] Disable flaky compiler test on TSAN
The disabled regress-9017 test allocates too much memory and started
flakily failing on TSAN. CL that triggered the flake:
https://chromium-review.googlesource.com/c/v8/v8/+/2731528

Bug: v8:9337
Change-Id: Ia039e42a88c3665a9b9b4adc4a4b7c923afd5ba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791564
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73718}
2021-03-30 08:41:41 +00:00
Ng Zhi An
816c5f4b56 [wasm] Update spec tests and un-fail SIMD tests
Change-Id: I5a7619df5258665f015089986fbd679291d4f414
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791771
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73716}
2021-03-29 23:00:21 +00:00
Milad Fa
7c31d892bb [wasm-simd]: Move AIX sign patch into the utils header
After https://crrev.com/c/2773784, patch is also needed within
test-run-wasm-relaxed-simd.cc.

Change-Id: Id1efc905c52840eee7b382b90795574b889a7249
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2788408
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73713}
2021-03-29 20:52:55 +00:00
Milad Fa
53df30cd36 [unittest] Remove extra argument from IsLoadImmutable on BE
Change-Id: Ie79995eb81f2c69ad73757f74a5e4dbfb22b0481
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784003
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73708}
2021-03-29 12:56:45 +00:00
Dominik Inführ
28d5f133df [heap] Fix deadlock with concurrent allocation and blocked main thread
It could happen (e.g. with --stress-background-compile) that the main
thread blocks for a background thread but the background thread requests
a GC from the main thread. This would result in a deadlock. Avoid this
by parking the main thread for potentially blocking operations and allow
allocations while the main thread is parked.

This CL introduces new states for the main thread: CollectionRequested
and ParkedCollectionRequested. These states will force Safepoint(),
Park() and Unpark() on the main thread into slow paths. The slow path
can then perform a GC on the main thread - right before parking or after
the main thread got unparked.

Bug: v8:10315
Change-Id: If7ef31622d27320613139a0b7f79086fe3200f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2731528
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73707}
2021-03-29 12:29:25 +00:00
Frank Emrich
51140a4409 [dict-proto] Rename v8_dict_mode_prototypes flag
The build time flag v8_dict_mode_prototypes is ill-named, because it
does not control whether properties are kept in dictionary mode (this
is done by the v8_dict_property_const_tracking flag), but instead it
controls if SwissNameDictionary or NameDictionary is used as the
property backing store for all dictionary mode objects.

This CL renames the flag and updates its description.

Change-Id: If1337838d1b6d8f089c281a77d9ef7cfd4007220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786859
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73706}
2021-03-29 11:53:45 +00:00
Manos Koukoutos
3f1ed6991b [wasm-gc][liftoff] Fix array.get value register class
Bug: v8:7748, v8:11602
Change-Id: I007e80de0114cc651c8eb2ec825fc130a4b386c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2790175
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73704}
2021-03-29 10:22:45 +00:00
Thibaud Michaud
806f79e492 [wasm][liftoff][eh] Fix unreachable delegate
Don't switch to the catch state if it is never reached.
Also steal the catch state instead of splitting it since it cannot be
used after a delegate instruction.

R=ahaas@chromium.org

Bug: chromium:1192313
Change-Id: I3967ac81e066d2146c8aa37b26a35a99ba88bdf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787488
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73703}
2021-03-29 09:41:26 +00:00
Dominic Chen
b6df18ee9a [inspector][test] Do not join a task more than once
In inspector-task.cc, the frontend and backend runners are explicitly
joined before going out-of-scope. On POSIX platforms, calling
pthread_join() on a thread that has already been joined has undefined
behavior. For example, under the musl C runtime library, a successful
call to pthread_join() will unmap the pthread_t thread information
region, and calling pthread_join() again will result in SIGSEGV.

R=clemensb@chromium.org, szuend@chromium.org

Change-Id: Ifdf34ed190df4c722c135ef043a3df588973b984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2785905
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73699}
2021-03-29 06:55:14 +00:00
Ross McIlroy
950b281ffe [compiler] Inline 64bit immediates and RPO numbers in InstructionOperand
AddImmediate ends up pushing repeated immediates very often
unecessarily. Add support for Int64 immediates being inlined into
InstructionOperand if they fit into the payload (which is almost always
the case). Also add a seperate rpo_immediate vector for RPO numbers to
avoid having to add them to the immediates_ vector multiple times.
Ideally the RPO values would also be inlined, however JumpThreading
needs to patch RPO targets throughout the instruction stream, so we
need an indirection.

Change-Id: I75b1cdb05917f85d4f740a34c3720dd9cf0ee29c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782282
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73687}
2021-03-25 21:39:18 +00:00
Frank Emrich
5d27e6476f [dict-proto] CSA/Torque implementation of SwissNameDictionary, pt. 6
This CL enables proper testing for the CSA/Torque implementation of
SwissNameDictionary. This is done by changing the implementation of
test_swiss_hash_table::CSATestRunner.

This is the last CL of this series and concludes the CSA/Torque
implementation of SwissNameDictionary.

Bug: v8:11330
Change-Id: Ib46ef3a2c9ec9746591c2af94346be7d0382122b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786843
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73685}
2021-03-25 21:37:09 +00:00
Zhi An Ng
157f3e8918 Revert "[wasm-simd] Move test helpers into wasm-simd-utils"
This reverts commit 9a6567b482.

Reason for revert: MSVC compile failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/b8851762212188482624/steps?succeeded=true&debug=true

Original change's description:
> [wasm-simd] Move test helpers into wasm-simd-utils
>
> Move many test helpers into wasm-simd-utils. These helper functions can
> potentially be useful for relaxed-simd test in the future. I left behind
> simd specific test helpers, like load extend helpers, because those are
> for simd instructions.
>
> Bug: v8:11583,v8:11384
> Change-Id: Id9ed452b06eaf5c97a5dda174b53a37aede2a937
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783295
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73675}

Bug: v8:11583
Bug: v8:11384
Change-Id: I88bcefecd62c9b453d0f51ad9b9a912339b110eb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787239
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73683}
2021-03-25 19:43:06 +00:00
Ng Zhi An
d048799863 [wasm-simd] Remove scalar lowering tests
We already skip all tests on no-simd-sse builds, in effect not testing
scalar lowering. So, remove explicit tests for scalar lowering for all
other build configurations.

Cq-Include-Trybots: luci.v8.try:v8_linux_optional_rel_ng
Change-Id: I0aedad255236fa029e911bb9dc2dccab419791a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2728249
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73682}
2021-03-25 19:28:38 +00:00
Ng Zhi An
9a6567b482 [wasm-simd] Move test helpers into wasm-simd-utils
Move many test helpers into wasm-simd-utils. These helper functions can
potentially be useful for relaxed-simd test in the future. I left behind
simd specific test helpers, like load extend helpers, because those are
for simd instructions.

Bug: v8:11583,v8:11384
Change-Id: Id9ed452b06eaf5c97a5dda174b53a37aede2a937
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783295
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73675}
2021-03-25 17:55:23 +00:00
Zhi An Ng
71f1f0d489 Revert "[fastcall] Add fast API testing facilities to d8"
This reverts commit 9eba2d85f4.

Reason for revert: TSAN failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/14265/overview

Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}

Bug: chromium:1052746
Change-Id: Iaf5083540ddfe882a747eaa9d1d2a2a8b4ba0ec0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787081
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73673}
2021-03-25 17:29:05 +00:00
Andreas Haas
070159f3b9 [wasm] Install the exception constructor in InstallConditionalFeatures
When copying the setup of the WebAssembly.Exception constructor to
InstallConditionalFeatures, I forgot to copy some parts.

R=thibaudm@chromium.org

Bug: chromium:1191853
Change-Id: Iacba30b3356fc42b7d97f8c105ef91b776b95eb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786853
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73671}
2021-03-25 16:28:53 +00:00
Maya Lekova
9eba2d85f4 [fastcall] Add fast API testing facilities to d8
This CL provides the minimum necessary functionality to expose fast API
for testing in mjsunit, exposing the fast path for fuzzing. It exposes
a d8.test.fast_c_api with an `add_all` method, which exercises primitive
types. On x64, all integer and floating point types are supported. On
other platforms currently only 32-bit integers are included in the test.

Design doc:
https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/

Bug: chromium:1052746
Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73670}
2021-03-25 15:56:53 +00:00
Leszek Swirski
dba445c007 [sparkplug] Fix --always-sparkplug in tests
Disable or support --always-sparkplug in various tests that until now
were always expecting only bytecode.

Bug: v8:11420
Change-Id: Ida45041739fb55851aa493c51f1ed796aa1c0606
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786852
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73668}
2021-03-25 15:37:23 +00:00
Leszek Swirski
bb3794c711 [profiler] Fix reachability in eager logging test
Use a local context and compilation cache clearing to trigger code
deletion in ClearUnusedWithEagerLogging, rather than relying on bytecode
flushing. This allows the test to succeed with non-flushable
native-context-independent code, like Sparkplug baseline code.

Bug: v8:11420
Change-Id: Id6e3626b6245b4308d95aa3995a8fb2ee53684f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786851
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73663}
2021-03-25 14:13:43 +00:00
Michael Achenbach
5e39dac724 Revert "[api] Assign serial numbers when template infos are added to cache"
This reverts commit db16dce263.

Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/8771

Original change's description:
> [api] Assign serial numbers when template infos are added to cache
>
> Instead of assigning serial numbers when the template infos are
> created, this patch creates serial numbers only when they are added to
> cache.
>
> This way only the ones that are first instantiated are allocated the
> fast template cache. Previously, various accessors and methods that
> would almost never get instantiated got assigned to the fast template
> cache.
>
> Bug: v8:11284
> Change-Id: I6b633e56e59cbfc3fa5d4ee2db53ca2849eecdd7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2621081
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73655}

Bug: v8:11284
Change-Id: I382915b2c1be1d87d7a7a961d13e1dd5e3951a4f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786844
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73659}
2021-03-25 12:15:07 +00:00
Sam Parker
783b0e856e [wasm][compiler][arm64] Support floating point selects
Add Float32Select and Float64Select as OptionalOperators and insert
these, if supported, when handling a Select expression in the wasm
graph builder. FlagsContinuation have been modified to support the
select operation and code generation support has been added for arm64.

This improves the 'Bullet' physics benchmark by ~2-3%.

Change-Id: I928c3085c9136ad8baeeb34c71c47c1c8338844c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2763871
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73657}
2021-03-25 11:12:23 +00:00
Patrick Thier
e438ae2df3 Reland "Reland "[sparkplug][deoptimizer] Deoptimize to baseline.""
This is a reland of e3ccb53877

No changes for the reland.
This CL was speculatively reverted, but was not the cause of the problem.

TBR=jgruber@chromium.org

Original change's description:
> Reland "[sparkplug][deoptimizer] Deoptimize to baseline."
>
> This is a reland of bdcd7d79d3
>
> Handle lazy deopts when the current bytecode is JumpLoop.
> Instead of advancing to the next bytecode, re-execute the JumpLoop.
>
> TBR=jgruber@chromium.org, neis@chromium.org
>
> Original change's description:
> > [sparkplug][deoptimizer] Deoptimize to baseline.
> >
> > If we have baseline code, deoptimize to baseline instead of the
> > interpreter. The process is similar to deopting to the interpreter.
> > We just use different builtins
> > (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> > InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> > patch an interpreter frame to a baseline frame and continue execution in
> > baseline code (based on the deopt type, at the current or next
> > bytecode).
> >
> > Bug: v8:11420
> > Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#73609}
>
> Bug: v8:11420
> Change-Id: Ib8cac028121188ddc23ff29377760ed684eb7392
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783035
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73636}

Bug: v8:11420
Change-Id: I7fbbb73a4fdaeab8b294862ee6ae952928c57994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784695
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73656}
2021-03-25 09:48:43 +00:00
Sathya Gunasekaran
db16dce263 [api] Assign serial numbers when template infos are added to cache
Instead of assigning serial numbers when the template infos are
created, this patch creates serial numbers only when they are added to
cache.

This way only the ones that are first instantiated are allocated the
fast template cache. Previously, various accessors and methods that
would almost never get instantiated got assigned to the fast template
cache.

Bug: v8:11284
Change-Id: I6b633e56e59cbfc3fa5d4ee2db53ca2849eecdd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2621081
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73655}
2021-03-25 09:29:22 +00:00