This CL also fixes a small bug in the update-wasm-spec-tests.sh script,
as it was not able to handle proposals without additional core spec
tests. It also disables a lot of tests.
R=jkummerow@chromium.org
bug:v8:10556
Change-Id: Ibd885350478de935dc67edb664715cfa64f1d8e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210248
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67949}
Sometimes CSA code carefully constructs a mask to check several
bitfields at once. Thus far, such a check has been very awkward to write
in Torque. This change adds a way to do so, using the
non-short-circuiting binary `&` operator. So now you can write an
expression that depends on several bitfields from a bitfield struct,
like `x.a == 5 & x.b & !x.c & x.d == 2` (assuming b is a one-bit value),
and it will be reduced to a single mask and equality check. To
demonstrate a usage of this new reduction, this change ports the trivial
macro IsSimpleObjectMap to Torque. I manually verified that the
generated code for the builtin SetDataProperties, which uses that macro,
is unchanged.
Bug: v8:7793
Change-Id: I4a23e0005d738a6699ea0f2a63f9fd67b01e7026
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183276
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67948}
The proposal uses the lane shape, e.g. i64x2.anytrue, and we were using
s1x2.anytrue in our opcodes. This was a legacy naming, because we were
trying to bitpack the booleans. Now that we aren't doing that, rename
these to be more consistent with the proposal.
This was done with a straightforward sed script, changing both cpp code
and also some comments in mjsunit test files.
Bug: v8:10506
Change-Id: If077ed805de23520d8580d6b3b1906c80f67b94f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207915
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67945}
Currently, if d8 is run with the --turbo-profiling flag, it prints info
about every TurboFan-compiled function. This info includes the number of
times that each basic block in the function was run. It also includes
text representations of the function's schedule and code, so that the
person reading the output can associate counters with blocks of code.
The data about each function is currently stored in a
BasicBlockProfiler::Data instance, which is attached to a list owned by
the singleton BasicBlockProfiler. Each Data contains an
std::vector<uint32_t> which represents how many times each block in the
function has executed. The generated code for each block uses a raw
pointer into the storage of that vector to implement incrementing the
counter.
With this change, if you compile with v8_enable_builtins_profiling and
then run with --turbo-profiling, d8 will print that same info about
builtins too.
In order to generate code that can survive being serialized to a
snapshot and reloaded, this change uses counters in the JS heap instead
of a std::vector outside the JS heap. The steps for instrumentation are
as follows:
1. Between scheduling and instruction selection, add code to increment
the counter for each block. The counters array doesn't yet exist at
this point, and allocation is disallowed, so at this point the code
refers to a special marker value.
2. During finalization of the code, allocate a BasicBlockProfilingData
object on the JS heap containing data equivalent to what is stored in
BasicBlockProfiler::Data. This includes a ByteArray that is big
enough to store the counters for each block.
3. Patch the reference in the BuiltinsConstantsTableBuilder so that
instead of referring to the marker object, it now refers to this
ByteArray. Also add the BasicBlockProfilingData object to a list that
is attached to the heap roots so it can be easily accessed for
printing.
Because these steps include modifying the BuiltinsConstantsTableBuilder,
this procedure is only applicable to builtins. Runtime-generated code
still uses raw pointers into std::vector instances. In order to keep
divergence between these code paths to a minimum, most work is done
referring to instances of BasicBlockProfiler::Data (the C++ class), and
functions are provided to copy back and forth between that type and
BasicBlockProfilingData (the JS heap object).
This change is intended only to make --turbo-profiling work consistently
on more kinds of functions, but with some further work, this data could
form the basis for:
- code coverage info for fuzzers, and/or
- hot-path info for profile-guided optimization.
Bug: v8:10470, v8:9119
Change-Id: Ib556a5bc3abe67cdaa2e3ee62702a2a08b11cb61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159738
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67944}
Changes:
- Implement the 'let' opcode, as per
https://github.com/WebAssembly/function-references/blob/master/proposals/function-references/Overview.md#local-bindings
- Use a WasmDecoder in place of a plain decoder in OpcodeLength and
AnalyzeLoopAssignment.
- Change ControlBase to accept an additional 'locals_count' parameter.
- Implement required test infrastructure and write some simple tests.
Bug: v8:7748
Change-Id: I39d60d1f0c26016c8f89c009dc5f4119b0c73c87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2204107
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67937}
The implementation of the StreamingDecoder depends on async compilation.
However, when the --single-threaded flag is set, async compilation is
not available. Therefore V8 does not support streaming compilation at
the moment if the --single-threaded flag is set.
This CL is the first step to support streaming compilation in
--single-threaded mode. This CL makes the StreamingDecoder an abstract
class, and the current implementation a sub-class called
AsyncStreamingDecoder. A follow-up CL will provided a second sub-class
implementation for streaming compilation in --single-threaded mode.
Bug: v8:10548
Change-Id: Ice5c01340d3df18f836a4a05d30571207ca8ccf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208869
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67931}
Math.random, while technically not having any effects which modify the
surrounding JS state, does observably change between a no-side-effects
evaluation and an actual evaluation, and can cause confusion.
Change-Id: I4a41ac6fd3153a14245d5940fe52ada43ca05e0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207805
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Gus Caplan <me@gus.host>
Cr-Commit-Position: refs/heads/master@{#67927}
This was introduced by https://crrev.com/c/2207137.
Load offsets can be negative.
Drive-by: Add a helper function to wrap the verbose static casts in
bounds checks.
Bug: chromium:1084872,chromium:1083450
Change-Id: I48934d04a8ab15a8fc347465064b190e32c00716
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209066
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67924}
Convert wasm-value into internal::WasmValue, then to debug::WasmValue.
This is then copied into a CDP protocol object via a new class,
WasmValueMirror.
Bug: v8:10347
Change-Id: I5778d2cc5701caf82e4a97ac329303e510695b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2151130
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67908}
This change updates some Torque-defined classes to include more precise
field types where possible. It also updates those classes to use
@generateCppClass. One field was removed because it's unused
(PrototypeInfo::validity_cell), and two fields in StackFrameInfo
actually became less precise because they're based on Script::name,
which is an embedder-provided untyped Local<Value>. (Automatically
generated accessors pointed out this bug easily.)
This change also includes a couple of minor fixes in Torque.
Change-Id: Ib2bc6c7165bb3612b6d344c0686a94165a568277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199640
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67907}
Port 18ac08d03c
Original Commit Message:
This is a reland of 3cc981cb7a with a
fix for data race detected by TSan.
Original change's description:
> [wasm][debug] Fix tier down during streaming compilation
>
> If the debugger is enabled while streaming compilation is happening, we
> won't correctly tier down to Liftoff. This is because during streaming
> compilation, we always compile for no debugging. Fixing that is a bit
> tricky, since when the debugger is enabled, functions can either already
> have finished compiling, or they are currently being compiled, or their
> wire bytes are not received yet.
> Instead of handling this correctly while streaming compilation is
> running, we just recompile the whole module with Liftoff after streaming
> compilation finished.
>
> For testing this, we use the existing tests for async compilation, and
> enable --wasm-test-streaming, which compiles via the streaming decoder
> even in the async compilation case.
>
> R=thibaudm@chromium.org
>
> Bug: v8:10531
> Change-Id: I0177248a9ad2e90f83faee965d6746de05423f1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207133
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67882}
R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I778a10eaba0016a9e897c8f71ac822c6b421350f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208901
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67906}
Registers cannot be used as a merge destination if they have more than
one use, otherwise the merge will unexpectedly affect other uses of that
register.
R=ahaas@chromium.org,clemensb@chromium.org
Bug: chromium:1084151
Change-Id: I0d6ad97c585920357a37d95361e0320d32c71f4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208851
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67904}
The typed function references proposal allows an optional second
parameter to Table.grow containing the initialization value for the
newly added entries for tables that do not support null defaults.
This CL adds this functionality but hides it behind a newly added
experimental flag --experimental-wasm-typed-funcref.
R=ahaas@chromium.orgCC=jkummerow@chromium.orgCC=manoskouk@chromium.org
Bug: v8:9495
Change-Id: Ia156aeacf95bc36a9fc182990f315c42075cbb7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207184
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67900}
This is a reland of 3cc981cb7a with a
fix for data race detected by TSan.
Original change's description:
> [wasm][debug] Fix tier down during streaming compilation
>
> If the debugger is enabled while streaming compilation is happening, we
> won't correctly tier down to Liftoff. This is because during streaming
> compilation, we always compile for no debugging. Fixing that is a bit
> tricky, since when the debugger is enabled, functions can either already
> have finished compiling, or they are currently being compiled, or their
> wire bytes are not received yet.
> Instead of handling this correctly while streaming compilation is
> running, we just recompile the whole module with Liftoff after streaming
> compilation finished.
>
> For testing this, we use the existing tests for async compilation, and
> enable --wasm-test-streaming, which compiles via the streaming decoder
> even in the async compilation case.
>
> R=thibaudm@chromium.org
>
> Bug: v8:10531
> Change-Id: I0177248a9ad2e90f83faee965d6746de05423f1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207133
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67882}
Bug: v8:10531, v8:10544
Change-Id: I884922b6ac55543e6ff9b1046438f6b3abab6f64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207187
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67896}
Fix underflow when the break type list is empty, and do not try to
reuse the first value to generate the wanted type.
Bug: chromium:1084452
Change-Id: Ia9855a267730bb9f427518c27157f449475fb6ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208858
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67895}
For single-threaded, we can not tier up in the background. Hence we can
either tier up in foreground (which is pointless), or not tier up.
This CL disables Liftoff, so will compile TurboFan code right away.
R=ahaas@chromium.org
Bug: v8:10530
Change-Id: Icfdc26643ab219d617f844c2ea8e149870168dbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208853
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67894}
TSan handles SIGPROF incorrectly, hence we don't get the samples we
expect on that test, and it quite frequently times out on TSan bots.
Skip it for now, until the TSan issue is fixed.
R=petermarshall@chromium.org
Bug: v8:9869
Change-Id: I27c65cdd10c53b441faad216e00d6c60b42229e6
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208857
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67892}
This reverts commit 3cc981cb7a.
Reason for revert: TSan failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/31572
Original change's description:
> [wasm][debug] Fix tier down during streaming compilation
>
> If the debugger is enabled while streaming compilation is happening, we
> won't correctly tier down to Liftoff. This is because during streaming
> compilation, we always compile for no debugging. Fixing that is a bit
> tricky, since when the debugger is enabled, functions can either already
> have finished compiling, or they are currently being compiled, or their
> wire bytes are not received yet.
> Instead of handling this correctly while streaming compilation is
> running, we just recompile the whole module with Liftoff after streaming
> compilation finished.
>
> For testing this, we use the existing tests for async compilation, and
> enable --wasm-test-streaming, which compiles via the streaming decoder
> even in the async compilation case.
>
> R=thibaudm@chromium.org
>
> Bug: v8:10531
> Change-Id: I0177248a9ad2e90f83faee965d6746de05423f1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207133
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67882}
TBR=clemensb@chromium.org,thibaudm@chromium.org
Change-Id: I26e750c6c6d0783b5e4a0f19a5462a5fbe99a742
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10531
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207186
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67885}
If the debugger is enabled while streaming compilation is happening, we
won't correctly tier down to Liftoff. This is because during streaming
compilation, we always compile for no debugging. Fixing that is a bit
tricky, since when the debugger is enabled, functions can either already
have finished compiling, or they are currently being compiled, or their
wire bytes are not received yet.
Instead of handling this correctly while streaming compilation is
running, we just recompile the whole module with Liftoff after streaming
compilation finished.
For testing this, we use the existing tests for async compilation, and
enable --wasm-test-streaming, which compiles via the streaming decoder
even in the async compilation case.
R=thibaudm@chromium.org
Bug: v8:10531
Change-Id: I0177248a9ad2e90f83faee965d6746de05423f1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207133
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67882}
So far this is mainly a readability improvement to specify
expectations on the packed argument. In the future we should also
check signedness during bytecode generation.
Drive-by: Update DCHECK to allow signed args to
CHECK_CURRENT_POSITION.
Bug: chromium:1083450
Change-Id: I9376ec691b51eb251c972309ad65dd6c04eec3ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2207137
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67880}
The lowering for anytrue was assuming that the input nodes are all
integers. The regression test added in https://crrev.com/c/2194471 calls
anytrue with float operands, this was causing the lowering to generate
cmpl instructions with a float register and an immediate, which is
wrong.
The fix is to use GetReplacementsWithType on the input nodes, but
only if the input were floats, since we use Word32Equal.
Drive-by clean up of comments in the aforementioned regression test.
Bug: v8:10535
Change-Id: I4de89516c178e9003a4c745808d831be87918381
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2203400
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67878}
The codegen uses a bunch of vpmax to try and keep set bits around. The
datatype for vpmax does not need to change for each instruction, since
vpmax U32 will persist set bits just as well. This simplifies the
instruction sequences for S1x8 and S1x16 anytrue.
I added a test to check a special case when a f64x2 contains -0.0 (top
bit set). A previous attempt to optimize codegen used floating point
compare, which does not distinguish between 0.0 and -0.0. So -0.0 will
compare equals to 0.0, and incorrect return 0 for anytrue.
Change-Id: I66013796af08a666009e6b2d774ea7ee7bdfe1ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2203113
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67875}
Asynchronicity can be tricky, in particular if the debugger is enabled
while wasm compilation is happening.
We seem to have open issues in streaming compilation there. As a first
step, which CL adds more tests for async compilation (non-streaming).
R=thibaudm@chromium.org
Bug: v8:10531
Change-Id: Idf16790a91aad437ceb981485512a2f52b791bac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2206736
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67865}
... and other unused methods.
Bug: v8:9708
Change-Id: Ie3658878024fcddcd5503c6462e5ad873eba19b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2206733
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67859}
Makes it clearer what this does. Added comments to explain it.
Change-Id: I90b0686f8a607cea32c482591b924e9103f7f445
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2205693
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67846}
Changes:
Cleanup:
- Make sure read_value_type has the same interface as other
read_* functions, i.e., returns the decoded value and writes
the consumed length into a pointer.
- DecodeLocals is now an instance method.
- DecodeLocals should fail when given a wrong number of locals.
Add tests to catch that.
- Fix a buggy test.
Refactoring in preparation of introducing the 'let'
instruction as per [wasm-gc]:
- DecodeLocals does not consume any input and can start from any pc.
- DecodeLocals gives the option of not appending the decoded
locals to local_types_.
- Separate locals initialization from signature.
Bug: v8:7748
Change-Id: Iaaff87fdb9abe0ddd716484ea3fa87779d2d1a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2202992
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67845}
This allows embedding objects in each other and recursively trace
through them.
Bug: chromium:1056170
Change-Id: I4e4ae4c1669109c01003cb6b69797cf271a74033
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198977
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67841}
GraphAssembler creates Phi nodes and creates additional inputs to them
depending on how many jumps go there. If the typer decorator is active,
it will type the Phi node at creation time. GraphAssembler was not aware
of types (until recently it was not used while the graph is typed) and
did not update the Phi type with each new input. This CL fixes that.
Bug: chromium:1082704
Change-Id: Id94bcda752c7b3dc836eb2b6c6b55b1690185a09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2202978
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67823}
The bool specialization of DataRange::get was removed recently as it is
not used anymore. Add a static assert to ensure that we do not run into
the undefined behavior that this specialization was meant to prevent.
R=clemensb@chromium.org
Change-Id: I43abfe03c6fa4722b1dafc0025eb0bdff5379337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2202979
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67816}
Load extends always load 64-bits. Previously, we were setting the max
alignment to be the size_log_2 of the load_type. For LoadExtends the
load_type indicates what the lane size to be extended is, *NOT* the size
to be loaded.
Bug: chromium:1082848
Change-Id: I0c4115ea6ec916211b03afdb83376ccc05c0c244
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2202721
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67815}
The scheduler could schedule unreachable nodes on two basic blocks that
later merge. Update DCHECK in graph-assembler's basic block updater to
only check for the self-containedness of unreachable basic blocks
removed from the schedule after all the blocks have been re-written to
allow for this case.
BUG=chromium:1079446,v8:9684
Change-Id: I91899dbf389e4425542dbd2b1ca95c3f6ad79c05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196354
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67812}
Splits out all of PagedSpace and subclasses into paged-spaces.h. Also
moves CodeObjectRegistry to code-object-registry.h.
Bug: v8:10473, v8:10506
Change-Id: I35fab1e545e958eb32f3e39a5e2ce8fb087c2a53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201763
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67811}
The --no-wasm-async-compilation disabled async compilation so far, but
async compilation was still possible over streaming compilation. With
this CL, also streaming compilation is disabled.
R=clemensb@chromium.org
Bug: v8:9760
Change-Id: I7e8d4db9e3bb960e8e7380e2190409f63b2f1968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199343
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67807}
The devtools frontend used this to set a lower interval (100us). Now the
frontend will stop setting this category and we will always profile
with 100us (which was already the default).
Bug: chromium:1082220
Change-Id: Iaa671d9750ad4c13b95c2c1ba1e433a1077c858a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198989
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67805}
This reverts commit 580917d252.
Reason for revert: fix in patchset 2
Original change's description:
> Revert "cppgc: Stack scanning using ObjectStartBitmap"
>
> This reverts commit d3a72e3c2a.
>
> Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/32360)
>
> Original change's description:
> > cppgc: Stack scanning using ObjectStartBitmap
> >
> > This CL implements stack scanning for cppgc.
> > Given a value on the stack, the MarkingVisitor uses
> > PageBackend::Lookup to checks whether that address is on
> > the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress
> > (introduced in this CL) is used to get the relevant object
> > header. Note that random addresses on the heap might point to
> > free memory, object-start-bitmap, etc.
> >
> > If a valid object header is found:
> > * If the object is not in construction, the GCInfoIndex is used
> > the get the relevant Trace method and the object is traced.
> > * Otherwise, the object is conservatively scanned - i.e. the
> > payload of the object is iterated word by word and each word is
> > treated as a possible pointer.
> >
> > Only addresses pointing to the payload on non-free objects are
> > traced.
> >
> > BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the
> > relevant space, thus all LABs are reset before scanning the stack.
> >
> > Bug: chromium:1056170
> > Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426
> > Commit-Queue: Omer Katz <omerkatz@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67795}
>
> TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
>
> Change-Id: I3caef6f9f55911fd1a86e895c3495d1b98b1eac2
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: chromium:1056170
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201136
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67796}
TBR=ulan@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
# Not skipping CQ checks because this is a reland.
Bug: chromium:1056170
Change-Id: If7ea4fe5cb794c07544d5545f5d6548e3375d3ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201137
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67803}
The existing non-builtin implementation is returning wrong results.
For example, given the value 63 as a uint8_t it returns 38 (should be 6).
The new implementation follows the naive algorithm presented in figure 5-1
in Hacker's Delight section 5-1.
Note that the algorithm in the book is designed for 32 bit numbers, so we
extended it to support 64 bit as well.
Bug: chromium:1056170
Change-Id: I8fed9c449f80b01b8cc93d339529c0e1e0863fc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199345
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67801}
This reverts commit d3a72e3c2a.
Reason for revert: MSAN failures (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/32360)
Original change's description:
> cppgc: Stack scanning using ObjectStartBitmap
>
> This CL implements stack scanning for cppgc.
> Given a value on the stack, the MarkingVisitor uses
> PageBackend::Lookup to checks whether that address is on
> the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress
> (introduced in this CL) is used to get the relevant object
> header. Note that random addresses on the heap might point to
> free memory, object-start-bitmap, etc.
>
> If a valid object header is found:
> * If the object is not in construction, the GCInfoIndex is used
> the get the relevant Trace method and the object is traced.
> * Otherwise, the object is conservatively scanned - i.e. the
> payload of the object is iterated word by word and each word is
> treated as a possible pointer.
>
> Only addresses pointing to the payload on non-free objects are
> traced.
>
> BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the
> relevant space, thus all LABs are reset before scanning the stack.
>
> Bug: chromium:1056170
> Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67795}
TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org
Change-Id: I3caef6f9f55911fd1a86e895c3495d1b98b1eac2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201136
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67796}
This CL implements stack scanning for cppgc.
Given a value on the stack, the MarkingVisitor uses
PageBackend::Lookup to checks whether that address is on
the heap. If it is, BasePage::TryObjectHeaderFromInnerAddress
(introduced in this CL) is used to get the relevant object
header. Note that random addresses on the heap might point to
free memory, object-start-bitmap, etc.
If a valid object header is found:
* If the object is not in construction, the GCInfoIndex is used
the get the relevant Trace method and the object is traced.
* Otherwise, the object is conservatively scanned - i.e. the
payload of the object is iterated word by word and each word is
treated as a possible pointer.
Only addresses pointing to the payload on non-free objects are
traced.
BasePage::TryObjectHeaderFromInnerAddress assumes on LAB on the
relevant space, thus all LABs are reset before scanning the stack.
Bug: chromium:1056170
Change-Id: I172850f6f1bbb6f0efca8e44ad8fdfe222977b9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190426
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67795}
There should be a space between the quantity and the unit symbol
as per the SI, so this commit fixes this issue.
Change-Id: I3356942391d96906f3e3840c7bb802e10f29eb4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190230
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67789}
This is needed to trace objects found durinbg stack scanning.
Bug: chromium:1056170
Change-Id: I1280d98f2fe69281c514b3a7d4a57f909a2eed96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190425
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67788}
The AVX implementation does not have dst == input(0), so the vminps call
was wrong. The intention is to compare the 2 input operands.
Bug: chromium:1081030
Change-Id: Id54074327a6aca4b75988fc9d85beccfeabfc791
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194471
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67786}
... when one of the receivers is a JSArray that may have a read-only
length.
Bug: chromium:1069530
Change-Id: Idbaf1a9030bb5a0f9c25e30925f18f603a99832f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196353
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67783}
This CL fixes a bug in Liftoff where stack parameters for builtins were
pushed in the reversed order.
CC=bbudge@chromium.orgR=clemensb@chromium.org
Bug: v8:10281
Change-Id: I51ab4f19b0dc3835140ca3c05c98cc82dfe9cac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196341
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67779}
We can't attach a meaningful stack trace to the AggregateError
Promise.any rejects with, but we can augment the individual errors'
stack traces with Promise.any and the index of the corresponding
Promise in the input.
Bug: v8:9808
Change-Id: I7ba754c9b043594decaac8b3a23be74f05c3dffd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198983
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67778}
Add const Page iterators to Spaces, and add whichever const methods are
necessary for this to work. This and a couple more const methods allows
us to make Heap::Contains const.
Change-Id: I1b63a10575ccdb8a3979aef4fa63a97b288ff836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198975
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67776}
Fold distinct MUL and ADD (or SUB) instructions into a single MLA (or
MLS) instruction, mirroring what is being done for general purpose
registers.
SIMD wasm only uses the vectorized ADD and MUL instructions on quad
vectors (NEON Q), so only those cases are handled.
SIMD wasm only uses MUL by vectors, not by elements so there is no need
to check for an addition and shift reduction.
Change-Id: If07191dde9fb1dc37a5de27187800c15cc4325ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184239
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#67770}
This is a reland of 902f48bdda, fixed
to avoid lock inversion problems detected by TSan.
Original change's description:
> [wasm][debug] Fix tier down for multiple isolates
>
> If multiple isolates are using the same module, we need to keep it
> tiered down as long as any isolate still has a debugger open.
> Also, we cannot short-cut the {NativeModule::TierDown} method, since the
> previously triggered tier down might not have finished yet.
> For now, each isolate starts an independent tier down (i.e. a full
> recompilation). We could optimize this later by skipping functions that
> are already tiered down, or are already scheduled for tier down, but we
> still need to wait for tier-down to finish on each isolate.
>
> R=thibaudm@chromium.org
>
> Bug: v8:10359
> Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67716}
Bug: v8:10359
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Ie98cf073fc79e5c6991df6d4466de7b560274070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194451
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67754}
Changes:
- Implement subtyping for eqref.
- (Driveby) Declare more functions as constexpr in ValueType.
- Make minor changes needed to handle ref.eq.
- Write an elementary test.
Bug: v8:7748
Change-Id: I11d54227798ce56de70f3a6f83305b2f80b2f57f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193715
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67752}
This reverts commit 9d3cca1cd3.
Reason for revert: Only the test needs to be skipped on s390. Refer to this: https://crrev.com/c/1981505
Original change's description:
> s390: [arm] Add missing RELATIVE_CODE_TARGET iteration
>
> Port b766299d2c
> Port 9592b043ee
> Port d915b8d668
>
> Original Commit Message:
>
> Code object iteration was missing logic for RELATIVE_CODE_TARGET
> reloc entries. Garbage collection could thus miss objects that were
> referenced only as targets of pc-relative calls or jumps.
>
> RELATIVE_CODE_TARGETs are only used on arm, mips, and s390 and only
> at mksnapshot-time.
>
> This exposed another issue in that the interpreter entry trampoline
> copy we generate for profiling *did* contain relative calls in
> runtime-accessible code. This is a problem, since code space on arm is,
> by default, too large to be fully addressable through pc-relative
> calls. This CL thus also disables the related
> FLAG_interpreted_frames_native_stack feature on arm.
>
> objects.
>
> R=jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
>
> Change-Id: Ifbcaed98d90a2730f0d6a8a7d32c621dab1ff5b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2087693
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#66644}
TBR=michael_dawson@ca.ibm.com,mlippautz@chromium.org,jyan@ca.ibm.com,jgruber@chromium.org,joransiu@ca.ibm.com,miladfar@ca.ibm.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: Id645a9def23d278235ff77f25249d2187e8105ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196521
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67751}
This CL adds 2 new values to the EmbedderStackState enum with more
explicit names. The old values are updated as aliases to the new
values and marked as soon to be deprecated. This CL also moves the
enum to v8-platform.h so that it can be reused by cppgc.
Depracating individual values in an enum is supported by GCC only
since version 6. Thus new macros were needed for the deprecation
(which delegate to the existing macros when supported). GCC versions
older than 6 are still used by the CQ bots.
Bug: chromium:1056170
Change-Id: Id1ea73edfbbae282b0d8a3bb103dbbbf8ebd417e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188971
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67744}
This is a reland of 7f29c48ef6
After fixing TSAN failures in https://crrev.com/c/2192661 and https://crrev.com/c/2193712, this CL and be relanded without changes.
Original change's description:
> [heap] Remove sweeping state in incremental marking
>
> Remove the SWEEPING state from incremental marking. Sweeping is now
> always completed when starting incremental marking. Before this change
> there needed to be a safepoint each for starting marking and completing
> sweeping. Now both happens within a single safepoint.
>
> Bug: v8:10315
> Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67678}
Bug: v8:10315
Change-Id: Ic949d125e72c4d17fd427d08d4b6f9056721eee9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196182
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67741}
Prior to this CL we still implemented a HasProperty-GetProperty
sequence when accessing named captures in GetSubstitution. This was
briefly part of the spec (we also threw an exception when the property
was not present), but since late 2017 the GetProperty call has been
unconditional.
See https://tc39.es/ecma262/#sec-getsubstitution.
Bug: v8:10513
Change-Id: Id82c06958b0b0feffc6eede580b99ab8676a0dae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195821
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67733}
There's no need for them to be in NativeContext.
This CL moves the rest of the Promise-related SFIs.
Bug: v8:10482
Change-Id: I7eb926be14bf44fb3cd01cb96b4769eff1c2911b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190752
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67732}
As discussed under https://crrev.com/c/1981505,
Test requires an executable CODE_SPACE and is thus incompatible with
jitless mode.
Change-Id: Icddad50a3484f0cfc5fb4abd7175058d50bc06d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193911
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67726}
Same implementation as the one for x64 in https://crrev.com/c/2186630.
Bug: v8:10501
Change-Id: If2b6c0fdc649afba3449d9579452cf7047a55a54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188556
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67721}
This reverts commit 902f48bdda.
Reason for revert: Made TSAN unhappy: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/9480
Original change's description:
> [wasm][debug] Fix tier down for multiple isolates
>
> If multiple isolates are using the same module, we need to keep it
> tiered down as long as any isolate still has a debugger open.
> Also, we cannot short-cut the {NativeModule::TierDown} method, since the
> previously triggered tier down might not have finished yet.
> For now, each isolate starts an independent tier down (i.e. a full
> recompilation). We could optimize this later by skipping functions that
> are already tiered down, or are already scheduled for tier down, but we
> still need to wait for tier-down to finish on each isolate.
>
> R=thibaudm@chromium.org
>
> Bug: v8:10359
> Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67716}
TBR=clemensb@chromium.org,thibaudm@chromium.org
Change-Id: Ibf650e8b6143471b44f2822c1737e7de5f8bdb20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194372
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67720}
This CL is pretty mechanical; I just iterated through some Torque
classes making the following changes:
- Use @generateCppClass if it seems easy to
- Use @generatePrint if the existing printer doesn't do anything special
- Fix up any imprecise field types
It also includes two minor changes to implementation-visitor:
- Add a new -inl.h file with the things needed for
torque-generated/class-definitions-tq.cc so we don't need to keep
changing the compiler when we add @generateCppClass.
- Avoid emitting incorrect accessors for ExternalPointers. This isn't
strictly necessary for correctness, as the accessors defined in C++
already hide the ones inherited from generated code, but it makes me
feel safer.
Change-Id: I4d5a8ba6f86ebff57a0d147619212a3993b087c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185824
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#67719}
... when the element is read-only in one of the prototypes:
* the length should not be updated,
* in strict mode the store operation should throw TypeError.
Bug: chromium:1055138
Change-Id: I7fc08e22c83f8a9848053cfe20851dc1b82f0e3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172090
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67717}
If multiple isolates are using the same module, we need to keep it
tiered down as long as any isolate still has a debugger open.
Also, we cannot short-cut the {NativeModule::TierDown} method, since the
previously triggered tier down might not have finished yet.
For now, each isolate starts an independent tier down (i.e. a full
recompilation). We could optimize this later by skipping functions that
are already tiered down, or are already scheduled for tier down, but we
still need to wait for tier-down to finish on each isolate.
R=thibaudm@chromium.org
Bug: v8:10359
Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67716}
With bounds checks, null checks, and a test case.
Bug: v8:7748
Change-Id: I9e7d68ecd883bd0279f22d11c1dc73cc8716a4cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192659
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67714}
Scripts aren't callable functions. Even though internally they were for a
while, they aren't anymore. We shouldn't return them to users as if they were.
We already remove strict-mode functions from CallSites, so we now do the same
for internal functions that are created for scripts.
Bug: v8:10508
Change-Id: I270c714524439fba9ad90dd29826bed4811ba2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193716
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67709}
Passing an isolate to {RecompileNativeModule} feels wrong, since
compilation and the generated code are totally isolate-independent. In
fact, the isolate is only used for updating counters.
Instead of passing the counters instead, this CL just refactors the code
to support a nullptr for the counters everywhere (some code paths
already supported that). The few recompilation would not make a
significant difference in the histograms anyway, and even have the risk
of skewing the data.
Drive-by 1: Rename {TierUp} to {StartTierUp} and update comments.
Drive-by 2: Remove non-actionable TODO.
R=thibaudm@chromium.org
Bug: v8:10359
Change-Id: Ic027f939bbc55398b90784922130fe1fe5573b0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187638
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67708}
Implement the instruction ref.as_non_null, as per the wasm gc extension.
Changes:
- Add the respective wasm opcode, move some asmjs opcodes around.
- Add a new type of wasm trap, IllegalCast.
- Modify wasm decoding and compilation pipeline.
- Add a minimal test.
- In wasm-compiler, generalize Unreachable to Trap.
- Optimize struct.get and struct.set for non-null types.
Bug: v8:7748
Change-Id: If2f794306c7cbfabc06e4f64988132346085d6dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187616
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67705}
In the existing code we used a register of the UseScratchRegisterScope
for the destination address. However, this register is needed for the
ParallelRegisterMove as well. With this CL we use fixed registers for
the destination address and the offset as well. The CL also changes the
implementation of CalculateActualAddress to allow to set an explicit
register for the result.
R=clemensb@chromium.org
Bug: v8:10108, chromium:1079449
Change-Id: I39c11b9ffa5f3e937ce4820b9991482ad711b4b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192652
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67702}
This reverts commit 7f29c48ef6.
Reason for revert: Causing TSAN failures on test bots.
Original change's description:
> [heap] Remove sweeping state in incremental marking
>
> Remove the SWEEPING state from incremental marking. Sweeping is now
> always completed when starting incremental marking. Before this change
> there needed to be a safepoint each for starting marking and completing
> sweeping. Now both happens within a single safepoint.
>
> Bug: v8:10315
> Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67678}
TBR=ulan@chromium.org,dinfuehr@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:10315
Change-Id: I5e76990155cf7aeee3ecefe5e37f9028cb188a00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192658
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67699}
Also, rename the WASM_COMPILED frame type to just WASM.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I71f16f41a69f8b0295ba34bd7d7fad71729546f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67698}
This reverts commit 8374feed55.
Reason for revert: Breaking mjsunit/global-hash under the stress_snapshot variant, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20fyi/12560
Original change's description:
> [snapshot] rehash JSMap and JSSet during deserialization
>
> To rehash JSMap and JSSet, we simply replace the backing store
> with a new one created with the new hash.
>
> Bug: v8:9187
> Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67663}
TBR=cbruni@chromium.org,jgruber@chromium.org,verwaest@chromium.org,joyee@igalia.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9187
Change-Id: I4a89768c031cd3971eefd9f88528ddd52e1284c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192657
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67696}
This CL adds use counters, as well as the callbacks needed to
register usage during the SIMD origin trial.
Change-Id: I35b7f48277b519b72136f86cf03508adbaa069b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2189334
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67690}
All wasm code is compiled now. Hence merge the
{WasmCompiledFrameSummary} into {WasmFrameSummary} and remove the
dispatch. Also, rename {IsWasmCompiled} to {IsWasm} and {AsWasmCompiled}
to {AsWasm}.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I33e413c7d0fa622249563091925b29631472b40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187170
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67689}
This patch implements f32x4.pmin, f32x4.pmax, f64x2.pmin, and f64x2.pmax
for x64 and interpreter.
Pseudo-min and Pseudo-max instructions were proposed in
https://github.com/WebAssembly/simd/pull/122. These instructions
exactly match std::min and std::max in C++ STL, and thus have different
semantics from the existing min and max.
The instruction-selector for x64 switches the operands around, because
it allows for defining the dst to be same as first (really the second
input node), allowing better codegen.
For example, b = f32x4.pmin(a, b) directly maps to vminps(b, b, a) or
minps(b, a), as long as we can define dst == b, and switching the
instruction operands around allows us to do that.
Bug: v8:10501
Change-Id: I06f983fc1764caf673e600ac91d9c0ac5166e17e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2186630
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67688}
The visitor was removing pages while at the same time iterating them on
NormalPagedSpace.
Removing all pages at once is safe and should also be faster.
Bug: chromium:1056170
Change-Id: I56eedf6f09498f126cb09238e01962b48e75b657
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190427
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67687}
This changes the existing implementation that creates an unresolved reference for those cases to look at exactly what scopes are relevant so it can correctly handle catch scopes and avoid re-resolving later.
Variable through with aren't marked as assigning since this information isn't relevant for the with itself; and if the with is passed through, there's no need to mark the outer variable as assigned since it's either initialized or it isn't.
The catch variable is assigned since it is relevant for the catch variable.
The CL uses LookupLocal which wouldn't work for deserialized scopes, but this isn't relevant because 1) eval scopes are declaration scopes, and 2) eval causes all outer variables to be maybe_assigned anyway.
Bug: chromium:1074737
Change-Id: I3febca479ddd1f3c62eae299190b06c0b4cd3746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187272
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67683}
... via a comment in the API and a CHECK in
Isolate::RunHostInitializeImportMetaObjectCallback.
Also restructure things a little bit such that
this function really just runs the callback and
doesn't deal with module internals. Memoization
now happens in the SourceTextModule class.
Bug: v8:7044
Change-Id: I5b850ae629c3638c4b30dfdeaa996642a33d14dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190413
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67682}
Remove the SWEEPING state from incremental marking. Sweeping is now
always completed when starting incremental marking. Before this change
there needed to be a safepoint each for starting marking and completing
sweeping. Now both happens within a single safepoint.
Bug: v8:10315
Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67678}
Background threads can now start incremental marking when necessary. In
contrast to the main thread they always need to schedule a job and can't
start incremental marking right away. Background threads also use a
simpler heuristic for deciding whether to start incremental marking.
Bug: v8:10315
Change-Id: I2b94e8273c8be860157fe9670797048ed1c5c3da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184149
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67675}
This reverts commit 6204768bab.
Reason for revert: A number of Clusterfuzz reports (e.g. https://bugs.chromium.org/p/chromium/issues/detail?id=1079474)
Original change's description:
> [turbofan] Improve equality on NumberOrOddball
>
> This CL cleans up CompareOperationFeedback by replacing it with a
> composable set of flags. The interpreter is changed to collect
> more specific feedback for abstract equality, especially if oddballs
> are involved.
>
> TurboFan is changed to construct SpeculativeNumberEqual operator
> instead of the generic JSEqual in many more cases. This change has
> shown a local speedup of a factor of 3-10, because the specific
> operator is way faster than calling into the generic builtin, but
> it also enables additional optimizations, further improving
> runtime performance.
>
> Bug: v8:5660
> Change-Id: I856752caa707e9a4f742c6e7a9c75552fb431d28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162854
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67645}
TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org,nicohartmann@chromium.org
Change-Id: I3410310ed2b1ff2eaee70c1b91c3151d35866108
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5660
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190414
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67673}
along with WASM_ARRAY_TYPE, a WasmArray class, and a very basic
test.
Bug: v8:7748
Change-Id: I1ad4ff78e428972be52130cc179a91c76fcdbdc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185136
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67671}
This patch provides infrastructure to pin object types to specific
spaces. This allows embedders to create mutual exclusive arenas for
certain (base) types. In future, this will also be used to provide
sliding-window compaction on certain custom spaces.
We mainly preserve the existing infrastructure with the difference
that spaces are now slightly more dynamic than in Blink as they are
kept in a vector instead of a fixed-size array.
The mechanism differs from Blink in that it does not allow the user
object to call allocation methods directly but instead provides a
trait that can be overridden to specify a custom space.
The patch preserves templatization for objects that do not go into
custom spaces to safe a branch in the allocation hot path.
Change-Id: I08aa6932348e2d6258e19c4a32d189865f459f02
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187611
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67666}
To rehash JSMap and JSSet, we simply replace the backing store
with a new one created with the new hash.
Bug: v8:9187
Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67663}
Implement conversion of an i8x16 node to a f32x4 node.
Bug: v8:10507
Change-Id: Ifefffb779dbf25b57eae278afe41c11b41c949ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185472
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67659}
Move them all into wasm-macro-gen.h, other opcodes have their macros
there as well. This will make reusing these macros easier when we have
other test files for SIMD. (An upcoming one is for scalar lowering
tests.)
Change-Id: I6c21100ce490abbc26f80a0d204815687fd62f00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185471
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67658}
The code generated by TurboFan was incorrect when comparing to
non-oddball undetectables using abstract equality. In particular,
%GetUndetectable() == %GetUndetectable() did not return false.
Bug: chromium:1051008
Change-Id: Ib62adc72a20aa6cca9ef6499d5fe7429f04623cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187498
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67647}
This CL cleans up CompareOperationFeedback by replacing it with a
composable set of flags. The interpreter is changed to collect
more specific feedback for abstract equality, especially if oddballs
are involved.
TurboFan is changed to construct SpeculativeNumberEqual operator
instead of the generic JSEqual in many more cases. This change has
shown a local speedup of a factor of 3-10, because the specific
operator is way faster than calling into the generic builtin, but
it also enables additional optimizations, further improving
runtime performance.
Bug: v8:5660
Change-Id: I856752caa707e9a4f742c6e7a9c75552fb431d28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162854
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67645}
This CL introduces:
- Worklist
- MarkingHandler to manage gc marking phase
- Integration into CollectGarbage for atomic pause GC
- MarkingVisitor for main thread marking
Still missing from this CL:
- Proper handling for stack scanning
- Handling of previously not fully constructed objects
Bug: chromium:1056170
Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67642}
Currently WebAssembly breakpoint information survive disabling and
re-enabling the debugger. This is different from JavaScript, where
they are all removed. The frontend is expected to re-set the
breakpoint then.
Thus this CL remembers all wasm scripts where breakpoints have been set
in the Debug object, and clears them all when the debugger gets
disabled.
R=bmeurer@chromium.org
Bug: v8:10403
Change-Id: I5f8a8f3123727c954921920897ee7bf3b73f0ae8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184969
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67639}
After sorting the work array but before writing the values back into
the actual receiver, we have an accessor check. This accessor check
needs to be stricter, in order to catch Array prototype protector
cell invalidations.
R=jgruber@chromium.org
Bug: chromium:1077508
Change-Id: I3c3bd4711f9019f9d4423701724319eee9d800a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187171
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67638}
Returned LABs can be of size less than sizeof(FreeListEntry).
Bug: chromium:1056170
Change-Id: Ib4094701472ce7cb5ee20b9fe632651570832dc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183051
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67635}
Destructors are allowed to allocate without triggering recursive
garbage collections.
This changes NoGCScope to provide a soft-bailout for garbage
collections to avoid introducing yet another scope.
Bug: chromium:1056170
Change-Id: I0fe51a21977ae954221b6b64b2f6e938ff6d3264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185131
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67632}
Adds a public method that embedders can use to trigger garbage
collections. Such garbage collections are always required to have a
source and reason specifying which components calls it why.
Change-Id: I6ae983f99227febc1b7f0dd15c191d5b1eaaf3f3
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181332
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67631}
RunSingleMicrotask calls Runtime::ReportMessage, but the implementation
of ReportMessage would unconditionally discard these exceptions. This
CL removes all of the intermediate logic and directly calls
MessageHandler::ReportMessage, restoring the ability of
RunSingleMicrotask to report exceptions that occur in microtasks.
Bug: v8:8326
Change-Id: I493de74383b2ab191d786611fb9eba9d27e7a243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162121
Commit-Queue: Gus Caplan <me@gus.host>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67630}
On the PredictablePlatform, worker tasks were executed immediately
instead of posting them in a task queue first. This approach caused
problems because the execution of the worker task blocked progress of
the posting task, and the worker task was always executed in the
context of the posting task, e.g. with an already open HandleScope.
With this CL, worker tasks get posted into the foreground task queue
of the nullptr isolate instead of executing them immediately.
The tasks of the nullptr isolate are then executed after a task of
some other task queue is executed. As the worker tasks are thereby
executed on the same thread as foreground tasks, the behavior is
deterministic.
A consequence of this approach is that each pumping the message loop
of an Isolate may also execute other Isolate's background tasks.
This approach is needed because we don't have a BackgroundTaskRunner but
merely a CallOnWorkerThread method that doesn't know which Isolate the
task corresponds to.
R=clemensb@chromium.org, mlippautz@chromium.org
Bug: v8:9670
Change-Id: I6847ae042146431bc2376d27280be8829f529b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182453
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67616}
Motivation:
There were three versions of type decoding for wasm in the codebase.
Not all of them decoded gc types with immediates (reference types)
correctly.
Changes:
- Refactor the wasm binary decoder for unify type decoding.
- Update BranchTypeImmediate and SelectTypeImmediate to handle
reference types.
Reference: https://github.com/WebAssembly/gcR=jkummerow@chromium.org
Bug: v8:7748
Change-Id: I33b38c911d366570ca6ef2723ded5205698e1979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179003
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67614}
When the input to a speculative BigInt operation was an undefined
constant, no necessary type check was inserted by the
RepresentationChanger. This CL fixes this.
Bug: chromium:1077804
Change-Id: I3d4e15b1e018803d56e46c7b23b9d4b03832ba8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182455
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67610}
Move rewriting, scope analysis, and internalization, to be unconditional
operations done after parsing rather than a separate compile phase. This
removes some of the complexity about rememberering when to call
Compiler::Analyze, and makes these paths a bit more uniform.
Also, forbid allocating any more AST strings after AstValueFactory
internalization, by nulling out the Zone. Add an InternalizePartial
method which doesn't null out the zone for those cases where we do want
to be able to allocate after internalizing (e.g. internalization before
scope analysis).
Change-Id: Id444246d8362a1d169baf664fc37657d9576fd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182458
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67608}
Upon deserialization, serialized references to the global proxy are
replaced by the actual global proxy object. We must do the same for
the global proxy map.
Drive-by: Updated other outdated test skips.
Bug: v8:10504,v8:10416
Change-Id: Ib47ae2d08bbea2ca916f53152e9d4f75bb0a0e15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183913
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67596}
Fully remove the successor blocks when effect-control-linearization
reaches an unreachable node and is maintaining the schedule. Previously
we just updated the current_block_'s successor and removed any
unreachable predecessors from end, however if the current_block_ is not
an original block in the schedule, but a new one added due to control
flow from effect control linearization lowering, the removed successor
blocks could still be re-connected to the end block when they were
lowered. Instead, entirely remove these unreachable blocks from the
predecessor / successor chains, and have the effect-control-linearizer
avoid lowering these blocks entirely.
BUG=chromium:1076569,v8:9684
Change-Id: I4b4216019d55aef5363d88255726b85df8e7ada5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179842
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67595}
This CL implements all variants of CompareExchange on arm.
Implementing 64-bit CompareExchange on arm requires a lot of registers,
with the additional constraint that the low-word register of new_value
and result have to have an even register code, and that the corresponding
high-word registers have a register code that is by one higher than the
register code of the low-word register.
This register allocation is achieved by assigning fixed registers to
all values.
R=clemensb@chromium.org, v8-arm-ports@googlegroups.com
Bug: v8:10108
Change-Id: I2edfde15e80db0d45621a461793018d88e997431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172791
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67592}
The serializer currently cannot handle a heap state containing
arbitrary compiled Code objects. As a quick fix for the
--stress-snapshot d8 flag, we clear compiled data from the isolate
prior to the serialize-deserialize-verify pass.
With this change, mjsunit tests pass on x64.
The %SerializeDeserializeNow() runtime function would require more
work, since it is not possible to mutate the heap to this extent while
still preserving a runnable host context and isolate. We will need
another solution there.
Drive-by: Skip the stress_snapshot variant except for the mjsunit
suite.
Tbr: machenbach@chromium.org
Bug: v8:10493,v8:10416
Change-Id: Ie110da8b51613fcd69c7f391d3cf8589d6b04dd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182429
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67585}
The isolate snapshot must not contain context-dependent objects, thus
root visitation must not reach context-dependent objects. This CL
sanitizes the isolate around serialization by clearing & later
restoring two lists: 1. feedback vectors for profiling tools, 2.
detached contexts.
Drive-by: Set an array buffer allocator for
SerializeDeserializeAndVerify.
Drive-by: Allow serialization of *another* native context when
serializing a native context.
Bug: v8:10416,v8:10493
Change-Id: I1c49bda364eccd6d44f9499a9926f4bcd31f665d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179008
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67584}
