Commit Graph

63793 Commits

Author SHA1 Message Date
Dominik Inführ
385382097a [heap] Fix overflow in ComputeLimit on 32-bit
On 32-bit systems the calculation could overflow, leading to an illegal
limit of the LAB. Cast to uint64_t to avoid this. Add DCHECKs to
catch this earlier.

Bug: chromium:1110214, v8:10315
Change-Id: I73679a2daeb3b83bb303d411c77782a2172e98cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320654
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69101}
2020-07-28 13:44:31 +00:00
Milad Farazmand
3ae4a987b4 PPC/s390: [turbofan][wasm] Improved float32 to int32.
Port 51b53dd3ee

R=rstz@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ic2ee6e75afd5da8bb7f35dfde4b1d85231f1cf4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2318045
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69100}
2020-07-28 13:32:51 +00:00
Santiago Aboy Solanes
94cf4347e4 [compiler] Test transition from Uninitialized to kFullTransitionArray
Since we have an uninitialized TransitionArray that we want to insert
an element (map1), we can't guarantee that said element would exist at
the point of the search. Then, we search for an element guaranteed not
to be (map2) and we check that we did not find it.

If we have a data race, this would also trigger it.

Bug: v8:7790
Change-Id: Ib90044d7c0901d599aed041f608f2c0bce506d67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319995
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69099}
2020-07-28 13:03:31 +00:00
Emanuel Ziegler
367da30543 [ukm] Add framework for collecting event-based metrics
Add a framework for collecting event-based metrics like UKMs in V8
that is independent of the actual implementation.

Design doc: https://docs.google.com/document/d/1vCZQCh4B05isqwJOwTPv7WqcnVp4KJITMgsHSBg35ZI/

R=ulan@chromium.org

Bug: chromium:1101749
Change-Id: If3a5b954d1f0bcee4e06a03467b651feae378a5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288231
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69098}
2020-07-28 12:09:21 +00:00
evih
1250fd59aa [wasm] Add a generic js-to-wasm wrapper
This generic wrapper builtin is currently used only when the wasm
function has no parameters and no return value.

Added a new V8 flag to use this generic wrapper.

Also added a JS test function for this generic wrapper.

Bug: v8:10701
Change-Id: Id8cd1771f26922927363b715d8a6ffd384a143ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307240
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69097}
2020-07-28 10:20:31 +00:00
Marja Hölttä
f97620b924 [Atomics.waitAsync] Follow-up: move code to .cc
As a downside, class-level static variables of FutexEmulation
now have to be local to the .cc file.

Bug: v8:10239
Change-Id: I3d00c65289f346cf2b16fea657f47bff69863b0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319989
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69096}
2020-07-28 10:11:01 +00:00
Thibaud Michaud
c105b841d0 [wasm] Enable return calls in compile fuzzer
R=clemensb@chromium.org

Bug: chromium:1110190
Change-Id: I75c8e47d738266927d717a09670473dc8a7eb210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320656
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69095}
2020-07-28 10:09:31 +00:00
Anton Bikineev
d9d37e5540 cppgc: mirror: Support cmake targets for tests and sample
Bug: v8:10724
Change-Id: Ia0b6d6d25e6b9d7b44b4dfa94705e9cd5103cc8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316303
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69094}
2020-07-28 10:00:41 +00:00
Zeynep Cankara
721dac7d32 [tools][system-analyzer] Add light theme
This CL use the introduce color variables
to adapt light theme feature to increase
accessibility.

Bug: v8:10644

Change-Id: I179831aef384527b0457c6ae93fa4d42a1814834
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2305891
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69093}
2020-07-28 09:43:11 +00:00
Leszek Swirski
1a80619843 [offthread] Fix flakiness with bg compile stress
If we're close to a stack overflow when starting a script compile, we
may get into a state where main-thread compilation would stack overflow,
but background-thread compilation wouldn't. This triggers a failure of a
CHECK under --stress-background-compile, but isn't actually an
interesting failure.

So, we loosen this CHECK to allow the main-thread having a stack
overflow (strictly speaking, a RangeError) to count as a "success" for
the purposes of comparing against a background compilation success.

Bug: v8:10757
Change-Id: I7d687b52d178973b421c42ca0d89b4da0357232a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69092}
2020-07-28 09:25:01 +00:00
Jakob Gruber
67cdacd941 Remove the js-function-inl.h inline header
As an experiment to see how performance is impacted when changing
inline definitions to normal definitions in a .cc file, this CL moves
js-function-inl.h to js-function.cc.

Bug: v8:10749
Change-Id: I97c3a0b7d20217f444c6891442bbe3c34f3b0cc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315993
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69091}
2020-07-28 08:40:41 +00:00
Camillo Bruni
ed70c77fa7 [isolate] Partially avoid recursion in rejection handler check
Isolate::PromiseHasUserDefinedRejectionHandler no longer descends
recursively the outer_promise chain but uses an std::stack to avoid
stack overflows with very long promise chains.

Change-Id: Icdf86a34d89b734adc7139357b2ba6b37a7882ad
Bug: chromium:1096139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316298
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69090}
2020-07-28 07:58:51 +00:00
Zhao Jiazhong
62cb792c5e [mips][wasm][liftoff] Add direct and indirect tail-calls
Port b64cede5d8
https://crrev.com/c/2289970

Port 5de2870920
https://crrev.com/c/2316304

Change-Id: Ia4e24558b10adef196ab167137a9a5b6db98754b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2321950
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#69089}
2020-07-28 06:47:21 +00:00
Clemens Backes
dfd86b059b [wasm] Fix flake about missed breakpoints
If multiple isolates were involved, we did not always hit the breakpoint
reliably in all isolates.

This CL fixes this flake this via two changes:

1. Remove breakpoint info when tiering up.
   If we keep the breakpoint information, a second isolate that later
   sets the same breakpoint will see that the breakpoint already exists,
   and will not set it again, even though the code containing the
   breakpoint has been replaced at that point.
   This fixes a flake in the debug/wasm/breakpoints test.

2. Don't overwrite code with breakpoints by default "tiered down" code.
   This is achieved by introducing another state in the {ForDebugging}
   enum which marks that code contains breakpoints. Otherwise it could
   happen that two isolates start tiering down (both recompiling missing
   functions in Liftoff), one isolate finishes and immediately sets a
   breakpoint, then the other isolates finishes and overwrites the code
   with breakpoints by the usual {kForDebugging} code.
   Setting breakpoints is synchronized already, so overwriting
   breakpoint code with other breakpoint code is always safe.

R=thibaudm@chromium.org

Bug: v8:10611, v8:10359
Change-Id: I171d86b110a54f9eb5e4c3fa35108638904212e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316080
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69088}
2020-07-28 06:08:21 +00:00
Clemens Backes
46f674ff17 [cfi] Use inclusive terminology
This follows https://crrev.com/c/2317298.

TBR=machenbach@chromium.org

No-Try: true
Change-Id: I26608a7234145ac1f6cd234024054fc372946d3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320652
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69087}
2020-07-28 05:57:41 +00:00
v8-ci-autoroll-builder
91bc67cfe7 Update V8 DEPS.
Rolling v8/build: 5383c9f..483d965

Rolling v8/third_party/aemu-linux-x64: BSmiob0gPivtoM5FO4ByhQHofOIKJ7KxRVPyfzhrjTkC..nz3cLclK4lWm6gzvGCOHPQAKJUO8EsMBr7EIUXwS9SEC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0606ae6..d292e89

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ic65daec89acb3be7fc901e198cdcf175080ad339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2321589
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69086}
2020-07-28 03:43:40 +00:00
Paolo Severini
037e64c89e [wasm] Generate distinct IR trace files for Wasm import call wrappers
Currently, when running with --trace-turbo, V8 generates a different
.json file for each wasm-to-js thunk that it compiles, but these files
all have the same name "turbo-wasm-to-js-0.json", and only one file is
generated.
This makes it difficult to actually examine the difference in the IR
for this call wrappers produced for different signatures.

This patch fixes this by naming each trace file as:
"wasm-to-js-<kind>-<signature>-0.json", like for example
"turbo-wasm-to-js-5-ii-i-0.json".

Change-Id: Iebb73829cddd4f6bbf9d02ed1ce94a80dcfa5ca7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316834
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69085}
2020-07-27 18:53:27 +00:00
Shu-yu Guo
413bee8731 Revert "[torque] Port some constructor builtins to Torque."
This reverts commit ce249dbb2f.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/32375

Original change's description:
> [torque] Port some constructor builtins to Torque.
> 
> - FastNewFunctionContextEval
> - FastNewFunctionContextFunction
> - CreateEmptyLiteralObject
> - CreateRegExpLiteral
> - CreateEmptyArrayLiteral
> - CreateShallowArrayLiteral
> - CreateShallowObjectLiteral
> - NumberConstructor
> - ObjectConstructor
> - GenericLazyDeoptContinuation
> 
> Bug: v8:9891
> 
> Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69082}

TBR=bbudge@chromium.org,jgruber@chromium.org,leszeks@chromium.org,tebbi@chromium.org

Change-Id: I76272a4d439ef95213fdfb659bdbcb71e16daec6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2321111
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69084}
2020-07-27 18:43:30 +00:00
Michael Achenbach
f6789988fe [presubmit] Clean up insensitive terms
Updating was prepared on depot_tools side by https://crbug.com/1098560.

No-Try: true
Bug: v8:10619
Change-Id: If24aec3344e83857c09ce165be4203846b3a91b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316302
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69083}
2020-07-27 18:05:48 +00:00
Bill Budge
ce249dbb2f [torque] Port some constructor builtins to Torque.
- FastNewFunctionContextEval
- FastNewFunctionContextFunction
- CreateEmptyLiteralObject
- CreateRegExpLiteral
- CreateEmptyArrayLiteral
- CreateShallowArrayLiteral
- CreateShallowObjectLiteral
- NumberConstructor
- ObjectConstructor
- GenericLazyDeoptContinuation

Bug: v8:9891

Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69082}
2020-07-27 18:02:57 +00:00
Shu-yu Guo
5240abf3e2 Revert "[Intl] Sync Intl.Segmenter to latest version"
This reverts commit 482c3bbf1e.

Reason for revert: Test failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/29160?

Original change's description:
> [Intl] Sync Intl.Segmenter to latest version
> 
> https://tc39.es/proposal-intl-segmenter/
> 
> TC39 passed Intl.Segmenter to stage 3 in Jul 21.
> This CL move our earlier prototype to the current spec.
> 
> Bug: v8:6891
> Change-Id: I07234beed54f671c26bdbfb3983c5bc2fa5a29b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219413
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Frank Tang <ftang@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69080}

TBR=jkummerow@chromium.org,tebbi@chromium.org,ftang@chromium.org,syg@chromium.org

Change-Id: I1488d5fd50012c5e8873a4fed2fa7638d86d5c6a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320741
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69081}
2020-07-27 17:48:53 +00:00
Frank Tang
482c3bbf1e [Intl] Sync Intl.Segmenter to latest version
https://tc39.es/proposal-intl-segmenter/

TC39 passed Intl.Segmenter to stage 3 in Jul 21.
This CL move our earlier prototype to the current spec.

Bug: v8:6891
Change-Id: I07234beed54f671c26bdbfb3983c5bc2fa5a29b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219413
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69080}
2020-07-27 17:18:17 +00:00
Andreas Haas
18d9fabfb9 [wasm] Update wasm spec tests
R=thibaudm@chromium.org

Change-Id: I77711801a94ff8d57d66f2057b78a0d10521bbf1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320648
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69079}
2020-07-27 16:12:30 +00:00
Sigurd Schneider
83d7c4d34b Report reliable embedderName in scriptParsed/scriptFailedToParse
Currently, only a scriptURL is reported, which can be over-written by
sourceURL comments of the script. This means a script can basically
claim to come from anywhere. This means that DevTools doesn't know the
resource name the embedder provided if there is a sourceURL comment.
This CL adds a `embedderName` field to the scriptParsed and
scriptFailedToParse events that reports the name the embedder
associated with the script.

Bug: chromium:974543
Change-Id: I9863f878f57638174847890d9a3818952b1efc27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317310
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69078}
2020-07-27 15:40:00 +00:00
v8-ci-autoroll-builder
8b694beb07 Update V8 DEPS.
Rolling v8/build: bdbc779..5383c9f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/342ad52..0606ae6

Rolling v8/third_party/zlib: 89bddfe..103247f

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I8a016265af2d1426e35ba6aa3a8fcf8f702c31d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320429
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69077}
2020-07-27 15:20:34 +00:00
Santiago Aboy Solanes
7d4486ff28 [compiler] Use Handles for source positions in concurrent-inlining
When we add safepointing, the source position address might change.
Then, we need to use the handlified version for both concurrent-inlining
and not.

The logic for retrieving the Handle can be encapsulated in the
BytecodeArrayRef, which can be reused in the other source_position_*
methods.

Bug: v8:7790
Change-Id: I3e5f937eb06153449cf6f720a2a4321cb338d903
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316301
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69076}
2020-07-27 14:35:20 +00:00
Sathya Gunasekaran
926094db88 [flags] Rename FLAG_max_polymorphic_map_count
This flag's name is slightly incorrect as it is possible to have more
maps than this in the feecback vector.

This flag doesn't account for deprecated maps in the feedback
vector. To make this explicit, we change the flag to indicate that
this only counts valid maps.

Bug: v8:10582
Change-Id: Ib0cc425a03d590bb21184fc6b104d0ebee1d5b03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319992
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69075}
2020-07-27 14:28:30 +00:00
Dominik Inführ
ccd0bf3f6b [heap] Simplify AllocateRawAligned and AllocateRawUnaligned
AllocateRaw(Aligned|Unaligned) will now refill LAB first and then
invoke AllocateFast(Aligned|Unaligned) again.

Bug: v8:10315
Change-Id: Ifa6e645b33a0c57a118de9cc15b0a38ad407a0c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319991
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69074}
2020-07-27 14:25:30 +00:00
Andreas Haas
aba951101c [arraybuffer][test] Test creating a BackingStore with nullptr
R= ulan@chromium.org

Bug: chromium:1104580
Change-Id: I5824de7aa4c71b1464fc8b2c35375bcb5d84f2e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320329
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69073}
2020-07-27 14:04:40 +00:00
Marja Hölttä
a7bb323bc5 [Atomics.waitAsync] Rewrite a test
This test should've been rewritten in the last
batch rewrite but wasn't.

Bug: v8:10239
Change-Id: Ic2949e6282f72975898ab7e9aefe3210bba71fbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319988
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69072}
2020-07-27 13:28:25 +00:00
Milad Farazmand
2264b3b047 PPC/s390: [liftoff][tail-call] Add indirect tail calls
Port 06bdd8d6b0

R=thibaudm@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I35cf8d96c542da6db840f90d30b3a77a8925fafb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2313316
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69071}
2020-07-27 13:27:20 +00:00
Dominik Inführ
ccc59c54a2 [profiler] Remove declaration of unused SamplingAllocationObserver
Change-Id: Ia071e8cfcb021ff7e80888370cafcc58c6cb0fca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317947
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69070}
2020-07-27 11:20:25 +00:00
Tobias Tebbi
a7ca5b0f6b [torque] better static assert error messages
When mksnapshot fails on a static assert in Torque, print the
statement and position from the Torque source. To enable special
treatment, change the syntax of static asserts in Torque
from StaticAssert() to static_assert() to align with assert() and
check() statements.

Bug: v8:7793
Change-Id: Idda8e3c342bdcefc893ff297f8d7727d2734c221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317314
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#69069}
2020-07-27 11:19:20 +00:00
Santiago Aboy Solanes
c0ed24a0e5 [heap] Allow thread's own LocalHandles to be dereferenced
This CL allows LocalHandles to be dereferenced by the same thread that
created them, even if we have a DisallowHandleDereference scope.

Bug: v8:7790
Change-Id: Ie227aaa4152c887d0d9c913dfa35217166726614
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316111
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69068}
2020-07-27 11:02:38 +00:00
Manos Koukoutos
754368cab2 [wasm] Fix inconsistencies in compiler interface API types
Change-Id: I29ab5285b3284ebecb97902703f5f1c0cc8f8961
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317354
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69067}
2020-07-27 09:43:58 +00:00
Zeynep Cankara
dda133ad35 [tools][system-analyzer] Add Generic Event Class
This CL adds a generic Event Class to unify common
methods of IC and Map events. The Entry Class for IC
Events and V8Map Class for Map Events inherits from
this generic Event Class.

Bug: v8:10644, v8:10735

Change-Id: I77d68fb40ee0ffbe297fcd1a13c3e2b746938168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317309
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69066}
2020-07-27 09:22:58 +00:00
Santiago Aboy Solanes
fd45d44a78 [compiler] Test kFullTransitionArrays insertions with slack
Bug: v8:7790
Change-Id: I9e62a60911d69aec20a59e92f989208f8eac6cb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243219
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69065}
2020-07-27 09:16:48 +00:00
Thibaud Michaud
5de2870920 Reland "[liftoff][tail-call] Add indirect tail calls"
This is a reland of 06bdd8d6b0

Original change's description:
> [liftoff][tail-call] Add indirect tail calls
> 
> R=clemensb@chromium.org
> 
> Bug: v8:10693
> Change-Id: Ic71d873bf7099ba671b9db1e87392d54aeebd7cf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312096
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68996}

Bug: v8:10693
Change-Id: Ia360be2fff1e98fab969dd4ffa14b5991ec743af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316304
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69064}
2020-07-27 09:15:38 +00:00
Thibaud Michaud
54a6648711 [wasm][fuzzer] Generate return calls in the compile fuzzer
If the types allow it, sometimes generate a return call instead of a
regular call in the wasm-compile fuzzer.

R=clemensb@chromium.org

Bug: v8:10693
Change-Id: Ie5e92f2b012f655b9d7d5847dba4a669152635c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316297
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69063}
2020-07-27 09:05:38 +00:00
Clemens Backes
183cbdaf13 [wasm][test] Remove wrong and unused array elements
Only the first four elements of the array will be used. Also, the fifth
element sais 'stepInfo' instead of 'stepInto'.

R=thibaudm@chromium.org

Change-Id: I258a8b95795f0cfbcaf500b7d174786680914d36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316110
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69062}
2020-07-27 08:58:08 +00:00
Dominik Inführ
9d4dcce70c [heap] More explicit fast path for new space allocation
Introduce explicit fast path for allocation from LAB. The slow path
refills the LAB and allocates again. Other changes:

1) Move slow path methods out of the header file
2) AllocateRaw(Aligned|Unaligned) are now private methods. All
allocations need to go through AllocateRaw for NewSpace now.

Bug: v8:10315
Change-Id: Iee2bd7b74aa49be8b20d89fefeb2e087575d532c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319987
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69061}
2020-07-27 08:56:58 +00:00
Dominik Inführ
f32972f870 [heap] Add new interface to AllocationCounter
Add methods NotifyBytes(), NotifyObject() and NextBytes() to
AllocationCounter. Methods are unused for now.

Move AllocationObserver::Step after AllocationCounter methods as well.
Use SetTopAndLimit as bottleneck instead of allocation_info_.Reset.

Bug: v8:10315
Change-Id: I30049cb02e873bb08ebce606a491d99130421227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316103
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69060}
2020-07-27 08:11:18 +00:00
Clemens Backes
8b76b879dd Revert "Update V8 DEPS."
This *partially* reverts commit b983076b39
(only the v8/build roll).

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64/35550

Original change's description:
> Update V8 DEPS.
>
> Rolling v8/build: bdbc779..f99e62d
>
> Rolling v8/third_party/aemu-linux-x64: -zGqW99um_GNQKURMgzhK855VvGi_CfraQRvXhNduEQC..BSmiob0gPivtoM5FO4ByhQHofOIKJ7KxRVPyfzhrjTkC
>
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b2282fe..342ad52
>
> Rolling v8/third_party/depot_tools: cebfb4e..a58287b
>
> TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
>
> Change-Id: I696aa9bbd31a36830f2b13ea51b8a75a03cf717d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319386
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#69058}

TBR=machenbach@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I711b8a94ed2ef9c3df6bdcbcda4752881e50aff2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1049569
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317868
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69059}
2020-07-26 09:34:05 +00:00
v8-ci-autoroll-builder
b983076b39 Update V8 DEPS.
Rolling v8/build: bdbc779..f99e62d

Rolling v8/third_party/aemu-linux-x64: -zGqW99um_GNQKURMgzhK855VvGi_CfraQRvXhNduEQC..BSmiob0gPivtoM5FO4ByhQHofOIKJ7KxRVPyfzhrjTkC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b2282fe..342ad52

Rolling v8/third_party/depot_tools: cebfb4e..a58287b

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I696aa9bbd31a36830f2b13ea51b8a75a03cf717d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2319386
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69058}
2020-07-26 03:49:12 +00:00
Bill Budge
76b53b66b0 [api] Add a SharedArrayBuffersEnabled callback.
- Adds a SharedArrayBuffersEnabled callback and uses it to
  enable/disable SABs per context. The feature flag is used
  if no callback is registered.

Bug: chromium:923807
Change-Id: I4d3472fcd79b158cb50dc98793aece6dbbb81d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316901
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69057}
2020-07-24 18:15:02 +00:00
Zeynep Cankara
b3b42a3008 [tools][system-analyzer] Add Timeline Class
This CL adds a Timeline Class to handle data interaction
between panels. The timeline class enables to filter the
data based on selected time range.

Bug: v8:10644, v8:10735

Change-Id: I7fbbe1741abc69d2889b0547113e5da10b7f5510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315983
Commit-Queue: Zeynep Cankara <zcankara@google.com>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69056}
2020-07-24 17:51:42 +00:00
Bill Budge
cb5b2eca82 [torque] Allow TaggedIndex to be used in runtime calls.
- Changes runtime return value / parameter checks to  check for subtype
  of StrongTagged.

Bug: v8:10047,v8:9891
Change-Id: Ie86bacf138c67092983fc72f37b1a13bffa904a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2314828
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69055}
2020-07-24 17:39:52 +00:00
Jakob Kummerow
8d2c8d10ff [gm.py] More convenience for "mkgrokdump"
Now the following command builds mkgrokdump for x64.release and runs it
to update v8heapconst.py:

  gm.py mkgrokdump

Building the binary for other architectures still works as before.

No-Try: true
Change-Id: Iacfa1a50702b0452d00ba18e1306423b161ffe65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317352
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69054}
2020-07-24 17:38:47 +00:00
Frank Tang
5fc196aced Change CHECK to DCHECK
Bug: v8:10753
Change-Id: Icbdc6d7ee0634d32b262860dd64c4bfccebdcc00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317064
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69053}
2020-07-24 17:37:42 +00:00
Ng Zhi An
3cbe36a753 [wasm-simd] Fix init of SIMD global
Using uint8_t[] causes decay to pointer issue, which manifests in
copying garbage values in the call to WriteLittleEndianValue. Change it
to use a std::array, which doesn't have the decaying behavior.

Also add a regression test from comment#6 of the linked bug.

Bug: v8:10731
Change-Id: I4a1ca69fe99806642e9931625ca7aeab6663f955
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316465
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69052}
2020-07-24 16:44:22 +00:00