On x64.release for linux this didn't affect binary size at all but
should improve readability of usages.
Bug: v8:7748
Change-Id: I46ecc9c2b4814244f6b5114f9ea199cd4d0220cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904602
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83337}
DCHECK that input registers that are clobbered (e.g. because they are
also an output register) are not used as register inputs into eager
deopts.
This is already the case because we're only allowed to mutate input
registers that alias the result register, and eager deopt input
allocation happens after result register allocation, but this DCHECK
makes this assumption explicit and will break if we ever change the
regalloc.
Bug: v8:7700
Change-Id: I4e00a8be88e0984044d8fc5b661eaf7bea801b17
Fixed: v8:13278
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905189
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83330}
This change allows to put Wasm structs / arrays into prototype
chains. While this isn't particularly useful (as any access lookup
on the wasm object will throw a TypeError), there isn't any reason
not to allow it.
Bug: v8:7748
Change-Id: I81cf709d2e8403b545bbba9ad9c538c1e9748c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901979
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83329}
If a shift right is performed with a negative value <= -32,
it may not be reduced to a 32 bit shift.
The reduction optimization was introduced by commit
2298b35f7c.
Fixed: v8:13290
Change-Id: Ifb16ed85560ab54d211ebb407690abe2c156e3a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905143
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83324}
Array.prototype.group and Array.prototype.groupToMap have an optional
thisArg, which is currently not passed.
Bug: v8:13301, v8:12499
Change-Id: Ib927638401d39ed0cbcc0595ab41fde328ef43cc
Fixed: v8:13301
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905934
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83323}
This is a reland of commit d7fcbba80e
The LSan support logic of the ExternalPointerTable has been optimized to
avoid timeouts on sanitizer bots
Original change's description:
> [sandbox] Increase ExternalPointerTable maximum capacity to 512MB
>
> Bug: v8:10391
> Change-Id: I383e11bdccf6fcaf13f29d25e1404545067d313e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891249
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83203}
Bug: v8:10391
Change-Id: If50156d6fecff7ca8ece5c350e7b08936f50daa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905141
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83322}
This CL fixes isolate deserialization such that the first test for
concurrent allocation in the shared spaces already succeeds.
* Allows dereferences for the shared heap and not just for the shared
isolate.
* Updates shared_heap_object_cache() for --shared-space.
* Sets IN_SHARED_HEAP flag on all shared space pages.
Bug: v8:13267
Change-Id: I912630da34f93e15d2ddef77a45a5e875bdceff0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902523
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83320}
This CL adds a test that checks the block list for outer functions is
also correctly calculated when pausing in inner functions.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: I2d7c1671475759b977e4e41c7e09856b3b2e7daf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904308
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83319}
This CL introduces a new root that is conceptually a
WeakMap<ScopeInfo, Tuple2<ScopeInfo, StringSet>>
Instead of storing the "locals block list" for debug-evaluate on the
`ScopeInfo` object directly, we will store it instead in a global
WeakMap. This enables us to re-use the "locals block lists" across
multiple debug-evaluate invocations without having to modify the
`ScopeInfo` of `SharedFunctionInfo`s.
R=bmeurer@chromium.org
Doc: https://bit.ly/chrome-devtools-debug-evaluate-design
Bug: chromium:1363561
Change-Id: Ib52f9abd97cf1c8fa3053ff3c61a6062c4b814be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902041
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83318}
Since we have the NodeInfo map in known_node_aspects now anyway, use it
for representation changes instead of the current interpreter frame
value swapping mechanism.
We originally didn't want a map for representations, but if we have one
anyway for node types, it makes sense to merge the two mechanisms.
This also allows us to get rid of the "register same as accumulator"
hack for binops, which was trying to avoid redundant representation
changes, since the redundancy is removed by the node aspects mechanism
automatically. It's kept for CheckedInternalizedString, since that isn't
a representation change within our framework (maybe it should be?).
Bug: v8:7700
Change-Id: I92491307f83d3b63fc7a210f6b8754e45d3531a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905182
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83317}
This is a reland of commit defa678e8b
Original change's description:
> cppgc: Be more conservative in Seeper::FinishIfOutOfWork
>
> Finalizing sweeping can be beneficial to truly end a GC cylce. We
> should only finalize in `FinishIfOutOfWork()` though if that would not
> introduce any jank. Limit the amount of executing finalizers in that
> scenario.
>
> Bug: v8:13294
> Change-Id: I0237f6b6017d444c457923d83e85147c58586445
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902222
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83279}
Bug: v8:13294
Change-Id: I426a54785d1a0f569c2200156dcf41a5d5c7876f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902583
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83316}
We currently use 1 test case per file for tests that check that
debug-evaluate correctly blocks the lookup of stack-allocated
variables.
This CL adapts a similar approach to `debug-scopes.js`, making it
easier to add new test cases in the future.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: I8ff8cfe7d59f0b9808dc02c5579e058f490553eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904544
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83315}
Slots in free memory need to be removed. After a GC the JS application can create additional free memory by either left- or right-trimming
of heap objects. The sweeper might discover memory that was freed
because of such operations.
In case the sweeper discovers free memory, there can't be any
recorded slots in it. Otherwise subsequent allocations might store
untagged values in those slots and the next deref would most
likely crash.
Remove OLD_TO_SHARED slots in freed memory when left-trimming, right-
trimming and for DeleteObjectPropertyFast.
Also full GC was right-trimming objects which now needs to remove
slots in OLD_TO_SHARED.
Bug: v8:11708
Change-Id: I5761336e103704929fbd455d74bdbb499ae23f61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905144
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83314}
Allow non-registered symbols as keys in weakmap and weakset.
Allow non-registered symbols as target and unregisterToken in
WeakRef and FinalizationRegistry.
Bug: v8:12947
Change-Id: Ieb63bda66e3cc378879ac651e23300b71caed627
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865056
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83313}
The hoursInDay could be fractional number on the date of changng
daylight saving time for time zone in half hours or some historical time
zone.
Ex: Australia/Lord_Howe on Sunday, April 3, 2022, 2:00:00 am clocks were
turned backward 0:30 hours to Sunday, April 3, 2022, 1:30:00 am local
standard time instead. so that day will have 24.5 hours.
On Sunday, October 2, 2022, 2:00:00 am clocks are turned forward 0:30
hours to Sunday, October 2, 2022, 2:30:00 am local daylight time
instead. So the hoursInDay for that day is only 23.5 hours.
Historically, Singapore from 1933 to 1941 moved clocks forward 20 minutes for daylight savings, resulting the day in 24.33333 and
23.66667 hours.
Test covered in https://github.com/tc39/test262/blob/main/test/staging/Temporal/ZonedDateTime/old/dst-properties.js
Change the return type from MaybeHandle<Smi> to MaybeHandle<Object> so
we can return non integer value. Also change the method of division by
first convert the value to second in BigInt, then divid 3600 (number of
seconds in a hour) in double.
Bug: v8:11544
Change-Id: Ia69d2606cd832e51f415a00440fb9cbc236883e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901619
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83311}
Refactor the interface between intl and Temporal and pass
the nanosecond in BigInt to intl. Approximate the nanoseconds
to the correct close by millisecond depending on the usage
before calling ICU API and convert the result millisecond into
BigInt in nanosecond before return from intl.
Remove Maybe for function always complete.
Bug: v8:11544
Change-Id: Icc471b80312c513c9415b690804aa624df4a387d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897165
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83310}
Test was using concurrent sweeper which could lead to the concurrent
sweeper holding onto memory until the allocation succeeded in rare
cases.
Bug: v8:13308
Change-Id: I0f9f93cc503cdc17d6962b3c31bc4ea698b4cb42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905183
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83309}
This method will be used in the marking visitors to stop marking into
the shared heap from e.g. worker or client heaps.
Bug: v8:13267
Change-Id: I7a099a3f816fa5d867d6a99558838389914e3048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904606
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83308}
Make sure both the fast and slow version return the same value in case
of wrong follow-bit values in the input.
Bug: chromium:1359230, chromium:1360735
Change-Id: Ic65f81109e5bbc288fa41a5540ec7e6cece10ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890998
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83307}
For the 'finish compilation' event for all tiers (SP, ML, TF),
consistently use the 'completed compiling' message prefix.
For deoptimization, print the Code object in addition to the JSFunction
(now that deopts may happen in both ML and TF).
Bug: v8:7700
Change-Id: I3375db91413195c92007db9b1b202af9bd6ac05a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904601
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83303}
... which will contain all compression scheme related functions.
This will allow introducing custom compression schemes for certain
cases and use the compression scheme class as a template argument for
TaggedField or OffHeapCompressedObjectSlot implementations.
Bug: v8:7703, v8:11880
Change-Id: Ic78d36b7021110d6a4797a3150547a224d942b32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899262
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83302}
ArrayBuffers of length 0 may not have a BackingStore, so guard for that
case in ArrayBuffer.prototype.transfer.
Bug: v8:11111, chromium:1364738
Change-Id: I058d00f0f60183f9137c60682ad93973c7a6dcbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902517
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83301}
This change tests all JavaScript language constructs and builtins in
combination with the unwrapped Wasm objects.
For JavaScript, excluding some basic introspection (e.g.
`Object.isExtensible`) WebAssembly GC objects are treated opaque.
They can be passed around freely but don't allow any access to
properties, elements etc.
This behavior is currently exposed only if the `wasm-gc-js-interop`
flag is set.
Bug: v8:7748
Change-Id: If0dc368f99d4097e3eaf53edde4e244e3081e334
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879616
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83299}
The parallel move optimizer tries to use the scratch register to store
cycle breaks, but needs to spill the value if the scratch register is
needed for stack->stack moves. Whether this spill happened is supposed
to be tracked with the scratch_has_cycle_start_ field, but the update of
this field was missing.
Bug: v8:7700
Change-Id: I2dc8d9186c9ec8ca03104fd3ae972a38924670ed
Fixed: chromium:1364783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899086
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83297}
This reverts commit defa678e8b.
Reason for revert: Blocks roll:
https://ci.chromium.org/ui/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/21307/overview
Original change's description:
> cppgc: Be more conservative in Seeper::FinishIfOutOfWork
>
> Finalizing sweeping can be beneficial to truly end a GC cylce. We
> should only finalize in `FinishIfOutOfWork()` though if that would not
> introduce any jank. Limit the amount of executing finalizers in that
> scenario.
>
> Bug: v8:13294
> Change-Id: I0237f6b6017d444c457923d83e85147c58586445
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902222
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83279}
Bug: v8:13294
Change-Id: Ic3cf7e105a076ef41b35a075d8f35918bc412588
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902582
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83295}
... and report an error if the profile file can't be opened for writing.
Also, overwrite the profile file instead of appending if the file
exists.
Bug: v8:10470
Change-Id: I0da0ee8d901a0c477b7f71ba23436243f93bd0ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902521
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83294}
Lazy deopts are always after calls, so force them to spill their inputs.
This would normally be the case anyway, except for deferred calls, which
don't tell the register allocator to spill like normal calls do.
This makes lazy deopt regalloc always spill its inputs and use their
spill slot, but unlike calls, this doesn't additionally clear the
register, so subsequent nodes can continue using the register cached
value without having to reload it.
As drive-bys, fix the Throw* opcodes to have the Throw property, and use
detail::DeepForEachInput in a couple of extra locations (including for
lazy deopts).
Bug: v8:7700
Change-Id: I89b04f17ca781d4f69ff0ed07566fa583aa677e6
Fixed: chromium:1364074
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899009
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83293}
1) Inlining functions that contain stringref operations require builtin
calls to be marked as kNoThrow appropriately (or have exception
handling support in the graph).
2) Some overly-large inputs for string creation hit DCHECKs before
getting to the places where they would have thrown an orderly
exception.
3) We still had a known issue that some exceptions thrown by JS-focused
code were erroneously catchable by Wasm.
4) When string.concat attempted to create a too-long string, it ran into
a DCHECK because we didn't clear the "thread in wasm" flag.
5) The builtin call for string.concat was erroneously marked as
kEliminatable, which could cause the trap get eliminated.
Bug: v8:12868
Change-Id: Iad3ada0e2465bfd8f3d00bb064c32049d6b19d87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902522
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#83292}
Add a conversion to int32 index for Numbers and Strings containing
indices, and change the element bounds check / lookup nodes to take an
int32 rather than a Smi. While we're at it, also turn the index node
into an int32 index different depending on its known representation.
Bug: v8:7700, v8:13287
Change-Id: Ie98502d58f789873d42f8801499e78bf777db70f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900012
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83291}
