Code for map methods was added a really long time ago but no one ever
brought that to set. Adds new common lowering for both collections and
updates the SetPrototypeHas builtin. My initial testing shows this to
be as much as 50x faster in some cases.
Change-Id: Ifea5be01c9e51013d57ac00bd817759ceace6669
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709246
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81330}
Throw a wasm trap when trying to re-enter a suspender that is active or
suspended.
R=ahaas@chromium.org
Bug: v8:12191
Change-Id: Ic448a15db29de14fb8d6bb8408af8fbaae82a2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716481
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81326}
If the returned promise rejects, we switch to the suspender's stack and
throw the value.
Re-purpose the WasmOnFulfilled data to also represent the rejecting
case and rename it to WasmResumeData.
R=ahaas@chromium.orgCC=fgm@chromium.org
Bug: v8:12191
Change-Id: I91a301c3c6d9d243efbfabe7263555e11f0d9277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706606
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81325}
A lot of logic is missing from the Wasm entry for fast api calls.
The majority of the lowering is shared between wasm and js, and uses
the same graph operators, so this adds a common fast api call builder
which can be called from the wasm compiler and the js compiler.
Bug: chromium:1052746
Change-Id: I9dbd82548951b2b155a7b2459714239d0b251d71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708842
Commit-Queue: snek <snek@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81315}
With recent changes, we resolve the promise of e.g. WebAssembly.compile
with the external API, and not the V8-internal API. The external API,
however, also handles microtasks, and depending on the MicrotasksPolicy,
may also execute microtasks immediately. This means the then-handler of
WebAssembly.compile may get executed within all the scopes that were
open when the external API was called. One of the open scopes is the
CancelableTask that finishes WebAssembly compilation.
The deadlock seen in the issue arises now when {quit()} gets called in
the then-handler of WebAssembly compilation. The reason is that
{quit()} terminates the isolate, and during isolate termination, we wait
for all running CancelableTasks to finish. This, however, means a
deadlock, because the task that terminates the isolate is waiting for
itself to finish.
R=jkummerow@chrommium.org
Bug: chromium:1338150
Change-Id: I89243daffc76a456293519e24bfaad88277bb99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717990
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81311}
- Check that internalized strings always have a computed hash value.
- Check that ThinStrings never have a forwarding index.
- Add a simple test of various property access with
--always-use-string-forwarding-table to make the CF aware of the flag.
Change-Id: Ie047c9f635d5e0ed999208ec3379ef09c395b3f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717988
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81303}
Part 1:
Revert "PPC: skip slow tests on the ppc simulator"
This reverts commit 9dfac00a1d.
Part 2:
Make the slow test faster.
Bug: v8:11111
Change-Id: I8f0291098d29917fa65c4b5b28bf03cbdbe7ebc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714229
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81301}
Initial implementation for concurrent shared arrays. Current implementation exposes a `SharedArray` constructor, but its syntax might
change in the future.
Shared arrays can be shared across Isolates, have a fixed size, have no
prototype, have no constructor, and can only store primitives, shared structs and other shared arrays. With this CL shared structs are also allowed to store shared arrays.
The Backing storage for the SharedArrays is a `FixedArrayBase`. This CL introdces a new ElementKind: `SHARED_ARRAY_ELEMENTS`. The new kind should match the overall functionality of the `PACKED_SEALED_ELEMENTS` kind, but having it as standalone kind allows for easier branching in CSA and turbofan code.
Bug: v8:12547
Change-Id: I054a04624d4cf1f37bc26ae4b92b6fe33408538a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585353
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81285}
The tier-up check in any backwards jumps in a br_table list cause the
instance to get cached if it wasn't cached before. When the branch is
not taken, we must not rely on this caching to have happened.
This is a variant of crbug.com/1314184.
Fixed: chromium:1338075
Change-Id: Id511e98f29ec13f0a38b5595ceb4a607c58b92a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716478
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81279}
This is a reland of commit 5b9401dde4
Now also skip tests that require large amounts of virtual address space
if tsan is enabled as tsan may cause V8 to create a smaller sandbox
which is then unable to allocate the required amount of memory.
Original change's description:
> [sandbox] Also enable the sandbox outside of Chromium builds
>
> Drive-by: include the right header in sandboxed-pointer-inl.h and fix
> missing sandbox initialization in generate-bytecode-expectations.cc.
>
> Bug: v8:10391
> Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81216}
Bug: v8:10391
Change-Id: I141080fdf61a77ef48b22e353e3cfbc1ff816e5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716474
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81277}
Maintaining an AST class just for testing constant exressions does not
seem justified. This CL changes constant expressions in mjsunit tests
to be represented with bytes, like regular expressions.
Change-Id: If5ec5f4d863176952442b1a7e2fec8a61e385971
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714237
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81266}
Before we assumed that no exception can be thrown when specifying a
function to be used as an async hook, but that's not the case when e.g.
the object passed to createHook is a proxy trapping on property access
and the trap throws an exception.
Bug: chromium:1337629
Change-Id: I7bd7893cd274afb6e642ed18aacb9e203f7fdd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714233
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81258}
Exceptions should propagate inside the logical stack, which can consist
of multiple wasm stack segments. When the outermost frame of the current
segment is reached, pick up the parent stack and continue the search
from there, and update the state to reflect the implicit stack switch.
Drive-by: cleanups.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191, v8:12960
Change-Id: Ia5cb39a6ae197fb68e635f986952419dc43c7b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695376
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81208}
This is a reland of commit 76a07814b2
Changes compared to original:
- Add WasmArray::SetTaggedElement, which uses write barriers.
- In Factory::NewWasmArrayFromElementSegment, the new array may have
moved to OldSpace until it is initialized. Therefore, it needs write
barriers; use the new method for that.
- Small readability improvements.
Original change's description:
> [wasm-gc] Implement array.init_from_elem
>
> Bug: v8:7748
> Change-Id: I65dbb496302045820063bd0f4f9ea054e6a645bd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695580
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81128}
Bug: v8:7748
Change-Id: Ic5def1886f662bddce72b8eaea274eb5e8ec0c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704513
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81196}
For FixedDoubleArrays that are not aligned on 8 bytes, the SIMD fast
path of array.IndexOf actually falls back on a scalar loop. Because of
how this loop was written, it was failing to see that 0.0 == -0.0.
Bug: chromium:1335445
Change-Id: Idf70fd3ed9950e5b2b7cc72bb2ebca6879b3a04e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702803
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81163}
This CL adds serialization and deserialization
support for ArrayBuffer and TypedArray.
TODOs:
- Support resizable ArrayBuffer.
- Support detached ArrayBuffer.
- Support shared ArrayBuffer.
Bug: v8:11525
Change-Id: Ic9267a78e427ee20d55f2f0483b677eeee5c214b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688896
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81136}
The native module cache makes it difficult to test deserialization,
because the native module just gets loaded from the cache instead of
deserializing the serialized module. This CL adds a new flag,
--wasm-native-module-cache-enabled, to control whether the native module
cache is enabled or not. The cache gets disabled by handling all modules
like asm.js modules when the cache gets disabled, as the cache is not
used for asm.js.
The name of the flag is positive (i.e.
`enabled` instead of `disabled`) to avoid double negation. The flag is
true by default, and set to false in tests.
R=thibaudm@chromium.orgCC=clemensb@chromium.org
Bug: v8:12964
Change-Id: If2b96a95ccf37f2eb8a868ad1661c3325c1048f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3703836
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81132}
This is a reland of commit c8c176190a
This CL includes:
- crrev.com/c/3679846 Add condition use_ic to the removing the optimized OSR code logic
- crrev.com/c/3686589 Add out of bytecode array to break condition of removing OSR code cache logic
- Add JumpLoop nesting level 0 to break condition of removing OSR code cache logic
- Change to use Deoptimizer::DeoptimizeFunction() to deoptimize OSR code
Original change's description:
> [compiler] Remove the optimized OSR code if deoptimizing at inside of loop
>
> If the optimized code is deoptimized and the deoptimized exit offset is
> inside of the optimized OSR code related loop, the optimized OSR code is
> also out of date, remove the optimized OSR code, it will avoid hit the
> optimized OSR code and soon later deoptimization of the optimized OSR
> code.
> This CL will reduce deoptimization. E.g. Deoptimization of JetStream2
> case navier-stokes function addFields is reduced from twice to once.
>
> Change-Id: I5bbf3039e916c3736b5b967d1f36b6ea90cfd40b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3648219
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Tao Pan <tao.pan@intel.com>
> Cr-Commit-Position: refs/heads/main@{#80826}
Bug: chromium:1330444
Change-Id: I97a466ddfa764438b45f33c6ae33cb921d57278d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3690451
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#81110}
Add a new --wasm-max-module-size flag to replace the unused and more
specific --experimental-wasm-allow-huge-modules flag.
The new flag can be used in fuzzers to reduce the maximum allowed module
size, avoiding OOM on some systems (like 32-bit ASan builds).
R=ahaas@chromium.org
Bug: chromium:1334577
Change-Id: I2830d407c5b01be21a47b21392c1210061c40b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695267
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81102}
In particular, this CL adds support for:
- exception handling
- source positions
- OSR
- various numeric operations and conversions
Since the test suite now passes with `--turboshaft`, this also adds a
new variant for Turboshaft and enables it on some bots.
Bug: v8:12783
Change-Id: Ia2dd2e16f56fc955d49e51f86d050218e70cb575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669251
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81074}
Add a missing check to reject illegal sections.
The test is added in three forms, to give fuzzers more food: A fuzzer
regression test for the streaming fuzzer, a unit test for the streaming
decoder, and an mjsunit test for streaming compilation.
Drive-by: Remove a redundant line in the synchronous decoder (this is
already handled by the following statement.
R=ahaas@chromium.org
Bug: chromium:1335023
Change-Id: Ic8c3b301f1b58981c7d68eafcffc89531ed2c64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698549
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81071}
This CL splits two mjsunit files and skips the ones
which take the longest on the simulator and cause a timeout.
Change-Id: I89be764dc2d7684b401690a23bf53a3ef6384d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693667
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81065}
- Functions related to table initialization now return an optional
{MessageTemplate} if they fail. This is used to emit the correct error
message in one test.
- InitExprInterface now uses {MessageTemplate} to describe errors.
Change-Id: I2428f7823859b95d14b6e81c8200f78da4510ceb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695579
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81045}
Context: https://github.com/WebAssembly/exception-handling/pull/197
This change adds the optional {traceStack: <bool>} parameter to the
WebAssembly.Exception constructor. When set to true, this captures the
stack and sets the `stack` accessor on the exception object.
R=jkummerow@chromium.org
Bug: v8:8091
Change-Id: I4430b6317b27ec62f11e951fbe95ee480ac72d37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688402
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81041}
