There is no -0n, and we'd therefore never serialize such a BigInt.
But we can't trust serialized data to not have gotten corrupted
(or be fuzzer-generated), so guard against this case when
deserializing.
Fixed: chromium:1359937
Change-Id: If11d9a364480bae51911cc4a0ce8a719853139fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904414
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83362}
This test breaks when interrupts occur with unfortunate timing. Maglev
increases flakiness of this test since finished Maglev compiles all
raise a new interrupt (and interrupts abort-and-retry regexp
execution).
Disable concurrent recompilation for this test, and drive-by fix the
--trace-regexp-tier-up flag.
Bug: v8:7700
Change-Id: I170c911fe2308b0b5ad9941e695f11f8925455f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904604
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83359}
... to avoid it being accessible from BG threads.
Bug: v8:7700
Change-Id: I8fa7ac66016cb1f70925ed84a6552128d419f330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899128
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83356}
The DeepForEachInput helper was not incrementing the input_location
index in the IsResultRegister case, while other paths (graph printing,
code gen) were. Change these to consistently only increment the index
when the input is used (i.e. match DeepForEachInput).
Bug: v8:7700
Change-Id: Iaa54ef4e44db54023e3c19a088d14ad204bb2620
Fixed: chromium:1360800
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905722
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83355}
Correct the test expect result as the spec specifies the accumulator is 2*SEW
bits. Fix the simulator implementation as well.
R=qiuji@iscas.ac.cn
Change-Id: Ia5d11b3214cf32635c3767df75992b2a50ee6980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878452
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83354}
Correct the arguments for std::fma() to double as the instruction expects
both addend and destination are 2*SEW bits wide. Addressed corresponding
implementation in the simulator as well.
R=qiuji@iscas.ac.cn
Change-Id: Ib3963a61c00ee9dc73af019574a1665de406cc32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878448
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83353}
.. and just the option for now, there's no logic behind this yet.
--maglev-function-context-specialization enables FCS globally, and the
MaglevCompilationInfo stores for each compilation job whether FCS is
enabled.
Bug: v8:7700
Change-Id: I4c32fe93fca70ae3644588902e282910a9673b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905382
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83351}
... in Runtime_GrowArrayElements.
Runtime_GrowArrayElements is only used when the elements kind
is fast. And we could check the requested capacity according
to the elements kind and throw error early.
Bug: v8:13285
Change-Id: I68f59bc68995d622aac23be3e8daf05ac5fd5652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905062
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83350}
Only apply this optimization to the conditions that have multiple
branch uses.
Bug: v8:12484
Change-Id: Ieb74b8e879e62aa96344f2903f1fea6a1b769549
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902559
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#83347}
Fixing an issue in WasmInstanceObject::GetGlobalBufferAndIndex.
Bug: v8:13309
Change-Id: I52e65c109e43ce0300513604e71e587e1949f70a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3907666
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83345}
1. Correct the return type of RoundTowardsZero to fix issue with
double value > 2^64
2. In TemporalDurationToString:
a. Use std::fmod instead of % to get the remainder
b. Use extra xx_add variables to hold additional value which may
overflow the double during computation.
c. Use BigInt for days if the value is too large for double
to ensure the precision.
3. Add tests with Number.MAX_SAFE_INTEGER
and Number.MAX_VALUE in values for Duration toJSON in mjsunit
Bug: v8:11544
Change-Id: Icac4f669ed1c591e947b51c82dd48bdef7a6db6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900813
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83344}
As part of moving export wrappers to the isolate, it was tried to
compile them lazily on the main thread. This resulted in large
slowdowns in some cases, therefore we restore the eager parallel
compilation.
Bug: chromium:1365726
Change-Id: I9cc8d5728f3a5c71099f0e0fdcc605b37d4d6618
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905193
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83339}
On x64.release for linux this didn't affect binary size at all but
should improve readability of usages.
Bug: v8:7748
Change-Id: I46ecc9c2b4814244f6b5114f9ea199cd4d0220cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904602
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83337}
DCHECK that input registers that are clobbered (e.g. because they are
also an output register) are not used as register inputs into eager
deopts.
This is already the case because we're only allowed to mutate input
registers that alias the result register, and eager deopt input
allocation happens after result register allocation, but this DCHECK
makes this assumption explicit and will break if we ever change the
regalloc.
Bug: v8:7700
Change-Id: I4e00a8be88e0984044d8fc5b661eaf7bea801b17
Fixed: v8:13278
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905189
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83330}
This change allows to put Wasm structs / arrays into prototype
chains. While this isn't particularly useful (as any access lookup
on the wasm object will throw a TypeError), there isn't any reason
not to allow it.
Bug: v8:7748
Change-Id: I81cf709d2e8403b545bbba9ad9c538c1e9748c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901979
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83329}
If a shift right is performed with a negative value <= -32,
it may not be reduced to a 32 bit shift.
The reduction optimization was introduced by commit
2298b35f7c.
Fixed: v8:13290
Change-Id: Ifb16ed85560ab54d211ebb407690abe2c156e3a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905143
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83324}
Array.prototype.group and Array.prototype.groupToMap have an optional
thisArg, which is currently not passed.
Bug: v8:13301, v8:12499
Change-Id: Ib927638401d39ed0cbcc0595ab41fde328ef43cc
Fixed: v8:13301
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905934
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83323}
This is a reland of commit d7fcbba80e
The LSan support logic of the ExternalPointerTable has been optimized to
avoid timeouts on sanitizer bots
Original change's description:
> [sandbox] Increase ExternalPointerTable maximum capacity to 512MB
>
> Bug: v8:10391
> Change-Id: I383e11bdccf6fcaf13f29d25e1404545067d313e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891249
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83203}
Bug: v8:10391
Change-Id: If50156d6fecff7ca8ece5c350e7b08936f50daa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905141
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83322}
This CL fixes isolate deserialization such that the first test for
concurrent allocation in the shared spaces already succeeds.
* Allows dereferences for the shared heap and not just for the shared
isolate.
* Updates shared_heap_object_cache() for --shared-space.
* Sets IN_SHARED_HEAP flag on all shared space pages.
Bug: v8:13267
Change-Id: I912630da34f93e15d2ddef77a45a5e875bdceff0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902523
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83320}
This CL adds a test that checks the block list for outer functions is
also correctly calculated when pausing in inner functions.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: I2d7c1671475759b977e4e41c7e09856b3b2e7daf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904308
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83319}
This CL introduces a new root that is conceptually a
WeakMap<ScopeInfo, Tuple2<ScopeInfo, StringSet>>
Instead of storing the "locals block list" for debug-evaluate on the
`ScopeInfo` object directly, we will store it instead in a global
WeakMap. This enables us to re-use the "locals block lists" across
multiple debug-evaluate invocations without having to modify the
`ScopeInfo` of `SharedFunctionInfo`s.
R=bmeurer@chromium.org
Doc: https://bit.ly/chrome-devtools-debug-evaluate-design
Bug: chromium:1363561
Change-Id: Ib52f9abd97cf1c8fa3053ff3c61a6062c4b814be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902041
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83318}
Since we have the NodeInfo map in known_node_aspects now anyway, use it
for representation changes instead of the current interpreter frame
value swapping mechanism.
We originally didn't want a map for representations, but if we have one
anyway for node types, it makes sense to merge the two mechanisms.
This also allows us to get rid of the "register same as accumulator"
hack for binops, which was trying to avoid redundant representation
changes, since the redundancy is removed by the node aspects mechanism
automatically. It's kept for CheckedInternalizedString, since that isn't
a representation change within our framework (maybe it should be?).
Bug: v8:7700
Change-Id: I92491307f83d3b63fc7a210f6b8754e45d3531a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905182
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83317}
This is a reland of commit defa678e8b
Original change's description:
> cppgc: Be more conservative in Seeper::FinishIfOutOfWork
>
> Finalizing sweeping can be beneficial to truly end a GC cylce. We
> should only finalize in `FinishIfOutOfWork()` though if that would not
> introduce any jank. Limit the amount of executing finalizers in that
> scenario.
>
> Bug: v8:13294
> Change-Id: I0237f6b6017d444c457923d83e85147c58586445
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902222
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83279}
Bug: v8:13294
Change-Id: I426a54785d1a0f569c2200156dcf41a5d5c7876f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902583
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83316}
We currently use 1 test case per file for tests that check that
debug-evaluate correctly blocks the lookup of stack-allocated
variables.
This CL adapts a similar approach to `debug-scopes.js`, making it
easier to add new test cases in the future.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: I8ff8cfe7d59f0b9808dc02c5579e058f490553eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904544
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83315}
