Rolling v8/build: 91d63ae..44b802e
Rolling v8/buildtools/linux64: git_revision:4aa9bdfa05b688c58d3d7d3e496f3f18cbb3d89e..git_revision:b79031308cc878488202beb99883ec1f2efd9a6d
Rolling v8/third_party/aemu-linux-x64: V5Pz7_TfKoS_JMMlyA_dmnc33kG1ksWSC71zCysnq7UC..R6v-hxhOQyZL9y_avAvE80v7II7utrI5Px4EUlMdtrAC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/606d87e..5d7ccbf
Rolling v8/third_party/depot_tools: b23a88a..afb82b2
Rolling v8/tools/clang: 994ccaf..ace6575
Rolling v8/tools/luci-go: git_revision:2dfe2f218f0395673f336d17b841edf629907ae3..git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098
Rolling v8/tools/luci-go: git_revision:2dfe2f218f0395673f336d17b841edf629907ae3..git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I8535e9020fb49262445946f2790e4acaa87a4280
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300810
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78079}
Liftoff is also fixed to make sure r0/ip don't get used as
scratch as they might be already used as offset registers.
Change-Id: I8b5636b805acdb7df12af4a7a2f2868bf5889cd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3298254
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78076}
In addition, make the code less confusing and more future proof:
- initialize the JSArrayBufferView bit_field to 0 (not only zeroing the
relevant bits)
- serialize it as uint32, since it's an uint32.
Bug: v8:11111
Change-Id: Iffbbb27cc8c821587f992668bfbcf2448a776f15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300132
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78075}
The newly-failing tests are due to the renaming of "anyfunc" to
"funcref".
R=ecmziegler@chromium.org
Change-Id: I801b330e386c45e62a1cbc6e308a981b3b0244e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300133
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78070}
The main changes of this CL are:
It should no longer be assumed that an empty ArrayBuffer has a nullptr
backing store. This is in preparation for the move to caged pointers,
which cannot represent nullptr, and will instead likely provide a
EmptyBackingStore constant pointing inside the virtual memory cage. For
that reason, a new JSArrayBuffer::IsEmpty() helper is introduced, which
should be used instead of checking against nullptr.
CodeStubAssembler::GetTypedArrayBuffer now checks for on-heap
TypedArrays instead of comparing the backing store pointer to nullptr.
This is consistent with the implementation in JSTypedArray::GetBuffer.
v8::ArrayBufferView::CopyContents now uses JSTypedArray::DataPtr instead
of relying on nullptr backing stores to handle on-heap TypedArrays.
The serializer and deserializer now check for IsEmpty() and use the
kEmptyBackingStoreRefSentinel value to serialize empty backing stores.
Empty ArrayBuffers allocated for on-heap TypedArrays now have a
byte_length of zero. This allows removing the allocation_length() (and
allocation_buffer()) methods, which were only (incorrectly, as they
don't account for GSABs) used for memory measurements.
Bug: chromium:1218005
Change-Id: Ib889ccf855f68525f7a614f3963e46ea56865fa3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297709
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78069}
Design doc: bit.ly/3jEVgzz
We separate the internal representation of function references in Wasm
from their JSFunction-based (external) representation. This improves
performance of call_ref by requiring less indirections to load the
context and call target from a function reference. In the boundary
between wasm and JS/the C API, we add transformations between the two
representations.
Detailed changes:
- Introduce WasmInternalFunction, containing fields required by
call_ref, as well as a reference to the corresponding
WasmExternalFunction. Add a reference to the WasmInternalFunction in
WasmFunctionData. The {WasmInternalFunction::FromExternal} helper
extracts the internal out of an external function.
- Change {WasmInstanceObject::external_functions()} to internal
functions.
- Change wasm function tables to contain internal functions.
- Change the following code to use internal functions:
- call_ref in liftoff and Turbofan
- function type checks in liftoff and Turbofan
- CallRefIC and GenericJSToWasmWrapper builtins
- {InitExprInterface::RefFunc}
- module-compiler.cc in {ProcessTypeFeedback}
- In module-instantiate.cc, in function-rtt creation.
- Add transformations between internal and external functions in:
- WasmWrapperGraphBuilder::{ToJS, BuildUnpackObjectWrapper, FromJS,
BuildJSToJSWrapper}.
- debug-wasm-objects.cc in {FunctionProxy::Get},
{WasmValueObject::New} and {AddWasmTableObjectInternalProperties}.
- runtime-wasm.cc in ReplaceWrapper
- the C and JS APIs
- module-instantiate.cc, in import and export processing, as well as
{InitializeIndirectFunctionTables}
- WasmTableObject::{IsValidElement, SetFunctionTableEntry}
- {WasmGlobalObject::SetFuncRef}
- Simplify body descriptors of WasmExternalFunction variants.
- Adjust tests.
Bug: v8:11510
Change-Id: I8377f46f55c3771391ae1c5c8201a83854ee7878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277878
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78068}
The CL converts uses of v8::internal::Worklist to heap::base::Worklist
which does not require to know the number of tasks working with the
work list upfront. heap::base::Worklist is the common implementation
for V8's heap and cppgc and should be used/optimized going forward.
Bug: v8:12426
Change-Id: I35713938ff80f43a763470f8bdf7e242439080f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297903
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78066}
In the final version, we might parse the parameters when deserializing
instead, but this approach is more suitable for prototyping.
Bug: v8:11525
Change-Id: I000869877b03fd1909acf602ab5190951b1939e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295456
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78065}
This is a reland of d7c3f1cd8a. It fixes
a build failure on native arm64.
Original change's description:
> Reland "[fastcall] Enable float support on arm64 simulator"
>
> This is a reland of b9ddcbc86f
>
> The original CL was reverted due to an MSAN issue, that is fixed by
> moving the signature mapping onto the Isolate (instead of having
> per-thread storage, which got invalid on multithreaded compilation).
>
> This CL also contains fixes for the Bazel config and for a data race
> when obtaining the PerIsolateSimulatorData.
>
> Original change's description:
> > [fastcall] Enable float support on arm64 simulator
> >
> > This CL adds support for handling calls to C functions with arbitrary
> > signatures on the arm64 simulator. It adds infrastructure for
> > encoding the signature data from CallDescriptor and FunctionInfo
> > classes into a compact representation, stored in the simulator and
> > called EncodedCSignature.
> >
> > Design doc:
> > https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
> >
> > This CL is a follow up on the native support added in
> > https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> > and is partially based on the previous attempt:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2343072
> >
> > Bug: chromium:1052746
> > Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> > Commit-Queue: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77744}
>
> Bug: chromium:1052746, chromium:1267854
> Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78018}
Bug: chromium:1052746, chromium:1267854
Change-Id: Ib495573569a6c930b8f9e5f1fe7ff46eb57a0aa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295461
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78063}
Make it an enum class too, and fix all the enums to follow style guide.
Fixes a -Wshadow warning, NONE shadows PropertyAttributes::None.
Bug: v8:12244,v8:12245
Change-Id: I9a8181a35d5690a32a6ce58587f0d8704aa1ab40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291696
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78062}
When a LocalHeap is destroyed, we update (publish) the changes
in the TypedSlots, this need to be protected by a mutex, since
we may read the RecordRelocSlot in a different thread.
Bug: v8:12054, v8:12411, chromium:1272364
Change-Id: Id1684dad3ed9e02c597099c440d1fbfdbd8c47ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297892
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78059}
The fix in https://crrev.com/c/3283620 doesn't work, it was meant to be
a general way to fix shadow whenever ASM_CODE_COMMENT is used, by
appending the current line, via __LINE__ macro to the variable name.
However, __LINE__ is not expended correctly when it is directly part of
a variable name.
To fix the shadowing, we use UNIQUE_IDENTIFIER to give unique names.
Bug: v8:12244,v8:12245
Change-Id: I7b9b9da74d62023ac631ff0876f41e80971e2f09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291804
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78058}
This CL improves --track-retaining-path with incremental marking:
* Retainers need to be cleared *after* the GC and for full GCs only.
Otherwise a scavenger that runs during incremental marking would
clear all retainers.
* Register marked root objects in IncrementalMarking::MarkRoots with
retaining_root_.
Change-Id: I18ab9da48fb7ac45f9ec0826334fd338dc202edc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297893
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78056}
1. The default locale may be reset / is not immutable as we thought.
2. A suffix of ignorable code points after the common length affects
the comparison result.
Bug: v8:12196
Fixed: v8:12398
Change-Id: I6f60f56352956779df801c43de6ebac8cd9c592d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291314
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78053}
This is an unused overload, which doesn't add any value to keep around.
Bug: none
Change-Id: I6e004e28f6ec8d4c8de87a1e86d331a624694659
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297896
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78052}
This CL optimizes ByteReverse 16/32/64 ops on PPC<10 as
well as PPC_10_PLUS.
A 32bit sign extension is also added to `ByteRev32` in codegen.
Change-Id: I6379ac4222f3574ab226971546238142039fe977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3298308
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78048}
With dynamic tiering, caching is triggered multiple times as there is
no single event anymore that triggers when the module should be cached.
This CL adds a counter for the number of times caching is triggered.
This counter can indicate whether our current caching heuristics are
good or should get adjusted.
R=thibaudm@chromium.org
Bug: v8:12281
Change-Id: I8ed9ed73a556d11df643c31ec6d20760a257e0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295578
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78045}
This CL adds `can_use_compiled_module` parameter to
WasmStreaming::Finish() that is used by Chromium
https://chromium-review.googlesource.com/c/chromium/src/+/3282643
to invalidate compiled module bytes after SetCompiledModuleBytes().
Bug: chromium:1260939
Change-Id: Iebf0e8615c27c8622721777c664b06a53fb9ee91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297548
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78044}
Private methods use a property with symbol name that stores a context.
This is then loaded to perform the brand check. Since this uses
JSLoadProperty in Turbofan, we should not type JSLoadProperty as
NonInternal.
Bug: chromium:1269063, v8:12359
Change-Id: I920ccf46e939ab0477ff2fdb3cda6d7d94bab0af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293089
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78042}
The macro may be defined but the value to it may not be assigned. The
compiler can complain about (reproduced when compiling chromium on
Windows).
Bug: chromium:1249550
Change-Id: I684997ccda7122f56c01391e7a1339fadf6589e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3297888
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78040}
The list of to-be-finalized objects can grow significantly. While
running Speedometer2, the metadata that stores to-be-finalized objects
can be the second largest contributor to heap consumption (overall
taking up 2.6MB, checked with heaptrack).
The CL changes the list to be stored inlined in HoH, if cage-heap is
enabled, rather than in a separate vector.
Bug: chromium:1249550
Change-Id: I04a0c84d118655fa6ff8e2440423e802cd722842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295448
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78038}
Bug: v8:12228
Change-Id: I21b2ee1e640ba75227a03d765bb1552eff68e3fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3293415
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#78033}
