Commit Graph

77275 Commits

Author SHA1 Message Date
Milad Fa
539f479cfb PPC [liftoff]: re-enable extract lane ops
Intermittent issues were fixed here:
crrev.com/c/3840820

Change-Id: If0e7acc57053ecfa188ca2c858029da7fdf4ff27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859519
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82783}
2022-08-29 14:45:25 +00:00
Junliang Yan
5507857c7d Reland "Fix CSA_CHECK failure on BE"
This is a reland of commit c060af4db3

Use LoadFullTagged function instead to avoid test failing
with v8_enable_verify_csa=true.

Original change's description:
> Fix CSA_CHECK failure on BE
>
> The load for external reference should be a full pointer load
> instead of tagged size.
>
> Change-Id: I3460a26abea5053ba6daa5c6ed908cb93431654a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842348
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Junliang Yan <junyan@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#82625}

Change-Id: I85817634ce2de099a9fbd350defb57789cce9678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857442
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82782}
2022-08-29 14:26:15 +00:00
Camillo Bruni
efb772c400 [tools] Fix index.html links
Change-Id: I8570c748a9e4e509b0f609fcbb6aa37a3a986971
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862267
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82781}
2022-08-29 14:14:56 +00:00
Thibaud Michaud
c2d46fe966 [wasm] Keep call_indirect index on the stack
When a call_indirect fails because of a signature mismatch or a null
target, the value stack generated for debug doesn't contain the target
index anymore, which makes it hard for users to understand the error.

Keep the index on the stack, and ensure that the index is not modified
until we generate the debug info. Previously, the index was shifted
in-place to compute various offsets. Instead, use scaled loads to
compute the offset directly in the load instruction.

R=clemensb@chromium.org

Bug: chromium:1350384
Change-Id: Iad5359ec80deef25a69ac119119a0b5ca559a336
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854309
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82780}
2022-08-29 14:04:58 +00:00
Samuel Groß
e89d0061e8 [sandbox] Fail with OOM when external pointer table can't be grown
Bug: chromium:1355990
Change-Id: I1a822ce7b476baf5866070b11b65c464800d3b7b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859849
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82779}
2022-08-29 14:03:55 +00:00
Jakob Linke
972b01f9b5 [maglev] Fix test flake due to racing the compiler thread
Bump the limit to give TF enough time to finish compiling. The
`keep_going` limit is fairly ugly, but it lets us test the real
(=concurrent) pipeline.

Bug: v8:7700
Fixed: v8:13176
Change-Id: Iba97111d752c8a4894e99ab57e8f42abcc8c29bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862204
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82778}
2022-08-29 13:58:48 +00:00
Samuel Groß
5898b1f9e8 [sandbox] Detect double-initialization of external pointer fields
This CL adds lightweight checking to the ExternalPointerTable GC
algorithm to detect double initialization of external pointer fields.
These are forbidden as they interfere with the table compaction
algorithm.

Bug: v8:10391
Change-Id: Id69fdcce883aa86f8e2c456a0fe7a1f011719464
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858228
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82777}
2022-08-29 13:43:35 +00:00
Anton Bikineev
bae99d5b58 cppgc: Fix data race in DCHECK between markers
Read of size 2 at 0x7eef001a3666 by main thread (mutexes: write M0):
 0: LoadEncoded
 1: IsMarked<(cppgc::internal::AccessMode)0>
 2: operator()
 3: DrainWorklistWithPredicate
 4: DrainWorklistWithBytesAndTimeDeadline

Previous atomic write of size 2 at 0x7eef001a3666 by thread T8:

 0: __cxx_atomic_compare_exchange_strong<unsigned short>
 1: compare_exchange_strong
 2: TryMarkAtomic
 3: MarkNoPush

Change-Id: I0708516382ea860c877ff76ee02216f6f27c9d04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858239
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82776}
2022-08-29 13:17:35 +00:00
Samuel Groß
a94048877d [sandbox] Unsandboxify CodeEntryPoint
For code pointers, the sandbox will require a custom, lightweight CFI
mechanism (likely based on the external pointer table). Simply turning
all code pointers into ExternalPointers is not sufficient.
This CL therefore turns code pointers back into raw pointers for now so
that they don't block the external pointer table rollout.

Bug: v8:10391
Change-Id: Ib2ba246be546bbf19fcd0f4ae20f4e9a2cf2e099
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859348
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82775}
2022-08-29 13:12:36 +00:00
Clemens Backes
c497701814 [wasm] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jkummerow@chromium.org

Bug: v8:12887
Change-Id: Ieccf35730f69bcefa3740227f15e05686080d122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843517
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82774}
2022-08-29 12:43:46 +00:00
Jakob Linke
cf045ca244 [mksnapshot] Ditch the warning on empty builtins PGO data
This is the normal state on the main branch, let's not emit this warning
on every build.

Bug: v8:10470
Change-Id: I29744ea7f67881570fa12c249b12f00d2313289c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859851
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82773}
2022-08-29 12:30:55 +00:00
Camillo Bruni
77c83f67c4 [tools] Use v8.dev CSS on tools landing page
- Adopt v8.dev page structure and styling
- Use v8.dev-style navigation tabs

Change-Id: I036be991af57939ea260ab236ddb61875fda86db
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856261
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82772}
2022-08-29 11:42:05 +00:00
Igor Sheludko
8a56da4459 [builtins][masm] Move hot flags to the beginning of IsolateData
... so that the offset fits into the maximum offset for load byte
instruction for arm/arm64 (Ldrb) in order to produce smaller code.

Update code generation so that the loading of the flag value is
combined with the comparison operation where possible.

Additionally, this CL moves the Isolate::is_profiling flag to the
IsolateData so that it can be loaded directly via roots register which
removes one indirection.

The fields moved in the IsolateData:
 - is_marking_flag and is_minor_marking_flag (checked by write barriers)
 - is_profiling (checked on API callbacks/getter calls)
 - stack_is_iterable (not super hot, checked during deoptimization).

Drive-by: this CL defines the bool fields as uint8_t in order to make
the field size expectations clear.

Bug: v8:11880
Change-Id: I80c292c6ec919861684152b6062225aa0fda2d3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856580
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82771}
2022-08-29 11:22:56 +00:00
Camillo
ff9ce2f9ab [serializer] Use slow ReadVarintLoop in ReadHeader
This limits the number of DECHECK failures in fuzzing builds that have
no side-effects or security implications.

Bug: chromium:1355059
Change-Id: I909934c62711439f1edd95492b93ee0c582a495d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859751
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82770}
2022-08-29 11:15:45 +00:00
Thibaud Michaud
a72a4db7cd [wasm] Allow any return count for JSPI export
R=clemensb@chromium.org

Bug: v8:12191, v8:13231
Change-Id: I0104f54ce5cdc022f22800d4aeec68aac481219d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856573
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82769}
2022-08-29 11:03:05 +00:00
Clemens Backes
51acc286e0 [wasm][API] Remove deprecated API
The API was deprecated in v10.6 (https://crrev.com/c/3789510).
Remove now, in v10.7.

R=mlippautz@chromium.org

Bug: v8:12899
Change-Id: I21d79cdd357315daf9684d9cdd6c1f1be088ad6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852490
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82768}
2022-08-29 10:43:55 +00:00
Samuel Groß
e710981f3a Reland "Reland "[sandbox] Sandboxify EmbedderDataSlots""
This is a reland of commit eca383c947

More DCHECK failures have been fixed with https://crrev.com/c/3857423

Original change's description:
> Reland "[sandbox] Sandboxify EmbedderDataSlots"
>
> This is a reland of commit e1f585ed94
>
> ExternalPointerTable issues have been fixed in
> https://crrev.com/c/3849650 and https://crrev.com/c/3849376
>
> Original change's description:
> > [sandbox] Sandboxify EmbedderDataSlots
> >
> > Bug: v8:10391
> > Change-Id: If85a308a6f6ed1b17d86f87b4911c82d2327ea72
> > Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757341
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Commit-Queue: Samuel Groß <saelo@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#82623}
>
> Bug: v8:10391
> Change-Id: If77f6c10e81c30c2dfa6b33c788bc4a36e4da135
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852602
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82686}

Bug: v8:10391
Change-Id: Id982c022e50004e903851b160d30fc8767280e5b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854679
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82767}
2022-08-29 10:02:45 +00:00
Clemens Backes
918b46afb4 [wasm] Use a consistent hash for wire bytes
We use a hash for different things:
- dumping wasm module to file,
- generating the script name, and
- computing prefix hash / wire byte hash for caching.

Two of them were using the StringHasher, one use base::hash_range.
For experimental PGO support, we will also need a hash value, so unify
this to use the same hash everywhere.
Since the result of base::hash_range is platform-dependent, use the
StringHasher everywhere.

R=thibaudm@chromium.org

Bug: v8:13209
Change-Id: Iae8c2385264ecedd4daea16d7f9221bc94650eef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855310
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82766}
2022-08-29 09:54:45 +00:00
Samuel Groß
5c152a0f7b [sandbox] Remove a number of native allocations from WasmInstanceObject
Those are not safe in combination with the sandbox as they are stored as
raw pointers. Instead of turning them into ExternalPointers (which use
the ExternalPointerTable indirection), this CL simply turns them into
on-heap ByteArrays which is cheaper and should be unproblematic
security-wise as their contents can be corrupted without causing memory
corruption outside the sandbox address space (just incorrect behaviour
and/or further memory corruption *inside* the sandbox, which is fine).

Bug: chromium:1335046
Change-Id: Id2b901a58b7d6c91dd7596fca553d7c76cbc61ec
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845636
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82765}
2022-08-29 09:53:35 +00:00
Gio Gutierrez
c37badf3b1 [buildins] Use ACCESSOR_GETTER_LIST to expose accessor getters
Add a new ACCESSOR_GETTER_LIST macro to define all the accesor getters
and allow using non statically known accessor names. This allows
exposing the ModuleNamespaceEntryGetter to the external-reference-table

Change-Id: I40700e2cd19bc58ba55569c7b1e6fc34357bd80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856924
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82764}
2022-08-29 08:58:37 +00:00
Igor Sheludko
fc6b16d17c [builtins] Fix typo in tools/builtins-pgo/generate.py
Bug: v8:10470
No-Tree-Checks: true
No-Try: true
Change-Id: Ic59bd42221776248dfc1bde35c1299aa4d1d3b0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3861049
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82763}
2022-08-29 08:55:39 +00:00
Michael Achenbach
178bf4b499 Update V8 DEPS (trusted)
Manually removed fuchsia-sdk update for https://crbug.com/1357478.

Rolling v8/base/trace_event/common: 2ba7a48..640fc6d

Rolling v8/build: 8291582..7e25322

Rolling v8/buildtools: 3a4c850..cf8185c

Rolling v8/buildtools/linux64: git_revision:0bcd37bd2b83f1a9ee17088037ebdfe6eab6d31a..git_revision:5705e56a0e5856621415cfdf444432554e72c9c9

Rolling v8/buildtools/third_party/libc++/trunk: db72216..26e3467

Rolling v8/buildtools/third_party/libc++abi/trunk: d2e4dc7..48afced

Rolling v8/buildtools/third_party/libunwind/trunk: f87795e..42aa6de

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapul/+log/7294631..2417ba3

Rolling v8/third_party/depot_tools: 44b7330..b7ec673

Rolling v8/third_party/zlib: 8d1d3e3..926ac23

Rolling v8/tools/clang: a56fd8b..ae771c8

Rolling v8/tools/luci-go: git_revision:a0ba80649473055bae3d789eec28c9967adb5e45..git_revision:3226112a79a7c2de84c3186191e24dd61680a77d

Rolling v8/tools/luci-go: git_revision:a0ba80649473055bae3d789eec28c9967adb5e45..git_revision:3226112a79a7c2de84c3186191e24dd61680a77d

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Bug: chromium:1357478
Change-Id: I4e0a9cdc9958c9261c1d615991f0a98c9ceabda0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3861215
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82762}
2022-08-29 08:54:35 +00:00
Dominik Inführ
a97d29501b [heap] Move Heap::Verify* methods into own file
This CL only moves method definitions from heap.cc into the new file
heap-verifier.cc. Apart from this code is not changed.

Bug: v8:11708
Change-Id: Ice7e5f12c6370bc05b82b3a7bd15f94292c4235f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856260
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82761}
2022-08-29 08:29:15 +00:00
Shu-yu Guo
dd27b73ae0 [shared-struct] Fix isolate creation for testing snapshot
Bug: v8:12547
Change-Id: I32898a4382397663967d7e784e16d7930f3600a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859097
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82760}
2022-08-29 06:46:25 +00:00
Frank Tang
e3af299ce0 [test262] Roll test262
adba7dfd9c..8dcc0e19

Also add "Intl402" (notice the uppercase I) to the excluded dirs for noi18n
because of https://github.com/tc39/test262/pull/3638

Bug: v8:7834
Change-Id: Ibd53c7917a4fd8d1b27989e3c040c5ab47a66e50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857450
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82759}
2022-08-27 05:23:07 +00:00
Frank Tang
af04e3c3c1 [Temporal] Sync PR 2269 change toString by calling MaybeFormatCalendarAnnotation
Sync https://github.com/tc39/proposal-temporal/pull/2269
Add AO MaybeFormatCalendarAnnotation
Use MaybeFormatCalendarAnnotation in
TemporalDateToString
TemporalDateTimeToString
TemporalZonedDateTimeToString

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-maybeformatcalendarannotation
https://tc39.es/proposal-temporal/#sec-temporal-temporaldatetostring
https://tc39.es/proposal-temporal/#sec-temporal-temporaldatetimetostring
https://tc39.es/proposal-temporal/#sec-temporal-temporalzoneddatetimetostring

Bug: v8:11544
Change-Id: Ia361b1cba1b2e9db77125a8888054cfd89626611
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855699
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82758}
2022-08-27 03:05:28 +00:00
Frank Tang
88a8b5358b [Temporal] Sync PR 2344 change BalanceDurationRelative by using newRelativeTo to store info
Spec Change PR:
https://github.com/tc39/proposal-temporal/pull/2344

Relative tests in test262 are
built-ins/Temporal/Duration/prototype/round/february-leap-year.js

Bug: v8:11544
Change-Id: Id31648436f629a8adf395e3b4c835adf46a2c455
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855701
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82757}
2022-08-27 01:23:09 +00:00
Shu-yu Guo
31e17fe62d [shared-struct, api] Support shared isolates in API
Currently the ability to create shared isolates is partially exposed to
API. Instead of fully exposing it, this CL makes shared isolate and
shared heap handling transparent to the embedder.

If a flag that requires the shared heap is true (currently
--shared-string-table and --harmony-struct), the first isolate created
in the process will create and attach to a process-wide shared isolate.
Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted.

Bug: v8:12547
Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82756}
2022-08-26 23:41:57 +00:00
Frank Tang
8ff03afee0 Revert "[Temporal] Use double/int32_t instead of int64_t for duration parsing"
This reverts commit a165e82ea7.

Reason for revert: SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22  

Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double instead of int64_t and int32_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}

Bug: v8:11544
Change-Id: Ia9d0a014463b00640d43b051753a554f42171c2b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858575
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82755}
2022-08-26 22:44:17 +00:00
Frank Tang
a165e82ea7 [Temporal] Use double/int32_t instead of int64_t for duration parsing
Use double instead of int64_t and int32_t in duration parsing result
so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double

Bug: v8:11544
Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82754}
2022-08-26 21:28:29 +00:00
Matthias Liedtke
ee9b0f9f02 [wasm-gc] Debugger: Provide type info for structs and arrays in tables
This change also modifies the way references are typed: Instead of
using the static type (which may be a generic type like anyref) the
actual type based on the referenced object is used.
While this is very useful for arrays and structs (and somewhat nice for
i31 not just being a number but also having some type information), it
means for non-null values that the reference type is "not nullable",
so it will show e.g. "ref $type0" although the static type  might be
"ref null $type0".

Bug: v8:7748
Change-Id: I00c3258b0da6f89ec5efffd2a963889b1f341c3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852485
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82753}
2022-08-26 14:51:20 +00:00
Matthias Liedtke
b592c968e0 [wasm-gc] Internalize JS init value in Table::grow(number, init_value)
This change follows up on 3cc931543f on which Table::grow() was missed.

Bug: v8:7748
Change-Id: I83dc4e4894354ad8c97e577da03d67a36f6d9443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858227
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82752}
2022-08-26 14:46:37 +00:00
Milad Fa
fb6d80facd PPC [liftoff]: Implement a number of Simd ops
- LoadCallerFrameSlot
- StoreCallerFrameSlot
- LoadReturnStackSlot
- MoveStackValue
- Spill
- Fill

Change-Id: I5fee06a60b36ec145b4d35d59ede35bb849e57b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3851544
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82751}
2022-08-26 14:28:21 +00:00
Jakob Kummerow
c75d6b7a57 Revert "[turbofan][x64] When spilling 32bit values, reload only 32 bits"
This reverts commit adb5e163ac.

Reason for revert: ClusterFuzz ain't happy. (crbug.com/1356461 and others)

Original change's description:
> [turbofan][x64] When spilling 32bit values, reload only 32 bits
>
> When we spill a register that we know contains only 32 interesting bits
> and then reload it from the spill slot, it's enough to reload its lower
> half. This may save a few bytes, and guards against accidental changes
> to the upper half (e.g. via pointer decompression).
>
> Bug: v8:13216
> Change-Id: I1d950d6e33d8ae94cf385af4f3e1db028bf333c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854506
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82704}

Bug: v8:13216
Change-Id: I8923cbe00c73191f2fdd51f361d7cd073f338a00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859323
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82750}
2022-08-26 14:13:28 +00:00
Jakob Kummerow
9c445c7c51 [wasm-gc] Fix TF scheduling of inlined call_ref sequence
For the branching control flow structure we set up for feedback-directed
inlining-capable `call_ref` sequences, we have to manually take care of
the "instance cache nodes" in the SSA environment.

Drive-by: improve Runtime_WasmTierUpFunction to process type feedback,
making it usable for the included regression test.

Fixed: v8:13230
Change-Id: I06a449ad73af90b96d0cc15c3cb9a0e4bed87be6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859326
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82749}
2022-08-26 13:56:36 +00:00
Leszek Swirski
453abb7c9b [maglev] Re-enable maglev code on the FBV
Change the has-optimized FeedbackVector bit to two bits, one for Maglev
and one for Turbofan. Ignition and Sparkplug can check both bits, while
Maglev will only check the Turbofan one.

Bug: v8:7700
Change-Id: I95f6e4326180cac02f127a97438f960950f09d82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856569
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82748}
2022-08-26 13:53:57 +00:00
Leszek Swirski
45019f34f3 [maglev] Include compile time in --trace-opt
Bug: v8:7700
Change-Id: I2860bea3008ea1d357cf7e89fb0453221f065786
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859344
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82747}
2022-08-26 13:27:26 +00:00
Matthias Liedtke
8600d58092 [wasm-gc] Rename array.new_fixed_static -> array.new_fixed
This is a left-over of the removal of the dynamic (rtt-based)
variants.

Bug: v8:7748
Change-Id: I93bb74a72543a5697f1102d283c7d65c6be99466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856577
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82746}
2022-08-26 13:11:38 +00:00
Victor Gomes
bcda1e7647 [cpp20] Fixes undefined behaviour on mid tier regalloc
Fixes undefined behavior, which manifests as a compiler error in C++20 in Google3.

This was caused by using members of vector<T> before T has been defined.
This change just massages the code a bit to get everything in the proper order.

See cl/468678068 on Google3.

Bug: chromium:1284275
Change-Id: I0b65e7f850e8dd1ed482be1b5cc0b8d9d77776eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859343
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82745}
2022-08-26 13:09:06 +00:00
Samuel Groß
32b7b8e903 [sandbox] Avoid double-initialization of external pointer fields
This is a reland of commit a31e8f242f

Remove the checking logic, which will be addressed in a separate CL.

Original change's description:
> [sandbox] Forbid double-initialization of ExternalPointerSlots
>
> Double initialization may cause the ExternalPointerTable compaction
> algorithm to behave non-optimally: Consider the case of an Entry E1 that
> is owned by a HeapObject O and is marked for evacuation during GC
> marking. In that case, a new entry E2 is allocated for it, and during
> sweeping, E1 will be evacuated into E2 and the Handle in O updated to
> point to E2. However, if a new entry E3 for O is allocated before
> sweeping, then during sweeping E3 (instead of E1) will be moved into E2.
> This may then violate the invariant that the compaction algorithms
> always evacuates an entry out of the evacuation area.
>
> This CL therefore forbids double initializaiton of external pointer
> slots and adds DCHECKs to attempt to catch these in debug builds.
>
> Bug: v8:10391
> Change-Id: I128dc930e8b3f863dab18ba648f34d68d8cb276b
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856563
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82729}

Bug: v8:10391
Change-Id: I6cef79f4adc340fdcdc291ad0f0c2210f5bf48cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857423
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82744}
2022-08-26 13:05:37 +00:00
Feng Yu
1bd68aa9e1 [test] Migrate cctest/compiler/test-run-jsops to unittests/
Bug: v8:12781
Change-Id: I0c1234c5a649f3533eebbab89f7fe16140327d59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858927
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82743}
2022-08-26 11:07:32 +00:00
Victor Gomes
b3051413d7 [maglev] Fixes LookupExceptionHandlerInTable
Maglev uses a different safepoint table. This CL introduces the
functions FindReturnPCForTrampoline for MaglevFrame and TurboFanFrame.

Bug: v8:7700, chromium:1356902
Change-Id: I90784ddfdc96604c5ada8047e6f7447c17e6c3aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859342
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82742}
2022-08-26 10:38:56 +00:00
Qifan Pan
6fb86b9788 [turbofan] Support BigIntDivide
Bug: v8:9407
Change-Id: I29f8f5ec68f09e8631b59d3a6a2926bab3b3bcd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845638
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82741}
2022-08-26 08:51:36 +00:00
Liu Yu
9e1ecccfd3 [loong64][mips64][builtins] Streamline API calls
Port commit 1e5c03c78e

Bug: v8:11880
Change-Id: I706056509c2d23e6d57203aba7adcbcbe22607cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859164
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82740}
2022-08-26 08:11:56 +00:00
Hao Xu
2298b35f7c [x64][codegen] Reduce kX64Shr to kX64Shr32
This allows x64 to select shrl instead of shrq instruction for the
below pattern:

  2: ChangeUint32ToUint64(1)
  3: Int64Constant[2]
  4: Word64Shr(2, 3)

Change-Id: I3278b9ab52dd7212d1a616291d114a6bff0d13d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857740
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#82739}
2022-08-26 08:05:06 +00:00
Leon Bettscheider
ae44450b49 [heap] Fix data race in YoungGenerationMarkingVisitorBase
This CL fixes a data race that was found using TSAN.

Bug: v8:13012
Change-Id: Ic29620edce116effea097a9f1d58532ba93b2224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857424
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82738}
2022-08-26 07:45:16 +00:00
Lu Yahan
f8aebf8002 Reland "[riscv] Port [heap] Add shared barrier to RecordWrite builtin"
This is a reland of commit 59d7cf5259

Original change's description:
> [riscv] Port [heap] Add shared barrier to RecordWrite builtin
>
> Bug: v8:11708
>
> Change-Id: I803b5499f1bbc3f7b4e626628a73f98239df8454
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854435
> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
> Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Cr-Commit-Position: refs/heads/main@{#82710}

Bug: v8:11708
Change-Id: I56fcfc8a92c71463bce22a8090e161173cc2c64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857980
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#82737}
2022-08-26 07:02:47 +00:00
v8-ci-autoroll-builder
72a108434d Update ICU (trusted)
Rolling v8/third_party/icu: 31c77cb..bbdc7d8

Add microsecond and nanosecond unit (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/bbdc7d8

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I2d996e16a0e3e52c1de237eb13ca656829ff3d0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857874
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82736}
2022-08-26 04:20:36 +00:00
Yahan Lu
8b6e23ccd7 Revert "[riscv] Port [heap] Add shared barrier to RecordWrite builtin"
This reverts commit 59d7cf5259.

Reason for revert: wrong port

Original change's description:
> [riscv] Port [heap] Add shared barrier to RecordWrite builtin
>
> Bug: v8:11708
>
> Change-Id: I803b5499f1bbc3f7b4e626628a73f98239df8454
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854435
> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
> Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Cr-Commit-Position: refs/heads/main@{#82710}

Bug: v8:11708
Change-Id: I0e091b2eb086c87e7c60b9840d19b7c383124e42
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857979
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#82735}
2022-08-26 03:37:38 +00:00
Milad Fa
84e9de321b PPC/s390: [builtins] Streamline API calls
Port 1e5c03c78e

Original Commit Message:

    This CL simplifies the API calls by removing some instructions from
    the most common path.

R=ishell@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I989c7da21347dc8a081b55ecea6374d3415d4aa3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857444
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82734}
2022-08-26 02:42:13 +00:00