AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
70,787 Commits 1 Branch 0 Tags 839 MiB
2e3b1bdd20
Commit Graph

70787 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Lippautz
2e3b1bdd20 cppgc: Fix gcc compilation of FinalizerTrait 
finalizer-trait.h:79:49: error: the address of ‘static void cppgc::internal::FinalizerTrait<T>::Finalize(void*) [with T = Rope]’ will never be NULL [-Werror=address]
   static constexpr bool HasFinalizer() { return kCallback; }

Fixes: 
Change-Id: I368138e37189440d786f130a1bce3577b7c0220f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097267
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76295}
 2021-08-16 09:01:05 +00:00
Lu Yahan
3cab84c247 [riscv64] Use s1 to save code_obj 
The caller saved a4 may be clobbered by the callee function. So we substitute it with the callee saved s1 to save code_obj.

Change-Id: Iebe707cbaa62d47fdee0aa117e32e88f67dac743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3096886
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76294}
 2021-08-16 08:08:42 +00:00
Nico Weber
574b105d63 Fix some -Wunreachable-code-aggressive warnings 
Bug: chromium:1066980
Change-Id: I03a6b5253043bfb9825a1a64a1d9b060958e5a98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094866
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76293}
 2021-08-16 06:45:22 +00:00
v8-ci-autoroll-builder
3c9f315ebe Update V8 DEPS. 
Rolling v8/build: edc2713..a0d5191

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If566c6ace9aec4ec9b2ba5bbf7acba3323471a28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095709
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76292}
 2021-08-15 03:47:11 +00:00
Michael Lippautz
479bfdb11b cppgc: Optimize GCInfo setup 
In Blink's version of Oilpan, GCInfo objects would reside in .bss and
a table would translate between an index and the .bss address. Upon
retrieving a GCInfoIndex, the slow path merely passes a .bss pointer
to a slow path setup method to create the table mapping.

In cppgc, we set up GCInfo entries directly in the table. This is
slightly faster for actually using GCInfo objects as there's no
indirection between table and .bss, and it also saves one pointer (the
indirection) per type that is set up. The downside of this approach is
that individual components of a GCInfo objects, that are all
type-dependent, need to be passed to the conditional setup method.
Since GCInfo indices must be retrieved on each allocation, this
pollutes the fast path with additional instructions.

However, GCInfo components are actually known at compile-time for many
objects. In such cases, we can use a compile-time static dispatch to
encode the known parameters in different functions. This saves around
40KiB of memory on ChromePublic.apk and also creates a more compact
fast path for allocation.

Bug: chromium:1238884, chromium:1056170
Change-Id: Iedd809a8baefcc02f131d2b2c77d341b0abe43bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094007
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76291}
 2021-08-14 11:16:11 +00:00
v8-ci-autoroll-builder
a91547b7e0 Update V8 DEPS. 
Rolling v8/build: 5c5313f..edc2713

Rolling v8/buildtools: 37dc929..6810b87

Rolling v8/third_party/aemu-linux-x64: 21LVieOtkkse_Rl-9YyxWMe3RIxZ3Gpb_MUUrgwitckC..kjigTwWNxlU1rn_26vpSH5hoVlSnC4w1rFJHyivz5PQC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/bd47f22..126f6a8

Rolling v8/third_party/depot_tools: 699d70d..0c42eff

Rolling v8/third_party/googletest/src: 47f819c..0134d73

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I7c13cee3230eab4f038103b6fb6724b17adaa043
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093203
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76290}
 2021-08-14 03:41:00 +00:00
Shu-yu Guo
3682731838 [compiler] Compress atomic opcode encoding 
To free up some ArchOpcode bits (especially for arm64), encode all
atomic opcodes that are duplicated between 32bit and 64bit widths with a
single opcode and encode the width in another field.

Bug: v8:12093
Change-Id: Ide05e8f0b2aa877ea776851e47df60dd410deae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093257
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76289}
 2021-08-13 22:34:39 +00:00
Rakhim Khismet
b342d5555b [fuzzer] Add generated tables to fuzzed module 
We add multiple tables to the fuzzed module.
We only can use externref or function references
for tables.

Bug: v8:11954
Change-Id: Ibb7b34203169a3ca97514b87273fa4ea0f6ca99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093145
Commit-Queue: Rakhim Khismet <khismet@google.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76288}
 2021-08-13 21:45:00 +00:00
Ng Zhi An
8798c2380d [wasm-simd] Optmize F64x2ReplaceLane when lane == 0 
Use movsd/vmovsd instead of pblendw/vpblendw. It is two bytes shorter,
and avoids mixing integer and floating-point domain instructions.

Bug: v8:12074
Change-Id: Ia41072fbf8da7d99618a55d59634f7399a7105ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088358
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76287}
 2021-08-13 20:15:20 +00:00
Ng Zhi An
ebdc98824f [wasm-simd] Improve i8x16 shift ins-sel and temps usage 
We no longer require dst == src (output = input[0]) in all cases, only
when AVX is not supported. This can help remove an extra move when AVX
is supported. Also in many cases (when input[0] is an immediate), we
require less temporary registers.

Bug: v8:11589
Change-Id: I0d272df12de54f55b4c7a0a330c38ccaca82e927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092553
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76286}
 2021-08-13 18:17:26 +00:00
Frank Tang
c4e4868e03 Use std::function 
Repalce old C style function pointer declaration

Bug: v8:12083
Change-Id: I0e7b0c808a7c195989cc75da5d6617d7295918f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088357
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76285}
 2021-08-13 18:01:59 +00:00
Clemens Backes
4d0730084d [wasm][arm64] Fix 16-bit to 32-bit sign extension 
This is identical to https://crrev.com/c/3094011, but for 16-bit values.
We introduce another instruction to differentiate between 16->32 bit
sign extensions and 16->64 bit sign extensions.

R=ahaas@chromium.org, mslekova@chromium.org

Bug: chromium:1239116
Change-Id: I2742e9d9c2b4a038fc7a0b1715faf8f25fa20b1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094012
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76284}
 2021-08-13 15:48:46 +00:00
Clemens Backes
748ae7cbf4 [wasm][arm64] Fix zero-extention of i32.load8_s 
InstructionSelector::ZeroExtendsWord32ToWord64 assumes that a
Load[kRepWord8|kTypeInt32] generates a zero-extended value. This
assumption makes sense, but was not fulfilled by the instruction
selector which emitted an "ldrsb" instruction which sign-extended to the
full 64-bit register.

This CL fixes that by introducing a separate "LdrsbW" instruction which
is selected if we are sign-extending an 8-bit value to 32-bit.

R=ahaas@chromium.org, mslekova@chromium.org
CC=v8-arm-ports@googlegroups.com

Bug: chromium:1239116
Change-Id: I2da1ad6062805acf5558f3e66b8db9a50e830302
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76283}
 2021-08-13 15:22:23 +00:00
Clemens Backes
55e6a51f8d Revert "[arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)" 
This reverts commit 2261e05333.

Reason for revert: No issues with the CL, but it is taking the
last two available opcodes on arm64 (we use 9 bits to encode it,
so we are limited to 512 opcodes). We need to land a security fix
which includes the addition of two opcodes. Before relanding this,
we need to figure out a strategy to either reduce opcodes, or use
one more bit to encode them.

Original change's description:
> [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)
>
> A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
> used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
> improvement on some compute intensive Wasm benchmarks on Neoverse-N1.
>
> Mla and Adalp optimisations were refactored to match the style of the
> added code.
>
> Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#76280}

Change-Id: Ifad0625ed8a6b66e7a7a74da11ad7d60941207e5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094014
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76282}
 2021-08-13 15:04:26 +00:00
Ross McIlroy
8bc7f45337 [Infra] Remove trusted variant. 
No longer required.

BUG=chromium:1003890

Change-Id: I98fb188ec2e7cd71203cd699b7484ecc26477ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086461
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76281}
 2021-08-13 13:37:23 +00:00
Ilja Iskovs
2261e05333 [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y) 
A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
improvement on some compute intensive Wasm benchmarks on Neoverse-N1.

Mla and Adalp optimisations were refactored to match the style of the
added code.

Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#76280}
 2021-08-13 13:22:26 +00:00
Nicolò Ribaudo
b3b9466a05 [class] Improve errors for reinitialized private elements 
Previously V8 was reusing the error fur duplicate declarations, using
the private name for class fields or the class name for class methods
as the redeclared identifier.

    class A { constructor(o) { return o } }
    class B extends A { #x }
    class C extends A { #x() {} }
    let D = (0, class extends A { #x() {} });

    new B(new B({})) // Identifier '#x' has already been declared
    new C(new C({})) // Identifier 'C' has already been declared
    new D(new D({})) // Identifier '' has already been declared

This patch changes it to use error messages that better explain what's
happening:

    new B(new B({})) // Cannot initialize #x twice on the same object
    new C(new C({})) // Cannot initialize private methods of
                     // class C twice on the same object
    new D(new D({})) // Cannot initialize private methods of
                     // class anonymous twice on the same object

I initially tried to use the same message for both fields and methods,
but the problem with that is that when initializing fields we only
have access to the field name, while when initializing methods we only
have access to the class name (using the "private brand" symbol).
However, almost all the error messages are different for private fields
and for methods so this shouldn't be a problem.

Bug: v8:12042
Change-Id: Iaa50c16e4fa5c0646ad9ef2aa7e65bb649b3fce2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078362
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Joyee Cheung <joyee@igalia.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76279}
 2021-08-13 10:04:36 +00:00
Manos Koukoutos
f2c4695b22 [turbofan] Unroll loops calling kWasmStackGuard 
Loops with function calls are not unrolled. This should not include
calls to kWasmStackGuard, which exist in many loops.

Bug: v8:11298, v8:12047, chromium:1238752
Change-Id: I62a17e708eaca9872f8244175be80ba22a68454c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090338
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76278}
 2021-08-13 09:40:47 +00:00
Lu Yahan
d8dc66f921 [riscv64][sparkplug] Fix sparkplug verify framesize failed 
Change-Id: I7481749ba3d5c41d7405b0d88a51defbc8bec9d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093009
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76277}
 2021-08-13 08:45:46 +00:00
Benedikt Meurer
52720f63da [inspector] Don't pretend that native accessors are own properties. 
Previously the V8 inspector would report native accessors, whose getter
evaluates to a value without causing a side effect, as own data
properties. But then the DevTools front-end will not be able to tell
whether that accessor was actually an own property or just an inherited
accessor.

The reason for reporting them as own properties in the first place was
to ensure that these properties show up in the object's preview. But
that we can handle differently by just marking these properties as
synthetic internally and including them in the preview.

Bug: chromium:1076820
Change-Id: I223299af7954e7b1a4a16bb5180d4ceff50f170f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094005
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76276}
 2021-08-13 08:31:37 +00:00
v8-ci-autoroll-builder
7346848d56 Update V8 DEPS. 
Rolling v8/build: bbf7f0e..5c5313f

Rolling v8/buildtools/linux64: git_revision:eea3906f0e2a8d3622080127d2005ff214d51383..git_revision:69ec4fca1fa69ddadae13f9e6b7507efa0675263

Rolling v8/buildtools/third_party/libc++abi/trunk: 24e92c2..671803f

Rolling v8/buildtools/third_party/libunwind/trunk: b825591..83f8edb

Rolling v8/third_party/aemu-linux-x64: qWiGSH8A_xdaUVO-GsDJsJ5HCkIRwZqb-HDyxsLiuWwC..21LVieOtkkse_Rl-9YyxWMe3RIxZ3Gpb_MUUrgwitckC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/abc7ba7..bd47f22

Rolling v8/third_party/depot_tools: 49a703f..699d70d

Rolling v8/third_party/icu: 75e34bc..a38aef9

Rolling v8/third_party/jinja2: 7c54c1f..6ac5f7e

Rolling v8/tools/clang: 6a8e571..f1ab49b

Rolling v8/tools/luci-go: git_revision:1120f810b7ab7eb71bd618c4c57fe82a60d4f2fe..git_revision:a5735121c6339dee9b1b3644535e230744daaac9

Rolling v8/tools/luci-go: git_revision:1120f810b7ab7eb71bd618c4c57fe82a60d4f2fe..git_revision:a5735121c6339dee9b1b3644535e230744daaac9

Rolling v8/tools/luci-go: git_revision:1120f810b7ab7eb71bd618c4c57fe82a60d4f2fe..git_revision:a5735121c6339dee9b1b3644535e230744daaac9

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I341085653d5e8ce7f76f4dbe0d3d34c6183b1377
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093309
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76275}
 2021-08-13 03:53:23 +00:00
Zhi An Ng
b9c7fc2786 Revert "[wasm][diagnostics] Support WasmCode in gdb JIT integration" 
This reverts commit a3b2c4ec81.

Reason for revert: UBSan https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8839060153390139249/+/u/Check/gdbjit

Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
>   both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
>   we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}

Bug: v8:11908
Change-Id: Ic1a74a9239e8ef6107efd36f61c089ae6bfc5b6c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093365
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76274}
 2021-08-12 23:59:14 +00:00
Milad Fa
457112f622 PPC: optimize word and dw byte reverse on Power10 
Change-Id: I89694796962d46b4fb1ae244ee39639576659465
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092025
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76273}
 2021-08-12 23:27:04 +00:00
Ng Zhi An
d58ef12c63 [wasm-simd] Optimize S16x8Dup and S8x16Dup 
Use punpcklqdq/punpckhqdq instead of pshufd.

Bug: v8:12075
Change-Id: I0260136d3727fde7bae4359df015d2b0090e8b29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092554
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76272}
 2021-08-12 23:02:24 +00:00
Ng Zhi An
a3b2c4ec81 [wasm][diagnostics] Support WasmCode in gdb JIT integration 
- Add new enum WASM_CODE to JitCodeEvent::CodeType
- Use AddressRegion instead of AddressRange (remove the latter)
- Change CodeDescription constructor to take an AddressRegion,
  both JIT_CODE and WASM_CODE use this
- Add a simple mjsunit test that sets --gdbjit to check that
  we don't crash.
- Add a api test for adding WASM_CODE

Bug: v8:11908
Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76271}
 2021-08-12 22:46:53 +00:00
Rakhim Khismet
5b7f4a3437 [fuzzer] Add struct.set to fuzzed module 
We add struct.set operation to the fuzzed module
by choosing random structtype field and generating
corresponding type.

Bug: v8:11954
Change-Id: I858bd64dd4b7242f20d6d7a0a507f34469de49c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086469
Commit-Queue: Rakhim Khismet <khismet@google.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76270}
 2021-08-12 22:41:33 +00:00
Frank Tang
527e25743d [test262] Roll test262 
ab353c6e7..45a913c0

Bug: v8:7834, v8:12085, v8:12086, v8:120448
Change-Id: I3fa00574d99dbeb5a87d1ecb2fcba92a2e2ff79c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3091646
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76269}
 2021-08-12 20:30:12 +00:00
Ng Zhi An
f0ee51001a [wasm-simd][ia32][x64] Share i8x16.shl implementation 
Move the implementation into shared macro-assembler. TurboFan and
Liftoff for both ia32 and x64 can now share the implementation. No
functionality change expected.

Bug: v8:11589
Change-Id: Ia1f680ba139fca627e82e7dc0a9cf1c833e483cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088513
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76268}
 2021-08-12 20:26:23 +00:00
Joyee Cheung
aa4df5bc05 [class] add microbenchmark for defining class fields 
Landing define-class-fields microbencharks upstream before optimization so that
the benefit is visible.

Bug: v8:9888
Change-Id: Ie3bd2bd2cdd5710f43e398aa834985b5faa973d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999030
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76267}
 2021-08-12 18:07:23 +00:00
Samuel Groß
3d383fff26 [build] Add vm-cage.h to BUILD.gn 
Bug: chromium:1218005
Change-Id: I52368a70c448b8b928fb0cd04a9b7a72f86fafad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090973
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76266}
 2021-08-12 18:05:43 +00:00
Frank Tang
266bd5743f [intl] Implement Intl Enumeration API 
flag --harmony_intl_enumeration

I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/Txtf_rSqGH8/m/e27FY33JAQAJ
Design Doc: https://docs.google.com/document/d/1lbj_YVW-xhzYNMQeHB-qDjVkf4SA-eTHYpYXx3Oaud8
https://chromestatus.com/guide/edit/5649454590853120


Bug: v8:10743
Change-Id: I3bfe0c25b50eb55025498534eba975a20723bd2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953519
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76265}
 2021-08-12 18:00:54 +00:00
Ng Zhi An
4955ecfc68 [wasm-simd] Share i8x16 shr_s shr_u implementation 
Move the implementation into shared macro-assembler. TurboFan and
Liftoff for both ia32 and x64 can now share the implementation. No
functionality change expected.

Bug: v8:11589
Change-Id: I8d3567ef6e4a430fe8e007e44d5d55cf8e8a6a7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088273
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76264}
 2021-08-12 17:42:03 +00:00
Victor Gomes
682affed8d [bazel] Add vm-cage files 
No-Try: true
Change-Id: I05c3c4181a905245b23c7a983ffcfcb189e8f05e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089167
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76263}
 2021-08-12 17:21:23 +00:00
QiuJi
2116776fc9 [riscv64] Skip wasm SIMD test regress-1231950.js 
Change-Id: Idae3870fc82ac117f9d7d916298123921bfcf286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089007
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76262}
 2021-08-12 15:24:29 +00:00
Jakob Gruber
1b22e6fb59 [compiler] Fix multiple races in Map::FindElementsKindTransitionedMap 
The concurrent version was added recently in crrev.com/c/3085262.

- UnusedPropertyFields requires the MapUpdater lock.
- instance_descriptors must be read atomically on the bg thread.

Finally, there appears to be a false positive report for the pattern:

 x = is_concurrent ? foo(kAcquireLoad) : foo();

Here, clang emits code that executes both the atomic and nonatomic
reads when is_concurrent is true. Needs more investigation.

Bug: v8:7790, chromium:1239009
Change-Id: I07d442e72cf0278f79f202a267e8d246f8abca1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090341
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76261}
 2021-08-12 14:53:32 +00:00
Anton Bikineev
2e006255ca cppgc: Use load/store instead of fetch_or 
fetch_or (lock-prefixed-or on x86) is emulated with branching on
armv7/armv8 and therefore generates more instructions.

This improves android-binary-size by 45K. It should also improve
performance.

Bug: chromium:1238884
Change-Id: I48f59b645a4bb872b3798a1fde11608fd2930ce6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090342
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76260}
 2021-08-12 14:46:29 +00:00
Michaël Zasso
bdcda72cd1 [platform] Fix compilation on 32-bit Windows 
Use `extern "C"` to declare the __readfsdword function.
Fixes error C2732 in the Node.js CI.

Bug: chromium:796644
Change-Id: If261985e65bfdade53ce06ff28afe0e2db402f7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086457
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
Cr-Commit-Position: refs/heads/master@{#76259}
 2021-08-12 14:03:52 +00:00
Clemens Backes
5798623695 [wasm] Remove special handling for predictable mode 
This should not be needed any more after https://crrev.com/c/2944808,
which made job execution deterministic in predictable mode.

R=thibaudm@chromium.org

Bug: v8:11848, v8:10936
Change-Id: I7f71af063d366ca2ba9223afeb6c2caa77b02a99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090334
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76258}
 2021-08-12 14:02:49 +00:00
Santiago Aboy Solanes
b820b931b4 [test] Fix bytecode flushing flag name in test 
Bug: v8:11947
Change-Id: Ie32d79d13f85b2929310a75923a02e1585565265
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090825
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76257}
 2021-08-12 13:29:28 +00:00
Ross McIlroy
4ab70f6b21 [Compiler] Remove untrusted code mitigations. 
These are no longer enabled, so remove the code mitigation logic from
the codebase.

BUG=chromium:1003890

Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76256}
 2021-08-12 12:58:24 +00:00
Camillo Bruni
dacb5acd83 [d8] Use more conservative error reporting in d8's async-hooks 
d8 throws on unhandled rejected Promises since
https://crrev.com/c/2238569 so no special handling beyond throwing in
the async hooks themselves is needed.

Drive-by-fix: Use v8::Isolate* as local variable.

Bug: chromium:1238467
Change-Id: I271720cd9cfd1d30b58b5407c700b0f730910968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090333
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76255}
 2021-08-12 12:39:10 +00:00
Santiago Aboy Solanes
44b4a5045a [test] Skip non-deterministic SABs tests for predictable bots 
Bug: v8:12065
Change-Id: I88213ef7eeb37c280a89f08fed3ea256cc0997df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086460
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76254}
 2021-08-12 10:37:38 +00:00
Santiago Aboy Solanes
d861a2b02b [compiler] Make relaxed tag explicit for int32 accessors 
Bug: v8:7790
Change-Id: I4e25140a83a0ce851195e274a489ac13cacdf676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086477
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76253}
 2021-08-12 09:41:22 +00:00
Frank Tang
19996d6de5 [intl] Change JSLocale::Is38AlphaNumList 
Move from recusion to loop to avoid stack overflow

Bug: v8:12059
Change-Id: I44981f4271495adf00d7697114663f966b8f9f11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087937
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76252}
 2021-08-12 09:40:18 +00:00
Lutz Vahl
363a591d11 Changed version number to 9.5 
TBR=hablich@chromium.org, vahl@chromium.org

Change-Id: I223f3018248459f03fab14003c59b27f7b9834ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090329
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76251}
 2021-08-12 09:31:48 +00:00
Jakob Gruber
39ee66f102 [compiler] Set concurrent_inlining flag irrespective of OSR 
OSR and concurrent_inlining are not strictly related, thus remove the
!is_osr condition when setting the concurrent_inlining flag.

OSR jobs simply execute on the main thread, whether CI is enabled or
not.

Drive-by: Exhaustive CodeKind switch cases.

Bug: v8:7790,v8:11981
Change-Id: Ia50e083f1c39d1d9845b1ef4e16ae8fd10798fb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086480
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76250}
 2021-08-12 09:07:38 +00:00
Leszek Swirski
e16554443e [sparkplug] Fix accumulator clobber in StaDataPropertyInLiteral 
The baseline compiler wasn't saving the accumulator when generating code
for StaDataPropertyInLiteral. This could lead to issues in cases where
the bytecode compiler optimized away loads of a register into the
accumulator.

Fixed: chromium:1236978
Change-Id: I8603a4c7446664f82b35db61f81cacefce2e4f3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090326
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76249}
 2021-08-12 08:48:38 +00:00
Peter Kasting
de79f4d291 Fix some instances of -Wunreachable-code-aggressive. 
Bug: chromium:1066980
Change-Id: I92570706da4e6f8380f100bec12c8414f6ff2edc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086221
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76248}
 2021-08-12 08:20:57 +00:00
Jakob Gruber
763d4c7fd3 [compiler] Remove dead code / refactors in JSHeapBroker 
Bug: v8:7790
Change-Id: I9bd852d42cbc81ba12dc81166990a49a6b91168a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089153
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76247}
 2021-08-12 08:17:28 +00:00
Thibaud Michaud
069c6396c7 [wasm][liftoff] Prepare arm port of NaN detection 
Make "emit_s128_set_if_nan" take LiftoffRegisters rather than Registers.
The decoding of the FP register code is architecture dependent, and in
particular we expect an FP pair on arm.

R=clemensb@chromium.org

Bug: v8:11856
Change-Id: I44a364c3ef3a0c41000ea1f6cead4916ee04145d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089165
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76246}
 2021-08-12 08:15:12 +00:00