Commit Graph

61300 Commits

Author SHA1 Message Date
jing.bao
3e1b6b4034 [wasm-simd] [liftoff] Implement sub on x64 and ia32
Bug: v8:9909
Change-Id: If16056ebe0e8c3519afd49982561f96655a03786
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2101129
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jing Bao <jing.bao@intel.com>
Cr-Commit-Position: refs/heads/master@{#66758}
2020-03-18 06:46:58 +00:00
v8-ci-autoroll-builder
904f12ebc8 Update V8 DEPS.
Rolling v8/build: a1cbf64..44de6a6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d7a6643..42d02fb

Rolling v8/third_party/depot_tools: 34d90be..a30b7bd

Rolling v8/tools/clang: d60a6a8..6e39ba4

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ibfe9439dc95c33bd05c59369fae3816c966aea47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2108042
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66757}
2020-03-18 03:47:38 +00:00
Ng Zhi An
b2da3318e0 [wasm-simd][arm] Use unique register for src in shifts
In the codegen for shift operations, we update the temp s128 register
with the shift value, before shifting src with temp. Thus we really want
src to be a different register from temp.

I found this with some locally-ran fuzzing.

Bug: v8:10115
Change-Id: Ie492570c672f352f0e19aef2b8498c86ec4fdd98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2107359
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66756}
2020-03-18 02:29:48 +00:00
Ng Zhi An
e05b10b7d8 [wasm-simd][ia32] Optimize codegen when shift is constant
This optimizes i8x16 shifts when shift value is constant. It reduces
instruction counts from 10 to 6 (unsigned), and 9 to 5 (signed).

We can use a word (16-bit) shift, then mask away the high (shru) or low
(shl) bits to achieve a byte shift. Most of the instructions are
dedicated to building the mask.

Bug: v8:10115
Change-Id: Ie602c2b0a7227181502fadb14e100bb0b92f322f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2103445
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66755}
2020-03-17 19:33:48 +00:00
Milad Farazmand
06de28d280 s390: [wasm-simd] Enable simd on the s390x architecture
This Cl enables simd on machines which support
VECTOR_ENHANCE_FACILITY_1. It also enables related tests to
match execution on x64.

LoadTransform tests must be skipped on the simulator until a future CL
matches behaviour between native BE and its simulator on LE.

Change-Id: Iaadc32e0388bf15d3d7c550062a373fb403b65c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2107053
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66754}
2020-03-17 19:32:18 +00:00
Ng Zhi An
97014f6068 [wasm-simd][ia32] Unify SSE and AVX impl for i8x16.shl
Delegate to macro assembler functions to pick between SSE or AVX. This
simplifies the optimization of constant shifts later.

Bug: v8:10115
Change-Id: If0b7dc83a68f2d7839c65527a3b6a62310ace6dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2103443
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66753}
2020-03-17 18:15:13 +00:00
Thibaud Michaud
20eb2e4454 [liftoff] Test stepping over a recursive call
And fix a few issues revealed by this new test. Incidentally, the test
uses removeBreakpoint which was still untested with Liftoff. But as
expected this seems to work out of the box.

R=clemensb@chromium.org

Bug: v8:10321
Change-Id: Ifa4e867737d925ea8c6c9731575a32f3da3e16dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106206
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66752}
2020-03-17 18:14:08 +00:00
Georgia Kouveli
ea82d0311b [arm64] Use BTI instructions for forward CFI
Generate a BTI instruction at each target of an indirect branch
(BR/BLR). An indirect branch that doesn't jump to a BTI instruction
will generate an exception on a BTI-enabled core. On cores that do
not support the BTI extension, the BTI instruction is a NOP.

Targets of indirect branch instructions include, among other things,
function entrypoints, exception handlers and jump tables. Lazy deopt
exits can potentially be reached through an indirect branch when an
exception is thrown, so they also get an additional BTI instruction.

Bug: v8:10026
Change-Id: I0ebf51071f1b604f60f524096e013dfd64fcd7ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967315
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66751}
2020-03-17 17:52:28 +00:00
Iain Ireland
40d1b660cc [regexp] Refactor to simplify embedding irregexp
Some code at the interface between irregexp and the rest of V8 uses
V8-specific APIs that are not used elsewhere in irregexp. For example,
only a handful of functions in irregexp call or are called from
generated code. When embedding irregexp into SpiderMonkey, these
functions are an obstacle, because they are dead code, but still have
to compile.

To simplify the process of embedding, this patch does two things:

1. It moves StringCharacterPosition out of irregexp and into
objects/string, renaming it "AddressOfCharacterAt".

2. It guards the following set of functions with
'#ifndef COMPILING_IRREGEXP_FOR_EXTERNAL_EMBEDDER':
- IrregexpInterpreter::MatchForCallFromJs
- NativeRegExpMacroAssembler::CheckStackGuardState
- NativeRegExpMacroAssembler::Match
- NativeRegExpMacroAssembler::Execute

This will have no effect in a V8 build, but can be defined by
SpiderMonkey or another embedder to omit the problematic functions.

In the future, if we attempt to make a cleaner separation between V8
and irregexp, these functions will be a good place to start defining
the API boundary.

R=jgruber@chromium.org

Bug: v8:10303
Change-Id: I9f531a36e4f13440cafb0d0ade921f4c09f39c05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2097220
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66750}
2020-03-17 14:43:34 +00:00
Philip Pfaffe
e71d328fb3 Report additional wasm script info on the CDP
Add a scriptLanguage enum to the new scripts events. This overhauls
crrev.com/c/2011083 that was related. Report the code section offset
as well as the script language on the Debugger.scriptParsed and
Debugger.scriptFailedToParse events.

Bug: chromium:1057569
Change-Id: I40b43f28f0b3e094720db4fc1f07db1a0c293ee0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083025
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66749}
2020-03-17 13:25:24 +00:00
Milad Farazmand
a48da5f601 PPC/s390: [wasm] Add a test to inspect a large number of registers
Port f26c7b755a

Original Commit Message:

    This tests inspecting a bigger number of registers (covers all registers
    on many platforms). It also executes all four intrinsic types (i32, i64,
    f32, f64).

R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I47c7f593287500cb125dbf63e6d375d41a5f80fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106094
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66748}
2020-03-17 13:16:14 +00:00
Yuki Shiino
98b1ef80c7 Expose the %ObjProto_valueOf% intrinsic object to embedders
https://html.spec.whatwg.org/multipage/history.html#the-location-interface
HTML Location platform objects need to be initialized with using
the %ObjProto_valueOf% intrinsic object.

This patch exposes the %ObjProto_valueOf% intrinsic object to
embedders.

Example usage is: https://crrev.com/c/2102306

Change-Id: Iec58135773e01aed5de330c0c5dea89a49835a52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102408
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66747}
2020-03-17 13:04:24 +00:00
Georg Neis
a65fa9bb65 [turbofan] Delay constant folding for --assert-types
To avoid that constant folding makes some type assertions hold
vacuously, we don't constant-fold directly but instead introduce a new
FoldConstant operator that remembers the original node and gets lowered
to an equality assertion by the EffectControlLinearizer.

Change-Id: I7aedbe6d4fe47461856723c0c40ba3313a376bd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2100992
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66746}
2020-03-17 12:36:34 +00:00
Dominik Inführ
143ad476ef [heap] Move list of local heaps to safepoint
Track list of all local heaps in the Safepoint class instead of the
Heap.

Bug: v8:10315
Change-Id: I1a1c847502ab5e8f368d4cc12d3cbaf3672af7cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106197
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66745}
2020-03-17 12:07:24 +00:00
Mythri A
7c2ae383a1 [TurboProp] Increase the interrupt budget to 15K
Bug: v8:9684
Change-Id: I7694b8dfed27131c104f23a9f8d526d350670449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089472
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66744}
2020-03-17 10:58:24 +00:00
Clemens Backes
fcb0775a37 [wasm] Remove unneeded WASM_64 macro
The macro is not needed, the same condition can also be expressed
programmatically. Its name is misleading anyway, since it has nothing to
do with the wasm64 proposal.

Drive-by: Use GraphAssembler to implement {BuildF64CopySign}.

R=jkummerow@chromium.org, tebbi@chromium.org

Bug: v8:10123, v8:10155
Change-Id: I85238172037f08bd2e4d2d4564950759524f991a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105637
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66743}
2020-03-17 10:37:24 +00:00
Georg Neis
416b0c3802 Reland "[turbofan] Clean up ConstantFoldingReducer"
This is a reland of 2c834c5364,
in which node replacement was too aggressive.

Original change's description:
> [turbofan] Clean up ConstantFoldingReducer
>
> Change-Id: Iaf7f83cc157a6f6680da8933560347f7f3503d56
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2098736
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66706}

Change-Id: I5d306092dde4119629af4c5e7e424a0e9a14310d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106193
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66742}
2020-03-17 09:49:24 +00:00
Jakob Kummerow
050d30fbb8 [wasm] Fix catching of stack overflow in asm.js instantiation
There was a very narrow corner case where we would return from the
runtime function that tries to instantiate a module created by an
asm.js-to-wasm translation in an inconsistent state: returning a
Smi failure sentinel even though there is a pending exception.

Bug: chromium:1061808
Change-Id: I22f5c6cdb8d7f7abfddb2bb81dc9261c8a35bdeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106194
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66741}
2020-03-17 08:51:04 +00:00
Ulan Degenbaev
5cf02f0f20 [api] Support v8::BackingStores with empty deleters
This adjusts v8::[Shared]ArrayBuffer::NewBackingStore to allow passing
a known empty deleter -- v8::BackingStore::EmptyDeleter. Such API is
useful if the backing store memory is static or is manually managed.

We can skip adjusting the amount of external memory for ArrayBuffers
with empty deleters and thus avoid scheduling ineffective GCs.

Bug: chromium:1061960

Change-Id: I0ef5b2b0839098beb59d5cebbb28f9f81a73a042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105355
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66740}
2020-03-17 08:10:24 +00:00
v8-ci-autoroll-builder
1a46de717b Update V8 DEPS.
Rolling v8/build: 32206c0..a1cbf64

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/3ef483f..d7a6643

Rolling v8/third_party/depot_tools: c48fb84..34d90be

Rolling v8/third_party/icu: 0b61343..d7aff76

Rolling v8/third_party/zlib: c2eb8a7..156be8c

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ie829bcfff9526a66fde5d665f670d3b623fb8186
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106099
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66739}
2020-03-17 04:01:14 +00:00
Kong, Fanchen
73064523b1 [wasm-simd] [liftoff] Emit Simd commutative binop on x64 and ia32
Bug: v8:9909
Change-Id: I0d00aa79055667b627126b28f277dc5f670f25f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2097820
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/master@{#66738}
2020-03-17 01:25:13 +00:00
Milad Farazmand
fcf5d2a79e PPC/s390: [wasm] Load register values from DebugBreak frame
Port ae03752fd9

Original Commit Message:

    This implements inspection of live registers on breakpoints in Liftoff.
    To that end, the frame pointer of the WasmDebugBreak frame is remembered
    when iterating the stack. Based on a platform-specific implementation of
    {WasmDebugBreakFrameConstants}, the offset of the respective register
    within that frame is computed, and the value is read from the frame.

    As a drive-by, the wasm debug side table is storing register codes as
    liftoff codes, which can also store register pairs (needed for i64 on
    32-bit platforms, and for SIMD, which is not supported yet).

R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I1f4a52c349bd57098f633c5fd641642695b6fe96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106294
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66737}
2020-03-16 20:49:24 +00:00
Milad Farazmand
e54259ee15 PPC/s390: [wasm] Fix registers spilled in DebugBreak frame
Port e47f9a9d50

Original Commit Message:

    The set of registers to spill was wrong. Instead of spilling wasm
    parameter registers (like the WasmCompileLazy builtin), we should spill
    all registers that are being used as Liftoff cache registers.
    This CL defines platform-specific WasmDebugBreakFrameConstants which
    hold the set of registers to spill. This set is used in the builtin, and
    will later be used for inspecting the spilled registers.

    In order to iterate bit sets more easily in both direction (MSB to LSB
    or LSB to MSB), we add a base::bits::IterateBits{,Backwards} method
    which provides the respective iterators.

R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ic308a7712f080e43a0c45f496b087ce8450f657a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105563
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66736}
2020-03-16 19:13:23 +00:00
Ng Zhi An
b7971e95d0 [wasm-simd][liftoff][arm][arm64] Implement extract_lane
Implement all 8 extract_lane ops on ARM and ARM64.

Bug: v8:9909
Change-Id: I72e30b53c92933bd5830008ec02e1f4526e8b4c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2103169
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66735}
2020-03-16 18:36:23 +00:00
Joyee Cheung
f2fd4923f3 [class] error when accessing unused static private method at debug time
At the moment when the static private method is unused
in source code (either explicitly or through eval) but is accessed
at runtime through the debugger, and there are no other potential
references to the class variable in the source code otherwise,
the reference to the class variable is lost here since the class
variable would not be context-allocated, then we could not rebuild
a proper brand check for it.

For now, a ReferenceError would be thrown and the method is considered
"optimized away", similar to how unused ordinary methods in closures
work. Before this patch it would DCHECK when generating bytecode
for the debugger instead of throwing errors.

Bug: v8:9839, v8:8330
Change-Id: I5d63131a7bdba141d01a3e6459bc27d0f5953c1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2095637
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66734}
2020-03-16 18:07:03 +00:00
Ng Zhi An
817ba0a228 [wasm-simd][liftoff][arm][arm64] Implement adds
Implement f64x2.add, i64x2.add, i8x16.add on ARM and ARM64.

Bug: v8:9909
Change-Id: Id41bb3c02c1873e1380463264a3e5fd31949c949
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2103107
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66733}
2020-03-16 17:56:03 +00:00
Dominik Inführ
64759d44ae [heap] Introduce safepoint mechanism
Add safepoint mechanism to stop concurrent threads and bring them to a
safepoint. Threads are stopped before the safepoint and after e.g. the
GC resumed again. Each thread needs to be stopped in a safepoint, such
that all roots can be iterated safely.

Running threads need to be cooperative and are required to perform
regular safepoint polls.

The last version of this CL was reverted because safepoint_requested_
wasn't initialized (see https://crrev.com/c/2105634).

Bug: v8:10315
Change-Id: I6ef244c0fb31c178589b5e3d1c62687a8dd65768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105635
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66732}
2020-03-16 16:33:53 +00:00
Milad Farazmand
1b2e0ddf41 s390: [wasm-simd] Add simulator support for simd operations
Change-Id: I0352ef9e4213d6dc0f50a5406d8e167784408452
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2095755
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66731}
2020-03-16 16:27:53 +00:00
Clemens Backes
371580bb54 [wasm] Improve error message for missing Liftoff support
Complete Liftoff support is needed for debugging. In case of a bailout
from Liftoff, produce a better error message, also in release builds.

R=thibaudm@chromium.org

Bug: v8:10147
Change-Id: I8cdb11a5c54f9101ea611e28dd3fb7dc4fe5c538
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105633
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66730}
2020-03-16 15:29:53 +00:00
Clemens Backes
81d8e42f91 Revert "[heap] Introduce safepoint mechanism"
This reverts commit c84963eaa7.

Reason for revert: Fails on msan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/31376

Original change's description:
> [heap] Introduce safepoint mechanism
> 
> Add safepoint mechanism to stop concurrent threads and bring them to a
> safepoint. Threads are stopped before the safepoint and after e.g. the
> GC resumed again. Each thread needs to be stopped in a safepoint, such
> that all roots can be iterated safely.
> 
> Running threads need to be cooperative and are required to perform
> regular safepoint polls.
> 
> Bug: v8:10315
> Change-Id: I47f07e7d2ef5bc5adbba6b9e8e79a1f0f45b97ad
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102578
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66727}

TBR=ulan@chromium.org,dinfuehr@chromium.org

Change-Id: If11281b2b9fc622b91261417b202676f23f60b50
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105634
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66729}
2020-03-16 15:25:03 +00:00
Andreas Haas
cc571fd7ac [wasm][liftoff] Implement data.drop
R=clemensb@chromium.org

Bug: v8:10281
Change-Id: I34e6d1ec57d59e266d3182a3d3cc69d4cbb9d047
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2104889
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66728}
2020-03-16 15:10:03 +00:00
Dominik Inführ
c84963eaa7 [heap] Introduce safepoint mechanism
Add safepoint mechanism to stop concurrent threads and bring them to a
safepoint. Threads are stopped before the safepoint and after e.g. the
GC resumed again. Each thread needs to be stopped in a safepoint, such
that all roots can be iterated safely.

Running threads need to be cooperative and are required to perform
regular safepoint polls.

Bug: v8:10315
Change-Id: I47f07e7d2ef5bc5adbba6b9e8e79a1f0f45b97ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102578
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66727}
2020-03-16 14:59:33 +00:00
Camillo Bruni
92e3bcb1d9 [runtime] Use TLA in more tests
Enable more tests to use top level await modules.

Bug: v8:9344
Change-Id: I61c0c0205235969a43af602af327654b7e8a3dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2074402
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66726}
2020-03-16 14:43:53 +00:00
Clemens Backes
f2a0f53c8e [wasm] Fix Liftoff bailout
The bailout was guarded by the "if (counters)" condition, which does not
make sense.
If Liftoff compilation is executed for debugging, no counters will be
passed. On platforms that do not implement Liftoff, we still need to
bail out correctly.

R=ahaas@chromium.org

Bug: v8:10147
Change-Id: I188460183bb1c376d456e0d4e54e2338f4a66e23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105353
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66725}
2020-03-16 14:33:03 +00:00
Milad Farazmand
38fa16f89f PPC/s390: [liftoff] Add initial logic for stepping
Port 83ff405b1a

Original Commit Message:

    Flood functions with breakpoints to prepare them for stepping. With a
    small modification to the runtime function, this already implements a
    basic step over functionality.

    We still cannot resume, step in or step out (including stepping over a
    return instruction).

R=thibaudm@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Id153b2611c528e679e8d7722e3d209fb15bcf6d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2105055
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66724}
2020-03-16 14:23:23 +00:00
Victor Gomes
f7bcb2c5ee [test] Add receiver as argument in the interpreter tests
Fix the test-interpreter and test-interpreter-instrinsics by adding the receiver
as an argument instead of relying on an undefined receiver.

Change-Id: I7af3216b915581155bc320b27a5454c78d04f1f5
Bug: v8:10325
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102568
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66723}
2020-03-16 14:20:23 +00:00
Mythri A
b0bae6c736 [TurboFan] Redirect --trace-opt, --trace-deopt, --trace-osr to a file
With the current flow, it is difficult to easily get the output
of --trace-opt, --trace-deopt and --trace-osr from Android devices.
These flags log to stdout and on Android it is difficult to get this
output that preserves the formatting. This cl redirects them to a file
when --redirect-code-traces is specified.

Change-Id: I8ea1f083d0ee4577f9d70cfd2d7cb2823fd1a6c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2089931
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66722}
2020-03-16 14:18:43 +00:00
Clemens Backes
a80071457d [wasm] Add a fast path to {FindJumpTablesForRegion}
This method is called in the critical section in {PublishCode}, hence
performance is important here. Since most modules will only have a
single code space anyway, we can use the main jump table in the vast
majority of cases, and avoid taking a lock and iterating another data
structure.

R=ahaas@chromium.org

Bug: v8:10330
Change-Id: I18cbd3b127172963ccc9ec576a0985e874da7865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2104891
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66721}
2020-03-16 14:17:38 +00:00
Clemens Backes
f26c7b755a [wasm] Add a test to inspect a large number of registers
This tests inspecting a bigger number of registers (covers all registers
on many platforms). It also executes all four intrinsic types (i32, i64,
f32, f64).

R=thibaudm@chromium.org

Bug: v8:10222
Change-Id: I340696d525e4001f241bb22f62f0338018ad9804
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102575
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66720}
2020-03-16 14:16:33 +00:00
Clemens Backes
ae03752fd9 [wasm] Load register values from DebugBreak frame
This implements inspection of live registers on breakpoints in Liftoff.
To that end, the frame pointer of the WasmDebugBreak frame is remembered
when iterating the stack. Based on a platform-specific implementation of
{WasmDebugBreakFrameConstants}, the offset of the respective register
within that frame is computed, and the value is read from the frame.

As a drive-by, the wasm debug side table is storing register codes as
liftoff codes, which can also store register pairs (needed for i64 on
32-bit platforms, and for SIMD, which is not supported yet).

R=jkummerow@chromium.org
CC=thibaudm@chromium.org

Bug: v8:10222
Change-Id: I01b669baf56430e100cd46cc46f210121ea679da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102574
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66719}
2020-03-16 13:29:03 +00:00
Dan Elphick
5c7e24d736 [snapshot] Fix mksnapshot with warmup script
This fixes an assertion failure in mksnapshot that when the read-only
space is created for a second time, that its checksum should match the
first time it was deserialized. However with warmup scripts in
mksnapshot, the first run through doesn't deserialize it, but creates it
from scratch.  Then the next time through it deserializes it which it
doesn't expect and so crashes as there is no checksum to compare it to.

This fixes it by only checking if is a last_checksum (e.g. that it was
deserialized). Additionally CHECK that we never attempt to create the
objects from scratch if previously deserialized from a snapshot.

Bug: v8:10320
Change-Id: I598e5298b68f45911e20533db91d7f24fea21045
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102579
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66718}
2020-03-16 13:12:33 +00:00
Georg Neis
0798746cb3 Revert "[turbofan] Clean up ConstantFoldingReducer"
This reverts commit 2c834c5364.

Reason for revert: several clusterfuzz issues, e.g. 1061805

Original change's description:
> [turbofan] Clean up ConstantFoldingReducer
> 
> Change-Id: Iaf7f83cc157a6f6680da8933560347f7f3503d56
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2098736
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66706}

TBR=neis@chromium.org,tebbi@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I6e5b655bb465087a50ebaa2088795c6f920c2e51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2104892
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66717}
2020-03-16 13:06:43 +00:00
Thibaud Michaud
dded093312 [liftoff] Skip unreachable breakpoints
Forward the breakpoint iterator to the current position, ignoring
unreachable breakpoints.

R=clemensb@chromium.org

Bug: v8:10147
Change-Id: Ic7e7fca4c69fdea68676ff75031bb5133bfc69d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2100993
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66716}
2020-03-16 13:02:23 +00:00
Clemens Backes
e47f9a9d50 [wasm] Fix registers spilled in DebugBreak frame
The set of registers to spill was wrong. Instead of spilling wasm
parameter registers (like the WasmCompileLazy builtin), we should spill
all registers that are being used as Liftoff cache registers.
This CL defines platform-specific WasmDebugBreakFrameConstants which
hold the set of registers to spill. This set is used in the builtin, and
will later be used for inspecting the spilled registers.

In order to iterate bit sets more easily in both direction (MSB to LSB
or LSB to MSB), we add a base::bits::IterateBits{,Backwards} method
which provides the respective iterators.

R=jkummerow@chromium.org
CC=thibaudm@chromium.org

Bug: v8:10222
Change-Id: I73ecbdff9b29e244c478b404063c0c9ee25bc821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2102570
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66715}
2020-03-16 10:13:40 +00:00
Lutz Vahl
b1f0d7faeb Update v8 version to 8.3
TBR=hablich@chromium.org
NOTRY=true

Change-Id: I20d091dbceccc3d9780c1e6f803fb26998de4ea8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2104888
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66714}
2020-03-16 10:06:40 +00:00
Iain Ireland
e5fd9cba7b [regexp] Simplify allocation of RegExpMacroAssemblerTracer
This change is motivated by SpiderMonkey's policy against bare
new/delete. (I also think it's just a nicer way to write this.)

R=jgruber@chromium.org

here is the same as the change I made in the equivalent SM code.

Note: I'm not importing regexp.cc into SpiderMonkey, but the change
Bug: v8:10303
Change-Id: I3c81727eb7dea9c0ec78241e3c82ffc9e7007827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2091858
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66713}
2020-03-16 07:23:00 +00:00
v8-ci-autoroll-builder
7695c860ab Update V8 DEPS.
Rolling v8/build: 4428a79..32206c0

Rolling v8/tools/clang: 531ae60..d60a6a8

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Idac33929a24cb0bda2c5aba907b4052eac5173bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2104270
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66712}
2020-03-15 03:47:39 +00:00
v8-ci-autoroll-builder
5c0a3c4a2b Update V8 DEPS.
Rolling v8/build: cdcb92e..4428a79

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/40469eb..3ef483f

Rolling v8/third_party/depot_tools: 595eb19..c48fb84

Rolling v8/tools/clang: 8bf2cd1..531ae60

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I26ce6391daaeda5f4e7b9f979a8977533561b999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2103460
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#66711}
2020-03-14 03:59:47 +00:00
Ng Zhi An
603ade1433 [wasm-simd] Improve codegen for all_true and any_true
Based on feedback in https://github.com/WebAssembly/simd/issues/189 and
inspired by cranelift's codegen, we reduce instruction count by 1 for
both types of operations - all_true goes from 6 -> 5, any_true from 4 ->
3. The main transformation is to change a sequence of movq + ptest +
cmovq to ptest + setcc. We unfortunately cannot cut down the instruction
counts further, since we need to zero the destination register.

Change-Id: Idc2540dbec755c7a7ff5069955f74e978190161d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2100994
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66710}
2020-03-13 18:00:02 +00:00
Ng Zhi An
b53bf811d6 [wasm-simd][fuzzer] Add more simd operations
Add a bunch of i8x16, i16x8, i32x4 binops.

Bug: v8:10180
Change-Id: I576dbb605f1769ace2c832988c5205eaefc4476a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2101937
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66709}
2020-03-13 17:58:57 +00:00