Commit Graph

66007 Commits

Author SHA1 Message Date
Georg Neis
5a8f1efe7f Remove obsolete {Binary,Number}OperationHint::kSigned32
Change-Id: Ib1855adbf0292381f2b279d5b44fbddff551a4d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557499
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71365}
2020-11-24 11:12:10 +00:00
Georg Neis
ba1b2cc09a [compiler] Fix a bug in SimplifiedLowering
SL's VisitSpeculativeIntegerAdditiveOp was setting Signed32 as
restriction type even when relying on a Word32 truncation in order to
skip the overflow check. This is not sound.

Bug: chromium:1150649
Change-Id: I3113a2102c62d6ecef342c98d25daf31431c01ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557498
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71364}
2020-11-24 11:09:40 +00:00
Clemens Backes
1a37d561b2 [inspector][fuzzer] Be more compatible with inspector-test
Make compileAndRunWithOrigin accept the same six arguments as
inspector-test. This makes inspector tests more useful as seed for the
inspector fuzzer, and allows to run more inspector fuzzer outputs
directly in the inspector-test binary.

R=szuend@chromium.org

Bug: chromium:1142437
Change-Id: Ib9e9768c834204ff17a641e9d462400a139bf6b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557507
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71363}
2020-11-24 11:05:35 +00:00
Maya Lekova
f3b77a2ac9 Revert "[int] Fix security bug in Intl.ListFormat"
This reverts commit 1341dbd209.

Reason for revert: The new test is failing on arm64 simulator MSAN - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/35559

Original change's description:
> [int] Fix security bug in Intl.ListFormat
>
> Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1
>
> Real fix in 3bf08c6a50
>
> Bug: chromium:1150371
> Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71357}

TBR=jkummerow@chromium.org,machenbach@chromium.org,ftang@chromium.org,syg@chromium.org

Change-Id: I10862ad1fb308d1610b8f7a80cca43c010475397
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1150371
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557512
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71362}
2020-11-24 11:04:31 +00:00
Frank Tang
c343c06d5a Fix IntlLegacyConstructedSymbol
Bug: v8:11174
Change-Id: If84c9056d0147720dabce52154648b4086146d0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556258
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71361}
2020-11-24 10:28:30 +00:00
Dominik Inführ
afd09a05bc [heap] Fix race in scavenger
For pages that are already swept, it can happen that one thread
iterates old-to-new-slots while another thread promotes an object onto
the same page.

Accessing the slot_set in Scavenger::ScavengePage therefore needs to be
atomic.

Bug: v8:11077
Change-Id: I086db612ed4e861aa9bd1c18fdf5c0e17c519a4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555009
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71360}
2020-11-24 10:14:00 +00:00
Manos Koukoutos
39b2b0de91 Revert "[wasm] Small changes in opcode organization"
This reverts commit 21f001e81a.

Reason for revert: Changes in SIMD created merge errors.

Original change's description:
> [wasm] Small changes in opcode organization
>
> Changes:
> - Move call_ref and return_call_ref to misc opcodes.
> - Create macro which groups all simd opcodes.
>
> Change-Id: I7742c8a27fe8859d1bbe129d8056420aaffe0931
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549948
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71355}

TBR=ahaas@chromium.org,manoskouk@chromium.org

Change-Id: I31a9a0a62e1e40a09f29f944bccb18694236c62b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557509
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71359}
2020-11-24 10:11:22 +00:00
Jakob Gruber
ad52295149 [compiler] Ensure the function is compiled after CompileOptimized
The Code object returned by CompileOptimized runtime functions is
tail-called to continue execution. This Code object should not be the
CompileLazy builtin.

We ran into this case when the requested code kind was available, but
not attached - here we returned early from Compiler::CompileOptimized
without doing anything.

To satisfy the postcondition, this CL removes the early exit and lets
GetOptimizedCode handle the cached cases (both the FeedbackVector's
optimized code cache, and the isolate cache).

Bug: v8:8888
Change-Id: Ie60e6cf27b697ea6685441184b65f28f3583f75a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557500
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71358}
2020-11-24 09:51:20 +00:00
Frank Tang
1341dbd209 [int] Fix security bug in Intl.ListFormat
Also add test to ensure it won't crash. The crash is caused by int32_t overflow inside ICU68-1

Real fix in 3bf08c6a50

Bug: chromium:1150371
Change-Id: I71c7bb3c50453fe3fa40226cab83bee0d865b0f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551212
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71357}
2020-11-24 09:37:50 +00:00
Omer Katz
0e0d1b0d7c cppgc: Fix cppgc build
The CPPGC_BUILD_IN_V8 define (used for tracing) isn't propagated from
v8_base_without_compiler to cppgc_base, which breaks build with
perfetto. Instead use a gn args to specify standalone builds (defaulted
to false) and use that to choose the right tracing implementation.

Bug: chromium:1056170
Change-Id: I70bce819d45fb133b6f932a50a5d027e39f3e5b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555007
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71356}
2020-11-24 09:35:50 +00:00
Manos Koukoutos
21f001e81a [wasm] Small changes in opcode organization
Changes:
- Move call_ref and return_call_ref to misc opcodes.
- Create macro which groups all simd opcodes.

Change-Id: I7742c8a27fe8859d1bbe129d8056420aaffe0931
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549948
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71355}
2020-11-24 09:32:20 +00:00
v8-ci-autoroll-builder
32a94886b5 Update V8 DEPS.
Rolling v8/build: 49ce9a3..356ef25

Rolling v8/third_party/aemu-linux-x64: nv6wFuL5e4oM14o83fKYTaYGvYpeIY0g-cCj2yzejZwC..qDJOg4W2RuPZ92H6d33I9kLLWjqfYuMr_gFsPRodSQAC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/91c1a7c..a629d81

Rolling v8/third_party/depot_tools: 9c0dc30..260eb0f

Rolling v8/third_party/icu: 7db579a..6a33b64

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I3a55a0b4ff6111cfa3fa79a22d842530b10087f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2556499
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71354}
2020-11-24 03:50:59 +00:00
Zhi An Ng
7f770766d8 [wasm-simd][arm64] Prototype prefetch arm64
Prototype 2 prefetch instructions (temporal and non-temporal) on arm64
and interpreter.

Add prfm to assembler, and use MiscField to encode the two versions.
Small tweak to simulator to handle these new instructions (no-op).

The implementation in the interpreter just pops the memory index and
does nothing.

Simple test cases added for these 2 new instructions, as well as a
prefetch with OOB index, which should not trap.

Bug: v8:11168
Change-Id: Ieced8081615d07f950d6d4c1128d1bc6a75839fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543167
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71353}
2020-11-24 02:44:09 +00:00
Zhao Jiazhong
8f71a2675e [mips][cleanup] Remove unused function and opcode
Now the ModS opcode and MacroAssembler::EmitFPUTruncate function
are useless, and should be removed.

Change-Id: I5ba7c2cd01084b322046c8267b7581ab9d1755c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554382
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71352}
2020-11-24 01:42:09 +00:00
Zhi An Ng
9d9e8b41dc [wasm-simd][arm64] Prototype i64x2.bitmask
Drive-by cleanup for other bitmask instructions to
UseScratchRegisterScope instead of using temporary registers in
instruction-selector.

Bug: v8:10997
Change-Id: Id46d249fd20ceaeab8e867babec8b34d7995c17f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2548081
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71351}
2020-11-24 01:20:09 +00:00
Zhi An Ng
11910df32c [arm] Add disasm for other encodings of vld1/vst1
Currently we only correctly disassemble encoding A4, with a list of 4
regs.

Also added tests for these encodings.

Change-Id: I38066186d19deb8c180129d7a92b49bc589315cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554258
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71350}
2020-11-24 01:16:29 +00:00
Zhi An Ng
8158c8c078 [wasm-simd][ia32] Remove some SSE<->AVX transitions
In our codegen, we are mixing SSE and AVX. This can potentially cause
transition delays. Ideally we should stick to one. We add some new AVX
versions of movss and movsd, then use the macro-assembler methods to
generate AVX instructions if supported.

Bug: v8:11190
Change-Id: Iff7c0fb892cea85731f880ac2895480621b3092f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554257
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71349}
2020-11-24 01:02:23 +00:00
Bill Budge
86991d0587 Reland "stack-trace-api: implement getEnclosingLine/Column"
This reverts commit 5557a63beb.

Reason for revert: Sheriff's mistake, failing test was previously flaking.

Original change's description:
> Revert "stack-trace-api: implement getEnclosingLine/Column"
>
> This reverts commit c48ae2d96c.
>
> Reason for revert: Breaks a profiling test:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/30010
>
> Original change's description:
> > stack-trace-api: implement getEnclosingLine/Column
> >
> > Introduces getEnclosingColumn and getEnclosingLine on CallSite
> > so that the position can be used to lookup the original symbol
> > for function when source maps are used.
> >
> > BUG=v8:11157
> >
> > Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Benjamin Coe <bencoe@google.com>
> > Cr-Commit-Position: refs/heads/master@{#71343}
>
> TBR=jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com
>
> Change-Id: Iab5c250c1c4fbdab86971f4a7e40abc8f87cf79c
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:11157
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555384
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71345}

TBR=bbudge@chromium.org,jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com

# Not skipping CQ checks because this is a reland.

Bug: v8:11157
Change-Id: I8dba19ceb29a24594469d2cf79626f741dc4cad3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555499
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71348}
2020-11-23 20:05:02 +00:00
Etienne Pierre-doray
873e5aa32a Reland "Reland "[Heap]: Convert Sweep to Job""
This is a reland of b16c7e5b1c

Issue: ShouldYield is called multiple time.
Fix: ConcurrentSweepSpace returns false if not done (yielding), to avoid
calling it again.

Issue: failing test-streaming-compilation
Safe to reland after
https://chromium-review.googlesource.com/c/v8/v8/+/2507379

Original change's description:
> Reland "[Heap]: Convert Sweep to Job"
>
> This is a reland of 795c0b1c7b
> Reason for revert:
> TSAN failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33884
> Safe to reland as-is with fix to EagerUnmappingInCollectAllAvailableGarbage
> https://chromium-review.googlesource.com/c/v8/v8/+/2502809
>
> Original change's description:
> > [Heap]: Convert Sweep to Job
> >
> > max concurrency is inferred from queue size for OLD_SPACE & MAP_SPACE.
> > Extra Sweeper::TearDown() in MarkCompactCollector::TearDown() is needed
> > to cancel job.
> >
> > Change-Id: Iafba7d7d24e8f6e5c5a1d5c0348dea731f0ac224
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480783
> > Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#70767}
>
> Change-Id: Id9a5baceed4664f53da39597af56a2067e4f3c6f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502808
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70845}

Change-Id: I32de9faebdbd2f7f6d7f9a9525871fc691fb3f2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507378
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71347}
2020-11-23 20:01:32 +00:00
Etienne Pierre-doray
686e48b2f8 [test]: Fix streaming-compilation MockTaskRunner synchronisation.
MockTaskRunner is missing a lock to protect tasks queue, causing flaky
tsan. This is similar to:
https://source.chromium.org/chromium/chromium/src/+/master:v8/test/cctest/wasm/test-wasm-metrics.cc;l=94?q=test%2Fcctest%2Fwasm%2Ftest-wasm-metrics.cc&ss=chromium

Previous CL https://chromium-review.googlesource.com/c/v8/v8/+/2507379
probably revealed the issue to TSAN by bringing more tasks.

Bug: v8:11194
Change-Id: Ib45c4afb4e7a86c9b4a54518876e311598747919
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555383
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71346}
2020-11-23 19:23:01 +00:00
Bill Budge
5557a63beb Revert "stack-trace-api: implement getEnclosingLine/Column"
This reverts commit c48ae2d96c.

Reason for revert: Breaks a profiling test:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/30010

Original change's description:
> stack-trace-api: implement getEnclosingLine/Column
>
> Introduces getEnclosingColumn and getEnclosingLine on CallSite
> so that the position can be used to lookup the original symbol
> for function when source maps are used.
>
> BUG=v8:11157
>
> Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Benjamin Coe <bencoe@google.com>
> Cr-Commit-Position: refs/heads/master@{#71343}

TBR=jkummerow@chromium.org,yangguo@chromium.org,bencoe@google.com

Change-Id: Iab5c250c1c4fbdab86971f4a7e40abc8f87cf79c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11157
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555384
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71345}
2020-11-23 19:19:04 +00:00
Milad Fa
9820f02d5c PPC: [wasm-simd] Implement S128Const and S128AllOnes
Change-Id: I8f8b0b525541cec1a814b7df6ffe0baf00514929
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554526
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71344}
2020-11-23 18:17:32 +00:00
bcoe
c48ae2d96c stack-trace-api: implement getEnclosingLine/Column
Introduces getEnclosingColumn and getEnclosingLine on CallSite
so that the position can be used to lookup the original symbol
for function when source maps are used.

BUG=v8:11157

Change-Id: I06c4c374d172d206579abb170c7b7a2bd3bb159f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2547218
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benjamin Coe <bencoe@google.com>
Cr-Commit-Position: refs/heads/master@{#71343}
2020-11-23 15:44:41 +00:00
Camillo Bruni
a48fcd6d3b [api] Add module streaming support
- Add support for module streaming compilation
- Enable module streaming testing d8
- Update API tests to include basic module streaming

Bug: chromium:1061857
Change-Id: I3ac95f7d672c382406182fb6900b1095f15c63b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536457
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71342}
2020-11-23 15:18:21 +00:00
Victor Gomes
1df2f22fb6 [nci] Fix arguments order in call of ConstructWithSpread_WithFeedback
ConstructWithSpread_WithFeedback uses the same argument order as JS linkage, therefore arguments should be inserted in reversed order.
See https://source.chromium.org/chromium/chromium/src/+/master:v8/src/codegen/interface-descriptors.h;drc=c7cb9beca18d98ba83c3b75860b912219d425d0e;l=507

Change-Id: I4d3ded048a08ba9a2a4d30da4c41044d9669becc
Bug: chromium:1145990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2549952
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71341}
2020-11-23 15:13:01 +00:00
Santiago Aboy Solanes
4e34d7af84 [compiler] Add (Local)?Isolate parameter to String::Get
If we have a regular isolate (or none at all), we can skip acquiring
the lock check and DCHECK that we are calling from the main thread.
If we have a LocalIsolate, we acquire the string lock if needed.

Bug: v8:7790
Change-Id: Ie3562e8172a3e3eca8d194e8652cb881f765cdb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551102
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71340}
2020-11-23 15:07:42 +00:00
Manos Koukoutos
051a29cceb [wasm-gc] Implement JS roundtrip for anyref
We use the same temporary mechanism as with eqref, in anticipation of
standardization of the wasm-gc JS API.

Bug: v8:7748
Change-Id: I224a043e5450ce489fc7f3b2f07f277a0444b8e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546695
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71339}
2020-11-23 14:18:31 +00:00
Dominik Inführ
c875ab35b2 [heap] Remove unused method in ArrayBufferSweeper
Change-Id: I51f2152d8a26fb0b266a41f7d284ced7908eb475
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554603
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71338}
2020-11-23 14:02:03 +00:00
Clemens Backes
b61e85a3c0 [wasm] Revisit maximum jump table distance
This changes a '<' to a '<=' and adds a comment to explain why it is
safe to use a jump table where the maximum distance is exactly
{kMaxCodeSpaceSize}.

R=jkummerow@chromium.org

Bug: chromium:1151364
Change-Id: Id4971a2e9095fa99df48367ab09af4adbfadffaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552906
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71337}
2020-11-23 13:40:41 +00:00
Liu Yu
6ded810bb2 [mips][builtins] Avoid reloading undefined value in InterpreterEntryTrampoline
Port: 40c0f84a38

Bug: v8:9771
Change-Id: Icbe4e3450bb6ef7242804ca9d7f46cb6f1aed40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539538
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71336}
2020-11-23 11:22:50 +00:00
Jakob Kummerow
db5ede7ff8 Fix rare stack overflow in instanceof
For a very particular special case (long "chains" of bound
functions with an undefined @@hasInstance handler), evaluating
the `instanceof` operator could lead to a very deep recursion.
This patch adds a stack check to make sure we throw rather than
crash on stack overflow.

Bug: v8:11115
Change-Id: I6bf941b9e75e9fe3a52112ade27388ac4fbbda2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545624
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71335}
2020-11-23 10:48:49 +00:00
Georg Neis
5b5916ca35 [compiler] Add some DCHECKs to compilation dependencies
Bug: v8:7790
Change-Id: Idee149b3d59064941473d5e17e2c56a253a5f49d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2546691
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71334}
2020-11-23 10:00:05 +00:00
Michael Achenbach
0a9bcd013a [js-fuzzer] Disallow flag that causes false positives.
Don't pass the correctness-fuzzing suppressions to normal fuzzing as
they turn stack overflows and invalid string length checks into
crashes.

This became first now a problem after the flag was passed in an mjsunit
test case.

No-Try: true
Bug: chromium:1151600,chromium:1151599
Change-Id: I5d29900a4b155762cae447fc102055eab1916309
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551112
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71333}
2020-11-23 09:45:09 +00:00
Zhao Jiazhong
7e24c4957e [mips] Request to be an owner of MIPS files
I'm working for Loongson Technology, and I have contributed 120+
patches to maintain v8 on mips platform. I request to be an owner
of MIPS files, so that we can maintain mips ports more conveniently.

Change-Id: Ib01dadfb879fefe7c095398930573e8df0f7c8dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2525542
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71332}
2020-11-23 09:43:49 +00:00
Liu Yu
c1bc0edc79 [mips][wasm][memory64] Prepare Liftoff for ptrsize offsets
Port: commit 1da429fb8a

Bug: v8:10949

Change-Id: I77d28b26a78fe098b529d6ac333c0dac49850b4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553160
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71331}
2020-11-23 09:31:19 +00:00
Marja Hölttä
141ede2ec1 [ast-value-factory] Fix length mismatch in string comparison
When comparing two-byte strings, the correct number of characters to
compare is length(), not byte_length().

The bug was introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/2533038

There's no regression test, since going beyond the AstRawString
boundary generally doesn't crash.

Bug: chromium:1151602
Change-Id: I32c297c2751835dd7574ff928d2d5b8346b4381a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551110
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71330}
2020-11-23 09:20:39 +00:00
Camillo Bruni
e49ea59739 [d8][owners] Add cbruni as src/d8 owner
Change-Id: Ib34bb9aeeab0e092cdfa49da11382cdb5a8a20e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2545709
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71329}
2020-11-23 09:09:49 +00:00
v8-ci-autoroll-builder
9881ef006e Update V8 DEPS.
Rolling v8/build: afc55ca..49ce9a3

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I70102bf08d91bdc1503e1dd8160dbee9b252bf7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553924
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71328}
2020-11-23 03:40:58 +00:00
v8-ci-autoroll-builder
203a72833c Update V8 DEPS.
Rolling v8/build: 030a312..afc55ca

Rolling v8/third_party/aemu-linux-x64: gt2DKWmtJU6vqOju1UcBB-_Nthud81s3cnZkERzzSEUC..nv6wFuL5e4oM14o83fKYTaYGvYpeIY0g-cCj2yzejZwC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/11b4013..91c1a7c

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ife95420b8e3b3c42a473f37bf3518c0323736200
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553666
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71327}
2020-11-22 03:50:08 +00:00
v8-ci-autoroll-builder
8871b7e16b Update V8 DEPS.
Rolling v8/build: ee1c001..030a312

Rolling v8/third_party/aemu-linux-x64: 4f-YWuHlGrqS9jy308GUs0eo8DxU3h6PwgpHfNYq290C..gt2DKWmtJU6vqOju1UcBB-_Nthud81s3cnZkERzzSEUC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2ed6fc0..11b4013

Rolling v8/third_party/depot_tools: 2f8e0fa..9c0dc30

Rolling v8/third_party/zlib: e84c9a3..9893e50

Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47

Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47

Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:6cbe3f56e9f00b8f65eae21f01838a8b58191a47

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ia6309934987cdc0f0da95a83875041761673ec3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2553156
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71326}
2020-11-21 03:48:36 +00:00
Milad Fa
e9d1e6b16b cppgc: Fix compilation error on gcc
Without the cast, gcc might throw the following error
during compilation:

error: enumeral mismatch in conditional expression:
'cppgc::internal::StatsCollector::ScopeId' vs
'cppgc::internal::StatsCollector::ConcurrentScopeId'

Change-Id: I95e230310a0cbdc775d63657b8c407a8392a57e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551104
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71325}
2020-11-21 03:47:31 +00:00
Junliang Yan
f121194c51 s390x: cleanup rounding constants
Drive-by: Add alias for lzer on Assembler
Change-Id: Id0d705ef864899241f77d92c2cf8a144f753ef15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552928
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71324}
2020-11-20 23:26:21 +00:00
Junliang Yan
95efd8c11d s390x: Add LER and LEZR simulator implementation
Change-Id: I771d3db6510146b043c9dd0a3bae8a9a67b21176
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552927
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71323}
2020-11-20 22:44:10 +00:00
Thibaud Michaud
920bc23f88 [wasm] Deserialization: publish in the background
Following up on:

[wasm] Deserialization: copy and relocate in the background
https://chromium-review.googlesource.com/c/v8/v8/+/2543932

Also move publishing in a background task. Now all three steps of
deserialization run in separate task as a pipeline.

R=ahaas@chromium.org
CC=clemensb@chromium.org

Bug: v8:11164
Change-Id: Ic4ad09ea5e96bda84cc66d0bdc6473aadea5596b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2551101
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71322}
2020-11-20 18:56:34 +00:00
Junliang Yan
2dc199b963 s390x: cleanup more rounding related simulation
Change-Id: I63c10010a9605f1ab40b9ce00039aa6a6a46bbbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552545
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71321}
2020-11-20 18:51:34 +00:00
Andreas Haas
83095e9a33 [wasm][liftoff] Change size of references on stack to kSystemPointerSize
With pointer compression, the size of a reference depends on whether it
is stored on the stack or on the heap. The size provided by
ValueType::element_size_bytes() is the size of a reference on the heap.
LiftoffAssembler::SlotSizeForType(...) however should return the size
on the stack. This CL fixes this inconsistency.

This issue would have been found by an existing test, but this test is
disabled at the moment because of missing safepoint maps for stack
checks.

R=thibaudm@chromium.org

Bug: v8:7581
Change-Id: Ia45944b265fa4ce0d560ff00a24b023d6c1ae10a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552515
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71320}
2020-11-20 18:32:44 +00:00
Leszek Swirski
f47e59e045 [asserts] Make assert scopes LocalHeap friendly
Because of LocalHeap safepoints, our existing assert scopes don't
necessarily maintain the same guarantees as desired. In particular,
DisallowHeapAllocation no longer guarantees that objects don't move.

This patch transitions DisallowHeapAllocation to
DisallowGarbageCollection, to ensure that code using this scope is
also protected against safepoints.

Change-Id: I0411425884f6849982611205fb17bb072881c722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2540547
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71319}
2020-11-20 17:39:14 +00:00
Alex Turner
d3fd6d2508 Speed up StackTraceFrame::GetFileName()
This retrieves script name directly from StackFrameBase, bypassing
building of StackFrameInfo if one hasn't already been initialized,
thus avoiding computation of expensive properties that are not required.
This matches current behavior of GetScriptNameOrSourceURL() and is a
workaround until a dedicated API is available.

This is necessary to switch AdTagging over from using
GetScriptNameOrSourceURL() to GetScriptName(), to ensure that scripts
with source urls are tagged appropriately. (See crrev.com/c/2551259.)

Bug: chromium:1127391
Change-Id: I6eb145b88c26deb1a088f038b0f8b377bc8fe3ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2550504
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71318}
2020-11-20 16:04:38 +00:00
Milad Fa
794c230573 PPC/s390: Reland "[wasm][memory64] Prepare Liftoff for ptrsize offsets"
Port 1da429fb8a

Original Commit Message:

    This is a reland of 800307f6a5, with a
    minimal fix for arm64 (uint64_t -> uintptr_t).

    Original change's description:
    > [wasm][memory64] Prepare Liftoff for ptrsize offsets
    >
    > This CL prepares the LiftoffAssembler interface for uintptr_t offsets.
    > Many places can still only handle 32-bit values, but after this CL we can
    > start storing the offsets as uintptr_t in the memory access immediates.
    > Some TODOs are placed to extend code generation for 64-bit additions, if
    > memory64 is enabled.
    > All of this will be addressed in follow-up CLs.
    >
    > R=manoskouk@chromium.org
    >
    > Bug: v8:10949
    > Change-Id: Id3b9b8aa555ab41f082ba012f4f8d80586c35b89
    > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529452
    > Commit-Queue: Clemens Backes <clemensb@chromium.org>
    > Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#71236}

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I87a421ab1fe6e4d0f2098c24ff34a3888631722e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552166
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71317}
2020-11-20 16:03:34 +00:00
Michael Lippautz
9d90e60105 cppgc: Provide default implementation of Platform::GetTracingController
Bug: chromium:1056170
Change-Id: I53e0e45045282c1fd217af34ff31b7e6411624b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2552508
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71316}
2020-11-20 15:22:54 +00:00