This makes it easier to publish them in batches. Function index and
requested compilation tier are duplicated from the WasmCompilationUnit.
R=titzer@chromium.org
Bug: v8:8916
Change-Id: I87852670be029b1d729f98f01729362ca379fb50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529009
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60325}
This reverts commit b176931311.
Reason for revert: Flag access breaks TSAN (not an issue with this
CL as such, but we need to revert to re-open the tree).
Original change's description:
> [regalloc] Introduce deferred fixed ranges
>
> Fixed ranges are used to express register constraints in the
> allocator. This change splits these fixed ranges into one for
> normal code and deferred code. The former are handeled as before
> whereas the latter are only made visible while allocating
> registers for deferred code.
>
> This prevents forward looking decisions in normal code to be
> impacted by register constraints from deferred code.
>
> Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60322}
TBR=jarin@chromium.org,sigurds@chromium.org,herhut@chromium.org
Change-Id: I5675a96acf0b5e5f7d63c60a742d2971b6d0d34d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530803
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60324}
We should use 'constant pool' to allow concurrent patching of
the jump table like arm. For now just skip the test to make CI
mips bot green.
Bug: v8:8974
Change-Id: Iaf2b0245128fdcf2c8ed964f796781134570c889
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524755
Commit-Queue: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60323}
Fixed ranges are used to express register constraints in the
allocator. This change splits these fixed ranges into one for
normal code and deferred code. The former are handeled as before
whereas the latter are only made visible while allocating
registers for deferred code.
This prevents forward looking decisions in normal code to be
impacted by register constraints from deferred code.
Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60322}
This was unimplemented but is needed for Perfetto which posts delayed
tasks on worker threads e.g. drain the trace buffer into a file every x
seconds.
This is implemented by adding a second queue which holds the delayed
tasks in chronological order of 'next-to-execute'. We use an
std::multimap for the queue so that we can easily get the next delayed
task with begin().
The implementation will move delayed tasks into the main task queue
when their deadline expires.
Drive-by cleanup of the runner destructor which can just use = default.
Bug: v8:8339
Change-Id: I3629c5d6e15ced2fc47eb1b7519a2dbbf8461fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521114
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60320}
This change significantly improves the performance of string
concatenation in optimized code for the case where the resulting string
is represented as a ConsString. On the relevant test cases we go from
serializeNaive: 10762 ms.
serializeClever: 7813 ms.
serializeConcat: 10271 ms.
to
serializeNaive: 10278 ms.
serializeClever: 5533 ms.
serializeConcat: 10310 ms.
which represents a 30% improvement on the "clever" benchmark, which
tests specifically the ConsString creation performance.
This was accomplished via a couple of different steps, which are briefly
outlined here:
1. The empty_string gets its own map, so that we can easily recognize
and handle it appropriately in the TurboFan type system. This
allows us to express (and assert) that the inputs to NewConsString
are non-empty strings, making sure that TurboFan no longer creates
"crippled ConsStrings" with empty left or right hand sides.
2. Further split the existing String types in TurboFan to be able to
distinguish between OneByte and TwoByte strings on the type system
level. This allows us to avoid having to dynamically lookup the
resulting ConsString map in case of ConsString creation (i.e. when
we know that both input strings are OneByte strings or at least
one of the input strings is TwoByte).
3. We also introduced more finegrained feedback for the Add bytecode
in the interpreter, having it collect feedback about ConsStrings,
specifically ConsOneByteString and ConsTwoByteString. This feedback
can be used by TurboFan to only inline the relevant code for what
was seen so far. This allows us to remove the Octane/Splay specific
magic in JSTypedLowering to detect ConsString creation, and instead
purely rely on the feedback of what was seen so far (also making it
possible to change the semantics of NewConsString to be a low-level
operator, which is only introduced in SimplifiedLowering by looking
at the input types of StringConcat).
4. On top of the before mentioned type and interpreter changes we added
new operators CheckNonEmptyString, CheckNonEmptyOneByteString, and
CheckNonEmptyTwoByteString, which perform the appropriate (dynamic)
checks.
There are several more improvements that are possible based on this, but
since the change was already quite big, we decided not to put everything
into the first change, but do some follow up tweaks to the type system,
and builtin optimizations later.
Tbr: mstarzinger@chromium.org
Bug: v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Ia24e17c6048bf2b04df966d3cd441f0edda05c93
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499497
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60318}
This adds basic support and tests for having global variables of type
"except_ref" that are default initialized to "null". The functionality
is part of the exception handling proposal and solely enabled by the
corresponding feature flag.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I581bc942fbe6688a5c58790a842fb024de22d924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528439
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60317}
If pointer compression is on, it makes sense to embed the map as
a 32-bit constant, for direct comparison. No need to uncompress
the receiver map.
Bug: v8:8982
Change-Id: I285ca4d5b49b26536873776d298e18bcbf84b23e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518182
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60313}
According to WebAssembly's thread proposal, the memory type is decided
at the Object's creation and don't change over time.
When growing a shared memory and the old buffer was marked as shared;
setup the new buffer as shared as well.
Bug: v8:8564
Change-Id: I7e59071d11b41315429232ae0c90436c6810bd0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526012
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60312}
This implements the behavior discussed and specified here:
https://github.com/tc39/ecma262/issues/1461https://github.com/tc39/ecma262/pull/1470
As part of making this change, I realized that we didn't actually
toggle the behavior between the optimized and unoptimized version
based on the --harmony-await-optimization flag at all and just the
unoptimized version by default.
This patch removes the unoptimized version and uses the optimized
version as the default.
The other builtins that use this flag are not touched as part of this
CL, they will be updated separately.
Bug: v8:8998
Change-Id: I315e1b39dda91d0127b5e567986485d713eaa78d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525872
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60310}
Consumers can use this to derive the full stack from sampled leaf nodes
without having to flatten the tree.
Bug: v8:8999
Change-Id: I42c638dd2c757837b0c03514c204be0182653291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525877
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60309}
Even in streaming mode we want to generate deterministic compile
errors, in particular they should contain the function name.
This CL adds a test to check that the name is present in the error
message even if the blob containing the function names is not present
at the time the compile error is detected.
R=ahaas@chromium.org
Bug: v8:8814
Change-Id: I17eb1b3bca48ee2b58b462089c140c30a3511be8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526001
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60302}
There were four places where we did essentially the same steps in
order to extract the initial map for inlining a JSCreate operation.
This CL creates a function on NodeProperties for this task.
As a side effect, this fixes a bug in ReduceJSCreateArray, where
has_initial_map could get called when it wasn't permissible to do so.
Notes: For simplicity, in one or two places where we used to get the
target/newtarget constants from the types we now get them from
HeapConstant nodes.
Cosmetic change: rename "receiver_map" to the more accurate
"root_map" in JSNativeContextSpecialization::ExtractReceiverMaps.
Bug: chromium:939316
Change-Id: I8fd9eb50993be3d839ab9b18eeea28184c53eabf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528435
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60301}
Implements decoding of compilation hints section in
{ModuleDecoderImpl}. The {wasm-module-builder.js} supports
the creation of that section. The feature can be enabled
with {--experimental-wasm-compilation-hints}.
Bug: v8:9003
Change-Id: Ic87e19d916f2ce316de453ea8c7c48c236a6d673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521115
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60299}
The serialize set of microbenchmarks serializes Error.stack of a
prepared set of error objects. When all objects have been serialized,
the benchmark then wrapped around and only accessed the resulting
string properties. This, of course, is a lot faster and benchmark
results are heavily fluctuating when the end is reached.
This CL fixes this by introducing a payload that should be similiar
to the specific workload, which is executed after the end is reached.
R=petermarshall@chromium.org
Bug: v8:8742
Change-Id: I7183d04e7c06af0c16fe3412e902f0d33605bc25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524485
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60297}
On LoadCodeObjectEntry check for IsOffHeapTrampoline instead of
BuiltinIndexOffset so LoadCodeObjectEntry can correctly jump to the
on-heap trampoline when we use --interpreted-frames-native-stack.
R=jgruber@chromium.org, yangguo@google.com
Bug: v8:8911
Change-Id: I172d4735671726d32328de246990b513106e3a7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516692
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60288}
Anyfunc globals are very similar to anyref globals. This CL is mostly
about extending the conditions which guard the anyref globals code.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Ia92ac4560102cc3ed0060342f92758db28f415ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526004
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60281}
This is a reland of 5a61630d1d
Original change's description:
> [inspector] Allow limiting the total size of collected scripts.
>
> Introduces the setMaxCollectedScriptsSize Debugger protocol method.
> If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
> scripts up to the specified total size of their sources.
>
> BUG=v8:8988
>
> Change-Id: I94d52866494102add91ca2d569a2044b08c9c593
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60227}
TBR=dgozman@chromium.org
Bug: v8:8988
Change-Id: I9b1db01856a43636c1eb8ad2ec36e3727353228d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524668
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60271}
The existing has property handling did not account for the fact an IC can have LOAD_IGNORE_OUT_OF_BOUNDS while some of the maps in the IC do not allow out of bounds loads.
bug: chromium:942068
Change-Id: I935402d9d72e9c0228510ef69154ea130d1c71f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525876
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60269}
This asserts that we run e.g. GC finalization tasks. Without that, we
might run ouf of memory.
R=ahaas@chromium.org
Bug: chromium:938739
Change-Id: Ic80074f877183bcabb3353fbeff94842a534efab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526007
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60266}
This CL allows for either of 'minimum' or 'initial' for MemoryDescriptor
and TableDescriptor. It also adds a flag for the reflection features.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: Icfd4825f63e1eb784a39d10f740d55e81489eba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1485243
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60256}
Introduces the setMaxCollectedScriptsSize Debugger protocol method.
If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
scripts up to the specified total size of their sources.
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
BUG=v8:8988
TBR=dgozman@chromium.org
Change-Id: I6f7da07c4c9ae35b5252aabddb98b693ec77b4e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524662
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60255}
This CL only provides the implementation of memory.{init,copy,fill} and
data.drop.
Bug: v8:8965
Change-Id: I439f2520bfee8f147e4b0d1d31f954aaad2e14ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510575
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60253}
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I5b9a614dd0c8b028d756cbd401c803de4cb9437f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513159
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60252}
This CL also changes the constructor for WasmTableObject so that the
maximum_length is set to undefined instead of a default value if there's
no maximum provided.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I6310224e9997464bf69c198e2694a6cd76e01e8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513156
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60250}
Compilation only stores whether an error has been found, but not the
exact error or it's location. This is generated by running a validation
pass once all wire bytes have been received.
This unifies error messages by removing one more location where we
generate compilation error messages, and makes it deterministic because
a) we always report the error in the first failing function, and
b) if names are present, the error message will always contain the
function name.
R=titzer@chromium.org
Bug: chromium:926311, v8:8814
Change-Id: I79551b8bb73dcee503484de343a3ada60a6add4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521112
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60242}
Since StreamedSource takes ownership of the ExternalSourceStream
passed into it, it should take it by unique_ptr rather than raw
pointer to signal this transfer of ownership. The old constructor
is now deprecated.
Change-Id: I24681926c2f3141f7dd3664f72019a4c6deabfd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520713
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60232}
This reverts commit 5a61630d1d.
Reason for revert: Breaking gc stress bot - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/21477
Original change's description:
> [inspector] Allow limiting the total size of collected scripts.
>
> Introduces the setMaxCollectedScriptsSize Debugger protocol method.
> If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
> scripts up to the specified total size of their sources.
>
> BUG=v8:8988
>
> Change-Id: I94d52866494102add91ca2d569a2044b08c9c593
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60227}
TBR=dgozman@chromium.org,alph@chromium.org,kozyatinskiy@chromium.org
Change-Id: I26de645e425f0f7d5aa8212eeefda76dad695b78
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8988
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1522988
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60229}
Introduces the setMaxCollectedScriptsSize Debugger protocol method.
If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
scripts up to the specified total size of their sources.
BUG=v8:8988
Change-Id: I94d52866494102add91ca2d569a2044b08c9c593
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60227}
This enables things like simple DCHECKs in functions that do not have
access to isolate or heap.
Change-Id: I7962c28f0c6a4928ee880f1373501f29e45ae1f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517886
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60222}
The JSONTraceWriter didn't write the "flow_in", "flow_out" and "bind_id"
fields, which are necessary to support TRACE_EVENT_WITH_FLOW and
friends. This just mirrors the logic from trace_event_impl.cc in Chrome.
Bug: v8:8991
Change-Id: I496db587fbb74d3c7205bbab4c23ec41c63fa715
Document: http://bit.ly/v8-tracing-signals
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521108
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60218}
Add a CheckSmi call to the value of the position argument to
String.prototype.startsWith(search, [position]).
Bug: v8:8400, chromium:939746
Change-Id: I7462bebe0d3fde605a4c27a34c0d9bb3f0cc1c20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514198
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60216}
This CL just adds a parameter to addElementSegment and adjusts all
existing tests.
Note that addElementSegment contains some convenience code to construct
one initial table if it does not exist yet. I did not extend that code
to multiple tables. If you want to use multiple tables, you have to
create them first before calling addElementSegment.
R=clemensh@chromium.org
Bug: v8:7581
Change-Id: Ie131fd5dc19856703ab5cfb2fa8f7d576f70a18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520709
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60211}
This Cl adds a type to {WasmTableObject}, and extends
{WasmTableObject::Set} and {WasmTableObject::Get} to support anyref
tables. I did it in one CL so that I can write tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I6c6d78f84715a7805f7bb881a63d3c1174f6a6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511332
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60206}
Enable cross-origin frame filtering by exposing this bit from
ScriptOriginOptions.
Bug: v8:8956
Change-Id: I109eec9db8b3d42d68d32abc5edd437b1c91a9b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1493294
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60205}
We need to ensure that the NativeModule stays alive while any
{BackgroundCompileScope} exists, because during that time we hold
shared ownership of the mutex in the {BackgroundCompileToken}. If the
{NativeModule} dies during that period, we would need to get exclusive
ownership of the mutex and deadlock.
This change requires holding a {std::weak_ptr<NativeModule>} in the
BackgroundCompileToken instead of a raw pointer, hence it can only be
initialized after the NativeModule was created. This is done via a
separate {InitCompilationState} method.
R=ahaas@chromium.org
Bug: v8:8979
Change-Id: Ia14bd272ea0bc47aec547024da6020608418c9d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518178
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60203}
In particular, remove {toUint8Array} method and make {toBuffer} return
a {Uint8Array} view to the buffer like before
https://crrev.com/c/1508352. Also, the returned view does not need to be
another copy of the bytes, it can really just be a view.
As a follow-up, this requires the test-only DeserializeWasmModule
runtime method to receive the wire bytes as Uint8Array, and also
requires the {IsWasmCompileAllowed} callback to handle
{ArrayBufferView} (like chromium's version already does).
R=ahaas@chromium.org
Change-Id: I87296cdbac14b74e7c8b38a372aa3df572ca6ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518172
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60195}
The regexp interpreter holds several unhandlified references to heap
objects, and is thus within a DisallowHeapAllocation scope. But there
are two situations in which we can and do allocate safely:
1. When creating & throwing a stack overflow exception. The interpreter
aborts afterwards, and thus possible-moved objects are never used.
2. When handling interrupts. We manually relocate unhandlified references
after interrupts have run.
This CL explicitly allows allocations on stack overflows.
Isolate::StackOverflow allocates heap objects.
Bug: chromium:940722, v8:8724
Change-Id: I74ef6f0dd7a30bd55f49a7bc0f2f6ac82adbeda8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518174
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60191}
We want to allocate feedback vectors lazily in lite mode. To do that,
we should create closures with the correct feedback cell. This cl
allocates feedback cell arrays to hold these feedback cells in lite mode.
This cl also modifies the compile lazy to builtin to expect these arrays
in the feedback cell.
Drive-by fix: InterpreterEntryTrampoline no longer has argument count in
a register. So updated comments and removed unnecessary push/pop of this
register.
Bug: v8:8394
Change-Id: I10d8ca67cebce61a284f0c80b200e1f0c24577a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511274
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60189}
... similar to how we do this in native irregexp code, i.e. handle
interrupts on each backtrack. Unhandlified references into the code
ByteArray and the subject String object are updated after a potential
GC.
Since interrupts may change the subject string's representation, the
interpreter is now called in a loop to handle retries.
Bug: v8:8724
Change-Id: Ic34de8d69ccc56d4656b8ed080c2c168c212ebfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511477
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60187}
Added a new compilation unit for Wasm interpreter in order to make it
a first-class tier in the future. Adapted Wasm interpreter usage to
work with the new interface. The new compilation unit is currently
not used.
Change-Id: Ib9e1d0dc6ca1b03467cc43059f03ce153bb96400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514734
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60183}
According to the wasm js-spec, the table index can be uint32. The
implementation in our implementation expected an int though. We did not
check for the int overflow.
I replaced the throwing of the exception in WasmTableObject::Get to use
the ErrorThrower instead of throwing the exception with Isolate::Throw
directly. The reason is that I see with other CL's that I have to throw
several errors, and I don't want to introduce a new message and
MessageId for every error. Moreover, the ErrorThrower is a standard way
in wasm to throw errors. It feels right to throw the error the same way
here.
R=mstarzinger@chromium.org
Bug: chromium:940296
Change-Id: Idb77c813506fe66a3192b66fe0e8e807b80580ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514496
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60181}
Type declaration may contain a parent type in an "extends" clause.
This CL changes the token type of the name after such a clause
from std::string to Identifier*. The resulting SourcePosition is then
used to implement the "goto-definition" link from that name to the
definition of the parent type.
R=mvstanton@chromium.org
Bug: v8:8880
Change-Id: I9ea6cd83e4d6ef535906e36626f64d458c7d0270
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511481
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60179}
This CL adds two sets of benchmarks. The first measures the effort
needed to walk the stack and create the data structure stored in
Error.stack, while the second measures the serialization of that
Error.stack data structure into a string.
R=petermarshall@chromium.org, yangguo@chromium.org
Bug: v8:8742
Change-Id: Ie7b86da5621cb186a036a3ec99692ec4d2048fba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505614
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60176}
When given a sticky regexp s.t. lastIndex > subject.length, the
following should happen:
1. exec returns null (= no match)
2. lastIndex is reset to 0.
This is usually done by the RegExp.p.exec builtin; but in some cases
we take different paths and try to re-implement the parts of exec that
we need.
One of these cases was in %StringReplaceNonGlobalRegExpWithFunction.
Here, we set lastIndex to 0 but then incorrectly called into
RegExpImpl::Exec. REI::Exec started matching with lastIndex == 0,
which is just plain wrong. With this CL we now correctly omit the
REI::Exec call and return null.
Bug: chromium:937681, v8:5361
Change-Id: I6bb1114a6b92ed3c6e63ec7f6ec2df4b95a19b4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514679
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60169}
It wasn't always guaranteed that they were serialized before taking the
dependency.
Bug: chromium:940361
Change-Id: Id5e5e14532809e7496546c2011176e33848506ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514495
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60156}
This is a pre-work for allocating feedback vectors lazily. Feedback cells
are required to share the feedback vectors across the different closures
of the same function. Currently, they are held in the CreateClosureSlot
in the feedback vector. With lazy feedback vector allocation, we may not
have a feedback vector. However, we still need a place to store the
feedback cells, so if feedback vector is allocated in future it can still
be shared across closures.
Here is the detailed design doc:
https://docs.google.com/document/d/1m2PTNChrlJqw9MiwK_xEJfqbFHAgEHmgGqmIN49PaBY/edit
BUG=v8:8394
Change-Id: Ib406d862b2809b1293bfecdcfcf8dea3127cb1c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503753
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60147}
The {id_} stored in {ThreadId} should not be atomic. Only getting a new
id for the current thread needs to be atomic. If any user of {ThreadId}
needs atomicity, that user should wrap {ThreadId} in a {std::atomic}
instead.
Drive-by: Remove {Equals} method, use {operator==} instead.
Drive-by: Move static methods after member methods.
R=ishell@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8834
Change-Id: Id0470eb2fa907948843ac1153e2dc5dcd9a8fbc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1494006
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60146}
v8::EmbedderHeapTracer::TracePrologue may call back into V8 during
StartMarking. In this case we expect that the write barriers are set up and
consistent, i.e., global flag matches page flag.
Blink calls back into V8 in a corner case where sweeping is finalized on
incremental marking start which may trigger resettting a V8 Value which may
trigger DescriptorArray re-shuffling.
Bug: chromium:940003
Change-Id: Ia15c798d0faaab802df1c3b569b5b6a323a4fe59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514492
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60145}
If the branch associated with the condition is kDead, the current
node will be killed anyway, so let us just survive the lowering.
Bug: chromium:935092
Change-Id: If7b39e3b5452d6c9bc5199080eb38725e6c4eab5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1488769
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60143}
This allows the devtools to preview the private fields that are
installed on an object.
Change-Id: I6d8aad7ad0e51cdf18f6139b4bb8665e4b606aa5
Bug: v8:8773, v8:8337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1487914
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60134}
Call to ReduceKeyedLoadFromHeapConstant got lost in rebasing,
as did the kHas check in ReduceElementAccessOnString. Added
some tests to ensure both cases are covered.
Change-Id: I8d6992c33315436b6228471b9bc57e3b267ad09f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508837
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60132}
Reusing the same {Binary} object (with the same {ArrayBuffer}
underneath) speeds up the limits test with 1M functions by a factor of
11x in an optdebug build.
R=titzer@chromium.org
Change-Id: I36d032d652c66f5b7f5a80399588652d7e3946ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511475
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60127}
This CL cleans up a few things as noted by binji in
https://github.com/WebAssembly/spec/pull/979, plus a few more I found
along the way.
In particular:
1) Remove the unused and incorrect {bytesWithHeader} method.
2) Introduce kMaxVarInt32Size and kMaxVarInt64Size constants.
3) Remove redundant {ensure_space} calls (irrelevant for performance).
4) Use {toModule} method instead of duplicating code.
5) Merge two identical leb encoding implementations.
R=titzer@chromium.org
CC=binji@chromium.org
Change-Id: Idec74e2e46a71766107c182a4176c516d883adad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511273
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60124}
... but do it once for the whole group of tests instead.
Bug: v8:8929
Change-Id: I4c92a4cc29f8cf8a1011a563fe41972844c59972
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511476
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60122}
My standard procedure for debugging regexp builtin fuzzer finds is to
turn on verbose mode and run the repro. This extends verbose output to
include the generated script which contains e.g. the regexp pattern,
the subject string, and the actual function call.
Tbr: yangguo@chromium.org
Bug: v8:8968
Change-Id: I0c7e930f4cbd34014f2781ca280919c5b002b049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511276
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60120}
We have to create WasmExportedFunction objects for any WebAssembly
function which may escape a WebAssembly instance. Up until now we
created these WasmExportedFunction objects eagerly during instantiation
time: for any exported function, and any element in an exported table we
create such an object.
With the anyref proposal, the table.get instruction can allow any
function in a table to escape its instance. Therefore we would have to
create a WasmExportedFunction object for any function which is put into
a table.
With this CL we create WasmExportedFunctions for table entries lazily.
We initialize tables with placeholders consisting of the instance and
the function index. If we encounter a placeholder in table.get, we
create the WasmExportedFunction for the expected function to return it.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Bug: v8:7581
Change-Id: I4f32bd7433285d0b04a22c0fb70b736bac55b3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505575
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60115}
RotateRight32 needs a "number of bits" operand in the range 0..31.
Thankfully that's how x86 shift instructions behave anyway, and
how the bitwise shift operators in JavaScript are spec'ed, so this
fix is unobservable in non-UBSan builds.
RemoveArrayHolesGeneric can be used for length values anywhere in
the uint32_t range, so it must not implicitly cast those to int.
That actually caused an observable bug where a proxy's traps would
not get called at all, but only for huge "length" properties, where
the entire operation would also be painfully slow.
Bug: chromium:935133, chromium:937652
Change-Id: I13f74ca27eae6b2b089d58217842b699b2574509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510272
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60112}
- Converts most integer vector tests to use globals (except Select)
so results can be checked in C++ code.
- Remove integer vector result checking macros.
- Add specializations of test CompareOps for floats, so we can use
BinOps for integer vector compare opcodes.
- Remove Run#format#CompareOpTests helper functions for integer vector
types. Use Run#BinOpTests helper function instead.
Bug: v8:6020
Change-Id: I968a71c874b028a750e1118cf51f6678cae90091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496281
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60111}
This is a reland of 821bc64951
Original change's description:
> [wasm simd] Fix F32x4 Min and Max
>
> - Fix F32x4 tests to save results in globals, so they can be checked
> in C++ code. Perform correct checks in case of NaNs.
> - Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
> deal with NaNs.
> - Enable tests for all float values on all platforms, except skip
> denormalized results on ARM, and skip extreme values for reciprocal,
> reciprocal square root approximation opcodes.
> - Disable Min, Max test for interpreter (see v8:8425) since it doesn't
> handle NaNs correctly.
> - Fix vmin, vmax implementations in ARM simulator.
>
> Bug: v8:8639
> Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60021}
Bug: v8:8639
Change-Id: Ic557aa1d323693eabf5885ff5eddc15e3174079b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501279
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60109}
... because the latter are not meant to be modified from non-main thread
and especially after V8 isolate is set up while the former are modified
cuncurrently by tracing API.
Tbr: verwaest@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8929, v8:8834
Change-Id: I44d3da2f388bb8bb8d0365ac6354e761bf92b936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505581
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60104}
Emitting bytes to the Uint8Array directly speeds up generation of
binaries enormously.
On the limits-any.js spec test (which creates huge modules), the
execution time of an optdebug build reduces from 286 seconds to 61
seconds.
R=titzer@chromium.org
CC=ahaas@chromium.org, ssauleau@igalia.com
Change-Id: I5b473b7dc7b0853e54d2406f3db3658bb2abed40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508352
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60096}
When running mksnapshot standalone, no callback is registered to
serialize embedder fields. In this case they are most probably empty as
there is no embedder to set them, so provide a default serialization
that keeps them as nullptr.
Bug: v8:8822
Change-Id: I9219f2755488aa1473959c3ee75e9d4f47202359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507677
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60094}
Most test-log tests create their own isolates, so initializing the cctest
isolate is not necessary.
Bug: v8:7464
Change-Id: Icc3cd9d5053c4070833709cbe28e5bde2cee9708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507719
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60093}
This makes sure an exception raised while compiling a module via the
embedder API is properly returned as a "scheduled exception" and hence
propagates to surrounding {v8::TryCatch} scopes.
R=clemensh@chromium.org
TEST=cctest/test-api/WasmModuleObjectCompileFailure
BUG=v8:8908
Change-Id: I52b21fbe5a4548aa346fd6c9b5bac061613db487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507673
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60092}
Fixing a few float and int overflows.
Drive-by fix: with --experimental-wasm-bigint, Number values
may not be used to initialize i64-typed globals. The existing
code for doing that relied on UB; since it's a spec violation
the fix is to throw instead.
No regression test for 933103 because it will OOM anyway.
No regression test for 932896 because it would be extremely slow.
Bug: chromium:927894, chromium:927996, chromium:930086, chromium:932679, chromium:932896, chromium:933103, chromium:933134
Change-Id: Iae1c1ff1038af4512a52d3e56b8c4b75f2233314
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495911
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60075}
... and fix header includes to please the respective bot.
Drive-by-fix: decompression implementation is now MSVC friendly.
Bug: v8:7703, v8:8834
Change-Id: Iaf589138e5bafb32b0d9feab5cf074b71f241a3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505579
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60074}
ReduceJSHasProperty was always passing STANDARD_LOAD instead of using the load mode from
the feedback verctor. This was causing deopt loops when checking for out-of-bounds
indices.
chromium: 937734
Change-Id: I6de29f2c6a80bcc171cf027d47a2d1af1414b76c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501975
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60073}
This is a reland of 80f06d6fb3
Original change's description:
> [wasm] Lazy update instances on a shared Memory.Grow
>
> - Introduce a GROW_SHARED_MEMORY interrupt, and handler
> - Memory objects for isolates are updated on a stack check, add
> tracking for isolates that hit the stack check
> - When enough memory is not reserved ahead of time, fail to grow
> - Add tracking for externalized buffers in the MemoryTracker so
> that the MemoryTracker will know when backing_stores can be freed.
> - For shared buffer, do not always allocate a new buffer when
> growing an externalized buffer
>
>
> Change-Id: I9cf1be19f2f165fa6ea4096869f7d6365304c8c4
> Bug: v8:8564
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1472430
> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60064}
Bug: v8:8564
Change-Id: Id0cf8e42a9d54ac702dba351e248a1b92713c98a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506357
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60071}
This reverts commit 80f06d6fb3.
Reason for revert: failing grow-memory tests
Original change's description:
> [wasm] Lazy update instances on a shared Memory.Grow
>
> - Introduce a GROW_SHARED_MEMORY interrupt, and handler
> - Memory objects for isolates are updated on a stack check, add
> tracking for isolates that hit the stack check
> - When enough memory is not reserved ahead of time, fail to grow
> - Add tracking for externalized buffers in the MemoryTracker so
> that the MemoryTracker will know when backing_stores can be freed.
> - For shared buffer, do not always allocate a new buffer when
> growing an externalized buffer
>
>
> Change-Id: I9cf1be19f2f165fa6ea4096869f7d6365304c8c4
> Bug: v8:8564
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1472430
> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Ben Smith <binji@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60064}
TBR=binji@chromium.org,titzer@chromium.org,gdeepti@chromium.org,ahaas@chromium.org
Change-Id: I2ed0b59bcbb285b701172b401d606963261d375c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506355
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60068}
This fixes a bug in the offset computation when instantiating the
decoder to decode a VarInt32.
It also extends the streaming decoder test to check the error location.
R=ahaas@chromium.org
Bug: v8:8814
Change-Id: Id8ce31ce7e494cce14231febbb5b0c7d91a26e01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505453
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60067}
