Back references to C++ objects may point to objects that never have
their graph nodes materializes through other C++ edges. We can just
create a graph node in this case, and avoid delaying the merging
completetly.
Bug: chromium:1244522
Change-Id: I0e9cb7a89ee90bfba217bc8475ac40bd7fe92a0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129426
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76583}
... by removing some obsolete code.
Bug: v8:7790
Change-Id: I3a244ef5fc7fe15321e5bb1c9bb2fe794030ba3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124801
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76582}
It seems like SP on heap does not produce too much memory fragmentation,
therefore we do not need UndoLastAllocationAt.
Bug: v8:11872
Change-Id: Id2e44405329b52c1dcd6cd81bfc72ffba00035ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129428
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76581}
... by removing some obsolete code.
Bug: v8:7790
Change-Id: I722031158d45335f3e086eb335a447fbc5066cac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124798
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76580}
... by removing some obsolete code.
Bug: v8:7790
Change-Id: I32880d2a4fbd943ea0e485d8e8aff07ac9903e9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124795
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76576}
... by removing some obsolete code.
Bug: v8:7790
Change-Id: Ie098055a1849de5d853c126e0c7275164f964ce8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124774
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76575}
The log test checks for log positions, which may change when background
serialization / background compilation are enabled.
Fixed: v8:12117
Change-Id: I193c9c23e016fad1e3f06a9f377bb53db84a6988
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129421
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76573}
Allow %CompileBaseline on architectures that support Sparkplug
independent of runtime flags.
The deicsion based on --sparkplug runtime flag lead to spurious errors
on correctness fuzzers.
Bug: chromium:1244474
Change-Id: I764bd80cd7dff7e72729145c165dc039c594753c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127719
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76572}
Instead create the appropriate data on demand. Note that this
changes behavior of the default configuration.
Bug: v8:7790
Change-Id: Ia6bfcaace655c0fd72e2dcc0c2547195dc1cc4a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123419
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76570}
As with other crashes, also SIGABRT cuts of execution earlier. While
the reason might be interesting in normal fuzzing, in correctness
fuzzing, it leads to spurious reports due to the output differences.
No-Try: true
Bug: chromium:1242193
Change-Id: I6ee9a8e2a0254255d02b0106575931b523fbf666
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124808
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76569}
If a stack overflow occurs inside the regexp parser, propagate that
information to the parser.
Bug: v8:896,chromium:1243989
Change-Id: I5ced27ff968ad97764e156643e1980b3a722af1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127717
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76568}
This is for tests only, and in those tests it should crash, while
on fuzzers it should silently fail. For those failing cases, we
should clear the exception so that the runtime call isn't confused
Bug: chromium:1244254
Change-Id: I5bb1c50d1538331dd9298911d742530b9769be8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127714
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76566}
We can now tighten the return type of FindRootMap and remove some
related code.
Bug: v8:7790
Change-Id: I08325e7e4f4c9261c45770f7674b6644cc5c2b80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123411
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76564}
These methods are called only during the inlining phase, so even in the
default configuration we follow the same branch as concurrent inlining
and ignore the serialized data. We can thus tighten their return types
and cut down JSBoundFunctionData.
Bug: v8:7790
Change-Id: Ic48f8f2651d684440dc5f6a9934de2ae3a5b5132
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123410
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76561}
As per the release plan in crbug.com/v8/12142.
Bug: v8:7790,v8:12142
Change-Id: I80e2a3c571681a968ea245d52adfa539e0e7ab7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127711
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76560}
.. to consistently support more than a single argument.
Each argument is now a tagged union that may contain an AST string, a
C string, or a JS string handle.
Change-Id: Iac8e40b717dea95a2bc2903449dab56c181702d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122086
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76559}
The runtime-function blocking is implemented in V8 behind the
--fuzzing flag since a while now. The legacy blocklist on the fuzzer
side can be removed since some time now - it already diverted.
No-Try: true
Bug: chromium:1044942
Change-Id: I55f92419beb4d4462cbe03918dbf84d9c979862d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124810
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76556}
The CL https://crrev.com/c/2928505 changed tests without changing the
fuzzer with the result that tests fail now.
It's not helpful to switch to using new API methods in generated fuzz
tests, as they'd then not bisect well backwards to older V8 versions.
No-Try: true
Change-Id: Ia307e88b4532bd792091b23374889f2b0e490fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124809
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76552}
Land some of the tests for Temporal.PlainDate
All marked as FAIL at this stage.
Bug: v8:11544
Change-Id: I004b7cb34effe1de1735b61c7ac749ae3c8e9bf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085624
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76551}
Land some of the tests for Temporal.Instant
All marked as FAIL at this stage.
Bug: v8:11544
Change-Id: I79d14df47248c708e5d73a0e00e3f7973c521d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086903
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76550}
These are either unused or have been defined in the
shared-macro-assembler.
Bug: v8:11589
Change-Id: I161c60c33641db7d68ce25ff7da8366a19db1a20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123637
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76547}
These are unused Pmaddubsw, Pblendvb, Blendvps, Blendvpd.
Bug: v8:11879
Change-Id: Idff00ee031bc76698f2ddd92b6495450add0242d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123636
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76546}
For historical reasons MinGW used to define a higher value for
_WIN32_WINNT. Over years of refactoring this turned into a _lower_
value, which has then started breaking compilation on MinGW. This
change gets ride of the MinGW specific value.
R: mlippautz@chromium.org
Bug: V8:12099
Change-Id: Ic24b71c6767cd4d1b53a6cb6487517dec614cd1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123639
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76545}
Handle all 4 selects that wasm-compiler generates.
Also modify unittest to allow optional operations (select
operations are not supported on all archs).
Bug: v8:12136
Change-Id: Ia54d7a71cffaa1c5cc8203520a1f3d812997bbb1
Fixed: v8:12136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119991
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76539}
Port 732f394c5d
Original Commit Message:
StaGlobal didn't write the accumulator, but the baseline implementation
assumed that it could preserve the accumulator by taking the return
value of the StoreGlobalIC. This almost always worked, except for
setters on the global object.
Fix this by marking StaGlobal as clobbering the accumulator, same as
StaNamedProperty (StaNamedProperty needs to do this anyway to avoid
inlined setters from needing to create accumulator-preserving frames;
StaGlobal would have needed the same thing if we'd ever inlined setters
for it).
Also, add a new debug scope, EnsureAccumulatorPreservedScope, to the
baseline compiler, which checks if the accumulator value is preserved
across non-accumulator-writing bytecodes. This found a (benign) bug with
ForInPrepare, so fix that too.
R=leszeks@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Id8ada05abeb1a9c7e8a16936c35be9d652c4e8b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124529
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76537}
Add a CodePageCollectionMemoryModificationScope to
CompileAllWithBaseline so that we still get W^X batching under
--always-sparkplug
Change-Id: Ic522ef26a9fce1e10d409015ee0dfb3917ffa7c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124796
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76536}
