This CL decouples the Wasm GC JS interop from the experimental
string <-> array conversions as the interop is now enabled by
default, still there are some issues discovered with the
conversions.
The functions are fixed via https://chromium-review.googlesource.com/c/v8/v8/+/3916633.
Bug: chromium:1366881
Change-Id: I27730523a51d24a7ea18199e1668e8c76f0bcb4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916088
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83435}
This introduces a new DirectHandle class with a deliberately similar API
to Handle. It uses an API that uses identical method names for symmetry,
but with an address field containing a direct pointer to JS heap objects
(or SMI).
Direct handles are experimental and can be enabled with the
v8_enable_conservative_stack_scanning gn option. The motivation for them
is described in the design doc [1].
[1]: https://docs.google.com/document/d/1uRGYQM76vk1fc_aDqDH3pm2qhaJtnK2oyzeVng4cS6I/
Bug: v8:13270
Change-Id: I0a6e0581adb5fa3b420efec3ba2b6d609d945c52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820483
Commit-Queue: Jake Hughes <jh@jakehughes.uk>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83434}
This CL fixes the build with neon intrinsics using clang-cl.
Seems it doesn't need to apply MSVC workaround for uint32x4_t and uint64x2_t.
Bug: v8:13333
Change-Id: Ic053a5c344de492458f9da749d81808775491dcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916643
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83433}
It's possible the path into resumable loop looks dead, while the loop
body itself is resumable and is being optimized due to an active
generator running the loop. By reviving resumable loop headers we have a
chance to properly optimize such generators (and avoid deoptimizing them
prematurely).
Bug: v8:7700
Change-Id: Icf5dadba17a7fd38409193e1e3f702f108a5639e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918093
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83432}
Drive-by: dtype and stype are removed from SIMD_UNOP_LIST,
toSimd() requires them to all be of type `fp`.
Change-Id: Ifdfe187e2b143fb8fa785c44344bea38ea7e10f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916553
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83431}
ref.cast_nop is used for internal testing only.
0xfb48 will become ref.test null.
Bug: v8:7748
Change-Id: Iaee762dd97a993a361edddf656090210876178a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913205
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83430}
Non-well-behaved test cases may pass too few arguments. The builtins
shouldn't attempt to inspect arguments that aren't there.
Not bothering with a regression test because these experimental
builtins are probably short-lived at this point anyway.
Fixed: chromium:1366881
Change-Id: Ifee8929c6a97539eac7609c64082d66cd53cec89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916633
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83429}
... when "return" property is added to respective iterator or might be
added somewhere up the prototype chain.
According to the iterator protocol the "return" callback must be
called when iteration is aborted in the middle.
Bug: chromium:1357318
Change-Id: I36d81b90cfd40e417136ab97ec53ad7054f4df77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916630
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83427}
The GraphAssemblerLabel VarCount template parameter now can have a
marker value ~0 which is marker for it being dynamic sized -- this means
that a bit of template magic turns its std::arrays into std::vectors.
Merging GraphAssemblerLabels works by duck-typing access to these
arrays/vectors.
These dynamic GraphAssemblerLabels are created whenever a single
GraphAssemblerLabels being created when instead a list of values
convertible to MachineRepresentation is passed in. Passing anything else
will result in a GraphAssemblerLabel with marker value ~1, which is
considered "invalid" and will give a compilation error down the line.
std: :vector is passed into MakeLabel, with the static
Change-Id: I833bdedac2f8e26fcc88aa59dd67b7e4b1c4296d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913349
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83424}
When performing full GC on a shared space isolate, the GC also needs
to visit OLD_TO_SHARED slots in client isolates and update pointers.
Bug: v8:13267
Change-Id: Ida48c666dce8f5ed703a6920ad007add9235d64a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913347
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83421}
Collect feedback for BigInt64 in interpreter and change the runtime
for BigInt64 addition.
Bug: v8:9407
Change-Id: Ic69ba2c1f5ada998ac5ee3279e8296efe084d600
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909809
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83419}
See also Turbofan's JSContextSpecialization reducer.
For all context loads and stores, this CL implements:
1) depth reduction through graph walks (even without FCS)
2) conversion from the context node to a heap constant
3) if possible, conversion of a load of an immutable context slot load
to a heap constant
Bug: v8:7700
Change-Id: Ie4d1acd0ff206f25dd5373a860d23b006a31dcee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904914
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83418}
This reverts commit f08547afd4.
Reason for revert: Causes failures due to virtual address space
exhaustion inside the sandbox.
Original change's description:
> [sandbox] Improve the default ArrayBufferAllocator for the sandbox
>
> Rather than using a page allocator and rounding all allocation request
> sizes up to the next multiple of the OS page size, we now use a
> base::RegionAllocator with a "page size" of 128 as a compromise between
> the number of regions it needs to manage and the amount of wasted memory
> due to allocations being rounded up to a multiple of that page size.
> While this is still not as performant as a "real" allocator, it does
> noticeably improve performance when allocating lots of ArrayBuffers.
>
> Bug: chromium:1340224
> Change-Id: I56d1ab066ba55710864bdad048fb620078b2d8c2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913346
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83396}
Bug: chromium:1340224
Change-Id: I3e3cc18c0e75cac586b7f014a75df1028bbfa86f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916637
Commit-Queue: Samuel Groß <saelo@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83417}
There is no need for ClientHeapVerifier anymore since we can simply
invoke full verification for all client heaps.
Bug: v8:13267
Change-Id: Ic72744aed09569f2e3e61bb3d6c889d2a7ad4de3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913030
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83416}
In wasm-spec, the shift amount will modulo 32 or 64.
Change-Id: I98d003dfd8b73d0d3eb1a022942d7b138d29fdc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912629
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83414}
MSVC does not support inline assembly (clang-cl does).
Those two functions needs to be implemented using C++ only. Implemented
a version for MSVC only, based on an intrinsic (that guarantees load,
even with optimization) available for any architecture.
Bug: v8:13312
Change-Id: I3aa4eac03c099535c5d3a9a40221bd5f8bbcb0d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913036
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83407}
MSVC is confused by initializer list and default parameter, and reports
an ambiguous call.
test/cctest/test-assembler-arm64.cc(12208): error C2668: 'v8::internal::Clobber': ambiguous call to overloaded function
test-utils-arm64.h(251): note: could be 'void v8::internal::Clobber(v8::internal::MacroAssembler *,v8::internal::CPURegList)'
test-utils-arm64.h(241): note: or 'void v8::internal::Clobber(v8::internal::MacroAssembler *,v8::internal::RegList,const uint64_t)'
Solution is to construct with explicit type.
Bug: v8:13312
Change-Id: I66f5ba48bcdf6eb30035beaf7214a3d26fc9f18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913034
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83406}
Array#with and TypedArray#with adapt their arguments because they have a
fixed arity of 2. Builtins that adapt arguments shouldn't use
...arguments in Torque, which results in a "don't adapt" sentinel to be
generated, resulting in incorrect frame size computation.
Bug: v8:12764, chromium:1367133
Change-Id: I81c1ef2cdef25d049fa0b8effcb2a953c2a9846b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3915939
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83405}
This compilation error was found by NodeJS when updating V8:
https://github.com/nodejs/node-v8/issues/240
MSVC reports an error with "too many initializer" for type uint32x4_t.
---
Under gcc/clang, this is a typedef to a builtin type.
For MSVC, it is a typedef to this union:
typedef union __n128
{
unsigned __int64 n128_u64[2];
unsigned __int32 n128_u32[4];
...
} __n128;
C++ mandates that only first member of union can be initialized at
declaration. Thus, it can only be initialized with {uint64_t, uint64_t}.
VS people proposed to use designated initializer instead:
var = {.n128_u32={1, 2, 3, 8}}
https://developercommunity.visualstudio.com/t/error-c2078-too-many-initializers-when-using-arm-n/402911
But, you need to use /std:c++20 for this, which is not the case in v8.
---
Thus, the only solution is to implement a hack specifically for MSVC,
where you build two uint64, from four uint32.
---------------------------------------
Once solved, another error is reported:
templated function extract_first_nonzero_index is specialized twice.
This is because, with MSVC, uint32x4_t and uint64x2_t are typedef to the
same __n128 union. The fix is to drop templates, and use explicit
function names instead.
Bug: v8:13312
Change-Id: I231d8cf01c05af01af319d56d5666c415f8b989b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913035
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83404}
clang/clang-cl compiled happily (probably included transitively this
header), but not MSVC.
Bug: v8:13312
Change-Id: I69b6c15f76d8ef13e4fac33f733717429ba96f71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913033
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83402}
This is a reland of commit 70de8dd17f
Uses a version of python coverage available on arm.
Original change's description:
> [Python3] Clean up python2 holdovers
>
> Cq-Include-Trybots: luci.v8.try.triggered:v8_android_arm64_n5x_rel_ng_triggered
> Bug: v8:9871
> Change-Id: I889fad886339e754ffee4e11cc06bc594e30641d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913200
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Liviu Rau <liviurau@google.com>
> Cr-Commit-Position: refs/heads/main@{#83391}
Bug: v8:9871
Change-Id: I4a2eddc09e1a57cc9847b68caac8a9f98c14d222
Cq-Include-Trybots: luci.v8.try.triggered:v8_odroid_arm_rel_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913027
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83401}
On PPC we don't have the nearest int FP roundings available,
bailing out to C runtime.
Change-Id: I4d8ee4ba74fb6c60752cdbde4a73052ab159821a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913247
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83399}
Rather than using a page allocator and rounding all allocation request
sizes up to the next multiple of the OS page size, we now use a
base::RegionAllocator with a "page size" of 128 as a compromise between
the number of regions it needs to manage and the amount of wasted memory
due to allocations being rounded up to a multiple of that page size.
While this is still not as performant as a "real" allocator, it does
noticeably improve performance when allocating lots of ArrayBuffers.
Bug: chromium:1340224
Change-Id: I56d1ab066ba55710864bdad048fb620078b2d8c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913346
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83396}
A shared space isolate needs to safepoint all clients as well in order
to collect garbage in the shared spaces.
Bug: v8:13267
Change-Id: I3f00a84bd46353c4351bbbe4240b90d8847afc8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912764
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83393}
This aligns the breakpoint behavior of YieldExpression and
AwaitExpression with the behavior of AssignmentExpression
in V8. It basically boils down to not reporting expression
positions on SuspendGenerator bytecodes as breakable
locations.
In particular the initial implicit yield of any generator
function is no longer a breakable position. In light of
this changes we also refine https://crrev.com/c/2949099
to not be able to step to the initial implicit yield
either, which would otherwise be really odd.
Before: https://imgur.com/KYy9F1S.png
After: https://imgur.com/gCnWU8J.png
Doc: https://goo.gle/devtools-reliable-await-breakpoints
Bug: chromium:901814, chromium:1319019, chromium:1246869
Fixed: chromium:1319019, chromium:1357501
Change-Id: I0c5f83e279918eb392d8f77a8a04c4c0285f938e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909688
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83392}
This change makes the default configuration of standalone V8 builds
(again) reflect the default configuration of V8 in Chromium builds.
Bug: v8:10391
Change-Id: Ia98492a283772ebfde43f0edbfdff05319ac4352
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913345
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83390}
Holder in 'object where the property was found' sense is different from
the holder object needed for calling API callbacks (see
FunctionCallbackInfo::Holder()).
Bug: v8:13284
Change-Id: I08dd625de6cc7ba33aec8cea4ebe28c884755455
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913285
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83386}
