Commit Graph

31776 Commits

Author SHA1 Message Date
Ilya Rezvov
a37302d8f7 Revert "[gc][static-roots] Don't access markbits on R/O pages"
This reverts commit a2f63f1886.

Reason for revert: It breaks chromium integration tests https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/22574/overview

Original change's description:
> [gc][static-roots] Don't access markbits on R/O pages
>
> Markbits on read only pages are initialized BLACK and never change. For
> any practical purposes they are unused.
>
> This CL prevents any access to the markbits of these pages. This is a
> precursor to removing them entirely from the page to make room for
> static roots.
>
> Bug: v8:13466
> Change-Id: I61d3f6d9bbca750d0f34475859b34ff44f7fec1e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212397
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Auto-Submit: Olivier Flückiger <olivf@chromium.org>
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85665}

Bug: v8:13466
Change-Id: Icda4be38da984fdefd40301238c361a86f912141
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4225673
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Ilya Rezvov <irezvov@chromium.org>
Owners-Override: Ilya Rezvov <irezvov@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85695}
2023-02-06 18:34:39 +00:00
Nico Hartmann
6d2bd5afdc [turboshaft] Fix typing of NaN ** 0
Bug: v8:12783, chromium:1412629
Change-Id: If00a7467443df50cd2c79b3bb09f9dd92dd0548b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221773
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85687}
2023-02-06 15:59:56 +00:00
pthier
ee93bc8035 [regexp] Handle empty nested classes correctly
With the recent introduction of unicode sets (v-flag), nested character
classes are allowed in regular expressions.
We always expect a nested class to be of type
`RegExpClassSetExpression`, but the empty nested class was not handled
correctly.

Bug: v8:11935, chromium:1412942
Change-Id: I3b644c8627d8fc6b320a419216372810e8003983
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224311
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85680}
2023-02-06 13:53:12 +00:00
pthier
8ce9714936 [heap] Sweep shared LO space
Shared Large Object Space was added with the introduction of shared
space, but it was never swept.
Besides leaking memory, this led to issues as mark bits were never
cleared and object bodies not re-visited. If the map of an object changed, we would miss visiting potentially newly introduced pointer fields (e.g. SeqString -> ExternalString), freeing EPT entries that were still in use.

Bug: v8:13267, chromium:1407167
Change-Id: Id7bea2ebfbc5a4d935af4b97b7474d64d609a95d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221578
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85669}
2023-02-06 10:39:49 +00:00
Nikolaos Papaspyrou
7649ef2220 [heap][test] Disable weakref tests for stress concurrent allocation
These tests are unsuitable for "stress concurrent allocation" mode,
because it triggers GCs that interfere with the execution of
FinalizationRegistry cleanup tasks or with the clearing of WeakRefs.

Bug: v8:13257
Bug: v8:13713
Change-Id: Id43d95b53d3f68f1f70ad6ee9ff8e08e70007d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221575
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85668}
2023-02-06 10:24:59 +00:00
Olivier Flückiger
a2f63f1886 [gc][static-roots] Don't access markbits on R/O pages
Markbits on read only pages are initialized BLACK and never change. For
any practical purposes they are unused.

This CL prevents any access to the markbits of these pages. This is a
precursor to removing them entirely from the page to make room for
static roots.

Bug: v8:13466
Change-Id: I61d3f6d9bbca750d0f34475859b34ff44f7fec1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212397
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85665}
2023-02-06 09:36:57 +00:00
Shu-yu Guo
d14d17300b [test262] Roll test262
f00d4118d..e7364ea7d

Bug: v8:7834
Change-Id: Ie10ed625cea9f11167f1a8808404339eb0e3d5cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219942
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85655}
2023-02-03 20:31:41 +00:00
Mikhail Khokhlov
051df31aec Reland "Reduce build size when building with Perfetto SDK"
This is a reland of commit 0d4200055b

gn complained about headers that are only included behind the
v8_use_perfetto build flag. Added "nogncheck" to suppress this
warning.

Original change's description:
> Reduce build size when building with Perfetto SDK
>
> Building Chromium with full Perfetto SDK included increases build time
> significantly. We can reduce this overhead by including only those
> parts that are required. See b/266913150 for context.
>
> Change-Id: I0cde5cb7df7b6151ec686e993488d8467c416fac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212390
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
> Cr-Commit-Position: refs/heads/main@{#85603}

Change-Id: Ifdcc9983230b5e7bab5f66a37f193d2cee698400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221573
Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85650}
2023-02-03 17:03:11 +00:00
Nico Hartmann
79efc8f090 Revert "[wasm-gc] Introduce wasm null object"
This reverts commit 2e357c4814.

Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux%20MSAN%20no%20origins/33231/overview

Original change's description:
> [wasm-gc] Introduce wasm null object
>
> We introduce a wasm null object, separate from JS null. Its purpose is
> to support trapping null accesses for wasm objects.
> This will be achieved by allocating a large payload for it (larger than
> any wasm struct) and memory-protecting it (see linked CL). The two null
> objects get mapped to each other at the wasm-JS boundary.
> Since externref objects live on the JS side of the boundary,
> null-related instructions in wasm now need an additional type argument
> to handle the correct null object.
>
> Bug: v8:7748
> Change-Id: I06da00fcd279cc5376e69ab7858e3782f5b5081e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200639
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85648}

Bug: v8:7748
Change-Id: Ie53febf49b946217e0057959c757d811a97ca1eb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219105
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85649}
2023-02-03 16:57:44 +00:00
Manos Koukoutos
2e357c4814 [wasm-gc] Introduce wasm null object
We introduce a wasm null object, separate from JS null. Its purpose is
to support trapping null accesses for wasm objects.
This will be achieved by allocating a large payload for it (larger than
any wasm struct) and memory-protecting it (see linked CL). The two null
objects get mapped to each other at the wasm-JS boundary.
Since externref objects live on the JS side of the boundary,
null-related instructions in wasm now need an additional type argument
to handle the correct null object.

Bug: v8:7748
Change-Id: I06da00fcd279cc5376e69ab7858e3782f5b5081e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200639
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85648}
2023-02-03 16:06:12 +00:00
Jakob Kummerow
1c162c83b1 [turbofan] Fix types of reduced Int64Div/Uint64Div
When folding constants in the MachineOperatorReducer, we should be
careful that arithmetic instructions producing int64 outputs aren't
replaced with booleans represented as int32.

Fixed: chromium:1407384
Change-Id: Ib536a53084b12bbb205308c642ee32c0f2e1e418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219023
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85646}
2023-02-03 14:30:44 +00:00
Thibaud Michaud
df0e9dca39 [test] Fix Handle dereference issue in move fuzzer (bis)
Another instance of:
https://chromium-review.googlesource.com/c/v8/v8/+/4066541

R=dmercadier@chromium.org
CC=machenbach@chromium.org

Bug: v8:13544
Change-Id: Id9046bf9c5ea09aff45b4531b5f1ad03307fd100
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221571
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85644}
2023-02-03 12:36:40 +00:00
pthier
1885a16551 [test][inspector] Add inspector test for RegExp v-flag
Bug: v8:11935
Change-Id: Idf667b07398f3a740cc210ed52769199e9622e38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219017
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85643}
2023-02-03 11:34:10 +00:00
Victor Gomes
49f1450b3f Reland "[maglev] Check for strings in polymorphic loads"
This is a reland of commit 7f4a04671a

- Add heap number check.
- Use object_map in range instance check.

Original change's description:
> [maglev] Check for strings in polymorphic loads
>
> Bug: v8:7700
> Change-Id: Id3d523446f5061a78a46d1c52cf8f8339566356d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212402
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85626}

Bug: v8:7700
Change-Id: I72cfe2e2bf19141dffbb8df5c34600eca4d70594
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4218508
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85642}
2023-02-03 11:07:54 +00:00
pthier
5080c7727a [regexp] Add UseCounter for invalid regexp with /v, but valid with /u
Some patterns that were valid with /u are invalid with /v.
This CL adds a UseCounter for such usages in /u to get an idea how often
they are used in the wild.
This is important information w.r.t the proposal to use /v instead of /u
for the pattern attribute (http://go/gh/whatwg/html/pull/7908).

Chromium CL: https://crrev.com/c/4221395

Bug: v8:11935
Change-Id: Idc023ceba9ce03eee578d6c387ce8a8f37db292f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212393
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85639}
2023-02-03 09:49:49 +00:00
Clemens Backes
d3a3d73384 [wasm][test][cleanup] Use more base::Vector
The {CallWasmFunctionForTesting} function currently receives arguments
as a pair of {int} and {Handle<Object>*}. Encapsulating this as a
{base::Vector} makes the relation more clear and improves readability at
call sites.

R=ahaas@chromium.org

Change-Id: I884f8d0dc1c33389b60cc53750f2e3bfcaf644a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4218353
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85638}
2023-02-03 09:37:34 +00:00
Matthias Liedtke
14f1ec8cdd [wasm-stringrefs] Add string.hash instruction
Bug: v8:12868
Change-Id: I12ee551fbffc25c591d618f1957bbabbceff255e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217413
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85633}
2023-02-02 16:35:44 +00:00
Clemens Backes
a5192ac12f [wasm][fuzzer] Print information about exceptions
We sometimes get non-reproducible exception mismatches in the fuzzers.
This might come from OOM exceptions.
This CL makes us print some information about them, so we learn more
from the occasional fuzzer reports. In a follow-up we can then handle
OOM exceptions better, if that turns out to cause this.

R=ahaas@chromium.org

Bug: chromium:1412084
Change-Id: Ic0bf3880fe733320c2532c0f69d8f88fe9c9ff5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217417
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85624}
2023-02-02 13:56:21 +00:00
Anton Bikineev
d469a70049 cppgc: Fix CombinedWriteBarrierSlow()
The function relied on passed pointers always being compressed, which
is no longer the case with subtle::UncompressedMember<>.

Bug: chromium:1412021, chromium:1412221

Change-Id: I531e41d24fcab34e527db99f8047123f254e8a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217411
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85623}
2023-02-02 13:38:39 +00:00
Marja Hölttä
28771bf519 [rab/gsab|turbofan] Add missing DataView tests
Bug: v8:11111
Change-Id: I03fd90900fae521cb3e738f011fb0832770ff04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4218351
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85622}
2023-02-02 13:34:59 +00:00
pthier
96f5bb7be4 [regexp] Ship Unicode Sets
Advance --harmony-regexp-unicode-sets to shpping, enabling it by
default.

Bug: v8:11935
Change-Id: I5dcf2c584775f25516c7a1846ac6bc53326eefbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217412
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85617}
2023-02-02 11:53:15 +00:00
Victor Gomes
ff1dba398d [codegen] Merge Turbo and Macro assemblers
There is no real difference between MacroAssembler and TurboAssembler
anymore. Initially the idea was to differentiate thread-safe
operations, but it got out of hand. With LocalHeaps we could ensure
differently by passing a local_isolate.

In this CL:

TurboAssemblerBase was renamed to MacroAssemblerBase
The file containing it also renamed from turbo-assembler to macro-assembler-base.

TurboAssembler and MacroAssembler were merged into MacroAssembler
in each of the architectures.

turbo-assembler-unittests-arch were included in
macro-assembler-unittests-arch

tasm renamed to masm

Bug: v8:13707
Change-Id: I716bbfc51b33ac890c72e8541e01af0af41b6770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212396
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85610}
2023-02-02 09:27:45 +00:00
Camillo Bruni
7eff3cee05 [perf-jit] Don't use 0xFF for repeated script names
This was never supported to start with and can cause invalid script names.
This CL partially reverts https://crrev.com/c/3513892

Drive-by-fix: Dehandlify more code.
Change-Id: I96cf4c1244d9f00dc47738cd481b440e6bed0541
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174074
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85609}
2023-02-02 08:42:02 +00:00
Deepti Gandluri
44324c1fc1 Revert "Reduce build size when building with Perfetto SDK"
This reverts commit 0d4200055b.

Reason for revert: Breaks integration bots, and blocks API changes : https://ci.chromium.org/ui/p/v8/builders/try/v8_linux_chromium_gn_rel/83678/overview

Original change's description:
> Reduce build size when building with Perfetto SDK
>
> Building Chromium with full Perfetto SDK included increases build time
> significantly. We can reduce this overhead by including only those
> parts that are required. See b/266913150 for context.
>
> Change-Id: I0cde5cb7df7b6151ec686e993488d8467c416fac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212390
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
> Cr-Commit-Position: refs/heads/main@{#85603}

Change-Id: I88210ada35e0d7e68a0dbccad518cf6177303430
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4216171
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85606}
2023-02-02 00:12:31 +00:00
Mikhail Khokhlov
0d4200055b Reduce build size when building with Perfetto SDK
Building Chromium with full Perfetto SDK included increases build time
significantly. We can reduce this overhead by including only those
parts that are required. See b/266913150 for context.

Change-Id: I0cde5cb7df7b6151ec686e993488d8467c416fac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212390
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
Cr-Commit-Position: refs/heads/main@{#85603}
2023-02-01 19:23:08 +00:00
Matthias Liedtke
811d50b9c1 [wasm-gc] Allow Js -> Wasm wrapper inlining for (non-null) ref extern
This is a follow-up to https://crrev.com/c/4204032 which allowed
wrapper inlining for the nullable externref type.

Bug: v8:7748
Change-Id: I5a82c37b7cf0cfcbcacbe399f8b3119176c3bba4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212394
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85598}
2023-02-01 16:09:31 +00:00
Liviu Rau
9b46fb9d7d Support pushing additional files to Android in tests cases
Drive-by refactoring: Make it evident that currently we upload additional files only for Android platform.

Bug: v8:13686
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel
Change-Id: I8081c1185d6a92dfdcef82e697e301f3e7838dc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205916
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#85592}
2023-02-01 13:36:47 +00:00
Michael Lippautz
fb1c8489f6 [heap] Rework external callbacks in PerformGarbageCollection
- Bail out of callbacks bottlenecks if there's no registered callbacks
  without emitting scopes.
- Unify blocks for external callbacks

Change-Id: I30744ef8b2f537ecb84b22babcae6df1442018bf
Bug: v8:12612
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208930
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85591}
2023-02-01 12:49:42 +00:00
Matthias Liedtke
caa93f9618 [wasm-gc] Allow Js -> Wasm wrapper inlining for externref
Bug: v8:7748
Change-Id: If2045d900e272ae254ef22914a39ded3696f17e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204032
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85589}
2023-02-01 12:16:02 +00:00
Juan José Arboleda
958f02bbc1 [builtins] Update Array.p.toLocaleString to follow ECMA402
In JavaSCript implementations that supports ECMA-402,
`Array.prototype.toLocaleString()` must invoke the `toLocaleString` method of
each non-undefined, non-null elements witch exactly two (2) arguments.
See: https://tc39.es/ecma402/#sup-array.prototype.toLocaleString step 6.c.i.

V8 appears to provide no arguments when locale is undefined and to not provide options when options is undefined.

Bug: v8:13564
Change-Id: I655917210554d20d2eaebe2ac333421dd5d157ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184564
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Auto-Submit: Juan José <soyjuanarbol@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85588}
2023-02-01 12:07:02 +00:00
Toon Verwaest
7d8ca951ec [maglev] Don't check smi overflow after int32 unary/binop
This means TurboFan might not see what Maglev did, and it might make
different decisions, but if we deopt we'll learn in Ignition anyway and
won't make the same mistake later. At the same time this avoids a lot of
unnecessary operations that impact tight loops.

Bug: v8:7700
Change-Id: I6fada2ed0218b0b97fc8c9d9ba10fb2218cd71d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200631
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85585}
2023-02-01 10:27:33 +00:00
Jakob Linke
cbbdf48bab [code] Update Code names and remove obsolete functions
- Remove camel-case Code accessors like InstructionStream since
  they only make sense on Code (where we have to distinguish between
  embedded builtins and other Code).
- Remove the prefix from 'raw_'-prefixed accessors since it was
  intended to clearly disambiguate from the camel-case accessors and
  is now no longer needed.
- Remove various dead functions.
- Update comments.

Bug: v8:13654
Change-Id: Ife51e4aef502fc30ab1526c205a49e5620be96f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205925
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85580}
2023-02-01 08:56:56 +00:00
Lu Yahan
d2a50664c0 [riscv] Fix atomics
Port commit 76a817e03a
Also, rename the enum variable in FFlagsMask from kOverflow to kFPUOverflow to avoid redefinition due to the commit 949bd4467d.


Change-Id: I83e42d4cb0cf48d678719572adb008ef101b23e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204830
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji.odyssey@gmail.com>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85577}
2023-02-01 08:21:35 +00:00
Dominic Farolino
04b766ad80 Console: Fix namespace class string
Per the WebIDL specification, objects that are namespaces must have the
their class string value set to their identifier name [1]. Since per
spec, console is defined as a namespace [2], console's class string must
be "console".

However, since the console object in Chromium/v8 is directly implemented
inside of v8, it doesn't adhere to the WebIDL binding norms. Its
implementation manually had its @@toStringTag set to "Object", which is
incorrect. This CL corrects it to "console" and adjusts test
expectations accordingly.

Unfortunately, this CL will have web-exposed changes to Chromium that
are not tested anywhere, specifically because console's implementation
of namespace did not adhere to the WebIDL spec. Separately,
https://crrev.com/c/4193348 fixes Chromium's web-exposed tests and
stable test expectations, to manually treat console as a namespace
(despite its broken implementation) so that the global interface listing
tests properly enumerate attributes/methods on the console object.
Once this CL lands, those expectations will need to be changed.

The motivation for this change is to ensure that all console attributes
and methods are properly accounted for in the usual Blink webexposed
stable tests that are owned by the Blink API OWNERs. This is because
recently, v8 shipped a new console method (createTask()) that entirely
bypassed the Chromium launch process:
https://www.chromium.org/blink/launching-features/, because no files
needed to be approved by Blink API OWNERs.

[1]: https://webidl.spec.whatwg.org/#ref-for-dfn-class-string%E2%91%A8
[2]: https://console.spec.whatwg.org/#console-namespace

Change-Id: I0bbd05242fc815945cce40c65d74995950d64115
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4193308
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Dominic Farolino <dom@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85572}
2023-01-31 20:35:36 +00:00
Shu-yu Guo
15cc02b4e8 [shared-struct] Disallow property redefinition
Shared objects have fixed layout (i.e. immutable maps) and start off
sealed. Ordinary JS objects allow writable properties to be redefined to
be non-writable. This violates the fixed layout invariant and needs to
be disallowed.

Also contains a drive-by fix removing
@highestInstanceTypeWithinParentClassRange, which is unneeded.

Bug: chromium:1407595, v8:12547
Change-Id: I0257fa19f59ccfaaf0e07cb42aeedd71e132d21a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4190525
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85570}
2023-01-31 18:42:46 +00:00
Jakob Linke
3ebbb651e2 Remove CodeLookupResult
.. and replace it by base::Optional<Code>. It's no longer needed, now
that Code and InstructionStream cases are merged.

This was trickier than it sounds at first, because:

- CodeLookupResult (CLR) was used during the MARK_COMPACT GC phase and
  thus had to observe subtle semantics in the presence of
  forwarding pointers.
- CLR implicitly contained a Code object for off_heap_trampolines
  and an InstructionStream object for everything else. These implicit
  behaviors threaded through elsewhere, e.g. in the
  inner-pointer-to-code cache which relies on the fact that the
  underlying object pointer does not move until GC completes and
  the cache is flushed.
- Semantics of the dual-object {Code,InstructionStream} are generally
  very subtle during GC.

This CL attempts to make all this more explicit by introducing a
GcSafeCode wrapper type which must be used in code that is affected
by semantics described above. The GcSafeCode type exposes only methods
that are safe to call during MARK_COMPACT.

Drive-by:
- Rename the Heap::GcSafeFoo function family s.t. a 'GcSafe' prefix
  means that the function can be used during GC and returns
  GcSafeCode objects; and 'TryFind' vs. 'Find' returns a
  base::Optional<Foo> vs. just Foo.

Bug: v8:13654
Change-Id: I410b5539ea1b584b823bce2dafd8d1328eedc039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203385
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85562}
2023-01-31 15:03:28 +00:00
Al Muthanna Athamina
961868decf [NumFuzz] Skip test with contradictory flags on NumFuzz
No-Try: true
Change-Id: I0e33555a2d4629d6c04985f3c92d48d8db4e46cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205913
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85560}
2023-01-31 13:07:35 +00:00
Marja Hölttä
1f349da554 [web snapshots] Remove web snapshots
Bug: v8:11525
Change-Id: I0931408eefa4f55b0c9e8c0973787edfb903083a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205917
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85559}
2023-01-31 12:43:03 +00:00
Omer Katz
9bc6586712 [heap] Delay remembered set filtering to next GC marking phase
MinorMC only promotes whole pages, but doesn't move any objects. Thus
there is no need to update specific pointers. The update pointers phase
in practice only filters for objects that were promoted.
Since marking anyway needs to filter the remembered set (because slot
may be overwritten), we can just filter the remembered set once there
instead of doing it twice (i.e. end of evacuation and the following
marking phase).

Updating the external strings table remains as is since it is used by
heap verification as well.

Bug: v8:12612
Change-Id: I7e36e8acb886852087d303eceec4276f5349b272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205907
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85558}
2023-01-31 11:37:46 +00:00
pthier
39b0ade26b [regexp] Canonicalize character range before adding case equivalents.
Adding case equivalents requires a canonicalized character range.
With unicode sets we missed to canonicalize ranges before adding case
equivalents in two locations.

Bug: chromium:1410963
Change-Id: I5907062f8c29b6e9d4a4c8166d3af05079298c50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205912
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85556}
2023-01-31 10:26:36 +00:00
Maya Lekova
ef3a00533f [fastcall] Fixed missing representation in GetProjectionType
Bug: chromium:1399490
Change-Id: I01adc3dd8da7ce3e544ca6507172d036b10c0861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197351
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85545}
2023-01-30 14:14:23 +00:00
Nikolaos Papaspyrou
98949e258a [heap][test] Disable one more weakref test for GC stress
This test is unsuitable for "GC stress" mode, because it interferes with
the execution of FinalizationRegistry cleanup tasks when asynchronous GC
is used. By mistake it was ommitted from crrev.com/c/4197675.

Bug: v8:13257
Bug: v8:13699
Change-Id: I81549cee7fae988aaa23611041d722f2e6abd89f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200635
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85540}
2023-01-30 12:32:32 +00:00
Victor Gomes
9ea6a67782 [maglev] Fix generalize representation in polymorphic loads
Bug: chromium:1411075, v8:7700
Change-Id: I5490fb665b2b46a4063c7465a9b2e223b2c8f99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200644
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85539}
2023-01-30 11:07:40 +00:00
Liu Yu
82cbc72c0e [loong64][mips64] Various post-Code rename cleanups
Port commit c0367102a3

Bug: v8:13654
Change-Id: I768dc6b569814be93caa10fd91fb453ca2015dc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4196756
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#85531}
2023-01-29 07:50:03 +00:00
Clemens Backes
76a817e03a [wasm][memory64] Fix atomics
This fixes a TODO about atomics and memory64 and removes the explicit
CHECK that checks for the unsupported situation.
Similar to other memory accesses, the memory index is supposed to be a
64-bit value if memory64 is being used.
The bounds checking implementation in Liftoff and TurboFan is shared
with non-atomic memory accesses, so this is already prepared for
memory64. We only need to fix the expected type in the function body
decoder, and prepare the assembler for 64-bit values.

R=jkummerow@chromium.org

Bug: v8:13636, v8:10949
Change-Id: I210ac488bd2bb1cb141e16597ca62d3fb27cad3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191767
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85525}
2023-01-27 17:30:23 +00:00
Liviu Rau
fec8c611c8 Configure PGO builders
- add new d8_pgo isolate to be used in profile tasks;
 - configure swarming task (test) for PGO instrumentation builder
 - create script for profile only execution (no build) to be used in swarming

Led tested #1 with spike recipe #2. Example swarming task #3.

#1 https://chromium-swarm.appspot.com/task?id=60089d22e809e410
#2 https://chromium-review.googlesource.com/c/chromium/tools/build/+/4162092/11
#3 https://chromium-swarm.appspot.com/task?id=60089fcbafb0a610

Bug: chromium:1382471
Change-Id: I782b7874c8dd77e821715395dd54dbc8990bf2c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173584
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#85521}
2023-01-27 13:54:32 +00:00
Camillo Bruni
59de53fbcf [ic] Remove overzealous DCHECK
Bug: chromium:1408086
Change-Id: I6df2b052a0d4703b335505d7e179c98cfbd0f5cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4198140
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85514}
2023-01-27 10:22:13 +00:00
Dominik Inführ
2fea89c46c [heap] Fix --code-stats in debug builds
This CL fixes failing DCHECKs when Heap::CollectCodeStatistics() is
invoked in the atomic GC pause.

* Heap::CollectGarbage disallows GC, so move CollectCodeStatistics()
  into Heap::GarbageCollectionEpilogue() where such an exception
  already exists.
* CollectCodeStatistics() also needs to finish sweeping but a DCHECK
  in GCTracer only allowed this for heap verification.

Bug: v8:13267
Change-Id: I6c8e75ad5e78347fc162d3b67be10cb972269a12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197335
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85513}
2023-01-27 10:05:26 +00:00
Nikolaos Papaspyrou
02df9f3ef1 [heap][test] Reland: Fix weakrefs tests for conservative stack scanning
31 out of the 36 JS tests in test/mjsunit/harmony/weakrefs/ rely on
precise GC with the following general pattern: they allocate some
objects, clear all references to them, invoke a GC, then perform
some test that assumes that the GC has reclaimed the objects.
When conservative stack scanning is used, this may fail.

This CL fixes the tests, ensuring that a precise GC will be invoked
when necessary, without scanning the stack. To achieve this, the GC
has to be invoked in asynchronous execution mode, which ensures that
it will be invoked from the event loop without a stack. In some
cases, this change requires a non-trivial change in the tests.

In 5 tests, part of the test's objective was to verify that a weak
reference is not cleared before the end of the turn. In those, it
was not possible to invoke GC asynchronously, as this would
immediately start a new turn. These tests still use synchronous GC
and they have been modified, if necessary, to allow for CSS (i.e.,
to not test that all possible garbage is reclaimed after a
sequential GC). Because of CSS, these tests may not always test
everything that they were intended to.

Some tests are unsuitable for testing in "GC stress" mode, because
this interferes with the execution of FinalizationRegistry cleanup
tasks or with the clearing of WeakRefs, when asynchronous GC is used.

Tests with trivial fix:

- cleanup-from-different-realm
- cleanup
- cleanup-proxy-from-different-realm
- cleanupsome-2
- cleanupsome-after-unregister
- cleanupsome
- finalizationregistry-keeps-holdings-alive
- multiple-dirty-finalization-groups
- stress-finalizationregistry-dirty-enqueue
- undefined-holdings
- unregister-after-cleanup
- unregister-before-cleanup
- unregister-called-twice
- unregister-inside-cleanup2
- unregister-inside-cleanup3
- unregister-inside-cleanup
- unregister-many
- unregister-when-cleanup-already-scheduled
- weak-cell-basics

Tests with non-trivial fixes; same logic but very restructured:

- cleanup-is-not-a-microtask:
- cleanup-on-detached-realm
- finalizationregistry-scheduled-for-cleanup-multiple-times
- finalizationregistry-independent-lifetime
- finalizationregistry-independent-lifetime-multiple
- reentrant-gc-from-cleanup
- symbol-in-finalizationregistry
  (was 2nd part of former symbol-as-weakref-target-gc)
- weak-unregistertoken

Tests with non-trivial fixes; same logic, restructured, using
synchronous GC:

- finalizationregistry-and-weakref
- symbol-as-weakref-target-gc
  (was 1st part of former symbol-as-weakref-target-gc)
- two-weakrefs
- weakref-creation-keeps-alive
- weakref-deref-keeps-alive

This is a reland of commit 20a954f4bc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191774
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85477}

Bug: v8:13257
Bug: v8:13662
Change-Id: I298ccbc932afc44d5c8c858620a180388a25f5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197675
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85512}
2023-01-27 10:00:33 +00:00
Anton Bikineev
02afcd6b05 cppgc: Introduce subtle::UncompressedMember
Some very hot getters in Blink can spend many cycles on decompression.
We're planning to optimize such paths by selectively using uncompressed
pointers.

Change-Id: I78af751c423c56010a794448450032c66f8fa244
Bug: chromium:1410145
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191778
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85508}
2023-01-26 23:51:28 +00:00