Rolling v8/build: 7875528..e2349a5
Rolling v8/third_party/android_sdk/public: n5NRtk1IRM87UHkSNPKGfMf6VL_BfjEOBXhD9uqynhIC..Jxtur3_L9RzY4q79K-AwIahwFW4oi5uYVD5URx9h62wC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5459c38..bee6bf4
Rolling v8/third_party/depot_tools: 8001297..83aafc9
Rolling v8/third_party/zlib: e5c4d8c..7c4128aTBR=machenbach@chromium.org,tmrts@chromium.org
Change-Id: I8f6f28d37cf97bea0d64ec13f6d64b4e8697478d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1935351
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#65163}
TurboFan serializes the callee functions when concurrent inlining is
turned on. However, if inlining itself is turned off (for ex: TurboProp)
we don't need to serialize these functions reducing time spent on
main thread.
Bug: v8:9684
Change-Id: If4aba1deb64188e411d4f82b27c475ea93a15344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932375
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65157}
Also, fix the implementation of {operator==} and add {operator!=}.
{operator==} could not be instantiated on a {Vector<T>} where T is not
const, as it would access the fields of another instantiation of Vector
({T} vs {const T}).
R=jkummerow@chromium.org
Bug: v8:9810
Change-Id: I65c2d3071a781f6fe7a624b727d2770b43b7f7a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932363
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65155}
Removes job queue flushing in OptimizingCompileDispatcher::Stop when
FLAG_concurrent_recompilation_delay is set. Before this explicit
flushing was run, there was already a wait-loop which ensured the queue
was always empty.
Bug: v8:9810
Change-Id: I620bac9c9d73aead671b178c9450bdd25e6761b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934332
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65154}
This brings the number of optimization misses (with concurrent
inlining) in Octane's typescript from 179 down to 3 (the actual
score doesn't seem to change but it's already on par with the
default configuration).
Bug: v8:7790
Change-Id: Ia4ade2eafc035491d3eac9081383c72b435e8df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924441
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65152}
This makes sure that the return type of the aforementioned heap views is
always {float?} and {double?} respectively, independent of the type of
the value passed to the store. It fixes validation failures due to bogus
(and redundant) conversion expressions being emitted.
R=clemensb@chromium.org
TEST=mjsunit/asm/regress-1027595
BUG=chromium:1027595
Change-Id: I037613afc643ac1b04ae4a943e42dc1823ad5bdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932374
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65151}
This CL moves the DisallowHeapAllocation scopes closer to the
callsites that get detected as GC causes by GCMole.
Bug: v8:9992
Change-Id: I3148f088ff40cee877683f214f85d745ed685a25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928865
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65150}
Change-Id: Iaa3abd6584adf6c844d09a6341bd7fb80fb3d24d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1932372
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65149}
Subsequently LookupHolderOfExpectedType should be called only
when we have installed handler code.
Bug: chromium:1024936, v8:7790
Change-Id: I33a0a7232afaba8455a0cec1fdc56251947419d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930905
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65148}
Adds RuntimeStats counters for HeapBrokerInitialization, Serialize,
SerializeMetadata and Finalization phases. These happen only on main thread.
In a followup cl we will also add counters for other phases that could happen
on main thread or background thread.
Earlier RecompileSynchronous was used to measure the time spent in Concurrent,
non Concurrent and Concurrent finalize phases. This cl replaces them with
OptimizeConcurrent, OptimizeNonConcurrent and OptimizeConcurrentFinalize
counters. This cl also renames RecompileConcurrent to OptimizeBackground to
make it clear this measures the background component of optimization.
This also updates names of trace events to be in-sync with RuntimeStat counters.
Bug: v8:9684
Change-Id: Ifda81ce7ab1c659c2df53bab924c51c46f46939b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1924439
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65147}
This saves some bytes here and there. Whenever the label is bound just a
few instructions after, we can use a near jump.
R=ahaas@chromium.org
Bug: v8:10005
Change-Id: If2ec596575e1bd88d09fde3fa96ffa8187de542f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930898
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65145}
This looks like an oversight. If we know that near jumps can be used, we
should pass that information on to the {jmp} method.
R=ahaas@chromium.org
Change-Id: I839a7a7b66f0e9d535a7cece283750f5c45a44c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930618
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65144}
In the declaration, callers, and in the {ConvertFloatToUint64} helper,
the parameter is called "fail". In the definition, it's wrongly called
"success".
R=ahaas@chromium.org
Change-Id: Iec861f182e54165e609c6e61d399ceb87512054f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930900
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65142}
Converts and uses of RuntimeCallTimerScopes that switch the counter
based on the thread, to use kThreadSpecific and remove the counter
selection.
Also moves RuntimeCallTimerScope::CounterMode to RuntimeCallStats,
since now CorrectCurrentCounterId also takes it as a parameter.
Bug: v8:10006
Change-Id: I14a503e0b83bb69c071f9665956de094bb33c0ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928864
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65141}
This adds a regresson test case for the revert reason of:
https://crrev.com/c/1906378
The test data is tidied up by keeping the different fake d8s in
separate build directories like it would be in production.
A new test simulates an architecture difference and ensures we
pass the architecture mocks in all runs.
No-Try: true
Bug: chromium:1023091
Change-Id: Ic33c426ba8eb9c4b6b0fbb66d43c0859dc2edfcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1918248
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65140}
Allow sharing of hints and modification of shared hints such that
feedback can be propagated to the hints for the corresponding
register, AND all alias registers. Even propagation from an inlined
callee back to the caller is possible.
Bug: v8:7790
Change-Id: I96b3c5e41613efa5711ab758db1c3ef7f7ae6418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1914560
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65139}
During conflict lookup (for lexical variables and sloppy block function
hoisting), we cache the looked-up variable on the current scope if the
lookup goes through a ScopeInfo. However, for variable lookup during
scope analysis, we use the "entry point" as the cache.
Since both lookups can create Variables, this can cause us to create
duplicate variables, e.g. a duplicate function name variable in the
attached test.
Instead, for ScopeInfo conflict lookups we can cache the result on the
function's outer scope, which shoud be equivalent to the entry point.
As a (necessary) drive-by, we can terminate the lookup early if we find
a VAR with the same name, as we can safely assume that its existence
means that it doesn't conflict, which means that our variable can't
conflict either.
Bug: chromium:1026603
Change-Id: I19f80f65597ba6573ebe0b48aa5698f55e5c3ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928861
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65138}
Properly handle termination exceptions in TLA modules.
Bug: v8:9978
Change-Id: Ica70a55d1f54ec89d175d7c846e9a405eaffe0a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1920750
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65135}
Refbuilds still require natives blob. We need to keep the logic for
handling it on android until the next branch point.
No-Try: true
Bug: chromium:1026556
Change-Id: I8375400e0d3ea0f881ef56edc7de8574ae94f3e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928862
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65134}
With https://crrev.com/c/1925524 we are moving elements on the stack by
their offset, but this transfer recipe is still checking the indices of
src and dst, which is incorrect.
Bug: chromium:1027410
Change-Id: Id7c7523c097bd06f3d107cb4d9de1052fc082105
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930606
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65129}
FunctionBlueprint holds a SharedFunctionInfo, FeedbackVector and a
Hints object that represents what we know about the Context of
the "function-to-be." Since we occasionally synthesize a
FunctionBlueprint object from a JSFunction (when we have it),
it can happen that sometimes the Context hint is a concrete
Context object, and other times it's a VirtualContext, representing
a context created sometime during the bytecode execution of the
function under optimization. Moreover, both such FunctionBlueprints
can exist in the same run due to the vagaries of CALL_IC feedback
(ie, sometimes you have a JSFunction, other times you don't).
More details in doc:
https://docs.google.com/document/d/1F1FxoDzlaYP5l5T6ZcZacV3LCUp5elcez05KWj-Mp78/edit?usp=sharing
Bug: crbug:1024282
Change-Id: Id4055531333b3dcbdb93afd23d9a226728292e11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926151
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65127}
port aafbc13https://crrev.com/c/1900662
Original Commit Message:
[wasm-simd] Implement i64x2 shifts for arm
Change-Id: I036610bdcf8e36879cf7a47fbf6e28034345a945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928499
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65126}
RuntimeCallTimerScope can now be called with the optional flag
kThreadSpecific, which chooses the appropriate RuntimeCounterId given
whether the RuntimeCallStats object is for the main isolate thread or a
worker thread.
While this doesn't change any existing timers over to use this flag it
does add checks that in the default case that any thread-specific
counters are the correct one given the thread status.
Bug: v8:10006
Change-Id: Idb545714284bcd2e2fdca991918ddf976dcbdf70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928863
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65125}
port ea06b01https://crrev.com/c/1925613
Original Commit Message:
[wasm-simd] Implement i64x2 add sub for arm
Also some cleanup reordering of instruction codes.
Change-Id: I151668f4125c46b35b08ddd3640341125f6fdbdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928500
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65124}
The previous implementation incorrectly used instructions for 32-bit
data, this CL fixes it to implement 64-bit operations.
Change-Id: Ib8e5236ea35f3a2c0e37e647ea89aad6a1127425
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928501
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65123}
This scenario is where user is at the end of Wasm execution and do
some stepping. Hence, user should be back at Javascript frame. We
can detect that stepping as it exits Wasm Interpreter and prepare
debugging as a step-out-ish in Javascript.
Bug: chromium:823923, chromium:1019606, chromium:1025151
Change-Id: I29022af0d5e5dcf78d87e83193f6e16fec954e87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1912985
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65122}
Currently these events are emitted by Blink in GC prologue/epilogue.
That however does not respect event nesting and breaks with future
perfetto changes. This CL emits the events inside V8 using a scope to
guarantee proper event nesting. The events are same except for the
"type" argument that now gets more detailed information.
The corresponding Blink CL that removes these trace events:
https://chromium-review.googlesource.com/c/chromium/src/+/1929227
Bug: chromium:1026658
Change-Id: Ifbfab647f40f81af7acf315ff4608b9dc9444f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928857
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65120}
We possibly need to load the global object from the global proxy as the holder
of the named interceptor.
Change-Id: I0f9f2e448630608ae853588f6751b55574a9efd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1930903
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65119}
This is a first step towards allowing expressions for array sizes.
So far, local variable bindings used a VisitResult and a const flag.
This doesn't allow for local bindings to alias other things, like
heap references. While this is not generally a feature we need,
it will be helpful to create bindings when evaluating array sizes,
since we want to grant access to the preceding already initialized
object fields, but not to the whole object, which is not completely
initialized yet.
LocationReference already captures the notion of any readable and
assignable location, so it is a good fit to be used for local bindings.
The const attribute is no longer needed, since LocationReference already
has a notion of constness for stack ranges (that is,
LocationReference::Temporary vs LocationReference::VariableAccess).
Bug: v8:10004 v8:7793
Change-Id: Ibe0a43e898e5c2c10d6739e2496d92dda542e6cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928852
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65117}
This CL adds build flags for pluging in third-party heap implementation.
Additionally it redirects allocation requests when the flags are on.
Bug: v8:9533
Change-Id: I7ef300ca9dc2b5f498a13211611ae4b4b3df8fa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1928860
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65114}
