We add a struct type and array type to the fuzzed module.
Since the interpreter does not support wasm-gc,
we only do so if liftoff is used as a reference implementation.
Also, adding liftoff parameter to all GenerateModule definitions.
Bug: v8:11954
Change-Id: Ia8d2d7a8e1e12d375605f15d1393dd64f426607d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024160
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#75782}
This prepares the trap handler to support being used from simulators.
Modifications to the arm64 simulator will be done in a follow-up CL. For
now, the trap handler will be registered but not used in Wasm (we emit
explicit bounds checks instead, as before).
The implementation uses inline assembly, so it is only available on x64
POSIX systems for now. This is the main platform we use for testing and
for fuzzing, so it should give us the test coverage we need. If needed,
inline assembly for other platforms can be added later.
The new code will be executed by the existing arm64 simulator bots, e.g.
"V8 Linux - arm64 - sim".
R=ahaas@chromium.org, mseaborn@chromium.org
Bug: v8:11955
Change-Id: Idc50291c704d9dea902ae0098e5309f19055816c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011160
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75780}
An object got allocated as part of a parameter expression, which may
have caused GC issues.
Bug: chromium:1230041
Change-Id: I9a046fe36cd3b84e5df7b1400670b76e201ac026
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035765
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75777}
When run jalr and pc is contained in Builtin code range, sim will print "Call to builtin".
This cl reduces the print of "Call to builtin" which only be printed when call builtin and return to builtin.
Change-Id: Ic84101e892ed661cf41ac4d8d83bfff1ef7b4d5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030382
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75772}
Rolling v8/build: c0b24c3..fd86d60
Rolling v8/buildtools: 2500c1d..37dc929
Rolling v8/buildtools/linux64: git_revision:24e2f7df92641de0351a96096fb2c490b2436bb8..git_revision:6c6885302fd94f41b060013ea94eeb0d886124e2
Rolling v8/buildtools/third_party/libc++abi/trunk: 486cb62..7d5c92f
Rolling v8/buildtools/third_party/libunwind/trunk: 70006b7..d7b11d7
Rolling v8/third_party/aemu-linux-x64: ez3lWv5ncjyheCkRQs_v1WGTCLoiJvIecfY-dKKkXcUC..Gw2KXJAmd7MQfsDtWMYLLl6hvactBx7vjZgGKtL4bv8C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/88e3e03..1ef8e41
Rolling v8/tools/luci-go: git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f..git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876
Rolling v8/tools/luci-go: git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f..git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876
Rolling v8/tools/luci-go: git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f..git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Ie42d026cfb4113995d99ee9678451e4ea4fa4360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036603
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75770}
Shared ops between TurboFan and Liftoff are moved into
the macro-assembler.
Change-Id: I03cd3af10074b6b4666a7d2a13e652629576f76f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035764
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75768}
Turbolizer can fail to open traces that contain 'StoreLine' nodes.
There is a problem in operator<<(std::ostream& os, StoreLaneParameters
params) that prints StoreLaneParameters.laneidx as a char and not as
an integer, and this can cause the insertion of string terminators in
the trace json file.
This CL fixes the issue.
Change-Id: Icf7700660cca2b4068f61dafa0c8f485b1aa497a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035362
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75767}
Avoid callers operating on raw top/limit where possible and provide
verification of the main invariant.
This is actually related to the refactoring suggest in v8:11958 in
that it cleans up the call sites a bit but doesn't go further than
that.
Bug: v8:11958
Change-Id: I35de29a5cd505b375408fc7c5399f637f3e9c755
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3034741
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75766}
This CL addresses two problems:
- the previous implementation of the large-function TF bailout
didn't work for streaming compilation, because it tried to look
at the size of wire bytes that weren't yet available. Moving the
logic so it gets executed later ensures that the function size
is available.
- module serialization currently requires all functions to be
compiled with Turbofan, so the hard limit breaks serialization for
modules containing such huge functions. This CL enables the limit
only for --experimental-wasm-gc, so that non-experimental modules
continue to be serializable as they always have been. In the
future, we will avoid this limitation by making serialization more
flexible.
Fixed: v8:11991
Change-Id: Ibcee6fafec00fb83c2b99ae906836e8598142529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035095
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75765}
Slightly lowers the interrupt budget for Turboprop and increases the
interrupt budget scaling factor for TurboFan. This gives the best
balance between benchmark performance and reducing optimization
overhead.
BUG=v8:9684
Change-Id: I6d555fb27d089bc8a6849612a4e02b2155020d85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026713
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75764}
This CL fixes the behaviour of String.prototype.startsWith when
undefined is passed as the search term. It also implements a small
shorthand when the search term is empty (according to the spec).
Bug: v8:11977
Change-Id: Iec2aa5f4301fcf444f20d5c1a80d3f634624d6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035089
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75763}
Convert Low I32x4 (S/U) to FP is changed to use
`Round to nearest with ties to even` which is used by ConvertI32x4
as well as the scalar variant ConvertIntToFloat.
Change-Id: Idcb235bdf7fcd43304af785713a4988986db3544
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032262
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75762}
So far this kind was used only when concurrent inlining was enabled.
With this CL we always use it (for the corresponding objects).
This change has probably little effect but is one step towards the
"final" configuration.
Bug: v8:7790
Change-Id: Id56908382b2cd57e2f85246c814fb58aaea6b3c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030712
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75759}
Use the map for both objects with 0 requested properties and the number
of inobject properties it has (4 currently) to share maptrees.
Change-Id: Ie4859d44bed39effff864d54e7d416b13898c7d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035081
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75757}
This CL adds TypedArrays as supported arguments for fast API calls.
It implements "exact type" matching, i.e. if Float32Array is expected
and e.g. Int32Array is passed instead, the generated code bails to the
slow callback.
Bug: chromium:1052746, chromium:1018624
Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75756}
When the FFT multiplication algorithm invokes itself for the
recursive steps, the input is "mod Fn"-normalized, i.e. it is
at most of the shape (1 << N), but we only read N bits of it,
so in the rare case where it was exactly 1 << N, that lone top
bit was ignored, leading to an incorrect result of the overall
multiplication.
Fixed: chromium:1228267
Change-Id: I7b245fc3701696d95e5d75fb970f02d72ce40ff8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032081
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75755}
vlr is placed in the middle since second input
could be the same as dst register and this avoids overwriting it.
Change-Id: Ifb6c2157d4bc5c3d83fda118b53b4f960291436a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027226
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75753}
Just like many other operations implemented in elements.cc, copyWithin
also needs to use relaxed atomics if operating on a shared array buffer
to avoid races with other threads.
Since the ranges can overlap, this CL also adds a {Relaxed_Memmove}
function that either copies forwards (like {Relaxed_Memcpy}) or
backwards depending on the ordering of source and destination.
R=leszeks@chromium.org
Bug: chromium:1221035
Change-Id: I76b7e43810ac9b85f4ff9abbc5a0406618771c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032084
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75752}
This CL fixes the syntax of an entry in variants.py for stress_snapshot
(which got introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/3024147).
Change-Id: I8e25ce26d546a022dbf9c038719f3e7cfac1d250
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3031898
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75748}
Unfortunately GN check does not detect missing dependencies for headers
that don't appear in any build rule, so it failed to report that these
headers are not referenced at all.
Bug: v8:7330
Change-Id: I5d11467f322e5497f2d952f734bc69ccf0896bfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032082
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75744}
Dividing by first computing a multiplicative inverse is faster than
Burnikel-Ziegler division for very large inputs.
Bug: v8:11515
Change-Id: Ice45690c3fa4eef7102d418cdd3d82a942a076c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015573
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75743}
This checks if we have emitted the correct constant. If for wherever
reason we grow the assembler buffer and fall back to off-heap
compilation, we must ensure that we have in the buffer a pointer to the
object handle (or the index in embedded_objects_ for arm64).
Bug: v8:11872
Change-Id: If989727206f8ee0fd0035307d2dadc8424676b2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030708
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75741}
... in FixedArrayBaseData's constructor. Also make get/TryGet check
if right-trimming happened (at the moment these methods are used such
that it can't happen yet).
Bug: v8:7790, v8:11956
Change-Id: I6bd23426b26bb7115c9d0f190eb4be04149368fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3018087
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75740}
This removes the low-level {SwitchMemoryPermissionsToWritable()} and
{SwitchMemoryPermissionsToExecutable()} functions. They are only used in
tests and can be replaced by {CodeSpaceWriteScope} objects that we also
use in production.
R=jkummerow@chromium.org
Change-Id: I7ba702c836f3ac2dd7c7a81d6362040b28e8bef4
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024150
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75739}
- Initial implementation of Array.concat on Torque.
- Adds fast paths for `[].concat()` and `x.concat()`, these are now
as fast as `[...x]` and `x.slice()` for non-optimised code.
Bug: v8:7152
Change-Id: I86ca15e4e1e67f53424ef0c8bb7eea12d7e660b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026716
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75737}
The order of the enum values is important for the BreakLocation
predicates. This wasn't an issue so far, since the DEBUG_BREAK_AT_ENTRY
case is anyways treated separately, but for the future I've added a
comment and fixed the order.
Drive-by-fix: Remove the useless `inline` markers on the predicates.
Bug: chromium:1162229, chromium:700516
Change-Id: I05653ac9b5ea225e30c5c2beeff809b8848c2ec7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026712
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75736}
The files src/base/v8-fallthrough.h, src/heap/cppgc/globals.h and
src/heap/cppgc/visitor.h were missing from BUILD.gn. This adds them and
modified the dependencies to make them visible.
Bug: v8:7330
Change-Id: I2be336697d50dd5623c0fc22637c8ab4b184ae39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3028384
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75735}
Use a mutex guard when the unprotection is triggered from a compaction
space in which case it is actually parallel.
Main-thread only unprotection does not require acquiring the mutex.
The list itself is only used from the main thread and thus the actual
process does not require a mutex.
The issue was introduced in https://crrev.com/c/2966382
Bug: v8:11982
Change-Id: I593c0659eb5a96c8206d0b4014f07ab13827be85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026705
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75734}
We had two implementations of a thread-local counter for the number of
writers: One in {CodeSpaceWriteScope} and one in
{WasmCodeManager::SetThreadWritable}. This CL removes the latter, and
uses the counter in {CodeSpaceWriteScope} for all implementations.
R=jkummerow@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Change-Id: I683131296c6106a2b12986942bb18e6c0e716612
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024148
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75733}
