Commit Graph

62668 Commits

Author SHA1 Message Date
Victor Gomes
4f3d7225b2 [BUILD] Create compiler flag v8_enable_reverse_jsargs
The flag will be used to upload changes towards the removal of
arguments adaptor frame, by reversing the JS arguments in the stack.

Change-Id: Ia41f740d9fac51a072487733d387390e69574cfb
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230525
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68176}
2020-06-04 12:47:28 +00:00
Victor Gomes
a35e49dfa0 [compiler] Fix CPP builtins extra arguments position when V8_REVERSE_JSARGS is set
Fix arguments order when a call to a CPP builtin is inlined.
When V8_REVERSE_JSARGS is set, the arguments should be reversed and the extra builtin parameters should be pushed last, that is, the input nodes should be located before the function arguments.

Change-Id: Icfcee15bf9e596b236bfd2615a73ce101c87857d
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218289
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68175}
2020-06-04 12:13:43 +00:00
Emanuel Ziegler
63e243a0c2 [wasm] Do not log code of functions whose module is not fully loaded
Under some circumstances, Wasm is trying to log code for which the
wire bytes are not fully loaded yet. This can happen during streaming
compilation when a few functions are already fully compiled but the
engine is still streaming the remaining functions.

If the profiler now kicks in, it will attempt to log these freshly
compiled functions. As these functions will not be executed before
the module is fully compiled, we can simply defer the logging in this
case.

R=clemensb@chromium.org

Bug: chromium:1085852
Change-Id: Idb1061cafcba7a2a654a207402dca520f79a3bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219938
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68174}
2020-06-04 12:05:02 +00:00
Dominik Inführ
3e0ced3398 [heap] Add ParkedMutexGuard
Introduce ParkedMutexGuard which is similar to base::MutexGuard but also
parks the LocalHeap while the thread is blocked.

Bug: v8:10315
Change-Id: I149673511df013881ed2fbb42cf22d3f9b17b92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230518
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68173}
2020-06-04 11:42:22 +00:00
Dominik Inführ
dbf89f8aec [heap] Add --stress-concurrent-allocation flag
Introduce --stress-concurrent-allocation flag. With this flag, V8 will
run periodically start an allocation background task, which allocates
objects. Will be used for testing background allocation.

Bug: v8:10315
Change-Id: Iddb7ff34601a492bc2f26f41cc56a2a899807cfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228889
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68172}
2020-06-04 11:15:44 +00:00
Jakob Gruber
3a99db57c9 Add jgruber to deoptimizer owners
Change-Id: Iba745cae7f5b90654839abefb42b21fd9c49064f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228650
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68171}
2020-06-04 11:12:03 +00:00
Santiago Aboy Solanes
c64a34c9a4 [cleanup] Delete old pointer compression comment
Bug: v8:7703
Change-Id: I06c9e04b1c8ab3c6461468db2f7a035a12ccf7d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230522
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68170}
2020-06-04 11:02:02 +00:00
Clemens Backes
b342cbb20b Revert "[flags] warn about contradictory flags"
This reverts commit b8f9166664.

Reason for revert: Fails gc-stress (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/28341).

Original change's description:
> [flags] warn about contradictory flags
> 
> Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> 
> Bug: v8:10577
> Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68168}

TBR=machenbach@chromium.org,neis@chromium.org,clemensb@chromium.org,tebbi@chromium.org,tmrts@chromium.org

Change-Id: Ia1e3373fbb4c369594ceb98eb560e3ccf2cb8780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230523
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68169}
2020-06-04 10:20:05 +00:00
Tobias Tebbi
b8f9166664 [flags] warn about contradictory flags
Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/

Bug: v8:10577
Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68168}
2020-06-04 09:50:42 +00:00
Mythri A
b61335513a [ic] Fix a bug in StoreOwnIC when storing NaN values
We use StoreOwnIC to initialize the object after creating a new object
with CreateObjectLiteral. CreateObjectLiteral stores kHoleNaNInt64
to indicate an uninitialized double field. When we actually try
to store a NaN value into that field later using StoreOwnIC, IC avoids
actually storing the new value since the existing value is "same as"
the value we try to write. The float comparison treats all NaNs as
equal. In this particular case, we should actually store the new value
since kHoleNaNInt64 value is used to represent an uninitialized field.

This cl just stores the new value even when the existing value is same
as the new value for double fields. The check is still required to
correctly track const fields.

Bug: chromium:1082293
Change-Id: Ib37061802f2403545cffa6d6fef08be074b0825d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228886
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68167}
2020-06-04 09:35:22 +00:00
Santiago Aboy Solanes
8e4b758e9c [cleanup] Add comments and make DCHECK more declarative in BinarySearch
Change-Id: I29c1339fa75aa26bd18b7e007a0e88de15096a43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219934
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68166}
2020-06-04 08:58:53 +00:00
Frank Tang
cf209e2a08 Reland "[Intl] Use new getDefaultHourCycle to replace old hack"
This reverts commit 3b1d24cf47.

Reason for revert: The problem is fixed

Original change's description:
> Revert "[Intl] Use new getDefaultHourCycle to replace old hack"
> 
> This reverts commit 611e412768.
> 
> Reason for revert: https://crbug.com/1080367
> 
> Original change's description:
> > [Intl] Use new getDefaultHourCycle to replace old hack
> > 
> > Use the ICU 67.1 new API DateTimePatternGenerator::getDefaultHourCycle
> > to replace a hack which get the pattern of "jjmm" to find out the
> > default hour cycle of a locale
> > Bump the required API version from 65 to 67
> > 
> > Bug: v8:10225
> > Change-Id: I3378edacb6dfb8400357ac0bf3d5d50b9fe008bd
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173875
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Frank Tang <ftang@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67549}
> 
> TBR=jkummerow@chromium.org,ftang@chromium.org
> 
> # Not skipping CQ checks because original CL landed > 1 day ago.
> 
> Bug: v8:10225
> Change-Id: I8bdfbdfc6c906814e5a7525cbde79c9cac854bd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208811
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67929}

TBR=jkummerow@chromium.org,zhin@chromium.org,ftang@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:10225
Change-Id: I386cf0347a0fa5403fb196bb46ac77f48c9c0a0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229470
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68165}
2020-06-04 08:00:09 +00:00
Marja Hölttä
5f9d59017c [Promise.any] Make 'errors' non-enumerable
This reflects the latest changes in the Promise.any proposal.

Bug: v8:9808
Change-Id: I0f8ea2e95f430479963bf9d9597f243024de8c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222344
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68164}
2020-06-04 07:58:24 +00:00
v8-ci-autoroll-builder
3684339522 Update V8 DEPS.
Rolling v8/build: c523c20..bdb409c

Rolling v8/buildtools: 7a0ebcc..1b066f0

Rolling v8/third_party/aemu-linux-x64: V4ZGjQxGJ00ndsSZd9X90QJnY3N7-ZbuPq57Yk7yv74C..t4ELE6VgcCM5v-3W7_Dv8jFHkyeEu69AW5lwrtqWBOwC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1ec2986..15d5f65

Rolling v8/third_party/depot_tools: 9904485..e65444f

Rolling v8/third_party/googletest/src: 011959a..cb44c86

Rolling v8/third_party/zlib: f5eca0d..a68151f

Rolling v8/tools/clang: 8b9091f..59c0072

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Iafe4f3edc0019eb4c061fb1f12c41047c4c411c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229939
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68163}
2020-06-04 03:48:48 +00:00
Zhao Jiazhong
93210c88c5 [mips][wasm-simd] Bitmask instructions
Port 3406cba8fe
https://crrev.com/c/2099451

Change-Id: I7217e333f468aa24f25231d24e31c321a2c209b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224595
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#68162}
2020-06-04 01:23:28 +00:00
Shu-yu Guo
6feae531f3 Reland "Set .name of anonymous functions on the RHS of logical assignment."
This is a reland of c342ba8247

Original change's description:
> Set .name of anonymous functions on the RHS of logical assignment.
> 
> https://github.com/tc39/proposal-logical-assignment/pull/24 reached
> consensus in June TC39.
> 
> Drive-by refactoring of testing for logical assignment ops using
> IsInRange.
> 
> Bug: v8:10579
> Change-Id: I5a203ba552a905cd28f75c5d223998431a1966ce
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225809
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68101}

Bug: v8:10579
Change-Id: I321cf0e29515a146844abc05250e9b50ad651caf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227255
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68161}
2020-06-03 23:14:58 +00:00
Frank Tang
f6ce085a48 Reland "Roll ICU from 65.1 to 67.1 & correct tests"
The fix is in 630b884f84 not f2223961.

This reverts commit 464ee4b7ad.

Reason for revert: roll to 67.1 after the landing of the fix

Original change's description:
> Revert "Roll ICU from 65.1 to 67.1 (f2223961) & correct tests"
>
> This reverts commit e270b6d615.
>
> Reason for revert: V8 DEPS roll stuck https://crbug.com/v8/10567#c1
>
> Original change's description:
> > Roll ICU from 65.1 to 67.1 (f2223961) & correct tests
> >
> > Rolling to chrome/src is in
> > https://chromium-review.googlesource.com/c/chromium/src/+/2155530
> >
> > Since auto rolling stop after 3/24/2020 and the rolling will cause
> > change of test status, I get this cl ready (but not running trybot due
> > to 1074260) and plan to hand roll after the submission of 2155530.
> >
> > Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> > Change-Id: I19554f68cfdc5b717dfc7fc4b1222e9dc25b8d69
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2158486
> > Auto-Submit: Frank Tang <ftang@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67493}
>
> TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,ftang@chromium.org,syg@chromium.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
> Change-Id: I3f4233815ed7414f2cde3d4d996696575b5f6e3a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219334
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68051}

TBR=jkummerow@chromium.org,machenbach@chromium.org,jshin@chromium.org,zhin@chromium.org,ftang@chromium.org,syg@chromium.org

# Not skipping CQ checks because this is a reland.

Bug: chromium:1064326, v8:9515, v8:10379, v8:10380, v8:10437
Change-Id: I1de5eb36eff420482a12205682b153a2493d5249
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220781
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68160}
2020-06-03 22:28:33 +00:00
Ng Zhi An
1495b3db39 Reland "[wasm-simd][liftoff] Fix I64x2Mul"
This relands commit 76debfda32.

This fix here is to convert the original mjsunit test into a
cctest, where we check for SIMD support, and skip the test.
We don't have lowering for I64x2 yet, so this is the
workaround.

Original change's description:
> [wasm-simd][liftoff] Fix I64x2Mul
>
> The I64x2Mul overwrote the lhs/rhs if they are the same as dst. So when
> deciding if we need temporaries, we should not only check the
> cache_state, but whether they alias dst or not.
>
> Bug: chromium:1088273
> Change-Id: I82efa9b45e0a3d321a06efde60971ce95b21490f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225796
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68114}

Bug: chromium:1088273
Change-Id: Ia3fd251998159d9beb581a6af3414921fe968e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227068
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68159}
2020-06-03 21:56:42 +00:00
Milad Farazmand
7e89ba7fba PPC: [wasm-simd] Implement horizontal add
Change-Id: I8962c08329c57367ff82d4669880c7efb1db8875
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2229304
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68158}
2020-06-03 21:50:13 +00:00
Ng Zhi An
02ee6904f4 [x64] Fix vroundps assembly, add disassembly
vroundps assembly is incorrect:
- the signature was wrong, vroundps takes 2 operands and 1 immediate
- when calling vinstr, should always pass xmm0, this wasn't causing
issues because our test cases were restricted enough that it was always
xmm0 anyway
- the macro assembler should use AVX_OP_SSE4_1, since roundps requires
SSE4_1
- drive-by fix for roundss and roundsd to be AVX_OP_SSE4_1
- add disasm for roundps and vroundps, and test them

Bug: v8:10553
Change-Id: I4046eb81a9f18d5af7137bbd46bfa0478e5a9ab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2227252
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68157}
2020-06-03 19:16:10 +00:00
Andreas Haas
d529da0128 [wasm] Introduce v8.wasm.detailed trace event category
This CL repurposes the v8.wasm trace event category, and introduces
additionally the v8.wasm.detailed category.

The v8.wasm category is enabled by default and captures core wasm events
like validation, compilation, instantiation, and important operations
like grow-memory and tier-up timings.

The v8.wasm.detailed category is disabled by default. It captures all
events the previous v8.wasm category captured, like compilation of
single functions, time needed for register allocation, ...

This CL splits these categories to allow enabling the v8.wasm category
in telemetry benchmarks to calculate compile time and other metrics
from traces of telemetry runs.

R=ecmziegler@chromium.org

Bug: chromium:1084929
Change-Id: Ida58b8f344b0ccb6ee1210e259c3e0e993eff497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210230
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68156}
2020-06-03 18:52:50 +00:00
Ng Zhi An
b96855f1b5 [wasm-simd][fuzzer] Add s128 bitwise ops
This adds s128 not, and, andnot, or, xor, and select.

Bug: v8:10180
Change-Id: Id7f05f7fdc9f082bee1182babbb4a5e4b55d7d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225604
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68155}
2020-06-03 17:58:48 +00:00
Milad Farazmand
e6cd991b6c S390: [wasm-simd] Implement f32x4 and f64x2 pmin and pmax
Change-Id: I395471a93b6df55ae8d45b7627b23067ae208f54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226552
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68154}
2020-06-03 17:27:08 +00:00
Kim-Anh Tran
f38e4e5f08 [wasm][debug] Expose wasm function tables in scope view
Bug: chromium:1081735
Change-Id: Iab58b303ec718a15653ba80fefbb873ef93df003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218284
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68153}
2020-06-03 17:11:18 +00:00
Andreas Haas
2293a59fb7 [wasm] Remove anyref subtyping
All subtyping has been removed from the reference-types proposal. This
CL implements this proposal change now in V8.

R=manoskouk@chromium.org

Bug: v8:10556
Change-Id: I08ef064952278e03ea655461fa9f0c96426157c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222345
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68152}
2020-06-03 16:35:38 +00:00
Thibaud Michaud
10cf6aebfd [liftoff] Add early stop in PrepareCall spill loop
We already track register usage, so we can stop as soon as all registers
are spilled. Also iterate the stack backwards, since the bottom of the
stack is more likely to be already spilled.

R=clemensb@chromium.org

Bug: v8:10576
Change-Id: I06fe8efe257dd5b8bcb426b4e79a8815a8cb5c81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228494
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68151}
2020-06-03 16:26:38 +00:00
Michael Lippautz
ab671ee816 cppgc: Add HeapStatsCollector
This ports HeapStatsCollector (former ThreadHeapStatsCollector) from
Blink. The CL only ports accounting of allocated object size which is
needed for a simple growing strategy in a follow up.

HeapStatsCollector is a global dependency for most sub components as
it provides infrastructure for measuring time (through trace scopes)
and space.

The general idea of HeapStatsCollector is to act as sink where all sub
components push time and space information. This information is then
gathered and made available via an event that is implemented as POD.
Time-dependent info is available through regular getters (pull) and
observers (push).

Change-Id: I40b4d76e1a40c56e5df1a7353622318cde730e26
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225902
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68150}
2020-06-03 16:08:48 +00:00
Santiago Aboy Solanes
bdc4b6763e [compiler] Merge revisit loop into visit loop in SimplifiedLowering
This CL makes it so that we revisit nodes in the revisit queue as soon
as possible in RETYPE and PROPAGATE. This is done to revisit loops
related to backedges before moving onto other nodes.

Bug: v8:10424
Change-Id: I432c6551805903072b3f9fbc867adca82b263325
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157373
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68149}
2020-06-03 15:49:07 +00:00
Andreas Haas
641c1a4eff [wasm] Fix bottom type handling in br-table
Even in unreachable code, the targets of br_table have to have matching
types.

R=thibaudm@chromium.org

Bug: v8:10556
Change-Id: I2e85df3cb92f7910a6bcb5ac03927c424194660d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218062
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68148}
2020-06-03 15:46:47 +00:00
Manos Koukoutos
57c8f1dabc [wasm-gc] Refactor GC tests
Add some abstractions to make it easier to define more tests.

Bug: v8:7748
Change-Id: Ia5605aa10963228eb4bfba37e2b412fc5af860d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224212
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68147}
2020-06-03 15:14:37 +00:00
Junliang Yan
dc6186049c [heap] Create remembered-set-inl.h and move UpdateTypedSlot
1) Rename remembered-set-inl.h back to remembered-set.h
2) Introduce a new remembered-set-inl.h and move the
function definition that depends on ptr-compr-inl.h.

Change-Id: I0e16e1e428937184ff255471937c70e6bb65a11e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2223816
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68146}
2020-06-03 14:42:47 +00:00
Clemens Backes
0816423d59 [wasm][debug] Avoid use-after-free on tier down
When tiering down (or up), we first get a list of all native modules
(under a lock), then tier them down/up without holding the lock. Since
we don't hold (shared) ownership of the native module, it could die
in-between.
This CL fixes this by keeping weak pointers to the native modules, and
re-gaining a shared pointer before putting the module in the list of
modules to be tiered down/up.

R=thibaudm@chromium.org

Bug: v8:10588
Change-Id: I2891c3729f42f26d4026f3e2448e124863b95122
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228515
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68145}
2020-06-03 14:37:57 +00:00
Michael Lippautz
246344ad2c cppgc: Fix stale comment in build file for example program
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Change-Id: I0f8d0a4e79fa3a526151efe3317546862aff70bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228333
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68144}
2020-06-03 14:01:09 +00:00
Arnaud Robin
171d94111a [wasm] Add return value to the tracing of function calls
Added return value display when tracing function calls in wasm.
The new types handled are I32, I64, F32 and F64.
Only single return value is handled.

R=clemensb@chromium.org

Bug: v8:10559
Change-Id: I726d08fcfdc8bf2c3e43a25ec1932412ff74387b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225024
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Arnaud Robin <arobin@google.com>
Cr-Commit-Position: refs/heads/master@{#68143}
2020-06-03 13:59:28 +00:00
Mythri A
a9b7830d3a Ensure bytecode isn't flushed when allocating feedback vector
This is a followup of the cl [1] that fixes a bug where bytecode was
getting flushed when allocating feedback vector. The fix added
IsCompiledScope before allocating a new feedback vector. We now pass
IsCompiledScope to JSFunction::EnsureFeedbackVector. This makes it
explicit that EnsureFeedbackVector expects a function that is compiled
and the bytecode shouldn't be flushed during the allocation.Also adds
a test.


[1] https://chromium-review.googlesource.com/c/v8/v8/+/2218066

Bug: v8:10560
Change-Id: I552c449a57555dffa625b2e4efa04c2c276fc0b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222347
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68142}
2020-06-03 13:50:17 +00:00
Andreas Haas
dbc8aa879a [wasm] Add type immediate to RefNull and RefIsNull instructions
With recent changes to the anyref proposal, null refs now have a type
immediate which declares the type of a null ref constant. Likewise,
the RefIsNull instruction is type aware now. This CL addresses these
proposal changes now.

R=jkummerow@chromium.org

Bug: v8:10556
Change-Id: I810dfa3a4ab4389afc9639f897cee5d43e9b62cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215172
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68141}
2020-06-03 13:27:27 +00:00
Dan Elphick
490f3580a3 [heap] Fix ubsan SpaceIterator test
Now ReadOnlySpace is not a Space, it cannot be upcasted to it, so cast
to BaseSpace as well.

Fixes ubsan failure introduced by
https://chromium-review.googlesource.com/c/v8/v8/+/2209060.

Bug: v8:10454
Change-Id: I2936bfd8349377b441be4a6eedf580d91f1c4ee4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228723
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68140}
2020-06-03 13:25:37 +00:00
Michael Lippautz
5fc80685f5 cppgc: Add sample program showing cppgc usage for V8 embedders
Bug: chromium:1056170
Change-Id: I7cb19e19de63a74e5407665c28f1b5c0f23d7d0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226563
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68139}
2020-06-03 13:17:37 +00:00
Zhao Jiazhong
c5fe2cb3d4 [mips][wasm-simd][liftoff] Implement bitmask
Port aa5bcc09bf
https://crrev.com/c/2225090

Change-Id: Ib3b159ebcee0d4da5ce003b08d02cd36b7218016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228097
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#68138}
2020-06-03 13:05:27 +00:00
Dan Elphick
81c34968a7 [heap] Make ReadOnlySpace use bump pointer allocation
This changes ReadOnlySpace to no longer be a PagedSpace but instead it
is now a BaseSpace. BasicSpace is a new base class that Space inherits
from and which has no allocation methods and does not dictate how the
pages should be held.

ReadOnlySpace unlike Space holds its pages as a
std::vector<ReadOnlyPage>, where ReadOnlyPage directly subclasses
BasicMemoryChunk, meaning they do not have prev_ and next_ pointers and
cannot be held in a heap::List. This is desirable since with pointer
compression we would like to remap these pages to different memory
addresses which would be impossible with a heap::List.

Since ReadOnlySpace no longer uses most of the code from the other
Spaces it makes sense to simplify its memory allocation to use a simple
bump pointer and always allocate a new page whenever an allocation
exceeds the remaining space on the final page.

Change-Id: Iee6d9f96cfb174b4026ee671ee4f897909b38418
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209060
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68137}
2020-06-03 11:59:37 +00:00
Jakob Gruber
86fee30e25 Include standard heap object header when debug-printing String objects
This brings %DebugPrint(string) closer to %DebugPrint(object) by also
including the pointer, object kind, and RO/old space. Especially the
pointer can be useful while debugging.

One could consider going even further end printing full details of
the string object, e.g. first and second pointers for cons strings.

Before:

 $ out/debug/d8 --allow-natives-syntax -e '%DebugPrint("abc");'
 DebugPrint: #abc
 0x263f080402cd: [Map] in ReadOnlySpace
 [...]

After:

 $ out/debug/d8 --allow-natives-syntax -e '%DebugPrint("abc");'
 DebugPrint: 0xa830824ffe1: [String] in OldSpace: #abc
 0xa83080402cd: [Map] in ReadOnlySpace
 [...]

Drive-by: Document string printing functions.
Drive-by: Use PrintUC16 in spots that don't want a full debug print.

Bug: v8:10581
Change-Id: Ided59047b9c3edc1830ce7721376dddfd24fad1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228509
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68136}
2020-06-03 11:55:54 +00:00
Igor Sheludko
0262bc10fc [zone-stats] Introduce v8.zone_stats tracing category
... in order to make it possible to collect zone memory usage stats
from Chrome.

Drive-by-cleanup: move TracingFlags definition to a separate file.

Bug: v8:10572
Change-Id: I05fb65e207d573d5c18821067cfff4c37f2d77cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226561
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68135}
2020-06-03 11:31:35 +00:00
Dan Elphick
ae489decb1 [heap] Move MemoryChunk fields to BasicMemoryChunk
This moves several fields that will be needed by ReadOnlySpace pages
when it stops using MemoryChunk into BasicMemoryChunk.

Additionally AllocationStats is moved from spaces.h into
allocation-stats.h.

Bug: v8:10473, v8:10454
Change-Id: I76a66565a260126e629bd7588a5418267dfa8423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228722
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68134}
2020-06-03 10:37:34 +00:00
Igor Sheludko
262a1078d5 [zone-stats] Add a UI for exploring zone memory usage stats
... collected via --trace-zone-stats flag or v8.zone_stats trace
category.

This is an initial version inspired by heap-stats UI.

Bug: v8:10572
Change-Id: Ib87cf0b4e120bc99683227eef02668a2a5c3d594
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226855
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68133}
2020-06-03 10:22:34 +00:00
Peter Ralbovsky
70eb08982c Integrate fuzzilli into v8
Fuzzilli is open source fuzzer by Samuel Groß (saelo@google.com)
that can be used to find bugs in v8 javascript engine. As we want
to automate fuzzing for current versions of v8, we want to merge
fuzzilli toolkit into v8 code, so that fuzzer can automatically
update to the newest version.
So far Fuzzilli has been maintained at
https://github.com/googleprojectzero/fuzzilli .


Bug tracker Id: https://bugs.chromium.org/p/v8/issues/detail?id=10571

Change-Id: I83ddc7e8bb31664c19e4044395bb9044a1c12031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201760
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68132}
2020-06-03 09:53:24 +00:00
Camillo Bruni
d9337dc100 [testrunner] Output unexpected passing tests
Passing tests that are marked as fail in a status file are not
immediately visible as such.

- Always show "--- FAILED ---" for failing tests
- Show "--- UNEXPECTED PASS ---" for unexpectedly passing tests

Drive-by-fixes:
- Color failures in red with --progress=color
- Color repro command in yellow with --progress=color

Change-Id: Id43ecec348dbfd4ff627ea6aa4ba458a2e5a8445
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213434
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68131}
2020-06-03 09:16:29 +00:00
Thibaud Michaud
01724ace94 [assembler][x64] Inline Operand constructor
On x86-64, we spend significant time constructing and copying operands
in Liftoff (around 5% locally). Inlining the constructor and helper
functions removes most of the overhead.

R=clemensb@chromium.org

Bug: v8:10576
Change-Id: I1663e3e92abe7683eba9320e77fce9be8f84b4ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225023
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68130}
2020-06-03 09:13:19 +00:00
Iain Ireland
b65fcfe925 [regexp] Fix non-unicode ignore-case backreferences
https://crrev.com/c/2072858 rewrote the implementation of non-unicode
ignore-case matches to comply with the JS spec in some corner
cases. It fixed character matches and character class matches.

We missed a similar bug in the implementation of back references. This
CL fixes that bug.

The main change is in regexp-macro-assembler.cc, where
CaseInsensitiveCompareUC16 is split into CaseInsensitiveCompareUnicode
(which has the same semantics as before) and
CaseInsensitiveCompareNonUnicode (which has the semantics described
here: https://tc39.es/ecma262/#sec-runtime-semantics-canonicalize-ch).

Most of the rest of the patch undoes https://crrev.com/c/2081816 to
once again make the unicode flag available to the macroassembler, so
that we can decide which helper function to call.

The testcase is a version of test/intl/regress-10248.js, modified to
test backreferences.

Bug: v8:10573
Change-Id: I70ef7d134d37f99b1f75a5eba17020e82d59f1b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219284
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68129}
2020-06-03 08:59:08 +00:00
Jakob Gruber
69bc22e729 Extend two-byte-in-one-byte string test
This CL makes the test stricter by requiring specific string shapes;
before it was possible to skip verification if strings were
short-circuited, which I believe is no longer possible due to thin
strings.

I also added a regression test for the linked bug, which requires
a String.p.split call on a two-byte-in-one-byte string with an empty
string separator argument.

Bug: chromium:1088179
Change-Id: Ibb3180afe612a64fcf6a506d18bbc415840526a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228609
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68128}
2020-06-03 08:18:28 +00:00
Dominik Inführ
49951673d4 [heap] Tests can now set FLAG_local_heaps from the get-go
Bug: v8:10315
Change-Id: I0144b89696933afcd02f63b0440118dd33a7d5ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2225025
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68127}
2020-06-03 08:03:38 +00:00