Commit Graph

79777 Commits

Author SHA1 Message Date
Clemens Backes
249d11e8ab [wasm] Make stack growing cheap to call
The method to grow the capacity for the value stack is rarely called.
Make it preserve most registers. This makes callers slimmer and faster.

R=dlehmann@chromium.org

Bug: v8:13565
Change-Id: If4bb8cbd7a61852af1d07b83d0881110c5e91528
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136714
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85285}
2023-01-13 15:16:04 +00:00
Victor Gomes
d7d5049cfa [maglev] Create DataViewGetVariableLength builtin
kDataViewGetVariableLength has JS linkage, and so it has a strong
requirement to what should be in the stack and in the registers
(including having a JSFunction for kDataViewGetVariableLength).

These were missing before, which would crash when checking the frame.

Fixed: chromium:1406727
Bug: v8:7700
Change-Id: Iad878cbc06d46403e21162dfdfd3bcd1a2a063d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162926
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85284}
2023-01-13 14:59:03 +00:00
Clemens Backes
b5ada88ab6 [wasm] Add regression test for 1395604
This adds a regression test for https://crbug.com/1395604.

R=jkummerow@chromium.org

Bug: chromium:1395604
Change-Id: Ibc7b20d66a167cc5ec4db37c959849a214d0473c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162912
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85283}
2023-01-13 14:50:44 +00:00
George Wort
eae216f5dc [turbofan] Make register allocator error message more useful
Explicitly state that the error message in ExistsUseWithoutDefinition
displays the LifetimePosition and also provide the instruction index.

Change-Id: I21f810ea694a9f4832c150e2479d1d3097d9f629
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165082
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85282}
2023-01-13 14:49:41 +00:00
Olivier Flückiger
942cb80eaa [static-roots][arm64] Disable decrompression of static roots
This is to see if a reported regression stems from the fact that
decompressing static roots on arm64 takes two instructions -- as opposed
to loading it from the roots array with one move.

Bug: v8:13466
Change-Id: I03f5f2c6a5436d06da0a9dfb9c9d214e10fac896
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162923
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85281}
2023-01-13 12:55:35 +00:00
Matthias Liedtke
3b680a2d6c [wasm-gc] Add flag for wasm max inlining function size
Additionally to the inlining budget that limits inlining into large
functions / functions that have already inlined a lot, the new flag
limits the maximum size of any inlining candiate. Any function larger
than that will not be inlined independent of the inlining budget.

Also adapt the current limits to be less aggressive on inlining.

Bug: v8:7748
Change-Id: I338a0e7ee1c4a2dfae86ff2016a0c16d5284a54c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161770
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85280}
2023-01-13 10:59:04 +00:00
Marja Hölttä
c9c873b9fd [arm64] Fix BlockPoolsScope usage when CFI is enabled
Bug: chromium:1327444
Change-Id: I67e4a207cd1ad9799d6a772ba51d2ea8013317ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162913
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85279}
2023-01-13 10:52:33 +00:00
Clemens Backes
91872b9330 Reland "[wasm][test] Remove useless macro"
This is a reland of commit c74c9e63e1.
Types have been fixed to make MSVC happy.

Original change's description:
> [wasm][test] Remove useless macro
>
> Remove the BUILD macro, call a function with an initializer list
> instead. This makes the code slightly shorter, but most importantly it
> avoids an unnecessary macro, which improves maintainability and
> debuggability.
>
> R=jkummerow@chromium.org
>
> Bug: v8:13312
> Change-Id: I904ccf8e5b98c4d2f487c0cedc865db1386321c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152482
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85259}

Bug: v8:13312
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel
Change-Id: Ie3ca8dcd295ec22385b5d40262c2cb03bfcfeda4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162932
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85278}
2023-01-13 10:45:30 +00:00
Leszek Swirski
d53540be77 Revert "Reland "[maglev] Test maglev on Mac Arm64 bots""
This reverts commit b791f4f040.

Reason for revert: Nope, still not yet: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/10154/overview

Original change's description:
> Reland "[maglev] Test maglev on Mac Arm64 bots"
>
> This is a reland of c6e96cf622
>
> Various bugs have been fixed since the revert and we're ready to try
> again.
>
> Original change's description:
> > [maglev] Test maglev on Mac Arm64 bots
> >
> > Also remove unnecessary maglev runs on x64 FYI bots, since maglev runs
> > on the main waterfall's x64 bots already.
> >
> > Bug: v8:7700
> > Change-Id: I5bb23c3ba7696b48f2fe1af4036a3de8c5b1801a
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128092
> > Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#85174}
>
> Bug: v8:7700
> Change-Id: I969e6ae7bd01adb12da0f1240e152232cca00f33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156056
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85275}

Bug: v8:7700
Change-Id: I39ff626e799511d79665b4a9e9fb0f8ef7ae1b7f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4164679
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85277}
2023-01-13 10:19:32 +00:00
Jakob Linke
651d4d9748 [codet] Remove obsolete CodeT dispatch functions
These are no longer relevant now that CodeT is an unconditional alias
for CodeDataContainer.

Bug: v8:13654
Change-Id: Ia283f735cad380d1b97606715cc3b99768e49464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161762
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85276}
2023-01-13 09:42:20 +00:00
Leszek Swirski
b791f4f040 Reland "[maglev] Test maglev on Mac Arm64 bots"
This is a reland of c6e96cf622

Various bugs have been fixed since the revert and we're ready to try
again.

Original change's description:
> [maglev] Test maglev on Mac Arm64 bots
>
> Also remove unnecessary maglev runs on x64 FYI bots, since maglev runs
> on the main waterfall's x64 bots already.
>
> Bug: v8:7700
> Change-Id: I5bb23c3ba7696b48f2fe1af4036a3de8c5b1801a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128092
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85174}

Bug: v8:7700
Change-Id: I969e6ae7bd01adb12da0f1240e152232cca00f33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156056
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85275}
2023-01-13 09:38:20 +00:00
Michael Lippautz
cb4a62e3c5 [heap] Trivial LocalEmbedderHeapTracer removals
Some trivial removals to avoid bouncing in and out of the tree with
larger changes.

No-try: true
Bug: v8:13207
Change-Id: I7d9a6eec0e9a1b047d4684b1cd2477a6a4314dbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156477
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85274}
2023-01-13 08:19:52 +00:00
Jakob Kummerow
34f63ad5e3 [bigint] Move a DCHECK to the right place
The termination check must happen before the DCHECK.

Fixed: chromium:1406177
Change-Id: I1c79473c8d5f8440ec5033f00cda25a945a25524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161768
Reviewed-by: Samuel Groß <saelo@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85273}
2023-01-13 08:02:44 +00:00
Hao Xu
c2a0acd47a [turbofan] Improve reduction of TruncateInt64ToInt32
When TruncateInt64ToInt32 is owned by Word32Op, it can be elided
because Word32Op automatically truncate int64 to int32.

Change-Id: Ia9dd4405f2b9b28710093dbc4c0471ea58df4e12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4100664
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#85272}
2023-01-13 05:57:39 +00:00
v8-ci-autoroll-builder
21de2f66e7 Update V8 DEPS (trusted)
Rolling v8/build: d57dd8d..24fbcb5

Rolling v8/buildtools: 6409ca9..a1adda9

Rolling v8/buildtools/third_party/libc++/trunk: ccb0d32..cf80323

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8f4c5d6..a172c91

Rolling v8/third_party/depot_tools: 4f3b322..e38d195

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230110.3.1..version:11.20230112.1.1

Change-Id: Icb60e4dfa70c7e38bf4984580e3e75fab8e3d166
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162300
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85271}
2023-01-13 03:53:34 +00:00
Shu-yu Guo
c57a13dc3b [heap] Skip ephemeron values that shouldn't be marked
Bug: chromium:1403129
Change-Id: Ic26583be78e4e16a5bc18d8d8ce2bfb79ec70dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136976
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85270}
2023-01-12 20:00:41 +00:00
Shu-yu Guo
aae0ec104b Reland "[flags] Remove --harmony-class-static-blocks"
This is a reland of commit 969fb7796a

No changes since revert. Failing test unrelated and will be fixed in
https://chromium-review.googlesource.com/c/v8/v8/+/4150087

Original change's description:
> [flags] Remove --harmony-class-static-blocks
>
> The class static blocks proposal has shipped since M91.
>
> Bug: v8:11375
> Change-Id: Icec89ea7e4bbef325f2b12b5f7f829840d3f4575
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144630
> Auto-Submit: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85162}

Bug: v8:11375
Change-Id: I48cd4935378c82e952f129b4d07b2998714d67f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151381
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85269}
2023-01-12 19:39:55 +00:00
Andrew Grieve
b234e2e747 Remove GN visibility restriction for run_mksnapshot_default
This will allow embedders to build the snapshot file without building
all of v8.

Bug: chromium:1402705
Change-Id: I5049c18a803fd664e10036adcaef93503f013304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4157273
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Andrew Grieve <agrieve@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85268}
2023-01-12 17:56:21 +00:00
Nikolaos Papaspyrou
3b8893202c [cleanup] Minor changes in isolate and heap
- One (redundant) inline, for consistency.
- One forgotten #undef.
- Several typos.

Change-Id: I7e51b98f9147698c8b147d1642ae3facbb0fc451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162914
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85267}
2023-01-12 17:28:54 +00:00
Leszek Swirski
16a31ada22 Revert "[ptr-compr] Improve ptr compression/decompresion in C++"
This reverts commit 77de44e1c4.

Reason for revert: Seems fuchsia doesn't like this improvement: https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia-arm64-rel/68601/overview

Original change's description:
> [ptr-compr] Improve ptr compression/decompresion in C++
>
> Optimizations introduced in
> https://chromium-review.googlesource.com/c/v8/v8/+/1776079
> are currently defeated since Address is not a pointer type.
> Clang does not seem to carry over alignment information as range
> information when casting to ints.
>
> Using __builtin_assume we can restore the same effect. Additionally
> we can help the compiler remember that when compressing the removed
> bits are actually the cage base. This helps e.g. with
>  `decompress(compress(..))`.
>
> See https://godbolt.org/z/5r68G5qa6 for details.
>
> Bug: v8:9353
> Change-Id: Ief016fce0788f2bef6b684a18b104ada6e6d3856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156060
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85246}

Bug: v8:9353
Change-Id: I1fd6f36667302490f12d19c1fc8f64ca181c006b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162933
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85266}
2023-01-12 17:26:08 +00:00
Shu-yu Guo
6491416033 [turbofan] Add WasmObject to the DetectableReceiver type
Otherwise monotonicity of ToObject is violated, as a WasmObject is
currently a Receiver but *not* a DetectableReceiver.

Bug: v8:12185
Change-Id: I04ac78f7635ed54cf7d433231455fc207aa10109
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4150087
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85265}
2023-01-12 17:18:00 +00:00
Manos Koukoutos
ae2e2a5fe0 [wasm] Small cleanups
Biggest change: do not use a top-level switch in {JSToWasmObject}.

Change-Id: I8e8fab228c07e83d2acc261b779eea6de4fcf645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161767
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85264}
2023-01-12 17:03:13 +00:00
Clemens Backes
5f54f6f916 [wasm] Lazily compile tiered-down modules
If the debugger is enabled while we compile a new Wasm module, we were
still eagerly adding baseline compilation units for all functions. This
is inconsistent with what we do if the module is already created when
the debugger is enabled. It's also inconsistent with the default
compilation strategy, which is lazy nowadays.

Thus this CL removes the outdated code. The runtime function for lazy
compilation already has all necessary logic in place to generate debug
code lazily.

R=ahaas@chromium.org

Bug: v8:13224
Change-Id: I30bebeb751e1a4c7f03a93844f9263bf0e8692df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152950
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85263}
2023-01-12 16:55:16 +00:00
Clemens Backes
35694f6da0 Revert "[wasm][test] Remove useless macro"
This reverts commit c74c9e63e1.

Reason for revert: MSVC compile error: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc%20-%20builder/5266/overview

Original change's description:
> [wasm][test] Remove useless macro
>
> Remove the BUILD macro, call a function with an initializer list
> instead. This makes the code slightly shorter, but most importantly it
> avoids an unnecessary macro, which improves maintainability and
> debuggability.
>
> R=​jkummerow@chromium.org
>
> Bug: v8:13312
> Change-Id: I904ccf8e5b98c4d2f487c0cedc865db1386321c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152482
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85259}

Bug: v8:13312
Change-Id: Ia2e8995c0a201ac7cf05170afdc954b3f852c39c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162872
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85262}
2023-01-12 16:50:06 +00:00
Clemens Backes
8deececeef Revert "Use preserve_most calling conventions for Zone::NewExpand"
This reverts commit 48fee7d232.

Reason for revert: Compile error: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20debug%20builder/6918/overview

Original change's description:
> Use preserve_most calling conventions for Zone::NewExpand
>
> The zone uses bump allocation in the fast-path, and falls back to
> allocating a new segment if there is not enough space.
> Since this is rarely executed and zone allocations happen a lot, we
> should mark `Zone::NewExpand` as "preserve_most" to make
> `Zone::Allocate` as fast and slim as possible.
>
> R=​bikineev@chromium.org, leszeks@chromium.org
>
> Change-Id: I0d592a35440bc3d61ca04425fc2f98c8a8bbbaae
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146436
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85258}

Change-Id: Id5d89bc8ae4f09b7bcd52e530b4ec69da550d683
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162871
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85261}
2023-01-12 16:17:32 +00:00
Manos Koukoutos
22c5844851 [wasm-gc] Allow all reference types at the JS boundary
We have been manually disallowing subtypes of anyref, as well as null
types, at the JS boundary, although the infrastructure to handle them
was basically in place. This CL removes this restriction.

Drive-by: Handle null correctly for typed functions in {ToJS}.

Bug: v8:7748
Change-Id: I51df2159ff4e6eea5a1ba401fa87920db9c4f2aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154413
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85260}
2023-01-12 15:42:15 +00:00
Clemens Backes
c74c9e63e1 [wasm][test] Remove useless macro
Remove the BUILD macro, call a function with an initializer list
instead. This makes the code slightly shorter, but most importantly it
avoids an unnecessary macro, which improves maintainability and
debuggability.

R=jkummerow@chromium.org

Bug: v8:13312
Change-Id: I904ccf8e5b98c4d2f487c0cedc865db1386321c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152482
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85259}
2023-01-12 15:29:13 +00:00
Clemens Backes
48fee7d232 Use preserve_most calling conventions for Zone::NewExpand
The zone uses bump allocation in the fast-path, and falls back to
allocating a new segment if there is not enough space.
Since this is rarely executed and zone allocations happen a lot, we
should mark `Zone::NewExpand` as "preserve_most" to make
`Zone::Allocate` as fast and slim as possible.

R=bikineev@chromium.org, leszeks@chromium.org

Change-Id: I0d592a35440bc3d61ca04425fc2f98c8a8bbbaae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146436
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85258}
2023-01-12 15:24:18 +00:00
Jakob Linke
177b6be920 [codet] Remove the CodeT=Code implementation
There is no reason to keep the CodeT dispatch (which switches
between `CodeT = CodeDataContainer` and `CodeT = Code`) around. Using
CodeDataContainer doesn't actually depend on anything from v8_enable_external_code_space, so let's use it unconditionally and
simplify our codebase.

In this first step, update the
`v8_enable_external_code_space = false` configuration to use
`CodeT = CodeDataContainer` as well and remove all support for
`CodeT = Code`.

Upcoming CLs will remove the CodeT alias type, and rename
the Code/CodeDataContainer pair to something more intuitive.

Bug: v8:13654
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_no_pointer_compression_dbg,v8_linux64_no_pointer_compression_rel,v8_linux64_arm64_no_pointer_compression_rel;luci.node-ci.try:node_ci_linux64_rel
Change-Id: I58e4d510924f685ef0f2403220a2c33651c3c864
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138254
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85257}
2023-01-12 15:23:13 +00:00
Victor Gomes
1a109d28a5 [maglev][arm64] Fix cloberred register in ReduceInterruptBudget
Bug: v8:7700
Change-Id: I883de6edfd218cfff23a4b4a512c516cb825734c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161766
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85256}
2023-01-12 15:04:58 +00:00
Manos Koukoutos
90c972bb52 [wasm-gc][turbofan] Introduce wasm load elimination
We introduce high-level typed load elimination for wasm. It is based
on CSALoadElimination. It operates on wasm struct.set/get and
array.length operators (with array operations pending). Wasm types are
used to refine the may-alias analysis ran for stores.

Drive-by:
- Type more nodes in wasm-compiler and wasm-gc-operator-reducer.
- Remove an unsafe-cast test which now hits an Unreachable Turbofan
  node.

Bug: v8:7748
Change-Id: I309e4af4d9f9c584e27ff79804a776666b5dc3c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146430
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85255}
2023-01-12 14:45:45 +00:00
Michael Lippautz
c020a31092 cppgc: Change calling convention for slow write barrier bailout
Change the calling convention for the slow write barrier call to allow
callers to avoid saving caller-saved registers.

Bug: chromium:1406464
Change-Id: I314bdacb235727e0e78a192ed7cbff09e9bc6b4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156476
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85254}
2023-01-12 14:23:01 +00:00
Alexander Schulze
25f779623d [builtins][pgo] Add helper script to interact with PGO profile bucket
We start to host PGO profiles for builtins on a GCP bucket. This script supports various workflows to download profiles for tagged git versions.

In a first step, we provide profiles for tagged git versions only. The script identifies this version from the current checkout and downloads (or validates the existence of) the profiles to a directory where they'll be used during build time.

We introduce `checkout_v8_builtins_pgo_profiles` to the DEPS file (defaults to False). If set, we call the new helper script to download the profiles within the gclient sync step.

The profile download is added to the Chromium project in crrev.com/c/4131525.

Bug: chromium:1382471
Change-Id: I74ba4f3c102a85e230be7ef17b9c87621a1eab14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111528
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85253}
2023-01-12 14:16:16 +00:00
Leszek Swirski
d8cd42360d [maglev] Ensure CheckedObjectToIndex zero extends
Use SmiToInt32 instead of SmiUntag to get a zero extended value in
CheckedObjectToIndex.

Bug: v8:7700
Change-Id: I034039781d8db106713e54ebaf72672c261b8fc1
Fixed: chromium:1406573
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161759
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85252}
2023-01-12 14:06:48 +00:00
pthier
2501a75575 [maglev][arm64] Use one less scratch register in PushAllHelper
Instead of pushing 2 arguments at the same time, we push 1 argument
together with padreg (to ensure alignment) and overwrite padreg
afterwards.
That way we can re-use scratch registers used for the first argument
to materialise the second one.

Bug: v8:7700
Change-Id: I6d32b61f6e75ec488b4cf4128ced966bcf0ed1bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161758
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85251}
2023-01-12 12:55:19 +00:00
Omer Katz
177eb46e5f Reland "[heap] Iterate promoted pages during sweeping"
This is a reland of commit 1e3dd39d09
and commit e5dbd05dcf

The fix is in https://chromium-review.googlesource.com/c/v8/v8/+/4094755/3..6

Original change's description:
> [heap] Iterate promoted pages during sweeping
>
> Promoted pages are iterated to record slots containing old to new and
> old to shared references. This takes a significant amount of time during
> the atomic pause.
> Instead we offload this task to the concurrent sweepers, record slots to
> a local cache, and merge it when finalizing sweeping.
>
> Array buffer sweeping depends on iteration of promoted pages, so it is
> frozen until iteration is done.
>
> See design doc at https://docs.google.com/document/d/1JzXZHguAnNAZUfS7kLeaPVXFfCYbf5bGCtyKgyiMDH4/edit?usp=sharing
>
> Bug: v8:12612
> Change-Id: Icdc79a7a70c53352e3a1b3961cfe369e8563b65b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062041
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Auto-Submit: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84706}

Bug: v8:12612
Change-Id: I67bbf4753e9fa8b9194367996797aa103e58c16f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4094755
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85250}
2023-01-12 12:35:19 +00:00
Paolo Severini
1ef43e7ba9 [sandbox] Increase max size of ExternalPointerTable
Bug: v8:13640
Change-Id: I017a067d775c71977054b772ead8853e4df0cd51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4159852
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85249}
2023-01-12 12:31:10 +00:00
Matthias Liedtke
89677cfaa8 [wasm-gc] Fix call feedback vector issues after memory out of bounds accesses
Turbofan uses the feedback vectors created by liftoff during
compilation. It is assumed that for any given function liftoff and
turbofan use same-sized feedback vectors.

Calls in unreachable code don't allocate entries in the feedback vector.
Therefore it is required that turbofan and liftoff have the same
understanding of which parts of the code are treated as unreachable.
This is achieved by moving the unreachable handling from liftoff
into the decoder that is also used for the turbofan compilation.

Bug: chromium:1403398
Change-Id: I113726c1a0d773ea9483c80d8e3c3084be423ca2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152477
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85248}
2023-01-12 12:00:06 +00:00
Clemens Backes
25005c142c [wasm] Allow TurboFan compilation of arbitrarily sized functions
We added a stop-gap workaround for excessive TurboFan compilation times,
by just not compiling functions bigger than 500k by TurboFan.
This code is only used when WasmGC is enabled and lazy compilation is
disabled.
Since lazy compilation is the default now, this code is not needed any
more. We remove it to simplify the code by avoiding late updates of the
compilation progress.

R=jkummerow@chromium.org

Change-Id: I32c63b24417e6f44e8ec4496caba20b10bfd78b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161754
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85247}
2023-01-12 11:25:01 +00:00
Olivier Flückiger
77de44e1c4 [ptr-compr] Improve ptr compression/decompresion in C++
Optimizations introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/1776079
are currently defeated since Address is not a pointer type.
Clang does not seem to carry over alignment information as range
information when casting to ints.

Using __builtin_assume we can restore the same effect. Additionally
we can help the compiler remember that when compressing the removed
bits are actually the cage base. This helps e.g. with
 `decompress(compress(..))`.

See https://godbolt.org/z/5r68G5qa6 for details.

Bug: v8:9353
Change-Id: Ief016fce0788f2bef6b684a18b104ada6e6d3856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156060
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85246}
2023-01-12 10:44:27 +00:00
Victor Gomes
e82b88192e [maglev][arm64] Fix some typed array arch issues
- When doing a 64 bit add, we should not pass a W register
- We should use MemOperand to load from memory

Bug: v8:7700
Change-Id: I2dfca1f558c58a12f836942155cafb60cc72915a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161753
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85245}
2023-01-12 10:30:38 +00:00
Clemens Backes
c48cc5bab5 [wasm] Avoid re-validation after deserialization
As we do not ship lazy validation, we can expect that most modules are
fully validated when they are serialized. We should use that information
and not re-validate functions after deserialization.

We do so by writing out a single boolean value that encodes whether all
functions have been validated. This value is expected to be true in all
relevant cases. On deserialization we then mark all functions as
validated if the value is set.

R=ahaas@chromium.org

Bug: v8:13565
Change-Id: I18bdd6b04b607ba4521d36d3ca2fd35b4a6df7dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152489
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85244}
2023-01-12 10:06:08 +00:00
Victor Gomes
8a646573d9 [maglev][arm64] Port crrev.com/c/4127157
Drive-by fix:
- On x64: load byte zero extended.
- On arm64: set flag when subtracting the interrupt budget

Bug: v8:7700
Change-Id: Ieeaa461a037b2968617ff1df4c75ecc1b509e2d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161751
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85243}
2023-01-12 09:57:55 +00:00
Jakob Linke
d4bf44d820 Disable TF in lite mode
When v8_enable_lite_mode is enabled at build-time, we can set
v8_enable_turbofan to false and thus completely omit TF from the
binary.

.. and we also piggy-back on top of existing lite-mode bots for
basic bot coverage.

Bug: v8:13629
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_compile_dbg,v8_linux_arm_lite_compile_rel,v8_linux_arm_lite_rel
Change-Id: I8104ccd918531714db80631c61c5134e856fafa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135887
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85242}
2023-01-12 09:54:54 +00:00
Andreas Haas
7b3b682818 [wasm] Improve result check in {DefaultWasmAsyncResolvePromiseTask}
In the implementation we assumed that the Maybe<bool> returned by
`Promise::Resolver::Resolve()` always has a value. However, if the
isolate is already in the process of termination, this assumption is
wrong.

With this CL we first check if a value was returned, and only check
the value if it exists.

Bug: chromium:1404317
Change-Id: I0b63860b7063f055ee5ef739f877583a29f2acdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136724
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85241}
2023-01-12 09:42:46 +00:00
Leszek Swirski
ed47b8cd0c [ic] Allow resetting interrupt budget on IC change
Add an alternative to any_ic_changed_, where instead of a global flag
that is updated on ICs changed (which prevents small function
optimisation), the interrupt budget of the particular function whose IC
was updated is reset to a default value.

This should have a similar effect, allowing small functions to tier up
quickly but still only once they have been stable enough for some time,
but should prevent cross-contamination of different functions'
stabilities due to the global nature of the flag.

It does, however, require a back pointer from the feedback vector to its
parent feedback cell (which holds the interrupt budget).

Drive-by, use any_ic_changed_ for Maglev tierup, to match small
function behaviour.

Change-Id: I7109cf3aff536af7ab36d3564ec8005ee7aa44f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156472
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85240}
2023-01-12 09:35:41 +00:00
Dominik Inführ
7777e0321d [api] Deprecate memory savings mode
This mode was used for an experiment and isn't used anymore.
IsolateInBackgroundNotification() can be used to achieve the same
memory savings mode.

Bug: v8:13653
Change-Id: I4bc0b0bd7ceac43f22e16b234b9482af9fe03152
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156054
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85239}
2023-01-12 09:14:01 +00:00
v8-ci-autoroll-builder
a3b7c6706a Update V8 DEPS (trusted)
Rolling v8/build: fc82049..d57dd8d

Rolling v8/buildtools: f017c8f..6409ca9

Rolling v8/buildtools/third_party/libc++/trunk: 7c5e4b4..ccb0d32

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c470a55..8f4c5d6

Rolling v8/third_party/depot_tools: dcb79c7..4f3b322

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230109.2.2..version:11.20230110.3.1

Rolling v8/third_party/zlib: fa5dc47..2d88319

Rolling v8/tools/clang: 341ed9b..9f2d780

Rolling v8/tools/luci-go: git_revision:bac571b5399502fa16ac48a1d3820e1117505085..git_revision:81e5cdad29bb4c7aaad98c843637513db3155b0d

Rolling v8/tools/luci-go: git_revision:bac571b5399502fa16ac48a1d3820e1117505085..git_revision:81e5cdad29bb4c7aaad98c843637513db3155b0d

Change-Id: Iafd14878d4159be8aedd82800eebb93f97996ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4159773
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85238}
2023-01-12 04:39:23 +00:00
Michael Lippautz
9ae82b0486 Revert "Reland "[heap] Move methods from LocalEmbedderHeapTracer to CppHeap""
This reverts commit 38a4042c05.

Reason for revert: Still broken: https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia-arm64-rel/b8792238654530542257/test-results?q=ExactID%3Aninja%3A%2F%2Fcomponents%3Acomponents_browsertests%2FFormAutofillUtilsTest.GetAriaLabelledByInvalid+VHash%3A6f6e8444a444fd2a&clean=&sortby=&groupby=

Original change's description:
> Reland "[heap] Move methods from LocalEmbedderHeapTracer to CppHeap"
>
> This is a reland of commit 40b002ffbc
>
> Original change's description:
> > [heap] Move methods from LocalEmbedderHeapTracer to CppHeap
> >
> > Move methods around tracing to CppHeap and simplifies overall tracing
> > logic.
> >
> > Bug: v8:13207
> > Change-Id: I539fba924ba3f8f329405e084b999b18a7adfe7e
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147610
> > Reviewed-by: Omer Katz <omerkatz@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#85152}
>
> Bug: v8:13207
> Change-Id: I42834edd7a0a84d01df60e8dfdfe7a1c0cac5533
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4155912
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85228}

Bug: v8:13207
Change-Id: If34811c4ac4d664b61727ea2b855f3a23e4179f1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4158271
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85237}
2023-01-11 20:21:07 +00:00
Andreas Haas
b77287525d [wasm] Update spec tests
R=thibaudm@chromium.org

Change-Id: Ic0d953530118cec8933bd64ab2e40607975bc039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156057
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85236}
2023-01-11 19:59:14 +00:00