Cleanup Memcpy and use get/set_simd_register_by_lane
Change-Id: Icbdd838e075d93d75064bd8e47eb95c02f1da9d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568589
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71577}
Due to the lane numbering difference between Intel and IBM machines,
we need to switch the input registers when doing a vector pack.
Change-Id: Id01d6292cb2a65b78dccdf3bab1d5ff010e1d018
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569996
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71575}
Concurrently accessing internal external uncached strings is not
thread-safe. We are removing a case where we can make such a string
through MakeExternal.
Bug: v8:7790
Change-Id: I958062c15cf40ccc330600bb572de98620866e54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565511
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71573}
read_heap_type did not have knowledge of the module for which the heap
type was being decoded. As a result, callers of read_heap_type (or
read_value_type, which in turn calls read_heap_type) had to check after
the fact that a decoded indexed type (ref, ref null, or rtt) references
a type index within the module's bounds. This was not done consistently,
and was missing (at least) in DecodeLocals.
To avoid such problems in the future, this CL refactors read_heap_type
to accept a module and check the decoded index against it.
Changes:
- Add WasmModule argument to read_heap_type. Do so accordingly to all
its transitive callers (read_value_type, immediate arguments,
DecodeLocalDecls, DecodeValue/HeapType in unittests).
- Add index check to read_heap_type and emit an error for an
out-of-bounds index.
- Remove all other now-redundant index validations. Replace them with
decoder->ok() if needed (since read_heap_type will now emit an error).
- Fix error message in Validate for BlockTypeImmediate.
- In DecodeLocalDecls in unittests, pass an empty module to
DecodeLocalDecls in the main code.
- Add a unit test with an invalid index in local type declarations.
Bug: v8:9495
Change-Id: I4ed1204847db80f78b6ae85fa40d300cd2456295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569757
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71572}
Port b6643320b9
Original Commit Message:
In order to reduce the codegen size of dynamic map checks, add the
ability to have an eager with resume deopt point, which can call
a given builitin to perform a more detailed check than can be done
in codegen, and then either deoptimizes itself (as if the calling
code had performed an eager deopt) or resumes execution in the
calling code after the check.
In addition, support for adding extra arguments to a
deoptimization continuation is added to enable us to pass the
necessary arguments to the DynamicMapChecks builtin.
Finally, a trampoline is added to the DynamicMapChecks which saves
the registers that might be clobbered by that builtin, to avoid
having to save them in the generated code. This trampoline also
performs the deoptimization based on the result of the
DynamicMapChecks builtin.
In order to ensure both the trampoline and DynamicMapChecks
builtin have the same call interface, and to limit the number
of registers that need saving in the trampoline, the
DynamicMapChecks builtin is moved to be a CSA builtin with a
custom CallInterfaceDescriptor, that calls an exported Torque
macro that implements the actual functionality.
All told, this changes the codegen for a monomorphic dynamic
map check from:
movl rbx,<expected_map>
cmpl [<object>-0x1],rbx
jnz <deferred_call>
resume_point:
...
deferred_call:
<spill registers>
movl rax,<slot>
movq rbx,<object>
movq rcx,<handler>
movq r10,<DynamicMapChecks>
call r10
cmpq rax,0x0
jz <restore_regs>
cmpq rax,0x1
jz <deopt_point_1>
cmpq rax,0x2
jz <deopt_point_2>
int3l
restore_regs:
<restore_regs>
jmp <resume_point>
...
deopt_point_1:
call Deoptimization_Eager
deopt_point_2:
call Deoptimization_Bailout
movl rcx,<expected_map>
movq rdx,<handler>
cmpl [<object>-0x1],rcx
jnz <deopt_point>
resume_point:
...
deopt_point:
call DynamicMapChecksTrampoline
jmp <resume_point>
R=rmcilroy@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=v8:10582
LOG=N
Change-Id: I0739c1b40ed06bb22b73ebe1833ea648b540882a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569359
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71571}
This reverts commit 2afb00c0e8.
Reason for revert: Some tests started to timeout.
Original change's description:
> [heap] Remove SWEEPING phase in incremental marking
>
> The SWEEPING phase in incremental marking was used to finish sweeping
> of the last GC cycle concurrently before starting incremental marking.
> This avoids potentially long pauses when starting incremental marking.
> However this shouldn't be necessary in most cases where sweeping is
> already finished when starting the next cycle. The implementation also
> didn't cleanly separate the GC cycles.
>
> In case the sweeping phase is necessary for pause times, we can
> introduce a "CompleteSweep" phase which runs right before starting
> incremental marking.
>
> Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71555}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I9adea60c21ff7cdfa7bbac3e6a4a240640fa5ea9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569766
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71570}
This reverts commit 3238162da7.
Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64/40411/overview, causing SEGV_ACCERR on test/mjsunit/harmony/promise-any-overflow-2.js and other failures in minor_mc variant
Original change's description:
> Reland "[heap] Add epoch to GC tracing events"
>
> This is a reland of be52501d52
>
> Fix data race by not emitting the epoch for sweeper background jobs
> at them moment.
>
> Original change's description:
> > [heap] Add epoch to GC tracing events
> >
> > This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
> > to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
> > events can get the information from its parent.
> >
> > V8's GC needs an epoch for young and full collections, since scavenges
> > also occur during incremental marking. The epoch is also process-wide,
> > so different isolates do not reuse the same id.
> >
> > Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#71521}
>
> Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71567}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I29a131f798c3536d16e4b4c44c0fcb8b35dd0051
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569764
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71569}
This is a reland of be52501d52
Fix data race by not emitting the epoch for sweeper background jobs
at them moment.
Original change's description:
> [heap] Add epoch to GC tracing events
>
> This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute
> to the trace event. Use TRACE_GC_EPOCH for top-level events, nested
> events can get the information from its parent.
>
> V8's GC needs an epoch for young and full collections, since scavenges
> also occur during incremental marking. The epoch is also process-wide,
> so different isolates do not reuse the same id.
>
> Change-Id: I8889bccce51e008374b4796445a50062bd87a45d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71521}
Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71567}
If DecodeLocals exits early, num_locals_ is left in an inconsistent
state. This CL fixes this issue by updating num_locals_ as the
local_types_ are updated.
Bug: chromium:1154439
Change-Id: I02328a050df8b2827a42f59443e994f535d3c826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567954
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71566}
The {ParallelRegisterMove} at the end of {AtomicLoad} might need a
temporary scratch register for spilling values to the stack. Make sure
that one is available by giving up the scratch register used for the
address of the atomic access.
R=ahaas@chromium.org
Bug: chromium:1153442
Change-Id: I267c43e2193662c420f96f6683ebd4bbb0e1bca3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566759
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71564}
From reading the code it was totally unclear what the purpose of the
"offset" parameter at ProcessCodeSectionHeader and CheckFunctionsCount
is. Actually, it's just there for setting an error position. Thus this
CL renames the field, and a related local variable to make the use more
clear.
Drive-by: Remove a confusing and unnecessary Decoder::Reset call.
R=ahaas@chromium.org
Change-Id: Iccde5ccb3b9e7e52976c47724157c184fd345ec4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567709
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71563}
MarkCandidatesForOptimizationFromBytecode/
MarkCandidatesForOptimizationFromCode are called when bytecode budget
interrupt occurs from interpreted / optimized code. The logic in these
two functions is very similar. This cl merges this logic into one
function.
This cl also removes FLAG_frame_count which specifies the
number of frames we need to look at for tiering up on a bytecode
budget interrupt. The default value is set to 1 and in its current
form it isn't very useful.
Bug: v8:9684
Change-Id: I9f56034f2857672921673b9b68b3615765c0ccfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565514
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71561}
Unifies various operators for dynamic map checks with the naming
scheme of DynamicCheckMaps (to be similar to CheckMaps.
BUG=v8:10582
Change-Id: I8ac842f55fe31cdc7b84968d077017a86ddf4442
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567952
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71559}
This reverts commit 83d289b87f.
Reason for revert: lock order inversion, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/12584/overview
Original change's description:
> Reland [wasm] Reduce job priority once baseline compilation finishes
>
> ReduceCompilationPriority takes a lock now.
>
> Original message:
> This Cl changes the priority of baseline compilation from kUserVisible
> to kUserBlocking. Once baseline compilation finishes, the priority is
> reduced to kUserVisible. The reason for using kUserBlocking is that
> thereby TurboFan compilation cannot block Liftoff compilation anymore.
> Additionally, kUserBlocking is quite appropriate, as the initial
> compilation does block a whole section of a web app from execution.
>
> R=clemensb@chromium.org
>
> Bug: v8:11088
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
> Change-Id: I6e1bcc809148198a4b4f88bfd4f2e62b1b061439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563675
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71546}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I62e4e3d0663dbd181b14f77f0c1586d5e503f324
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11088
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567953
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71557}
The SWEEPING phase in incremental marking was used to finish sweeping
of the last GC cycle concurrently before starting incremental marking.
This avoids potentially long pauses when starting incremental marking.
However this shouldn't be necessary in most cases where sweeping is
already finished when starting the next cycle. The implementation also
didn't cleanly separate the GC cycles.
In case the sweeping phase is necessary for pause times, we can
introduce a "CompleteSweep" phase which runs right before starting
incremental marking.
Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71555}
This reverts commit 3599cce1f5.
Originally landed in
https://chromium-review.googlesource.com/c/v8/v8/+/2531775
Work on NCI is suspended, remove unused complexity. We may want to share
native-context-independent feedback in the future, but probably through other
means.
Bug: v8:8888
Change-Id: I23dfb67f6f01b4891af87bc42a9e62f99d0bf044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567701
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71553}
Prototype v128.{load,store}{8,16,32,64}_lane on arm64.
All the required assembler, disassembler, and simulator changes are
already available. The biggest changes here are in the
instruction-selector. ld1 and st1 only supports no-offset or post-index
addressing, so we have to do our own addition (base + index) to
construction the actual memory address to load/store from.
Bug: v8:10975
Change-Id: I026e3075003ff5dece7cd1a590894b09e2e823db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558268
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71551}
This is a reland of a69b7ef2ff
Original change's description:
> [wasm-simd][ia32] Prototype store lane
>
> Prototype v128.store{8,16,32,64}_lane on IA32.
>
> Drive by fix for wrong disassembly of movlps.
>
> Also added more test cases for StoreLane, test for more alignment and offset.
>
> Bug: v8:10975
> Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71511}
Bug: v8:10975
Change-Id: I2c9b219b9ab9d78a83d1bf32ad1271d717471c19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567317
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71547}
ReduceCompilationPriority takes a lock now.
Original message:
This Cl changes the priority of baseline compilation from kUserVisible
to kUserBlocking. Once baseline compilation finishes, the priority is
reduced to kUserVisible. The reason for using kUserBlocking is that
thereby TurboFan compilation cannot block Liftoff compilation anymore.
Additionally, kUserBlocking is quite appropriate, as the initial
compilation does block a whole section of a web app from execution.
R=clemensb@chromium.org
Bug: v8:11088
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I6e1bcc809148198a4b4f88bfd4f2e62b1b061439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563675
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71546}
In order to reduce the codegen size of dynamic map checks, add the
ability to have an eager with resume deopt point, which can call
a given builitin to perform a more detailed check than can be done
in codegen, and then either deoptimizes itself (as if the calling
code had performed an eager deopt) or resumes execution in the
calling code after the check.
In addition, support for adding extra arguments to a
deoptimization continuation is added to enable us to pass the
necessary arguments to the DynamicMapChecks builtin.
Finally, a trampoline is added to the DynamicMapChecks which saves
the registers that might be clobbered by that builtin, to avoid
having to save them in the generated code. This trampoline also
performs the deoptimization based on the result of the
DynamicMapChecks builtin.
In order to ensure both the trampoline and DynamicMapChecks
builtin have the same call interface, and to limit the number
of registers that need saving in the trampoline, the
DynamicMapChecks builtin is moved to be a CSA builtin with a
custom CallInterfaceDescriptor, that calls an exported Torque
macro that implements the actual functionality.
All told, this changes the codegen for a monomorphic dynamic
map check from:
movl rbx,<expected_map>
cmpl [<object>-0x1],rbx
jnz <deferred_call>
resume_point:
...
deferred_call:
<spill registers>
movl rax,<slot>
movq rbx,<object>
movq rcx,<handler>
movq r10,<DynamicMapChecks>
call r10
cmpq rax,0x0
jz <restore_regs>
cmpq rax,0x1
jz <deopt_point_1>
cmpq rax,0x2
jz <deopt_point_2>
int3l
restore_regs:
<restore_regs>
jmp <resume_point>
...
deopt_point_1:
call Deoptimization_Eager
deopt_point_2:
call Deoptimization_Bailout
To: movl rax,<slot>
movl rcx,<expected_map>
movq rdx,<handler>
cmpl [<object>-0x1],rcx
jnz <deopt_point>
resume_point:
...
deopt_point:
call DynamicMapChecksTrampoline
jmp <resume_point>
BUG=v8:10582
Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71545}
In this CL we fix the emitted code for Load Splat and Load Extend.
Load Splat loads a byte, half word, word or double word based
on the specific opcode.
Load Extend always loads a double word and then unpacks it
accordingly.
Change-Id: Ic1619c81a58f4997d69612f08edb6975d17e8bb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568132
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71543}
This is a reland of 535fd785a3.
This CL was not the culprit, thus landing unmodified.
Original change's description:
> [wasm] Make DecodeLocals return the number of decoded locals
>
> Currently, when the new locals are not appended to the existing ones,
> there is no way to know how many new locals were defined. This CL
> addresses this issue.
>
> Drive-by: Fix the pc passed to DecodeLocals in OpcodeLength.
> Change-Id: Id9de561a6380b52dcce398301727aa12196c0677
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567695
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71526}
TBR=manoskouk@chromium.org
Change-Id: I1b2fbe9f6d0a19da9d73202de9f488870e79cd30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567704
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71539}
This is a reland of 4ad08c82f7
The reland organizes the different error types in separate functions
for separate call stacks. Error simulation is also guarded by
a minimum file size to prevent Clusterfuzz from getting stuck with
its bad-build check.
Original change's description:
> Enable simulating errors to test fuzzer reliability
>
> This adds a d8 flag --simulate-errors, which on shutdown will cause
> certain errors. This enables testing the reliability of sanitizers.
>
> This will cause a fatal error, a dcheck (if available) or a
> violation that can be detected with one of the following sanitizers:
> ASAN, UBSAN, MSAN, CFI.
>
> The same flag used in differential fuzzing will cause an error
> subsumed with the error state "fake_difference".
>
> Bug: chromium:1152412
> Change-Id: I4b36c6fe716797004d634263617d22ca67b05600
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554999
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71430}
Bug: chromium:1152412
Change-Id: I604258b4c1ebd215c26b1de6b2822663f857bf64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565125
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71538}
The wasm fuzzer corpus is pretty outdated. The script that was used to
generate it did not work any more.
This CL updates the script, and runs it. This generates a fuzzer corpus
of 42011 wasm modules, compared to 15290 before. The new modules will
contain new features like SIMD and multi-value, which will be
interesting fuzzer inputs.
R=ahaas@chromium.org
Change-Id: Ic3df26930cb8c1c6e8d521597ceb06cc338c02ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565512
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71537}
Await is a unary operator and should be disallowed on the LHS of
exponentiation like all other unary operators.
Bug: v8:11213
Change-Id: I9c51e33cb37660627748cd926ec222ac0ac246de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566442
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71535}
So far the main thread can have two different kinds of local handles,
regular main thread handles and local handles in its LocalIsolate. This
is both confusing and error-prone.
This CL retargets local handles creation for the LocalIsolate on the
main thread to always create regular main thread handles instead.
Bug: v8:10315
Change-Id: I4df509a0fc1bd630ba956b5eaacacbe706ddb4ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527062
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71534}
Add support for array and struct definitions and the rest of gc-related
opcodes.
Drive-by: Remove obsolete kWasmAnyFunctionTypeForm, replace it with
kWasmFuncRef.
Bug: v8:7748
Change-Id: I9512ff22d661fead5ad86767871632ae94346465
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567691
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71533}
- Uses linkage location information, to keep in sync with how
LinkageAllocator and Frame work to assign stack slots.
Bug: v8:9198
Change-Id: I299038e4cff706355263f00603ba32515449fefe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556259
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71532}
This reverts commit 535fd785a3.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/31193/blamelist
Original change's description:
> [wasm] Make DecodeLocals return the number of decoded locals
>
> Currently, when the new locals are not appended to the existing ones,
> there is no way to know how many new locals were defined. This CL
> addresses this issue.
>
> Drive-by: Fix the pc passed to DecodeLocals in OpcodeLength.
> Change-Id: Id9de561a6380b52dcce398301727aa12196c0677
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567695
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71526}
TBR=clemensb@chromium.org,manoskouk@chromium.org
Change-Id: Ie2bbb1b14e5326bce62bb42fa528528b662d3528
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567199
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71531}
Instead of processing batches with a fixed number of functions, process
batches with approximately the same number of bytes. This prevents
disproportionately large batches to block the pipeline.
R=ahaas@chromium.org
Bug: v8:11164
Change-Id: I7fe57abac13c5fb749a002e339c5a9b2dab607be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567699
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71530}
