At certain points in time we learn that we have to drop certain errors in the
ExpressionScope. If an AccumulationScope appears between where we learn about
the error and where we drop the error, we previously stopped accumulating,
assuming that we're already going to fail anyway. Since we might drop the
earlier error later; we can't early on this. Instead the accumulator should
simply keep on accumulating, keeping the earlier error alive across
accumulation.
Bug: chromium:1015567
Change-Id: I4d70643d02233fe82582b568a0a946eacf883880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869198
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64384}
This reverts commit 83f8464ffc.
Reason for revert: speculative revert for blink linux failure
https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/1272
Original change's description:
> [builtins] Move non-JS linkage builtins code objects into RO_SPACE
>
> Creates an allow-list of builtins that can still go in code_space
> including all TFJ builtins and a small manual list that should be pared
> down in the future.
>
> For builtins that go in RO_SPACE a Code object is created that contains
> no code at all (shrinking its size from 96 bytes to 64 bytes on x64),
> but is there to allow the runtime to continue to work since it expects
> a Code object.
>
> This reduces code_space from ~152k to ~40k (-112k) and increases
> read_only_space from 33k to 108k (+75k) in the snapshot.
>
> Bug: v8:7464, v8:9821, v8:9338, v8:8127
> Change-Id: Icc8bfc722bb267a2bcc17e2f1e27bef7f02f2376
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795358
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64377}
TBR=mstarzinger@chromium.org,jgruber@chromium.org,delphick@chromium.org
Change-Id: I4cf38e9370280acdd2de718ca527776ebc509003
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464, v8:9821, v8:9338, v8:8127
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868621
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64383}
Combines several individual pushes/pops into a single call to Push in
GenerateTailCallToReturnedCode. This saves a single instruction since
pushes in descending register order can be be merged into a single
instruction. The pop merge doesn't save anything but is done for
consistency.
Bug: v8:9771
Change-Id: I67084985ef5b7b2ed2fc73faedbb0bd9c50e6df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868612
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64382}
This is a reland of c07c02e1c4
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=verwaest@chromium.org,jgruber@chromium.org,ulan@chromium.org,leszeks@chromium.org,petermarshall@chromium.org
Bug: v8:9744
Change-Id: I0749cc2d8f59940c25841736634a70047116d647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1869192
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64380}
We could use StorePropertyInLiteral builtin to handle StaInArrayLiteral
when there is no feedback vector.
Change-Id: I38cae322cc1901582e570f996c6ffd270501245f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862559
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64379}
In inlining heuristics, we used to warn about a missing bytecode array
when the actual reason for not inlining the function might have been a
different one (and was printed earlier already).
Bug: v8:7790
Change-Id: I3a44fd793d9b1edc80cd215a8110aa47eee731d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863934
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64378}
Creates an allow-list of builtins that can still go in code_space
including all TFJ builtins and a small manual list that should be pared
down in the future.
For builtins that go in RO_SPACE a Code object is created that contains
no code at all (shrinking its size from 96 bytes to 64 bytes on x64),
but is there to allow the runtime to continue to work since it expects
a Code object.
This reduces code_space from ~152k to ~40k (-112k) and increases
read_only_space from 33k to 108k (+75k) in the snapshot.
Bug: v8:7464, v8:9821, v8:9338, v8:8127
Change-Id: Icc8bfc722bb267a2bcc17e2f1e27bef7f02f2376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795358
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64377}
mmap behaves differently on Windows. This change adjust how grokdump.py
uses it so that the script will run on Windows.
The disassembly doesn't work due to lack of /usr/bin/objdump - fixing
that is out of scope for this change. The output is still useful even
without the disassembly.
Change-Id: I0db2d09e3ed10f0ca666cbbd438fbd82565906d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866958
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64376}
The CL fixes the following builtins:
%TypedArray%.prototype.filter
Bug: v8:4153
Change-Id: Ifb4a464c91c38c586598359ffcded9cc4e7d8f4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864943
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64375}
This reverts commit ca1259fcac.
Reason for revert: Branch was cut and we don't want the flag flip shipping.
Original change's description:
> [ptr-compr][arm64] Temporarily enable pointer compression on arm64
>
> ... and make sure that the arm64 ptr-compr bots proceed testing V8 without
> pointer compression in order to keep testing the other config.
>
> Bug: v8:7703
> Change-Id: I0017345273d5328d95a338064dd80b44974c1c53
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844780
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64132}
TBR=machenbach@chromium.org,ishell@chromium.org,tmrts@chromium.org,solanes@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7703
Change-Id: I67c244e583893bb1062dbaa610c9c470fbfb9e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868610
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64374}
This reverts commit c07c02e1c4.
Reason for revert: MSAN failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/29251
Original change's description:
> [runtime] Remove extension slots from context objects
>
> Context objects have an extension slot, which contains further
> additional data that depends on the type of the context.
>
> This CL removes the extension slot from contexts that don't need
> them, hence reducing memory.
>
> The following contexts will still have an extension slot: native,
> module, await, block and with contexts. See objects/contexts.h for
> what the slot is used for.
> The following contexts will not have an extension slot anymore (they
> were not used before): script, catch and builtin contexts.
> Eval and function contexts only have the extension slot if they
> contain a sloppy eval.
>
> Bug: v8:9744
> Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
> Commit-Queue: Victor Gomes <victorgomes@google.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@google.com>
> Cr-Commit-Position: refs/heads/master@{#64372}
TBR=ulan@chromium.org,jgruber@chromium.org,petermarshall@chromium.org,leszeks@chromium.org,verwaest@chromium.org,victorgomes@google.com
Change-Id: I98dee04ab4d3ae977053982ec884b738d2f6f623
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868611
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64373}
Context objects have an extension slot, which contains further
additional data that depends on the type of the context.
This CL removes the extension slot from contexts that don't need
them, hence reducing memory.
The following contexts will still have an extension slot: native,
module, await, block and with contexts. See objects/contexts.h for
what the slot is used for.
The following contexts will not have an extension slot anymore (they
were not used before): script, catch and builtin contexts.
Eval and function contexts only have the extension slot if they
contain a sloppy eval.
Bug: v8:9744
Change-Id: I8ca56c22fa02437bbac392ea72174ebfca80e030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863191
Commit-Queue: Victor Gomes <victorgomes@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#64372}
DefineClass uses the ClassBoilerplate to directly construct the
property descriptor array or dictionary for defining the class
constructor and prototype, skipping use of the LookupIterator and the
encapsulated protector update logic. This patch adds manual calls
to UpdateProtector(), which is in particular relevant for the
isConcatSpreadable protector.
Bug: v8:9837
Change-Id: I7b9d8105d41f5f0f826ca2ce35d6bf3d1aeee6e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863644
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64368}
Split up the test so each test runs in a fresh Isolate with pristine
protector state.
Note that testArrayConcatES5 was not split out because it is a duplicate
of mjsunit/array-concat.js, and testConcatRevokedProxy has already been
split out as mjsunit/es6/array-concat-revocable-revoked-proxy-[12].js.
Bug: v8:9837
Change-Id: I8f744b0263c82f1dae61a55032124d9129f8e6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864007
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64366}
In the non-avx case, we are incorrectly using DefineSameAsFirst, which
is wrong, since operand0 is a 32-bit register, but the output should be
a simd register. This error was caught by running the test with flag:
--no-enable-avx, leading to a register allocator verifier failure.
Drive by cleanup to remove duplicate cases for avx and see in i64x2 replace
lane.
Bug: v8:9728
Change-Id: I96490c82e13660fc41e72ac523e5be37b051b624
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866963
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64363}
Port 3cad6bf5d7
Original Commit Message:
This is a reland of c7c47c68f2.
This makes TSAN happy in addition to:
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
R=verwaest@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I48b21f189e782a338eb2508edd57b7b2cf5ce240
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1865607
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64362}
This is a reland of c7c47c68f2.
This makes TSAN happy in addition to:
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: I4d0ab4cbbb23a9ae616407f17ef8f35a0b68ddb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64360}
Change-Id: I1c20a5c756394528af1e9f2bb720393d3045e926
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1865719
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64359}
The DecompressionOptimizer aims to avoid adding the root in AnyTagged
or TaggedPointer loads. For the TaggedSigned case, we already solve it
in instruction selection.
The new phase will run only when pointer compression is enabled. For
the moment, it's also requires FLAG_turbo_decompression_elimination to
be false. This latter flag is only temporary to test out the
implementation.
The phase needs to be run when Machine are present in the graph, i.e
at the very end of the pipeline. Also, since this phase may change
the load's MachineRepresentation from Tagged to Compressed, it's best
to run it as late as possible in order to keep the phases that know
about Compressed MachineRepresentation to a minimum.
As an example, if we Load a Tagged value only to Store it back again
(i.e Load -> Store nodes, with the Load being the Store's value) we
don't need to fully decompress it since the Store will ignore the
top bits.
Bug: v8:7703
Change-Id: I6b4aec203ab8cbb540b2513cabb1e2a5691ce938
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859615
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64358}
The calling conventions on AIX uses function descriptors,
which means that pointers to functions do not point to code,
but instead point to metadata about them. When calling JITed code,
we must assure to use function descriptors instead of raw pointers when
needed. Before this CL 213504b, all CallCFunction on AIX were guaranteed to have
function descriptors. Starting form the CL mentioned above, CallCFunction can also
Jump to a Trampoline which does not have a function descriptor, hence a new
"CallCFunctionWithoutFunctionDescriptor" method is proposed to deal with this issue.
BUG= v8:9766
Change-Id: I9343c31c812f5d4dda8503a5adf024b24dbde072
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825961
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64357}
The current behavior for generating match indices simply stashes a
pointer to the match info and then constructs the indices lazily.
However, it turns out the match info object used to create the result
object is the regexp_last_match_info living on native context, and thus
it can change between the creation of the result object and the generation
of indices. This cl clones the match info which will be safer.
Bug: v8:9548
Change-Id: Ia6f26f88fbc22fd09671bf4c579d39a1510b552d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864585
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64356}
Previously ScrapeNativeContext was written quite defensively which could result
in false positives and crashes.
This CL makes the function always bail out when we're running on non-ia32/x64
since only those 2 properly verify whether the program is setting up a frame.
If we are setting up a frame, the context will be garbage.
This CL also disables profiler tests when TSAN is running since TSAN makes
ScrapeNativeContext unsafe: it considers SIGPROF asynchronous and will run the
handler after the program has already run further than the context that's
passed into the handler.
Bug: v8:9860, v8:9869
Change-Id: I5a08374feba2e0e77ddd59e02dc2d7e9c90c2e04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866469
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64354}
The serializer doesn't correctly propagate environment information
from try blocks into their catch handlers, and this impedes
optimizations that fire when we compile concurrently.
function bar(x) {
try {
boom(); // throws
} catch(_) {
return x.a;
}
}
function foo() { return bar({a: 42}); }
When foo is optimized, we can normally return the constant 42
directly. This CL makes that work for concurrent inlining.
Bug: v8:7790
Change-Id: Id1c5fd06d51ec6fe69ab10fbd65afd6fa7e76820
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863193
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64352}
This CL logs debug information of WASM in Intel VTune Amplifer via
VTune's JIT Profiling API. With this CL, the profiling information
of JITted code and its corresponding C/C++ source code is displayed
optionally. To use this feature, a runtime flag "vtune_prof_annotat
e_wasm" should be passed to the VTune-enabled V8 engine. Currently,
the inline function in C/C++ is not well supported due to the
limitation of source map.
As a drive-by fix, the dynamically allocated event-specific data
of JavaScript (src/third_party/vtune/vtune-jit.cc) is managed with
C++ containers for safety.
Change-Id: Ic27420fcdcd775bc5c7778abf5cff6edf0fb38b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782126
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#64351}
LoadReverseSimd128 and StoreReverseSimd128 are implemented
to support the above instruction selection.
Change-Id: I5dcb30ce68b3478c69668b7589e77a52e77d9388
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846460
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64350}
Change-Id: I50e76ff32aae158dd05ae8d4a4633ab81e5c61d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864946
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64349}
Add FLAG_always_promote_young_mc that always promotes young objects
during a Full GC when enabled. This flag guarantees that the young gen
and the sweeping remembered set are empty after a full GC.
This CL also makes use of the fact that the sweeping remembered set is
empty and only invalidates an object when there were old-to-new slots
recorded on its page.
Bug: chromium:1014943
Change-Id: Idfb13dfbe76bad5ec8b485a60bebc30531aec649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863201
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64348}
The top bar was being scrolled down since the whole viewpane was
scrollable. It will now work in the way the "Dissasembly" tab
works: the content is scrollable, but not the pane.
This change makes Schedule and Sequence consistent within the
other panels.
As a drive-by fix, remove some unused constants.
Bug: v8:7327, v8:9517
Notry: true
Change-Id: I22f8abb6524cb297f43930fc8036b36b7ce59751
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863203
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64347}
This reverts commit 97ed8b277b.
Reason for revert: breaks chromium roll
https://chromium-review.googlesource.com/c/chromium/src/+/1864878
I bisected it down to this CL here:
https://chromium-review.googlesource.com/c/chromium/src/+/1865346/6https://ci.chromium.org/p/chromium/builders/try/linux-rel/219610
Original change's description:
> [regexp] Guarantee an allocated regexp stack
>
> The regexp stack is used during execution of jitted regexp matcher
> code. Previously, the stack was initially not present / nullptr, and
> we had to explicitly check for this condition and bail out in builtin
> code.
>
> This CL changes behavior to guarantee a present stack by adding a
> statically-allocated area that is used whenever no
> dynamically-allocated stack exists.
>
> Change-Id: I52934425ae72cf0e5d13fab2b9d63d37ca76fcf3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852126
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64326}
TBR=jgruber@chromium.org,petermarshall@chromium.org
Change-Id: I085b7aebb513fdededda7631b06ff68e5ae5846e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864945
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64346}
"alternates" should be "alternatives".
Drive-by: Rename "generate_fn" to "GenerateFn".
R=ahaas@chromium.org
Change-Id: I09de4678dddcc4a8949dd9589e4dddd0c1c0661c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866509
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64344}
This catches up with recent changes. None of them should be
relevant for v8. I am doing this mainly because I am going to
refactor the proto generator for go/perfetto-libprotobuf and
seems worth having a recent last-good checkpoint of perfetto
before starting that.
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: Icfeb7bda3e01448f4db579a76b2cf8b61626b997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863202
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Primiano Tucci <primiano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64343}
This introduces 2 new machine operators that are variants of I64x2Splat
and I64x2ReplaceLane that takes two int32 operands instead of one i64
operand.
Bug: v8:9728
Change-Id: I6675f991e6c56821c84d183dacfda96961c1a708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1841242
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64337}
The lookahead did not check whether there is actually a byte left to be
read. So if the i32 comparison was the last byte in the function body,
we would read out of memory.
This CL fixes that by introducing a separate {lookahead} method which
does the proper bounds check and the lookahead.
R=jkummerow@chromium.org
Bug: chromium:1014834, v8:9831
Change-Id: I6499ae3f2c57d38a8fcb587b99ae4a4a6c70e426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864939
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64335}
