The {wasm_kind} is completely unused, thus remove it before fixing a
wrong {CodeKind} for wasm-to-js functions.
R=mslekova@chromium.org
Bug: chromium:1254674
Change-Id: Ie3d260a7664d9a390d7edc49c2bf0692c8d798d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3202000
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77235}
The Merge node for merging exceptions into the catch environment had
type kWord32, which is not a reference type. Because of this the GC does
not visit it and can collect it too early. Change the type to
kTaggedPointer.
Also change the type of ExceptionLocation() from IntPtr to TaggedPointer
for consistency. This one does not affect correctness because the
IfException node is already marked as tagged.
R=clemensb@chromium.org
Bug: v8:12254
Change-Id: I190d48b85f4b889ab083228b8fcedd439090e1de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201994
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77232}
Do not require the --verify-heap flag to test aborting evacuation of a
page but randomly abort evacuation in debug builds with
--stress-compaction. This is intended to increase test coverage of this
mechanism.
Bug: v8:12251
Change-Id: I6cd08904ee195dbf2a1ef1e9c2c773c514c2cf7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201999
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77230}
This is a reland of 4fb3eae7af
crrev.com/c/3202002 fixed the Chromium build issue.
Original change's description:
> Turn on v8_enable_virtual_memory_cage for Chromium builds
>
> This CL enables the virtual memory cage at compile time by default for
> Chromium builds on x64 and arm64. However, the cage will only be used at
> runtime if the correpsonding Chromium feature is enabled as well.
>
> Bug: chromium:1218005
> Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77212}
Bug: chromium:1218005
Change-Id: I32b1a4088ca44827ca4f76b5d19b8138875bfc97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204950
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77229}
These are used by unittests which can be compiled as a separate binary
that links againt libv8.
Bug: chromium:1218005
Change-Id: Ibb29c4fa104be61fc26cbd6c1b349d74d74c50a6
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3202002
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77228}
Port a partial revert of https://crrev.com/c/3189512. The comments are
kept around to document what each flag does.
Fixed: chromium:1255096
Change-Id: I8758a536a6f77826b0eb4918d7d8c85b772d9394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3203004
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77227}
This reverts commit 4fb3eae7af.
Reason for revert: Fails to link on chromium, blocking the roll: https://cr-buildbucket.appspot.com/build/8834293599516974577
Original change's description:
> Turn on v8_enable_virtual_memory_cage for Chromium builds
>
> This CL enables the virtual memory cage at compile time by default for
> Chromium builds on x64 and arm64. However, the cage will only be used at
> runtime if the correpsonding Chromium feature is enabled as well.
>
> Bug: chromium:1218005
> Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77212}
Bug: chromium:1218005
Change-Id: Id17946641b7b4e0d377d4e211aab929bb39ec341
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201998
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77220}
This reenables a test which is passing, independent of missing
accounting for shared memory. This is because we repeatedly trigger a GC
explicitly in all workers.
R=dinfuehr@chromium.org
Bug: v8:12278
Change-Id: I73d1513d809787284af0be4956018806719acd50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201995
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77219}
The field in JSFunction uses acquire-release semantics, therefore
the read is store-ordered.
Bug: v8:7790, v8:12282
Change-Id: Ic6e9d02e7aca1ca68c74502c3afed6eb6e964975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201992
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77218}
This CL allows aborting of compaction on a page based on an Address
instead of a HeapObject.
Bug: v8:12251
Change-Id: Ib928ace9aa24a0ff1ab5f44026d5b287f7cdcdb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199881
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77216}
This is needed in case of 'let', where OpcodeLength transitively calls
{read_value_type()}.
Bug: v8:9495
Change-Id: I8aebffabc7ba1c47418d363dc9257f132fac33df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200074
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77215}
1. In ElementAccessFeedback::HasOnlyStringMaps - we can assume
the map is safe to read because it was read earlier from the
feedback vector and passed the gc predicate then.
2. In JSHeapBroker::GetPropertyAccessInfo - we can assume that the
feedback vector in a FeedbackSource is store-ordered/safe to read.
Bug: v8:7790, v8:12282
Change-Id: Ie09acdfaac3d5e767ffe74e4bad941d4eeb47f9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200082
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77213}
This CL enables the virtual memory cage at compile time by default for
Chromium builds on x64 and arm64. However, the cage will only be used at
runtime if the correpsonding Chromium feature is enabled as well.
Bug: chromium:1218005
Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77212}
Trying to optimize in such case breaks down the optimization, as we
end up with potentially non-eliminatable nodes that depend on the dead
IfTrue/IfFalse node.
Drive-by: Clean up dead nodes with {Kill()}.
Bug: v8:11510, chromium:1255354
Change-Id: Ia89fe6c243974c3c2abac6ad80bd4677a935f637
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200073
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77211}
Since we are reading an Object field, it could be that the gc
predicate fails. Therefore, this CL changes to TryMakeRef, and
makes the return value of length_unsafe() optional.
Bug: v8:7790, v8:12282
Change-Id: I86a8bcc6649d5e8121e52f8947b8331fcf242887
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200078
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77209}
The checks for assignemnts to member during prefinalizers assumed the
slot has to live. It was assumed that if a slot is dead then we would
not be updating it.
Prefinalizers are allowed to touch dead objects and thus are techincally
allowed to write to dead slots. Such writes are usually redundant (the
object will be swept soon anyway) but are not always easy to get rid of.
Bug: chromium:1255152, v8:11749
Change-Id: I57e143abd53d434c3198616909c506eb70d8944b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199800
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77208}
MapRef::GetConstructor and GetBackPointer are immutable after
initialization.
Bug: v8:7790, v8:12282
Change-Id: I1059aabdd85a08af5f6d570a2eee206bda4f7ac3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200076
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77206}
Since the WasmStackGuard build-in is not kNoThrow, it needs to be
inserted in the control chain between the IfFalse and Merge nodes of the
stack check.
Change-Id: I5ad1c4f01e079c0c9079ea129f8e3363ade80217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199798
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77205}
When scanning for capture groups, we have to consider the case that the
current state is inside a character class. In that case skip everything
until the end of the current character class. Otherwise we would wrongly
count open brackets inside the character class as start of a capture
group.
Bug: chromium:1254704
Change-Id: I91d2177c464f7e507413d96216fe570253f17676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199871
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77204}
There is a demand of access to %Array.prototype% in Blink in
order to implement Web IDL observable array type.
Bug: chromium:1201744
Change-Id: I31ca5cd746f3a2eab8bd291741408a1dea17c122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3194025
Auto-Submit: Yuki Shiino <yukishiino@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77200}
This CL adds support for handling calls to C functions with arbitrary
signatures on native arm64. It introduces a new ExternalReference type
FAST_C_CALL.
The CL also splits the 10 bits used by kArchCallCFunction instruction to
store the total number of parameters into two 5-bit values, representing
the number of general purpose and floating point parameters.
Design doc:
https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
This CL is partially based on the previous attempt:
https://chromium-review.googlesource.com/c/v8/v8/+/2343072
Bug: chromium:1052746
Change-Id: Ib508626d57da26ec3c9186ee8fc46356e3c87f3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3182232
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77198}
If processing the marking worklists found new ephemeron pairs, but
processing the existing ephemeron pairs didn't mark new objects, marking
would stop and the newly discovered ephemeron pairs would not be
processed. This can lead to a marked key with an unmarked value.
Bug: chromium:1252878
Change-Id: I0f158f6f64490f1f06961520b4ba57fa204bd867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199872
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77197}
This is mostly just whitespace tweaks, plus removing a redundant
public access specifier.
Bug: v8:7793
Change-Id: Ic8b3efe4f707108d29dc2dfd55c46d9a47c48058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3199603
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77195}
It's not always easy to spot what exact configuration of V8 is run
within embedders. With --print-flag-values we can easily compare
different configurations.
Drive-by-fix:
- Use new FlagValue and FlagName helpers for printing
- Remove unused FlagList::argv helper
Change-Id: Ic8a25479d7b1e72f714b22ae7d2e56e06e810556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197713
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77189}
When we generate identical signatures in the fuzzer,
we generate one function for each of the copies.
However, when these functions are added to WasmModulBuilder,
all will be assigned the same signature index.
Therefore, when ref.func tries to find a function corresponding
to a signature index, it will fail, despite a matching signature
existing in the module.
This CL fixes this issue by looking up functions by signature
over signature index.
Bug: v8:11954, chromium:1254387
Change-Id: Iac8d5444d4914d993da63d0630ca4d95e671630c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3197711
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#77187}
