Commit Graph

59051 Commits

Author SHA1 Message Date
Frank Tang
c987cf88fc [Temporal] Implement getters forwarding to calendar
Bug: v8:11544
Change-Id: I1a942badc31c0428e8eb07b7e2884f0aab803676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3373930
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78713}
2022-01-21 05:15:48 +00:00
Dominik Inführ
116ca00f20 [execution] Move v8::Locker::WasEverUsed() flag into Isolate
So far this flag was process-global, so if one isolate used v8::Locker
all isolates were forced to use v8::Locker. With the shared isolate
now being a thing that routinely gets migrated between different
threads, all users of the shared isolate would be forced to use
v8::Locker. So we now store that flag on the isolate such that using
v8::Locker for the shared isolate does not affect other isolates.

Deprecate v8::Locker::WasEverUsed() at the same time.

Bug: v8:11708
Change-Id: I60531f084cc1b1b113620c46f5bed20511f52c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401595
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78712}
2022-01-20 19:08:49 +00:00
Junliang Yan
065d2ee263 s390x: [baseline] Add scratch register to avoid overflow
Change-Id: I0d72b9c72e3a2244409dee6f4694c92ecb3d41b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3403043
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78710}
2022-01-20 18:29:59 +00:00
Junliang Yan
9cba145a41 s390x: [baseline] update JumpHelper
Change-Id: I6e20fa4ae24db6b799d854aef2ef98e7a8e1e552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3403041
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78709}
2022-01-20 18:09:19 +00:00
Samuel Groß
4a3e41c5ca [sandbox] Implement GC for the external pointer table
The external pointer table is now managed by the GC, which marks entries
that are alive during major GC, then sweeps the table afterwards to free
all dead entries and build a free list from them. For now, only major GCs
are supported, Scavenger GCs do not interact with the external pointer table.

In more detail, garbage collection of the external pointer table works
as follows:

1. The external pointer table now reserves a large region of virtual
   address space for its backing buffer and is then never reallocated,
   only grown in place until the maximum size is reached.
2. When the GC's marking visitor marks a HeapObject with an external
   pointer as alive, it also marks the corresponding external pointer
   table entry as alive. This can happen on a background thread.
3. For that, it uses the MSB of each entry in the table to indicate
   whether the entry has been marked or not. This works because the MSB
   is always cleared during the AND-based type check performed when
   accessing an external pointer.
4. After marking, the external pointer table is swept while the mutator
   is stopped. This builds an inline, singly-linked freelist of all
   newly-dead and previously-free entries.
5. When allocating an entry from the table, the first entry on the
   freelist is used. If the freelist is empty, the table grows,
   populating the freelist with the new entries.
6. Every newly-allocated entry is marked as alive, and every store to an
   existing entry also automatically marks that entry as alive (by also
   setting the MSB). This simplifies the design of the table GC with
   regards to concurrency (See ExternalPointerTable::Mark).

Bug: v8:10391
Change-Id: I8877fdf5576af3761bde65298951bb09e601bd14
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359625
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78708}
2022-01-20 17:39:49 +00:00
Nico Hartmann
362e265d4c Revert "[Torque] Generalize Torque literals to larger size"
This reverts commit 757830b02b.

Reason for revert: Speculatively revert due to a number of
performance regressions

Original change's description:
> [Torque] Generalize Torque literals to larger size
>
> Previously, literals in Torque were stored as double values, which
> made it impossible to precisely represent 64 bit integer values.
> This CL replaces the old literal expression with an integer and
> floating point literal expression that are unbounded in size. We
> allow implicit conversion of these literals to arbitary integer
> and floating point types respectively and insert a corresponding
> bounds check into generated CSA.
>
> Bug: v8:7793
> Change-Id: I46c231aab92bc2f0c26955d1876079f306b358c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329792
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78671}

Bug: v8:7793
Change-Id: I9896e28b3c69b8cf2488bf93e993ec320d8c5d2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401866
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78706}
2022-01-20 17:13:39 +00:00
Camillo Bruni
bbe2ef4cfd [web snapshot] Fix error reporting when running snapshots in d8
Bug: v8:11525
Change-Id: I5bc01779cbc7edf4f50377bc55a26dca1f96f5b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401587
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78705}
2022-01-20 16:52:59 +00:00
Nico Hartmann
abebfa68b3 Revert "[Torque] Fix compile error in integer-literal.h"
This reverts commit 83bf662901.

Reason for revert: Have to revert dependent CL

Original change's description:
> [Torque] Fix compile error in integer-literal.h
>
> Bug: v8:7793
> Change-Id: I88e6ea24909ba1dde8cada90d7b195b6f6ecc783
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400958
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78678}

Bug: v8:7793
Change-Id: I4e62d8d121c0585df15f47653c44569d0f6b5606
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401597
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78704}
2022-01-20 16:13:49 +00:00
Dominik Inführ
9ec7c67c06 [heap] Split MarkCompactCollector::PrepareRecordRelocSlot
Split method into ShouldRecordRelocSlot and ProcessRelocInfo.
ProcessRelocInfo can then be reused in the write barrier and in the
future for the OLD_TO_SHARED remembered set. SlotTypeForRelocInfoMode
got moved into ProcessRelocInfo.

In addition rename and document SlotTypes. This CL does not change
behavior.

Bug: v8:11708
Change-Id: Iff712e7e6f5d3a4da64510b67b604b9e04998361
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400968
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78701}
2022-01-20 14:15:49 +00:00
Milad Fa
e71892a747 heap: fix endianness issue with PopulateEmbedderDataSnapshot
Need to reverse the index on big endian platforms due to
this previous change: https://crrev.com/c/1508572

Change-Id: I12e0230d929f5f16ecd2300a49970f92b0d3be50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3402363
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78699}
2022-01-20 13:36:10 +00:00
Jakob Gruber
0a6c1a778a Remove the turboprop implementation
Bug: v8:12552
Change-Id: I99e4d8e8aeba5460f11e54cc1b2bcaea98a5276d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400964
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78698}
2022-01-20 12:31:39 +00:00
Samuel Groß
f82b30cef9 [base] Introduce fast path for AddressSpaceReservation::Allocate
In case the requested permissions are kNoAccess, nothing needs to be
done as the mapping backing an AddressSpaceReservation is always
mapped kNoAccess. This fixes a performance regression on macOS.

Bug: chromium:1287599
Change-Id: I77d80489caf477e29434f9d0a06899746cb9403f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398144
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78697}
2022-01-20 12:30:29 +00:00
Liviu Rau
cab1c91c3e Consolidate arguments that change together on branch cut
Bug: v8:12405
Change-Id: I00f727ad5172d08f430b5dc2b7a348cbec344c4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401721
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78696}
2022-01-20 11:20:09 +00:00
Jochen Eisinger
d4dd9cd68b Reassign some old TODOs to folks currently working on the respective code
Change-Id: I8fd11742c4ea13cfd5cd3864e167785b97f1383a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404274
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78695}
2022-01-20 10:44:39 +00:00
Samuel Groß
972e226543 [base] Fix bugs in AllocateInternal on Fuchsia
This CL fixes two issues:

1) When the specified vmar_offset was zero, the previous logic would
   incorrectly conclude that no target address was specified, and would
   potentially place the allocation elsewhere in memory, not at the
   desired address. This CL now passes both the target address and the
   VMAR base address to AllocateInternal, which can then correctly
   determine whether a target address was supplied.

2) When the root_vmar was used and a hint specified, the previous logic
   would incorrectly use nullptr as base address of the root_vmar, which
   appears to be incorrect. The new logic now obtains the actual base
   (apparently 2MB) through zx_object_get_info during initialization.

Bug: v8:10391
Change-Id: Ia8215440a790b4a2a0c8d33f623d3ecb6a731a97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398506
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78693}
2022-01-20 10:36:23 +00:00
Jakob Gruber
2edff88402 [regexp] Standardize handling of stack overflow crash in ToNode
Use the FatalProcessOutOfMemory function such that tooling recognizes
these crashes as OOM's.

Drive-by: Skip one more test that leads to such stack overflows.

Fixed: v8:12555, chromium:1288456
Bug: v8:12472
Change-Id: Ib9203a4aa0487744f7cea9a212aeeffda579ae23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401861
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78692}
2022-01-20 09:04:59 +00:00
Lu Yahan
5218f60962 [riscv64][cleanup] Remove condition based on kJSArgcIncludesReceiver
Port commit db9f6bff77

Bug: v8:11112

Change-Id: I6c69e0501cae6c46e723d847bf56e69bb4835bec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398260
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78691}
2022-01-20 08:50:20 +00:00
Milad Fa
272e26af02 [api] Fix compilation error with gcc
enum values need to be explicitly casted to int type to
prevent the following error:
```
expects argument of type 'int', but argument 3 has type
'v8::internal::{anonymous}::V8StartupState'
```

Bug: v8:12309
Change-Id: I9515cde7d2496ca070ce4c6b751501236864730b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401398
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78688}
2022-01-19 17:56:09 +00:00
Shu-yu Guo
2afb952d30 [parser] Fix scope of super properties in heritage position
super.property accesses in heritage positions like `class C extends
super.property` should resolve super in the current scope, not C's
class scope.

Bug: chromium:1282096
Change-Id: I7ef815bc02cfff35a2898ef9f39b133d1114046c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400150
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78687}
2022-01-19 16:59:00 +00:00
Manos Koukoutos
447af8647d [wasm] Create less Handles in UpdateDispatchTables
- Do not create a new handle for {target_instance}.
- Only instantiate FunctionTargetAndRef once.

Bug: chromium:1284557
Change-Id: I42aea5750e93ef4ac578003bca323cda4753b6f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395874
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78686}
2022-01-19 16:53:09 +00:00
Scott Violet
eb5c09c839 removes two snapshot related histograms
The experiment has been would down, so these can be removed.
This effectively reverts these two commits:

https://chromium-review.googlesource.com/c/v8/v8/+/3271389
https://chromium-review.googlesource.com/c/v8/v8/+/3256006

chrome side here:
https://chromium-review.googlesource.com/c/chromium/src/+/3399313

BUG=chromium:1257321
TEST=none

Change-Id: I5e9e4e7f56a6f19159d1c8c20c5a1fe5ed2859fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3399226
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78685}
2022-01-19 16:37:21 +00:00
Andreas Haas
d776fd9d21 [factory] Initialize bit fields in InitializeMap earlier
The method SetInstanceDescriptors accessed the bit field before it got
initialized, which is undefined behavior.

R=cbruni@chromium.org

Change-Id: Ie17e6e840a9a4278e066278d1ce81ac4b836a429
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400970
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78684}
2022-01-19 15:58:26 +00:00
Dominik Inführ
0c4a512d06 [heap] host object is always non-null in PrepareRecordRelocSlot
Bug: v8:11708
Change-Id: I83c9559bb2aee062a53c1d67c293b8f6654c7d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400965
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78683}
2022-01-19 15:21:49 +00:00
Marja Hölttä
2eb253764f [rab/gsab] Re-enable serializing flags with ValueSerializer
Also:
- Refactor the ValueSerializer tests using raw data, so that we test all
valid versions for each test (not only one hard-coded one)
- Mark some tests as backwards compatibility tests, to make it less
likely that somebody updates them not realizing they are backwards
compatibility tests.

Bug: v8:11111, v8:12532
Change-Id: I670849de07742c8d442249ef4f013781e4ee9255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386802
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78681}
2022-01-19 12:45:39 +00:00
Camillo Bruni
518d217a0e [api] Ensure correct startup and shutdown order
The startup and shutdown order is as follows:

  v8::V8::InitializePlatform(platform);
  v8::V8::Initialize();
  v8::Isolate* isolate = v8::Isolate::New(...);
  ...
  isolate->Dispose();
  v8::V8::Dispose();
  v8::V8::DisposePlatform();

Bug: v8:12309
Change-Id: I043c19173e36b08b02677081a8f14c2b313f6891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300129
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78679}
2022-01-19 12:19:19 +00:00
Nico Hartmann
83bf662901 [Torque] Fix compile error in integer-literal.h
Bug: v8:7793
Change-Id: I88e6ea24909ba1dde8cada90d7b195b6f6ecc783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3400958
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78678}
2022-01-19 10:45:49 +00:00
Manos Koukoutos
069d62ebb8 Reland "[wasm] Various small cleanups/fixes"
This is a reland of f1c2a2089d

Changes compared to original:
Revert test change which used simd and caused problems in multiple test
configurations.

Original change's description:
> [wasm] Various small cleanups/fixes
>
> Changes:
> - Fix a bug in objects-printer where array elements were not treated as
>   tagged pointers.
> - Fix a few TODOs, mainly in the wasm interpreter.
> - Improve documentation, small refactorings.
>
> Change-Id: I1d70ad454b3a0693b9b784b17395434d81d01b61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383136
> Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78656}

Change-Id: I91f4fed5fbc91acb8b42413a6f40a8202bd43096
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398111
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78677}
2022-01-19 10:40:44 +00:00
Simon Zünd
1f53cbf197 [inspector] Add Runtime#getExceptionDetails CDP method
CDP has a "ExceptionDetails" structure that is attached to various
CDP commands, e.g. "Runtime#exceptionThrown" or "Runtime#evaluate".
The stack trace in the "ExceptionDetails" structure is used in
various places in DevTools. The information in the "ExceptionDetails"
structure is extracted from a v8::Message object. Message objects
are normally created at the exception throw site and may augment
the error with manually inspecting the stack (both to capture a fresh
stack trace in some cases, as well as to calculate location info).

The problem is that in some cases we want to get an "ExceptionDetails"
structure after the fact, e.g. when logging a JS "Error" object in
a catch block. To help in this case, this CL introduces a new
CDP method "Runtime#getExceptionDetails" that behaves exactly as
advertised: It provides a populated "ExceptionDetails" structure
from a JS Error object.

R=bmeurer@chromium.org

Doc: https://bit.ly/runtime-get-exception-details
Bug: chromium:1278650
Change-Id: I084be10c1d852d3b7cac8d88e7f820e867be4722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337258
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78676}
2022-01-19 09:38:31 +00:00
Dominik Inführ
1511a19d5a [heap] Verify skipping of write barriers for maps
We recently landed write barrier verification in
https://crrev.com/c/3386803. This CL adds verification to
set_map_no_write_barrier and similar methods as well.

Bug: v8:12544
Change-Id: I54844b0323731281b4f41fd1502acdd44557a2c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395561
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78675}
2022-01-19 08:29:28 +00:00
Frank Tang
261ad0d5c2 [Temporal] Implement getters which forward to timeZone
get Temporal.ZonedDateTime.prototype.(hour|minute|*second)

Bug: v8:11544
Change-Id: I5f3d20f371db4898365876483c49df73d96f3728
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3373927
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78674}
2022-01-19 06:51:20 +00:00
Jakob Kummerow
1fa5a07a66 [linux] Speed up IsHighResolutionTimer()
Avoid the worst case of spinning for 100ms on systems with
low-resolution timers.
It's unclear how widespread such systems are -- I couldn't
find one, but one user claims to have one.
Details and investigation results: http://shorturl.at/otyP4

Change-Id: I8d1aefef2552c5e8e16348bc86e663ac1bc4f6c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398501
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78672}
2022-01-18 21:50:28 +00:00
Nico Hartmann
757830b02b [Torque] Generalize Torque literals to larger size
Previously, literals in Torque were stored as double values, which
made it impossible to precisely represent 64 bit integer values.
This CL replaces the old literal expression with an integer and
floating point literal expression that are unbounded in size. We
allow implicit conversion of these literals to arbitary integer
and floating point types respectively and insert a corresponding
bounds check into generated CSA.

Bug: v8:7793
Change-Id: I46c231aab92bc2f0c26955d1876079f306b358c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3329792
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78671}
2022-01-18 15:16:24 +00:00
Victor Gomes
f4ce0839a5 [runtime] Templatize NameToIndexHashTable::Add with IsolateT
This hashtable will be used by ScopeInfo::Create which
is instantiated with Isolate and LocalIsolate.

Bug: v8:12315
Change-Id: I098c103eb884795ee84d50c0756af686c27ced31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398116
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78670}
2022-01-18 14:51:36 +00:00
Jakob Gruber
abbb54ed5a [regexp] Extend case-insensitive handling in RationalizeConsecutiveAtoms
Apply case-insensitive comparisons not only for the initial character,
but for the entire prefix. This avoids degenerate behavior for patterns
like /aaaa|AAAA|AAAA/i (i.e. generate a single 4-char prefix instead of
four 1-char prefixes).

Bug: v8:12472
Change-Id: Ib2b49fe73ca846a1b7ec90056cc64bdf5cf33026
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398114
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78668}
2022-01-18 14:41:22 +00:00
Jakob Gruber
cbddd61d60 [regexp] Periodically check for stack overflow during node generation
Recursive ToNode node generation may overflow the stack for large
graphs. As a quick fix, insert periodic stack overflow checks in
selected ToNode methods.

As a more permanent fix, in the future we could abort gracefully
(instead of crashing on a CHECK), and/or refactor into iterative node
generation.

Bug: v8:12472
Change-Id: Ie5fbe838c5f6a5192d7d9b44bfe6f6c76a8d26e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398112
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78667}
2022-01-18 12:59:31 +00:00
Samuel Groß
c992a25635 [base] Add VirtualAddressSpace unittests
These tests cover the basic VirtualAddressSpace functionality for the
three different types of address spaces currently available: the root
space, subspaces, and emulated subspaces.

This CL also includes minor bugfixes in VirtualAddressSpace
implementations and removes RandomizedVirtualAlloc in platform-win32.cc
which doesn't seem to do anything useful anymore but prevents page
allocation hints from working correctly.

Bug: v8:10391
Change-Id: Ifa260d18fd366516b5a41ab42ce2f1785c57d061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386801
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78666}
2022-01-18 12:50:12 +00:00
Maya Lekova
86acc1d084 Revert "[fastcall] Add Wasm entry for Fast API calls"
This reverts commit bd72152e7d.

Reason for revert: TSAN reports a data race, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/18124/overview

Original change's description:
> [fastcall] Add Wasm entry for Fast API calls
>
> Allow Wasm to generate calls directly to Fast API C functions.
> This massively reduces the overhead of these calls (~300%).
> Currently options parameter is not supported.
>
> This is a rebase of the work originally done by devsnek in:
> https://chromium-review.googlesource.com/c/v8/v8/+/2718666.
>
> Bug: chromium:1052746
> Change-Id: I1bb1de68b440044cc8a4e528adf9d8e0e6692a07
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364356
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#78664}

Bug: chromium:1052746
Change-Id: I957708cf1cff6ee8f90678ee48428f5c12f75a53
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398121
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78665}
2022-01-18 12:44:21 +00:00
Paolo Severini
bd72152e7d [fastcall] Add Wasm entry for Fast API calls
Allow Wasm to generate calls directly to Fast API C functions.
This massively reduces the overhead of these calls (~300%).
Currently options parameter is not supported.

This is a rebase of the work originally done by devsnek in:
https://chromium-review.googlesource.com/c/v8/v8/+/2718666.

Bug: chromium:1052746
Change-Id: I1bb1de68b440044cc8a4e528adf9d8e0e6692a07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364356
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78664}
2022-01-18 11:12:05 +00:00
Liu Yu
ff2a8f39f2 [loong64][mips][cleanup] Remove condition based on kJSArgcIncludesReceiver
Port commit db9f6bff77

Bug: v8:11112
Change-Id: I23e4f5e9fe854dce1c9cd93c28fdb656980c7094
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3397537
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#78662}
2022-01-18 09:25:58 +00:00
Anton Bikineev
c7fbac6a72 Handles: Fix OnStackTracedNodeSpace with -fsanitize=safe-stack
When the stack is split in safe and unsafe parts, on-stack
TracedReferences are allocated on the unsafe stack. What currently
happens is that on GC we destroy all the on-stack references below the
current frame of the *safe* stack. If the safe stack is allocated above
the unsafe counterpart, then all the traced references will be
preliminary destructed on GC. This CL fixes it by using
__builtin___get_unsafe_stack_ptr() if -fsanitize=safe-stack is enabled.

In addition, deduplicate OnStackTracedNodeSpace::IsOnStack() and
Stack::IsOnStack() and move more logic into ::heap::base::Stack.

Bug: chromium:1278780
Change-Id: I9582bb1321958b7ec8ef2c0c46b9e42d51bb6f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395033
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78660}
2022-01-18 09:23:52 +00:00
Joyee Cheung
80bbbb143c [class] handle existing readonly properties in StoreOwnIC
Previously, StoreOwnIC incorrectly reuses the [[Set]] semantics
when initializing public literal class fields and object literals in
certain cases (e.g. when there's no feedback).
This was less of an issue for object literals, but with public class
fields it's possible to define property attributes while the
instance is still being initialized, or to encounter existing static
"name" or "length" properties that should be readonly. This patch
fixes it by

1) Emitting code that calls into the slow stub when
   handling StoreOwnIC with existing read-only properties.
2) Adding extra steps in StoreIC::Store to handle such stores
   properly with [[DefineOwnProperty]] semantics.

Bug: v8:12421, v8:9888
Change-Id: I6547320a1caba58c66ee1043cd3183a2de7cefef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300092
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78659}
2022-01-18 09:22:47 +00:00
Maya Lekova
b1e12d70bb Revert "[wasm] Various small cleanups/fixes"
This reverts commit f1c2a2089d.

Reason for revert: Breaks some tests on no-sse configuration, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/45243/overview

Original change's description:
> [wasm] Various small cleanups/fixes
>
> Changes:
> - Fix a bug in objects-printer where array elements were not treated as
>   tagged pointers.
> - Fix a few TODOs, mainly in the wasm interpreter.
> - Improve documentation, small refactorings.
>
> Change-Id: I1d70ad454b3a0693b9b784b17395434d81d01b61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383136
> Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78656}

Change-Id: Ic698177259bb14b4c251a4212c79cc0d945b07f8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398109
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78657}
2022-01-18 09:20:42 +00:00
Manos Koukoutos
f1c2a2089d [wasm] Various small cleanups/fixes
Changes:
- Fix a bug in objects-printer where array elements were not treated as
  tagged pointers.
- Fix a few TODOs, mainly in the wasm interpreter.
- Improve documentation, small refactorings.

Change-Id: I1d70ad454b3a0693b9b784b17395434d81d01b61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383136
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78656}
2022-01-17 19:01:40 +00:00
Milad Fa
7727437e9a PPC/s390: [cleanup] Remove condition based on kJSArgcIncludesReceiver
Port db9f6bff77

Original Commit Message:

    The receiver is included unconditionally on all platforms
    (kJSArgcIncludesReceiver is always true).
    Remove all usages of kJSArgcIncludesReceiver from the code.

R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Iec840804c1070f54f03ff80770246061996b4ea6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395813
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78655}
2022-01-17 17:49:30 +00:00
Victor Gomes
4ebc9b7b0d Reland "[runtime] Adds LocalNameIterator"
This is a reland of f605d77822

Adds a GC safe (using handles) and unsafe versions of the iterator.

V8HeapExplorer needs an unsafe one, since it does not allow the
creation of handles.

Original change's description:
> [runtime] Adds LocalNameIterator
>
> ScopeInfo will contain either inlined (array) local names or
> a hash table (names => index) containing the local names.
>
> We abstract iteration with LocalNameIterator and remove
> ContextLocalName since accessing a local name by index in
> the hash table would be expensive.
>
> This CL only implements the iterator for the array.
>
> Bug: v8:12315
> Change-Id: I2c62802652fca1cf47815ce8768a3f7487f2c39f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386603
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78623}

Bug: v8:12315
Change-Id: I6288a08b9c342cd3a9cabcb621c40bb44c08c9c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3394706
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78653}
2022-01-17 17:20:40 +00:00
Andreas Haas
b111748dec [wasm] Enter the native context when executing the start function
The wpt test external/wpt/wasm/jsapi/functions/entry.html failed
because the current context was entered when executing the start
function instead of the native context. The test crashed because in
GetEnteredOrMicrotaskContext a NativeContext is expected.

Bug: chromium:1098844
Change-Id: I52d50986c67a0a69c8d9e03756592dff670f83df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368107
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78652}
2022-01-17 17:19:30 +00:00
Milad Fa
28d4ccb62c S390 [liftoff]: Implement simd integer unops
Implementations are added to macro-assembler to be shared between
liftoff and code generator.

Change-Id: Ic38677b3266399e5e170a4b2d6a8f90d0b830d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389090
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78650}
2022-01-17 15:20:50 +00:00
Dominik Inführ
1ccf7663ce [heap] Verify usages of SKIP_WRITE_BARRIER
Verify usages of SKIP_WRITE_BARRIER in builds with SLOW_DCHECKs enabled.
We can only remove the write barrier in specific circumstances that
can also be DCHECK'ed.

I also switched some write barriers to UPDATE_WRITE_BARRIER where those
simple rules didn't hold but relied on more elaborate explanations.

Bug: v8:12544
Change-Id: I4caa43627f8a3209d853e3352caabc161568e6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386803
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78649}
2022-01-17 15:05:40 +00:00
Jakob Gruber
cbcedb0439 [heap-refs] Make the return type of MapRef::prototype non-optional
We are guaranteed to have a valid ref for the prototype now that the
no-concurrent-inlining configuration has been removed.

Bug: v8:7790
Change-Id: I8400d1887f5cd41b14c92c87151847c0ed78f911
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3394708
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78648}
2022-01-17 13:35:39 +00:00
Victor Porof
5f3ff431ec Expose the recurring flag on the async stack tagging API
This CL exposes the `recurring` flag on the experimental async stack
tagging API which was implemeted in the following CL:
https://chromium-review.googlesource.com/c/v8/v8/+/3212506

It serves as a prototype to check if such an API is suitable for
improving stack traces for frameworks which split up tasks across
multiple frames, yielding back to the main thread when some time budget
is consumed.

The tests are implemented as Blink web tests in the following CL:
https://chromium-review.googlesource.com/c/chromium/src/+/3383386

Bug: chromium:332624
Change-Id: I3e8c5de723cb7c0413d03ca4292c22d6a6e565b0
Signed-off-by: Victor Porof <victorporof@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380495
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78647}
2022-01-17 12:25:48 +00:00
Victor Gomes
55be041933 [runtime] Adds a hashtable object (name => index)
In preparation to use the hash table in the scope_info, we
setup a hashtable from name to indices.

Bug: v8:12315
Change-Id: I77f1eb40191c2fb2d40127e1e84dbc41ca2e4b70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386804
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78646}
2022-01-17 12:09:34 +00:00
Simon Zünd
44a8a7d685 Introduce v8::StackTrace::CurrentScriptNameOrSourceURL
This CL introduces a dedicated API to retrieve the current (w.r.t. the
JS stack) script name or sourceURL. Currently, API clients will
collect multiple stack traces in increasing sizes to accomplish the
same goal. The new method walks the JS stack in the same way as the
stack trace collection mechanic but doesn't create/allocate stack info
or callsite objects along the way.

R=bmeurer@chromium.org, yangguo@chromium.org

Doc: https://bit.ly/v8-current-script-name
Bug: chromium:1286677
Change-Id: Id53e4f04bf17349d34f3d581bc712b1f4aa055db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3382818
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78645}
2022-01-17 11:34:28 +00:00
Jakob Gruber
bd1cc7b009 [compiler] Remove support for --no-concurrent-inlining
Now that concurrent inlining is shipping on stable, remove support
--no-concurrent-inlining.

Note that it's still possible to run Turbofan exclusively on the
main thread by passing --no-concurrent-recompilation.

Bug: v8:7790, v8:12142, chromium:1240585
Change-Id: I1943bbbcad7dea7e3a3c337c239f14f7d96c23cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308798
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78644}
2022-01-17 11:29:48 +00:00
Marja Hölttä
1f2acdba77 [web snapshot] Name scripts better
Give the "phantom" script containing the web snapshot functions the same
name as the original script.

Bug: v8:11525
Change-Id: Iae77d58152642256560ceb3688bc2b3d0d9800be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3394707
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78643}
2022-01-17 10:01:16 +00:00
Patrick Thier
db9f6bff77 [cleanup] Remove condition based on kJSArgcIncludesReceiver
The receiver is included unconditionally on all platforms
(kJSArgcIncludesReceiver is always true).
Remove all usages of kJSArgcIncludesReceiver from the code.

Bug: v8:11112
Change-Id: I7d62e6de65b73fe6d8c3293f32b500b760b08a3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322980
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78642}
2022-01-17 09:50:49 +00:00
Marja Hölttä
3ab6dbad45 [web snapshots] Implement __proto__ support
Serialize and restore objects' __proto__s.

Bug: v8:11525
Change-Id: I241de1f8b716b2a1cc3cd45ce83759e07759202a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345002
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78641}
2022-01-17 09:46:28 +00:00
Benedikt Meurer
b46d5ffbfd [debug] Decouple async event delegate instrumentation from PromiseHooks.
As described in https://crbug.com/1287476, the fact that the
AsyncEventDelegate is currently implemented on top of the PromiseHooks
causes performance problems and makes it difficult to reason about the
exact (observed) semantics; this is because for this we intercept every
JSPromise creation (via PromiseHook::kInit) and walk the synchronous
stack at that point to see if we find one of Promise#then(),
Promise#catch() or Promise#finally() on the stack. And if we do so, we
report that to the AsyncEventDelegate (which is implemented in the
inspector and will then do the async stack/stepping logic on top).

This CL introduces dedicated instrumentation for Promise#then(), which
is also called from Promise#catch() and Promise#finally(), and uses that
instrumentation for the purpose of the AsyncEventDelegate. It also
adjusts the stack walk to not always walk the full stack (which might
lead to wrong results when calls to Promise#then(), which itself can
call back into user JavaScript, are found deeper in the stack), but
instead only check the top-most builtin frames and whatever user
JavaScript frame is underneath it.

On the standalone.js (from https://crbug.com/1287476#c1), when run with
the DevTools default of maxDepth=200, we go from around 4.00ms to around
0.36ms. For everything that does not call Promise#then() - either
explicitly or implicitly - or `await`s, there's now no observable
performance impact of turning on the AsyncEventDelegate.

Bug: chromium:1280519
Fixed: chromium:1287476
Change-Id: I4911bed146381fc46cfeefb763d6dfc32e8f6071
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386379
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78640}
2022-01-17 08:50:58 +00:00
Lu Yahan
49c01feb85 [cctest] Fix build failed when is_component_build is true
Bug: v8:12543

Change-Id: I6dc98dea4e713323c18666ecfff459cbd55d90d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383514
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78639}
2022-01-17 08:17:25 +00:00
QiuJi
4155b5b672 [compiler][cleanup] Move ToBoolean to simplified operator category
According to https://chromium-review.googlesource.com/c/v8/v8/+/725721/,
ToBoolean should be a simplified operator.

Change-Id: I4898e1c022f7b3083aefd880478529b18f0d2dad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361661
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#78638}
2022-01-17 08:07:51 +00:00
Tobias Tebbi
f33e68ade1 [builtins] fix Torque fast-path for String.prototype.localeCompare
The fast path has an early return if the two inputs are the same
object. However, this was missing the check that the receiver
is not undefined required by the spec.
This fixes it by first checking that the receiver is a string and
only afterwards checking for reference equality.

Bug: v8:12495
Change-Id: I4c5fc80e09060b013c94b05bbc9da504ddbb5206
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386602
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78637}
2022-01-17 08:06:48 +00:00
Dan Clark
8ee40cfc1f Don't double-fetch a module specified on the d8 command line
Shell::FetchModuleTree assumes that the module at file_name wasn't
already fetched. Shell::ExecuteModule is calling into
FetchModuleTree without checking if the module is already in the module
map, violating this assumption.

This change fixes this by having Shell::ExecuteModule check for the
existence of the module before calling into Shell::ExecuteModule, the
same way that Shell::DoHostImportModuleDynamically does.

Bug: v8:12530
Change-Id: Ia038cbd1715e85c9c92c4554fd486c657ef952e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3388130
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78636}
2022-01-16 12:44:37 +00:00
Clemens Backes
39fb087292 Reland "[future] Use mid-tier regalloc for huge functions"
This is a reland of 40b062cefd. Known
existing problems have been fixed, see https://crbug.com/v8/12330.

Original change's description:
> [future] Use mid-tier regalloc for huge functions
>
> Stage the --turbo-use-mid-tier-regalloc-for-huge-functions behind
> --future.
>
> R=thibaudm@chromium.org
>
> Bug: v8:12287, v8:12320
> Change-Id: I7145ca1b022bfdcb0b61d6666daf855f14cbc4ce
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3236547
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77549}

Bug: v8:12287, v8:12320, v8:12330
Change-Id: I90eb2cb54b42fca77c1e3db9c18b20080f0d9338
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3347822
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78635}
2022-01-15 18:13:07 +00:00
Clemens Backes
bf8c359248 [compiler] Avoid more accessors
Access private fields directly instead.

R=thibaudm@chromium.org

Bug: v8:12330
Change-Id: I2b52dc8a2d0a1ee3a87cf6bd24b145e5c7419770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380914
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78634}
2022-01-15 08:22:47 +00:00
Clemens Backes
8de607d5b0 [compiler] Fix merging with register aliasing
Similar to the case of fixed registers, we need to consider both cases:
A SIMD register might collide with either the low or high FP register,
or the FP register might collide with a previously allocated SIMD
register. We did only consider the first case so far.

R=thibaudm@chromium.org

Bug: chromium:1286253, v8:12330
Change-Id: Id4c995586cc8b97a2e131ee9d3417525e409bcef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380597
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78633}
2022-01-15 07:04:18 +00:00
Clemens Backes
010fcac11e [compiler] Do not rely on register indexes
For getting from one SIMD "sibling" register to the other, the mid tier
register allocator was relying on the indexes of the two registers to be
{2N} and {2N+1}. This is only true for lower SIMD registers; later
registers can be at {2N-1} and {2N} instead, because of holes in the
allocatable double registers (e.g. d13-d15 are not allocatable currently
on ARM).

We can rely on other facts though:
1) The two aliasing registers are always successive.
2) A SIMD register code always maps to the lower register index.
3) We can get from an F32 register code to F64 and from F64 to S128 by
   shifting one bit to the right (this is what
   {RegisterConfiguration::GetAliases} uses).

This bug was uncovered by running the existing
cctest/test-code-generator/FuzzAssemble* tests with either
--turbo-use-mid-tier-regalloc-for-huge-functions or with
--turbo-force-mid-tier-regalloc. Hence it will be covered by these tests
once https://crrev.com/c/3347822 lands.

R=thibaudm@chromium.org
TEST=cctest/test-code-generator/FuzzAssemble*

Bug: v8:12330
Change-Id: I168840fe50b6ba6cdaa6a5462596a5cbf55c87ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3378782
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78632}
2022-01-14 21:36:31 +00:00
Michael Lippautz
804aaa5c69 Reland "cppgc-js,heap: Implement snapshots for embedder fields"
This is a reland of 142dd775b4

Original change's description:
> cppgc-js,heap: Implement snapshots for embedder fields
>
> https://crrev.com/c/3293410 added concurrent processing of C++ objects
> found through V8 embedder fields. The CL missed that those embedder
> fields are not read atomically from JS objects. The problem is that
> embedder fields are only aligned to kTaggedSize on builds with pointer
> compression and are as such mis-aligned for atomic ops. This is not a
> problem for on-heap values as the upper 32bits are anyways computed
> from the cage. Is is a problem for generic C++ values though, as they
> are used with Oilpan.
>
> This CL adds the standard marker snapshot protocol for embedder fields.
>
> Marker:
> 1. Snapshot embedder fields
> 2. Try to mark host object
> 3. On success: process snapshot
>
> Main thread:
> 1. On setting embedder fields mark the object black first
> 2. Emit a write barrier for the embedder fields
>
> This will get simpler with the heap sandbox that uses a separate table
> for embedder fields. Once the sandbox is the default configuration, we
> 	can use it as dependency for the concurrent fast path.
>
> Bug: chromium:1285706
> Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78604}

Bug: chromium:1285706
Change-Id: I024e50fc0757fbcd13cb9ffde027dff55f99d25c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386600
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78631}
2022-01-14 20:02:33 +00:00
Milad Fa
12b7c45259 S390 [liftoff]: Implement simd f32x2 unops
Implementations are added to macro-assembler to be shared between
liftoff and code generator.

Change-Id: I945e312b45d87e021ffd64948bdfd69d0642fb83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3387608
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78630}
2022-01-14 17:01:02 +00:00
Junliang Yan
2e147b4fae s390x: [baseline] implement Store functions
Change-Id: If401e5c9d1ab6f293de2d8efed1f885683667408
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386389
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78629}
2022-01-14 16:58:22 +00:00
Thibaud Michaud
b8440171c9 [wasm] Add suspend wrapper stub
- Add suspend asm builtin stub, and call it from the suspending
wasm-to-js wrapper
- Rename frame type to match both builtins (prompt and suspend)
- Add suspend bool to the import cache key

R=ahaas@chromium.org
CC=​​fgm@chromium.org

Bug: v8:12191
Change-Id: Ie5a8ca7cbe4bcb91697e05b6470e3d632d608993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3345004
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78628}
2022-01-14 16:45:42 +00:00
Milad Fa
ae499dcf55 PPC/s390: Remove many superfluous STL includes in headers.
Port 87cf0bdddf

Original Commit Message:

    Use grep to check for obviously unneeded includes. e.g. headers that
    include <vector> but does not contain "std::vector".

R=thestig@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I404409eda1f06a98ddd162799facc8aaec74826e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3387617
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78627}
2022-01-14 16:15:22 +00:00
Benedikt Meurer
cfaf8957b3 [debug] Consolidate promise stack runtime functions.
Following up on https://crrev.com/c/3383775 I realized that we could
just use the existing %DebugPopPromise and %DebugPushPromise runtime
functions, which do exactly the same job as %DebugAsyncFunctionFinished
and %DebugAsyncFunctionResumed, and are already used in other places of
promise instrumentation.

We can also remove %DebugAsyncFunctionEntered and utilize the logic in
NewJSPromise() to deal with the various promise hooks, and otherwise go
with %DebugPushPromise for the debugger side.

Bug: chromium:1280519
Change-Id: I79c77236f19c8783161c1eee36d2a16d52c60e82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386382
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78626}
2022-01-14 15:15:03 +00:00
Leszek Swirski
1e42a27fde Revert "[runtime] Adds LocalNameIterator"
This reverts commit f605d77822.

Reason for revert: Segfaults: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/36908/overview

Original change's description:
> [runtime] Adds LocalNameIterator
>
> ScopeInfo will contain either inlined (array) local names or
> a hash table (names => index) containing the local names.
>
> We abstract iteration with LocalNameIterator and remove
> ContextLocalName since accessing a local name by index in
> the hash table would be expensive.
>
> This CL only implements the iterator for the array.
>
> Bug: v8:12315
> Change-Id: I2c62802652fca1cf47815ce8768a3f7487f2c39f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386603
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78623}

Bug: v8:12315
Change-Id: Ibabe231f4357a3dd02d24b89847d579b83867a1a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386385
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78625}
2022-01-14 15:09:33 +00:00
Igor Sheludko
4ee0a0a1c5 [ptr-cage] Fix Code by PC lookup, pt.2
The Isolate might not be aware that remapped builtins are used (see
Code::OffHeapInstructionStart()), so always try to lookup PC in the
remapped builtins if they are available.

This is a follow-up to
https://chromium-review.googlesource.com/c/v8/v8/+/3379817.

Bug: chromium:1241665, v8:11460
Change-Id: Ied59ce6c7920278ed701e7139c8b6839a04cf1cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386381
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78624}
2022-01-14 14:47:02 +00:00
Victor Gomes
f605d77822 [runtime] Adds LocalNameIterator
ScopeInfo will contain either inlined (array) local names or
a hash table (names => index) containing the local names.

We abstract iteration with LocalNameIterator and remove
ContextLocalName since accessing a local name by index in
the hash table would be expensive.

This CL only implements the iterator for the array.

Bug: v8:12315
Change-Id: I2c62802652fca1cf47815ce8768a3f7487f2c39f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386603
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78623}
2022-01-14 14:10:52 +00:00
Victor Gomes
63c6b2d541 [runtime] Adds kScopeInfoMaxInlinedLocalNamesSize
kScopeInfoMaxInlinedLocalNamesSize is a threshold for inlined storage,
otherwise local names will be stored in a hash table.

Bug: v8:12315
Change-Id: Ibfa5bec5222c9e60765c3663707623544895ec0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386601
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78622}
2022-01-14 14:07:24 +00:00
Victor Gomes
2fdc823a26 [runtime] Update SavedClassVariable in ScopeInfo
ScopeInfo will contain either inlined (array) local names or
a hash table (names => index) containing the local names.

If we have the local names inlined, we should save the class
variable context slot index.

If we have a hash table instead, we should save the class
variable offset in the internal hash table storage.

Bug: v8:12315
Change-Id: Ifd9ae4f285d11fc034e8560c8558038b38a474fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386599
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78621}
2022-01-14 14:01:02 +00:00
Samuel Groß
549ee6f367 [sandbox] Improve sandboxed pointer support
This CL removes the global IsValidBackingStorePointer function and turns
the DCHECKs that ensure that sandboxed pointers point into the sandbox,
which essentially cover the same condition, into CHECKs. This is mostly
to facilitate debugging during the initial rollout, and the CHECKs can
later be turned back into DCHECKs.

In addition, this CL adds a fallback to a partially-reserved sandbox
when sandboxed pointers are enabled and when the regular initialization
fails.

Bug: chromium:1218005
Change-Id: I75526f1a00ddb9095ae0e797dc9bb80a210f867b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367617
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78620}
2022-01-14 12:47:06 +00:00
Hannes Payer
0b3b2cb33a [heap] InvokeSecondPassPhantomCallbacks() before selecting garbage collector.
InvokeSecondPassPhantomCallbacks() may allocate which may result in a different GC selection.

Bug: v8:12503
Change-Id: I936634f9b819bc160749e058cbee8fb1c555f376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386800
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78619}
2022-01-14 12:34:41 +00:00
Michael Lippautz
2984052ae8 heap: ManualGCScope should finalize marking
Since ManualGCScope changes marking flags it should finalize any
ongoing GC before changing the flags. Otherwise, the GC may observe
inconsistent state.

Bug: chromium:1285706
Change-Id: Ie8ef6a1117ba0523d0bed0c46d9116ffbc02069c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386607
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78618}
2022-01-14 09:59:21 +00:00
Frank Tang
f61ac65e95 [Temporal] Implement getter with division
get Temporal.*.prototype.epoch(Millis|Micros|S)econds)

Bug: v8:11544
Change-Id: I97d7560f386666fb4bff84b97de9927769e6ca04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3374043
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78617}
2022-01-14 08:46:29 +00:00
Leszek Swirski
3051f8abc0 Revert "[string] Support shared strings in Value{Serializer,Deserializer}"
This reverts commit 3cb4039cd1.

Reason for revert: TSAN failure in newly added test: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/18086/overview

Original change's description:
> [string] Support shared strings in Value{Serializer,Deserializer}
>
> When FLAG_shared_string_table is true, postMessaging strings will share
> instead of copy.
>
> Note that not all operations on shared strings are supported, and shared
> strings may be slower than non-shared strings for some operations.
>
> Bug: v8:12007
> Change-Id: I3462128e15410d2568868143571571b3025722c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78614}

Bug: v8:12007
Change-Id: I5bb8f9b4e9b641c6d5cb16f963e9dbc1b13ac56a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386799
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78615}
2022-01-14 08:44:24 +00:00
Shu-yu Guo
3cb4039cd1 [string] Support shared strings in Value{Serializer,Deserializer}
When FLAG_shared_string_table is true, postMessaging strings will share
instead of copy.

Note that not all operations on shared strings are supported, and shared
strings may be slower than non-shared strings for some operations.

Bug: v8:12007
Change-Id: I3462128e15410d2568868143571571b3025722c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78614}
2022-01-14 02:59:51 +00:00
Lei Zhang
87cf0bdddf Remove many superfluous STL includes in headers.
Use grep to check for obviously unneeded includes. e.g. headers that
include <vector> but does not contain "std::vector".

Change-Id: I43a9e9f01e072fd495918d28ca4cdad5cfa0294c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3354400
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78613}
2022-01-13 20:56:45 +00:00
Manos Koukoutos
e4eac0802c [wasm-gc] Fix pc offset for static br_on instructions
Bug: v8:7748
Change-Id: I3a20c588c2e0753c646cceb0a03fd882041fed7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383779
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78612}
2022-01-13 20:08:09 +00:00
Nikolaos Papaspyrou
638993ae22 heap: Add total wall time for UMA events
The total wall time for GC reported to Blink is explicitly included in
UMA events. For the C++ managed heap, it is equal to the sum of the four
phases (mark, sweep, compact, weak). For the JS heap, it will be greater
than or equal to that sum in general.

Bug: chromium:1154636
Change-Id: Id710702b8e9d8db5c8d1eb4917deb6b760a77306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386596
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78611}
2022-01-13 19:29:06 +00:00
Benedikt Meurer
302a5d208b [async-await] Further simplify await and its instrumentation.
Following up on https://crrev.com/c/3383775 we are now able to further
simplify the implementation of `await` and its instrumentation (for both
debugger and promise hooks), which aligns the implementation more
closely with the spec text and removes a whole bunch of unnecessary
code.

This also moves the `await` instrumentation into runtime-debug.cc along
with the other instrumentation methods for async functions.

Bug: chromium:1280519, chromium:1277451, chromium:1246867
Change-Id: I3fb543c76229091b502f3188da962784977158ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386597
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78610}
2022-01-13 18:09:45 +00:00
Junliang Yan
fec4bd06ea s390x: [baseline] implement Load functions
Change-Id: I7f2463e8363a060651daabc6e32fbc56405868b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3387074
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78609}
2022-01-13 17:26:26 +00:00
Manos Koukoutos
cbefd831f7 [wasm] Optimize function tables in instantiation
When initializing a table entry with null or a function constant, do not
go through EvaluateInitExpression. Remove the option to treat functions
lazily in EvaluateInitExpression/InitExprInterface.

Drive-by: Shrink indirect tables by removing redundant field.

Bug: chromium:1284557
Change-Id: I78a64becebf4b967b0a440d43855e163ec190b7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383135
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78608}
2022-01-13 16:53:18 +00:00
Tobias Tebbi
9b9bb9d64d [compiler] IsInlinable check too strict because of concurrent inlining
Bug: chromium:1274443
Change-Id: I3f6766dc84019ae017b6da1ae797c946a33079b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3351968
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78607}
2022-01-13 16:47:24 +00:00
Nico Hartmann
8b8e996023 [torque] Fix positions for type alias and structs
Bug: v8:12261
Change-Id: I4872ba82676bf64fa51d5a599323382c65cc465a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386594
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78606}
2022-01-13 16:31:30 +00:00
Leszek Swirski
7d4e3d35f5 Revert "cppgc-js,heap: Implement snapshots for embedder fields"
This reverts commit 142dd775b4.

Reason for revert: TSAN breaks: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6113/overview

Original change's description:
> cppgc-js,heap: Implement snapshots for embedder fields
>
> https://crrev.com/c/3293410 added concurrent processing of C++ objects
> found through V8 embedder fields. The CL missed that those embedder
> fields are not read atomically from JS objects. The problem is that
> embedder fields are only aligned to kTaggedSize on builds with pointer
> compression and are as such mis-aligned for atomic ops. This is not a
> problem for on-heap values as the upper 32bits are anyways computed
> from the cage. Is is a problem for generic C++ values though, as they
> are used with Oilpan.
>
> This CL adds the standard marker snapshot protocol for embedder fields.
>
> Marker:
> 1. Snapshot embedder fields
> 2. Try to mark host object
> 3. On success: process snapshot
>
> Main thread:
> 1. On setting embedder fields mark the object black first
> 2. Emit a write barrier for the embedder fields
>
> This will get simpler with the heap sandbox that uses a separate table
> for embedder fields. Once the sandbox is the default configuration, we
> 	can use it as dependency for the concurrent fast path.
>
> Bug: chromium:1285706
> Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78604}

Bug: chromium:1285706
Change-Id: If1976c0356f450fc068aa4dcc39fb9a0d5417a40
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386598
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78605}
2022-01-13 15:57:16 +00:00
Michael Lippautz
142dd775b4 cppgc-js,heap: Implement snapshots for embedder fields
https://crrev.com/c/3293410 added concurrent processing of C++ objects
found through V8 embedder fields. The CL missed that those embedder
fields are not read atomically from JS objects. The problem is that
embedder fields are only aligned to kTaggedSize on builds with pointer
compression and are as such mis-aligned for atomic ops. This is not a
problem for on-heap values as the upper 32bits are anyways computed
from the cage. Is is a problem for generic C++ values though, as they
are used with Oilpan.

This CL adds the standard marker snapshot protocol for embedder fields.

Marker:
1. Snapshot embedder fields
2. Try to mark host object
3. On success: process snapshot

Main thread:
1. On setting embedder fields mark the object black first
2. Emit a write barrier for the embedder fields

This will get simpler with the heap sandbox that uses a separate table
for embedder fields. Once the sandbox is the default configuration, we
	can use it as dependency for the concurrent fast path.

Bug: chromium:1285706
Change-Id: I6b975ea561be08cda840ef0dd27a11627de93900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380983
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78604}
2022-01-13 14:53:55 +00:00
Seth Brenith
7b55fc099f [arm64] Implement jscvt feature check for Windows
Change-Id: I7cf964294304c380fb285eebf1e65b0f84dec1a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384233
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78603}
2022-01-13 14:26:15 +00:00
Jochen Eisinger
c73ab4ee23 Drop my name from V8 debugger TODOs
I'm not going to realistically work on resolving them.

Change-Id: Idd59fe5758ab7132fa2412477242bc045b0ee02d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3378636
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Auto-Submit: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78602}
2022-01-13 14:22:45 +00:00
Patrick Thier
cc3c93f1a0 [string] Make String internalization threadsafe for shared strings
This CL fixes 2 issues with string internalization when the string table
is shared:
1. In-place migration of a string's map to Internalized was done before
   it was sure that the string is going to be internalized (outside the
   critical section). To fix this problem StringTableKey::AsHandle() is
   now split into StringTableKey::PrepareForInsertion(), which is
   invoked outside the critical section and creates a copy if
   necessary, and StringTableKey::GetHandleForInsertion(), which is
   invoked inside the critical section only for string table misses.
   Migration of the map is handled by this method.
2. TryStringToIndexOrLookupExisting() didn't handle already internalized
   strings. So far this was impossible, as this method was only invoked
   for strings that were checked not to be internalized. However with
   a shared string table, the string could be internalized after the
   checks.

Bug: v8:12007
Change-Id: I193d6b54dc41360eee47d21cbcaa36d2652d85dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368103
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78600}
2022-01-13 11:32:25 +00:00
Benedikt Meurer
41f0c0bac8 [debug] Simplify async function instrumentation.
This unifies and simplifies the way we instrument async functions for
the purpose of async stack traces and async stepping. It does so while
retaining the observable behavior on the inspector level (for now).

Previously we'd mark the implicit promise of the async function object
with the async task ID, and whenever we awaited, we'd copy the async
task ID to the throwaway promise that is created by the `await`. This
however made things unnecessarily interesting in the following regards:

1. We'd see `DebugDidHandle` and `DebugWillHandle` events after the
`AsyncFunctionFinished` events, coming from the throwaway promises,
while the implicit promise is "done". This is especially confusing
with rejection propagation and requires very complex stepping logic
for async functions (after this CL it'll be possible to unify and
simplify the stepping logic).
2. We have to thread through the "can suspend" information from the
Parser all the way through AsyncFunctionReject/AsyncFunctionResolve
to the async function instrumentation to decide whether to cancel the
pending task when the async function finishes.

This CL changes the instrumentation to only happen (non recurringly) for
the throwaway promises allocated upon `await`. This solves both problems
mentioned above, and works because upon the first `await` the stack
captured for the throwaway promise will include the synchronous part as
expected, while upon later `await`s the synchronous part will be empty
and the asynchronous part will be the stack captured for the previous
throwaway promise (and the V8Debugger automatically short circuits
stacks with empty synchronous part).

Bug: chromium:1280519, chromium:1277451, chromium:1246867
Change-Id: Id604dabc19ea133ea2e9dd63181b1fc33ccb5eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383775
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78599}
2022-01-13 10:34:35 +00:00
jiepan
a54f38e1fd [x64] Implement 256-bit assembler for vshufps
Bug: v8:12228
Change-Id: I233efc9fc4636c25baba6a689f7038331fd1f32b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303806
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#78598}
2022-01-13 08:34:45 +00:00
Jakob Gruber
4b8d04897c [maps] Lock map_updater_access in CompleteInobjectSlackTracking
CompleteInobjectSlackTracking potentially shrinks multiple maps, and
the relation between these maps should be preserved in a concurrent
environment. Thus it is not enough to make each modification
atomically, but all related map modifications must be within a
critical section.

We do this by locking the map_updater_access mutex
CompleteInobjectSlackTracking, and hence moving the function to the
MapUpdater class.

Bug: chromium:1274445,v8:7990
Change-Id: If99bb8b55e03180128ee397d845fa4c269c4241e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379819
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78597}
2022-01-13 07:45:25 +00:00
Frank Tang
8dfe2d4156 [Temporal] Remove unnecessary -0 code
Bug: v8:11544
Change-Id: I1f8fa01ece950addac048c5ae94d8c961666f720
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384241
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78594}
2022-01-13 01:57:35 +00:00
Milad Fa
0f294a8fef S390 [liftoff]: Implement simd f64x2 unops
Implementations are added to macro-assembler to be shared between
liftoff and code generator.

Change-Id: Ibe326a80f71cad41dadbb62ebbcb9b8797f1871f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3384540
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78593}
2022-01-12 21:16:15 +00:00