Commit Graph

64101 Commits

Author SHA1 Message Date
Clemens Backes
1512f89328 [asm] Fix globals initialized by '-0'
Those globals must have type float instead of int to preserve the sign
bit.

R=ahaas@chromium.org

Bug: chromium:1069173
Change-Id: I9769f47f087aaba94a6172118be44f70adeded0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379861
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69609}
2020-08-28 15:19:16 +00:00
Clemens Backes
6bc807698a [wasm] Add trace events for code logging
These trace events can be used for triaging profiling issues.
We already have one event if code logging is triggered via an interrupt.
The new events will be emitted if called via the foreground task, or
just directly (e.g. after deserialization).

R=ecmziegler@chromium.org

Change-Id: I67ad9568f38d9a6eb98abf53ce5542ed56170c60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376811
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69608}
2020-08-28 15:16:46 +00:00
v8-ci-autoroll-builder
2c4f2de147 Update V8 DEPS.
Rolling v8/build: 2841b25..f9767b5

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f9ede33..77fb6d1

Rolling v8/third_party/depot_tools: 7d98e22..ffb1227

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ica76a0a38bda603347cb3e97ebf2884507415d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381179
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69607}
2020-08-28 14:35:26 +00:00
Marja Hölttä
5a6ff7688c [IC] Clarify receiver vs holder vs lookup start object
LoadICParameters already has separate fields for receiver and holder,
though, in practice, they were always equal. Moreover, the holder didn't
mean holder, but the lookup start object.

This CL makes parts of the IC layer reusable for cases where they are
not equal, by clarifying whether we're accessing the receiver, the
lookup_start_object, or the holder.

List of changes:

StoreICParameters:
- Detached from LoadICParameters, now they are independent classes.

LoadICParameters:
- Renamed holder to lookup_start_object.

TryProbeStubCache:
- Renamed receiver to lookup_start_object.

LoadIC:
LoadIC_BytecodeHandler:
LoadIC_NoFeedback:
KeyedLoadIC:
KeyedLoadICGeneric:
KeyedLoadICPolymorphicName:
- These won't be reused in the receiver != lookup_start_object case,
so added asserts that receiver == lookup_start_object.

TryMonomorphicCase:
HandlePolymorphicCase:
LoadIC_Noninlined:
GenericElementLoad:
- Renamed receiver_map param to lookup_start_object_map. The callers
either assert receiver == lookup_start_object, or read the map from the
lookup start object.

GenericPropertyLoad:
- Renamed receiver param to lookup_start_object.
- Renamed receiver_map param to lookup_start_object_map. The callers
either assert receiver == lookup_start_object, or read the map from the
lookup start object.

CallGetterIfAccessor:
- Added the holder parameter and used it accordingly.


Bug: v8:9237
Change-Id: I27aca08f58bd66cc9bd1b1baf9f1ff5565d795eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362918
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69606}
2020-08-28 11:50:26 +00:00
Ulan Degenbaev
e8f8bf0ab7 Fix a linker error in cctest/test-concurrent-allocation
Bug: v8:10848
Change-Id: Icf014ecd5b0014be258d05aa0f958001f838286b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381450
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69605}
2020-08-28 11:40:06 +00:00
Marja Hölttä
5339e5467e [super property speed] Add a byte code for super property access
This is the first step in a series of CLs. The goal is to make
super property access faster.

Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit?usp=sharing

This CL:
- Add bytecode LdaNamedPropertyFromSuper
- IGNITION_HANDLER just calls Runtime::LoadFromSuper
- JSGenericLowering::LowerJSLoadNamedFromSuper just replaces the node
with a runtime call to Runtime::LoadFromSuper


Bug: v8:9237
Change-Id: Id28e935294c5068dd6c54e6b860a77d61517fff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327912
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69604}
2020-08-28 11:02:26 +00:00
Anton Bikineev
c316d0ede4 cppgc: Nullify source Members on move
Explicit nullification aims to simplify migration to Oilpan, in the
case when unique_ptrs are converted to Member and user code relies on
source pointers to be in "empty" state.

Change-Id: Ia54137d53ca03f93932b3c1f2eaba439a416a06e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379857
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69603}
2020-08-28 10:38:36 +00:00
Omer Katz
f13c55d7b2 cppgc: Port incremental marking schedule
Schedule is simpler compared to the schedule in blink since it now
returns deadlines based on marked bytes instead of time.

If marking is ahead of schedule, return the minimum step size.
Otherwise, set step size to catch up to schedule (ignoring the time
passed while performing the step).
No more default initial step size (needed in blink since marking speed
was unknown).
If estimated schedule is exceeded (marking takes longer than 500ms), the
steps will try to mark all remaining objects but would still be capped
by the maximum step duration of 2ms.

Bug: chromium:1056170
Change-Id: I09857db161c621a12d064f9c8c21b646c34f9d71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375200
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69602}
2020-08-28 10:27:16 +00:00
Omer Katz
18ff56600c cppgc: Eliminate marking boilerplate
Starting marking required Creating a Marker and calling StartMarking.
StartMarking should always have been called immediately after creating
the marker.
Since markers are not persisted between GC (a marker exists only while
marking is in progress), it makes sense to start marking implicitly when
a marker is created.

Calling StartMarking in MarkerBase ctor is inadvisable since subclasses
might still to initialize fields.
Using MarkerFactory instead guarantees that StartMarking is always
called immediately after creating a Marker.

Bug: chromium:1056170
Change-Id: Icbf11afd848e1618c204ca6bf951600b3ae9fef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375199
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69601}
2020-08-28 09:41:06 +00:00
Zeynep Cankara
25d4fde588 [tools][system-analyzer] Color compatibility
Changes:

* Transition edges on timeline-track with the same color of the map type.
* Log file reader loading background adapted to light theme.
* Support additional IC log event colors.
* Move theme switch button to top of the app.

Bug: v8:10644, v8:10673

Change-Id: Ib086b6f4a8bc5f86a4925b251112c640e37278ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379869
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#69600}
2020-08-28 08:43:16 +00:00
Omer Katz
1227c465c8 cppgc: Make bikineev and omerkatz owners of include/cppgc
Bug: chromium:1056170
Change-Id: I2e0947c5acfd110f0add7ae5b4e3e54e3c827478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379864
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69599}
2020-08-28 08:05:30 +00:00
Zeynep Cankara
ea63ce7df4 [tools][system-analyzer] Fix Chunk Selection and Consecutive file upload
Bug fixes:

* Wrong time range selection of timeline chunks handled by mouse events.
* Consecutive file uploads does not create a new Model object causing
bugs on timeline-track start and end times.

Bug: v8:10644

Change-Id: I3d31ddda1ffca70c18c87dd103f2b788713c2911
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379863
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#69598}
2020-08-28 06:49:26 +00:00
Piotr Bialecki
2a49c90346 Revert "[heap] Add concurrent typed slot recording"
This reverts commit 9eb090d261.

Reason for revert: breaks trybot android-pie-arm64-dbg, repro steps: build cctest with target_cpu="arm64" in the args.

See thread: 
https://chromium.slack.com/archives/CGJ5WKRUH/p1598563610118900

Original change's description:
> [heap] Add concurrent typed slot recording
> 
> Since the typed slot set is not thread-safe, each concurrent marking
> barrier collects typed slots locally and publishes them to the main
> typed slot set in safepoints.
> Bug: v8:10315
> 
> Change-Id: If1f5c5df786df88aac7bc27088afe91a4173c826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370302
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69576}

TBR=ulan@chromium.org,dinfuehr@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:10315
Change-Id: Iade0443e5eccef06e3ea77913e18fd1f563995f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2380613
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69597}
2020-08-28 06:41:06 +00:00
v8-ci-autoroll-builder
9aa222da95 Update V8 DEPS.
Rolling v8/build: d78cd75..2841b25

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/aa79ac2..f9ede33

Rolling v8/third_party/depot_tools: c08c71b..7d98e22

Rolling v8/tools/clang: 708cbfd..b64a74c

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I747a2c3272d3e10fa1b7b873904321001cc91de9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379609
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69596}
2020-08-28 03:49:35 +00:00
Frank Tang
c8f6d9ddab Roll test262
e73054f7..24c6732

Bug: v8:7834
Change-Id: I1410cc5efa66860e31b27a25dc0d5de3c20fe5bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379868
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69595}
2020-08-27 23:35:05 +00:00
Ben Smith
9a68e6a430 Revert "[Intl] Ship Intl.Segmenter"
This reverts commit c6d3516ffb.

Reason for revert:

Seems like this may be related to failures here: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/32842

Please reland if unrelated.

Original change's description:
> [Intl] Ship Intl.Segmenter
> 
> Spec: https://tc39.es/proposal-intl-segmenter/
> ECMA402 site: https://github.com/tc39/proposal-intl-segmenter
> I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/MJ1OpvkcA8s/m/mYNxpwqSCAAJ
> I2I: https://groups.google.com/a/chromium.org/g/blink-dev/c/muRQBwyzzPw/m/rB_2I9t0CQAJ
> Design Doc: https://docs.google.com/document/d/1xugLpLmgRFnNXK8ztariTAbD2IXueDw1T3VNuuZCz8k/edit
> CPS: https://www.chromestatus.com/feature/6099397733515264
> Test262 Tests: https://github.com/tc39/test262/tree/main/test/intl402/Segmenter
> v8 tests: https://source.chromium.org/chromium/chromium/src/+/master:v8/test/intl/segmenter/?q=test%2Fintl%2Fsegmenter&ss=chromium
> 
> Approved by API Owners: yoav@yoav.ws / chrishtr@chromium.org / bratell.d@gmail.com
> 
> Bug: v8:6891
> Change-Id: I64775ed63557a9e1af77560abd42349742bc4c03
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376967
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69593}

TBR=jkummerow@chromium.org,ftang@chromium.org,syg@chromium.org

Change-Id: I4e91df5a5c32e6f9fa3020af3a02e8ce1e7cd718
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379606
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69594}
2020-08-27 23:32:27 +00:00
Frank Tang
c6d3516ffb [Intl] Ship Intl.Segmenter
Spec: https://tc39.es/proposal-intl-segmenter/
ECMA402 site: https://github.com/tc39/proposal-intl-segmenter
I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/MJ1OpvkcA8s/m/mYNxpwqSCAAJ
I2I: https://groups.google.com/a/chromium.org/g/blink-dev/c/muRQBwyzzPw/m/rB_2I9t0CQAJ
Design Doc: https://docs.google.com/document/d/1xugLpLmgRFnNXK8ztariTAbD2IXueDw1T3VNuuZCz8k/edit
CPS: https://www.chromestatus.com/feature/6099397733515264
Test262 Tests: https://github.com/tc39/test262/tree/main/test/intl402/Segmenter
v8 tests: https://source.chromium.org/chromium/chromium/src/+/master:v8/test/intl/segmenter/?q=test%2Fintl%2Fsegmenter&ss=chromium

Approved by API Owners: yoav@yoav.ws / chrishtr@chromium.org / bratell.d@gmail.com

Bug: v8:6891
Change-Id: I64775ed63557a9e1af77560abd42349742bc4c03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376967
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69593}
2020-08-27 22:07:05 +00:00
Victor Gomes
a695cb403c [test] Add short copyright to regress-1120905.js
Change-Id: I49dbd52b9019b1da94dfa91c73116e827ce74ca4
Bug: chromium:1120905, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377689
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69592}
2020-08-27 20:58:05 +00:00
Frank Tang
1f17cfaeaa Change the order of the DateTimeFormat resolved
Move fractionalSecondsDigits between second and timeZoneName
Change order of reading options.
To sync with the July 20 PR change in
ba085a9111
Latest ECMA402 PR https://github.com/tc39/ecma402/pull/347

Bug: v8:10836
Change-Id: Ia414e0c7cc18502ccabaf02abd19861410b87cae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378460
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69591}
2020-08-27 20:39:05 +00:00
Milad Farazmand
fc21339027 PPC: [wasm-simd] Implement the S128AndNot operation
Change-Id: I4f1fe15cc7b45218d2c3a189b4ffafc2ca28bbba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2380114
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69590}
2020-08-27 16:24:04 +00:00
Zeynep Cankara
7a1580a77d [tools][system-analyzer] Fix Chunk Positions
This CL fixes the bug related with chunk position initialisation.
The bug caused by not subtracting the timeline chunk start time from
chunk start time. Additionally, it corrects the offset being used while
detecting the chunk location.

Bug: v8:10644

Change-Id: Icf426a297402f87d2acda0b2aa747b90e91686c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377740
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#69589}
2020-08-27 15:55:05 +00:00
Clemens Backes
945fabf52f [wasm] Avoid redundant recompilation
In certain situations (especially if the profiler is disabled) it can
happen that multiple isolates trigger tier-up at the same time. Each
recompilation would then identify the set of functions to recompile and
add compilation units for them. This creates lots of redundant
compilation, which takes time and can exceed the total wasm code space
limit (code would later get garbage-collected, but there is a high
peak).
This CL fixes that by always finishing a running recompilation before
starting a new one. Since typically concurrent recompilations all
recompile for the same tier, this would avoid do most compilation only
once, and later recompilations can skip most functions.

The only redundant compilation that can happen is via compilation units
that are still executing while the next recompilation starts, but those
should not create too much redundant code.

R=thibaudm@chromium.org

Bug: chromium:1114093
Change-Id: If8fa7d953f3ce77a9d146458bf5e17bb9bf97219
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379851
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69588}
2020-08-27 15:23:14 +00:00
Milad Farazmand
a52569e625 PPC: [wasm-simd] Move bitmask into SIMD MVP
Port 6da647f501

Original Commit Message:

    Now that 86 has branched, we can move bitmask into the SIMD MVP, it will
    not affect the current OT. (We want any OT extension to include
    bitmask.)

    Bitmask was accepted into the proposal in
    https://github.com/WebAssembly/simd/pull/201.

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I7518e1e8d7513a6931ff026eb3089fa896a6b587
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379227
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69587}
2020-08-27 14:04:44 +00:00
Santiago Aboy Solanes
f2851de4b6 [csa][cleanup] Remove ParameterMode from the codebase
Remove ParameterMode/Tnodify StoreFixedArrayOrPropertyArrayElement
which had the last uses of:
 * ElementOffsetFromIndex
 * MatchesParameterMode

So we can clean those methods too.

With all of this combined, we can remove the ParameterMode declaration
from the codebase.

Bug: v8:9708, v8:6949
Change-Id: I981608681cefafe910dd40d3b82f8252e4b8994d
Fixes: v8:9708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379514
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69586}
2020-08-27 13:44:04 +00:00
Arnaud Robin
6ad8193be2 [wasm] Add priorities for function compilation
In order to improve our tiering strategy, it is a good idea to start
by tiering up functions that will be used the most, as this is done in
most JavaScript engines.

To decide which function requires tiering, we use as a basic strategy
to define its compilation priority to 'func_size * number_of_calls',
this roughly approximates the time we spend in the function.

To handle prioritization, it seemed that using  a concurrent
priority queue similar to BigUnits was causing concurrencies issues.
I then decided to use different priority queues for each worker thread.

R=clemensb@chromium.org
CC=thibaudm@chromium.org

Bug: v8:10728
Change-Id: I6f314468549000b2a9b51d3d470f04a0cb997879
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367859
Commit-Queue: Arnaud Robin <arobin@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69585}
2020-08-27 13:42:55 +00:00
Santiago Aboy Solanes
b59e726230 [csa][cleanup] Remove ParameterMode/TNodify FixedArrayBoundsCheck
Bug: v8:9708, v8:6949
Change-Id: I37c54a1f55f416d27a73dd96a201ead3c36da8f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379513
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69584}
2020-08-27 13:41:34 +00:00
Victor Gomes
28f0e73cc5 [WeakRef] The builtin deref should use the adaptor frame
Change-Id: Ifc0eba43a807a0c408ce47a48d1bd2a14a0f354d
Bug: chromium:1120895, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376817
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69583}
2020-08-27 09:52:44 +00:00
Santiago Aboy Solanes
ab4ae86060 [arm] Update unwinder for JSEntry frames for arm32
Reading the proper pc, fp and sp in a JSEntry frame is in a different
offset than in the regular frames.

Bug: v8:10779, v8:10833
Fixes: v8:10779
Change-Id: I9aec44276fba0aab95b761ab17a16ec3767f4eb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369173
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69582}
2020-08-27 09:46:54 +00:00
Clemens Backes
c75f19bbee [wasm][cleanup] Use simpler atomic constructs
Replace two unnecessary compare-exchange operations by simpler fetch_add
or exchange. This makes it easier to read and potentially faster.

R=thibaudm@chromium.org

Change-Id: Id9347ce837863e62887619f905a646bf48c07347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377687
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69581}
2020-08-27 08:59:00 +00:00
evih
9e062696ba [wasm] Change the signature interpretation for generic wrapper
Use a Foreign pointer for the signature in the generic JS-to-Wasm wrapper.

Bug: v8:10701
Change-Id: I30d5894e8b8a48c258b7a6e003813c8403c1075e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369178
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69580}
2020-08-27 06:41:20 +00:00
v8-ci-autoroll-builder
419513fa61 Update V8 DEPS.
Rolling v8/build: 7946304..d78cd75

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a54f10f..aa79ac2

Rolling v8/third_party/depot_tools: e95b5d6..c08c71b

Rolling v8/tools/clang: d9986ad..708cbfd

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Id5b4f330e628a207f7bcd992c941ac46ac7653ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378695
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69579}
2020-08-27 03:52:00 +00:00
Milad Farazmand
3429236dbd PPC: Simulate undefined bit pattern on MULHW/MULHWU
The hight 32 bits of the result of MULHW/MULHWU are undefined
which could be set to any random bits. This CL adds a few
bits to the hight 32 bits of the result to simulate this behaviour.

Change-Id: Iaaaaf83f39e2f4c051071ebd68023dc5fd024595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378573
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69578}
2020-08-26 21:37:30 +00:00
Ng Zhi An
6da647f501 [wasm-simd] Move bitmask into SIMD MVP
Now that 86 has branched, we can move bitmask into the SIMD MVP, it will
not affect the current OT. (We want any OT extension to include
bitmask.)

Bitmask was accepted into the proposal in
https://github.com/WebAssembly/simd/pull/201.

Bug: v8:10308
Change-Id: Ib61190fcea2bfc0ce7bf733086e1a81388216a59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378290
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69577}
2020-08-26 21:35:20 +00:00
Ulan Degenbaev
9eb090d261 [heap] Add concurrent typed slot recording
Since the typed slot set is not thread-safe, each concurrent marking
barrier collects typed slots locally and publishes them to the main
typed slot set in safepoints.
Bug: v8:10315

Change-Id: If1f5c5df786df88aac7bc27088afe91a4173c826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370302
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69576}
2020-08-26 20:46:00 +00:00
Frank Tang
db1115e267 [Intl] Fix Heap-use-after-free
Fix Heap-use-after-free READ 2 in Intl.Segmenter
when the segments got free during the iteration
We need to keep a copy of the string in the iterator instead
of depending on the one referenced from the segments.

Bug: chromium:1121156, v8:6891
Change-Id: I26ef5baccaa470dc1bd8cc229c737f556d27160e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376173
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69575}
2020-08-26 20:27:10 +00:00
Santiago Aboy Solanes
84cf890532 [csa][cleanup] Remove ParameterMode/TNodify StoreFixedDoubleArrayElement
Merge StoreFixedDoubleArrayElementSmi into StoreFixedDoubleArrayElement.

Bug: v8:9708, v8:6949
Change-Id: If82893e16117362b40219bbe768acfc94be498e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377949
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69574}
2020-08-26 17:14:44 +00:00
Santiago Aboy Solanes
8b1e3ddc18 [compiler] Add kNeverSerializedObject and its macros
This is a partial reland of 7b9a0c20f3

Reason for reland: Reverted since the ScopeInfoData part was causing
issues. Relanding the macro structure, which shouldn't cause issues
and it is needed for other CLs.

Original changes description:
> [compiler] Replace ScopeInfoData with direct reads
>
> As part of this, introduce a new ObjectData kind for objects that we
> want to read directly from the background thread rather than serialize.
> ScopeInfoRef is the first user of that.
>
> For details, see:
> https://docs.google.com/document/d/1U6x6Q2bpylfxS55nxSe17yyBW0bQG-ycoBhVA82VmS0/edit?usp=sharing
>
> Bug: v8:7790
> Change-Id: Ia3cda4f67d3922367afa4a5da2aeaae7160cf1f2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346405
> Auto-Submit: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69473}

Bug: v8:7790
Change-Id: I8d13dc206bb319638e3f7209446c24d06a07c110
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377690
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69573}
2020-08-26 17:13:40 +00:00
Santiago Aboy Solanes
e8662c6ca5 [csa][cleanup] Remove ParameterMode/TNodify StoreFixedArrayElement
It has several variants that might need to be simplified but this
CL focuses on removing ParameterMode.

Bug: v8:9708, v8:6949
Change-Id: I1c300b7abe0b698a9f3d063e0af1ed931dbf4af2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376820
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69572}
2020-08-26 16:29:49 +00:00
Clemens Backes
35cc3da902 [platform] Fix data race on DefaultJobState::priority_
The {priority_} field is being updated in {DefaultJobState::Join}, under
{mutex_}. In other places though, it is read unprotected (without
holding the mutex), leading to data races.
This CL fixes that by reading the field while holding the mutex and
using the read priority after releasing the mutex.

Note that the {priority_} field is documented to be protected by
{mutex_}, so the unprotected read was a bug.

R=ulan@chromium.org
CC=etiennep@chromium.org

Bug: v8:10822
Change-Id: I80079f3cb6689e26116ffeb33755c6938c4a2cf1
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377685
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69571}
2020-08-26 15:00:39 +00:00
Clemens Backes
2d78b3a72a [wasm][fuzzer] Fix BigInt parameters
The fuzzers were calling the compiled function without passing explicit
arguments. Thus all arguments were converted from the "undefined" value,
which typically results in a zero value, as expected.
For BigInt though, it's not allowed to pass "undefined". We have to pass
a proper BigInt.
This CL implements this by passing explicit parameter values for all
parameters.

This effectively unlocks testing BigInt parameters in all fuzzers, thus
may increase coverage and find new bugs.

R=ahaas@chromium.org

Bug: chromium:1120355
Change-Id: I4e451d2418eb73d460fa937d1cf95a1ab6c99cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377945
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69570}
2020-08-26 14:22:19 +00:00
Santiago Aboy Solanes
1ffb60089f [unwinder] Remove the old unwinder tests from cctest.status
I forgot to remove them when I removed the old API in
https://chromium-review.googlesource.com/c/v8/v8/+/2369174.

Bug: v8:8116
Change-Id: I74a9670f56d09b7907187d5abcf15d707c8100a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377688
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69569}
2020-08-26 13:47:49 +00:00
Santiago Aboy Solanes
4a1691a2fb [csa][cleanup] Remove ParameterMode from StoreElement
Partially TNodify the method just to get ParameterMode out of the
way. There is more TNodification needed but method is complicated
and we are now focusing on removing ParameterMode entirely.

Bug: v8:9708, v8:6949
Change-Id: I705c35e9665488a280111683c275b7292bc47576
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2374547
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69568}
2020-08-26 13:27:39 +00:00
Zeynep Cankara
0c2ef44423 [system-analyzer] Map-processor bug-fix and add ic-panel click map
This CL unifies both map-processor and ic-processor's map processing
pipeline to the same format. Also, adds the functionality to search
for map transitions on map panel by clicking on map property of the
ic-panel.

Bug: v8:10644

Change-Id: I9f95feebb08620fd489486cf459ebe0babbd32d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367865
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Cr-Commit-Position: refs/heads/master@{#69567}
2020-08-26 10:34:58 +00:00
Clemens Backes
beeef0d8f0 [wasm] Ensure regular publishing in background threads
When we used the tasks API, we distributed the compilation deadlines
such that different tasks would finish (and publish) at slightly
different times. When moving to the jobs API, this feature was lost, and
all tasks now only publish once all compilation is done. This creates
major contention and synchronization overhead after compilation, which
can take roughly as long as the actual concurrent compilation.

This CL reintroduces a mechanism for ensuring regular publishing. We
choose a limit which is high enough to ensure that we don't publish too
often (because that comes with overhead), but low enough to ensure that
not too many units are published at the end, when all compilation is
done. At that point, there will still be some contention.
Also, choose a slightly different limit per task to ensure proper
distribution of publishing over time (different tasks are likely to
publish at different times).

This removes the last remaining regressions when compiling big modules
via the jobs API. In local measurements, it makes us even faster than
with the tasks API.

R=ahaas@chromium.org

Bug: chromium:1101340, chromium:1113234
Change-Id: I504f32606b8ad31a951449709cf407c471fa9b25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375196
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69566}
2020-08-26 09:21:38 +00:00
Victor Gomes
d721dc8f14 [deoptimizer] Reverse arguments in DoComputeArgumentsAdaptorFrame
Change-Id: I31e205b696627913584016bb9197e1e719ca0237
Bug: chromium:1120905, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375191
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69565}
2020-08-26 07:43:58 +00:00
Clemens Backes
496b625220 [wasm] Minor improvement to code GC
Decommitting memory ranges is expensive, so try to merge as many of them
as possible before decommitting.

Minor drive-by: Slightly extend a GC tracing message.

R=ahaas@chromium.org

Change-Id: I91e44db1212f0c9b70b8c8fccebe8fd33ff37d9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375825
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69564}
2020-08-26 07:13:48 +00:00
Clemens Backes
7266c848fe [wasm] Add some documentation on code space limit
This documents the outcome of the discussion with chromium security
guts.

R=ecmziegler@chromium.org

Change-Id: I55835fe5b40e3daf856a8ec1d5ef0d3fed5adb4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375386
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69563}
2020-08-25 18:13:46 +00:00
Ng Zhi An
ddf30bea13 [wasm-simd][x64] Check for register when emitting shuffles
Some shuffles take have either register or memory operand for second
input, but the codegen incorrectly assumes that it is always a register.

Bug: v8:10824
Change-Id: Ia2df233dad4ed451e52e57e35cce5c80db0905db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2373586
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69562}
2020-08-25 17:52:16 +00:00
Dominik Inführ
0834d2e6cf [heap] Test enabling of FLAG_local_heaps by default
Experiment with enabling FLAG_local_heaps for a few days to see whether
pause times regress and to catch bugs.

Bug: v8:10315
Change-Id: Iefc329bbc1b8131796f1db2a729ee358bef88894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375190
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69561}
2020-08-25 17:31:56 +00:00
Clemens Backes
8860c5f1c5 Reland "[wasm] Move kMaxWasmCodeSpaceSize to wasm directory"
This is a reland of c2ea20473d

Original change's description:
> [wasm] Move kMaxWasmCodeSpaceSize to wasm directory
> 
> This limit is wasm-internal, and does not need to be exposed via
> src/common/globals.h.
> This CL moves it into the {WasmCodeAllocator}.
> 
> Drive-by: Minor simplification in jump table stress test.
> 
> R=ecmziegler@chromium.org
> 
> Change-Id: Iff8c4657697ae98123d840a022c5b21c4948fcdf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375189
> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69558}

Change-Id: I6e0432d14d23978dea599233e620e84d8255caf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375388
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69560}
2020-08-25 17:14:56 +00:00