This is a three-state field now: kTrapHandler, kExplicitBoundsChecks,
kNoBoundsChecks. It is set once based on the flags
(--wasm-bounds-checks and --wasm-enforce-bounds-checks) and depending on
whether the signal handler for wasm trap handling was installed. All
compilation then only uses the field value, and does not need to check
any flags any more.
R=ahaas@chromium.org
Bug: v8:11926
Change-Id: I2c0eb5ecb742ee65d1c10e4dceff7204119dab7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996191
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75558}
In order to implement eager (side effect free) evaluation of arbitrary
accessor properties correctly, we need the ability to call getters while
guaranteeing that we don't trigger side effects. This is accomplished by
adding a `throwOnSideEffect` flag to the `Runtime.callFunctionOn` API,
similar to what's already available with the `Runtime.evaluate` and the
`Debugger.evaluateOnCallFrame` APIs.
Bug: chromium:1076820, chromium:1119900, chromium:1222114
Change-Id: If2d6c51376669cbc71a9dd3c79403d24d62aee43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001360
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75556}
For static OOB accesses in Liftoff we were adding a protected
instruction information, mapping the PC of a jump instruction to the
landing pad. This is not needed, as the jump instruction is not supposed
to trigger a signal.
This CL slightly refactors the code to avoid this protected instruction
information, and resolves the old TODO.
R=ahaas@chromium.org
Change-Id: I668f3ec6a0815af83cbc04fb307744000166fb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003156
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75554}
A frame state's outer frame state input can be kDeadValue. A DCHECK
did not take that into account. In release builds there was no issue
because we branch on the opcode anyways.
While fixing this bug, I'm strengthening the FrameState class such that
a FrameState node must have a kFrameState operator. I'm also
- changing the result type of outer_frame_state() from FrameState to
Node* since it may in fact not be a kFrameState;
- removing has_outer_frame_state() because I find it unintuitive to
have outer_frame_state() return non-NULL even when
has_outer_frame_state() would return true.
Bug: chromium:1224758
Change-Id: I8ebed75c62e31f7eef71e2941fd18869d8a56af3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001356
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75553}
- Change Group.prototype.size to .length
- Use window.requestAnimationFrame when streaming-loading files to show
the loading animation
- Limit width of the timeline-track legend and add 'title' attribute
to show the full text when cropped
- Add duration for selected timeline events in timeline-track legend
- Better error message when the local symbol server is not available
Bug: v8:10644
Change-Id: Icdf2042341c9355ecb55e2fd8e6a4fa0feb5968f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003151
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75549}
For very large snapshots, calculating the checksum of the snapshot can
take at least 30% of the time to deserialize the snapshot, so add a flag
to skip it.
Change-Id: I8f3418f1d1e9f984e7334ac51096a1a166874722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001176
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75548}
Commit 26d85acee2 "Use IMMEDIATE_CRASH on
official build FATAL errors." has changed how FATAL macro behaves on
such builds. Unfortunately this affects logging and
random number generator v8 unittests which use ASSERT_DEATH_IF_SUPPORTED
macro. After the change we no longer get any v8 CHECK crash messages on
official builds thus failing those tests.
Fix this by adjusting failing test expectations to reflect the new,
expected results v8 now has on official builds.
Change-Id: Ice9718c5e887b42a0cfd583340256f7d2591add4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991238
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75547}
Print the reference stack when V8 is unable to encode an external
reference in debug builds so that it's easier for the embedder
to track the external reference down.
Refs: https://github.com/nodejs/node/pull/38905
Change-Id: Ia86eeb87833d7de0eccc7bc040301c78ddb3240c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988831
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#75546}
* Fix IsPendingAllocation check
* Fix IsImmovable check
* Skip some space checks in Heap::CompactWeakArrayLists and Heap::ExternalStringTable::CleanUpAll
-- They assumes some objects are allocated to old or new space, which may not be true for TPH.
Bug: v8:11641
Change-Id: I21d9e3a71f6169bfd19e9a521ee378d7b9f74fa8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994221
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#75542}
This resolves an issue where an inlined CodeEntry may outlive its parent
when translated into a ProfileNode.
Bug: chromium:1223323
Change-Id: I0427fce6a667c16d825f534333d39e463b287e31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000682
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#75541}
This reverts commit 1532f8ff92.
Reason for revert: Race in initialization
Original change's description:
> [heap] Tie process-wide CodeRange lifetime to any remaining Heaps
>
> Currently the process-wide CodeRange, once created, lives until process
> shutdown. This CL changes it to be alive as long as there is a Heap,
> when the last Heap is gone it gets destroyed and will be recreated the
> next time a Heap is created. This behavior is shared with
> SingleCopyReadOnlyArtifacts.
>
> Bug: v8:11929
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Change-Id: I8a545926c3a4122991f9682bd3fd90e72697ea5a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989103
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75522}
Bug: v8:11929
Change-Id: Ie13a09fc07f8da8af3813de46298eceb7b18ba41
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000960
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75539}
The shadow stack space is == the number of register arguments
saved on stack, so reuse the same constant that is already defined.
Bug: v8:11879
Change-Id: I576c26770660de63c85089d658fcddc14bd5a08f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997927
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75538}
Moves back to the same approach as TurboFan of keeping the graph
unscheduled during effect control linearization and later backend
phases and only scheduling the graph immediately before instruction
selection. This gives better code generation, though at a small cost
of more background optimization time.
BUG=v8:9684
Change-Id: I4fb32b5d332e977ca480ac9cceff955750ddd320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999091
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75535}
This reverts commit 92bfb63cac.
Reason for revert: Broke build https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/43249/overview
Original change's description:
> [build] Separate out inspector as a shared library
>
> This makes src/inspector:inspector into a v8_component producing a
> shared library in component builds. To enable this, all of its exported
> are now marked with V8_INSPECTOR_EXPORT.
>
> This also inverts the dependency between src/inspector:inspector and
> :v8_base_without_compiler, and instead makes d8 and some tests depend on
> inspector rather than getting it via v8.
>
> As a result, the no_check_targets exclusions list in .gn is reduced.
>
> Ultimately embedders like chromium should depend on :v8 and optionally
> src/inspector:inspector, but to allow that transition to occur, this
> renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
> inspector. Once all embedders have changed to reflect the new structure,
> this part can be reverted.
>
> Bug: v8:11917
> Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75532}
Bug: v8:11917
Change-Id: I0ed27ed95211d13b8b3438a8c0a42d577806c475
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003452
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75533}
This makes src/inspector:inspector into a v8_component producing a
shared library in component builds. To enable this, all of its exported
are now marked with V8_INSPECTOR_EXPORT.
This also inverts the dependency between src/inspector:inspector and
:v8_base_without_compiler, and instead makes d8 and some tests depend on
inspector rather than getting it via v8.
As a result, the no_check_targets exclusions list in .gn is reduced.
Ultimately embedders like chromium should depend on :v8 and optionally
src/inspector:inspector, but to allow that transition to occur, this
renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
inspector. Once all embedders have changed to reflect the new structure,
this part can be reverted.
Bug: v8:11917
Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75532}
This is a reland of d3cacbbbd5
Changes: Skipped the test in the 'stress' variant instead.
Original change's description:
> Reland: ScopeInfo, SharedFunctionInfo never-ever serialized
>
> This relands squashed CLs:
>
> 59b9aaf7db
> 8f84d0bb8f
>
> The revert was at crrev.com/c/2996198.
>
> Changed: Fixed a test in which bytecode flushing caused a behavioral
> change between serialized- and unserialized SFI Refs. The serialized
> SFI ref kept bytecode alive while unserialized SFIs allow flushing.
> The test was fixed by adding a %PrepareFunctionForOptimization
> annotation.
>
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7790, v8:11939
> Change-Id: I170f8085bd7454a2a5f2bb03c8824e2862857827
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999089
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75504}
Bug: v8:7790, v8:11939
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Change-Id: I10c3fce3a1e5007b4dadfead2baf1f4434d8880b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998590
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75531}
Replace a ZoneUnorderedMap with a ZoneMap in order to avoid
non-deterministic iteration order resulting in non-deterministic IR
and non-deterministic allocations during code assembly later. The
map in question is very small in practice so there should be no
performance regression.
Bug: v8:11894
Change-Id: Ic961102b45b3df28dafdece0cfb54ff5ef940d56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001348
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75529}
On PPC we don't have the `ties to even` FP roundings enabled,
therefore their equivalent Simd op will never get emitted.
Once support is added, the flag needs to be set under
`SupportedMachineOperatorFlags` within the instruction selector.
Setting this flag affects both the scalar and Simd variants
of this op.
Change-Id: I7d486def103045d2dee7cb691927feb19c3e5ef4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996747
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75528}
Also split v8_third_party_heap_files headers and source files between
v8_base_without_compiler and v8_internal_headers.
Bug: v8:7330
Change-Id: I58a1aa3af1d2b5b5872e5cd25a886be8fd9461d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001169
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75527}
Without flushing the messages, the timing of the notifications
is unpredictable making it hard to build features on top.
Bug: chromium:1224371
Change-Id: Ice09ef82231186d1a93ca82508c49e26585ce260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991237
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75525}
Rolling v8/build: 969e9b2..f79e8a3
Rolling v8/buildtools/third_party/libc++abi/trunk: d46361b..ae0481e
Rolling v8/buildtools/third_party/libunwind/trunk: 9303368..ed4a85e
Rolling v8/third_party/aemu-linux-x64: kZbnq1Wh_y69PWihHdedFiEIQANIiZchdysb5-fpBTEC..czR22wy3jcAfrw7l4ljto3qX6BpD2DSahnluWvqUockC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/949bca8..36f311b
Rolling v8/third_party/googletest/src: 255323c..4ec4cd2
Rolling v8/tools/luci-go: git_revision:ede472114f4e51eaa068cd84cadcf470773f19ef..git_revision:e20098f56b10587e3cc0bc9ccac4934a13158de3
Rolling v8/tools/luci-go: git_revision:ede472114f4e51eaa068cd84cadcf470773f19ef..git_revision:e20098f56b10587e3cc0bc9ccac4934a13158de3
Rolling v8/tools/luci-go: git_revision:ede472114f4e51eaa068cd84cadcf470773f19ef..git_revision:e20098f56b10587e3cc0bc9ccac4934a13158de3
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I4f07d610e608afbf4dfb8f5bec70a694ad660ca9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3002689
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75523}
Currently the process-wide CodeRange, once created, lives until process
shutdown. This CL changes it to be alive as long as there is a Heap,
when the last Heap is gone it gets destroyed and will be recreated the
next time a Heap is created. This behavior is shared with
SingleCopyReadOnlyArtifacts.
Bug: v8:11929
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: I8a545926c3a4122991f9682bd3fd90e72697ea5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989103
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75522}
With relative paths in the debug symbols, lldb cannot find the source
files, so set up a source map to direct "../.." to V8 root. This is
similar to what Chromium does in src/tools/lldb/lldbinit.py.
Bug: v8:11879
Change-Id: Ic6126aacafa7e3462c69da538a9528041c92ef00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998517
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75521}
Small refactoring to use an existing ElementSizeInPointers (which has
the same implementation). LinkageLocation::GetSize is now not called
anywhere else, so remove it. The instruction selector can then call
LinkageLocation::GetSizeInPointers instead of calculating it.
Bug: v8:11879
Change-Id: I6f717db1c4047e7847f00cf2bf96c6ec8ea52bda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997924
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75520}
Splits FLAG_lazy into
- FLAG_lazy for main-thread compiled scripts/modules
- FLAG_lazy_streaming for streamed scripts
- FLAG_lazy_eval for eval
This allows us to evaluate the impact of non-lazy compilation for streamed
scripts.
Change-Id: I8a362ea184e0afd3aa7cdb11a7eab5b7497a4691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999090
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75518}
In the existing code we calculate twice how we want to compile a
WebAssembly function, first in InitializeCompilationProgress, and then
again in InitializeCompilationUnit. With this CL we use the information
in the compilation progress to create the CompilationUnits. Not only
does this make the code cleaner, it will also allow us to initialize the
compilation progress differently for deserialization but reuse the code
to create CompilationUnits.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Iee48727be429e3a3a950404806fdd04264145999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988759
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75516}
Changes:
- Use a lightweight WasmElemSegment::Entry struct to store element
segment entries in a WasmModule.
- Also, restructure LoadElemSegmentImpl to handle all types of
global.get entries correctly.
- Simplify InitializeIndirectFunctionTables and make it handle all types
of entries correctly.
- In the above two cases, reject WasmJSFunctions for now.
Bug: v8:11895
Change-Id: Ie714f8c7f1af8959486138d2ad49bc622a89276d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991248
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75513}
NewEmptyCode was missing the initialisation of three fields.
These were crashing when running with --verify-heap.
Bug: v8:11872
Change-Id: I679f0d2d68c5594b0e9700b26c031483c3d46b68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999095
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75511}
