Bump the memory size limit of memory64 memories from 4GB to 16GB. Tests
are added for larger sizes (5GB, 16GB).
Drive-by: Improve two decoder errors to properly include the unit,
tested by the new tests.
R=jkummerow@chromium.org
Bug: v8:10949
Change-Id: I99dfc216b9213838784214c0b65ba863831d5884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789507
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82105}
- No slots are invalidated as all slots are always treated as tagged
or aligned pointers.
- The map is not updated.
Change-Id: Ifb8ffddfa3b626de3233f17f67b46fec36146f2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3795378
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82104}
Make sure to always start at the innermost loop, and to have Jump phis
participate in the lifetime extension.
Bug: v8:7700
Change-Id: Iefb9108519d027782ba9f0ce8c0696fba0a0aa52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793390
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82102}
It's difficult to say which structs might in the future have deprecated
fields, so this CL adds tests for two more for now.
Once we add deprecated fields, we then need to define copy/move
constructs and assignment operators via
{ALLOW_COPY_AND_MOVE_WITH_DEPRECATED_FIELDS} (same as for other structs
which are not tested yet).
R=mlippautz@chromium.org
Bug: v8:13092
Change-Id: I89a330661a02d86d3d48e216b69cb6f77f02cff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82098}
When an object either gets promoted or evacuated, old-to-shared slots
need to be recorded like we already do for old-to-old or old-to-new.
Bug: v8:11708
Change-Id: Ifb5b3d50a59aa45bf8289e1cd7610bb2f317fd6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794648
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82096}
The function returns true if the function does not do anything like:
() => {}.
Change-Id: I049d7956c443b5d2bb8017a48547376f13acd0a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3778969
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82093}
In https://crrev.com/c/3764190, V8_COMPILER_IS_MSVC gets used before it
is defined, so it has no effect. Move the V8_COMPILER_IS_MSVC define up
to fix this.
Change-Id: I94c63ad2a8a7555c85730792c1f91e1285a9b77f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3774095
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82090}
zero extending the offset register must happen regardless
of the length of the offset_imm.
We can only use ip as the offset_reg as r0 and and r1
are being used as scratch later on.
Change-Id: I5517f974af40eb014b8e1f58f8e531909c4d466a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794646
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82087}
The jump table and far jump table are allocated once per code space, but
the lazy compile table only needs to exist exactly once, and it does not
really matter in which code space we allocate it.
Before dynamic tiering, we could always allocate it in the initial code
space (which was empty at the point when we allocated it), but with
deserialization of a partially tiered module we can end up in a
situation where we first deserialize some TurboFan functions into the
initial code space, and when we later try to allocate the lazy compile
table (when we encounter the first non-serialized function) we do not
have enough space any more in the initial code space.
This CL allows to allocate the lazy compile jump table in any code space
to avoid that failure.
R=thibaudm@chromium.org
Bug: chromium:1348472, chromium:1348214
Change-Id: I58c9a8a6541f2ab7df26ddfd1b65d31cc99337fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792607
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82086}
With this CL, blocks at the end of the ExternalPointerTable that are
completely empty after sweeping will be decommitted to reduce the
table's memory footprint.
Bug: v8:10391
Change-Id: I1002e95a0f9c22400fdd2620047d86738a1f7af4
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791903
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82085}
Port 781a5b5ad6
Original Commit Message:
Many platform-dependent LiftoffAssembler methods do not use all
parameters. Comment out the name of unused ones, to make it easier to
see which implementation uses which parameters.
Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
unused there.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I861df687e373ed7dd302fc5e2e1299f09f899166
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792177
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82084}
This is a reland of commit 07e11a64e4.
The original change removed the fill_thehole_and_call_runtime bailout
in StringBuiltinsAssembler::StringToArray() so when the string
is external and cannot be unpacked, the FixedArray won't be filled
with holes before we call into the runtime, thus failing a
heap verification if a GC happens before the array is filled. This
reland adds back the bailout for this case.
Bug: v8:12718, chromium:1330410
Original change's description:
> [heap] pre-populate the single_character_string_cache
>
> This simplifies the code and removes the runtime overhead of
> spontaneously adding strings to the cache.
>
> Bug: v8:12718
> Change-Id: I2ed49bd82e3baf2563eeb8f463be72c0308c52c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616553
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#80803}
Change-Id: I25e8724d511a8d0d971fa2a9b6ba8a0eafce4413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793525
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82082}
If we grow memory (out-of-place, so only without trap handling and only
if the maximum is >1GB) and the previous size is close to the maximum,
then the minimum growth we calculate can be bigger than the allowed
maximum. In this situation, the {std::clamp} has undefined behaviour,
since the provided lower limit is bigger then the upper limit.
Thus apply {std::min} and {std::max} in an order such that {max_pages}
has precedence over {min_growth}.
R=thibaudm@chromium.org
Bug: chromium:1348335
Change-Id: I4f9e9ce10a0685892248eaf0e06ffd2e84b9a069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793396
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82081}
This fixes some instances of -Wundefined-inline in the C++20 build.
Bug: chromium:1284275
Change-Id: I134e866183e1e42b9726153964af9910d03cd3b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791525
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82080}
Due to popular demand.
As a necessary byproduct, this drops our former experimental in-progress
support for accessing struct fields from JS as `.field0` etc. If we need
something similar in the future, we'll have to build a new mechanism for
it that scales to >1020 fields.
Bug: v8:7748
Change-Id: I08b2051bd9f76cf7128f3d4c74910ca891c38130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793616
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82079}
So far all OLD_TO_SHARED slots were deleted after a shared GC. The
remembered set was rebuilt in the next shared GC from scratch. This CL
changes this behavior to only remove slots that don't point into the
shared heap anymore.
We still need to remove the full OLD_TO_SHARED slot set for young
generation pages though. During a shared GC we use the OLD_TO_SHARED
remembered set to cache references into the shared heap even for
pages in the young generation to avoid the second new space object
iteration.
Bug: v8:11708
Change-Id: If92fca25e8fe7e7bf5fc5562c974b0d4c121cb02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3790967
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82078}
Call test functions immediately, and make them print their name before
execution.
R=thibaudm@chromium.org
Change-Id: I2057e2b3c2032c342a86705dbda8992aa54493e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793612
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82077}
It also changes Abort to be a ControlNode.
Bug: v8:7700
Change-Id: I836c353f8110140c023c582ea91c456e23196921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793397
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82076}
The {LiftoffAssembler::Load} method already receives an {i64_offset}
parameter which skips the UXTW (zero extension of 32-bit addresses) in
the memory operand. The same needs to happen on stores.
On 32-bit platforms, we cannot have addresses >=4GB anyway (they would
be detected as OOB before reaching the point in question), so this is
not a problem. On x64, all 32-bit registers are zero-extended already
(which is debug-checked in the generated code), so this is also no
problem (and we just ignore the additional parameter).
R=jkummerow@chromium.org
Bug: v8:10949
Change-Id: I3c2266dde1bf9d182b6759893f7f64540ae12261
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791051
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82074}
Table<any> is not allowed any more and may therefore not be generated by
the fuzzer. Instead, the new type is table<externref>.
Bug: chromium:1348437
Change-Id: Ibf788222fc777508e59178db48e6497a18b250d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793610
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82073}
This is required by the MVP spec. In the future, it might be possible
to pass values for any immutable fields.
Bug: v8:7748
Change-Id: Ie7705b48e9d6ebb87d5e1b0a2a10556302395db6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793383
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82072}
Many platform-dependent LiftoffAssembler methods do not use all
parameters. Comment out the name of unused ones, to make it easier to
see which implementation uses which parameters.
Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
unused there.
R=jkummerow@chromium.org
Bug: v8:10949
Change-Id: I57281237c493cc35c3cd31d814bca9bef510fdd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791049
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82070}
If dynamic tiering or lazy compilation is enabled (which is the
default), the initial code space needs to be big enough to also hold the
lazy compilation jump table.
Otherwise a CHECK will fail later when trying to allocate that table (in
UseLazyStub).
R=ahaas@chromium.org
Bug: chromium:1348472, chromium:1348214
Change-Id: If7a091a5782f1b2099d35d1a06292dddbaeb0598
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793389
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82067}
If a value is expected to be in a particular register for a register
merge, allow for it to be moved there from another register, without
expecting it to be spilled.
Bug: v8:7700
Change-Id: I9ef5e77b3a744a6284f4790ec9d5a7c60739a710
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793391
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82066}
In addition to the marking barrier we now also need the shared barrier
for properly tracking the old-to-shared remembered set. So invoke
the full write barrier for set_map and set_map_after_allocation.
Bug: v8:11708
Change-Id: Ic234e7fad3733ab1348298f5fcc2b76e44cf4b8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793388
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82065}
Currently, we canonicalize types for call_indirect by looking in the
current module for a signature of the same shape. This is not enough
as of wasm-gc. Instead, the canonical identifier representing a type
has to be computed via isorecursive canonicalization.
This change is implemented behind a flag for now.
Future work: Also integrate export wrappers with isorecursive
canonical types. We need to store wrappers in instance-independent
storage.
Drive-by:
- Always emit type check for call_indirect. We did not emit a check
only when typed-function-references was enabled, but not gc. This
is not something that will be possible long-term.
- Fix some wasm cctests.
Bug: v8:7748
Change-Id: I7cced187009ac148c833dff5e720a8bb9a717e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784600
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82064}
Remove the return value from various UpdateSlot methods. These methods
were always returning REMOVE_SLOT anyways.
Bug: v8:11708
Change-Id: I5398f0df14e93e3e74a13aea42d7c422ffc100a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793384
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82061}
We sometimes create jobs that initially hold no work. In those cases,
use CreateJob instead of PostJob.
New background threads will later be spawned when
NotifyConcurrencyIncrease is called.
R=etiennep@chromium.org
Bug: v8:13096
Change-Id: Ieb9f9e03d01af6a72fe5785be72c523a553d0f1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762578
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82060}
Embedders must override the method, because returning a nullptr will
make V8 crash. Hence the method should be abstract.
Bug: v8:12425
Change-Id: I79e1759acd2a5f41424145637ee1fbd161889ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779694
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82058}
This eliminates some "bitwise operation between different enumeration
types" warnings in c++20, where such ops are deprecated.
Bug: chromium:1284275
Change-Id: Ie7f1d5e9430029bc694cef0358d217871670a8d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791964
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82057}
