Commit Graph

77456 Commits

Author SHA1 Message Date
Leszek Swirski
3f9f1eeefa [maglev] Depend on stable protos up to validity cell
Inline DependOnStablePrototypeChain to iterate only those maps which
share a validity cell with the receiver map. This resolves an issue
where maps after the holder object violate the stability invariants, but
doesn't require looking up what the actual holder is.

Bug: v8:7700
Change-Id: Id06f0d13660f547e14dd25085799c0e6223c34b9
Fixed: chromium:1359215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871298
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82964}
2022-09-05 10:12:04 +00:00
Matthias Liedtke
271bd0866f Revert "[sandbox] Sandboxify ExternalString external pointers"
This reverts commit e7bf81100a.

Reason for revert: Failing TSAN runs

Original change's description:
> [sandbox] Sandboxify ExternalString external pointers
>
> Bug: v8:10391
> Change-Id: I0f737e5adf6e4fd24f93436fa5680ff20c1536da
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757901
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82958}

Bug: v8:10391
Change-Id: I384d49016b9494655866339a21dab60d451158a7
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872271
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82963}
2022-09-05 09:47:24 +00:00
Leszek Swirski
f620df20d6 [maglev] Call the write barrier in GeneratorStore
There was a missing write barrier for the saved registers and context
in GeneratorStore. Add (deferred) write barriers for these, with some
careful register reshuffling to minimise moves.

Bug: v8:7700
Change-Id: Icf50e96adf3775785ce9b2c5a7566ecbbd1d63d9
Fixed: chromium:1359163
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870914
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82962}
2022-09-05 08:38:30 +00:00
Michael Achenbach
9beb6f383c [foozzie] Avoid more contradictory flags
This ignores one of --assert-types and --stress-concurrent-inlining if
used together. We already filter those from trials, but they also might
get picked from // Flags lines in test cases.

No-Try: true
Bug: chromium:1359829
Change-Id: I7e46afb53bdbb0a871c7443a5a66a339046eb3de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871195
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82961}
2022-09-05 08:37:26 +00:00
Tom Anderson
a482e33fdb Fix build with -Wextra-semi (arm64)
Bug: chromium:1355871
Fixed: chromium:1359712
No-Tree-Checks: true
Change-Id: I01e35ec6c35d82608797d8ae222d79a125ca5758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872346
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82960}
2022-09-05 08:17:27 +00:00
v8-ci-autoroll-builder
c178d3d407 Update V8 DEPS (trusted)
Rolling v8/build: aebd733..a412eb2

Rolling v8/third_party/depot_tools: eb16430..a089281

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220902.0.1..version:9.20220902.1.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ied5248bff1159fc65f61bfc512464e356578840b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872519
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82959}
2022-09-05 07:33:45 +00:00
Samuel Groß
e7bf81100a [sandbox] Sandboxify ExternalString external pointers
Bug: v8:10391
Change-Id: I0f737e5adf6e4fd24f93436fa5680ff20c1536da
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757901
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82958}
2022-09-05 07:32:39 +00:00
v8-ci-autoroll-builder
b804d8d0b9 Update V8 DEPS (trusted)
Rolling v8/build: 15f3aed..aebd733

Rolling v8/buildtools: 734683a..18d22db

Rolling v8/buildtools/third_party/libc++/trunk: 84f0693..369cbf3

Rolling v8/third_party/depot_tools: 8cdc635..eb16430

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220831.2.1..version:9.20220902.0.1

Rolling v8/tools/clang: e0c2881..0a22859

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I01a1df8f6fe1db74fad773480edb5801f2851219
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872510
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82957}
2022-09-03 03:56:53 +00:00
Leon Bettscheider
0d192e1e70 [heap] Select MinorMC to finalize incremental MinorMC
This CL makes SelectGarbageCollector choose MinorMC to finalize
minor incremental marking if the allocation space is new space.

Bug: v8:13012
Change-Id: I0125d956842d83683cf3b1c5999de0e10a43dee5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871074
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82956}
2022-09-02 18:16:23 +00:00
Leon Bettscheider
cc3bd0e631 [heap] Only one active new space allocation observer
This CL exclusively activates ScavengeTaskObserver, used by Scavenger
and atomic MinorMC, or MinorMCTaskObserver, used by concurrent
MinorMC.

Bug: v8:13012
Change-Id: I313b0cbe250828cc76d7d4b25e9abb457315112e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871295
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82955}
2022-09-02 17:41:03 +00:00
Ilya Rezvov
d7c306a2d9 Reland "Port Generic JS-Wasm Wrapper for arm64"
This is a reland of commit 5a318a2313

Original change's description:
> Port Generic JS-Wasm Wrapper for arm64
>
> Bug: v8:10701
> Change-Id: I2014f8994c74379663998e2560d1d51b98a4a9a6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811834
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82915}

Bug: v8:10701
Change-Id: Ic0ac1478759150a5cc7e75d1a8e4e465e0d48233
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869197
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82954}
2022-09-02 16:53:34 +00:00
Patrick Thier
e547fe70f9 [strings] Fix concurrent internalization of external strings
When internalizing cached external string that are not in-place
internalizable, there is an optimization that avoids copying the
contents of the string. This optimization doesn't work when the string
table is shared, as it leaves strings in a partly initialized state that
can be accessed in a concurrent environment.

Bug: v8:12007
Change-Id: I49fcbb232893c87d065af114546a6f1a15471016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870469
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82953}
2022-09-02 16:16:13 +00:00
Manos Koukoutos
c716142410 [OWNERS] Make Matthias Liedtke a wasm owner
Change-Id: Ie36ef2b934b4ea1fd256175748daac73246be826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870467
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82952}
2022-09-02 16:05:02 +00:00
Dominik Inführ
3ec02e314c [heap] Fix aborting compaction with map space compaction
When aborting compaction on a page, slots need to be recorded in the
non-evacuated part. Now that maps might be recorded as well, slots
need to be recorded in the map word as well.

Bug: chromium:1359294, v8:12578
Change-Id: I91e4a98ae2951d814d4b50e527b34d8e54d55434
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871297
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82951}
2022-09-02 16:03:03 +00:00
Shu-yu Guo
bbc38834d6 Fix DoubleToInteger to never return -0
DoubleToInteger, which corresponds to the ToIntegerOrInfinity AO in
ecma262, never returns -0. Currently there's a bug as std::ceil can
return -0.

Bug: v8:10271
Change-Id: Id5e7d040ef9d186462022dc96052d7920be6ebed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869196
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82950}
2022-09-02 15:41:23 +00:00
Clemens Backes
45c878a6da [wasm] Refactor TransitiveTypeFeedbackProcessor
A minor refactoring to call a static method instead of just creating an
instance in order to do the work.
This also makes it easier to later add methods to process all feedback
before dumping profile information.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I157357753b3a1cff83df426660501c43959937b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870468
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82949}
2022-09-02 15:36:54 +00:00
Leon Bettscheider
e69fa72620 [heap] Fix regression in IncrementalMarkingJob::ScheduleTask
This CL fixes a regression caused by https://crrev.com/c/3865147.

Bug: v8:13012
Change-Id: I2a0b89965a305197b499044ea7b10285a763dc4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871296
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82948}
2022-09-02 15:25:43 +00:00
Jakob Linke
de762c9630 [compiler] More conservative reads of call feedback
The `target` field of call feedback may be stored in the feedback
vector without protection by generated code (see
TryInitializeAsMonomorphic).  We thus can't assume a memory fence
exists when creating the ref, switch to TryMakeRef instead.

Bug: v8:7790,v8:12876
Change-Id: I428b00b19a417e818c315f1cf9ee62d19f0747d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867728
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82947}
2022-09-02 15:15:34 +00:00
George Wort
5981d168b1 [compiler] Apply StoreStoreElimination through bitcasts
Add BitcastWordToTagged and BitcastWordToTagged to
CannotObserveStoreField in StoreStoreElimination to
allow more stores to be eliminated.

Also add the use properties in CannotObserveStoreField
so that future nodes don't block opportunities.

Improves Speedometer2 by 0.16% and 0.12% on a Cortex-A55
and a Neoverse-N1 machine respectively, with Preact seeing
+0.8% on both.

Change-Id: I0cfe887ec4c0c435dbb0f9d8dc3da4bfcdabc265
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865560
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82946}
2022-09-02 15:01:18 +00:00
George Wort
9691e60e56 [turbofan] Only use --no-turbo-rewrite-far-jumps when applicable
Fixes the use of v8_enable_fast_mksnapshot on platforms that
aren't ia32 or x64. This was introduced by
https://chromium-review.googlesource.com/c/v8/v8/+/3863281

Change-Id: I0d18c2d16dae4937baa40ee336d8c246a8b77889
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867408
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Cr-Commit-Position: refs/heads/main@{#82945}
2022-09-02 14:32:17 +00:00
Victor Gomes
8b9c543cdf [maglev][cleanup] Create MergePointIFS::NewForLoop and NewForCatchBlock
This makes it clear that the constructors are to be used for a basic block that starts a loop or a basic block that starts an exception handler.

Bug: v8:7700
Change-Id: Ic58dd80f223e45b4e5cf5da6e78e989ba18d55a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870916
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82944}
2022-09-02 14:30:23 +00:00
Clemens Backes
14ec87e285 [flags] Fix another weird printing of contradictions
Move the logic to negate a flag properly if the name starts with '!' to
the general {FlagName} helper. This fixes an otherwise weird formatting.

Before:
# Contradictory flag implications from --!liftoff and --wasm-speculative-inlining for flag --wasm-dynamic-tiering.

After:
# Contradictory flag implications from --no-liftoff and --wasm-speculative-inlining for flag --wasm-dynamic-tiering.

R=tebbi@chromium.org

Change-Id: I21236b4ff338aa4d2ddd0872f85e2362ef8dc813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870915
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82943}
2022-09-02 14:24:43 +00:00
Omer Katz
52c90d783e [infra] Extend MinorMC bots with additional tests
Bug: v8:12612, v8:13145
Change-Id: Ib44d3eb15f05aebe1c165221507517d9df472142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870919
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82942}
2022-09-02 13:41:34 +00:00
Dominik Inführ
b0a2f508c5 [heap] Stop scanning full client heaps for pointers into shared heap
We used to scan the full heap of all clients for pointers into the
shared heap. Now that the OLD_TO_SHARED remembered set is considered
complete, we don't need to scan objects in the old generation anymore.
Instead we just need to check slots in the OLD_TO_SHARED remembered
set.

Since we don't have write barriers for objects guaranteed to be in
new space, we still need to scan objects in the young generation.

Bug: v8:11708
Change-Id: I1121f90ee63521c9141431f4cb31973796f1a67c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865561
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82941}
2022-09-02 13:38:03 +00:00
Marja Hölttä
2d14b0bdc3 [heap] Unify parameter order in MoveEvent funcs
Now it's "source, target" in all places.

Change-Id: I6ce943214c79467aca4e3b62c3376921e206842a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870917
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82940}
2022-09-02 13:34:53 +00:00
Michael Achenbach
5d50024ed4 [foozzie] Filter some contradictory flags
Add logic to drop cyclic contradictory flags from
correctness-fuzzing command lines. Add the currently known
biggest offenders.

Without this, the correctness fuzzing harness runs into a CHECK
failure during smoke testing, when attempting to pass cyclic flags
to d8. It fails fast, but uselessly burns fuzzing time.

This change drops one of the known cyclic flags instead to make the
test run still useful. The precedence is right to left like in the
V8 test framework.

Additionally on Clusterfuzz, all crashes during smoke testing are
deduped as one crash report. We don't know if there are other
problems before this one is fixed/hidden.

No-Try: true
Bug: chromium:1330303
Change-Id: I06cbb4655cd3cf467f5cce6f84dba653834ca72e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865562
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82939}
2022-09-02 13:29:23 +00:00
Milad Fa
4360dea985 PPC/s390: Cleanup some macros
Port 247b33e921

R=gdeepti@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Iaedf6d6579e8224ba90b19b70ed040b23b85b2b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868835
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82938}
2022-09-02 12:57:02 +00:00
Matthias Liedtke
c6efb4da12 [wasm-stringrefs] Remove subtyping between string view / iter and any
The intention is to be restrictive for now: modules should not
start to depend on this subtyping while the stringref type
hierarchy question is being settled (see
https://github.com/WebAssembly/stringref/issues/3 for details).

Bug: v8:12868
Change-Id: I0140e72f92550c88393dc84bb1fa3ce65840a048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865019
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82937}
2022-09-02 12:18:32 +00:00
Matthias Liedtke
2f95d10f6b [wasm-gc] Support non-function ref globals via WebAssembly.Global
Bug: v8:7748
Change-Id: Ibb43799319f8032d69adcaaeebb48ec8e4e6078c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869146
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82936}
2022-09-02 12:14:22 +00:00
Victor Gomes
04224d8cb4 [maglev] Support exception handlers
At the start of the graph builder, we add merge states to exception
handlers basic block with ExceptionPhis (normal phis with no input,
but with an interpreter register "owner").

Every Node that can throw, can also lazy deopt, so we use the
lazy deopt IFS to recover the exception phi values in a trampoline
before jumping to the exception catch block.

Bug: v8:7700
Change-Id: I62fe7f19ce5e89c3df645224ea62f9fc2798207c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865865
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82935}
2022-09-02 12:09:32 +00:00
Matthias Liedtke
a81f56c503 [wasm-gc] Support non-function ref globals with non-global init value
This change adds support for defining globals whose value is imported
and not defined inline. This was already possible for importing globals
from other modules, now it is also supported for non-global values, e.g.
values created by a wasm function and exported to JS.

Bug: v8:7748
Change-Id: I4fe22a7ab33b431cb731458900c0f332dff8b8f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865554
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82934}
2022-09-02 11:19:02 +00:00
Clemens Backes
076e832c66 [base][mac] Implement base::SharedMutex via std::shared_mutex
Instead of implementing our own shared mutex, use std::shared_mutex,
which does not have the problem of deadlocking when interrupted by
signals (see https://crbug.com/v8/12037).
This is on Mac only, for now. If this fixes the regressions, we can
switch all systems to std::shared_mutex.

R=ishell@chromium.org
CC=dmercadier@chromium.org

Bug: v8:12037, v8:13256, chromium:1358856
Change-Id: Ie4be7cc5431905ca1e4f74809168eb6a9f584d28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870465
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82933}
2022-09-02 11:12:18 +00:00
Omer Katz
026a100031 [heap] Update evacuation and implement sweeping in MinorMC
Bug: v8:12612
Change-Id: I28a574435646073d65e6fe1e746267ffb0eaa01d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864083
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82932}
2022-09-02 10:52:03 +00:00
Leszek Swirski
2f41221fbc [maglev] Fix ResumeGenerator reviving a dead SuspendGenerator
ResumeGenerator is semantically a successor of SuspendGenerator (for
reasoning about liveness), but operationally it's a successor of
SwitchOnGeneratorState. This means that the jump to ResumeGenerator will
always create a new basic block, even if the SuspendGenerator was dead.

This causes problems if we made other assumptions on liveness based on
the semantics; in particular, we assume that JumpLoop is dead if the
loop header is dead (thanks to loop irreducibility).
SwitchOnGeneratorState breaks irreducibility, and this manifests as the
JumpLoop being alive and trying to jump to a dead header.

Since this is a special case, and loops are otherwise irreducible, we
can also fix it with a special case; namely, MarkBytecodeDead now has a
special case for SuspendGenerator which manually advances the iterator
and kills the ResumeGenerator.

Bug: v8:7700
Change-Id: Ice162f061e7ba1dda7ceb4f6fe9234889655b417
Fixed: v8:13250
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865556
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82931}
2022-09-02 10:38:44 +00:00
Manos Koukoutos
ed8be53861 [stringrefs] StringConst value should be non-nullable
Bug: v8:12868
Change-Id: Ia70ddb1fb25bc1f14259d14a8a9f614de7d8cd52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865558
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82930}
2022-09-02 10:37:40 +00:00
Leszek Swirski
8ed59cfb32 [maglev] Drop compilation result if function has TF code
Check the function for TF code before finalizing a maglev compilation,
so that we don't accidentally overwrite the higher tier.

Bug: v8:7700
Change-Id: I20eb4e25f3bf2710b6e65f9d866cad143e77943d
Fixed: chromium:1359114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870464
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82929}
2022-09-02 10:25:44 +00:00
Liu Yu
09aded5467 [loong64][mips64] Cleanup some macros
Besides, fix a error in GetMemOp.

Port commit 247b33e921

Change-Id: I34cf0d22870f438fb6bfcd67ef50ec254fb92608
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869758
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82928}
2022-09-02 10:06:43 +00:00
Nikolaos Papaspyrou
2b5f239abe [heap][test] Refactor tests using heap internals
This CL refactors most of the cctests and unittests (22 out of 31) that
directly invoke heap GC, so that the corresponding internal heap methods
are called from a few specific places in boilerplate code. This will
facilitate impending changes to the interface of GC-related internal
heap methods.

Bug: v8:13257
Change-Id: Ia6773a7952501b0792b279b799171519620497d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869264
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82927}
2022-09-02 09:26:52 +00:00
Lu Yahan
931828a6a1 [riscv] Port [wasm][simd] Fix SpillAdjacentFpRegisters
Port commit 8e069d6294

Bug:chromium:1356718

Change-Id: I0f9f19e45c8f3fc18b46ac0c1341cc61d5b1ae59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868714
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82926}
2022-09-02 09:16:42 +00:00
Milad Fa
eb107f6c5b Skip regress-crbug-1357554 if spark-plug is not enabled
Check comment section of crrev.com/c/3862265 for more
details.

Change-Id: I4085e988ceaf04dbf2e2e34188b5748c025d9672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868500
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82925}
2022-09-02 09:05:54 +00:00
Jakob Kummerow
adbc694a7c [wasm-gc][fuzzer] Fix call_ref with immediate
Use the correct helper function to emit an immediate.

Fixed: chromium:1358909
Change-Id: I2f2ae7819f40009b3f9c22067cdf11885d3347ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869265
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82924}
2022-09-02 08:07:32 +00:00
Deepti Gandluri
f165b31004 [wasm-relaxed-simd] Implement dot product instructions for ia32/x64
Reference lowering in the corresponding issue:
https://github.com/WebAssembly/relaxed-simd/issues/52

Bug: v8:12284


Change-Id: Ia59419f41ae1e53804b0fdb7169bf6f56f864c53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862956
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82923}
2022-09-02 07:25:32 +00:00
Tobias Tebbi
ac23cc0470 [compiler] JSCallReducer: check uses based on index
Bug: chromium:1355824
Change-Id: Ic0809f68259939086ad0e9a329b718eaf0e107aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869266
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82922}
2022-09-02 07:05:06 +00:00
v8-ci-autoroll-builder
b6be819eed Update V8 DEPS (trusted)
Rolling v8/build: 252971c..15f3aed

Rolling v8/buildtools: c24a0d5..734683a

Rolling v8/buildtools/third_party/libc++/trunk: 42e738f..84f0693

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/638d30e..7ee0711

Rolling v8/third_party/depot_tools: 5084800..8cdc635

Rolling v8/third_party/zlib: 926ac23..81e0cc1

Rolling v8/tools/clang: b72e51a..e0c2881

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9a708ed9b806495ef3493d0e8dbb1ff12d661554
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869826
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82921}
2022-09-02 03:53:32 +00:00
Seth Brenith
f388f96fdb Enable background merging of deserialized scripts
This can save memory in cases where multiple frames in a process use the
same script, with sufficient time between loads that the script's
top-level SharedFunctionInfo is no longer present in the compilation
cache. Merging is relatively fast; it generally takes about one tenth as
long as deserialization.

Bug: v8:12808
Change-Id: I7366a51f1d2ca6a9f551cdf2bdbe0441450cf1bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868088
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82920}
2022-09-01 22:46:22 +00:00
Michael Achenbach
ef9985445d [foozzie] Remove obsolete flag suppression
No-Try: true
Bug: chromium:1240812
Change-Id: Ica677c1253bf4ff9ced0b91e71e35ee8e0cb78cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868906
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82919}
2022-09-01 14:50:44 +00:00
Tobias Tebbi
ae32940798 [compiler] fix typing of [[DateValue]]
Bug: chromium:1356308
Change-Id: I00be3495031b203b71cf924745dd2bad878ab3c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868955
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82918}
2022-09-01 14:49:41 +00:00
Clemens Backes
c4959e25b7 Revert "Port Generic JS-Wasm Wrapper for arm64"
This reverts commit 5a318a2313.

Reason for revert: Fails on Mac arm64: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/8211/overview

Original change's description:
> Port Generic JS-Wasm Wrapper for arm64
>
> Bug: v8:10701
> Change-Id: I2014f8994c74379663998e2560d1d51b98a4a9a6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811834
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82915}

Bug: v8:10701
Change-Id: I9d5f19fedb82e2be64bd313f8cf5821fb0d8c795
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869145
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82917}
2022-09-01 14:23:12 +00:00
Clemens Backes
f2faee8519 [wasm] Use std::shared_mutex instead of base::SharedMutex
base::SharedMutex was implemented as an exclusive lock on Mac, because
of an OS issue on Mac (see https://crbug.com/v8/12037).
https://crrev.com/c/3855361 then introduced a custom implementation on
Mac, which caused performance regressions (see
https://crbug.com/1358856).

Since we rely on C++17 now, we can instead just use {std::shared_mutex},
which does not seem to have the deadlock issue of {pthread_rwlock_t}.
As a smoke test (and to check whether this actually fixes the
performance regressions), only switch one mutex in Wasm compilation to
std::shared_mutex. If this CL looks good, then other places can be
switched over as well.

R=ishell@chromium.org

Bug: chromium:1358856, v8:13256
Change-Id: Ia56efcb7747f191cc3ed7a381096c8f57142aff8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868954
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82916}
2022-09-01 13:49:52 +00:00
Ilya Rezvov
5a318a2313 Port Generic JS-Wasm Wrapper for arm64
Bug: v8:10701
Change-Id: I2014f8994c74379663998e2560d1d51b98a4a9a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811834
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82915}
2022-09-01 13:35:02 +00:00