Commit Graph

4979 Commits

Author SHA1 Message Date
Marja Hölttä
1f349da554 [web snapshots] Remove web snapshots
Bug: v8:11525
Change-Id: I0931408eefa4f55b0c9e8c0973787edfb903083a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205917
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85559}
2023-01-31 12:43:03 +00:00
Omer Katz
9bc6586712 [heap] Delay remembered set filtering to next GC marking phase
MinorMC only promotes whole pages, but doesn't move any objects. Thus
there is no need to update specific pointers. The update pointers phase
in practice only filters for objects that were promoted.
Since marking anyway needs to filter the remembered set (because slot
may be overwritten), we can just filter the remembered set once there
instead of doing it twice (i.e. end of evacuation and the following
marking phase).

Updating the external strings table remains as is since it is used by
heap verification as well.

Bug: v8:12612
Change-Id: I7e36e8acb886852087d303eceec4276f5349b272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205907
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85558}
2023-01-31 11:37:46 +00:00
Anton Bikineev
02afcd6b05 cppgc: Introduce subtle::UncompressedMember
Some very hot getters in Blink can spend many cycles on decompression.
We're planning to optimize such paths by selectively using uncompressed
pointers.

Change-Id: I78af751c423c56010a794448450032c66f8fa244
Bug: chromium:1410145
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191778
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85508}
2023-01-26 23:51:28 +00:00
Nico Hartmann
f4900cf92b [turbofan] Add proper conversions in RedundancyElimination
Change-Id: Ia832abb79894dfde290a8127534b161d6fcc8178
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197350
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85504}
2023-01-26 15:55:21 +00:00
Jakob Linke
ee0c7f459d Fix CodeMoveEvent
The invariants in this method are fairly strict since it is called
during object evacution and thus a) objects may be in transitory states
and b) multiple threads are working on evacuation objects concurrently.

Previously, this method ensured valid object accesses because only the
object currently being observed by ProfilingMigrationObserver was
accessed. This changed with crrev.com/c/4178821, where we (incorrectly)
also accessed another object (InstructionStream::code), leading to data
races and incorrect behavior.

This CL fixes that problem by changing LogEventListener API as follows:

 void CodeMoveEvent(InstructionStream from, InstructionStream to);
 void BytecodeMoveEvent(BytecodeArray from, BytecodeArray to);

With this change we again correctly observe invariants, and also remove
one use of AbstractCode.

Bug: v8:13654
Change-Id: Ida022e8c7f14d821e1139f025edc71c20fa386c0
Fixed: chromium:1409786
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4194192
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85474}
2023-01-25 13:55:28 +00:00
Marja Hölttä
0ea9064e39 [compile hints] Collect compile hints data in v8
This adds the APIs for the embedder to
1) request compile hints collection for a script
2) retrieve the compile hint data

Bug: chromium:1406506
Change-Id: Ic23430d3cff9fe71faa71f4c7be6635467e14268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154427
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85461}
2023-01-24 16:14:23 +00:00
Nikolaos Papaspyrou
de50db2101 [heap] Re-introduce stack markers
This CL introduces a mechanism for setting a stack marker, to be used
for scanning only the part of stack between its start and the marker
(instead of the current stack top). Without this, the marking verifier
may encounter objects that have not been marked, because of false
positives during conservative stack scanning. The marker is introduced
in the Stack object, replacing and generalizing the one that existed
in the CppHeap.

Bug: v8:13257
Change-Id: I59cfb01e90912f9e54828bf05a3bdcfddb23e7bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187221
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85454}
2023-01-24 13:32:55 +00:00
Danil Somsikov
f89be8847b Fix error dispatch in the v8 inspector session.
Bug: chromium:1337747
Change-Id: I920f3c6370ac9f9bc351eff34e46b1e8d520fe3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184203
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85449}
2023-01-24 07:12:12 +00:00
Huáng Jùnliàng
14de33a440 [class] set function name for computed fields
- Introduce a new SetFunctionName runtime
- Call SetFunctionName in DefineKeyedOwnIC to handle function name for initializers of computed class fields
- Ensure that we don't set function name twice in the case '({ ['c']: class { static x = this.name; static name = 'd' } })', which would incorrectly reconfigure the defined own property `name`

Bug: v8:13451
Change-Id: I10dcb858a65c6e59cba6bae94b8e63a78e44778b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035497
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85444}
2023-01-23 20:10:44 +00:00
Dominik Inführ
d31e52879b [heap] Introduce getters for MemoryReducer::State
This CL hides the ctor of the MemoryReducer::State class and only
provides factory methods for creating states. This simplifies creation
of states and makes it impossible to misuse the API.

Direct field accesses are also replaced with invocations of their
corresponding getter methods. The getter method will check whether
the current state is allowed to access that field.

Bug: v8:13653
Change-Id: I252a6d75d0ddb4813b16a706061ad1951cfa35ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181026
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85426}
2023-01-23 07:54:44 +00:00
Joyee Cheung
4d0d31f41b [class] support out-of-scope private member access in debug-evaluate
Previously in the DevTools console, users could inspect a preview of all private class members on an instance, but if they wanted to evaluate or inspect a  specific private class member out of a long list, they had to be debugging and in a scope that has access to those private names.

This patch adds support for extraordinary access of out-of-scope private member access in debug-evaluate, specifically for Debugger.evaluateOnCallframe() (for console calls invoked during debugging) and Runtime.evaluate() (for console calls invoked when the user is not debugging). This kind of access is not otherwise allowed in normal execution, but in the DevTools console it makes sense to relax the rules a bit for a better developer experience.

To support this kind of extraordinary access, if the parsing_while_debugging or is_repl_mode flag is set, when we encounter a private name reference that's in a top-level scope or an eval scope under a top-level scope, instead of throwing immediately, we bind the reference to a dynamic lookup variable, and emit bytecode that calls to %GetPrivateName() or %SetPrivateName() in the runtime to perform lookup of the private name as well as the load/store operations accordingly.

If there are more than on private name on the receiver matching the description (for example, an object with two `#field` private names from different classes), we throw an error for the ambiguity (we can consider supporting selection among the conflicting private names later, for the initial support we just throw for simplicity).

If there are no matching private names, or if the found private class member does not support the desired operation (e.g. attempting to write to a read-only private accessor), we throw an error as well.

If there is exactly one matching private name, and the found private class member support the desired operation, we dispatch to the proper behavior in the runtime calls.

Doc: https://docs.google.com/document/d/1Va89BKHjCDs9RccDWhuZBb6LyRMAd6BXM3-p25oHd8I/edit

Bug: chromium:1381806
Change-Id: I7d1db709470246050d2e4c2a85b2292e63c01fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020267
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85421}
2023-01-20 22:26:44 +00:00
Nikolaos Papaspyrou
472429e623 [heap] Fix saving the callee-saved registers on stack
This CL reinstates the trampoline for pushing the values of
callee-saved registers on the stack, which is used for stack scanning.
It reintroduces the set of architecture-specific functions
PushAllRegistersAndIterateStack, removed in crrev.com/c/3989143.
The reason for this change is that the simpler architecture-specific
functions SaveCalleeSavedRegisters failed to correctly save the
values of the registers, in the presence of C++ compiler optimizations.

It also removes the stack context, introduced in crrev.com/c/4017512,
and uses again the trampoline for iterating through the stack.

Bug: v8:13257
Change-Id: I9e656a9b3ba6616168602300f2180b4f340593f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171639
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85394}
2023-01-19 12:29:05 +00:00
Hao Xu
263493add5 [wasm][revec] Reorder load chain to avoid breaking effect dependency
There exists load chain as below that can not be packed due to the
effect dependency to irrelevant load:

  [Load1] -> [Irrelevant Load] -> [Load2]

We can avoid breaking this dependency by reordering the load chain so
[Load1] and [Load2] can be packed:

  [Load1] -> [Load2] -> [Irrelevant Load]

Bug: v8:12716
Change-Id: I298a8fd3d44d0a147479e1f80ac67b6a491740ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134474
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85379}
2023-01-19 02:29:35 +00:00
Jakob Linke
c0367102a3 Various post-Code rename cleanups
The biggest chunk of this CL is related to the CodeBuilder now
returning a Code object instead of an InstructionStream. Most
codegen-related parts of the codebase had to be updated, including
compiler.cc, pipeline.cc, and many tests. The good news is,
we now have 400 fewer references to InstructionStream.

Smaller changes:
- Remove ToAbstractCode
- Remove dead code
- Update comments
- Update method and variable names

Bug: v8:13654
Change-Id: Ieb12bc698af576e07016e4c5c8c9d494e5addb0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174091
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85372}
2023-01-18 16:26:26 +00:00
Matthias Liedtke
d43139d41d [wasm-gc] Subtyping: Fix dcheck for nofuncref in type union
Follow-up CL for e9024ad26c.

Bug: v8:7748
Change-Id: I3a05b6acb382f51cccf87022a59278a16a464255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177100
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85368}
2023-01-18 15:25:54 +00:00
Manos Koukoutos
e9024ad26c [wasm-gc] Fix and extend type union
Bug: v8:7748
Change-Id: Ia0486dd543bdb2c9eb42899fd57aae22297f8cd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177095
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85367}
2023-01-18 14:23:57 +00:00
Jakob Linke
c53c026e6e Rename CodeDataContainer to Code
This completes the big Code/CodeDataContainer name shuffle.

Bug: v8:13654
Change-Id: If033e9153e751ab0d2a38572da2ce2f7029bc359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173569
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85354}
2023-01-18 08:44:08 +00:00
Jakob Linke
2c7272fdde Rename Code to InstructionStream
.. as part of the big Code/CodeDataContainer name shuffle.  In the
next step, CodeDataContainer will be renamed to Code.

Bug: v8:13654
Change-Id: Ia80ac984d46dd6c2a108098055a5cd60e22a837c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171628
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85337}
2023-01-17 12:45:45 +00:00
Matthias Liedtke
04f19e973e [wasm-gc] Module decoder: Remove template to save binary size
Bug: v8:7748
Change-Id: Ic2eb981b28b6f5af926c7f8889da8bb9a71188ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171636
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85335}
2023-01-17 11:34:49 +00:00
Jakob Linke
dd38db94df [codet] Remove the CodeT type alias
.. now that it unconditionally refers to CodeDataContainer. All
previous references to 'CodeT' (the type and as part of names) are
now updated to 'CodeDataContainer', including 'codet', 'CODET', etc.

Bug: v8:13654
Change-Id: I7abbba040091eddf3ef09028a891aed460363929
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165619
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85325}
2023-01-16 16:25:02 +00:00
Manos Koukoutos
e62810f71a Skip flaky test
Bug: v8:13660
Change-Id: I0fb6950447ba13867685b152e3bca58cc849221d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165615
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85316}
2023-01-16 13:19:26 +00:00
Matthias Liedtke
debcabf7b5 [wasm-gc] Add callback for Wasm GC origin trial
The callback can be used to enable / disable Wasm GC from Chrome or
other users. For more simplicity and as many users of Wasm GC also use
stringrefs, enabling it via the callback will also stringrefs.

Bug: v8:7748
Change-Id: I474034eabe438f0ce9759c1d34dda12a99aa491e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165090
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85306}
2023-01-16 09:49:46 +00:00
Jakob Linke
177b6be920 [codet] Remove the CodeT=Code implementation
There is no reason to keep the CodeT dispatch (which switches
between `CodeT = CodeDataContainer` and `CodeT = Code`) around. Using
CodeDataContainer doesn't actually depend on anything from v8_enable_external_code_space, so let's use it unconditionally and
simplify our codebase.

In this first step, update the
`v8_enable_external_code_space = false` configuration to use
`CodeT = CodeDataContainer` as well and remove all support for
`CodeT = Code`.

Upcoming CLs will remove the CodeT alias type, and rename
the Code/CodeDataContainer pair to something more intuitive.

Bug: v8:13654
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_no_pointer_compression_dbg,v8_linux64_no_pointer_compression_rel,v8_linux64_arm64_no_pointer_compression_rel;luci.node-ci.try:node_ci_linux64_rel
Change-Id: I58e4d510924f685ef0f2403220a2c33651c3c864
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138254
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85257}
2023-01-12 15:23:13 +00:00
Omer Katz
177eb46e5f Reland "[heap] Iterate promoted pages during sweeping"
This is a reland of commit 1e3dd39d09
and commit e5dbd05dcf

The fix is in https://chromium-review.googlesource.com/c/v8/v8/+/4094755/3..6

Original change's description:
> [heap] Iterate promoted pages during sweeping
>
> Promoted pages are iterated to record slots containing old to new and
> old to shared references. This takes a significant amount of time during
> the atomic pause.
> Instead we offload this task to the concurrent sweepers, record slots to
> a local cache, and merge it when finalizing sweeping.
>
> Array buffer sweeping depends on iteration of promoted pages, so it is
> frozen until iteration is done.
>
> See design doc at https://docs.google.com/document/d/1JzXZHguAnNAZUfS7kLeaPVXFfCYbf5bGCtyKgyiMDH4/edit?usp=sharing
>
> Bug: v8:12612
> Change-Id: Icdc79a7a70c53352e3a1b3961cfe369e8563b65b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062041
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Auto-Submit: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84706}

Bug: v8:12612
Change-Id: I67bbf4753e9fa8b9194367996797aa103e58c16f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4094755
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85250}
2023-01-12 12:35:19 +00:00
Leszek Swirski
ed47b8cd0c [ic] Allow resetting interrupt budget on IC change
Add an alternative to any_ic_changed_, where instead of a global flag
that is updated on ICs changed (which prevents small function
optimisation), the interrupt budget of the particular function whose IC
was updated is reset to a default value.

This should have a similar effect, allowing small functions to tier up
quickly but still only once they have been stable enough for some time,
but should prevent cross-contamination of different functions'
stabilities due to the global nature of the flag.

It does, however, require a back pointer from the feedback vector to its
parent feedback cell (which holds the interrupt budget).

Drive-by, use any_ic_changed_ for Maglev tierup, to match small
function behaviour.

Change-Id: I7109cf3aff536af7ab36d3564ec8005ee7aa44f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156472
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85240}
2023-01-12 09:35:41 +00:00
Anton Bikineev
78717ce93d cppgc: Return empty pages right away when sweeping on allocation
This should save about 0.23% cycles on the JQuery Speedometer story.

Bug: chromium:1406296
Change-Id: Ib2b76325c6441eb5da8051c3701291abf347c56d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152952
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85230}
2023-01-11 16:57:55 +00:00
Matthias Liedtke
a54fc340b1 [wasm-gc] Remove structref as dataref compatibility fallback
Currently structref is interpreted as dataref by default for backwards
compatibility reasons.
This behavior is now being removed with this change.

Bug: v8:7748
Change-Id: I610fd04187b1bda53c83a82345eae09f23d99731
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111171
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85211}
2023-01-11 11:11:31 +00:00
Jakob Linke
539b50f5ae [turbofan] Add the v8_enable_turbofan build option
When disabled, Turbofan is fully excluded from the compilation result.
This is expected to reduce V8's contribution to chromium's binary size
by roughly 20%.

If Turbofan is disabled, Maglev and Webassembly must also be disabled
(since both depend on TF).

Note this new configuration (v8_enable_turbofan=false) is not yet
used anywhere - we'll probably enable it for lite_mode bots in an
upcoming CL for test coverage.

Changes in detail:
- Split out all src/compiler files from the main source sets. This
  was mostly done already, here we only clean up the few files that
  were left.
- Define a new main TF entry point in turbofan.h. `NewCompilationJob`
  replaces `Pipeline::NewCompilationJob`.
- When TF is enabled, turbofan-enabled.cc implements the above.
- When disabled, turbofan-disabled stubs out the above with a runtime
  FATAL message.
- The build process is modified s.t. mksnapshot always has TF
  available since it's needed to generate builtins. When disabled,
  TF is removed from other components, in particular it is no longer
  included in v8_compiler and transitively in v8_base.
- When disabled, v8_for_testing no longer has v8_initializers
  available. These were only needed for test-serialize.cc, which
  is now excluded from this build mode.
- When disabled, remove all related cctest/ und unittest/ files from
  the build.

Bug: v8:13629
Change-Id: I63ab7632f03d0ee4a787cfc01574b5fdb08fd80b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128529
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85210}
2023-01-11 10:57:54 +00:00
jiepan
499697b157 [disasm][x64] Add missing disasm for opcode F6F7
Only byte displacement was handled for opcode F6F7,
this CL adds 32-bit displacement support.

Change-Id: I40b3140df582cd0dce008dbbb957e615751c2131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4144627
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#85166}
2023-01-10 07:15:05 +00:00
Nico Hartmann
88eac4b870 [turboshaft] Basic TypedOptimization and new DeadCodeElimination
This CL introduces typed optimizations for Turboshaft, which replaces all operations that produce a constant output (and don't have side effects) by the corresponding constant.

In addition, a new pass for eliminating dead code is introduced that cannot only remove dead operations, but also rewrite branches that are not required into GotoOps.

Drive-by: Introduce -0 as a "special value" for Float32Type and Float64Type to fix a few issues where 0 and -0 have been treated as identical.

Bug: v8:12783
Change-Id: Ia1450ad7a9abb5d58c7d753596ed08a33a73184f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110993
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85143}
2023-01-09 13:23:56 +00:00
Michael Lippautz
322e42bf13 [heap] Remove Push/Pop for EmbedderHeapTracer wrapper object
EmbedderHeapTracer has been removed, making the separate main-thread
worklist obsolete.

Bug: v8:13207
Change-Id: I3f92457a73d6664b28646247548b78ade491be32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136716
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85142}
2023-01-09 12:12:02 +00:00
Choongwoo Han
362e792ee4 [wasm] Do not build loop exits for non-innermost loops
Loops can be unrolled only for innermost loops. But, the wasm graph
builder builds loop exits regardless of the condition. This CL detects
if the loop can be innermost using AnalyzeLoopAssignment, and do not
allocate unnecessary nodes if it can't be.

This reduces memory usage for the reported wasm binary from 1.3GB to
300MB.

Bug: v8:13543
Change-Id: I693800071f7eee4a9991e094830f23d27a96b13f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134466
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Choongwoo Han <choongwoo.han@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#85122}
2023-01-05 20:04:09 +00:00
Manos Koukoutos
1ef0a093e8 [wasm-gc] Apply isorecursive canonicalization to tag signatures
We add a {canonical_type_index} field to tag objects and use it to
check for canonical subtyping between tags when needed.

Bug: v8:7748
Change-Id: I60723d8f72a9487af03f223c8f8a33ef8fa56461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135885
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85119}
2023-01-05 14:17:32 +00:00
Lu Yahan
d333e5b5aa [riscv] Fix disasm unittest error
Change-Id: I5e342abad192189fc88aae185901ba776643c0dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134473
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85109}
2023-01-05 09:10:11 +00:00
JianxiaoLuIntel
bf19099f3a Reland "[turbofan] Simplifying (x+k1)==k2 into x==(k2-k1)"
This is a reland of commit e9333ebd3c

Fix UB int overflow

Original change's description:
> [turbofan] Simplifying (x+k1)==k2 into x==(k2-k1)
>
>
> Change-Id: I234da79e1f53fa0fc15494fe6d31742d4e6eea97
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055393
> Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84947}

Change-Id: Ib79fd496147f5c7f33846168908c36ebb5229208
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4119767
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85084}
2023-01-04 01:41:39 +00:00
Clemens Backes
8a565c39d0 [wasm] Remove mprotect-based code protection
With lazy compilation we disabled mprotect-based code protection. We
currently have no users and no test coverage of that flag. Hence remove
it from the code base.

R=ahaas@chromium.org

Bug: v8:13632
Change-Id: I1e39499dfbdb896287901b97c32f00366449c466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114296
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85080}
2023-01-03 16:38:56 +00:00
Nikolaos Papaspyrou
15c726bd63 [heap] Merge mechanisms for disabling CSS
EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.

This is a reland of commit f51e0bb1db
reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4111954

Bug: v8:13257
Change-Id: Ia124a4201686e0ea79f9cd07bc3888b9781cafa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128141
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85066}
2023-01-02 16:51:48 +00:00
Michael Lippautz
a8a1805e12 [api, heap, handles] Remove deprecated EmbedderHeapTracer
This removes EmbedderHeapTracer from V8's API. Going forward
v8::TracedReference is only supported with using CppHeap (Oilpan).

Bug: v8:13207
Change-Id: I4e0efa94890ed147293b5df69fd7e0edad45abb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111546
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85061}
2023-01-02 15:17:40 +00:00
Nikolaos Papaspyrou
53e7cf253a Revert "Reland "[heap] Fix conservative stack scanning for client isolates""
This reverts commit 2a71e8637f.

Reason for revert: This probably blocked the V8 roll.
https://chromium-review.googlesource.com/c/chromium/src/+/4116621?tab=checks

Original change's description:
> Reland "[heap] Fix conservative stack scanning for client isolates"
>
> This is a reland of commit 36bac1bcae
>
> Original change's description:
> > [heap] Fix conservative stack scanning for client isolates
> >
> > With this CL, the context of stacks corresponding to all client isolates
> > are saved, so that conservative stack scanning can be used correctly
> > during a shared garbage collection. This happens:
> >
> > 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
> >    isolate and the initiator;
> > 2) when an isolate's main thread is waiting in a safepoint; and
> > 3) when an isolate's main thread is parked.
> >
> > Bug: v8:13257
> > Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Reviewed-by: Omer Katz <omerkatz@chromium.org>
> > Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#84712}
>
> Bug: v8:13257
> Change-Id: I61df6eeca5a28e04eb3a858f7d601bc5f6312e49
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092737
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84963}

Bug: v8:13257
Change-Id: I3a235f11e5fe55c476591a5274946aeb6cc9bf6e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111178
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84973}
2022-12-21 11:27:43 +00:00
Nikolaos Papaspyrou
24da079444 Revert "[heap] Merge mechanisms for disabling CSS"
This reverts commit f51e0bb1db.

Reason for revert: Dependent on crrev.com/c/4092737 that is being reverted.

Original change's description:
> [heap] Merge mechanisms for disabling CSS
>
> EmbedderStackStateScope is used to disable conservative stack scanning
> for cppgc when the stack is known to not contain heap pointers. Also,
> DisableConservativeStackScanningScopeForTesting is used to disable CSS
> for the V8 heap in tests that assume a precise GC. Until now, these two
> have used two different mechanisms for disabling CSS. This CL merges
> the two mechanisms and implements the latter scope via the former.
>
> Bug: v8:13257
> Change-Id: Ieca082657854fe2eff9eb5d95a30d48bb8eab44f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111954
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84964}

Bug: v8:13257
Change-Id: Id769af6215a2ed319ec96b354734a5362b2384cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111179
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84972}
2022-12-21 11:10:46 +00:00
Nikolaos Papaspyrou
f51e0bb1db [heap] Merge mechanisms for disabling CSS
EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.

Bug: v8:13257
Change-Id: Ieca082657854fe2eff9eb5d95a30d48bb8eab44f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111954
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84964}
2022-12-20 20:16:24 +00:00
Nikolaos Papaspyrou
2a71e8637f Reland "[heap] Fix conservative stack scanning for client isolates"
This is a reland of commit 36bac1bcae

Original change's description:
> [heap] Fix conservative stack scanning for client isolates
>
> With this CL, the context of stacks corresponding to all client isolates
> are saved, so that conservative stack scanning can be used correctly
> during a shared garbage collection. This happens:
>
> 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
>    isolate and the initiator;
> 2) when an isolate's main thread is waiting in a safepoint; and
> 3) when an isolate's main thread is parked.
>
> Bug: v8:13257
> Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84712}

Bug: v8:13257
Change-Id: I61df6eeca5a28e04eb3a858f7d601bc5f6312e49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092737
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84963}
2022-12-20 20:04:24 +00:00
legendecas
804be91ab9 [ShadowRealm] side-effect-free inspection on cross-realm exceptions
The spec does not allow side effects on wrapping the exceptions
crossing the realm boundaries. We need to provide an easy way to inspect the exception-thrown cross-realms according to the last TC39 meeting
consensus.

Related spec change: https://github.com/tc39/proposal-shadowrealm/pull/382.

Bug: v8:11989
Change-Id: Ia78d94fd33cba689267aeacd028d662bd4a37fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3618759
Commit-Queue: Chengzhong Wu (legendecas) <legendecas@gmail.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84961}
2022-12-20 17:25:10 +00:00
Manos Koukoutos
2f852102d9 [wasm-gc] Final types
We add final types to wasm-gc.
- We introduce a `kWasmSubtypeFinalCode` as an alternative to
  `kWasmSubtypeCode`.
- Behind a flag, we interpret types behind this code as final, as well
  as types outside a subtype definition by default.
- For final types, type checks for call_indirect and ref.test etc. are
  reduced to simple type identity checks.

Bug: v8:7748
Change-Id: Iabf147b2a15f43abc4c7d1c582f460dbdc645d66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4096478
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84955}
2022-12-20 14:03:30 +00:00
Michael Lippautz
8d4af46404 [heap] Convert unittest to avoid using deprecated APIs
- Converts tests in EmbedderTracingTest to UnifiedHeapTest
- Move EmbedderRootsHandler tests to their own file
- Adds support for CppHeap in ManualGCScope
- Drive-by fix typo

Reland: Fix issue with attaching a CppHeap while incremental marking
is already running.

This reverts commit d90a98edc1.

Change-Id: Ifafa9145df3103578c4c7f1b3b0336b4bd9f34dd
Bug: v8:13207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110941
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84950}
2022-12-20 08:12:07 +00:00
Michael Achenbach
3d46a713bb Revert "[turbofan] Simplifying (x+k1)==k2 into x==(k2-k1)"
This reverts commit e9333ebd3c.

Reason for revert:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/24520/overview

Original change's description:
> [turbofan] Simplifying (x+k1)==k2 into x==(k2-k1)
>
>
> Change-Id: I234da79e1f53fa0fc15494fe6d31742d4e6eea97
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055393
> Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84947}

Change-Id: I9e86f6f9653efff0fd0da439e270df5c7da29b20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111953
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84948}
2022-12-20 07:38:49 +00:00
JianxiaoLuIntel
e9333ebd3c [turbofan] Simplifying (x+k1)==k2 into x==(k2-k1)
Change-Id: I234da79e1f53fa0fc15494fe6d31742d4e6eea97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055393
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84947}
2022-12-20 02:15:51 +00:00
Shu-yu Guo
b41df346db [ShadowRealm] Make CallSite#getFunction/getThis throw
ShadowRealms have a callable boundary: there cannot be any edges between
objects in the ShadowRealm and those from other realms. V8's
prepareCallStack API breaks this invariant via getFunction() and
getThis(). This CL makes those functions throw when called inside
ShadowRealms.

See also
https://docs.google.com/document/d/1aXEy4YCC9CduxLs7MGw-UOm0P4OuG7W-cScBnLG3ALI/edit?usp=sharing

Bug: v8:11989
Change-Id: I5a2b8fa735c0f10583c8cede4062645986b2d914
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4108810
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84944}
2022-12-19 20:13:27 +00:00
Michael Lippautz
d90a98edc1 Revert "[heap] Convert unittest to avoid using deprecated APIs"
This reverts commit 6a892e14f9.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/10329/overview

Original change's description:
> [heap] Convert unittest to avoid using deprecated APIs
>
> - Converts tests in EmbedderTracingTest to UnifiedHeapTest
> - Adds support for CppHeap in ManualGCScope
> - Drive-by fix typo
>
> Bug: v8:13207
> Change-Id: Ic50333f141ec9766c9db5250463461832dfe6d17
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110749
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84940}

Bug: v8:13207
Change-Id: I926f5b5078b8995f8352a827c946cbbe5b18a259
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4116791
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84941}
2022-12-19 16:27:19 +00:00
Michael Lippautz
6a892e14f9 [heap] Convert unittest to avoid using deprecated APIs
- Converts tests in EmbedderTracingTest to UnifiedHeapTest
- Adds support for CppHeap in ManualGCScope
- Drive-by fix typo

Bug: v8:13207
Change-Id: Ic50333f141ec9766c9db5250463461832dfe6d17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110749
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84940}
2022-12-19 15:24:10 +00:00