Commit Graph

13847 Commits

Author SHA1 Message Date
Manos Koukoutos
c1e26cc722 [wasm] Do not emit loop exits in inlined functions
Loop exits are only used during loop unrolling and are then removed, as
they cannot be handled by later optimization stages. Since unrolling
comes before inlining in the compilation pipeline, we should not emit
loop exits in inlined functions.

Bug: v8:12166
Change-Id: I28b3ebaf67c9e15b127eeb1a63906c4ecfd77480
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195871
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77175}
2021-09-30 15:16:20 +00:00
Manos Koukoutos
2ae6cda1ee [wasm-gc] Skip array.copy if length == 0
Bug: v8:7748
Change-Id: Id6adc39af6818f5a37307f26cfe40de11a0ce3c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195872
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77169}
2021-09-30 13:23:11 +00:00
Marja Hölttä
db50b49128 [csa, torque, cleanup] Rename CSA_ASSERT to CSA_DCHECK
It's confusing that we have CSA_CHECK and CSA_ASSERT and it's not
clear from the names that the former works in release mode and the
latter only in debug mode.

Renaming CSA_ASSERT to CSA_DCHECK makes it clear what it does. So now
we have CSA_CHECK and CSA_DCHECK and they're not confusing.

This also renames assert() in Torque to dcheck().

Bug: v8:12244
Change-Id: I6f25d431ebc6eec7ebe326b6b8ad3a0ac5e9a108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190104
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77160}
2021-09-30 08:41:23 +00:00
Zhao Jiazhong
129ef0a16b [mips64][loong64][codegen] Sign-extend uint32 values to 64-bit
Due to MIPS64 ISA feature, 32-bit values should be sign-extended
in 64-bit registers, no matter it's signed or unsigned.

Besides, LoongArch64 also has this feature, and a similar change
has been made before loong64 port's land in V8. This CL also make
a small fix for loong64.

Change-Id: Ib284662931082365f727925af61781e3653debc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193595
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77154}
2021-09-30 07:53:06 +00:00
Jakob Gruber
77906a700c [regexp] Hide the generic JSRegExp::DataAt/SetDataAt accessors
.. and refactor js-regexp.h.

- Hide the generic DataAt/SetDataAt accessors and replace them by
  dedicated accessors. Use the common lower_case naming scheme for
  these.
- Shuffle around definitions in js-regexp.h s.t. they are in a
  meaningful order.
- Dedupe the source/flags accessors - these fields are stored both
  on the instance and on the data array. We keep only accessors for
  the instance. Previously, these were disambiguated through naming
  oddities (e.g. Pattern() returned data->source).

Change-Id: I3d53c8b095f0d59621ff779608438f7fa5e8c92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193534
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77138}
2021-09-29 11:37:41 +00:00
Ng Zhi An
043fb91b42 [cleanup] Make PropertyLocation a scoped enum
Bug: v8:12244
Change-Id: I7ea68dd74a376221631d7f56b4a012207f68a1ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182899
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77129}
2021-09-28 18:39:41 +00:00
Thibaud Michaud
37430ba3f8 [wasm] Move misplaced DCHECK in wasm interpreter
When handling the 'end' opcode, there was a confusion with the value of
"unreachable". This DCHECK assumes the value of "unreachable" before
closing the scope, but was placed after the value is potentially updated
to reflect the state after the 'end' opcode.

R=clemensb@chromium.org

Bug: chromium:1251845
Change-Id: Iea526e6485fa705f6ff4077f54a53204cc70a926
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3190102
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77116}
2021-09-28 13:08:49 +00:00
Lu Yahan
f4782ed4bb [riscv64] Uint32 sign extend into 64bit
The intent of the RISC-V ISA is that 32-bit C values are stored sign extended in registers, even for unsigned types.
So we skip cctest case RunLoadStoreZeroExtend64/RunUnalignedLoadStoreZeroExtend64 due to sign extend uint32

Change-Id: Icfe727916b1c04aad5681902ec4782cc98906964
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3184560
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77112}
2021-09-28 11:39:26 +00:00
Jakob Kummerow
d7fc0134ee [cleanup][test] Don't rely on __COUNTER__ in expectations
Several of the cctest/test-bytecode-generator/* tests used to rely
on the __COUNTER__ C++ compiler macro, which could cause spurious
test failures due to mismatched expectations when usages of that
macro were added or removed elsewhere in the code. This patch switches
to a custom, controllable static counter variable instead, to make
the tests' behaviors self-contained.

Bug: v8:12244
Change-Id: I4d875b6095e4ee4ef91933ab8c60c89054d1894a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186836
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77111}
2021-09-28 11:09:05 +00:00
Andreas Haas
e5595fb96e [cleanup] Remove variable shadowing in cctest/compiler/*
Bug: v8:12244
Change-Id: Ia99fac6e7001bb6bce12256d3fcce28e45222f7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182229
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77094}
2021-09-27 15:31:19 +00:00
Marja Hölttä
bd87901c10 [cleanup] Fix Wshadow warnings in cctests
Bug: v8:12244, v8:12245
Change-Id: I5745daaa18dba962b45a05d1064face610d05e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3185460
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77083}
2021-09-27 09:18:00 +00:00
jing.bao
dd1e168caf [x64] Implement 256-bit assembly for vroundps/pd, vpblendw, vpalignr
Bug: v8:12228
Change-Id: Ifd813e6bff92e6a08cc41eb8f5b1848abe849cd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178540
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/main@{#77070}
2021-09-26 02:01:18 +00:00
Ng Zhi An
4c8cc64ee7 [cleanup] Fix -Wshadow warnings in cctest/wasm
Drive-by clean-up to move ADD_CODE, which is defined the same way in
multiple files, into wasm-run-utils.h.

R=adamk@chromium.org

Bug: v8:12244
Change-Id: I61d54cf2c589c3f8b69950fba097d8754bb99c5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3183524
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77065}
2021-09-24 22:39:54 +00:00
Ng Zhi An
5f38cf00be [cleanup] Fix -Wshadow warnings in test-wasm-stack
R=adamk@chromium.org

Bug: v8:12244
Change-Id: Ie925797bda5de937afaf345e3115e18c14a9e06d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182882
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77061}
2021-09-24 19:59:04 +00:00
Ng Zhi An
7c2707ff3d [cleanup] Fix -Wshadow warnings in wasm-simd-utils
R=adamk@chromium.org

Bug: v8:12244
Change-Id: I7d4bde96822fc238a04c76b848f2c55e93375c3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182880
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77060}
2021-09-24 19:53:24 +00:00
Clemens Backes
156b240954 [wasm][test] Cleanup macros
Some macros are redundant or unused.
- WASM_RETURN1 is identical to WASM_RETURN.
- WASM_RETURNN has an unused {count} parameter, and is otherwise
  identical to WASM_RETURN.
- WASM_IFB is identical to WASM_IF.
- WASM_CASE and WASM_CASE_BR are unused.
- WASM_BR_TABLEV is unused.

R=thibaudm@chromium.org

Bug: v8:12244
Change-Id: Ie7be00351f2dfe38d6e84d80e157a85df37233a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178860
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77056}
2021-09-24 16:47:54 +00:00
Andreas Haas
58249ba601 [cleanup] Rename WasmCode::Kind::kFunction to kWasmFunction
Rename the enum value to avoid variable shadowing.

R=clemensb@chromium.org

Bug: v8:12244
Change-Id: I96a3bee7615b44692bb9edfedf82c6020a803d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181529
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77050}
2021-09-24 15:03:36 +00:00
Andreas Haas
8ee692da87 [cleanup] Rename NameSectionKindCode fields to avoid shadowing
NameSectionKindCode::kFunction got shadowed by
WasmCompilationResult::Kind::kFunction. NameSectionKindCode is not used
often, so this CL just adds "Code" to all fields of this enum.

R=clemensb@chromium.org

Bug: v8:12244
Change-Id: I87155a43084b868f6c118ddc2e44cb9c35b4249b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181535
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77049}
2021-09-24 14:38:47 +00:00
Ng Zhi An
7537e36efa [x64] Verify disassembly of SSE2 instructions
Bug: v8:12207
Change-Id: Ia553891986f0ef3fe6fb1c4350c3accc0e7bfc84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3180243
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77027}
2021-09-24 01:37:03 +00:00
Ng Zhi An
8e18e2809f [cleanup] Rename/rescope some shadowed variables
Bug: v8:12244
Change-Id: I5a85e109316b349545d2699a59200c167d261842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3180244
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77026}
2021-09-24 01:33:03 +00:00
Ng Zhi An
d90c9c1f65 [x64] Verify disassembly of SSE instructions
- create a helper class to set up Disassembler for testing
- add a helper macro to only compare disassembled instruction (ignore
the hex bytes), this is useful for comparing SSE instructions, whose
opcodes are defined in sse-instr.h, and use uppercase letters, but the
disassembly always uses lowercase
- emit and compare SSE instructions using macro list

Bug: v8:12207
Change-Id: I3580f5d756736cada4f7260efc4d90e2c894f43c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173906
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77021}
2021-09-23 18:51:03 +00:00
Jakob Gruber
bba7c09aad [regexp] Allow reentrant irregexp execution
.. by reusing the regexp stack from potentially multiple nested
irregexp activations.

To do this, we now maintain a stack pointer in RegExpStack. This stack
pointer is synchronized at all boundaries between generated irregexp
code and the outside world, i.e. when entering or returning from
irregexp code, and when calling into C functions such as GrowStack.

Fixed: v8:11382
Change-Id: I5ed27630c1a64ebf3afb9ddf80fb60ea067c0c40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162604
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77013}
2021-09-23 13:10:39 +00:00
Clemens Backes
c946ff8927 [liftoff] Optimize comparisons with constants
i32 comparisons often compare against constants, in order to implement
conditional branches. This CL optimizes such code by not loading the
constant into a register first, but directly emitting the comparison.
The code is shared for implementing {if} and {br_if} (and thereby makes
those two methods more readable).

R=thibaudm@chromium.org

Change-Id: I3f2f071a1c9e4b02c7368a2757bf4aae2920bd69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172765
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77008}
2021-09-23 08:59:29 +00:00
jing.bao
6dedc6e97d [x64] Implement 256-bit assembly for vpshufd/hw/lw
Bug: v8:12228
Change-Id: If771a7526f2567d68e676f069223ac16b7303884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3167036
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/main@{#77000}
2021-09-23 02:21:48 +00:00
Junliang Yan
f63f438789 ppc/s390: enable liftoff testing
Change-Id: I65c60a17c0f8fe19b49f0661b9d57b5a504abe07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168283
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76974}
2021-09-21 19:23:50 +00:00
Ng Zhi An
565e83ab2f [x64] Check expected disassembly output fpu instructions
We move some instructions from the test that just disassembles them, to
the test that checks for expected output.

Bug: v8:12207
Change-Id: Ide8954e36c6ad016150bfe45abc1717bed55eb19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171972
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76970}
2021-09-21 17:18:18 +00:00
Ng Zhi An
f7ac5a2978 [wasm-simd][liftoff] Fix i64x2.mul codegen bug
When dst != lhs, we moved lhs to dst, but dst can be == rhs, so we would
overwrite rhs, and end up comparing lhs with itself, always returning
false. We handle the different aliasing cases in the macro-assembler
function I64x2GtS, to simplify the checks in Liftoff a little bit.
TurboFan does not need to change as it will require dst == lhs when AVX
is not supported.

Bug: v8:12237
Change-Id: Icefa6eb79083c003e93dbbd11ccc419aae4b15d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169312
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76945}
2021-09-20 18:09:26 +00:00
Ng Zhi An
dd06c11ee0 [x64] Check expected disassembly output for some instructions
We move some instructions from the test that just disassembles them, to
the test that checks for expected output.

Bug: v8:12207
Change-Id: I913237427d795ed44539c7294ebbe69330c41dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163278
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76944}
2021-09-20 18:03:57 +00:00
Igor Sheludko
8efa70f076 [ext-code-space] Introduce managed-inl.h and global-handles-inl.h
... and move methods that use XXX::cast() there.
This will untangle the include cycle that'll happen in a follow-up CLs.

Bug: v8:11880
Change-Id: Iba46bc9b0e0df9530197f57d0469456eb9006e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164456
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76932}
2021-09-20 10:29:29 +00:00
Toon Verwaest
790e1dfe62 [snapshot] Don't create a fresh global in Context::New if no template was specified
This means we don't need to copy over properties, and accessors stay in
place similar to when we deserialize a custom snapshot.

This slightly changes the semantics of Context::New, so let's see
whether someone depends on this behaviour. We may need to revert if so
(hopefully until we can update the embedder).


Bug: v8:12113
Change-Id: I8325480a00bab5b2bb6ea42274e295b0d4dfc85c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162143
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76928}
2021-09-20 07:56:59 +00:00
Thibaud Michaud
159e440d4d [wasm][eh] Fix interpreter delegate in catch block
The recent change in the delegate semantics was incorrectly implemented
in the interpreter. It only checked that the first opcode of the target
block is a 'try': we also need to skip try blocks when we are already in
their 'catch' or 'catch_all' sub-block.
Use the exception_stack instead, since it already only contains indices
of try blocks that haven't reached their handlers yet.

R=clemensb@chromium.org

Bug: chromium:1249306
Change-Id: I15746b4bfabf3dcf04cfe0f2ad438c573cce65e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168622
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76919}
2021-09-17 18:20:13 +00:00
Ng Zhi An
71df28cb63 [x64] Optimize F64x2PromoteLowF32x4 with S128Load64Zero
When the input to F64x2PromoteLowF32x4 is a S128Load64Zero, we can skip
the load + promote, and promote directly with a memory operand. The
tricky bit here is that on systems that rely on OOB trap handling, the
load is not eliminatable, so we always visit the S128Load64Zero, even
though after instruction-selector pattern-matching, it is unused. We
mark it as defined to skip visiting it, only if we matched it.

Bug: v8:12189
Change-Id: I0a805a3fce65c56ec52082b3625e1712ea1ee7cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3154347
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76917}
2021-09-17 16:52:23 +00:00
Manos Koukoutos
b584f27372 [wasm-gc] Allow array.init in function bodies
Bug: v8:7748
Change-Id: Ic25e7be11cb1a06b160c1abe6d004a4c74b88b49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3167493
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76912}
2021-09-17 15:36:24 +00:00
Andreas Haas
3ef7527218 [wasm] Change default value of tables
The default value for table entries in WebAssembly tables is null when
the table gets allocated from WebAssembly, but when the table gets
allocated from JavaScript, the default value is undefined when the
table type is externref. With this CL V8 handles the JavaScript case
spec-compliant.

R=manoskouk@chromium.org

Bug: v8:12227
Change-Id: Ic8a1361629d8e5dfb59e2ee22a5e0ae0f6de936d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162045
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76892}
2021-09-17 06:30:08 +00:00
jiepan
a01a02fe13 [x64] Implement 256-bit assembly for vmovdqa/u
Previous 256-bit implementation supports register
to register move, this patch adds memory to/from
register support.

Bug: v8:12228
Change-Id: I3088bae47bacf13595c76506cdc016f01a31d8b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160296
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76891}
2021-09-17 05:21:05 +00:00
Milad Fa
ce29ee4405 [wasm-gc] skip test on ppc/s390 platforms
Liftoff needs to be fully implemented for running this test.

Change-Id: Ia229d478fa22d4ce9a715d13b3d2b09a2634ad1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163016
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76870}
2021-09-16 12:08:54 +00:00
Liu Yu
5833fb1165 [wasm-gc] skip test RefTrivialCastsStatic on no-simd platforms
This test is added in commit bc3b9332ac

Bug: v8:7748
Change-Id: I8bada39c6fc9ed22f7a25786697aed880738bc9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163286
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76868}
2021-09-16 11:57:53 +00:00
Jaroslav Sevcik
7994004493 [inspector] Use ephemeron table for exception metadata
EphemeronHashTable does not trigger interrupts when accessed
(as opposed to calling the WeakMapGet builtin), so it avoids
the use-after-free problem when reading exception metadata
triggers session disconnect while holding a reference
to the session.

Bug: chromium:1241860
Change-Id: I29264b04b8daf682e7c33a97faedf50e323d57c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158326
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76864}
2021-09-16 08:45:11 +00:00
Dominik Inführ
b8146576d6 Reland "[test] Avoid disabling of RCS during runtime"
This is a reland of 11045926ca

The first version of this CL uncovered a TSAN failure when not disabling
RCS anymore. The problem was that a background thread was still updating
RCS counters, while the main thread already dumped those values during
tear down. This CL fixes this by dumping counters only after all
background threads are stopped.

Original change's description:
> [test] Avoid disabling of RCS during runtime
>
> Test was flaky since disabling of RCS at runtime is unsafe. Some code
> (e.g. TRACE_GC) is run only in case RCS is enabled and such code paths
> might also DCHECK that RCS is enabled.
> A background thread (sweeping in this case) could've already
> entered such a code path right before RCS is disabled. In this case the
> guard at the entry still saw that RCS is enabled but subsequent DCHECKs
> that ensure that RCS is enabled might fail.
>
> We could fix this by completing the sweeper tasks before disabling RCS
> but there might be other similar tasks which might be run at that point
> in the future (e.g. memory unmapper).
>
> Disabling the flag doesn't even seem to be needed for the initial
> regression test, so it seems simpler to just not disable RCS anymore.
>
> Bug: v8:12026
> Change-Id: I878f7dd9a7a4abb6a501f7a7651a1240ef2082a6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162043
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76845}

Bug: v8:12026, v8:12234
Change-Id: I5cb577051d188d17b02ca7da79a3f1d9aa646cae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162050
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76859}
2021-09-16 06:05:51 +00:00
Ng Zhi An
f67ee467aa [disasm][x64] Remove unnecessary initialization code
These tests don't depend on initializing VM (for Context) or even an
isolate, so we can remove the setup code, and use UNINITIALIZED_TEST
(will not even set up an isolate).

Bug: v8:12207
Change-Id: I4b509b95cc8272db22892c32b53464678403dc7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160748
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76854}
2021-09-15 17:38:00 +00:00
Clemens Backes
9068522bc7 Revert "[arm64][wasm-simd] Use Cm(0) for integer comparison with 0"
This reverts commit 16df1dfa13.

Reason for revert: Multiple failures, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/43844/overview

Original change's description:
> [arm64][wasm-simd] Use Cm(0) for integer comparison with 0
>
> Use an immediate zero operand for integer comparison when possible. This
> gives ~1% runtime performance improvement in some benchmarks on Neoverse
> N1.
>
> Change-Id: I727a8104f8e6ca3d122d6b5b8b3d38d7bdd76c47
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158327
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/main@{#76847}

Tbr: zhin@chromium.org
Change-Id: I7039106d885c59aecad24dd8dda4d151b8e1f022
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162053
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76851}
2021-09-15 16:06:43 +00:00
Dominik Inführ
0feba98a5c Revert "[test] Avoid disabling of RCS during runtime"
This reverts commit 11045926ca.

Reason for revert: Uncovered TSAN failure

Original change's description:
> [test] Avoid disabling of RCS during runtime
>
> Test was flaky since disabling of RCS at runtime is unsafe. Some code
> (e.g. TRACE_GC) is run only in case RCS is enabled and such code paths
> might also DCHECK that RCS is enabled.
> A background thread (sweeping in this case) could've already
> entered such a code path right before RCS is disabled. In this case the
> guard at the entry still saw that RCS is enabled but subsequent DCHECKs
> that ensure that RCS is enabled might fail.
>
> We could fix this by completing the sweeper tasks before disabling RCS
> but there might be other similar tasks which might be run at that point
> in the future (e.g. memory unmapper).
>
> Disabling the flag doesn't even seem to be needed for the initial
> regression test, so it seems simpler to just not disable RCS anymore.
>
> Bug: v8:12026
> Change-Id: I878f7dd9a7a4abb6a501f7a7651a1240ef2082a6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162043
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76845}

Bug: v8:12026
Change-Id: I154817fc5ddeab68c69c745d08f3d77c48896dc4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162049
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76848}
2021-09-15 15:02:20 +00:00
Ilja Iskovs
16df1dfa13 [arm64][wasm-simd] Use Cm(0) for integer comparison with 0
Use an immediate zero operand for integer comparison when possible. This
gives ~1% runtime performance improvement in some benchmarks on Neoverse
N1.

Change-Id: I727a8104f8e6ca3d122d6b5b8b3d38d7bdd76c47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158327
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#76847}
2021-09-15 14:34:08 +00:00
Dominik Inführ
11045926ca [test] Avoid disabling of RCS during runtime
Test was flaky since disabling of RCS at runtime is unsafe. Some code
(e.g. TRACE_GC) is run only in case RCS is enabled and such code paths
might also DCHECK that RCS is enabled.
A background thread (sweeping in this case) could've already
entered such a code path right before RCS is disabled. In this case the
guard at the entry still saw that RCS is enabled but subsequent DCHECKs
that ensure that RCS is enabled might fail.

We could fix this by completing the sweeper tasks before disabling RCS
but there might be other similar tasks which might be run at that point
in the future (e.g. memory unmapper).

Disabling the flag doesn't even seem to be needed for the initial
regression test, so it seems simpler to just not disable RCS anymore.

Bug: v8:12026
Change-Id: I878f7dd9a7a4abb6a501f7a7651a1240ef2082a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162043
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76845}
2021-09-15 13:49:08 +00:00
Jakob Kummerow
bc3b9332ac [wasm-gc] Implement nominal types
Per https://github.com/WebAssembly/gc/issues/234, this implements
"nominal" type definitions with explicit supertypes, and statically
typed RTT-less instructions for allocation and testing/casting.
This should be fully backwards compatible with existing Wasm modules.

Spec: https://bit.ly/3cWcm6Q ("version 4")

Bug: v8:7748
Change-Id: Id5a1399b368fdfad22036cfd66f1bef593e640f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144916
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76844}
2021-09-15 13:43:39 +00:00
Ng Zhi An
ca817b0bb6 [x64] Add new disassembly tests that verifies output
Currently the main test for disassembly just checks that there is
disassembly support for a assembler function, it doesn't verify the
output is as expected.

Add a new test case that checks the disassembly output against an
expected string.

Right now we only check a single instruction, subsequent patches will
move more instructions into this test case.

Bug: v8:12207
Change-Id: Id183bb2fd625713d82239363ebce3f4c77155acd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3150145
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76828}
2021-09-14 20:41:29 +00:00
Frank Tang
1733097759 [Temporal] Preparation Refactor 2
Refactor generic option reading facility also used
by Temporal from intl-objects.* to option-util.*


See
https://tc39.es/proposal-temporal/#sec-getoptionsobject
https://tc39.es/proposal-temporal/#sec-getoptionsobject-deleted
https://tc39.es/ecma402/#sec-getoptionsobject

Bug: v8:11544
Change-Id: I8b27e8fa3515c1287217c2fbe225172fb8f69210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122501
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76824}
2021-09-14 19:47:18 +00:00
legendecas
89f36a1576 [builtins] DataView should throws on detached buffer
DataView constructor, DataView.prototype.byteLength
and DataView.prototype.byteOffset should throw
TypeError when the buffer was detached.

Both SpiderMonkey and JSC passed the test262 suites.

Bug: v8:12162
Change-Id: I126d24213c00e4d26540519bce9b5388862eb32c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140015
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76818}
2021-09-14 16:49:36 +00:00
Thibaud Michaud
9a4f353a87 Reland "[wasm] Add tests for NaN detection in Liftoff"
This is a reland of deb66c84c0

Added missing cctest.status entries to disable the tests on
non-simd hardware.

Original change's description:
> [wasm] Add tests for NaN detection in Liftoff
>
> Check that the flag is also set if only one of the lanes is NaN for SIMD
> operations.
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76801}

Bug: v8:11856
Change-Id: If45451703d80fe217eac8c610dac022dc778436f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158329
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76812}
2021-09-14 08:41:58 +00:00
Ng Zhi An
89d22866eb [ia32][x64] Share Absps/Abspd/Negps/Negpd implementation
Move this from macro-assembler-x64 to shared-macro-assembler, and use
this implementation for ia32 (TurboFan and Liftoff).

Bug: v8:11589
Change-Id: If851560c8db1293924ca024725609c399c553a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124099
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76803}
2021-09-13 18:34:30 +00:00
Clemens Backes
d23dfb904f Revert "[wasm] Add tests for NaN detection in Liftoff"
This reverts commit deb66c84c0.

Reason for revert: Fails in no-sse config: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/36712

Original change's description:
> [wasm] Add tests for NaN detection in Liftoff
>
> Check that the flag is also set if only one of the lanes is NaN for SIMD
> operations.
>
> R=​clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76801}

Bug: v8:11856
Change-Id: I16c50b3d0c1831a6d61159bdcf29610fd5aed8a4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158328
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76802}
2021-09-13 17:55:14 +00:00
Thibaud Michaud
deb66c84c0 [wasm] Add tests for NaN detection in Liftoff
Check that the flag is also set if only one of the lanes is NaN for SIMD
operations.

R=clemensb@chromium.org

Bug: v8:11856
Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76801}
2021-09-13 16:57:30 +00:00
Michael Lippautz
210987a552 heap: ArrayBufferSweeper refactoring
The refactoring is triggered by https://crrev.com/c/3121905 where we
noticed that a bunch of tricky counter paths could be simplified,
making reasoning about corectness easier.

In this CL:
1. Use uniqe_ptr instead of Optional to allow moving SweepingJob away
   from the header file.
2. sweeping_in_progress_ is replaced with simply checking for a job.
3. freed_bytes_ are moved to the job and the dependency is reversed,
   avoiding the inside-out (Job->Sweeper) dependency completely.
4. Merge() and counter updates are merged into a Finalize() method.
5. FinishIfDone() allows for conditional finization.
6. young_bytes_ and old_bytes_ are removed as they were always updated
   when the corresponding bytes in the ArrayBufferList was updated.

Change-Id: I56e5b04087166ce03d3a9195ac48359122a84c73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124776
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76795}
2021-09-13 11:49:02 +00:00
Thibaud Michaud
7e33e56a8c [wasm][eh] Fix catchless try in interpreter
The "unreachable" state is usually reset in the first catch block.
Ensure that this is done for catchless tries too.

R=clemensb@chromium.org

Bug: chromium:1246712
Change-Id: If746a3fe3158b0bac4b9b02e4978ca444f8ce427
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157949
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76791}
2021-09-13 10:52:13 +00:00
Ng Zhi An
c2ac4811aa [ia32] Use AVX if supported
This is a follow-up on https://crrev.com/c/3131374 to support more
instructions, float32 sqrt, cmp, round, float64 cmp.

Rename the opcodes since they are no longer SSE specific.

Bug: v8:12148
Change-Id: Ie5f74bc1b4510092cbfbcb7e420ef82cb1c39a14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3154983
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76777}
2021-09-10 23:24:49 +00:00
Liu Yu
c21438ab18 [loong64] Adjust the disassembler instruction format
Change-Id: I1148508825b7bdff3dae0634aed5318a605ba4da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3153355
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#76762}
2021-09-10 09:08:49 +00:00
Milad Fa
b4e1559544 [wasm-simd] Fix endianness issue when generating constants
value must be written to memory in LE order on BE machines
as they will be loaded in reverse when emitting S128Const.

Change-Id: Ia1d6c784505abe499fb71a6d86daea2721615da4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151956
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76758}
2021-09-09 19:43:34 +00:00
Ng Zhi An
a9ab1c3b84 [ia32] Define *sd instructions using a macro list
This is similar to what is already done in x64, define a macro list for
all the *sd instructions (prefix f2 0f), and use this macro list to
define assembler functions and disassembly.

Bug: v8:11879
Change-Id: Ia7fbd9fe7f07b72c04d82c81726b9673c40eb0de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3125774
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76756}
2021-09-09 19:40:04 +00:00
Ng Zhi An
f331901d8a [ia32] Use AVX for some Float ops if supported
By delegating to the macro-assembler, emit AVX instructions for some
float opcodes (float sqrt, round, conversions to and from int,
extract/insert/load word).

Since they now support AVX, we rename the instruction ops to remove the
SSE prefix, changing it to be IA32.

Bug: v8:12148
Change-Id: Ib488f03928756e7d85ab78e6cb28eb869e0641f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3131374
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76755}
2021-09-09 17:15:54 +00:00
Ilja Iskovs
66bfcdcb43 [arm64][wasm-simd] Use Fcm(0) for floating point comparison with zero.
Use an immediate zero operand for floating point comparison nodes when
possible. This results in up to 20-25% runtime improvement in some
microbenchmarks, as well as 1-1.5% runtime improvement in some
real-use benchmarks on Cortex-A55 and Neoverse N1.

Change-Id: I39d10871a08a037dbe8c0877d789d110476e1a58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133143
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#76749}
2021-09-09 11:44:15 +00:00
Milad Fa
355f4f5c7b [wasm-simd] Fix MulAddOptimizationTest on BE
globals are no longer LE enforced after https://crrev.com/c/2944437.
LANE is used instead to pick the correct lane on BE machines.

Change-Id: I106bebda2633a4673ad4b5165c0440cc445d9475
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3148036
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76730}
2021-09-08 16:14:18 +00:00
Zhao Jiazhong
017c12b3c5 [loong64] Optimize GenerateSwitchTable
We should use pc relative branch instruction rather than loading
target address from memory for better performance.

Besides, just like arm64, currently we assume that none of our
relocation types are pc relative pointing outside the code buffer
nor pc absolute pointing inside the code buffer.

Change-Id: I9cce2e79c0afb00af967638405469f65df1deda2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3147314
Reviewed-by: Liu yu <liuyu@loongson.cn>
Commit-Queue: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#76721}
2021-09-08 10:41:51 +00:00
Thibaud Michaud
f7b9b1f0de [wasm][eh] Update interpreter 'delegate' behavior
Bug: v8:8091, chromium:1247119
Change-Id: Icafd0bf9277aed835032396c2512e7d991407e0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144910
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76720}
2021-09-08 10:30:29 +00:00
Manos Koukoutos
59e4cf11c5 [wasm][turbofan] Remove stack checks/tracing from inlinee, add tests
We add an option to BuildTFGraph to not emit stack checks and call
tracing and use it in inlined functions.
Also, we add tests for zero/multiple return values, as well as infinite
loops in the inlined function.

Bug: v8:12166
Change-Id: I5f34c57d9870592085804853ff23ba94897cc8d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3141589
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76718}
2021-09-08 09:05:33 +00:00
Ng Zhi An
c03354b430 Reland "[wasm-simd][arm64] Fuse add and extmul"
This is a reland of 65515ddd3e

Fix is to use AddWithWraparound for signed additions to avoid UB.

Original change's description:
> [wasm-simd][arm64] Fuse add and extmul
>
> We can select a better instruction for add+extmul, using one of the
> multiply-long-accumulate instruction.
>
> Define a helper struct to pattern match Add(x, OP(y, z)) and
> Add(OP(x, y) z), and ensure that the matched OP is always on the
> LHS, to simplify checking for matches.
>
> Bug: v8:11548
> Change-Id: I7ab488b262aa9f749785f973549ccd9fad72f4c8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826725
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76708}

Bug: v8:11548
Change-Id: I675ab8b78d9c6c30b82a8c96c8e7098a548c6a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144379
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76712}
2021-09-08 00:29:34 +00:00
Andrew Brown
cea787e280 [x64] Add disassembly tests for 256-bit instructions
A previous change (see ref) added a subset of 256-bit instructions to
the x64 assembler--this change adds a disassembly test for the added
instructions.

ref: https://chromium-review.googlesource.com/c/v8/v8/+/3123648
Change-Id: Ia56be7a7df636b8bf6c04f044912e914d949d19f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133956
Auto-Submit: Andrew Brown <andrew.brown@intel.com>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76711}
2021-09-08 00:26:44 +00:00
Zhi An Ng
61c953aab6 Revert "[wasm-simd][arm64] Fuse add and extmul"
This reverts commit 65515ddd3e.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/18117/overview

Original change's description:
> [wasm-simd][arm64] Fuse add and extmul
>
> We can select a better instruction for add+extmul, using one of the
> multiply-long-accumulate instruction.
>
> Define a helper struct to pattern match Add(x, OP(y, z)) and
> Add(OP(x, y) z), and ensure that the matched OP is always on the
> LHS, to simplify checking for matches.
>
> Bug: v8:11548
> Change-Id: I7ab488b262aa9f749785f973549ccd9fad72f4c8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826725
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76708}

Bug: v8:11548
Change-Id: Ic1560616e7ee6df917fcedbb6ad139a1a9773d68
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144377
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76709}
2021-09-07 22:53:57 +00:00
Ng Zhi An
65515ddd3e [wasm-simd][arm64] Fuse add and extmul
We can select a better instruction for add+extmul, using one of the
multiply-long-accumulate instruction.

Define a helper struct to pattern match Add(x, OP(y, z)) and
Add(OP(x, y) z), and ensure that the matched OP is always on the
LHS, to simplify checking for matches.

Bug: v8:11548
Change-Id: I7ab488b262aa9f749785f973549ccd9fad72f4c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826725
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76708}
2021-09-07 22:19:06 +00:00
Ng Zhi An
684f3cee1f [wasm-simd] Optimize i32x4.trunc_sat_f32x4_s
Bug: v8:12094
Change-Id: Ibefce881cbfcd4445485197a4a2615bdf0599ada
Fixed: v8:12094
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123638
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76706}
2021-09-07 20:11:26 +00:00
Jakob Kummerow
059d2f799c [wasm-gc] Drop --experimental-wasm-gc-experiments flag
Simply putting all features behind --experimental-wasm-gc.
The intent is to simplify command lines.

Bug: v8:7748
Change-Id: Ibfaa4dc720087a490b177a2b95841620a4d25d89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3141583
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76703}
2021-09-07 19:22:19 +00:00
Lu Yahan
fcd3ef4821 [riscv64][wasm]Add Vector instrs
- Add vsetivli/I8x16Add/vl/vse8
 - In Rvv, Vector regs is different from Float Regs. But in this cl, in order to facilitate modification, it is assumed that the vector register and float register share a set of register codes.
 - Because v0 is mask reg, we can't allocate it . And transfer float into vector reg, so i delete ft0 from AllocateReg.

Bug: v8:11976
Change-Id: I66185d1f5ead985489bcbdf671b131f02a6bd7c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3005768
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76700}
2021-09-07 16:11:22 +00:00
Patrick Thier
255aaed95b Argument Count Consistency
The receiver is now always included in the actual argument count and
the formal parameter count.
kDontAdaptArgumentsSentinel is changed from UINT16_MAX to 0 to preserve
the maximum allowed declared parameters.
The build flag activating the changes is not set for any architecture
yet.

Bug: v8:11112
Change-Id: I48a4969137949a1b4d1f47545209bb22b64e7e05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140608
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76699}
2021-09-07 15:34:40 +00:00
Leszek Swirski
787bec0964 [sparkplug] Remove BaselineData, use Code directly
Remove the BaselineData intermediate structure for baseline code, and
write the baseline Code object into the SharedFunctionInfo directly. We
still need a pointer to the BytecodeArray/InterpreterData, so re-use the
Code object's deoptimization data slot for this (baseline code doesn't
have deoptimization data).

A consequence of this is that the BytecodeArray pointer becomes
immutable when there is baseline code. This means that we cannot install
a debug BytecodeArray while baseline code is active (we have to flush it
first), and we can't tier-up code with debug BytecodeArray to baseline.

Change-Id: I53b93ec4d4c64b833603d7992f246982fcd97596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3118548
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76675}
2021-09-06 11:52:21 +00:00
Jakob Gruber
35990c9594 [regexp] Add a (currently failing) cctest for irregexp reentrancy
The test should be enabled once reentrancy is supported.

Bug: v8:11382
Change-Id: Ifb90d8a6fd8bf9f05e9ca2405d4e04e013ce7ee3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3138201
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76667}
2021-09-06 07:04:39 +00:00
Lu Yahan
5a25444006 [riscv64] Using RV_li to load imm32
Bug: v8:12171
Change-Id: Icb50d5438f657f6d3c75cbc3409ccf6f1f880303
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3141263
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76666}
2021-09-06 06:21:18 +00:00
Clemens Backes
dd152c4877 Reland "[wasm] Move write scope out of NativeModule::AddCode"
This is a reland of 6ae18c2d3c, with
{CompileWasmCapiCallWrapper} fixed to also contain a
{CodeSpaceWriteScope}.

Original change's description:
> [wasm] Move write scope out of NativeModule::AddCode
>
> {NativeModule::AddCode} is a central method that should usually be
> called in batches, where the caller holds a {CodeSpaceWriteScope} for a
> longer time (over several compilations).
> This CL moves us closer to that by removing the scope from that central
> method and instead putting it in callers where it becomes more visible.
> There are already TODOs to introduce caching or batching to avoid some
> switching, and one more TODO is added.
>
> Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76344}

Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Change-Id: I6367bbd9dc52c403513eb1a168aa1f6eb4044ca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129703
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76626}
2021-09-01 15:32:26 +00:00
Martyn Capewell
e6961df23f [wasm][liftoff][arm][arm64] Detect NaNs for fuzzing
Instrument floating-point operations to set a flag if the result is NaN.

Port: e699762e06
Bug: v8:11856
Change-Id: Iae8121dd17ae8acf402ac74e41122cad77387db7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099945
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#76605}
2021-08-31 15:15:51 +00:00
Manos Koukoutos
797e4afefe [wasm] Support reftypes tables in WasmModuleBuilder
WasmModuleBuilder is a class that is used to build Wasm modules in the
asm.js parser, in the fuzzer, as well as some tests. When it comes to
Wasm tables, WasmModuleBuilder currently supports only basic tables
(before the reftypes proposal) using an ad-hoc indirect-function index
vector.
This CL adds proper support for element sections and tables that use
them in the full potential of the reftypes extension. The new
functionality will only be used in the fuzzer and potentially some tests
in the future. Along this, we drop some functionality from
WasmModuleBuilder that was only used in tests and is redundant with the
new architecture.
Additionally, we remove tables other than externref and funcref from the
fuzzer (which were not supported properly or used anyway). We will
reintroduce them at a later time.

Bug: v8:11954
Change-Id: I0a4f6e7b63b6e3d9f7da03b5202fbf14d8678332
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122162
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76597}
2021-08-31 10:02:19 +00:00
Andrew Brown
1c381f9a83 [x64] Implement some common 256-bit assembler instructions
This change implements longer-width SIMD instructions in the x64
assembler by adding 256-bit versions to one of the conversion macros.
This emits mostly floating-point arithmetic and some boolean operations;
see `SSE_UNOP_INSTRUCTION_LIST` and `SSE_BINOP_INSTRUCTION_LIST`.

Design doc: https://docs.google.com/document/d/1VWZbkO5c_DdxlJObmSLN_9zQUZELVgXyudbpzv5WQM0

Change-Id: I36d56ee09d6b71f66734342cb37bfc9d4801d654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123648
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#76593}
2021-08-31 04:09:34 +00:00
Seth Brenith
4c4366e748 [cleanup] Use @doNotGenerateCppClass on fewer classes
Most Torque-defined extern classes already use CPP class generation. As
Nico pointed out in [1], it would be nice to convert the remaining
classes and remove this option. This change converts most of those
remaining classes. I know that the future of Torque-defined classes is a
subject of some debate right now, but I think that it's worth doing a
few mechanical changes to reduce the existing variety of options. A
couple of minor fixes in the Torque compiler were required so that it
generates correct code for shapes.

[1] https://docs.google.com/document/d/1q_gZLnXd4bGnCx3IUfbln46K3bSs9UHBGasy9McQtHI/edit#

Bug: v8:8952
Change-Id: I7e6087153a18d6ee80e67926793e8ba8e01d501e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015666
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#76586}
2021-08-30 16:45:18 +00:00
Manos Koukoutos
c7a8669c3d [test] Improve some error messages and comments
Change-Id: I8ac9f04ce8410f8ca81b1436850cd96ce79a3b6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122161
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76535}
2021-08-27 13:51:21 +00:00
Leszek Swirski
732f394c5d [sparkplug] Clobber accumulator in StaGlobal
StaGlobal didn't write the accumulator, but the baseline implementation
assumed that it could preserve the accumulator by taking the return
value of the StoreGlobalIC. This almost always worked, except for
setters on the global object.

Fix this by marking StaGlobal as clobbering the accumulator, same as
StaNamedProperty (StaNamedProperty needs to do this anyway to avoid
inlined setters from needing to create accumulator-preserving frames;
StaGlobal would have needed the same thing if we'd ever inlined setters
for it).

Also, add a new debug scope, EnsureAccumulatorPreservedScope, to the
baseline compiler, which checks if the accumulator value is preserved
across non-accumulator-writing bytecodes. This found a (benign) bug with
ForInPrepare, so fix that too.

Fixed: chromium:1242306
Change-Id: I220b5b1c41010c16ac9f944cbd55d2705c299434
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122325
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76525}
2021-08-27 09:06:13 +00:00
Ng Zhi An
9996d8aec9 [x64] Consolidate SSE/AVX Float32/Float64 Abs/Neg
1. Move Abspd, Negpd from MacroAssembler into TurboAssembler so that we
can use it in code-generator
2. Add Absps and Negps (float32 versions of the instructions in 1)
3. Refactor SSE/AVX float32/float64 abs/neg to use these macro-assembler
helpers.
4. Use these helpers in Liftoff too

This has the benefit of not requiring to set up the masks in a temporary
register, and loading the constants via an ExternalReference instead.
It does require (in ins-sel) to have the input be in a Register, since
the ExternalReference is an operand (and the instruction can only have 1
operand input).

Bug: v8:11589
Change-Id: I68fafaf31b19ab05ee391aa3d54c45d547a85b34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123635
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76520}
2021-08-27 00:58:51 +00:00
Camillo Bruni
48ed752ac5 Revert "[codegen] Disable host-defined options checks in cache"
This reverts commit 810d34dfe6.

Reason for revert: The stricter host checks prevent
certain security issues. We will have to live with regressions
until we have a more flexible caching solution in place.

Original change's description:
> [codegen] Disable host-defined options checks in cache
>
> We see too many regressions for now in M94 (~10% more misses in
> some cases).
>
> This CL reverts the logic to the state before landing
> https://crrev.com/c/3069152 without having to revert the several
> refactoring CLs that landed on top of it.
>
> Bug: v8:10284, chromium:1238312, chromium:1237242
> Change-Id: I57e66b9e0d58c36d2f1563b07720e3729c88ec94
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103006
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76362}

Bug: v8:10284, chromium:1238312, chromium:1237242
Change-Id: I4c662dd0ac16a4406f06fb2a62b9e4e65fa428ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114057
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76504}
2021-08-26 13:02:23 +00:00
Ng Zhi An
593ab78f7c [wasm-simd] Share i32x4.trunc_sat_f64x2 s,u zero implementation
Bug: v8:11589
Change-Id: I7b55efa76f60eacf31700a544f54042eec963f57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3115545
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76495}
2021-08-25 23:10:59 +00:00
Samuel Groß
e84ac8bc3b [sandbox] Disallow ArrayBuffers outside the VM Cage
In a follow-up CL, the backing stores will, when the sandbox is enabled,
be referenced from V8 objects through offsets rather than raw pointers.
For that to work, all backing stores must be located inside the virtual
memory cage. This CL prepares for that.

Bug: chromium:1218005
Change-Id: Ibb989626ed7094bd4f02ca15464539f4e2bda90f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114136
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76486}
2021-08-25 09:52:38 +00:00
Dan Elphick
ec06bb6ce5 Reland "[include] Split out v8.h"
This is a reland of d1b27019d3

Fixes include:
Adding missing file to bazel build
Forward-declaring classing before friend-classing them to fix win/gcc
Add missing v8-isolate.h include for vtune builds

Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}

Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit
Bug: v8:11965
Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76460}
2021-08-24 13:08:55 +00:00
Maya Lekova
438989d6c1 Revert "[codegen] Assert that deserialized SFIs have correct origins"
This reverts commit 2660997331.

Reason for revert: Breaks code_serializer tests - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/36427/overview

Original change's description:
> [codegen] Assert that deserialized SFIs have correct origins
>
> Re-use the same check we already have in place for the
> compilation cache for when we use CodeSerializer::Deserialize.
>
> - Move HasOrigin to SharedFunctionInfo::HasMatchingOrigin
> - HasMatchingOrigin no longer allocates
> - Pass ScriptDetails in more places
>
> Bug: v8:10284
> Change-Id: I6e074bd1e7db9a35fdf7123d04a65841d9813e02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090968
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76451}

Bug: v8:10284
Change-Id: I234fcf031001819b05dbcdd421f235f71e9805b2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114143
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76456}
2021-08-24 11:48:22 +00:00
Camillo Bruni
2660997331 [codegen] Assert that deserialized SFIs have correct origins
Re-use the same check we already have in place for the
compilation cache for when we use CodeSerializer::Deserialize.

- Move HasOrigin to SharedFunctionInfo::HasMatchingOrigin
- HasMatchingOrigin no longer allocates
- Pass ScriptDetails in more places

Bug: v8:10284
Change-Id: I6e074bd1e7db9a35fdf7123d04a65841d9813e02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090968
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76451}
2021-08-24 10:35:45 +00:00
Andrew Brown
c73400e1f3 [x64] Provide initial infrastructure for 256-bit assembly
As a first step toward generating longer-width SIMD (see design doc),
this change adds the ability to emit 256-bit instructions in the x64
assembler. The `YMMRegister` class indicates that a 256-bit instruction
should be emitted (versus a 128-bit instruction for `XMMRegister`). This
also includes a sample implementation for `vmovdqa` and `vmovdqu` and
the encoded bits are checked against known-good output from NASM.

Design doc: https://docs.google.com/document/d/1VWZbkO5c_DdxlJObmSLN_9zQUZELVgXyudbpzv5WQM0

Change-Id: I18a88565d731786c3a1cedc2293a3a2e78ae838a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3111269
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76443}
2021-08-24 00:50:41 +00:00
Ng Zhi An
360fdbdee5 [wasm-simd] Reduce number of cases tested by ShiftAdd
ShiftAdd tests lane_size * len(test_arr)^2, which is a lot of cases. In
local runs of test-run-wasm-simd, I see I32x4ShiftAdd show up
consistently as taking up a lot of time. We reduce the number of cases
tested to lane_size * len(test_arr), which stills give us very good
coverage.

Change-Id: Ida99a378f0dd9b513e8c84a2da3beebf65f0f356
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3105374
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76441}
2021-08-23 22:09:18 +00:00
Corentin Pescheloche
731fd3f581 [cpu-profiler] Add method to estimate mem size of ProfilerCodeObserver
This patchset introduces instrumentation of the memory usage of the
datatructures maintained by the CPU profiler.
It captures:
* The total size of the strings held in StringsStorage for CodeEntries
* Estimated size held by CodeMap's entries.

The target is to surface that metric through telemetry to get better
visibility into the memory profile of CpuProfiler.

For now, STL containers overhead is ignored as it is implementation
specific.

Change-Id: I8c6a0cd4f14348fe8832dec1f24861befc67d700
Bug: chromium:1241491
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101580
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76438}
2021-08-23 19:07:15 +00:00
Dan Elphick
44fe02ced6 Revert "[include] Split out v8.h"
This reverts commit d1b27019d3.

Reason for revert: Broke vtune build, tsan build and possibly others

Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}

Bug: v8:11965
Change-Id: Id57313ae992e720c8b19abc975cd69729e1344aa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113627
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76428}
2021-08-23 11:54:09 +00:00
Dan Elphick
d1b27019d3 [include] Split out v8.h
This moves every single class/function out of include/v8.h into a
separate header in include/, which v8.h then includes so that
externally nothing appears to have changed.

Every include of v8.h from inside v8 has been changed to a more
fine-grained include.

Previously inline functions defined at the bottom of v8.h would call
private non-inline functions in the V8 class. Since that class is now
in v8-initialization.h and is rarely included (as that would create
dependency cycles), this is not possible and so those methods have been
moved out of the V8 class into the namespace v8::api_internal.

None of the previous files in include/ now #include v8.h, which means
if embedders were relying on this transitive dependency then it will
give compile failures.

v8-inspector.h does depend on v8-scripts.h for the time being to ensure
that Chrome continue to compile but that change will be reverted once
those transitive #includes in chrome are changed to include it directly.

Full design:
https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing

Bug: v8:11965
Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76424}
2021-08-23 09:35:06 +00:00
Lu Yahan
d7d71adcba [riscv64] Fix align failed
Bug: v8:12130
Change-Id: I2cf3513fb09e5844ef827901cbbe73f70b2a3edd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3112986
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76422}
2021-08-23 06:44:36 +00:00
Adam Klein
64d0ceb37a Revert "[wasm] Move write scope out of NativeModule::AddCode"
This reverts commit 6ae18c2d3c.

Reason for revert: breaks a bunch of tests on Mac arm64 bots:

https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5754/overview
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/2421/overview

Original change's description:
> [wasm] Move write scope out of NativeModule::AddCode
>
> {NativeModule::AddCode} is a central method that should usually be
> called in batches, where the caller holds a {CodeSpaceWriteScope} for a
> longer time (over several compilations).
> This CL moves us closer to that by removing the scope from that central
> method and instead putting it in callers where it becomes more visible.
> There are already TODOs to introduce caching or batching to avoid some
> switching, and one more TODO is added.
>
> Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.
>
> R=​jkummerow@chromium.org
>
> Bug: v8:11974
> Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76344}

Bug: v8:11974
Change-Id: Ia6a6814f153f7602d5d691bc5c930601ff4622a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3111268
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76414}
2021-08-20 19:19:52 +00:00
Jakob Kummerow
dd5e5535ea [bigint] Faster parsing from long strings
Combining parts in a balanced-binary-tree like order allows us to
use fast multiplication algorithms.

Bug: v8:11515
Change-Id: I6829929671770f009f10f6f3b383501fede476ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049079
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76404}
2021-08-20 10:54:34 +00:00
Shu-yu Guo
6a487504ed Reland "[compiler] Support acq/rel accesses and atomic accesses on tagged"
This is a reland of faf2208a0b

Changes since revert:
- Fix arm64 codegen for full pointer mode

Original change's description:
> [compiler] Support acq/rel accesses and atomic accesses on tagged
>
> This CL adds an AtomicMemoryOrder parameter to the various atomic load
> and store operators. Currently only acquire release (kAcqRel) and
> sequentially consistent (kSeqCst) orders are supported.
>
> Additionally, atomic loads and stores are extended to work with tagged
> values.
>
> This CL is a pre-requisite for supporting atomic accesses in Torque,
> which is in turn a pre-requisite for prototyping shared strings.
>
> Bug: v8:11995
> Change-Id: Ic77d2640e2dc7e5581b1211a054c93210c219355
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101765
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76393}

Bug: v8:11995
Change-Id: I23577486334fec6b08fb3a2f5be1f6e5e16db11b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107220
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76399}
2021-08-19 18:23:57 +00:00
Nico Hartmann
746d62d4b9 Revert "[compiler] Support acq/rel accesses and atomic accesses on tagged"
This reverts commit faf2208a0b.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20arm64%20-%20sim%20-%20pointer%20compression/10870/overview

Original change's description:
> [compiler] Support acq/rel accesses and atomic accesses on tagged
>
> This CL adds an AtomicMemoryOrder parameter to the various atomic load
> and store operators. Currently only acquire release (kAcqRel) and
> sequentially consistent (kSeqCst) orders are supported.
>
> Additionally, atomic loads and stores are extended to work with tagged
> values.
>
> This CL is a pre-requisite for supporting atomic accesses in Torque,
> which is in turn a pre-requisite for prototyping shared strings.
>
> Bug: v8:11995
> Change-Id: Ic77d2640e2dc7e5581b1211a054c93210c219355
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101765
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76393}

Bug: v8:11995
Change-Id: Id9936672f9e96c509b1cdf866de1ac5303996945
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3107229
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76394}
2021-08-19 15:49:18 +00:00
Shu-yu Guo
faf2208a0b [compiler] Support acq/rel accesses and atomic accesses on tagged
This CL adds an AtomicMemoryOrder parameter to the various atomic load
and store operators. Currently only acquire release (kAcqRel) and
sequentially consistent (kSeqCst) orders are supported.

Additionally, atomic loads and stores are extended to work with tagged
values.

This CL is a pre-requisite for supporting atomic accesses in Torque,
which is in turn a pre-requisite for prototyping shared strings.

Bug: v8:11995
Change-Id: Ic77d2640e2dc7e5581b1211a054c93210c219355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101765
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76393}
2021-08-19 15:18:11 +00:00
Jakob Gruber
66a85b8e57 [regexp] Replace JSRegExp::Flags uses by RegExpFlags
.. and decrease the include-ball size.

Change-Id: Id35358a6882156f6684475b7f0b0193f8ca5eaf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103313
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76386}
2021-08-19 11:25:55 +00:00
Michael Lippautz
847f6d9aba heap: Fix TSAN race when setting a flag after page initialization
HAS_PROGRESS_BAR is set after page initialization at which point all
flags are assumed to be immutable while a GC is running.

Separating out the progress bar from flags allows setting it lazily at
allocation time.

Bug: v8:11915
Change-Id: I48a877e0e80d583d7a0fadef2546fc70417806e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085268
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76382}
2021-08-19 10:28:57 +00:00
Jakob Gruber
d586518a36 [regexp] Break dependency on JSRegExp::Flags
The JSRegExp heap object should not be the source of truth for regexp
flags, which are also relevant in places that don't need or want to
care about the heap object layout (e.g.: the regexp parser).

Introduce RegExpFlags as a new source of truth, and base everything
else on these flags.

As a first change, remove the js-regexp.h dependency from the regexp
parser. Other files in src/regexp/ should be updated in follow-up
work.

Change-Id: Id9a6706c7f09e93f743b08b647b211d0cb0b9c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103306
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76379}
2021-08-19 09:12:55 +00:00
Lu Yahan
f2da7ce0de [riscv64] Delete s10 from scratch_list
S10 is a Callee save register and be used in scratch_list.
In cctest, could use scratch but not does't go through the JSEntry function that can save callee save reg. So cctest could be crashed due to using s10.

Bug: v8:12124
Change-Id: I62c3582ad490681d5efb24e8bfe0884006d42e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103425
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76375}
2021-08-19 07:11:26 +00:00
Jakob Gruber
e72ecf1e0a [regexp] Change the RegExpParser to operate on raw input arrays
.. instead of a FlatStringReader. This is in preparation for reusing
the regexp parser directly from the JS parser, which uses different
string types (AstRawString instead of heap Strings).

Drive-by: Hide parser internals in the .cc file.

Bug: v8:896
Change-Id: I06bd08f2ef5fd7a5e9812c123d88b89cacf5d864
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101488
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76365}
2021-08-18 11:55:00 +00:00
Camillo Bruni
810d34dfe6 [codegen] Disable host-defined options checks in cache
We see too many regressions for now in M94 (~10% more misses in
some cases).

This CL reverts the logic to the state before landing
https://crrev.com/c/3069152 without having to revert the several
refactoring CLs that landed on top of it.

Bug: v8:10284, chromium:1238312, chromium:1237242
Change-Id: I57e66b9e0d58c36d2f1563b07720e3729c88ec94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103006
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76362}
2021-08-18 09:36:50 +00:00
Shu-yu Guo
ed1473bd38 Improve error message for Set/Map grow failures
Bug: v8:11852
Change-Id: I1d3c01b827e847bb7edcd2ebe7d3b340f7d53069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097473
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76355}
2021-08-18 01:30:10 +00:00
Ng Zhi An
bb12c48ac3 [wasm-simd] Share i8x16.splat implementation
The optimal implementation is in TurboFan x64 codegen, move it into
shared-macro-assembler, and have TurboFan ia32 and Liftoff use it. The
optimal implementation accounts for AVX2 support.

We add a couple of AVX2 instruction to ia32 in sse-instr.h, not all of
them are used, but follow-up patches will use them, so we add support
(including diassembly and test) in this change.

Drive-by clean up to test-disasm-x64.cc to merge 2 AVX2 test sections.

Bug: v8:11589
Change-Id: I1c8d7deb0f8bb70b29e7a680e5dbcfb09ca5505b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092555
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76352}
2021-08-17 21:05:00 +00:00
Clemens Backes
6ae18c2d3c [wasm] Move write scope out of NativeModule::AddCode
{NativeModule::AddCode} is a central method that should usually be
called in batches, where the caller holds a {CodeSpaceWriteScope} for a
longer time (over several compilations).
This CL moves us closer to that by removing the scope from that central
method and instead putting it in callers where it becomes more visible.
There are already TODOs to introduce caching or batching to avoid some
switching, and one more TODO is added.

Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76344}
2021-08-17 12:38:34 +00:00
Leszek Swirski
df2b169b3f [compiler] Off-thread deserialization ♥️ Isolate cache
Make off-thread deserialization play well with the Isolate compilation
cache, by moving the Finish call into GetSharedFunctionInfoForScript.

This means that

  a) The isolate cache is checked before the Finish, allowing it to be
     hit, and
  b) Results of off-thread deserializations are written into the Isolate
     cache.

Bug: chromium:1075999
Change-Id: I535935180bbe77f3e718253830e649bd62857634
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094006
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76341}
2021-08-17 09:39:15 +00:00
Ilja Iskovs
a69080060d Reland "[arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)"
This is a reland of 2261e05333

This patch can now be relanded as some space was made for more opcodes:
https://bugs.chromium.org/p/v8/issues/detail?id=12093

Original change's description:
> [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)
>
> A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
> used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
> improvement on some compute intensive Wasm benchmarks on Neoverse-N1.
>
> Mla and Adalp optimisations were refactored to match the style of the
> added code.
>
> Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#76280}

Change-Id: Idd166b7d3c960af33049bbce6e7276763c28f286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097284
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76340}
2021-08-17 09:27:26 +00:00
Milad Fa
4f178718dc PPC [simd]: Add tests for some word sized vector instructions
Change-Id: If641c8a4a466f6f9ea1dc9d8c15184fab17f52c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098008
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76329}
2021-08-16 21:34:29 +00:00
Ng Zhi An
9aaf664253 Reland "[wasm][diagnostics] Support WasmCode in gdb JIT integration"
This is a reland of a3b2c4ec81

The fix is in PS3, for UBSan. We use WriteUnalignedValue for
potentially unaligned memory writes.

Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
>   both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
>   we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}

Bug: v8:11908
Change-Id: I5ded6d01cff40803b2f70525163f760edcf97165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093506
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76327}
2021-08-16 20:46:49 +00:00
Georg Neis
7a5a8ff1e2 [test] Enable baseline tests on riscv64
Also remove remnants of x87 port.

Change-Id: I3376539504d2a04c9f918ab39d0976eaca31782f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097866
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76313}
2021-08-16 14:34:23 +00:00
Yu Yin
816e9fa3b9 [LOONG64] Add LoongArch64 backend
Bug: v8:12008
Change-Id: I2e1d918a1370dae1e15919fbf02d69cbe48f63bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76308}
2021-08-16 13:05:19 +00:00
Jakob Kummerow
bb5870d63f [wasm-gc] Fix max array length
The static limit didn't account for possible S128 elements.
This patch makes the limit element type specific.

Fixed: chromium:1237024
Change-Id: Ic1e37656e2882c0eb7ea6400c83e4094eb747e88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097269
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76303}
2021-08-16 11:53:02 +00:00
Georg Neis
2257f6b145 [compiler][test] Remove --block-concurrent-recompilation
- Remove flag --block-concurrent-recompilation and its implementation,
  including %UnblockConcurrentCompilation.
- Rewrite tests that used it in terms of the primitives introduced in
  my previous CL:
  https://chromium-review.googlesource.com/c/v8/v8/+/3071400/
- Remove "sync"/"no sync" arguments from %GetOptimizationStatus,
  assertOptimized, etc. These are now always "no sync": they don't
  do any magic.
- Remove "if %IsConcurrentRecompilationSupported then quit" from some
  tests in favor of --concurrent-recompilation in their Flags line.

Bug: v8:12041, v8:7790
Change-Id: I966aae4fec85e6f9e7aeed2ba2c12e9198a3991f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077149
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76298}
2021-08-16 10:15:53 +00:00
Nico Weber
574b105d63 Fix some -Wunreachable-code-aggressive warnings
Bug: chromium:1066980
Change-Id: I03a6b5253043bfb9825a1a64a1d9b060958e5a98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094866
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76293}
2021-08-16 06:45:22 +00:00
Clemens Backes
55e6a51f8d Revert "[arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)"
This reverts commit 2261e05333.

Reason for revert: No issues with the CL, but it is taking the
last two available opcodes on arm64 (we use 9 bits to encode it,
so we are limited to 512 opcodes). We need to land a security fix
which includes the addition of two opcodes. Before relanding this,
we need to figure out a strategy to either reduce opcodes, or use
one more bit to encode them.

Original change's description:
> [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)
>
> A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
> used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
> improvement on some compute intensive Wasm benchmarks on Neoverse-N1.
>
> Mla and Adalp optimisations were refactored to match the style of the
> added code.
>
> Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#76280}

Change-Id: Ifad0625ed8a6b66e7a7a74da11ad7d60941207e5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094014
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76282}
2021-08-13 15:04:26 +00:00
Ilja Iskovs
2261e05333 [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)
A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
improvement on some compute intensive Wasm benchmarks on Neoverse-N1.

Mla and Adalp optimisations were refactored to match the style of the
added code.

Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#76280}
2021-08-13 13:22:26 +00:00
Nicolò Ribaudo
b3b9466a05 [class] Improve errors for reinitialized private elements
Previously V8 was reusing the error fur duplicate declarations, using
the private name for class fields or the class name for class methods
as the redeclared identifier.

    class A { constructor(o) { return o } }
    class B extends A { #x }
    class C extends A { #x() {} }
    let D = (0, class extends A { #x() {} });

    new B(new B({})) // Identifier '#x' has already been declared
    new C(new C({})) // Identifier 'C' has already been declared
    new D(new D({})) // Identifier '' has already been declared

This patch changes it to use error messages that better explain what's
happening:

    new B(new B({})) // Cannot initialize #x twice on the same object
    new C(new C({})) // Cannot initialize private methods of
                     // class C twice on the same object
    new D(new D({})) // Cannot initialize private methods of
                     // class anonymous twice on the same object

I initially tried to use the same message for both fields and methods,
but the problem with that is that when initializing fields we only
have access to the field name, while when initializing methods we only
have access to the class name (using the "private brand" symbol).
However, almost all the error messages are different for private fields
and for methods so this shouldn't be a problem.

Bug: v8:12042
Change-Id: Iaa50c16e4fa5c0646ad9ef2aa7e65bb649b3fce2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078362
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Joyee Cheung <joyee@igalia.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76279}
2021-08-13 10:04:36 +00:00
Zhi An Ng
b9c7fc2786 Revert "[wasm][diagnostics] Support WasmCode in gdb JIT integration"
This reverts commit a3b2c4ec81.

Reason for revert: UBSan https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8839060153390139249/+/u/Check/gdbjit

Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
>   both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
>   we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}

Bug: v8:11908
Change-Id: Ic1a74a9239e8ef6107efd36f61c089ae6bfc5b6c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093365
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76274}
2021-08-12 23:59:14 +00:00
Ng Zhi An
a3b2c4ec81 [wasm][diagnostics] Support WasmCode in gdb JIT integration
- Add new enum WASM_CODE to JitCodeEvent::CodeType
- Use AddressRegion instead of AddressRange (remove the latter)
- Change CodeDescription constructor to take an AddressRegion,
  both JIT_CODE and WASM_CODE use this
- Add a simple mjsunit test that sets --gdbjit to check that
  we don't crash.
- Add a api test for adding WASM_CODE

Bug: v8:11908
Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76271}
2021-08-12 22:46:53 +00:00
Ross McIlroy
4ab70f6b21 [Compiler] Remove untrusted code mitigations.
These are no longer enabled, so remove the code mitigation logic from
the codebase.

BUG=chromium:1003890

Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76256}
2021-08-12 12:58:24 +00:00
Samuel Groß
8581adaee6 Introduce v8_enable_virtual_memory_cage
When this is enabled, v8 reserves a large region of virtual address
space during initialization, at the start of which it will place its 4GB
pointer compression cage. The remainder of the cage is used to store
ArrayBuffer backing stores and WASM memory buffers. This will later
allow referencing these buffers from inside V8 through offsets from the
cage base rather than through raw pointers.

Bug: chromium:1218005
Change-Id: I300094b07f64985217104b14c320cc019f8438af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010195
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#76234}
2021-08-11 16:13:42 +00:00
Jakob Gruber
d9ad9e3106 [compiler] Support concurrent map updates
.. to attempt to update deprecated maps. Used in
JSHeapBroker::ReadFeedbackForPropertyAccess.

Drive-by: Move Map::TryUpdate to MapUpdater to address
an old TODO.

Bug: v8:7790
Change-Id: Iaa791e204dd133f067014c0abdb23ef3b807a315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085274
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76224}
2021-08-11 10:13:32 +00:00
Nico Hartmann
5d28775431 [deoptimizer][turbofan] Provide id of deoptimizing node in trace
When running d8 with --trace-deopt, any deopt will contain the id of
the node that caused this deopt. These ids also show up in the
deoptimization data table of when using --print-opt-code.

Change-Id: I412ca7a4ff20427100fa63101d78ee3846569a8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024144
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76220}
2021-08-11 08:54:52 +00:00
Jakob Gruber
5612424a13 [compiler] Thread-safe FindElementsKindTransitionedMap
Re-enable the creation of elements transition groups in
JSHeapBroker::ProcessFeedbackMapsForElementAccess. This turned out to be
quite important for performance.

Bug: v8:7790,v8:12031
Change-Id: I4d24837a668a5f7e78a5078212a7dc34b767d703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085262
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76215}
2021-08-11 05:14:52 +00:00
Francis McCabe
3eb90f6945 Reland "[wasm] fix float to/from int reinterpretation tests"
This reverts commit c1f45d816e.

Reason for revert: Not the true culprit

Original change's description:
> Revert "[wasm] fix float to/from int reinterpretation tests"
>
> This reverts commit e6f7a3470f.
>
> Reason for revert: This appears to be causing failures on linux and arm. E.g., https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8839349751927275456/+/u/Check/bound-functions-serialize and https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5605/overview
>
>
> Original change's description:
> > [wasm] fix float to/from int reinterpretation tests
> >
> > F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
> > floating point values involved during testing and only use
> > integers.
> >
> > This CL adds FP values as well as fixes the test names to match
> > their operation.
> >
> > Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
> > Reviewed-by: Zhi An Ng <zhin@chromium.org>
> > Commit-Queue: Milad Fa <mfarazma@redhat.com>
> > Cr-Commit-Position: refs/heads/master@{#76181}
>
> Change-Id: Ie333028bdc7b11f982ac1464bcd8ce1c1ca41657
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082747
> Auto-Submit: Francis McCabe <fgm@chromium.org>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#76182}

Change-Id: I15f3e8727c600ed517f7fa3e09f57dd23f89b384
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082751
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76183}
2021-08-09 21:44:49 +00:00
Francis McCabe
c1f45d816e Revert "[wasm] fix float to/from int reinterpretation tests"
This reverts commit e6f7a3470f.

Reason for revert: This appears to be causing failures on linux and arm. E.g., https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8839349751927275456/+/u/Check/bound-functions-serialize and https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5605/overview


Original change's description:
> [wasm] fix float to/from int reinterpretation tests
>
> F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
> floating point values involved during testing and only use
> integers.
>
> This CL adds FP values as well as fixes the test names to match
> their operation.
>
> Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Milad Fa <mfarazma@redhat.com>
> Cr-Commit-Position: refs/heads/master@{#76181}

Change-Id: Ie333028bdc7b11f982ac1464bcd8ce1c1ca41657
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082747
Auto-Submit: Francis McCabe <fgm@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76182}
2021-08-09 20:26:12 +00:00
Milad Fa
e6f7a3470f [wasm] fix float to/from int reinterpretation tests
F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
floating point values involved during testing and only use
integers.

This CL adds FP values as well as fixes the test names to match
their operation.

Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76181}
2021-08-09 18:43:10 +00:00
Camillo Bruni
f688fe086f Reland "[counters] Fix reentrant timers for V8.Execute"
This is a reland of fffcbaea55

Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests

Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8:           |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback):    |-+...+-|    self-time: 2 units (ignored)
> 3. Re-enter V8:             |---|      self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
>   histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
>   This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
>   and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}

Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}
2021-08-09 18:41:50 +00:00
Camillo Bruni
6d096131b0 [codegen] Use StrictEquals for host defined options code cache checks
The previous CL https://crrev.com/c/3069152 only did a pointer equality
check for host defined options. This broke code caching for chrome.

This CL extends the check to use a shallow strict equals check on the
host defined options elements.

Bug: v8:10284, chromium:1237242
Change-Id: Ie0ab17a5f5abe024061b6c3d3d68367d9e92b78b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081607
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76169}
2021-08-09 14:15:01 +00:00
Sathya Gunasekaran
7df6678c32 [api] Implement signature checks using instance types
Rather than depending on slow signature checks, receiver type checks are
performed using fast numeric instance type checks.

This CL adds a instance type range for embedders to assign values and
uses these to perform type checks.

Bug: v8:11476
Change-Id: Ie8236ae47ca0ba93ae76a7e690b81aa0a2b0f3e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883623
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76162}
2021-08-09 11:01:15 +00:00
Camillo Bruni
26285e2fa3 [modules] Update Module::Status enum to match spec
Change-Id: Ia324f486f138757017951c0d2b83502937b950d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075362
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76158}
2021-08-09 10:16:51 +00:00
Leszek Swirski
f888f48e4c [api] Add API for off-thread code cache deserialization
To consume a code cache off-thread

  1. The embedder creates a CachedData object wrapping the data blob.
  2. The embedder calls ScriptCompiler::StartConsumingCodeCache with the
     CachedData, and receives a ScriptCompiler::CodeCacheConsumeTask
     which takes ownership of the CachedData.
  3. The embedder calls ScriptCompiler::CodeCacheConsumeTask::Run
     on a different thread.
  4. Once this completes, the embedded passes the completed task as an
     optional argument into Source constructor, and calls Compile as
     before.

This is roughly similar to how streaming compilation works, with the
QoL improvement that Source owns the CodeCacheConsumeTask and therefore
we can reuse the same Compile method and do the off-thread finalization
behind the scenes inside Compile.

On the v8::internal side, ScriptCompiler::CodeCacheConsumeTask wraps a
v8::internal::BackgroundDeserializeTask, which has a Run and a Finish
method. The Run creates a LocalIsolate (again, similar to
BackgroundCompileTask), calls some helpers on CodeSerializer, and stores
the pre-finalization result in a OffThreadDeserializeData structure.
This stores Persistent Handles to the off-thread initialized SFI and
a vector of Scripts needing fixing up, and it owns the PersistentHandles
object which owns those Handles. Finally, the Finish method consumes
this OffThreadDeserializeData structure, fixes up Scripts, moves the
SFI Handle into the caller HandleScope, and that's it.

Since we don't yet have the source at off-thread deserialization time,
the various code cache sanity checks are done without the source hash
when deserializing, and the Finish method re-does them now that the
source is available.

Bug: chromium:1075999
Change-Id: If1faf35ba3ef840fa4e735581d0b29c96c1d5fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067322
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76155}
2021-08-09 08:55:41 +00:00
Leszek Swirski
a12c6fa2ea Revert "[counters] Fix reentrant timers for V8.Execute"
This reverts commit fffcbaea55.

Reason for revert: Breaks in Chromium (e.g. https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29)

Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8:           |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback):    |-+...+-|    self-time: 2 units (ignored)
> 3. Re-enter V8:             |---|      self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
>   histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
>   This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
>   and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}

Bug: v8:11946
Change-Id: I954de1afbabf101fb5d4f52eca0d3b80a723385b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077153
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76138}
2021-08-06 14:31:44 +00:00
Jakob Gruber
e7d8e978b9 [compiler] Change all JS operators to hold TinyRefs instead of handles
Bug: v8:7790
Change-Id: Ia5903364a774bd49db1a646b3066b9972deac725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074465
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76119}
2021-08-05 12:32:38 +00:00
Jakob Gruber
f247702386 Reenable test-cpu-profiler/DetailedSourcePositionAPI_Inlining
Forgot to do this in crrev.com/c/3067226.

Bug: v8:7790,v8:12030
Change-Id: Ic6fbf3feb07e8d08f0fd83d76d54535387c7a27c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074464
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76117}
2021-08-05 11:18:41 +00:00
Jakob Gruber
e09d77a237 Trigger full source position collection when needed
Optimizing compilation can no longer collect source positions on demand
since it may now run concurrently without serialization.

Instead, we now collect full source positions when any component that
needs them is enabled (profiler, debugger).

Bug: v8:7790,v8:12030
Change-Id: I6a2a82eb2b0d3e92121e101b4d9bf330c1f6c065
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067226
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76114}
2021-08-05 10:29:21 +00:00
Camillo Bruni
fffcbaea55 [counters] Fix reentrant timers for V8.Execute
This CL fixes a long standing issue where reentering TimedHistograms
scopes would cause spurious measurements. Only the non-nested scopes
yielded correct results.

Due to the changed numbers, the V8.Execute histogram is renamed to
V8.ExecuteMicroSeconds. Note that this histogram is also guarded
behind the --slow-histograms flag due to the additional overhead.

Unlike before, it does no longer include time for external callbacks
and only measures self time. The following example illustrates the
new behaviour:

1. Enter V8:           |--+.......+--| self-time: 4 units (reported)
2. Exit V8 (callback):    |-+...+-|    self-time: 2 units (ignored)
3. Re-enter V8:             |---|      self-time: 3 units (reported)

This would result in 2 histogram entries with 4 time units for the first
V8 slice and 3 units for the nested part. Note that the callback time
itself is ignored.

This CL attempts to clean up how TimedHistograms work:
- Histogram: the base class
- TimedHistograms: used for time-related histograms that are not nested
- NestedTimeHistograms: Extends TimedHistograms and is used for nested
  histograms

This CL changes Histograms to not measure time themselves. Measurements
happen in the *HistogramScopes:
- BaseTimedHistogramScope: Base functionality
- TimedHistogramScope: For non-nested measurements
- NestedTimedHistogramScope: For nested measurements
- PauseNestedTimedHistogramScope: Ignore time during a given scope.
  This is used to pause timers during callbacks.

Additional changes:
- ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
  and always sets VMState<EXTERNAL>

Bug: v8:11946
Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76111}
2021-08-05 10:03:08 +00:00
Clemens Backes
61150c17be [liftoff] Refactor options for Liftoff compilation
The number of arguments for the LiftoffCompiler has grown significantly
since its initial implementation, and it becomes hard to keep track of
all options at the call sites.

This CL refactors all optional parameters into a {LiftoffOptions} struct
which has a factory-like interface.
This will allow us to add more options in the future, e.g. for dynamic
tiering.

R=thibaudm@chromium.org

Change-Id: I66697bb2f99b676a84c158304cc3a285e1b077d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069148
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76098}
2021-08-04 16:48:48 +00:00
Camillo Bruni
d2fd132bcb [codegen] Respect host defined options in CompilationCache
Bug: v8:10284
Change-Id: If199cbe09964f66aa7346eedefb8ad57fe945c9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069152
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76083}
2021-08-04 09:48:23 +00:00
Camillo Bruni
06a63fe129 [codegen] Use ScriptDetails as parameter in CompilationCacheScript
- Add separate script-details.h file
- Follow-up CL will add support for precise caching with custom
  host options

Bug: v8:10284
Change-Id: I37be2079434ba7029c160ca811c7ce00a147f539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069151
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76077}
2021-08-04 08:24:22 +00:00
Mythri A
ef7d657960 [sparkplug] Add support to flush only baseline code
Add support to flush only baseline code. FLAG_flush_baseline_code
controls if baseline code is flushed or not and FLAG_flush_bytecode
controls if bytecode is flushed or not. With this CL it is possible
to control if we want to flush only bytecode / only baseline code / both.
This also lets us have different heuristics for bytecode and baseline
code flushing.

Bug: v8:11947
Change-Id: Ibdfb9d8be7e7d54196db7890541fa0b5d84f037e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060481
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76075}
2021-08-04 08:22:18 +00:00
Camillo Bruni
01898366cf [codegen] Move ScriptOriginOptions into ScriptDetails
Follow-up CLs will use the ScriptDetails object for code cache lookups
instead of only the ScriptOriginOptions.

Bug: v8:10284
Change-Id: Idc83e6e79cfca283369a9b5ceab8bc53dae5f2dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069149
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76073}
2021-08-04 08:13:10 +00:00
Seth Brenith
fcc81d9a0c Iterate in assembly order for jump threading
While reading through the jump threading implementation, I noticed
something strange: ApplyForwarding iterates through the block list in
reverse post-order, not in assembly order. Thus, the value prev_fallthru
might not refer to the previous block in assembly order. Obviously it
works fine this way or we would have noticed by now, but I think that
this step would be a little easier to read and reason about if the
iteration used assembly order instead.

I've added a test case to demonstrate the difference when using
assembly order: in a diamond where the right side starts with an empty
deferred block, the current implementation would fail to replace that
block with a nop. I doubt this case would have any real-world impact.

Change-Id: I28abe2043434debb54896871d15c540ad52c6368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3039261
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76067}
2021-08-03 17:22:40 +00:00
Bruce Dawson
fb9e129964 Remove windows.h from win32-headers.h
Windows.h causes massive namespace pollution with its defining of many
macros, it adds to build times, it disables warnings, and it makes it
easier to write non-portable code.

This change removes windows.h from V8's win32-headers.h. It does this
by replicating the small number of typedefs that are needed and by
defining three "proxy" types that are the same size and layout. The
V8ToWindowsType functions are used to reinterpret_cast between the
types.

Prior to this change there were over 760 v8-related source files that
include windows.h. After this change there are 16.

Bug: chromium:796644
Change-Id: I89efeed47028faae72de2da4f1dae345d8d7746c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042215
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76064}
2021-08-03 16:07:16 +00:00
Jakob Gruber
204dc4aa1d [compiler] Remove SerializerForBackgroundCompilation
Based on a CL by mvstanton@.

Bug: v8:7790,v8:12030,v8:12031,v8:12041
Change-Id: I58b75bd96c724a99133bec7d3bd6cf4e0c9be6d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059683
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76055}
2021-08-03 09:38:49 +00:00
Mythri A
06697f7a82 Rename stress_flush_bytecode to stress_flush_code
stress_flush_bytecode controls stress flushing of both bytecode and
baseline code. So rename the flag to better reflect its functionality

Bug: v8:11947
Change-Id: Ie6c124a476c3a7c6eabd1d75de030ee15fe78e32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062567
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76043}
2021-08-02 19:02:57 +00:00
Jakob Kummerow
152ecad8cd [bigint] Move String-to-BigInt parsing to src/bigint/
No changes to the algorithm, approximately 4x performance
improvement thanks to reduced overhead.

Bug: v8:11515
Change-Id: Id3f6c91bd650f6ae47ac8f169dc780420091998e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046185
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76022}
2021-07-30 14:19:48 +00:00
Clemens Backes
3a44f269c5 [base] Avoid pthread_rwlock_t on Mac
pthread_rwlock_t can deadlock on Mac if signals are sent to the process
in the wrong moment. Since we use processes e.g. for sampling profiling
(in both d8 and in Chrome), we hence cannot safely use pthread_rwlock_t
on Mac. Instead, fall back to a non-shared pthread_mutex_t.

Interestingly, this shows no measurable performance impact in Wasm
compilation on my MBP.

R=mlippautz@chromium.org

Bug: v8:11399
Change-Id: Ie8bfd5288bba8c4f3315ee4502b39b59d39c9bbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060480
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76015}
2021-07-30 10:51:09 +00:00
Thibaud Michaud
d66cc11c2f [wasm][eh] Rename exception to tag
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159

Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").

R=clemensb@chromium.org,nicohartmann@chromium.org

Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
2021-07-29 12:09:02 +00:00
Benedikt Meurer
4ccf0a4c83 [profiler] Use description for Symbols in Heap snapshots.
Previously we'd report all property edges with symbol names as <symbol>,
which was not very useful, especially with private class fields now
seeing more adoption.

Fixed: chromium:1232467
Change-Id: I53cf0811c4b83d016b988b687c6decbddd3c2fdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055309
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75962}
2021-07-28 14:18:36 +00:00
Peter Kasting
28661339c7 Fix an instance of -Wunused-but-set-variable.
Bug: chromium:1203071
Change-Id: I09724552731594ddf18358d29cdc243cb696652d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053617
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75929}
2021-07-26 20:52:03 +00:00
Vicky Kontoura
8439314db5 [web snapshot] Support classes
This CL adds support for classes with methods.

More specifically:
- A new ValueSerializer is added and classes are serialized separetely
from functions, although the common parts are handled in the same way
and abstracted away.
- The function prototype is serialized as an object and any missing
information is set up again during deserialization.
- FunctionFlagsToFunctionKinds() is updated to allow for more function
kinds.
- Context serialization is updated to support serializing BlockContexts
and creating ScopeInfos of type CLASS_SCOPE.
- Map serialization is updated to support properties with custom
attributes.

Bug: v8:11525, v8:11706
Change-Id: I16ca7cbc17b1811721081cda05124ce36073f9be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3006416
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75893}
2021-07-23 17:30:24 +00:00
Paolo Severini
6a5568b48e [compiler] Wrong receiver in API calls with --turbo-optimize-apply
Enabling --turbo-optimize-apply breaks tests because we are
passing the wrong receiver;
in JSCallReducer::ReduceCallOrConstructWithArrayLikeOrSpread
we create a Call node with the wrong ConvertReceiverMode, we
pass kNullOrUndefined while it should be kAny. This may break
calls to API or in general calls to functions that use the
receiver.

Bug: chromium:1231108, v8:9974
Change-Id: Ib35a1bf8746ad254b6d63274f3ae11b12aa83de8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043690
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75886}
2021-07-23 13:29:54 +00:00
Maya Lekova
66856bacdc Reland "[fastcall] Implement support for TypedArray arguments"
This is a reland of 84d5b027a7

It removes support for 8-byte types which were causing
unaligned reads.

Original change's description:
> [fastcall] Implement support for TypedArray arguments
>
> This CL adds TypedArrays as supported arguments for fast API calls.
> It implements "exact type" matching, i.e. if Float32Array is expected
> and e.g. Int32Array is passed instead, the generated code bails to the
> slow callback.
>
> Bug: chromium:1052746, chromium:1018624
> Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75756}

Bug: chromium:1052746, chromium:1018624
Change-Id: I872716d95bde8c340cf04990a3e4ae8ec8cd74a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035090
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75877}
2021-07-23 09:19:04 +00:00
Camillo Bruni
c573dcc8f8 [isolate] Minor cleanup for exceptions
* Avoid accessing thread_local_top directly and use getters:
  - scheduled_exception
  - pending_exception
  - pending_message

* Rename pending_message_obj to pending_message

Bug: chromium:1014421
Change-Id: I080b7d5919e180a943776c79ee9321235d58d3c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010278
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75864}
2021-07-22 15:06:15 +00:00
Jakob Kummerow
9f76a336fa [wasm] Faster version of GetExportWrapperIndex
Hashing FunctionSigs can be quite expensive for large modules;
luckily in some cases we can avoid doing that work.

Change-Id: Ia18060b4c27ab34b44bda4bb81ea05299ecb0f49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038523
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75819}
2021-07-20 14:40:49 +00:00
Jakob Gruber
0dba97f8dc [compiler] Make JSFunction bg-serialized
This wraps up the transition away from kSerialized ref kinds.

Since JSFunctionRef is a complex type, we don't attempt full
consistency on the background thread. Instead, we serialize functions
on the background in a partially-racy manner, in which consistency
between different JSFunction fields is *not* guaranteed. Consistency
is later verified through a new compilation dependency kind during
finalization.

Bug: v8:7790, v8:12004
Change-Id: Ic2b78af9c9fe183c8769d323132bb304b151dc75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968404
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75789}
2021-07-19 13:47:16 +00:00
Maya Lekova
aaa2b4861a Revert "[fastcall] Implement support for TypedArray arguments"
This reverts commit 84d5b027a7.

Reason for revert: Breaks UBSan - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/17349/overview

Original change's description:
> [fastcall] Implement support for TypedArray arguments
>
> This CL adds TypedArrays as supported arguments for fast API calls.
> It implements "exact type" matching, i.e. if Float32Array is expected
> and e.g. Int32Array is passed instead, the generated code bails to the
> slow callback.
>
> Bug: chromium:1052746, chromium:1018624
> Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75756}

Bug: chromium:1052746, chromium:1018624
Change-Id: I998afe766330f90efc878faa0e9546e709ddc4be
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035088
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75758}
2021-07-16 13:11:33 +00:00
Maya Lekova
84d5b027a7 [fastcall] Implement support for TypedArray arguments
This CL adds TypedArrays as supported arguments for fast API calls.
It implements "exact type" matching, i.e. if Float32Array is expected
and e.g. Int32Array is passed instead, the generated code bails to the
slow callback.

Bug: chromium:1052746, chromium:1018624
Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75756}
2021-07-16 12:30:22 +00:00
Clemens Backes
974190b484 Fix data race in TypedArray::copyWithin
Just like many other operations implemented in elements.cc, copyWithin
also needs to use relaxed atomics if operating on a shared array buffer
to avoid races with other threads.
Since the ranges can overlap, this CL also adds a {Relaxed_Memmove}
function that either copies forwards (like {Relaxed_Memcpy}) or
backwards depending on the ordering of source and destination.

R=leszeks@chromium.org

Bug: chromium:1221035
Change-Id: I76b7e43810ac9b85f4ff9abbc5a0406618771c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032084
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75752}
2021-07-16 11:41:24 +00:00
Clemens Backes
adba051286 [wasm] Remove low-level test-only functions
This removes the low-level {SwitchMemoryPermissionsToWritable()} and
{SwitchMemoryPermissionsToExecutable()} functions. They are only used in
tests and can be replaced by {CodeSpaceWriteScope} objects that we also
use in production.

R=jkummerow@chromium.org

Change-Id: I7ba702c836f3ac2dd7c7a81d6362040b28e8bef4
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024150
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75739}
2021-07-15 11:07:26 +00:00
Emanuel Ziegler
905aafab8b [wasm] Add CPU time metrics (reland)
This is a reland of dcdaf42fa8. It adds
CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.

Bug: v8:11611
Change-Id: I813fc8de36d1445c6a887abf496ec10e1a803815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953296
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75715}
2021-07-14 08:01:41 +00:00
Mike Stanton
60fdd3ba36 [compiler] Improve GetOwnFastDataPropertyFromHeap representation check
Added a parameter to Object::FitsRepresentation() to disallow coercion.
Normally, when we ask if a Smi can "fit" into a Double representation
we'd answer yes, because the Smi can be converted to a HeapNumber.
However, from the compilers perspective, the object is found in a
field with a particular representation. In this case, finding a
Smi in a field with representation Double means something is awry.
Therefore, it's useful for the compiler to be able to ask if
the object fits the field without coercion.

Bug: chromium:1227324, v8:7790
Change-Id: I12033736030d904ef9c29516c07999600a5f508a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015570
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75706}
2021-07-13 13:26:56 +00:00
Lu Yahan
901633f3ca [riscv64][wasm] Implement wasm function
- Implement f32/f64 fcopysign
- Implement f32/f64 type conversion
- enable some test cases that now pass.

Change-Id: Ia36299484adac885349df25d7c233dd7e43dded4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992914
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75690}
2021-07-13 00:08:25 +00:00
Andrew Comminos
b4ee32837e [cpu-profiler] Disable logging in lazy mode when no profiles are active
Now that code entries outlive our CodeMap, it's safe to avoid storing
CodeMap metadata after the last active profiler stops. This simplifies
lifecycle logic, and avoids retaining stale data.

Bug: v8:11054
Change-Id: If30fc0835e2033b5bcca204565e05a5cba7823ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000526
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75689}
2021-07-12 22:36:11 +00:00
Dominik Inführ
95249ba563 [test, heap] Skip tests when shared RO space is disabled
Bug: v8:11966
Change-Id: I3e5fe6e9d53938793c7f66cd05b4dcfe3073c22f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015568
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75652}
2021-07-09 08:26:14 +00:00
Patrick Thier
c0fd89c3c0 Reland "Reland "Reland "Improve error messages for property access on null/undefined"""
This is a reland of 819c3ae2f8

Original change's description:
> Reland "Reland "Improve error messages for property access on null/undefined""
>
> This is a reland of 8b18c5e6a5
>
> Original change's description:
> > Reland "Improve error messages for property access on null/undefined"
> >
> > This is a reland of 24c626c1f7
> >
> > Original change's description:
> > > Improve error messages for property access on null/undefined
> > >
> > > Only print the property name when accessing null/undefined if we can
> > > convert it to a string without causing side effects.
> > > If we can't, omit the property name in the error message.
> > > This should avoid confusion when the key is an object with toString().
> > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > > Object]' anymore, which was misleading since the property accessed would
> > > be 'a', but we can't evaluate the key without side effects.
> > >
> > > Bug: v8:11365
> > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#75250}
> >
> > Bug: v8:11365
> > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75571}
>
> Bug: v8:11365
> Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75604}

Bug: v8:11365
Change-Id: I002b537144f328ccbbdcd655e26e5dc87c49c6f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013935
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75645}
2021-07-08 14:31:27 +00:00
Clemens Backes
72af112c29 [wasm] Disable trap handling for memory64
Trap handling is not implemented yet for memory64. Make sure that no
code tries to use it, by setting {NativeModule::bounds_checks_}
accordingly.
This requires some changes to tests to make sure that the
{WasmModule::is_memory64} field is set before creating the corresponding
{NativeModule}.

R=ahaas@chromium.org

Bug: v8:10949
Change-Id: I11d9544b603fc471e3368bb4e7487da4711293a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011167
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75632}
2021-07-08 11:03:08 +00:00
Leszek Swirski
7ac7b72b68 Revert "Reland "Reland "Improve error messages for property access on null/undefined"""
This reverts commit 819c3ae2f8.

Reason for revert: Sorry Patrick, still failing on some layout tests :( https://test-results.appspot.com/data/layout_results/mac-rel/726365/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html

Original change's description:
> Reland "Reland "Improve error messages for property access on null/undefined""
>
> This is a reland of 8b18c5e6a5
>
> Original change's description:
> > Reland "Improve error messages for property access on null/undefined"
> >
> > This is a reland of 24c626c1f7
> >
> > Original change's description:
> > > Improve error messages for property access on null/undefined
> > >
> > > Only print the property name when accessing null/undefined if we can
> > > convert it to a string without causing side effects.
> > > If we can't, omit the property name in the error message.
> > > This should avoid confusion when the key is an object with toString().
> > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > > Object]' anymore, which was misleading since the property accessed would
> > > be 'a', but we can't evaluate the key without side effects.
> > >
> > > Bug: v8:11365
> > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#75250}
> >
> > Bug: v8:11365
> > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75571}
>
> Bug: v8:11365
> Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75604}

Bug: v8:11365
Change-Id: I7d7c0f201288384c2aa38a51418b582a64213ae0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013352
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75626}
2021-07-08 07:50:18 +00:00
Peter Kasting
d11991fc8b Fix an instance of -Wimplicit-int-float-conversion.
Bug: chromium:989932
Change-Id: I357a19a9da934f07181122bbf50614ccddce3a4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009926
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75612}
2021-07-07 15:00:40 +00:00
Dominik Inführ
9663bb31d8 [heap] Perform GC in a shared heap
This CL implements GC in a shared heap. A shared GC is started from
an attached client isolate that fails to allocate a shared object. In
order to perform a shared GC all other running client isolates need
to be stopped and their roots need to be scanned.

Bug: v8:11708
Change-Id: I45ac50e6b4a1e9270f9e39b69f9b8ee5e6e14134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964816
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75606}
2021-07-07 13:40:00 +00:00
Patrick Thier
819c3ae2f8 Reland "Reland "Improve error messages for property access on null/undefined""
This is a reland of 8b18c5e6a5

Original change's description:
> Reland "Improve error messages for property access on null/undefined"
>
> This is a reland of 24c626c1f7
>
> Original change's description:
> > Improve error messages for property access on null/undefined
> >
> > Only print the property name when accessing null/undefined if we can
> > convert it to a string without causing side effects.
> > If we can't, omit the property name in the error message.
> > This should avoid confusion when the key is an object with toString().
> > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > Object]' anymore, which was misleading since the property accessed would
> > be 'a', but we can't evaluate the key without side effects.
> >
> > Bug: v8:11365
> > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75250}
>
> Bug: v8:11365
> Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75571}

Bug: v8:11365
Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75604}
2021-07-07 13:26:09 +00:00
Clemens Backes
1fa8b3e80f [wasm] Unify bounds checks in tests and production
The {TestingModuleBuilder} had separate logic to compute the bounds
checking strategy. This can lead to compiled code that does not match
the bounds checking strategy stored in the NativeModule. Hence, tests
should use {NativeModule::bounds_checks_} for initializing their
compilation environment.

R=ahaas@chromium.org

Change-Id: I366c2ea5d06062273fa21e388871fc1adab54fef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009222
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75601}
2021-07-07 11:52:36 +00:00
Mike Stanton
6a1063c899 [compiler] TSAN data race on HeapNumber::value_as_bits()
TurboFan reads the value in HeapNumber, and TSAN detects a data
race between this read and sets on the main thread elsewhere.
We mark this as relaxed atomic (meaning, correct value of the read
is not guaranteed). The compiler uses the dependency mechanism
to re-read the value safely on the main thread later, and aborts
compilation if a change is detected.

Bug: chromium:1224277, v8:7790
Change-Id: I8931d8989812550c0c57b6bd27aa796f6f5e779d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996201
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75586}
2021-07-06 13:04:17 +00:00
Leszek Swirski
94cd8b6459 Revert "Reland "Improve error messages for property access on null/undefined""
This reverts commit 8b18c5e6a5.

Reason for revert: Still failing: https://test-results.appspot.com/data/layout_results/V8_Blink_Linux/12469/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html

Original change's description:
> Reland "Improve error messages for property access on null/undefined"
>
> This is a reland of 24c626c1f7
>
> Original change's description:
> > Improve error messages for property access on null/undefined
> >
> > Only print the property name when accessing null/undefined if we can
> > convert it to a string without causing side effects.
> > If we can't, omit the property name in the error message.
> > This should avoid confusion when the key is an object with toString().
> > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> > Object]' anymore, which was misleading since the property accessed would
> > be 'a', but we can't evaluate the key without side effects.
> >
> > Bug: v8:11365
> > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Patrick Thier <pthier@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75250}
>
> Bug: v8:11365
> Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75571}

Bug: v8:11365
Change-Id: Ic4137f0d70fa9b10ca70fa921b98ea7e1499f11b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008217
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75577}
2021-07-06 09:46:11 +00:00
Patrick Thier
8b18c5e6a5 Reland "Improve error messages for property access on null/undefined"
This is a reland of 24c626c1f7

Original change's description:
> Improve error messages for property access on null/undefined
>
> Only print the property name when accessing null/undefined if we can
> convert it to a string without causing side effects.
> If we can't, omit the property name in the error message.
> This should avoid confusion when the key is an object with toString().
> E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> Object]' anymore, which was misleading since the property accessed would
> be 'a', but we can't evaluate the key without side effects.
>
> Bug: v8:11365
> Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75250}

Bug: v8:11365
Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75571}
2021-07-06 08:07:21 +00:00
Clemens Backes
bcda3b68d0 [wasm] Rename use_trap_handler fields to bounds_checks
This is a three-state field now: kTrapHandler, kExplicitBoundsChecks,
kNoBoundsChecks. It is set once based on the flags
(--wasm-bounds-checks and --wasm-enforce-bounds-checks) and depending on
whether the signal handler for wasm trap handling was installed. All
compilation then only uses the field value, and does not need to check
any flags any more.

R=ahaas@chromium.org

Bug: v8:11926
Change-Id: I2c0eb5ecb742ee65d1c10e4dceff7204119dab7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996191
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75558}
2021-07-05 13:38:58 +00:00
Thibaud Michaud
6f48b7b369 Reland "[wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing"
This is a reland of b0bcedccfd
Changes:
- Consistently use int32_t for max_steps and nondeterminism
- Skip SIMD tests on architectures that don't support it

Original change's description:
> [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I9764e3e2944690ed0883afdab20afd47fdd4acfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979605
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75512}

Bug: v8:11856
Change-Id: I0a7858d1c21c0dfb961b9b2c3fa1074f9362886a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001178
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75557}
2021-07-05 13:21:13 +00:00
Zhi An Ng
50fb0a2fa6 Revert "[build] Separate out inspector as a shared library"
This reverts commit 92bfb63cac.

Reason for revert: Broke build https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/43249/overview

Original change's description:
> [build] Separate out inspector as a shared library
>
> This makes src/inspector:inspector into a v8_component producing a
> shared library in component builds. To enable this, all of its exported
> are now marked with V8_INSPECTOR_EXPORT.
>
> This also inverts the dependency between src/inspector:inspector and
> :v8_base_without_compiler, and instead makes d8 and some tests depend on
> inspector rather than getting it via v8.
>
> As a result, the no_check_targets exclusions list in .gn is reduced.
>
> Ultimately embedders like chromium should depend on :v8 and optionally
> src/inspector:inspector, but to allow that transition to occur, this
> renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
> inspector. Once all embedders have changed to reflect the new structure,
> this part can be reverted.
>
> Bug: v8:11917
> Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75532}

Bug: v8:11917
Change-Id: I0ed27ed95211d13b8b3438a8c0a42d577806c475
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003452
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75533}
2021-07-02 16:15:20 +00:00
Dan Elphick
92bfb63cac [build] Separate out inspector as a shared library
This makes src/inspector:inspector into a v8_component producing a
shared library in component builds. To enable this, all of its exported
are now marked with V8_INSPECTOR_EXPORT.

This also inverts the dependency between src/inspector:inspector and
:v8_base_without_compiler, and instead makes d8 and some tests depend on
inspector rather than getting it via v8.

As a result, the no_check_targets exclusions list in .gn is reduced.

Ultimately embedders like chromium should depend on :v8 and optionally
src/inspector:inspector, but to allow that transition to occur, this
renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
inspector. Once all embedders have changed to reflect the new structure,
this part can be reverted.

Bug: v8:11917
Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75532}
2021-07-02 15:11:30 +00:00
Toon Verwaest
5217e05076 [parsing] Split FLAG_lazy into three subflags
Splits FLAG_lazy into
  - FLAG_lazy for main-thread compiled scripts/modules
  - FLAG_lazy_streaming for streamed scripts
  - FLAG_lazy_eval for eval

This allows us to evaluate the impact of non-lazy compilation for streamed
scripts.

Change-Id: I8a362ea184e0afd3aa7cdb11a7eab5b7497a4691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999090
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75518}
2021-07-01 17:14:15 +00:00
Zhi An Ng
384c634f51 Revert "[wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing"
This reverts commit b0bcedccfd.

Reason for revert: fails nosse3 checks

Original change's description:
> [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
>
> R=​clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I9764e3e2944690ed0883afdab20afd47fdd4acfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979605
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75512}

Bug: v8:11856
Change-Id: I19a159281f8e6ffc3dd77f35dbdf852bd032c2bc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000723
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75515}
2021-07-01 16:33:18 +00:00
Manos Koukoutos
c06a8e230c [wasm] Do not use WasmInitExpr for element segments
Changes:
- Use a lightweight WasmElemSegment::Entry struct to store element
  segment entries in a WasmModule.
- Also, restructure LoadElemSegmentImpl to handle all types of
  global.get entries correctly.
- Simplify InitializeIndirectFunctionTables and make it handle all types
  of entries correctly.
- In the above two cases, reject WasmJSFunctions for now.

Bug: v8:11895
Change-Id: Ie714f8c7f1af8959486138d2ad49bc622a89276d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991248
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75513}
2021-07-01 14:44:49 +00:00
Thibaud Michaud
b0bcedccfd [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
R=clemensb@chromium.org

Bug: v8:11856
Change-Id: I9764e3e2944690ed0883afdab20afd47fdd4acfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979605
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75512}
2021-07-01 14:34:01 +00:00
Peter Kasting
ae1eee10fa Fix most instances of -Wunreachable-code-aggressive.
There are still a few cases remaining that seem more controversial;
I'll upload those separately.

Bug: chromium:1066980
Change-Id: Iabbaf23f9bbe97781857c0c589f2b3db685dfdc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994804
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75494}
2021-07-01 03:03:25 +00:00
Liu Yu
10e158862c [mips] Fix kWasmInstanceOffset and clear an unused test
Fix a offset error, this is related to
commit 38fb148730

Delete cctest/test-run-machops/StackSlotAlignment, this is
related to commit a58f812c48

Change-Id: I3ef1b96d8a3bdba530200cbac4f7a062496ace59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994813
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#75493}
2021-07-01 01:04:26 +00:00
Manos Koukoutos
7981dc33d5 Reland "[wasm] Refactor initializer expression handling"
This is a reland of 071a1acf32

Changes compared to original:
Expect SIMD test to fail if SIMD is not supported.

Original change's description:
> [wasm] Refactor initializer expression handling
>
> Design doc: https://bit.ly/3xPxWUe
>
> This CL introduces two main changes:
> - Initializer expressions are now decoded by WasmFullDecoder. With
>   wasm-gc, initializer expressions are no longer just constants, and
>   require complex decoding (including stack tracking). This resulted in
>   extensive code duplication.
> - Initializer expressions are not stored explicitly by module-decoder as
>   an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded
>   again during module instantiation. This should reduce memory
>   consumption for globals and other module elements with initializer
>   expressions (which has been observed in the 40MB range in some
>   real-world benchmarks.
>
> Summary of changes:
> - Add a static parameter {kFunctionBody, kInitExpression} to the
>   WasmDecoder. Use it to specialize validation to function bodies/init.
>   expressions.
> - Introduce a new Interface for the WasmFullDecoder for init.
>   expressions.
> - Differentiate between constant and non-constant opcodes in
>   WasmFullDecoder.
> - Change representation of init. expressions in WasmModule to
>   WireBytesRef.
> - Reimplement EvaluateInitExpression in module-instantiate to re-decode
>   initializer expressions.
> - Remove some now-invalid module decoder tests.
>
> Pending changes:
> - Also refactor initializer expressions for element segment entries.
> - Reintroduce deleted tests.
>
> Bug: v8:11895
> Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75476}

Bug: v8:11895
Change-Id: I2dface5ff28d5a2d439a65d3e5cb83135c061bb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997722
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75492}
2021-06-30 21:33:46 +00:00
Clemens Backes
5756c40e47 Revert "[wasm] Refactor initializer expression handling"
This reverts commit 071a1acf32.

Reason for revert: Breaks on nosse: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/42795/overview

Original change's description:
> [wasm] Refactor initializer expression handling
>
> Design doc: https://bit.ly/3xPxWUe
>
> This CL introduces two main changes:
> - Initializer expressions are now decoded by WasmFullDecoder. With
>   wasm-gc, initializer expressions are no longer just constants, and
>   require complex decoding (including stack tracking). This resulted in
>   extensive code duplication.
> - Initializer expressions are not stored explicitly by module-decoder as
>   an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded
>   again during module instantiation. This should reduce memory
>   consumption for globals and other module elements with initializer
>   expressions (which has been observed in the 40MB range in some
>   real-world benchmarks.
>
> Summary of changes:
> - Add a static parameter {kFunctionBody, kInitExpression} to the
>   WasmDecoder. Use it to specialize validation to function bodies/init.
>   expressions.
> - Introduce a new Interface for the WasmFullDecoder for init.
>   expressions.
> - Differentiate between constant and non-constant opcodes in
>   WasmFullDecoder.
> - Change representation of init. expressions in WasmModule to
>   WireBytesRef.
> - Reimplement EvaluateInitExpression in module-instantiate to re-decode
>   initializer expressions.
> - Remove some now-invalid module decoder tests.
>
> Pending changes:
> - Also refactor initializer expressions for element segment entries.
> - Reintroduce deleted tests.
>
> Bug: v8:11895
> Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75476}

Bug: v8:11895
Change-Id: I9fcfdedad73ef21beb9632f50305b8e678a2dff6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997582
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75484}
2021-06-30 16:05:26 +00:00
Clemens Backes
d701dde2be [cleanup] Remove redundant FLAG_SCOPE macros
FLAG_SCOPE_EXTERNAL can be used outside of the v8::internal namespace,
while FLAG_SCOPE can not.
This CL refactors FLAG_SCOPE such that it can be used anywhere, and
removes the redudant FLAG_SCOPE_EXTERNAL macro.
Also, UNFLAG_SCOPE_EXTERNAL is removed in favor of FLAG_SCOPE_VAL, as
the word "flag" in the macro name is meant to refer to a flag, and not
to the verb or action of "flagging" something, hence "unflag" does not
match the terminology.

R=ahaas@chromium.org

Bug: v8:11879
Change-Id: I2d761012c3e4330abb611bf67130eb57ec5bb964
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988920
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75482}
2021-06-30 15:05:25 +00:00
Manos Koukoutos
071a1acf32 [wasm] Refactor initializer expression handling
Design doc: https://bit.ly/3xPxWUe

This CL introduces two main changes:
- Initializer expressions are now decoded by WasmFullDecoder. With
  wasm-gc, initializer expressions are no longer just constants, and
  require complex decoding (including stack tracking). This resulted in
  extensive code duplication.
- Initializer expressions are not stored explicitly by module-decoder as
  an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded
  again during module instantiation. This should reduce memory
  consumption for globals and other module elements with initializer
  expressions (which has been observed in the 40MB range in some
  real-world benchmarks.

Summary of changes:
- Add a static parameter {kFunctionBody, kInitExpression} to the
  WasmDecoder. Use it to specialize validation to function bodies/init.
  expressions.
- Introduce a new Interface for the WasmFullDecoder for init.
  expressions.
- Differentiate between constant and non-constant opcodes in
  WasmFullDecoder.
- Change representation of init. expressions in WasmModule to
  WireBytesRef.
- Reimplement EvaluateInitExpression in module-instantiate to re-decode
  initializer expressions.
- Remove some now-invalid module decoder tests.

Pending changes:
- Also refactor initializer expressions for element segment entries.
- Reintroduce deleted tests.

Bug: v8:11895
Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75476}
2021-06-30 14:15:45 +00:00
Clemens Backes
e6371af86a [wasm] Introduce --wasm-enforce-bounds-checks flag
There currently is no way to enforce explicit bounds checks if the
embedder installed the signal handler for wasm trap handling (queried
via {trap_handler::IsTrapHandlerEnabled()}).
This CL adds a respective flag and makes all compilation emit explicit
bounds checks if it is disabled.

R=ahaas@chromium.org

Bug: v8:11926
Change-Id: Ie19faab1766d3105f3c22cb4470c0f15398f1d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989129
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75453}
2021-06-30 08:31:14 +00:00
Peter Kasting
6f6bfe146f Reland "Fix -Wimplicit-int-float-conversions."
This is a reland of edab873071
It was speculatively reverted but the issue turned out to just be slow
tests.

Original change's description:
> Fix -Wimplicit-int-float-conversions.
>
> Bug: chromium:989932
> Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Auto-Submit: Peter Kasting <pkasting@chromium.org>
> Commit-Queue: Peter Kasting <pkasting@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75413}

Bug: chromium:989932
Change-Id: Iec8ac8ee32705c6a699a2df2f292ffe07cde99f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994802
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75443}
2021-06-29 16:36:18 +00:00
Dan Elphick
bf096ec960 [build] Reduce dependencies on deserializer.h
Several headers in the large inline objects header cycle were depending
on deserializer.h to access Deserializer::uninitialized_field_value().
Unfortunately this meant that a change to many snapshot headers caused a
rebuild of over 1480 files.

This moves the constant into smi.h which would always be included by the
objects inline headers.

Bug: v8:11879
Change-Id: I2efd1c42efd43e6cd4630cea7fd76dd2bd29ae3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992717
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75439}
2021-06-29 13:21:57 +00:00
Wenyu Zhao
3b9a093282 [heap] Skip more tests for TPH
This CL skips some recently added tests that do not work for TPH at the moment,
including:

* One uses --concurrent_inlining
* One Requires local heaps
* 7 tests that create multiple isplates
* 3 LogMaps* tests that is expected to fail due to map address reuse

This CL also set v8_enable_allocation_folding = true for TPH.

Bug: v8:11641
Change-Id: I5db32f5f9e730dc4e12e4869ec78210bde23ca0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994219
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75432}
2021-06-29 07:37:19 +00:00
Francis McCabe
5c9406cfc8 Revert "Fix -Wimplicit-int-float-conversions."
This reverts commit edab873071.

Reason for revert: appears to be causing additional TSAN flakes: see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3772

Original change's description:
> Fix -Wimplicit-int-float-conversions.
>
> Bug: chromium:989932
> Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Auto-Submit: Peter Kasting <pkasting@chromium.org>
> Commit-Queue: Peter Kasting <pkasting@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75413}

Bug: chromium:989932
Change-Id: I43d16b151f3c2d7bd68d0007af18a06de65da442
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991342
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75419}
2021-06-28 15:43:41 +00:00
Daan de Graaf
5667bfe593 [wasm-simd][arm] Fuse extadd_pairwise and add SIMD on arm.
Bug: v8:11546
Change-Id: I40bc4b5e3c813edba4a194b086b63e19d1231e29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2956729
Commit-Queue: Daan de Graaf <daagra@google.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75416}
2021-06-28 14:26:00 +00:00
Peter Kasting
edab873071 Fix -Wimplicit-int-float-conversions.
Bug: chromium:989932
Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75413}
2021-06-28 13:08:20 +00:00
Dan Elphick
44e73e0b78 Reland "[base] Move most of src/numbers into base"
This is a reland of 9701d4a420
with a small fix for some code landed in between the dry-run and
submission.

Original change's description:
> [base] Move most of src/numbers into base
>
> Moves all but conversions.*, hash-seed-inl.h and math-random.* into
> base, in preparation for moving the parts of conversions that don't
> access HeapObjects.
>
> Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
>
> Bug: v8:11917
> Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75354}

Bug: v8:11917
Change-Id: Ie1ec9032fe56646a7c7303185cecc70fce5694ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982607
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75368}
2021-06-24 15:00:27 +00:00
Nico Hartmann
10f6151d7e Revert "[base] Move most of src/numbers into base"
This reverts commit 9701d4a420.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/40802/overview

Original change's description:
> [base] Move most of src/numbers into base
>
> Moves all but conversions.*, hash-seed-inl.h and math-random.* into
> base, in preparation for moving the parts of conversions that don't
> access HeapObjects.
>
> Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
>
> Bug: v8:11917
> Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75354}

Bug: v8:11917
Change-Id: Iacf796c95256016fa74f0a910c5bb1a86baa425a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982605
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75356}
2021-06-24 11:14:24 +00:00
Thibaud Michaud
a7776e30e2 [wasm][interpreter] Fix catch-less try
Because of catch-less try blocks, we have to check the exception stack
one more time so that we don't try to rethrow to an outer try scope if
this is already the outermost one.

R=clemensb@chromium.org

Bug: chromium:1219746
Change-Id: I6ad7e4afec669f04bc10197998db5d6eb38a2205
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983205
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75355}
2021-06-24 11:06:33 +00:00
Dan Elphick
9701d4a420 [base] Move most of src/numbers into base
Moves all but conversions.*, hash-seed-inl.h and math-random.* into
base, in preparation for moving the parts of conversions that don't
access HeapObjects.

Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.

Bug: v8:11917
Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75354}
2021-06-24 11:01:23 +00:00
Milad Fa
c1190cf9b7 PPC/s390: [wasm][liftoff][ia32][x64] Detect NaNs for fuzzing
Port e699762e06

Original Commit Message:

    Instrument floating-point operations to set a flag if the result is NaN.
    Does not handle f32x4 and f64x2 results yet.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: If81861b65d2a0a98389eebb480127069fd1b5509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983458
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75342}
2021-06-23 23:04:43 +00:00
Thibaud Michaud
e699762e06 [wasm][liftoff][ia32][x64] Detect NaNs for fuzzing
Instrument floating-point operations to set a flag if the result is NaN.
Does not handle f32x4 and f64x2 results yet.

R=clemensb@chromium.org

Bug: v8:11856
Change-Id: I1c3603e2c0c92e71bea8418e85852c01904379af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979600
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75335}
2021-06-23 15:17:48 +00:00
Igor Sheludko
939ee79d99 [runtime] Fix spec violation in Object.defineProperties
... which didn't properly handle non-Smi integer indices with
JSTypedArray receivers.

The addition of new JSReceiver::OrdinaryDefineOwnProperty() overload
with LookupIterator::Key caused circular dependency between lookup.h
and js-objects.h, so the LookupIterator::Key was moved out of the
LookupIterator class in order to make it forward-declarable.

Bug: chromium:1209405
Change-Id: I265f0c00f65ab6476c8f1d0ca1264f555d43465f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972727
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75326}
2021-06-23 10:13:03 +00:00
Dan Elphick
9010201c99 [base] Create base/strings.h
Moves VSNPrintf, SNPrintf and StrNCpy out of utils/utils.h into
base/strings.h.

Bug: v8:11879
Change-Id: I0e165cb27c42f89c9acd1c6378514b40a90cd18d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972732
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75308}
2021-06-22 16:55:32 +00:00
Georg Neis
4c41299d8c [compiler] Fix serialization for Function#bind
It was not in sync with the optimization, which relies on
inspecting up the length and name fields even for bound
functions.

To make a now meaningful serializer test actually pass, I have
to to make some changes to the test setup.

I'm also moving the function name and length index constants
from JSFunction to JSFunctionOrBoundFunction for clarity.

TBR=marja@chromium.org

Bug: v8:7790
Change-Id: I36dd3c80996ccb53810c7ea9bfceb5c84ffd60ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972919
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75299}
2021-06-22 12:42:19 +00:00
Dan Elphick
332d6c1114 [utils] Remove StringBuilder class
StringBuilder and its base class SimpleStringBuilder aren't very safe
and are a potential source of memory leaks or double-frees.

This removes the StringBuilder class and converts all of its usages to
use the standard library.

(As a drive-by, this converts std::ostream* to std::ostream& which is
more idiomatic C++).

Bug: v8:11917
Change-Id: I0eaf9d60cf49836e65bb28f0e114b33ef8103a61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2978252
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75298}
2021-06-22 12:37:42 +00:00
Bill Budge
b261213fcc Revert "Improve error messages for property access on null/undefined"
This reverts commit 24c626c1f7.

Reason for revert: Blocks V8 roll into Chromium (changed error messages cause tests to fail):
https://ci.chromium.org/p/chromium/builders/try/linux-rel/724109?

Original change's description:
> Improve error messages for property access on null/undefined
>
> Only print the property name when accessing null/undefined if we can
> convert it to a string without causing side effects.
> If we can't, omit the property name in the error message.
> This should avoid confusion when the key is an object with toString().
> E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
> Object]' anymore, which was misleading since the property accessed would
> be 'a', but we can't evaluate the key without side effects.
>
> Bug: v8:11365
> Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75250}

Bug: v8:11365
Change-Id: Ic63f34033254f55b3871041633d84ea48586a75d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2977374
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75282}
2021-06-21 23:06:41 +00:00
Igor Sheludko
e4361df076 [ext-code-space] Migrate CodeDataContainer::next_code_link to CodeT
... and OPTIMIZED_CODE_LIST and DEOPTIMIZED_CODE_LIST slots of
NativeContext which serve as heads of respective weak lists of Code
objects.

Drive-by: trivial NativeContext methods are moved to contexts-inl.h
header.

Bug: v8:11880
Change-Id: I0f2ca967b2820f84c279fea702bab28829f65d0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968416
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75268}
2021-06-21 12:43:27 +00:00
Clemens Backes
089221ef96 [wasm] Pass and store fewer wasm engine pointers
There is exactly one WasmEngine per process, hence we do not need to
store or pass a pointer to it. We just use {GetWasmEngine} (which just
reads a global variable) whenever we need it.

R=jkummerow@chromium.org

Bug: v8:11879
Change-Id: I7e0e86e326f4cafe5a894af0ff6d35803c0340a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972725
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75266}
2021-06-21 11:57:45 +00:00
Clemens Backes
fa3cd68a3f [isolate][cleanup] Remove pointer to WasmEngine
The WasmEngine is shared across the whole process, so there is no need
to store it in every Isolate.
Instead, we can just get it from everywhere on any thread using
{wasm::GetWasmEngine()}, which is a simple read of a global.

R=jkummerow@chromium.org

Bug: v8:11879
Change-Id: I13afb8ca3d116aa14bfaec5a4bbd6d71faa9aa17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969825
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75265}
2021-06-21 09:09:25 +00:00
Patrick Thier
24c626c1f7 Improve error messages for property access on null/undefined
Only print the property name when accessing null/undefined if we can
convert it to a string without causing side effects.
If we can't, omit the property name in the error message.
This should avoid confusion when the key is an object with toString().
E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object
Object]' anymore, which was misleading since the property accessed would
be 'a', but we can't evaluate the key without side effects.

Bug: v8:11365
Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75250}
2021-06-18 14:47:08 +00:00
Igor Sheludko
919fa26613 [ext-code-space] Migrate WasmExportedFunctionData code field to CodeT
In order to avoid unnecessary conversions to CodeT and back this CL:
- makes compiler::CompileCWasmEntry() return CodeT,
- makes Execution::CallWasm() accept CodeT.

Bug: v8:11880
Change-Id: Ic4b7b5f476c6efcfca4bc116ecd45cdee9f0c6c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2971743
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75247}
2021-06-18 14:10:43 +00:00
Vasili Skurydzin
b6b2b85f7e [ppc64] Use signed integers for machine ops tests
When result is returned in a register to the calling code, some GCC
versions use 32 bit compare, and some use 64 bit compare. In the case
comparison is 64 bit, GCC on PPC64 arch is expecting the return value to
be sign-extended, leading to an error in comparison.

Change-Id: I05b7e1566bc9bb931ce9998bb310eb29c50e90e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968449
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Cr-Commit-Position: refs/heads/master@{#75245}
2021-06-18 13:40:08 +00:00
Dan Elphick
7f5383e8ad [base] Move utils/vector.h to base/vector.h
The adding of base:: was mostly prepared using git grep and sed:
git grep -l <pattern> | grep -v base/vector.h | \
  xargs sed -i 's/\b<pattern>\b/base::<pattern>/
with lots of manual clean-ups due to the resulting
v8::internal::base::Vectors.

#includes were fixed using:
git grep -l "src/utils/vector.h" | \
  axargs sed -i 's!src/utils/vector.h!src/base/vector.h!'

Bug: v8:11879
Change-Id: I3e6d622987fee4478089c40539724c19735bd625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968412
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75243}
2021-06-18 13:33:13 +00:00
Igor Sheludko
acd567b8f9 [ext-code-space] Migrate FeedbackVector::optimized_code field to CodeT
Bug: v8:11880
Change-Id: I6a0b6bc1b4a7c75bfca2e4f611f45012474309a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968414
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75235}
2021-06-18 09:25:42 +00:00
Igor Sheludko
c2c6bfba5a [ext-code-space] Migrate more code entries to CodeT
Namely,
- StackFrameInfo::code_object
- DependentCode's code entries
- OSROptimizedCodeCache's code entries

Bug: v8:11880
Change-Id: I49bc28f2935dd1561901932a2dfe0bf01bc6836e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969824
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75234}
2021-06-18 08:42:47 +00:00
Igor Sheludko
39c1f718b5 [ext-code-space] Migrate JSRegExp code fields to CodeT
Bug: v8:11880
Change-Id: Idf23521d6cb1885922f92e1050937daa2d29acd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968409
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75225}
2021-06-17 17:37:01 +00:00
Toon Verwaest
a71ab76a60 [interpreter] Remove %_Call
This isn't used outside of tests, so let's just remove it.

Change-Id: I06b7ec11911fd8ebc3bbabcba16d0c2a3fafddab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968413
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75220}
2021-06-17 15:16:41 +00:00
Igor Sheludko
4c53593010 [ext-code-space][ic] Migrate IC handlers to CodeT
Bug: v8:11880
Change-Id: I08b9eb182a42ca612a60fdafc0a059f97a3f0d87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968411
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75219}
2021-06-17 14:55:31 +00:00
Toon Verwaest
863a2d6c24 [interpreter] Remove unused interpreter intrinsics
This also removes intrinsics that were just used in tests. It keeps
InlineIncBlockCounter for now because it's a less straightforward.

Change-Id: I77e55d7a746294892d0fd7ab577ebf8eb42f1f08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953195
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75217}
2021-06-17 13:43:41 +00:00
Dominik Inführ
37ecee6a42 [heap] Cache regular code object size
MemoryChunkLayout::MaxRegularCodeObjectSize() can be cached in a
global variable on process initialization. This should help to increase
code object allocation performance, since this method was called on
each code object allocation.

Bug: v8:11891
Change-Id: I870bd37202370aec89ef2db24264e363099bf8a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966387
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75215}
2021-06-17 13:35:21 +00:00
Andrew Comminos
9cd0b56397 [cpu-profiler] Reland reference counting for code entries
To enable deallocation of CodeEntry objects after they're no longer
being referenced by an active profile or alive on the heap, replace the
|used| bit with a proper reference count maintained by a CodeMap.

Bug: v8:11054
Change-Id: I3016cdbcbd1b4e8a26c3b1689e968cb2eef8e6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2965493
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#75193}
2021-06-16 18:19:50 +00:00
Deepti Gandluri
4e95777177 Revert "[cpu-profiler] Reference counting for code entries"
This reverts commit 8e44ee5f75.

Reason for revert: Reverting due to UBSan failures - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/16888.

Original change's description:
> [cpu-profiler] Reference counting for code entries
>
> To enable deallocation of CodeEntry objects after they're no longer
> being referenced by an active profile or alive on the heap, replace the
> |used| bit with a proper reference count maintained by a CodeMap.
>
> Bug: v8:11054
> Change-Id: Id3d5941e509504415692f833e406ecdd2553d426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945541
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Andrew Comminos <acomminos@fb.com>
> Cr-Commit-Position: refs/heads/master@{#75164}

Bug: v8:11054
Change-Id: Iae3ae73014c7eafe20917cf088a569f370d9b53d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2965489
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75165}
2021-06-15 22:28:07 +00:00
Andrew Comminos
8e44ee5f75 [cpu-profiler] Reference counting for code entries
To enable deallocation of CodeEntry objects after they're no longer
being referenced by an active profile or alive on the heap, replace the
|used| bit with a proper reference count maintained by a CodeMap.

Bug: v8:11054
Change-Id: Id3d5941e509504415692f833e406ecdd2553d426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945541
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#75164}
2021-06-15 21:31:25 +00:00
Camillo Bruni
f3810dd916 [logging] Replace last uses of FLAG_trace_ic with FLAG_log_ic
Long live --log-ic!

Change-Id: I4d8cefd64cdbf693a868019deb2a864d43cbd2ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964393
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75159}
2021-06-15 16:26:39 +00:00
Igor Sheludko
4b4037308b [compiler] Simplify DependentCode API and make it type-safe
Bug: v8:11879, v8:11880
Change-Id: I6b37148ae2a971bda0cbb6636f64561ab0a02ba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960215
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75142}
2021-06-15 05:23:08 +00:00
Liu Yu
76a42474d2 [mips] Fix build failed
Port 407317a284

Change-Id: I6d46b2c9b9bafb0287fa711822aac8ffdb30c7ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2962153
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#75141}
2021-06-15 04:24:28 +00:00
Clemens Backes
13209a75c0 Reland "[no-wasm] Exclude trap-handler implementation"
This is a reland of 5d84b6cb9a. PS2 contains
the fix for a copy&paste error in a preprocessor condition.

Original change's description:
> [no-wasm] Exclude trap-handler implementation
>
> The trap handler is only needed for WebAssembly, hence it can be
> excluded in no-wasm builds (v8_enable_webassembly = false).
> This makes it easier to port WebAssembly to platforms that do not need
> to support WebAssembly.
>
> R=ahaas@chromium.org, jkummerow@chromium.org
> CC=johnx@google.com
>
> Bug: v8:11877
> Change-Id: I25c34c2c4f1122227047e13add532ee2b9f73d2f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953285
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75101}

Bug: v8:11877
Change-Id: I70dba5dc8762c65a9c751ff6619a3b0ebb542837
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960214
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75138}
2021-06-14 15:18:27 +00:00
Thibaud Michaud
ff2cf7dad2 [wasm][eh] Remove unwind instruction
Relevant links:
https://github.com/WebAssembly/exception-handling/issues/153
https://github.com/WebAssembly/exception-handling/pull/156

R=clemensb@chromium.org

Bug: v8:8091
Change-Id: I0deeb9665c6648e643d0aa4f310b7676e1c2fa32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959624
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75135}
2021-06-14 14:36:26 +00:00
Camillo Bruni
407317a284 [runtime] Rename Builtins::Name to Builtin 2/2
- Convert Builtin to enum class
- Change int-based builtin_index methods to use Builtin
- Change Builtins::builtin to Builtins::code

Change-Id: Id9e3bb83da97e8894ca7ca78e1e852da60675619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949104
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75127}
2021-06-14 12:48:46 +00:00
Thibaud Michaud
973c369f0c [wasm][interpreter] Pop catch-less try scope info
Now that try blocks don't need a catch handler, ensure that we still
properly close the scope when we handle the "end" opcode.

R=clemensb@chromium.org

Change-Id: I012939d5b3ee9caee9275a2f0abd65e517593870
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959623
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75126}
2021-06-14 11:26:07 +00:00
Clemens Backes
50117080af [wasm][cleanup] Fix passing of WireBytesStorage
WireBytesStorage is the class used to access the wire bytes of a
function for compilation. It is stored and passed in a shared_ptr,
because it can be updated while compilation is running, and the
compilation threads will keep the old reference alive until the last
reference is dropped.
This CL fixes a few issues where we unnecessarily passed a reference
to the shared_ptr instead of just a raw pointer, and changes one
copy-assign into a move-assign to avoid an unneeded reference increase
and decrease.

R=thibaudm@chromium.org

Bug: v8:11879
Change-Id: I18b626a7b6cde09d5b29f091bd9f49d01d408206
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953196
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75116}
2021-06-14 08:45:46 +00:00
Dominik Inführ
6b32e7d193 [heap] Fix concurrent allocation in shared map space
Two DCHECKS had to updated to allow for concurrent MAP_SPACE
allocations.

Bug: v8:11708
Change-Id: I8a059d2e5942f511802a95ec27cf566414dd740e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951724
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75105}
2021-06-11 18:00:44 +00:00
Dan Elphick
c26965bded [build] Reduce size of inline header cycles
This removes/replaces header includes with the aim of shrinking the
size of the inline header cycle. Specifically before this CL, there was
a single Strongly-Connected Component comprising 60 header files from
src/objects and src/heap.

Now there are two 2 SCCs. The src/heap SCC has 6 files and depends on
the src/objects SCC, which has 50 files. Additionally some previously
implicit dependencies have been added.

Dependencies calculated using:
git grep "#include \"" *.h *.cc | sed 's/:#include "/ /;s/".*$//' | \
awk 'BEGIN {print "digraph deps {" } END {print "}"} {print "\""$1"\" -> \""$2"\""}'

SCCs found using sccmap from graphviz.

Also removes unused Cell::FromValueAddress method.

Change-Id: Ib19d00ccd14e490ee64d57be4d99b1b3686ac32a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951734
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75103}
2021-06-11 15:36:04 +00:00
Daan de Graaf
930fb6463b [wasm-simd][arm64] Fuse add and extadd_pairwise_u.
The two instructions are fused into a single Uadalp instruction,
improving performance of quantized neural network operator
implementations such as XNNPACK.

Bug: v8:11546
Change-Id: Ic11b35d1e7758ee0b4ccfe8f592edc1aa798f6f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2939997
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Daan de Graaf <daagra@google.com>
Cr-Commit-Position: refs/heads/master@{#75102}
2021-06-11 15:33:24 +00:00
Manos Koukoutos
862ddf1efd [wasm] Do not enforce LE for globals and WasmValue
Changes:
- Remove endianness transformations from WasmValue contstructors.
  WasmValue will now use the system's endianness. Remove
  CopyToWithSystemEndianness.
- Remove endianness transformation from global variable load/stores in:
  wasm-compiler.cc, liftoff-compiler.cc, wasm-objects{.cc, -inl.h}, and
  wasm-interpreter.cc
- Adjust SIMD tests that directly access part of a value by changing
  which lane they access within that value. We do that by introducing
  a LANE macro and use it over ReadLittleEndianValue.

Change-Id: I99e97c6eae72e9a135b184633ec266049803bb03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944437
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75085}
2021-06-10 18:08:38 +00:00
Jakob Kummerow
f1acce32c5 [wasm] Make a few more traps uncatchable
With the upcoming "exception handling" proposal, we have to ensure
that traps are not catchable. This patch adds missing "uncatchable"
annotations to traps in the C-API and table-related instructions.

Fixed: v8:11813
Change-Id: I7bbd5043ede58a5315bd5117eb496ed014e79e91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953160
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75082}
2021-06-10 15:33:17 +00:00
Santiago Aboy Solanes
ae922188a4 [compiler] Add TSAN support for generated code movq and movl
We have to not have any instructions between EmitOOLTrapIfNeeded and the
movs. For this reason, we are now emitting EmitTSANStoreOOLIfNeeded
after the store rather than before.

We are also now requiring the code_kind to know if we are compiling a
FOR_TESTING function.

Finally, we have to differentiate between two different wasm-to-js
functions: one lives in the wasm code space, and another one lives on
the heap. The one that lives in wasm code space calls wasm stub calls,
and the other one calls the builtin like JS does.

Bug: v8:7790, v8:11600
Change-Id: Iafb4643068ae4e31881662e032f73af98a66baca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945185
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75077}
2021-06-10 13:37:55 +00:00
Peter Kasting
90c7d8ab6e Fix -Wc++11-narrowing in V8.
Bug: chromium:1216696
Change-Id: I0918215c2e2b845bd7b39e06128d74382a467b05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950262
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75062}
2021-06-09 22:47:37 +00:00
Zheng Liu
6ac9c652fa [riscv64] Fix decode error of neg instruction.
The disassembler cannot decode neg instruction correctly because a single
quote is missed.

Bug: v8:11833
Change-Id: I43f12e8e8e3f1e51244dc891e9bfb611a95f393b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2934617
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#75046}
2021-06-09 13:34:18 +00:00
Santiago Aboy Solanes
54157310c1 [string] Skip concurrent tests if FLAG_single_generation is on
Similar to https://crrev.com/c/v8/v8/+/2270548, we can add an early
return since we will not be creating thin strings while
single_generation is on.

Bug: v8:7790, v8:10614
Change-Id: Ib6ccc00bc79058daa163920a944ad328515f667e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948888
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75042}
2021-06-09 12:30:28 +00:00
Santiago Aboy Solanes
1bc7d17435 [string] Remove FLAG_thin_string and enable it all the time
It was added years ago and in 2017 it was enabled by default[1], which
means enough time has passed and we can remove the flag.

[1]: https://chromium-review.googlesource.com/c/v8/v8/+/528076/

Change-Id: I059417d4683910e86ebfddd93f504006094fa342
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947406
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75039}
2021-06-09 09:52:48 +00:00
Igor Sheludko
368a20bcd7 [runtime] Refactor interceptor handling
... and add regression test for contextual stores to JSGlobalObject
with interceptor in the prototype chain.

Bug: chromium:1216437
Change-Id: Ibd344288c6327b35f3276f59517995d591acb967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944895
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75038}
2021-06-09 09:16:42 +00:00
Wenyu Zhao
4217bfd2ad [heap] Fix or skip tests for TPH non-moving GC
* Skip 8 tests that timeout due to the low-performance of current MMTk non-moving GC.
  - This will be enabled after TPH performance issues are addressed.
* Skip 2 new tests that creates a second isolate -- TPH does not support it at the moment.
* Skip 1 test that expects concurrent sweeping behavior of cppgc.

Bug: v8:11641
Change-Id: If86cdcc303b01536d278368886bb30d91da5c5c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909692
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75036}
2021-06-09 08:44:48 +00:00
Thibaud Michaud
c134f0af98 [wasm][liftoff] Add step counter in Liftoff
Add a new testing tier based on Liftoff. In this tier, the Liftoff
compiler takes an address to a counter, and decrements that counter at
every instruction. When the counter reaches 0, execution aborts.

R=clemensb@chromium.org

Bug: v8:11856
Change-Id: I20970e323ff19f7cb6ab6855377c678ca391421e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944440
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75022}
2021-06-08 15:02:36 +00:00