Commit Graph

77660 Commits

Author SHA1 Message Date
Shu-yu Guo
03b99259ff [shared-struct] Support shared objects in v8::Object::GetConstructorName
Bug: v8:12547
Change-Id: I6e48ac252361b3f3b495d2feaa5ad4e708e78eb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888379
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83118}
2022-09-09 21:39:45 +00:00
Shu-yu Guo
b11bfc21f2 [strings] Accomodate shared strings in externalizeString()
This is a testing function used by d8 to test string externalization.

Bug: v8:12007
Change-Id: Ic19f28a42e1f9681ab08c00106788c569639fe7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888378
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83117}
2022-09-09 20:49:35 +00:00
Leszek Swirski
4ec5bb4f26 [maglev] Fix JumpLoop to the current basic block
Drive-by improve some tracing too.

Bug: v8:7700
Change-Id: I52546a19c15ad1a6bbac1b15cdf8fba33dab1cb7
Fixed: chromium:1361345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886873
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83116}
2022-09-09 16:05:45 +00:00
Shu-yu Guo
0a1f0e335e [strings] Fix raw hash lookup for forwarded strings
Raw hashes may need to be looked up via the forwarding table when
internalized strings are forwarded to external resources. Notably, the
megamorphic ICs were not correctly fetching the raw hash.

Bug: v8:12007
Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83115}
2022-09-09 15:39:55 +00:00
Al Muthanna Athamina
779da1d066 [NumFuzz] Skip flakey tests on interrupt fuzzer
Bug: v8:13269
Change-Id: Icb8b83b5f4695a9739d10d15936f4fead3b35ad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886865
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83114}
2022-09-09 14:16:45 +00:00
Marja Hölttä
f85e8c47cc [interpreter,baseline] Make FindNonDefaultConstructor use a RegOutPair
This allows (de)optimizing it in TF.

Bug: v8:13091
Change-Id: Iba64df02379dbf3ac07c96e10facb728e7d10501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886869
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83113}
2022-09-09 14:15:36 +00:00
Milad Fa
415ef63280 PPC/s390: [wasm][liftoff] Fix and cleanup tracing of return value
Port 6f9e71fa74

Original Commit Message:

    - Fix tracing of reference return values. StoreTaggedPointer should not
      use the write barrier since we are writing to the stack.
    - Avoid re-allocating a slot for the return value when it is already
      spilled.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I5b16259b1c6e8c019f6b17e8efb7947776e4ee24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886398
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83112}
2022-09-09 14:07:55 +00:00
Matthias Liedtke
6852c402e7 Revert "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"
This reverts commit 49c5967830.

Reason for revert: The change is suspected to be breaking chromium's determinism test: https://ci.chromium.org/ui/p/chromium/builders/ci/Deterministic%20Linux/35003/overview

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I515ba771aa21f58b752a3a5b36b4deb2abc5f9c0
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886870
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83111}
2022-09-09 13:55:35 +00:00
Ting Chou
184efc149a [riscv] Fix cctest/test-assembler-riscv*/RISCV_UTEST_FLOAT_WIDENING_vfwadd_vf.
Storing with E64 when SEW=32 has EMUL=2, which copies |n| 64 bit wide
data to the result double array already. Besides, accessing v1 when
EMUL=2 is reserved.

R=yahan@iscas.ac.cn

Change-Id: I0870d53c36b642529cab753409f52016d79219b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878442
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83110}
2022-09-09 13:20:29 +00:00
Ting Chou
d17bc74fc0 [riscv] Fix cctest/test-assembler-riscv64/RISCV_UTEST_swlwu.
32-bit values are held in a sign-extended format in 64-bit registers. Which
the vaule 0x856AF894 becomes 0xFFFFFFFF856AF894 and failed equality comparison
with lwu's result 0x00000000856AF894. XOR the result with 0xFFFFFFFF00000000
before comparison.

R=yahan@iscas.ac.cn

Change-Id: I4d225ff653070022023ac7f10257ad0c30c24e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3881601
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83109}
2022-09-09 13:19:26 +00:00
Samuel Groß
53d24ef68b [sandbox] Fix operation ordering during String externalization
When externalizing a string, the external pointer slots need to be
initialized before the new Map is installed. Otherwise, a GC marking
thread may see the new Map before the slots are valid. In that case, it
would attempt to mark invalid ExternalPointerTable entries as alive,
leading to a crash.

Bug: chromium:1361557
Change-Id: I47f19e6d9576fab0809dca36388cdfa9c28113e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885891
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83108}
2022-09-09 12:56:05 +00:00
Omer Katz
757398413a Reland "[heap] Do precise search in free list for new space"
This is a reland of commit 72d6dc6d5e

Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}

Bug: v8:12612
Change-Id: I2075c8a509265a16a133b309f98eefad7b011212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885889
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83107}
2022-09-09 12:47:35 +00:00
Greg Thompson
48a5114450 [fuchsia] Reland: Migrate d8 to a component framework v2 Fuchsia component
In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.

gni/v8.cmx is retained temporarily until out-of-tree consumers have been
updated.

Bug: v8:12589
Change-Id: If08cfcbf579696482e7cd60a8b8b80bcc4c7dab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885881
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83106}
2022-09-09 12:12:17 +00:00
Leon Bettscheider
cfca972e10 [heap] Cancel concurrent workers in minor final pause
This CL cancels concurrent workers instead of joining them in
MarkLiveObjects. Joining could trigger another costly run.

Bug: v8:13012
Change-Id: I873db6e9d612e219060de0fa2447f6c7c0e9de3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885876
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83105}
2022-09-09 11:40:48 +00:00
Leon Bettscheider
725e5bcf1e [heap] Reschedule minor concurrent marking in allocation observer
This CL reschedules minor concurrent marking in MinorMCTaskObserver.
This allows to make continuous concurrent marking progress.

Bug: v8:13012
Change-Id: I5cc4e02a60993dd5ce970244274d4d5f99b4a550
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885885
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83104}
2022-09-09 11:39:45 +00:00
Manos Koukoutos
ee95a9064a Fix comparison between different signs
Currently, compilation may fail in some configurations.

Change-Id: I2fd6a71c4f43c66416429a9d3dbbf9970c68aeaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885886
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83103}
2022-09-09 10:56:14 +00:00
Thibaud Michaud
6f9e71fa74 [wasm][liftoff] Fix and cleanup tracing of return value
- Fix tracing of reference return values. StoreTaggedPointer should not
  use the write barrier since we are writing to the stack.
- Avoid re-allocating a slot for the return value when it is already
  spilled.

R=manoskouk@chromium.org

Change-Id: I6418c48332964a1c3d407abafaf466b0e789be69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882971
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83102}
2022-09-09 10:31:14 +00:00
Michael Achenbach
cd1ee28be8 [test] Fix occasional hangs on pool termination
On termination of the worker pool in the main process, a SIGTERM is
sent from pool to worker. It was meant to terminate long-running
tests in the worker process. The signal handler on the worker side,
however, was only registered during test execution. During the
remaining logic (<1% of the time probably) the default system
behavior for SIGTERM would be used (which will likely just kill
the process). The ungracefully killed process might be killed while
writing to the results queue, which then remains with corrupted data.
Later when the main process cleans up the queue, it hangs.

We now register a default handler in the worker process that catches
the SIGTERM and also gracefully stops the processing loop. Like
that, the SIGTERM signal will always be handled in workers and never
fall back to SIGKILL.

However, a small time window exists when the SIGTERM was caught
right when starting a test process, but when the test-abort handler
was not registered yet. We keep fixing this as a TODO. Worst case,
the main process will block until the last test run is done.

Bug: v8:13113
Change-Id: Ib60f82c6a1569da042c9f44f7b516e2f40a46f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882972
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83101}
2022-09-09 09:53:24 +00:00
Matthias Liedtke
4420804037 Revert "[heap] Do precise search in free list for new space"
This reverts commit 72d6dc6d5e.

Reason for revert: UBSan failure in PagedNewSpace: 
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/23130/overview

Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}

Bug: v8:12612
Change-Id: Ife4a41fa835e61a6d9f0f1c254900288b805f41f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885884
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83100}
2022-09-09 09:12:48 +00:00
Victor Gomes
0e456ec691 Re-enable octane/typescript for deopt_fuzzer
Bug: v8:12445
Change-Id: Iec07b49986a6ceff3842b55af24d375149930a91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885877
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83099}
2022-09-09 08:34:45 +00:00
Al Muthanna Athamina
de391acf34 Allow interrupt budget fuzzer to run tests
Bug: v8:13269
Change-Id: I0f35101bd4b8a91ed5aa596cb5d27a5dbb5f764e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882976
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83098}
2022-09-09 08:31:54 +00:00
Leszek Swirski
b120f3e60a [ic] Fix getter-in-IC for LoadAccessMode::kHas case
When testing for "has" rather than loading, we can immediately return
true when there is an accessor (this is already what the LoadHandler
path does but was missed in the inlined case).

Fixed: chromium:1361434
Fixed: chromium:1361560
Fixed: chromium:1361566
Fixed: chromium:1361654
Fixed: chromium:1361830
Change-Id: I69073eccbb39b08da597297fa597f53f260b242e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885879
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83097}
2022-09-09 08:19:25 +00:00
Omer Katz
72d6dc6d5e [heap] Do precise search in free list for new space
In case the free list fast path fails, do a precise search through the
precise category for the current allocation.

Bug: v8:12612
Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83096}
2022-09-09 08:07:12 +00:00
Liu Yu
85b5fbc77a [loong64][mips64][log][compiler] Enable first-execution logging
Port commit c0f420ef5c

Change-Id: I061da980f39888f0f43e2746c8c37d683b200a95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885381
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#83095}
2022-09-09 06:47:44 +00:00
Danil Somsikov
3eb65be78c Enable Profiler domain for the untrusted clients.
Bug: chromium:1350125
Change-Id: Ia89d01420e93e110a5da22f104f5b8afbdd2f558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882973
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Danil Somsikov <dsv@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83094}
2022-09-09 05:03:01 +00:00
v8-ci-autoroll-builder
e24cb41f08 Update ICU (trusted)
Rolling v8/third_party/icu: bbdc7d8..20f8ac6

Make references to //third_party/icu relative (Filip Filmar)
https://chromium.googlesource.com/chromium/deps/icu/+/20f8ac6

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I87063f9ec7b4ef8491c43ad8e1902e2741dd0e49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886397
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83093}
2022-09-09 04:21:22 +00:00
Frank Tang
a4afe1a09f [Temporal] Remove passing tests
Bug: v8:11544
Change-Id: I23435db7f625ee35f560fd84ee98d481081fb5ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868513
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83092}
2022-09-09 03:58:01 +00:00
jiepan
79da7bbb93 [wasm][revec] Add YMM register in register allocation
Bug: v8:12716
Change-Id: I0a1e807f7b0c64afa7d259361c47314e9c9e30db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867140
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83091}
2022-09-09 01:31:31 +00:00
Frank Tang
14d9b9a246 Reland "[Temporal] Use double/int32_t instead of int64_t for duration parsing"
This is a reland of commit a165e82ea7

The reason of revert is  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22   which is the line
"nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);"
where seconds_mv is a double and nanoseconds_mv is a int32_t
In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error.


Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double and int32_t instead of int64_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}

Bug: v8:11544
Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83090}
2022-09-08 22:24:51 +00:00
Samuel Groß
68de20179c [sandbox] Skip mkgrokdump test in non-sandbox mode
When the sandbox is disabled, object layouts are now different as
ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit
(ExternalPointerHandles).

Bug: v8:10391
Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83089}
2022-09-08 21:42:16 +00:00
Frank Tang
95b02431bd [Temporal] Fix AddInstant and AddZonedDateTime
Change AddInstant to use BigInt::FromNumber(isolate, factory->NewNumber
instead of BigInt::FromInt64 to convert from double to BigInt.
Sync AddZonedDateTime with https://github.com/tc39/proposal-temporal/pull/2303 which call AddInstant as ? instead of ! marking.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-addinstant
https://tc39.es/proposal-temporal/#sec-temporal-addzoneddatetime

PR: https://github.com/tc39/proposal-temporal/pull/2303

Bug: v8:11544
Change-Id: I4bd176294780f761341c25a5f71643b437f99c82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859165
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83088}
2022-09-08 21:15:01 +00:00
Adam Klein
33806ecad7 Revert "[fuchsia] Migrate d8 to a component framework v2 Fuchsia component"
This reverts commit 50802793f7.

Reason for revert: blocking v8 roll:
https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia_x64/1301026/overview

Original change's description:
> [fuchsia] Migrate d8 to a component framework v2 Fuchsia component
>
> In the process, switch to using the Fuchsia GN SDK templates for
> building the component and package.
>
> Bug: v8:12589
> Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
> Auto-Submit: Greg Thompson <grt@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Greg Thompson <grt@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83084}

Bug: v8:12589
Change-Id: I94ce2ef0e7cba5d39c8d18ca7dc7264289325e99
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885079
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83087}
2022-09-08 20:44:11 +00:00
Omer Katz
5767c95604 [heap] Update page promotion heuristics
This CL includes the following changes:
1) Ignore ShouldReduceMemory for MinorMC (since it can't move objects)
2) Make FLAG_page_promotion more explicit in the condition
3) Take wasted bytes into account for MinorMC (full GC can compact and
   "reset" wasted bytes)

Bug: v8:12612
Change-Id: I64d214e692b8ecd20189c59e2a77807f05e43817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879606
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83086}
2022-09-08 20:29:21 +00:00
Milad Fa
0c793e7073 PPC [liftoff]: implement simd min/max ops
Change-Id: I064347b21de1eb8013754e715d99f13c6e59c192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876443
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83085}
2022-09-08 18:10:11 +00:00
Greg Thompson
50802793f7 [fuchsia] Migrate d8 to a component framework v2 Fuchsia component
In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.

Bug: v8:12589
Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83084}
2022-09-08 16:58:50 +00:00
Samuel Groß
49c5967830 [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
Now that all external pointers have been sandboxed,
V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
shrinks external pointer slots to 32 bits when the sandbox is enabled.

Bug: v8:10391
Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83083}
2022-09-08 15:25:30 +00:00
Leszek Swirski
c5151fc751 [maglev] Support accessor loads via the prototype
Support LoadHandler::Kind::kAccessorFromPrototype, which is an accessor
on the prototype and is a direct call to the accessor.

Bug: v8:7700
Change-Id: I288972c027d37c8eb7c3558db4951bffdfba201f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882975
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83082}
2022-09-08 14:44:30 +00:00
Victor Gomes
ac5e66d40a [maglev] Add some debug code to ResumeGenerator
This mimics Ignition, which calls AbortIfRegisterCountInvalid.

This adds a --maglev-assert flag, since we do not want to emit
different code per IR node for debug vs. release modes.

Bug: v8:7700
Change-Id: Iddb17f0ccadf9d6009b242883b2e5d126875c844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83081}
2022-09-08 14:34:01 +00:00
Omer Katz
22543d70d1 [test] Make SamplingHeapProfilerRateAgnosticEstimates more robust.
Inlining of bar into foo required taking allocation in foo into account
as well (crrev.com/c/1021734), but this makes the test vulnerable to gc
timing changes since other allocations are also inlined into foo and may
die at arbitrary times (as observed when enabling MinorMC).
Fix by preventing inlining of bar into foo.

Bug: v8:12612
Change-Id: I2d8848d4002334d329c4b2cc8f18bff1296f5cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882970
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83080}
2022-09-08 14:14:21 +00:00
Dominik Inführ
ead6620e65 [heap] Decrease step size for ScavengeJob observer
Currently this observer uses 80% of initial new space capacity as
step size. But this means that after the first minor GC this will most
likely decouple from the current new space size since the allocation
counter isn't reset after a GC and surviving objects aren't
accounted.

Use 64K as step-size since this should be large enough to not cause
regression but it should still work for Scavenger and Minor MC such
that a step invocation will be performed close to reaching 80% of
new space capacity.

Bug: v8:12612
Change-Id: I4abc17eaeded90e0f72d9467a4410159ef0e6dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879618
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83079}
2022-09-08 14:07:31 +00:00
Omer Katz
7ed1c5a03b [heap] Prevent incremental marking during gc callbacks
Drive-by: merge all collector choosing criteria into
SelectGarbageCollector.

Bug: v8:12612
Change-Id: I84d9e1aa5f658f48d5deeab1a8ef49ed1871cba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879608
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83078}
2022-09-08 13:44:13 +00:00
Leszek Swirski
a9fabeb657 [interpreter] Reshuffle registers for super()
Change the constructor and instance registers into a single
constructor_then_instance register, and add some register allocation
scopes to reduce temporary register use. This also allows us to change
FindNonDefaultConstructor to only need one output for both constructor
and instance.

Also make BuildCreateArrayLiteral a bit more friendly to the interpreter
register allocation.,

Bug: v8:13091
Change-Id: I0b6015b0bc6810bb4607157d715b7e536efb89f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876386
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83077}
2022-09-08 13:41:21 +00:00
Marja Hölttä
c7bf46eabc [baseline] Omit calling default ctors
I.e., implement a baseline handler for the FindNonDefaultConstructor
bytecode.

Bug: v8:13091
Change-Id: If1b119ae0479e54d2a89143bf8f40faeadb1abaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871206
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83076}
2022-09-08 13:27:50 +00:00
Camillo
9459c27b68 [deserializer] Reduce DCHECK noise for fuzzing
Skip over DCHECK in fuzzing that is always checked later by getting the
value from a Maybe object.

Bug: chromium:1359230, chromium:1360735
Change-Id: I9512e27fdeb1d6919e24bd631ae2caece7aed466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874934
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83075}
2022-09-08 13:17:28 +00:00
Milad Fa
c0f420ef5c PPC/s390: [log][compiler] Enable first-execution logging
Port b257641833

Original Commit Message:

    Re-implement the --log-function-events functionality after
    refactoring the tiering state bits on the FeedbackVector.

    The new version also tries to log first-execution of non-interpreter
    code and will handle OSR events.

    Not-yet supported:
    - First-execution logging when OSR-ing in Sparkplug or Maglev

R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I2a99ca0976bc81e5994fa2e1c6d8045c303fc0f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876375
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83074}
2022-09-08 12:37:23 +00:00
Dominik Inführ
c4177c539f [heap] Remove page from space in ReleaseEvacuationCandidates
We used to remove the page from the space in the "evacuation" phase,
such that the following "update pointers" phase wouldn't try to
update pointers for evacuation candidates.

In this CL we move page removal to ReleaseEvacuationCandidates() which
is run after the "update pointers" phase finished. In the
"update pointers" we can skip evacuation candidates to not update
pointers on those pages.

That way PostProcessEvacuationCandidates() can be renamed to
PostProcessAbortedEvacuationCandidates() since it now only handles
aborted evacuation candidates.

Bug: chromium:1359294, v8:12578
Change-Id: Ifc4f58d71b630c3ef72f2bd994fedeabba878945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879486
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83073}
2022-09-08 12:30:49 +00:00
Dominik Inführ
682947f813 [heap] Clear markbits for evacuated objects in ReRecordPage
Move clearing of markbits in the evacuated area into ReRecordPage,
which also resets all other metadata for that memory area.

Since this case is now handled in ReRecordPage, all other use cases
can delete markbits for the whole chunk and allows the
VisitBlackObjects* methods to not deal with markbits anymore.

Bug: chromium:1359294, v8:12578
Change-Id: Ic98debe04efb7f415cf06efb58af0f728071aa65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879499
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83072}
2022-09-08 12:29:45 +00:00
Teodor Dutu
2a8f562877 Revert "[ptr-compr-8gb] Align Turbofan allocations to 8 bytes"
This reverts commit f97f7d79fc.

Reason for revert: a simpler approach will be used instead.

Original change's description:
> [ptr-compr-8gb] Align Turbofan allocations to 8 bytes
>
> In order to support a larger heap cage (8GB, 16GB), the cage offset
> will take up more than 32 bits. As a consequence, for 8GB cages, the
> least significant bit of the cage offset will overlap with the most
> significant bit of the tagged offset. To avoid this, allocations need
> to be aligned to 8 bytes to free up one bit from the offset.
>
> All changes are deactivated behind the build flag
> `v8_enable_pointer_compression_8gb`. Allocation folding is not yet
> supported.
>
> Bug: v8:13070
> Change-Id: I602c71232e98eac4e2701b0922704a7adc31a662
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817741
> Commit-Queue: Teo Dutu <teodutu@google.com>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82331}

Bug: v8:13070
Change-Id: Id2186898596847142a80aba7604e870093a26d8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879224
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Teo Dutu <teodutu@google.com>
Cr-Commit-Position: refs/heads/main@{#83071}
2022-09-08 12:14:15 +00:00
JialuZhang-intel
3c6cd92d81 [x64] use movl for move instruction with word32 operand.
Before:
  488bd6 REX.W movq rdx, rsi

After:
  8bd6 movl rdx, rsi

This CL can save a 1-byte encoding length for move instruction.

Change-Id: Ief482b4093f22ab810dbc693e8d9ed55a8c14c84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875397
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83070}
2022-09-08 11:52:25 +00:00
Camillo
2c0a49f39c [tools][profiling] Add googler pprof support for chrome helper
- Add gcert/gcertstatus support for chrome helper
- Skip pprof uploading for non-googlers
- Print better local results instructions for multiple chromium
  results files
- Fix docs link in --help text
- Exit silently when a keyboard interrupt ocurred

Drive-by-fix:
- format files
- sort imports

Change-Id: I88bae27102dbf3d560c4203774d9746e96fdbdc5
No-Try: True
No-CQ: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878166
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83069}
2022-09-08 11:43:06 +00:00