Commit Graph

79777 Commits

Author SHA1 Message Date
pthier
40f3d61836 [maglev] Fix Function.prototype.apply with spread
Bug: v8:7700, chromium:1405445
Change-Id: I5faeb7e5229f55fdbd5cf11d79fc44d285b4bea9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151200
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85185}
2023-01-10 14:50:00 +00:00
Clemens Backes
5134d16904 [wasm] Skip second pass over signature if not needed
Most Wasm signatures still do not contain any tagged parameters. Thus
skip the second pass over the signature if we did not see any tagged
parameter before.

R=ahaas@chromium.org

Bug: v8:13565
Change-Id: Icf0df86bc96125b38adb65f074166b6b3c47b722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147615
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85184}
2023-01-10 14:45:42 +00:00
Olivier Flückiger
643b458b07 [static-roots] Use static roots in CSA
Like in https://chromium-review.googlesource.com/c/v8/v8/+/4130075
we add the same optimizations to non-C++ builtins.

Bug: v8:13466
Change-Id: I20600f01c6966ef5b3e66cdf934cf895d60d6847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151195
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85183}
2023-01-10 14:15:49 +00:00
Victor Gomes
50a20711c7 [maglev][arm64] Fix instance load in CheckedInternalizedString
InstanceType is a 16bit word.

Bug: v8:7700
Change-Id: Id73d2bf42fd682d3fa5136e17a9f85e353edbe4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151199
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85182}
2023-01-10 14:01:28 +00:00
Manos Koukoutos
a2d33fcf5f [wasm-gc][turbofan] Struct and array operators
We add simplified Turbofan operators for the following wasm-gc
operations: struct.get/set, array.get/set, array.length, and array
length initialization. We then lower them to object load/store
operators in WasmGCOperatorReducer.

Bug: v8:7748
Change-Id: I3b40df1419e5ad98562e6bec6c4a3d1a4de63c71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146428
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85181}
2023-01-10 14:00:22 +00:00
Leszek Swirski
b08d76e22d Reland "[maglev] Force (U)Int32 values to always be zero extended"
This is a reland of commit fe54336953

The reland fixes an arm64 compilation error.

Original change's description:
> [maglev] Force (U)Int32 values to always be zero extended
>
> Ensure that (U)Int32 values are always zero extended (in particular,
> after Float64 truncation and constant materialisation), and add debug
> code which asserts that (U)Int32 register inputs to nodes are zero
> extended at input read time.
>
> Bug: v8:7700
> Change-Id: Idbebabdd48bc7a6d2d73f1dfce7da629b5814ca5
> Fixed: chromium:1404066
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147621
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85169}

Bug: v8:7700
Fixed: chromium:1404066
Change-Id: I4f61acfd3a1cdbc8c1976bb1731441cb1e8fe784
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151569
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85180}
2023-01-10 13:31:54 +00:00
Nico Hartmann
d25d23f54d [turboshaft] Type-based reduction verification
Bug: v8:12783
Change-Id: Icb0ff1ff228acf84c8fd4e5a0896ef6558f57248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4120260
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85179}
2023-01-10 13:26:47 +00:00
Victor Gomes
edd7739b63 Reland "[maglev] Remove kScratchRegister in maglev-ir"
This is a reland of commit 3cc300558e

Original change's description:
> [maglev] Remove kScratchRegister in maglev-ir
>
> The use of kScratchRegister in arm64 code is unsafe. Since a scratch
> scope could re-use the same register. Ideally, we should remove it
> altogether, but we still currently require it for the ParallelMover.
>
> Bug: v8:7700
> Change-Id: I46c93874632a3d505ef71a7bf790c31fb5fd46d6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147617
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85156}

Bug: v8:7700
Change-Id: I7de621b19da48c234ccb18ca702aa041673a1c2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151489
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85178}
2023-01-10 13:22:31 +00:00
Leszek Swirski
d18fc97189 Revert "[maglev] Test maglev on Mac Arm64 bots"
This reverts commit c6e96cf622.

Reason for revert: Not yet... https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/47672/overview

Original change's description:
> [maglev] Test maglev on Mac Arm64 bots
>
> Also remove unnecessary maglev runs on x64 FYI bots, since maglev runs
> on the main waterfall's x64 bots already.
>
> Bug: v8:7700
> Change-Id: I5bb23c3ba7696b48f2fe1af4036a3de8c5b1801a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128092
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85174}

Bug: v8:7700
Change-Id: Ic9318aacc16086ab5bc31e7c24926121e7096964
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152250
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85177}
2023-01-10 12:39:09 +00:00
Dominik Inführ
40a5a963e6 [heap] Turn SLOW_DCHECK into DCHECK
The condition is a simple page flag check so shouldn't be too
expensive. This will help investigate the linked issue which is
currently not reproducible.

Bug: v8:13267, chromium:1405324
Change-Id: I3e93dd120884e81814b3bb59626ea45721d1a86d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151196
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85176}
2023-01-10 12:15:36 +00:00
Dominik Inführ
f8eebf3365 [heap] Enable --shared-space by default
Bug: v8:13267
Change-Id: Ie887ff8183fd3a115fd95a7e24b46c654bc15b28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151188
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85175}
2023-01-10 11:58:30 +00:00
Leszek Swirski
c6e96cf622 [maglev] Test maglev on Mac Arm64 bots
Also remove unnecessary maglev runs on x64 FYI bots, since maglev runs
on the main waterfall's x64 bots already.

Bug: v8:7700
Change-Id: I5bb23c3ba7696b48f2fe1af4036a3de8c5b1801a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128092
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85174}
2023-01-10 11:48:50 +00:00
Al Muthanna Athamina
966f5a4037 Modify tracking bug for test skip for better tracking
Bug: chromium:1394659
Change-Id: I24a76965d624d18237cbd32ca7e149255ad70baf
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151192
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85173}
2023-01-10 11:42:15 +00:00
Jakob Linke
6e1b9141ec Reland "[flags,testrunner] Consider readonly flags for conflict detection"
This is a reland of commit ebd933037e

Original change's description:
> [flags,testrunner] Consider readonly flags for conflict detection
>
> Flag conflict detection 1) bails out on incompatible flag values (e.g.
> --jitless and --turbofan) and 2) handles such bailouts transparently in
> the test runner by marking affected tests as OUTCOMES_FAIL.
>
> This CL adds full support for readonly flags to this system, together
> with required additional annotations in variants.py.
>
> Drive-by: assert proper use of v8_enable_slow_dchecks, and add
> support when dcheck_always_on is set.
> Drive-by: introduce has_maglev build variable detection based on
> v8_enable_maglev and use that for .status file annotations.
> Drive-by: protect against unintended overwrites of build variables
> in statusfile.py.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
> Bug: v8:13629,v8:10577
> Change-Id: I04de399139a0490806df8bfee7e75e2ec767b4b5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135879
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85130}

Bug: v8:13629,v8:10577
Change-Id: I49ce322c3fda00a1e1e280d99d2d818772533927
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151087
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85172}
2023-01-10 10:52:11 +00:00
Victor Gomes
eb00054f61 [maglev] Consider DataView/TypedArray backed by RAB and GSAB
- For TypedArrays, we bail out trying to reduce the access.
- For DataView, we check dynamically the DataView object bitfield
and call a builtin on a slow path.

Drive by: fix presubmit lint to allow assertOptimized when
passing --maglev flag.

Bug: v8:7700, v8:13645
Change-Id: I3ce4773466f045ff10c86c41734e00fbb94eb331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146435
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85171}
2023-01-10 10:51:07 +00:00
Leszek Swirski
82c7f93aeb Revert "[maglev] Force (U)Int32 values to always be zero extended"
This reverts commit fe54336953.

Reason for revert: Android build failure: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Android%20Arm64%20-%20debug%20builder/28804/overview

Original change's description:
> [maglev] Force (U)Int32 values to always be zero extended
>
> Ensure that (U)Int32 values are always zero extended (in particular,
> after Float64 truncation and constant materialisation), and add debug
> code which asserts that (U)Int32 register inputs to nodes are zero
> extended at input read time.
>
> Bug: v8:7700
> Change-Id: Idbebabdd48bc7a6d2d73f1dfce7da629b5814ca5
> Fixed: chromium:1404066
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147621
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85169}

Bug: v8:7700
Change-Id: Ifa7a5541fda93522d1ea34dafdfc88d2561a8795
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151488
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85170}
2023-01-10 10:28:15 +00:00
Leszek Swirski
fe54336953 [maglev] Force (U)Int32 values to always be zero extended
Ensure that (U)Int32 values are always zero extended (in particular,
after Float64 truncation and constant materialisation), and add debug
code which asserts that (U)Int32 register inputs to nodes are zero
extended at input read time.

Bug: v8:7700
Change-Id: Idbebabdd48bc7a6d2d73f1dfce7da629b5814ca5
Fixed: chromium:1404066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147621
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85169}
2023-01-10 10:20:05 +00:00
Al Muthanna Athamina
5c9560658b Skip intl/overrides/caching
Bug: v8:13649
Change-Id: I49d6d51b1c762d21717569bae0db89a476ab1b77
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4151191
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85168}
2023-01-10 09:45:05 +00:00
pthier
69df64a75c Remove GC post-processing check from externalizing strings
This check was probably relevant in the past (when GC was different),
but it is unknown today why it exists. It can cause races in a
concurrent set-up though, as tracking the post-processing state is not
atomic.
Due to possible races and no reason to check whether we are in GC
post-processing phase, this check is removed from
String::SupportsExternalization().

SupportsExternalization() was the only user of the logic.

Drive-by: Remove tracking of GC post-processing state, as
Change-Id: Id0a6dd25a8dc6044504b40f1c754612dedcacf75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147612
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85167}
2023-01-10 07:43:21 +00:00
jiepan
499697b157 [disasm][x64] Add missing disasm for opcode F6F7
Only byte displacement was handled for opcode F6F7,
this CL adds 32-bit displacement support.

Change-Id: I40b3140df582cd0dce008dbbb957e615751c2131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144627
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#85166}
2023-01-10 07:15:05 +00:00
v8-ci-autoroll-builder
d6dc9a71fb Update V8 DEPS (trusted)
Rolling v8/build: 7ab406c..fc82049

Rolling v8/buildtools: cf8d11e..f017c8f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/163b421..c470a55

Rolling v8/third_party/depot_tools: 6f90547..dcb79c7

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230108.3.1..version:11.20230109.2.2

Rolling v8/tools/clang: e8c31f9..341ed9b

Change-Id: I2124485ba0d4e82860412686a0e7c323bd2c441d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4150727
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85165}
2023-01-10 07:14:03 +00:00
Simon Zünd
e56fe00bc3 [debug] Fix catch prediction for for-of statement
The bytecode generator currently uses the wrong catch prediction in
the desugaring for for-of loops. This leads to unexpected pauses in
DevTools when 'pause on uncaught exceptions' is enabled, e.g. for throwing generators.

Specifically the call to .next of the iterator is unconditionally
marked as 'uncaught' instead of using the surrounding catch
prediction. Similarly, in the desugared "finally" block we call
.return which can also throw.

Note that if both the loop body and the ".return" throws, the
exception from ".return" is caught and only the loop body exception
is re-thrown. We still pause on both throw sites since we can't
detect this case statically.

R=leszeks@chromium.org

Bug: chromium:1270780
Change-Id: I2e642ef3fbfcfc6ad19e92cf611188801ebf2450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146420
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85164}
2023-01-10 07:12:59 +00:00
Deepti Gandluri
06464a5985 Revert "[flags] Remove --harmony-class-static-blocks"
This reverts commit 969fb7796a.

Reason for revert: Test fail on V8 Linux64 - minor mc - debug - https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8792401441362374289/+/u/Check_-_minor_mc/TyperTest.Monotonicity_ToObject

Original change's description:
> [flags] Remove --harmony-class-static-blocks
>
> The class static blocks proposal has shipped since M91.
>
> Bug: v8:11375
> Change-Id: Icec89ea7e4bbef325f2b12b5f7f829840d3f4575
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144630
> Auto-Submit: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85162}

Bug: v8:11375
Change-Id: I51a4f68af456c3700606c5ddb5f32d244aca59dd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4149236
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85163}
2023-01-10 07:11:55 +00:00
Shu-yu Guo
969fb7796a [flags] Remove --harmony-class-static-blocks
The class static blocks proposal has shipped since M91.

Bug: v8:11375
Change-Id: Icec89ea7e4bbef325f2b12b5f7f829840d3f4575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144630
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85162}
2023-01-10 00:04:43 +00:00
Omer Katz
47405154da Reland "[heap] Adjust pretenuring heuristic for MinorMC"
This is a reland of commit a614ccb8f7

This CL will cause a performance regression when running with MinorMC on
the bots. However this regression is expected (due to delaying pretenuring
decisions) and we anyway result from relanding crrev.com/c/4092734.

Original change's description:
> [heap] Adjust pretenuring heuristic for MinorMC
>
> MinorMC needed to process pretenuring feedback both after sweeping and
> at the end of the atomic pause, despite having no new feedback at the
> end of the atomic pause, because the heuristics didn't hold after
> sweeping. This CL adjusts the heuristics for MinorMC so that processing
> twice is no longer needed.
>
> Bug: v8:12612
> Change-Id: I4d3ebaeaa6e7868bcdcae6fbdb3bcecb0ebcb8bf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4085983
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84730}

Bug: v8:12612
Change-Id: I3101f8c8b4c1d34ff95802fbc8c8d1fff81e8ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147607
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85161}
2023-01-09 20:57:40 +00:00
Luis Fernando Pardo Sixtos
6706d51d0e [shared-struct] Disallow SharedArray inline element access.
There is no path to handle inline element access requiring a shared
barrier check.

Change-Id: Ia16d4792a136adebb753cc1eee9d2f45baeb0e46
Bug: v8:12547, chromium:1402921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144619
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85160}
2023-01-09 20:25:40 +00:00
Deepti Gandluri
4baa96c84c Revert "[maglev] Remove kScratchRegister in maglev-ir"
This reverts commit 3cc300558e.

Reason for revert: Reverting because of TSAN failures https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8792427956695159937/+/u/Check/regress-1394663

Original change's description:
> [maglev] Remove kScratchRegister in maglev-ir
>
> The use of kScratchRegister in arm64 code is unsafe. Since a scratch
> scope could re-use the same register. Ideally, we should remove it
> altogether, but we still currently require it for the ParallelMover.
>
> Bug: v8:7700
> Change-Id: I46c93874632a3d505ef71a7bf790c31fb5fd46d6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147617
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85156}

Bug: v8:7700
Change-Id: Ib5a47c20932c28163fc2627c5b433ca64ab55730
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4148267
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85159}
2023-01-09 18:10:14 +00:00
Nico Hartmann
0b327a7c61 [turbofan] Split JSNativeContextSpecialization::BuildElementAccess
Change-Id: I69a0ac55d5a9aeae91e913e223a58c37b81091d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147623
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85158}
2023-01-09 17:48:45 +00:00
Darius M
dc7a7545a4 [maglev] Deopt when trying to load from Typed Array with detached buffer
Drive-by: fix wrong bound check for TypedArrays / DataView on arm64,
which sometimes resulted in unecessary deopts.

Bug: v8:7700, chromium:1405651
Change-Id: I9afb2008edb22c0cd63044a6700a9f276960c191
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146437
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85157}
2023-01-09 17:24:51 +00:00
Victor Gomes
3cc300558e [maglev] Remove kScratchRegister in maglev-ir
The use of kScratchRegister in arm64 code is unsafe. Since a scratch
scope could re-use the same register. Ideally, we should remove it
altogether, but we still currently require it for the ParallelMover.

Bug: v8:7700
Change-Id: I46c93874632a3d505ef71a7bf790c31fb5fd46d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147617
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85156}
2023-01-09 16:53:35 +00:00
Clemens Backes
7e1c6eacbf [wasm] Avoid temporary signature for call descriptor
When computing a call descriptor from a {wasm::FunctionSig} (which is
{Signature<ValueType>}), we were first computing a temporary
{Signature<MachineRepresentation>}.
This CL avoids this allocation by templatizing {BuildLocations} and
accepting either a {Signature<MachineRepresentation>} or a
{Signature<ValueType>}.

As {GetWasmCallDescriptor} shows up prominently in Liftoff performance
profiles (~2% of execution time), this optimization should give a slight
improvement in Liftoff compile time.

R=ahaas@chromium.org

Bug: v8:13565
Change-Id: Ibd2b72c29b965580e91e39bef560b82cc85d1b7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147614
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85155}
2023-01-09 16:40:37 +00:00
Olivier Flückiger
7f9197883d Reland "Reland "Reland "[static-roots] Enable static roots on supported configurations"""
This is a reland of commit 4bbbb521f4

The issue was that the hash of the static roots table was not stable
across cross-compilation.

Original change's description:
> Reland "Reland "[static-roots] Enable static roots on supported configurations""
>
> This is a reland of commit b247270178
>
> But with static roots disabled on non-external code space builds.
>
>
> Original change's description:
> > Reland "[static-roots] Enable static roots on supported configurations"
> >
> > This is a reland of commit c04ca9cc63
> >
> > Original change's description:
> > > [static-roots] Enable static roots on supported configurations
> > >
> > > The static root values are not actually used yet.
> > >
> > > Bug: v8:13466
> > > Change-Id: I85fc99277c31e0dd4350a305040ab25456051046
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4101880
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> > > Cr-Commit-Position: refs/heads/main@{#84850}
> >
> > Bug: v8:13466
> > Change-Id: Id65bb5b19df999dfe930a78993e4bf3343d9f996
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111641
> > Auto-Submit: Olivier Flückiger <olivf@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#84991}
>
> Bug: v8:13466
> Change-Id: Id1f55c1cf8d349338fd49f6cb0ed7dc2e1054a72
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4123534
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85037}

Bug: v8:13466
Change-Id: Ifbf26347da293bb465e837a0a914d3f0b393cfad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4139138
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85154}
2023-01-09 16:39:08 +00:00
Clemens Backes
2ecd941c4d [zone] Check that supported alignment is sufficient
The zone always returns 8-byte aligned pointers. This is sufficient for
all current uses, but future uses might require bigger alignment (for
SIMD or for types with custom alignment via `alignas`).
This CL adds static asserts that such types are not used with the
`Zone::New` or `Zone::NewArray` methods.

R=jkummerow@chromium.org

Change-Id: I9aefbc655b25a5a0b26d2a640b691a52abb5f3c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146427
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85153}
2023-01-09 16:27:37 +00:00
Michael Lippautz
40b002ffbc [heap] Move methods from LocalEmbedderHeapTracer to CppHeap
Move methods around tracing to CppHeap and simplifies overall tracing
logic.

Bug: v8:13207
Change-Id: I539fba924ba3f8f329405e084b999b18a7adfe7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147610
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85152}
2023-01-09 16:09:03 +00:00
Clemens Backes
2ce768f7e5 Rewrite Zone::NewExpand
{Zone::NewExpand} currently allocates a new segment of the right size
and also allocates first memory from it. Rewriting this to only allocate
the new chunk not only allows us to mark the {Zone::Expand} method as
"preserve_all" in a follow-up, but also make the code simpler.

R=leszeks@chromium.org

Change-Id: Ibbe3486b07c09c2c1b8b528c240d89879de2ef4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147611
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85151}
2023-01-09 15:58:35 +00:00
Lu Yahan
e5b3790fc7 [riscv] Fix error for computing the slot size of element
Change-Id: I0dcfadc4cdddecb7d6cd601626a4e78a7560b581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144628
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85150}
2023-01-09 15:25:50 +00:00
Leszek Swirski
b985e8d83b Revert "[x64] Make {Assembler::GrowBuffer} preserve most registers"
This reverts commit 8fe57bf641.

Reason for revert: Looks like preserve_most is too experimental after all: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20shared/24208/overview

Original change's description:
> [x64] Make {Assembler::GrowBuffer} preserve most registers
>
> This makes many callers of {GrowBuffer} a lot slimmer, by avoiding the
> need to push and pop all values in otherwise caller-saved registers.
> E.g. {emit_mov(Register, Operand)} was measured to be ~2x faster (from
> 2.3% of Liftoff compilation time to 1.2%).
>
> R=​bikineev@chromium.org
> CC=​dlehmann@chromium.org
>
> Bug: v8:13565
> Change-Id: I681747a491548adf1374187cd9f37520c153ef1a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127230
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85147}

Bug: v8:13565
Change-Id: I80207ab3cc84958c3c453e63cc4062a408e05a27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147787
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85149}
2023-01-09 15:13:11 +00:00
Marja Hölttä
806ae48bb5 [cctest] Disable an incorrect test
Bug: v8:13646
Change-Id: I04b1016b80c4bcbdb0cdd2552abdc6c3c9c543d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147608
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85148}
2023-01-09 15:01:53 +00:00
Clemens Backes
8fe57bf641 [x64] Make {Assembler::GrowBuffer} preserve most registers
This makes many callers of {GrowBuffer} a lot slimmer, by avoiding the
need to push and pop all values in otherwise caller-saved registers.
E.g. {emit_mov(Register, Operand)} was measured to be ~2x faster (from
2.3% of Liftoff compilation time to 1.2%).

R=bikineev@chromium.org
CC=dlehmann@chromium.org

Bug: v8:13565
Change-Id: I681747a491548adf1374187cd9f37520c153ef1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127230
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85147}
2023-01-09 14:33:52 +00:00
Michael Lippautz
0d89b699eb [cctest] Remove unnecessary deprecation ignore scope
The caller was rewritten but the ignore scope was left behind.

Bug: v8:12819
Change-Id: I76c297f43587bb5bd74c62cf39e0e979271a3b7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110939
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85146}
2023-01-09 14:15:35 +00:00
Clemens Backes
b4b3fd662d Avoid one allocation in Signature::Builder
Instead of allocating the signature and the buffer separately, allocate
them in one chunk in the Zone.

R=ahaas@chromium.org

Bug: v8:13565
Change-Id: Ie6317bc695473cad667e47ad7869a07376c96631
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138268
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85145}
2023-01-09 14:13:35 +00:00
pthier
f3b8717159 Dispose external resources exactly once
This CL handles 2 issues with disposing of external string resources in
the string forwarding table:
1) Resources of unmarked strings during GCs with stack are correctly
disposed (these were previously leaking).
2) Resources of unmarked strings during GCs without stack are disposed
at most once. Previously resources could be disposed multiple times if
the same resource had multiple entries in the string forwarding table.

Bug: v8:12957, chromium:1403564
Change-Id: I809ec1ada1ee813d7277e85ade9aa1e3e95a80f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136725
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85144}
2023-01-09 14:03:08 +00:00
Nico Hartmann
88eac4b870 [turboshaft] Basic TypedOptimization and new DeadCodeElimination
This CL introduces typed optimizations for Turboshaft, which replaces all operations that produce a constant output (and don't have side effects) by the corresponding constant.

In addition, a new pass for eliminating dead code is introduced that cannot only remove dead operations, but also rewrite branches that are not required into GotoOps.

Drive-by: Introduce -0 as a "special value" for Float32Type and Float64Type to fix a few issues where 0 and -0 have been treated as identical.

Bug: v8:12783
Change-Id: Ia1450ad7a9abb5d58c7d753596ed08a33a73184f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110993
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85143}
2023-01-09 13:23:56 +00:00
Michael Lippautz
322e42bf13 [heap] Remove Push/Pop for EmbedderHeapTracer wrapper object
EmbedderHeapTracer has been removed, making the separate main-thread
worklist obsolete.

Bug: v8:13207
Change-Id: I3f92457a73d6664b28646247548b78ade491be32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136716
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85142}
2023-01-09 12:12:02 +00:00
Jakob Linke
82e8025d69 [builtins] Remove read-only CodeDataContainer optimization
Since only applies to builds without v8_enable_external_code_space and
only saves minimal snapshot size it doesn't seem worth keeping around.

Bug: v8:7464
Change-Id: I81b520235c6174abc340cb74825e6cc86b2b8958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136722
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85141}
2023-01-09 11:19:23 +00:00
Victor Gomes
7b9fa44c98 [maglev] Fix ProtoApply with spread call
By propagating the call arguments mode.

Fixed: chromium:1405092
Bug: v8:7700
Change-Id: I6da52fedea1d5a0083d328fdbf39708f956b97cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138261
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85140}
2023-01-09 09:31:45 +00:00
pthier
027afd4273 [maglev][arm64] Port CheckJSObjectElementsBounds
Bug: v8:7700
Change-Id: I235b0991ea813333737594096f228c980cc5af4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138266
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85139}
2023-01-09 09:20:21 +00:00
Michael Achenbach
2f4f3f9829 [gcmole] Make gcmole test more robust to unrelated code changes.
Bug: v8:13637
Change-Id: I90362d4819151465b9e476441cd662c01dd4a50a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138267
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85138}
2023-01-09 09:01:27 +00:00
Jakob Linke
302892032c [factory] Remove dead code in NewOffHeapTrampolineFor
.. and restructure a bit. The V8_EXTERNAL_CODE_SPACE case is fully
handled in the initial code section (thus dead code further down can be
removed). Also, no need to guard both through an #ifdef and an `if`.

Change-Id: Ibc56bc5922908e7a73f26a2799ac29287336cb3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136721
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85137}
2023-01-09 09:00:25 +00:00
Dominik Inführ
3172b30fe4 [execution, heap] Lock global safepoint mutex in Isolate::Deinit
This CL locks the global safepoint mutex during Isolate::Deinit when
the shared heap is used. This prevents any shared GC between starting
isolate tear down and detaching from the shared heap isolate.

Not doing that resulted in deadlocks when the isolate's main thread
was blocking until background tasks finished while still being in
the running state.

It also solves the heap verification failures when one client isolate
stopped right before detaching from the shared heap isolate for a
shared GC. In this case the external string table was already
finalized. This CL ensures that there is no GC in-between these two
operations anymore.

Bug: v8:13267, chromium:1401078
Change-Id: I131bcf1506eb8d756e0092139b638fae051b902d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4120442
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85136}
2023-01-09 08:59:21 +00:00