This adds the following things:
- age table for 4K regions;
- generational barrier for mixed 4K regions;
- unmarking for major collections;
- young generation flags.
Bug: chromium:1029379
Change-Id: Ief1229f0dac5f90c5f06d3168c8ffb4b7d1f1b53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246566
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68379}
Add v8::CppHeap as an implementation of a cppgc heap that
integrates with V8's existing EmbedderHeapTracer API. The
current implementation only supports non-incremental marking.
Bug: chromium:1056170
Change-Id: I4a09eb5ae57f5c7defe35eb3fe346627eb492473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245610
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68374}
Changes:
- Simplify and generalize ToValueTypeString.
- Fix some error messages in msjunit so that they reflect the underlying
error better.
- Change 'exn' -> 'exnref' to match exception-handling proposal.
Bug: v8:7581
Change-Id: I264f6c9aa598a57f39d5a4d01399af64db83a2b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243214
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68364}
The C++ code uses the A instruction key for return address signing,
which is the default for Clang and GCC when the -mbranch-protection
option is used (although this can be configured to use the B key).
Using the B key for JS means that it's not possible to use an A key
signing gadget to replace a return address signed with the B key and
vice-versa. This should offer a degree of separation from the C++ side.
Bug: v8:10026
Change-Id: Ia9dcc7ae7096c96b4a271efbe25fc02940f6fc8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242953
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#68360}
Recently the test harness of the js-api spec tests got updated
to the test harness of wpt. With this CL we import the wpt test
harness into V8.
Some adjustments to the test harness had to be made. These additions
are in the new files report.js and testharness-additions.js
Bug: v8:10556
Change-Id: Ia5f7dec3f40ba8fc639135fb2b2078b9220eccf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235116
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68355}
This is a reland of 3692bef9f9
Integer overflow in the test code is fixed by using
MulWithWraparound.
Original change's description:
> [wasm-simd][x64] Prototype i32x4.dot_i16x8_s
>
> This implements I32x4DotI16x8S for x64 and interpreter.
>
> Bug: v8:10583
> Change-Id: I404ac68c19c1686a93f29c3f4fc2d661c9558c67
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229056
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68244}
Bug: v8:10583
Change-Id: Ie7d0032f5398b6f725c02b572764258adacc8578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2236962
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68343}
The registers were not spilled correctly in liftoff when tracing
function calls, which caused runtime errors.
R=clemensb@chromium.orgCC=thibaudm@chromium.org
Bug: v8:10559
Change-Id: Ic0a9ae8a286bdee8f8440e006d0b47e52241ea5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245595
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Arnaud Robin <arobin@google.com>
Cr-Commit-Position: refs/heads/master@{#68340}
... to OptimizedCompilationInfo, BytecodeGraphBuilder, and
JSHeapBroker.
Also add first uses of these flags in pipeline.cc by skipping certain
phases when nci is enabled. With this change, tests in the NCI variant
will start to fail since generic lowering is not fully implemented.
These implementations will follow incrementally in the next days.
Bug: v8:8888
Change-Id: I3f570fb92f09059d1f1f4015f88ffe80ccf746ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2239572
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68339}
This is a reland of change Idb1061cafcba7a2a654a207402dca520f79a3bbe.
The access to wire_bytes has been protected by using atomic operations.
Under some circumstances, Wasm is trying to log code for which the
wire bytes are not fully loaded yet. This can happen during streaming
compilation when a few functions are already fully compiled but the
engine is still streaming the remaining functions.
If the profiler now kicks in, it will attempt to log these freshly
compiled functions. As these functions will not be executed before
the module is fully compiled, we can simply defer the logging in this
case.
R=clemensb@chromium.org
Bug: chromium:1085852
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Iccb6607e8adb9fdaf6138d4ccd30de58d6a6cdff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230536
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68336}
We currently hit a nullptr access when trying to update the detected
feature set. Instead of adding a check for nullptr there (which would be
unnecessary overhead in production code), we just pass a pointer when
compiling for debugging.
R=thibaudm@chromium.org
Bug: chromium:1092408
Change-Id: I7804edc3f67237bbf28d0ed2f5c58339d3a0f8f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238080
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68335}
We recently changed uc32 to be an unsigned type, and with the invalid
marker being static_cast<uc32>(-1) this DCHECK no longer holds. After
this CL it expicitly checks for the invalid marker.
Bug: v8:10568,chromium:1094226
Change-Id: Idd9efe055b38387e3e37b132cb786cca130767b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2245592
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68333}
We want to enable the wasm-bigint implementation by default. However,
at the moment there exist several tests which fail when wasm-bigint
gets enabled. With this CL we adjust or delete these tests so that they
pass once wasm-bigint gets enabled. At the same time we disable these
tests for now, and re-enable them in the CL that flips the flag.
R=jkummerow@chromium.org
Bug: v8:7741
Change-Id: I733bfe7ff19e403913b143e6ea86ab13602ab993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243212
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68328}
This function wasm created as a partial subtyping check after the
subtyping refactoring for wasm-gc, but is really not needed.
Change-Id: I5f3a38dba599f1571e26d29254eb0f8614c16a8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241519
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68321}
For DescriptorArrays with more than 8 elements, we do a BinarySearch on
the main thread. For background thread, BinarySearch is unsafe and we
have to fall back to LinearSearch.
Bug: v8:7790
Change-Id: I7136b616ae31f509e56cf5ceb5afd659d13e0d81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237142
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68318}
The condition was too strong since we never store Smis into
{previously_materialized_objects}.
Bug: chromium:1094132
Change-Id: I680eb7f175f12d3c44882fd8a9eff0d062eda55f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241517
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68317}
Since the registration requires calling into the library, there's no
reason to get the heap through a magic getter on API level.
Bug: chromium:1056170
Change-Id: I8d2b1d0fcee8c855908bd26c71a22826c493ed29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238568
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68315}
Unified heap support in V8 requires having another (at least internal)
heap that implements a unfied garbage collection strategy. This will
not re-use the already existing cppgc::Heap because there should be no
way in creating such a heap externally or scheduling stand-alone
garbage collections.
In order to have a common token, this CL introduces AllocationHandle
which can be passed to MakeGarbageCollected to allocate C++ objects.
V8 (soon) and the stand-alone heap both have methods to retrieve such
a handle.
This works around a problem with creating diamond class hierarchies
when a base class would be exposed on the public API level.
Fast paths for Blink are still possible because allocation handles can
be cached the same way (e.g. global, or TLS) as a heap can be cached.
Tbr: yangguo@chromium.org
Bug: chromium:1056170
Change-Id: I8e9472a2c24ef82d1178953e8429b1fd8a2344bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238027
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68310}
This is a reland of f7f72b7b3a
This was reverted because of a test timing out on slow_path
variant (https://crrev.com/c/2237131 for details). Turns out
the test is just really slow, and was skipped on this variant
in https://crrev.com/c/2237628. Relanding without changes.
Original change's description:
> [wasm-simd] Prototype f64x2 rounding instructions
>
> Implements f64x2 ceil, floor, trunc, nearestint, for interpreter and
> x64.
>
> Bug: v8:10553
> Change-Id: I12a260a3b1d728368e5525d317d30fc9581cae04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213082
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68241}
Tbr: tebbi@chromium.org
Bug: v8:10553
Change-Id: I4cdc23d0556f11310d32fa066f40b057fd49d2d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237350
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68304}
This CL adds a linear search test in a DescriptorArray in a known flat
object in the background thread, while the main thread exercises the
same DescriptorArray.
Also sets the foundation for the follow-ups tests in background threads.
Bug: v8:7790
Change-Id: I0e99508204808baaf605161d2eeb717eabe712fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207147
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68299}
This CL fixes the UnboundLocalError in wasm-api-tests testsuite
TBR=machenbach@chromium.org
Bug: chromium:1091200
Change-Id: I3830153b5bd04c3bbe8bedaa8ed79f79c5139a5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238574
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68295}
... for more consistent naming and less boilerplate.
Getters now use the `lower_case_flag()` style. Setters now use the
`set_lower_case_flag()` style.
Bug: v8:8888
Change-Id: I5af35b13a013bf303c4ca8d86f926754af28bfce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237139
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68293}
Foozie came up with a mind-boggling example hitting a similarly
mind-boggling bug: object construction (JSObject::New) wants to create
the constructor's function initial map (JSFunction::GetDerivedMap ->
JSFunction::EnsureHasInitialMap). To do so, it calls
JSFunction::CalculateExpectedNofProperties. This harmless sounding
function triggers compilation of the function. Since we're running with
--always-opt, this is an optimizing compilation. Turbofan ends up
depending on the function's "prototype" property, for which it wants to
create the initial map so that it can install the code dependency. That
is, EnsureHasInitialMap is reentered. At this point there is no further
compilation attempt because the bytecode now exists. The initial map is
created and installed on the function, and TF records the code
dependency on that map. When CalculateExpectedNofProperties returns
control to the outer EnsureHasInitialMap, yet another initial map is
created and set on the function, forgetting the previous one and thus
the code dependency.
I'm not sure if this bug can only be observed with --always-opt. The fix
is general.
Bug: chromium:1092011
Change-Id: I8b972748e49b9eb8f06fa17ea9ca037de2bd7532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238570
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68292}
This is a reland of 8748613f6c, fixing
an issue accessing binary op's BinaryOperationHints.
Original change's description:
> [compiler] Hook in binary op builtins with feedback in generic lowering
>
> If --turbo-nci is enabled, use binary op builtins with feedback
> collection during generic lowering.
>
> Bug: v8:8888
> Change-Id: I307dc742488982bdc68006be5bcd1da8e68768f5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228614
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68227}
Bug: v8:8888,chromium:1092553
Change-Id: I1356659d65a5e46bc57bb6c0ebe2e9e86cb8be81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237128
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68288}
This fixes two issues:
- labs resetting didn't account bytes as beeing freed;
- large object were not accounted.
The CL introduces a single bottleneck for labs resetting in
ObjectAllocator, which is aware of StatsCollector. This way
NormalSpace is treated as a value object and all invariants
are maintained by ObjectAllocator (and Sweeper).
Bug: chromium:1056170
Change-Id: I027cc01fe5028a3dfa81905d7ea53dd12d1c1f20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237629
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68286}
Previously, for the various customisation points of String builtins
(like String.prototype.replace), we skipped the customisation symbol
lookup (like for Symbol.replace) for Smis.
But, we do need to do the lookup for Smis in case Number.prototype or
Object.prototype have the Symbol. This missing lookup was creating an
observable difference between Smis and HeapNumbers.
Bug: chromium:1092896
Change-Id: I8928d237fa74abeaa2aa81318b8903087c507f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238030
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68285}
As per the latest update to the 'reference types' wasm proposal, the
nullref type is removed. Following that, all its uses in V8 were also
removed. This CL:
- Removes now dead code referencing nullref.
- Changes names of functions/exceptions containing 'nullref' to 'null'.
- Changes nullref to the corresponding nullable type in some tests.
Bug: v8:7748
Change-Id: I5b4606671d7b24dd48a45a3341e8a1c056fcd1d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238026
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68283}
Prior to this change, uc16 was typedef'd to (unsigned) uint16_t while
uc32 was typedef'd to (signed) int32_t.
For consistency, and to avoid unexpected behavior around
signed/unsigned comparisons, this changes uc32 to the unsigned
uint32_t type.
As part of this change, old-style error passing (return -1, check for
negative return values) was updated to use named error values.
Bug: v8:10568
Change-Id: I8524e66ee20e8738749cd34c4fe82c14e885dcb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235533
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68282}
Remove error reporting from parsing::Parse*, since in most cases we
didn't actually want them (clear errors afterward), and there was an
issue where Compiler::Compile would try to report errors already
reported in ParseAny, which ended up triggering unreachable code.
As a drive-by, move some one-off parse exception handling in
test-parsing into a CHECKED_PARSE_PROGRAM macro which replaces all the
"necessarily positive" calls to parsing::ParseProgram.
Bug: chromium:1091656
Change-Id: I4d463ec363312aea36ab92f1322cf66a416b9888
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237134
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68281}
This changes the return type of {CompileCWasmEntry} from a {MaybeHandle}
to {Handle}. All call sites used {ToHandleChecked} anyway, and if
compiling a c-wasm-entry failed, something seriously went wrong. Hence
fail immediately during compilation, instead of returning an empty
handle and then failing later.
R=jkummerow@chromium.org
Change-Id: I19d85e907670c92da74c9a7ab2d9b646682a02cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237133
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68279}
The interpreter is only used for testing, and is now instantiated and
invoked directly instead of via the {WasmDebugInfo}, holding the
{InterpreterHandle}.
This CL removes both classes.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Iede3feea413decae1edc28146b871a819e204768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237132
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68271}
The reference types wasm proposal dropped all subtyping. Subsequently,
the 'anyref' type was renamed to externref.
This changes all references of the *type* anyref to externref.
Additionally, the flag that permits this extension is renamed to
"reftypes" to mirror the proposal name.
Bug: v8:7748
Change-Id: Icf323f13b9660fd10540e65125af053fca3a03f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232941
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68270}
The test takes several minutes, because the {slice} call does thousands
of runtime calls, which again call {ValidateElements} for every single
added element (in debug mode).
Hence this CL skips the test in the slow_path variant.
R=leszeks@chromium.org
Change-Id: I2fbaaf32809ecb34de1f563f34bd65ce8b7ab238
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237628
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68265}
Reference types in function definitions signatures are not allowed to
refer to function types (this will change when we fully integrate the
typed function references proposal).
Bug: v8:7748
Change-Id: I2456b810f85e608c48a952ef9e64d7a8ff78892b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231352
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68264}
This caused a CHECK failure after my recent CL.
Bug: chromium:1084820, chromium:1092650
Change-Id: Icdc2a755c6b30ad01dccc908e0e5e137fedf8918
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237145
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68263}
This includes the instruction opcode, its use in TF, its support in the
simulator and the detection of the associated CPU feature.
The instruction can be tested in the simulator with the new
--sim-arm64-optional-features flag.
Change-Id: I6047fa16696394fe0ced4535f7788d2c8716a18c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222348
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68261}
Promise.{all,allSettled,any,race} should check resolve is a function before
opening their iteratable.
PR: https://github.com/tc39/ecma262/pull/1912
PR for Promise.any: https://github.com/tc39/proposal-promise-any/pull/65
This CL includes the following cleanup changes:
- Made it more explicit that the constructor is a Constructor.
- Removed unnecessary nested try blocks (a try can have both a catch and a label).
- Moved commonly used definitions out of promise-race.tq where they don't belong.
- Made the parameter order of PerformPromiseAll match the spec.
Bug: v8:10578
Change-Id: I9deb5d5106db7350a0d0ad52f165ff2469e7074b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232544
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68260}
Avoid going through the {WasmDebugInfo}, which existed for debugging in
the interpreter in production. Instead, tests now instantiate the
interpreter directly.
This will unblock the removal of the whole {WasmDebugInfo}, and finally
moving the interpreter to the test directory.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: I8ae76a1d5bff716c129781b11a15369a80b13603
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235543
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68258}
A previous CL removed the kNoThrow flags from both
SpeculativeBigIntAdd and SpeculativeBigIntSubtract. This introduced a
bug, because the JSTypeHintLowering phase, where these operators are
introduced during inlining, does not support the generation of throwing
operators.
Since these operators always deoptimize in case of an error, instead of
throwing the exception directly, it is safe to mark them as kNoThrow.
Bug: chromium:1091461
No-Try: true
No-Tree-Checks: true
Change-Id: I551616b0c462647574e5af8824d9ed7b3252659d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235113
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68254}
Added wasm tracing support for turbofan with the flag --trace-wasm.
The test suite was updated accordingly.
R=clemensb@chromium.org
Bug: v8:10559
Change-Id: Ie6ee2a05142081416d8572d4d72dcd315e0bf285
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235536
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Arnaud Robin <arobin@google.com>
Cr-Commit-Position: refs/heads/master@{#68253}
This CL
* Adds the xadd instruction to the ia32 assembler and disassembler;
* Implements the AtomicAdd instructions, except AtomicAddU64, on ia32;
R=clemensb@chromium.org
Bug: v8:10108
Change-Id: Ic8653a9f96148282951104fefb4185c4c0db89a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232719
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68247}
There are at least three equivalence classes where this assertion
should not actually hold:
'\u0390\u1fd3', // ΐΐ
'\u03b0\u1fe3', // ΰΰ
'\ufb05\ufb06', // ſtst
Bug: v8:10591
Change-Id: I26cb43d2e67c54e689f1831ea13be46c73d5e92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231595
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68246}
This allows fast call callbacks to be created in cases where C++
templates cannot be used, for example C or Rust.
Bug: chromium:1052746
Change-Id: I90122444297f6c00428cd7345e0c0c7eca010716
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235914
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gus Caplan <me@gus.host>
Cr-Commit-Position: refs/heads/master@{#68239}
Adds allocation-based heap growing strategy that triggers GC based on
some limit. The limit is computed based on previous live memory and a
constant growing factor.
For invoking GC, we support two modes: with and without conservative
stack scanning. Without conservative stack scanning, an invoker makes
sure that we schedule a GC without stack using the existing platform.
Bug: chromium:1056170
Change-Id: I1808aeb5806a6ddd5501b556d6b6b129a85b9cda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228887
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68235}
Object materialization did not correctly deal with a mismatch between
current representation of a field value and expected representation.
This is an attempt to repair the situation.
Bug: chromium:1084820
Change-Id: Ib337cbaf5e36a5a616b6a6cb0ddf51018d49b96a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228330
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68231}
If --turbo-nci is enabled, use binary op builtins with feedback
collection during generic lowering.
Bug: v8:8888
Change-Id: I307dc742488982bdc68006be5bcd1da8e68768f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228614
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68227}
This reverts commit dfbbb4a531.
Reason for revert: Bitmask added post 84 cut, so it is not part of origin trial. Therefore it is still a post-mvp.
Original change's description:
> [wasm-simd] Add bitmask to SIMD MVP
>
> This removes the post-mvp flag for bitmask, since it was accepted into
> the proposal, see https://github.com/WebAssembly/simd/pull/201.
>
> Bug: v8:10308
> Change-Id: I4ced43a6484660125d773bc9de46bdea9f72b13b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216532
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67993}
TBR=gdeepti@chromium.org,zhin@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:10308
Change-Id: I53294be4ea816f37c7cc5f545afb572538dd4770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2233183
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68216}
When the last debugger is disabled, we tier up the module to TurboFan.
Doing this in the background creates problems with profiling, where the
debugger is disabled before starting to profile, in order to guarantee
profiling of top-tier code.
Hence this CL changes the logic such that we only return from the
{TierUpAllModulesPerIsolate} methods once tier up is complete. Since
the DevTools frontend disables all debuggers before starting a profile,
this will ensure that all new calls execute TurboFan code.
Because of this change, the {TriggerRecompilation} method is renamed to
{RecompileForTiering}.
The test cases stay unchanged (do a busy wait until tier up is done),
because in the multi-isolates tests it is not guaranteed that tier up is
complete after disabling a single debugger.
R=thibaudm@chromium.org
Bug: v8:10580
Change-Id: I75c4b97825f856f562cfa656c11293d3b964898b
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232539
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68212}
This reverts commit 81c34968a7 and also
490f3580a3 which depends on the former.
Reason for revert: Break CFI tests in chromium https://ci.chromium.org/p/chromium/builders/ci/Linux%20CFI/17438
Original change's description:
> [heap] Make ReadOnlySpace use bump pointer allocation
>
> This changes ReadOnlySpace to no longer be a PagedSpace but instead it
> is now a BaseSpace. BasicSpace is a new base class that Space inherits
> from and which has no allocation methods and does not dictate how the
> pages should be held.
>
> ReadOnlySpace unlike Space holds its pages as a
> std::vector<ReadOnlyPage>, where ReadOnlyPage directly subclasses
> BasicMemoryChunk, meaning they do not have prev_ and next_ pointers and
> cannot be held in a heap::List. This is desirable since with pointer
> compression we would like to remap these pages to different memory
> addresses which would be impossible with a heap::List.
>
> Since ReadOnlySpace no longer uses most of the code from the other
> Spaces it makes sense to simplify its memory allocation to use a simple
> bump pointer and always allocate a new page whenever an allocation
> exceeds the remaining space on the final page.
>
> Change-Id: Iee6d9f96cfb174b4026ee671ee4f897909b38418
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209060
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68137}
TBR=ulan@chromium.org,delphick@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I68c9834872e55eb833be081f8ff99b786bfa9894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232552
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68211}
The observers can use ResetAllocatedObjectSize() to e.g. implement a
growing strategy that resets its limit on this call.
Bug: chromium:1056170
Change-Id: Ib9553e00cc530ff89f44e4258c13d47f0b70568e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228885
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68205}
The wasm interpreter was always single-threaded, and there are no plans
to change this. Still, there was a concept of threads, but with the
hard-coded constraint that there is always exactly one of them.
In order to clean up the code, and as a preparation to remove more
unneeded functionality before moving the interpreter over to the test
directory, this CL removes the concept of threads and merges the
{ThreadImpl} class into {WasmInterpreterInternals}.
Drive-by: Remove the dead {GetFrameCount} method.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: If65cdd21b34ce8debf8ba0f24dbeacec15e0a1d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231354
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68204}
This CL fixes the UnboundLocalError in unittests testsuite.
R=machenbach@chromium.org
Bug: chromium:1091200
Change-Id: I9a4e032915b2750c28e3eb9f97042b75ca547801
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232540
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68203}
Added display of identation, function index, function names and compiler
used when tracing function calls in wasm.
R=clemensb@chromium.org
Bug: v8:10559
Change-Id: I58b4e7b077365bdee7bae9b5ad8a50178c322147
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230532
Commit-Queue: Arnaud Robin <arobin@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68198}
Changes:
- Unpack packed typed in arrays/structs where needed.
- i8 should have log-size 0.
- Use typed-funcref feature flag instead of gc where appropriate.
- Set argument indexes correctly for gc opcodes in
function-body-decoder.
- Remove no-longer valid TODOs.
Bug: v8:7748
Change-Id: I1a73794d0f93da6c7177e496d47df4106031f0eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230520
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68196}
Changes:
- Remove subtyping checks from value-type.h and move them to dedicated
files. Leave a limited version in value-type.h for testing.
- Implement subtyping for struct and array types, according to the
wasm-gc proposal.
- Implement type equivalence checking.
- Introduce a subtyping relation cache in WasmModule.
- Rename IsSubTypeOf -> IsSubtypeOf.
- Fix v8 possible bug where iterator_range took two unused type
parameters.
- Add unittests for subtyping.
Bug: v8:7748
Change-Id: I0ddbda4145e0412196dcf4fc63f3c5875fb3ab5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228497
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68192}
Due to recent spec changes, We do not have to check if ref.func
instructions in global declarations only refer to declared functions.
Additionally functions referenced in exports and globals are now
considered declared.
R=ecmziegler@chromium.org
Bug: v8:10556
Change-Id: I79856c7d68155a04eb36769ceed8a58fe62a9f9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228653
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68190}
Speculative BigInt addition fails to throw the expected exception
when called with non-BigInt inputs when the result of the computation
is unused. In paricular, this CL does:
- Remove kNoThrow on speculative BigInt operators
- Fix AddWithFeedback to not lose type feedback if builtin throws
to elide existing deopt loops
- Add handling of TypeCheckKind in RepresentationChanger where this
was previously ignored
Bug: chromium:1073440
Change-Id: I953a5b790fc3b37a6824f0b6546a0488c51fbb3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228493
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68181}
When accessing a field of a non-class type, Torque will generate a
CallAccess LocationReference, which has an unknown type. We still tried
to access it's type, resulting in a DCHECK failure.
Bug: v8:7793
Change-Id: I3650643e29db852783eca1e166b700eebd1b8dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209056
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68180}
This reverts commit 63e243a0c2.
Reason for revert: Speculative revert for https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/31811?
Original change's description:
> [wasm] Do not log code of functions whose module is not fully loaded
>
> Under some circumstances, Wasm is trying to log code for which the
> wire bytes are not fully loaded yet. This can happen during streaming
> compilation when a few functions are already fully compiled but the
> engine is still streaming the remaining functions.
>
> If the profiler now kicks in, it will attempt to log these freshly
> compiled functions. As these functions will not be executed before
> the module is fully compiled, we can simply defer the logging in this
> case.
>
> R=clemensb@chromium.org
>
> Bug: chromium:1085852
> Change-Id: Idb1061cafcba7a2a654a207402dca520f79a3bbe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219938
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68174}
TBR=clemensb@chromium.org,ecmziegler@chromium.org
Change-Id: I444c70e63b876b8473bf9599643bdfe39c8f1eae
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1085852
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230531
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68177}
Under some circumstances, Wasm is trying to log code for which the
wire bytes are not fully loaded yet. This can happen during streaming
compilation when a few functions are already fully compiled but the
engine is still streaming the remaining functions.
If the profiler now kicks in, it will attempt to log these freshly
compiled functions. As these functions will not be executed before
the module is fully compiled, we can simply defer the logging in this
case.
R=clemensb@chromium.org
Bug: chromium:1085852
Change-Id: Idb1061cafcba7a2a654a207402dca520f79a3bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219938
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68174}
We use StoreOwnIC to initialize the object after creating a new object
with CreateObjectLiteral. CreateObjectLiteral stores kHoleNaNInt64
to indicate an uninitialized double field. When we actually try
to store a NaN value into that field later using StoreOwnIC, IC avoids
actually storing the new value since the existing value is "same as"
the value we try to write. The float comparison treats all NaNs as
equal. In this particular case, we should actually store the new value
since kHoleNaNInt64 value is used to represent an uninitialized field.
This cl just stores the new value even when the existing value is same
as the new value for double fields. The check is still required to
correctly track const fields.
Bug: chromium:1082293
Change-Id: Ib37061802f2403545cffa6d6fef08be074b0825d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228886
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68167}
