This CL fixes a bug where we wouldn't pause (or even crash) when trying
to interrupt an infinite loop.
When we pause via stack check (i.e. a scheduled break) we currently do
one additional step-in. We do so to enter functions properly in case
we are paused in the middle of setting up the stack frame.
Loops also do a stack check, to support pausing infinite loops. In
that case we can skip the additional step-in as we are already
in a valid pause position (as implemented by this CL).
This CL also removes two bogus DCHECKs. We assumed that
a scheduled break never happens after a step. This is wrong, e.g.
a user can click the pause button after stepping over a long running
function.
Note that we duplicate the various loop interruption cctests to
also interrupt the loops with the "scheduled" break reason. Without
the changes in debug.cc, those won't pass.
The CL https://crrev.com/c/4136058 adds a regression test on the
blink side.
R=jarin@chromium.org
Fixed: chromium:1401674
Change-Id: I42b44744b17d24351f01b83c0446908c24e6c5fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134246
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85106}
The bind_to function doesn't link branch long to trampoline, so it doesn't need to add unbound_labels_count_.
Change-Id: I2e3861a38eb65c285f19accb12bccb9f4c9fcfb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4133426
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85103}
GetChars may give the misimpression that it's usable with all flat
strings, while it is only usable with direct strings.
Change-Id: I1fd1ae93f75aca4079a2f65b5440a693dc2eb5c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4133547
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85102}
Drive-by: fix a bug with TypedArray loads: because we used the output
register as a temporary, if it was actually aliasing with one of the
input registers, the generated code was incorrect.
Bug: v8:7700
Change-Id: Id297f728ca2de13ebc5993cea675900fbfdd7886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135884
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85099}
Delay the "max steps" check until the frame is fully set up. This means
that the work is already done at the point where we check the maximum
number of steps, but the additional work is limited by the maximum
number of locals and parameters.
R=thibaudm@chromium.org
Bug: chromium:1404619
Change-Id: I4919c837feea92af84f99182a571edf96e4728ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135890
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85098}
Namely:
1. objects.h splitting into objects/*.h (crbug.com/v8/5402)
2. src/ splitting into subfolders for OWNERS (crbug.com/v8/9247)
3. splitting include/v8.h (crbug.com/v8/11965)
This is best used with:
# Use the .git-blame-ignore-revs file for git blames
git config --global blame.ignorerevsfile .git-blame-ignore-revs
# Track code movement with git blame using -C
git blame -C <file>
Change-Id: Ia5a641be077a9befe008857beee3b6808bbd6107
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135882
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85097}
Use a temporary for feedback cell, since if the `amount` is big enough,
the macro instructions Add/Sub might need a temporary register
as well.
Bug: v8:7700
Change-Id: I2930f525ab3bf7d92fc1a47d9c483577c6186400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135889
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85096}
The expected behavior of the optimized code is deoptimizing when using a BigInt
as an index and throwing an error (from CheckedTaggedToInt64).
The representation changer tries to insert conversions for this case where
- The output node is represented in Word64 (SignedBigInt64)
- The use info is CheckedSigned64AsWord64
The representation changer first rematerializes the output node to
TaggedPointer because the type check is not BigInt. Then it falls wrongly to
the branch where the output representation is TaggedPointer, the output type is
SignedBigInt64 in GetWord64RepresentationFor.
Bug: v8:9407, chromium:1403574, chromium:1404607
Change-Id: I9d7ef4c94c1dc0aa3b4f49871ec35ef0877efc24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135876
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#85094}
This CL fixes calling CHECK_NULL on a moved shared_ptr.
Bug: v8:13589
Change-Id: I52ab261df7e995f4a9fcfd7a2a3c2c0012a4c94f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135701
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85093}
Currently, evacuation entries are initialized non-atomically as they
will only be accessed during sweeping. However, it can happen that
another thread attempts (but fails) to allocate the same table entry,
causing a memory read from the same entry. If that happens, TSan will
complain about a data race. Using an atomic store avoids this.
Bug: chromium:1370743
Change-Id: Idaa5548494d4b1660ee5a798966dd09bf4b3d55c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135880
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85091}
.. since many of these rules are actually relevant when some build
variable is *not* set. Instead of defining an artificial "no_foo"
variable in addition to "foo", allow definition of rules on a negative
build variable condition, e.g.:
"!is_debug": [...]
This new syntax will be used extensively in a followup CL.
Bug: v8:13629,v8:10577
Change-Id: I5ad432e71249b50d15047930e3f9143e872716d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134247
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85090}
Cmp can deal with large immediates (in particular Smi::kMaxValue).
Bug: v8:7700
Change-Id: I4dedb6c52f263f626f924c0465acbd5a250b7fd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127227
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85082}
Increase length of strings in the test to ensure they are cachable
external strings even when the sandbox is disabled.
Change-Id: I1228e1abb1d88c0bb70edaeb718e1bf2f4cdd53d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127228
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85081}
With lazy compilation we disabled mprotect-based code protection. We
currently have no users and no test coverage of that flag. Hence remove
it from the code base.
R=ahaas@chromium.org
Bug: v8:13632
Change-Id: I1e39499dfbdb896287901b97c32f00366449c466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114296
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85080}
This mode is not used in production any more, and will be removed from
the code base soon. Thus stop executing this variant on bots and remove
the variant definition.
R=machenbach@chromium.org
Bug: v8:13632
Change-Id: I15ff76fa6c5b52f5287e758a80f955ffb1278261
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127158
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85076}
CheckSmi is used by Maglev in release mode, so it should
not be defined inside a #ifdef V8_ENABLE_DEBUG_CODE
Change-Id: I5dfe23d90fcc662fa91e541bdb8df10c5d2a4e7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128616
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85075}
... and add exception handlers trampolines as a jump target for CFI.
Bug: v8:7700
Change-Id: Ie0ef6617ae5a42965862e5f3cf0d7a50158267bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128528
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85072}
... and CheckJSArrayBounds.
Also remove unused CmpObjectType in macro assembler.
Bug: v8:7700
Change-Id: I44297fd01146d68643222ad270391c597d0cbe66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128093
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85069}
This reverts commit 6b2c271cfb.
Reason for revert: All open bugs were fixed.
Original change's description:
> [foozzie] Temporarily lower the amount of --future tests
>
> Drop --future from 25% to 5% for a few days until all currently open
> correctness cases associated with --future are fixed.
>
> No-Try: true
> Bug: v8:7700
> Change-Id: I161a0adbc767c5cec46409443fe58c634531487c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114292
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85010}
Change-Id: I804a4c33922595e380bdd11150ff826d6669d846
No-Try: true
Bug: v8:7700
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128527
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85068}
EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.
This is a reland of commit f51e0bb1db
reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4111954
Bug: v8:13257
Change-Id: Ia124a4201686e0ea79f9cd07bc3888b9781cafa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128141
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85066}
If we are near OOM, the {DecommitPages} call can actually fail. Call
{FatalProcessOutOfMemory} in that case to get a proper OOM crash
signature.
To protect against bugs in the implementation, we add a check that
decommitting only fails with the ENOMEM error.
R=mlippautz@chromium.org
Bug: chromium:1403519
Change-Id: I54fabd1efa566cc1c474974577ec16f75cd3d726
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4118548
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85065}
The fuzzer limits the number of "steps" that should be executed in
Liftoff. A "step" typically means one Wasm instruction. The cost of
function calls is linear in the number of parameters and locals though,
so that should be accounted for.
In the linked issue (timeout), we were repeatedly calling a function
with a big number of reference locals, which all need to be initialized
to the null value.
R=thibaudm@chromium.org
Bug: chromium:1399868
Change-Id: Id071aeee6a0b2670b926880744ea82cc37881876
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4118547
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85064}
Just take the first GP parameter register; this is more efficient than
going through the call descriptor.
R=ahaas@chromium.org
Bug: v8:13565
Change-Id: If0c6988c359511c07c5f41b7fa79e3e55d3d81c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111934
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85062}
This removes EmbedderHeapTracer from V8's API. Going forward
v8::TracedReference is only supported with using CppHeap (Oilpan).
Bug: v8:13207
Change-Id: I4e0efa94890ed147293b5df69fd7e0edad45abb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111546
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85061}
StoreDataView with no args should store NaN, not zero.
Bug: v8:7700
Change-Id: I9688465fea2ac1a88f0bff2a7b7d1c419dc7e43e
Fixed: chromium:1403743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127165
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85060}
ToBoolean was wrong for a couple of root heap numbers (namely, NaN,
holey NaN, and minus zero.
Fix this, and add an exhaustive test of root constant ToBoolean values.
Bug: v8:7700
Change-Id: I6939c6eb5130cb8a3a4f7007b1a0a1dcc415e8b2
Fixed: chromium:1403740
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128524
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85058}
When internalizing external strings, a new internalized external string object is allocated if the string is not in-place internalizable. This newly allocated strings external resource is set to null (the actual resource will be transferred by MakeThin to ensure unique ownership of the resource).
We need to preserve the original string in the InternalizedStringKey for
the second lookup (inside the critical section), as we need to access
the external resource in case of hash collisions to check for equality.
Bug: chromium:1402187
Change-Id: I62b637859b06f05d1b34cb26495f08ec44d2f2db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128089
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85057}
