Avoid clobbering the object register when it aliases the result register
in StringLength.
Bug: v8:7700
Change-Id: Ib96522ca89313ae7c54af829d8f9743d1ab7d705
Fixed: chromium:1374231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952593
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83691}
Make dead returns from inlined functions merge a dead frame state into
the exit block for that inlined function.
Bug: v8:7700
Bug: v8:13379
Change-Id: I666d6139607557db0691d78ec3b050f03fae7814
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952678
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83688}
This removes the deprecated FLAG_* aliases, and switches remaining uses
to the new v8_flags syntax.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Icde494a3819a9b1386c91e44f5d72a55666d9eae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952350
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83686}
Our previous assumption that the receiver is immutable is incorrect in
constructors. Change the current logic (which never generates an
exception phi for receivers, but instead re-uses the parameter slot)
into forcing the receiver exception phi to be allocated (and spilled) in
the receiver parameter slot.
Bug: v8:7700
Change-Id: I1ba92b2e711dc0fcd7c818526b9c199cadcdd3bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948586
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83684}
When not in unicode sets mode, '[' within a class is an ordinary
character (not the beginning of a nested class).
While scanning for capture groups, the flag (/v) was not taken into
account.
Bug: chromium:1374232
Change-Id: I05b9758bedba25633129b12d4634510031d01544
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952253
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83683}
... to distinguish them from blocks that happen to be empty, and since
they may not always be actually empty (due to interrupt budget
modification).
Bug: v8:7700
Change-Id: I5774cd5d675fbfd1acd04a8a5358e0d3a7dd1373
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952672
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83681}
Drive-by fix: reorder members of RandomAccessStackDominatorNode to
save 8 bytes on the total size of Block.
Bug: v8:12783
Change-Id: I4923490b0d2f4de22ea001eeba44c950c6451633
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893853
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83679}
This reverts commit 237de893e1.
Reason for revert: breaks flake bisect:
https://ci.chromium.org/ui/p/v8/builders/try.triggered/v8_flako/b8800423657665797553/overview
The change added the implicit requirement to run testing with
vpython3, which is not given everywhere.
Original change's description:
> [resultdb] Add ResultDB indicator
>
> Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
>
> If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
>
> To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
>
>
> V8-Recipe-Flags: resultdb
> Bug: v8:13316
> Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
> Commit-Queue: Liviu Rau <liviurau@google.com>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83672}
Bug: v8:13316
Change-Id: I7e55668e365475298ed46d2fc8ee0fe1282c3e8e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952131
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83677}
In production we will only compile Wasm code with TurboFan after it has
already been executed via Liftoff. Hence we know that the code is valid,
and can skip validation. This will save some binary size, and (minimal)
run time.
Under exotic circumstances (no Liftoff, Liftoff bailed out, ...) we did
not run validation yet. In that case, run it explicitly.
Note that the {kNoValidation} mode still has the validation checks as
DCHECKs, so fuzzers can find bugs in the new logic.
R=jkummerow@chromium.org
Bug: v8:13361, v8:13371
Change-Id: I2d0896bee44a80a9d09d9c273ec5fdbe9ab8da62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941891
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83676}
A polymorphic IC can have a single access info if all maps have the same
behaviour (e.g. the polymorphism is on subclasses but the load loads
from a shared superclass). Bail out for these cases for now, with a TODO
to handle this polymorphism in the future.
Bug: v8:7700
Change-Id: I05ae764524a741ccecace0feb469380d1e0a1917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952130
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83675}
In order to drop validation from TurboFan, we need to know which
functions have already been validated when starting TurboFan
compilation. Under normal circumstances, that would be all of them. In a
TurboFan-only configuration, or for new code where Liftoff bails out, we
could need to run validation before TurboFan compilation though.
R=jkummerow@chromium.org
Bug: v8:13361, v8:13371
Change-Id: Ia59bdb1c25e4fc4300ca3d8cfe3ac3caf4985fa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942090
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83674}
After an error is encounterd during RegExp parsing, indicate that there
is no more work to do.
Bug: chromium:1374042
Change-Id: Ib547a06de855028e862933897930d8ba78f8f320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3950294
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83673}
Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
V8-Recipe-Flags: resultdb
Bug: v8:13316
Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
Commit-Queue: Liviu Rau <liviurau@google.com>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83672}
After the let instruction was removed again, the number and types of
locals stays constant throughout the decoding of a function. Hence store
it in a plain array instead of a ZoneVector. This makes the decoder
smaller and saves bounds checks for the "safe libc++".
R=thibaudm@chromium.org
Bug: chromium:1358853
Change-Id: Iad69aa0cfdc254710e1c2219cfb2c972241ef473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944929
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83671}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Iaf36c486f73ec4c4d18cacd912cd92d37c155cc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941711
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83669}
This CL implements the heavy lifting for re-using block lists:
- On local debug-evaluate, we check if the paused function already
has a block list. If not, we do a full re-parse, calculate the
block lists and stash them in the global map.
- On a context lookup, we do the lookup slightly differently. The
block lists now store "outer" locals, so we need to check the
block list before we advance to the next context, not before we
do the lookup in the current context.
The CL also duplicates the debugger test that checks most of these
shadowing edge cases. While we keep working on the new feature
we still want to check both configurations, but the feature is too
small to warrant a separate bot. Note that the file with the flag
enabled has one additional test case that fails with the old
implementation. Unfortunately it's non-trivial to fix in the old
implementation.
This CL drastically improves performance for conditional breakpoints
as they use local debug-evaluate under the hood. The worst case
example (https://crbug.com/1072939#c15) improves from 6.5 seconds
to 100ms.
R=jarin@chromium.org
Bug: chromium:1363561
Change-Id: I85f3d908d246f0d2e31ed272f4db6a852b9dbc39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941584
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83665}
... and ClassSet to ClassSetExpression to match the spec (changed with
the introduction of unicode sets).
Bug: v8:11935
Change-Id: I73b50de0a3436df7b2282c6168410ee2f7045978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3929039
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83662}
Output of type UnsignedBigInt64 can be out of the range of small
BigInts. This CL inserts necessary conversion and checks for it.
Bug: chromium:1371935, v8:9407
Change-Id: I2553679452caa63111b97c89d072dd5fcc98aa7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3939668
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#83661}
Uses the same infrastructure from Loads to implement property stores.
Drive-by: PropertyAccessInfo cannot be invalid in BuildPropertyLoad.
Bug: v8:7700
Change-Id: Ib30498a2a0c60722b0308b11a82c91ad027a803a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948666
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83659}
Reset() calls from the destructor of an Oilpan object were not
supported. There was no check that would prohibit such a call though
which would yield in a memory corruption.
Going forward, we support bailing out on such Reset() calls in a
graceful way, i.e., such calls are nops and merely reset the pointer
to the global handle. A subsequent GC would clean up unused nodes.
Bug: chromium:1371512, v8:13372
Change-Id: Icc86b442183fc2ab9ecd83b9a675266719acdad4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941890
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83656}
New space of all client isolates need to be iterable in a shared GC.
With Minor MC sweeping for new space might need to be finished as
well. In addition, iterating OLD_TO_SHARED remembered sets might
conflict with concurrent sweeping in all client isolates.
Therefore we simply invoke MakeHeapIterable() on each client heap. We
might be able to relax this in the future by e.g. pausing sweeping
instead of finishing it completely.
Bug: v8:13267
Change-Id: I6c4cc100c207e996ba6099bfd5e628e2c123917b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942387
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83655}
No need to use 'cpcp' or 'cpm' now, simple 'print' shall work:
Instead of:
{
<cppgc::internal::MemberBase> = {raw_ = {value_ = 2300193596}},
<cppgc::internal::DisabledCheckingPolicy> = {<No data fields>},
<No data fields>
}
the output becomes:
cppgc::Member<GCed> pointing to 0xbbbbbbbb12345678
Bug: chromium:1373391
Change-Id: I72645d372ee830e20ec02b991ddff94851c4a49f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948607
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83654}
Move PagedSpace::RawAllocateBackground into the ConcurrentAllocator.
This removes most allocation logic in PagedSpace. The eventual goal
is that PagedSpace only provides free list allocation and all the
additional logic around it (e.g. supporting sweeping or growing the
space) will be implemented by the allocator.
Bug: v8:13375
Change-Id: Ied21d6253e78406633154258eb491a522b1cfd3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945051
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83652}
This CL hides the blocklist calculation logic in the ScopeIterator.
The blocklists can only be calculated when the iterator reached
the closure_scope_. We shouldn't expose this fact to callers. Lets
have a new "Reparse" strategy that makes this a bit more explicit.
Creating the ScopeIterator with the new strategy guarantees that the
blocklists are calculated after iteration and we skip re-parsing the
whole script if blocklists are already present.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: Ia55a8ae81147cf7fe7b4850fc74495235f13cadc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944918
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83651}
The SamplingHeapProfiler allows the caller to configure whether it
should retain samples for objects which were collected by major or minor
GC cycles. There is not a separate option for minor mark-compact cycles.
Currently, objects collected by minor MC are reported as collected by
major GC. In this change, I propose that such objects should be reported
in the minor GC category instead, since minor MC has "minor" in the
name. I believe that this change will also fix a test which is flaky
when minor MC is enabled.
Bug: v8:13369
Change-Id: I0314dc22c816aae57fc9cd4db35c0b2baa4b91d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3946898
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83650}
Error message was:
v8\v8\src/compiler/turboshaft/representations.h(206): error C3615: constexpr function 'v8::internal::compiler::turboshaft::WordRepresentation::WordRepresentation' cannot result in a constant expression
v8\v8\src/compiler/turboshaft/representations.h(208): note: failure was caused by call of undefined function or one not declared 'constexpr'
v8\v8\src/compiler/turboshaft/representations.h(208): note: see usage of 'v8::internal::compiler::turboshaft::RegisterRepresentation::IsWord'
Change-Id: Ia72d00abf2d79cd579983452c27f17a8b7abe315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948604
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83649}
Implement all PropertyAccessInfo kind for property load.
- Changes if-chain to a switch to make it clear we implemented all
PropertyAccessInfo kinds.
- Adds StringLength to do a Int32 field load.
- Adds UnsafeSmiTag to tag StringLength, since we know it fits in a Smi.
Bug: v8:7700
Change-Id: I671b98ead141efa22beab86094e901c9f0c29928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948605
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83648}
Using PropertyAccessInfo will allows us to encapsulate property
monomorphic/polymorphic load/store logic similar to TF.
Bug: v8:7700
Change-Id: I63099e39c7696e85adea801f953717a30786783d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948622
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83646}
A lot of deferred code doesn't want to return, or jumps to a different
label than the return_label. Remove this from the interface and require
callers to pass in an explicit ZoneLabelRef for the return label if they
need one.
Also, clean up the deferred code handling, in particular adding a static
assert that the deferred arguments match the passed function pointer to
make these errors more explicit.
Bug: v8:7700
Change-Id: I06652e56fbff790569d6c23cebe8b8dfbbafd939
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944916
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83643}
