Add method to make LABs in all local heaps iterable and invoke this
function in Heap::MakeHeapIterable().
Bug: v8:10315
Change-Id: I6c8b1ea2337647f68995c13e6244d5ef0673b0e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230534
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68193}
Changes:
- Remove subtyping checks from value-type.h and move them to dedicated
files. Leave a limited version in value-type.h for testing.
- Implement subtyping for struct and array types, according to the
wasm-gc proposal.
- Implement type equivalence checking.
- Introduce a subtyping relation cache in WasmModule.
- Rename IsSubTypeOf -> IsSubtypeOf.
- Fix v8 possible bug where iterator_range took two unused type
parameters.
- Add unittests for subtyping.
Bug: v8:7748
Change-Id: I0ddbda4145e0412196dcf4fc63f3c5875fb3ab5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228497
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68192}
The replacement was done using the wrong effect node.
Bug: chromium:1086890
Change-Id: I3bfc2473415f7d28fa1bcf0ff14ffe46b82bf87b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231340
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68191}
Due to recent spec changes, We do not have to check if ref.func
instructions in global declarations only refer to declared functions.
Additionally functions referenced in exports and globals are now
considered declared.
R=ecmziegler@chromium.org
Bug: v8:10556
Change-Id: I79856c7d68155a04eb36769ceed8a58fe62a9f9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228653
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68190}
Rolling v8/build: bdb409c..3142ebd
Rolling v8/third_party/aemu-linux-x64: t4ELE6VgcCM5v-3W7_Dv8jFHkyeEu69AW5lwrtqWBOwC..ij0nEFLmrqJqEp81i5YIDjeQ8epXhPrtAI0otT1OId0C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/15d5f65..92c6c3e
Rolling v8/third_party/depot_tools: e65444f..02dbd01
Rolling v8/tools/clang: 59c0072..fab9ca5
Rolling v8/tools/swarming_client: 90c5e17..4c095d0TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I2259439af5cd553d8176d246f7897a9616412e90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230852
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68189}
All these functions need to do is just write the value to the memory,
but EmitHelper will do something more than this, EmitHelper will check
if it need generate trampoline code while code generating and it will
insert trampoline code at current pc offset, this means there maybe have
trampoline code between two consecutive dd()'s target memory(pc), this
is not we want.
Change-Id: I5537f133be78aabdc4d53d4de07f388fa50f4a64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224963
Commit-Queue: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68188}
Making them private was a way to hide the functions, we can
explicitly delete them, which give a better compilation error message as
well.
Also see: https://stackoverflow.com/q/55205874
Bug: v8:10488
Change-Id: I24f70dc1f6fb227185b6f8ecb30a81e218dd2a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2223232
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68186}
This change also removes the kInvalid value from JSRegExp::Flag, so that
the values in JSRegExp::Flag correspond only to those which can exist on
the heap and not things used temporarily during parsing.
Change-Id: I1ded0b1be8c59eab72320edfef26eda42c91a89f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216302
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#68182}
Speculative BigInt addition fails to throw the expected exception
when called with non-BigInt inputs when the result of the computation
is unused. In paricular, this CL does:
- Remove kNoThrow on speculative BigInt operators
- Fix AddWithFeedback to not lose type feedback if builtin throws
to elide existing deopt loops
- Add handling of TypeCheckKind in RepresentationChanger where this
was previously ignored
Bug: chromium:1073440
Change-Id: I953a5b790fc3b37a6824f0b6546a0488c51fbb3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228493
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68181}
When accessing a field of a non-class type, Torque will generate a
CallAccess LocationReference, which has an unknown type. We still tried
to access it's type, resulting in a DCHECK failure.
Bug: v8:7793
Change-Id: I3650643e29db852783eca1e166b700eebd1b8dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209056
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68180}
This reverts commit 63e243a0c2.
Reason for revert: Speculative revert for https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/31811?
Original change's description:
> [wasm] Do not log code of functions whose module is not fully loaded
>
> Under some circumstances, Wasm is trying to log code for which the
> wire bytes are not fully loaded yet. This can happen during streaming
> compilation when a few functions are already fully compiled but the
> engine is still streaming the remaining functions.
>
> If the profiler now kicks in, it will attempt to log these freshly
> compiled functions. As these functions will not be executed before
> the module is fully compiled, we can simply defer the logging in this
> case.
>
> R=clemensb@chromium.org
>
> Bug: chromium:1085852
> Change-Id: Idb1061cafcba7a2a654a207402dca520f79a3bbe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219938
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68174}
TBR=clemensb@chromium.org,ecmziegler@chromium.org
Change-Id: I444c70e63b876b8473bf9599643bdfe39c8f1eae
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1085852
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230531
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68177}
The flag will be used to upload changes towards the removal of
arguments adaptor frame, by reversing the JS arguments in the stack.
Change-Id: Ia41f740d9fac51a072487733d387390e69574cfb
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230525
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68176}
Fix arguments order when a call to a CPP builtin is inlined.
When V8_REVERSE_JSARGS is set, the arguments should be reversed and the extra builtin parameters should be pushed last, that is, the input nodes should be located before the function arguments.
Change-Id: Icfcee15bf9e596b236bfd2615a73ce101c87857d
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218289
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68175}
Under some circumstances, Wasm is trying to log code for which the
wire bytes are not fully loaded yet. This can happen during streaming
compilation when a few functions are already fully compiled but the
engine is still streaming the remaining functions.
If the profiler now kicks in, it will attempt to log these freshly
compiled functions. As these functions will not be executed before
the module is fully compiled, we can simply defer the logging in this
case.
R=clemensb@chromium.org
Bug: chromium:1085852
Change-Id: Idb1061cafcba7a2a654a207402dca520f79a3bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219938
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68174}
Introduce ParkedMutexGuard which is similar to base::MutexGuard but also
parks the LocalHeap while the thread is blocked.
Bug: v8:10315
Change-Id: I149673511df013881ed2fbb42cf22d3f9b17b92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230518
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68173}
Introduce --stress-concurrent-allocation flag. With this flag, V8 will
run periodically start an allocation background task, which allocates
objects. Will be used for testing background allocation.
Bug: v8:10315
Change-Id: Iddb7ff34601a492bc2f26f41cc56a2a899807cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228889
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68172}
We use StoreOwnIC to initialize the object after creating a new object
with CreateObjectLiteral. CreateObjectLiteral stores kHoleNaNInt64
to indicate an uninitialized double field. When we actually try
to store a NaN value into that field later using StoreOwnIC, IC avoids
actually storing the new value since the existing value is "same as"
the value we try to write. The float comparison treats all NaNs as
equal. In this particular case, we should actually store the new value
since kHoleNaNInt64 value is used to represent an uninitialized field.
This cl just stores the new value even when the existing value is same
as the new value for double fields. The check is still required to
correctly track const fields.
Bug: chromium:1082293
Change-Id: Ib37061802f2403545cffa6d6fef08be074b0825d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228886
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68167}
Change-Id: I29c1339fa75aa26bd18b7e007a0e88de15096a43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219934
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68166}
This reverts commit 3b1d24cf47.
Reason for revert: The problem is fixed
Original change's description:
> Revert "[Intl] Use new getDefaultHourCycle to replace old hack"
>
> This reverts commit 611e412768.
>
> Reason for revert: https://crbug.com/1080367
>
> Original change's description:
> > [Intl] Use new getDefaultHourCycle to replace old hack
> >
> > Use the ICU 67.1 new API DateTimePatternGenerator::getDefaultHourCycle
> > to replace a hack which get the pattern of "jjmm" to find out the
> > default hour cycle of a locale
> > Bump the required API version from 65 to 67
> >
> > Bug: v8:10225
> > Change-Id: I3378edacb6dfb8400357ac0bf3d5d50b9fe008bd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173875
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Frank Tang <ftang@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67549}
>
> TBR=jkummerow@chromium.org,ftang@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: v8:10225
> Change-Id: I8bdfbdfc6c906814e5a7525cbde79c9cac854bd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208811
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67929}
TBR=jkummerow@chromium.org,zhin@chromium.org,ftang@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:10225
Change-Id: I386cf0347a0fa5403fb196bb46ac77f48c9c0a0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229470
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68165}
Rolling v8/build: c523c20..bdb409c
Rolling v8/buildtools: 7a0ebcc..1b066f0
Rolling v8/third_party/aemu-linux-x64: V4ZGjQxGJ00ndsSZd9X90QJnY3N7-ZbuPq57Yk7yv74C..t4ELE6VgcCM5v-3W7_Dv8jFHkyeEu69AW5lwrtqWBOwC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1ec2986..15d5f65
Rolling v8/third_party/depot_tools: 9904485..e65444f
Rolling v8/third_party/googletest/src: 011959a..cb44c86
Rolling v8/third_party/zlib: f5eca0d..a68151f
Rolling v8/tools/clang: 8b9091f..59c0072TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: Iafe4f3edc0019eb4c061fb1f12c41047c4c411c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229939
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68163}
The fix is in 630b884f84 not f2223961.
This reverts commit 464ee4b7ad.
Reason for revert: roll to 67.1 after the landing of the fix
Original change's description:
> Revert "Roll ICU from 65.1 to 67.1 (f2223961) & correct tests"
>
> This reverts commit e270b6d615.
>
> Reason for revert: V8 DEPS roll stuck https://crbug.com/v8/10567#c1
>
> Original change's description:
> > Roll ICU from 65.1 to 67.1 (f2223961) & correct tests
> >
> > Rolling to chrome/src is in
> > https://chromium-review.googlesource.com/c/chromium/src/+/2155530
> >
> > Since auto rolling stop after 3/24/2020 and the rolling will cause
> > change of test status, I get this cl ready (but not running trybot due
> > to 1074260) and plan to hand roll after the submission of 2155530.
> >
> > Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> > Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
> > Auto-Submit: Frank Tang <ftang@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67493}
>
> TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,ftang@chromium.org,syg@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> Change-Id: I3f4233815ed7414f2cde3d4d996696575b5f6e3a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219334
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68051}
TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,zhin@chromium.org,ftang@chromium.org,syg@chromium.org
# Not skipping CQ checks because this is a reland.
Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I1de5eb36eff420482a12205682b153a2493d5249
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220781
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68160}
This relands commit 76debfda32.
This fix here is to convert the original mjsunit test into a
cctest, where we check for SIMD support, and skip the test.
We don't have lowering for I64x2 yet, so this is the
workaround.
Original change's description:
> [wasm-simd][liftoff] Fix I64x2Mul
>
> The I64x2Mul overwrote the lhs/rhs if they are the same as dst. So when
> deciding if we need temporaries, we should not only check the
> cache_state, but whether they alias dst or not.
>
> Bug: chromium:1088273
> Change-Id: I82efa9b45e0a3d321a06efde60971ce95b21490f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225796
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68114}
Bug: chromium:1088273
Change-Id: Ia3fd251998159d9beb581a6af3414921fe968e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227068
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68159}
vroundps assembly is incorrect:
- the signature was wrong, vroundps takes 2 operands and 1 immediate
- when calling vinstr, should always pass xmm0, this wasn't causing
issues because our test cases were restricted enough that it was always
xmm0 anyway
- the macro assembler should use AVX_OP_SSE4_1, since roundps requires
SSE4_1
- drive-by fix for roundss and roundsd to be AVX_OP_SSE4_1
- add disasm for roundps and vroundps, and test them
Bug: v8:10553
Change-Id: I4046eb81a9f18d5af7137bbd46bfa0478e5a9ab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227252
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68157}
This CL repurposes the v8.wasm trace event category, and introduces
additionally the v8.wasm.detailed category.
The v8.wasm category is enabled by default and captures core wasm events
like validation, compilation, instantiation, and important operations
like grow-memory and tier-up timings.
The v8.wasm.detailed category is disabled by default. It captures all
events the previous v8.wasm category captured, like compilation of
single functions, time needed for register allocation, ...
This CL splits these categories to allow enabling the v8.wasm category
in telemetry benchmarks to calculate compile time and other metrics
from traces of telemetry runs.
R=ecmziegler@chromium.org
Bug: chromium:1084929
Change-Id: Ida58b8f344b0ccb6ee1210e259c3e0e993eff497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210230
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68156}
All subtyping has been removed from the reference-types proposal. This
CL implements this proposal change now in V8.
R=manoskouk@chromium.org
Bug: v8:10556
Change-Id: I08ef064952278e03ea655461fa9f0c96426157c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222345
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68152}
We already track register usage, so we can stop as soon as all registers
are spilled. Also iterate the stack backwards, since the bottom of the
stack is more likely to be already spilled.
R=clemensb@chromium.org
Bug: v8:10576
Change-Id: I06fe8efe257dd5b8bcb426b4e79a8815a8cb5c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228494
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68151}
This ports HeapStatsCollector (former ThreadHeapStatsCollector) from
Blink. The CL only ports accounting of allocated object size which is
needed for a simple growing strategy in a follow up.
HeapStatsCollector is a global dependency for most sub components as
it provides infrastructure for measuring time (through trace scopes)
and space.
The general idea of HeapStatsCollector is to act as sink where all sub
components push time and space information. This information is then
gathered and made available via an event that is implemented as POD.
Time-dependent info is available through regular getters (pull) and
observers (push).
Change-Id: I40b4d76e1a40c56e5df1a7353622318cde730e26
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225902
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68150}
This CL makes it so that we revisit nodes in the revisit queue as soon
as possible in RETYPE and PROPAGATE. This is done to revisit loops
related to backedges before moving onto other nodes.
Bug: v8:10424
Change-Id: I432c6551805903072b3f9fbc867adca82b263325
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157373
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68149}
Even in unreachable code, the targets of br_table have to have matching
types.
R=thibaudm@chromium.org
Bug: v8:10556
Change-Id: I2e85df3cb92f7910a6bcb5ac03927c424194660d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218062
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68148}
Add some abstractions to make it easier to define more tests.
Bug: v8:7748
Change-Id: Ia5605aa10963228eb4bfba37e2b412fc5af860d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224212
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68147}
1) Rename remembered-set-inl.h back to remembered-set.h
2) Introduce a new remembered-set-inl.h and move the
function definition that depends on ptr-compr-inl.h.
Change-Id: I0e16e1e428937184ff255471937c70e6bb65a11e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2223816
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68146}
When tiering down (or up), we first get a list of all native modules
(under a lock), then tier them down/up without holding the lock. Since
we don't hold (shared) ownership of the native module, it could die
in-between.
This CL fixes this by keeping weak pointers to the native modules, and
re-gaining a shared pointer before putting the module in the list of
modules to be tiered down/up.
R=thibaudm@chromium.org
Bug: v8:10588
Change-Id: I2891c3729f42f26d4026f3e2448e124863b95122
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228515
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68145}
