DataView constructor, DataView.prototype.byteLength
and DataView.prototype.byteOffset should throw
TypeError when the buffer was detached.
Both SpiderMonkey and JSC passed the test262 suites.
Bug: v8:12162
Change-Id: I126d24213c00e4d26540519bce9b5388862eb32c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140015
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76818}
We introduce the WasmInliningHeuristics virtual class and implement it
with a trivial heuristics that inlines direct calls based on callee
index only. Other, more meaningful heuristics will be introduced later.
Bug: v8:12166
Change-Id: I74fd8f61e0c97b975827fa062629e9ff7463e058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157952
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76816}
1) Code in JSCallReducer read a FeedbackCell twice and expected the
result to be the same.
2) JSInliningHeuristics, in the CheckClosure case, assumed that the
FeedbackCell contains a FeedbackVector.
Bug: chromium:1248743, v8:7790
Change-Id: I66d6dd5f7a879c2479572e1896dd78aeedd2fa27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160200
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76815}
The previous setup of the test was suboptimal and could easily hide
bugs. Since the whole test body was wrapped in an ASSERT_DEATH call
(without checking any message of the crash), any CHECK failure inside
the test body would make the test pass.
This CL leverages the fact that in our setup the "death test style" is
set to "threadsafe" anyway, so the process that is forked for the death
test just runs the whole test body including the single death test of
interest, and the parent checks that it indeed crashes. This allows us
to undo our previous setup and just include death test assertions
regularly in the test body. By checking that the child process fails
exactly between two print statements (around the write access) we ensure
that we observe the crash we intend to observe.
R=jkummerow@chromium.org
CC=mpdenton@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Change-Id: I293079ae2dbcbe154bef91314ed08cab567f4d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151965
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76814}
CopyChars takes a count parameter, not an end parameter, so we can save
some subtractions by passing in the count to WriteToFlat. Most of the
time the start,end arguments into WriteToFlat are 0,length anyway, so
this doesn't change a lot of places.
Change-Id: I9587c7afce529218a16b728c0477b87569df8e21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157947
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76813}
This is a reland of deb66c84c0
Added missing cctest.status entries to disable the tests on
non-simd hardware.
Original change's description:
> [wasm] Add tests for NaN detection in Liftoff
>
> Check that the flag is also set if only one of the lanes is NaN for SIMD
> operations.
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76801}
Bug: v8:11856
Change-Id: If45451703d80fe217eac8c610dac022dc778436f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158329
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76812}
The struct is reused across various GC cycles and std::move() may leave
the vector in valid but unspecified state.
Change-Id: I3c40795be7397d015b96116d3549953024b98808
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160197
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76811}
Rolling v8/build: 38820a5..f16814b
Rolling v8/third_party/aemu-linux-x64: _MqlabIiZ-51x79A36MyMSHmpsXJ6kjMY-4BqteuKPoC..FqiWusPGPs0zkuCyCSj2axBNOhCaD117fjIbnnj6h8kC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7a4741c..53aef64
Rolling v8/third_party/depot_tools: 8f09549..984ce94
Rolling v8/third_party/instrumented_libraries: 20795c9..cb29f9c
Rolling v8/tools/luci-go: git_revision:7b62727dc713b47d7a7ce9bca27500cb8e82ebd7..git_revision:4a0f3da2840eaa5341470174b57047313e074ecd
Rolling v8/tools/luci-go: git_revision:7b62727dc713b47d7a7ce9bca27500cb8e82ebd7..git_revision:4a0f3da2840eaa5341470174b57047313e074ecd
Rolling v8/tools/luci-go: git_revision:7b62727dc713b47d7a7ce9bca27500cb8e82ebd7..git_revision:4a0f3da2840eaa5341470174b57047313e074ecd
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Idfa651e9a56ed67f7d95647903f1b29f4e4e7c97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3159602
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76808}
If load imm32 using auipc/lui, for example load 0x7FFFFBF9, we should ensure imm32 + 0x800 is int32
Bug: v8:12171
Change-Id: I605ae9cad0b67cfd68d727ebdb3bcefea21904fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3141264
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76807}
We move the implementation in Liftoff (which is the most general and
handles AVX/SSE and also register aliasing) into shared-macro-assembler.
Also consolidate SSE/AVX for ia32.
No functionality change is expected.
Bug: v8:11589
Bug: v8:11217
Change-Id: I64cc71791f04332dd3505055f4672430c2daf5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3131373
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76805}
Bug introduced In crrev.com/c/3150138.
Fixed: v8:12220
Change-Id: I5cae11fdd43dc47dad0c8bf55daa6b925b629da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158543
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76804}
Move this from macro-assembler-x64 to shared-macro-assembler, and use
this implementation for ia32 (TurboFan and Liftoff).
Bug: v8:11589
Change-Id: If851560c8db1293924ca024725609c399c553a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124099
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76803}
This reverts commit deb66c84c0.
Reason for revert: Fails in no-sse config: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/36712
Original change's description:
> [wasm] Add tests for NaN detection in Liftoff
>
> Check that the flag is also set if only one of the lanes is NaN for SIMD
> operations.
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76801}
Bug: v8:11856
Change-Id: I16c50b3d0c1831a6d61159bdcf29610fd5aed8a4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158328
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76802}
Check that the flag is also set if only one of the lanes is NaN for SIMD
operations.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76801}
Lu Yahan is a key contributor to the RISC-V target and I would like to
add him to the owners list so that he can approve changes in Gerrit.
Change-Id: I017fb2ef20320887959e9830fb63e05df121c7b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3145370
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/main@{#76800}
Also a couple of microoptimizations and consistent formatting in
WriteToFlat.
Change-Id: Ie642a4b8e0819b04603ee5c5d12eebccf6a2d59c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151963
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76799}
This fixes the order of declaring class members for LiftoffCompiler,
LiftoffAssembler, LiftoffRegister, and LiftoffRegList.
The recommended order according to the style guide is: types, constants,
constructors, other members, data members.
R=thibaudm@chromium.org
Bug: v8:11879
Change-Id: I5c550ed11ed0169f07477b6a1723053316374707
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157960
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76798}
This unblocks https://crrev.com/c/3099011 by speeding up the case for
the DebugPropertyIterator where only non-indexed properties (for large
arrays or typed arrays) are requested. Previously we'd walk through all
properties - including all indexed properties - and only filter out the
indexed properties in the end in `ValueMirror::getProperties()`.
Bug: chromium:1199701, chromium:1162229
Change-Id: I2555e3129fef29da347314eee400ea97ebf5e5b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114135
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76796}
The refactoring is triggered by https://crrev.com/c/3121905 where we
noticed that a bunch of tricky counter paths could be simplified,
making reasoning about corectness easier.
In this CL:
1. Use uniqe_ptr instead of Optional to allow moving SweepingJob away
from the header file.
2. sweeping_in_progress_ is replaced with simply checking for a job.
3. freed_bytes_ are moved to the job and the dependency is reversed,
avoiding the inside-out (Job->Sweeper) dependency completely.
4. Merge() and counter updates are merged into a Finalize() method.
5. FinishIfDone() allows for conditional finization.
6. young_bytes_ and old_bytes_ are removed as they were always updated
when the corresponding bytes in the ArrayBufferList was updated.
Change-Id: I56e5b04087166ce03d3a9195ac48359122a84c73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124776
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76795}
In riscv64, pc-relatice call need meet IsInt32(offset + 0x800), so max pcrelatice code range is 4094MB.
Change-Id: Id3481483eb3131b5c08f22bde08206ee30cc25db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3156585
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76794}
No asymptotic improvements, and none are planned either.
Minor speedups (25-50%) through reduced overhead: accessing Digits
is faster than working with Handle<BigInt>, and this implementation
avoids allocating intermediate results.
Bug: v8:11515
Change-Id: I2aab2b1c5c9cbb910800161b8514c497daf2b587
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3149453
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76793}
The "unreachable" state is usually reset in the first catch block.
Ensure that this is done for catchless tries too.
R=clemensb@chromium.org
Bug: chromium:1246712
Change-Id: If746a3fe3158b0bac4b9b02e4978ca444f8ce427
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157949
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76791}
The bug was introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/3147910 : We only
want the fast path when "start" is either missing or the number 0, not
when it's something which converts to 0.
Bug: chromium:1248704
Change-Id: I72bb8fa8a9b90a13aae216c6a8e16e7be54285fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157948
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76789}
This is a follow-up on https://crrev.com/c/3131374 to support more
instructions, float32 sqrt, cmp, round, float64 cmp.
Rename the opcodes since they are no longer SSE specific.
Bug: v8:12148
Change-Id: Ie5f74bc1b4510092cbfbcb7e420ef82cb1c39a14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3154983
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76777}
In https://crrev.com/c/3131374 we switched some instructions to use
macro-assembler functions which can handle AVX and SSE. However for
Cvtsi2ss and Cvtsi2sd, the behavior subtly changed. The old behavior
directly called cvtsi2ss/cvtsi2sd in the code-generator. The new
behavior used the macro-assembler functions, which xor the dst operand.
This led to more instructions and larger code size in some benchmarks.
The xor is supposed to help reduce dependence chain length (see comments
on Cvtsi2ss), but doesn't seem to have helped in this benchmark.
So, partially revert the changes, and rename all affected IA32 opcodes
back to SSE.
Bug: chromium:1248509
Change-Id: Ie700e2980fe9ed083c1160bda3a28f64e1e43041
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3154349
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76775}
Move some AVX_OP into shared macro-assembler, for reuse by ia32 in
future patches.
Movlhps is also unused in x64, so remove it.
Drive-by cleanup to use macro assembler helper Move to move 128-bit
const into a XMMRegister.
The change in liftoff-assembler-x64 is required because now the
macro-assembler functions are defined in the base class, so even though
we can use &TurboAssembler::Pcmpeqd to refer to that member function,
it actually resolves to &SharedTurboAssembler::Pcmpeqd.
Bug: v8:11589
Change-Id: Ie8f6a4dfd95b41192936f6e6be48c683042acec4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3150138
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76772}
The {CountClearHalfWords} method is called whenever loading a constant
into a register. It showed up with >0.5% in Liftoff compilation
profiles. This CL refactors the method to return the number of *set*
halfwords instead of *cleared* halfwords and avoids the loop in the
implementation. This makes the method roughly twice as fast, and makes
the code more readable.
R=zhin@chromium.org
Bug: v8:11879
Change-Id: I7da8160b3c045e5fc1e97fc0e575083b3920cb5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151962
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76771}
If background threads are tiering up, they could temporarily make code
writable (if using the mprotect based approach). This would make our
death tests fail (i.e. not crash).
This CL fixes that by repeatedly writing in that case. Eventually, the
code should be protected again, and then we would crash. Failure to
crash would manifest as a timeout of the tests.
R=jkummerow@chromium.org
CC=mpdenton@chromium.org
Bug: v8:11974
Change-Id: Ibe34af499da9b964ad260d58e9b4e390007898e9
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151959
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76770}
We already have some logic to try to get a reasonable name for the
function when logging code. It looks up the name custom section, and
falls back to the function index. Extract this into a helper, and call
it when disassembly the code.
Bug: v8:12098
Change-Id: Ieebe6594bc3184fa655f878faa0cb67c248d7f56
Fixed: v8:12098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3125355
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76769}
