Commit Graph

62231 Commits

Author SHA1 Message Date
Leszek Swirski
6fba287c53 Revert "[heap] Refactor Heap::PerformGarbageCollection"
This reverts commit d0dbee4772.

Reason for revert: Breaks MSVC bot (https://cr-buildbucket.appspot.com/build/8880517266974148704)

Original change's description:
> [heap] Refactor Heap::PerformGarbageCollection
> 
> This ensures that PerformGarbageCollection runs completely within a
> LocalHeap safepoint. External prologues and epilogues that may trigger
> GC and run JS are moved outside.
> 
> Bug: v8:10315
> 
> Change-Id: I5c0081f0791ba5d27152c119a2a0d454056656d3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190756
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67736}

TBR=ulan@chromium.org,mlippautz@chromium.org,dinfuehr@chromium.org

Change-Id: I62e62d3f4cd50a3e8f0037902f158baef68cb3b1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195823
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67739}
2020-05-12 10:38:58 +00:00
Georg Neis
5009fb6ba7 [turbofan] Remove dead branch
A prototype map can't be deprecated.

Bug: v8:7790
Change-Id: I26ef4d9648985417212dcf4df0d47568861e9bc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196124
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67738}
2020-05-12 10:18:39 +00:00
Jakob Gruber
6888d68b5f [snapshot] Deoptimize all in --stress-snapshot mode
We don't yet support serialization of optimized code, so whenever the
serializer encounters an 'unexpected' Code object, it aborts.

Snapshot::ClearReconstructableDataForSerialization does not clear
weak links created through compilation dependencies. These links
make Code objects reachable even though recompilable data has been
cleared from JSFunctions/SFIs/JSRegExps.

Forcing a full deopt of the entire isolate is the simple of way of
solving this until serialization support for optimized code has been
implemented.

Bug: v8:10416,v8:10500,v8:10518
Change-Id: Ie1386cc9fa983b435825afa15441df38409bff98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196122
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67737}
2020-05-12 09:59:37 +00:00
Ulan Degenbaev
d0dbee4772 [heap] Refactor Heap::PerformGarbageCollection
This ensures that PerformGarbageCollection runs completely within a
LocalHeap safepoint. External prologues and epilogues that may trigger
GC and run JS are moved outside.

Bug: v8:10315

Change-Id: I5c0081f0791ba5d27152c119a2a0d454056656d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190756
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67736}
2020-05-12 09:23:04 +00:00
Anton Bikineev
3df36990b3 cppgc: Port ObjectStartBitmap
This ports ObjectStartBitmap from Blink.

Bug: chromium:1056170
Change-Id: Ib959d9ac1c5e1e34ffa6418f77956e993c570ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181331
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67735}
2020-05-12 09:14:05 +00:00
Thibaud Michaud
b931af5dd8 [liftoff][mv] Support multi-value returns
R=clemensb@chromium.org,ahaas@chromium.org

Bug: v8:10408
Change-Id: I436416e32d814b08543aa2dffbcf8464ec75923f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190423
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67734}
2020-05-12 09:04:35 +00:00
Jakob Gruber
4d53833f35 [regexp] Unconditionally get named capture in GetSubstitution
Prior to this CL we still implemented a HasProperty-GetProperty
sequence when accessing named captures in GetSubstitution. This was
briefly part of the spec (we also threw an exception when the property
was not present), but since late 2017 the GetProperty call has been
unconditional.

See https://tc39.es/ecma262/#sec-getsubstitution.

Bug: v8:10513
Change-Id: Id82c06958b0b0feffc6eede580b99ab8676a0dae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195821
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67733}
2020-05-12 08:45:05 +00:00
Marja Hölttä
bdda995338 Move helper SFIs from NativeContext to Isolate, part 4
There's no need for them to be in NativeContext.

This CL moves the rest of the Promise-related SFIs.

Bug: v8:10482
Change-Id: I7eb926be14bf44fb3cd01cb96b4769eff1c2911b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190752
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67732}
2020-05-12 08:02:59 +00:00
Georg Neis
fcd917e004 [heap] Add a comment to persistent-handles.h
R=dinfuehr@chromium.org

Bug: v8:10315
Change-Id: I595bc76907c9f0f437d460916aec804b55895376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195822
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67731}
2020-05-12 08:01:55 +00:00
Pan, Tao
b47097d8bb [turbofan] Improve --trace-turbo-inlining
Add inlined bytecode size to candidate print, both bytecode size and
inlined bytecode size decide whether candidate to be inlined.

Change-Id: I6d659bb59819b0e9daad5289f47f329aa3ce9f7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191631
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67730}
2020-05-12 07:39:54 +00:00
Ulan Degenbaev
cf83949e47 [heap] Add a flag for measuring the impact of stack scanning in Scavenge
Change-Id: I3d5d856d86deb283173c7b6f0f302e3c4e4b67fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190755
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67729}
2020-05-12 07:24:14 +00:00
Dominik Inführ
302bfa21a6 Initialize bit field in map using relaxed store
Map::bit_field needs to be set with relaxed store. The concurrent marker
accesses the has_prototype_slot bit in Map::bit_field to calculate
header size.

Bug: v8:10315
Change-Id: Ie7ebb9316b8c703adfddf10df25949b872ce0c8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194012
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67728}
2020-05-12 07:19:34 +00:00
Ulan Degenbaev
e43dfd7f02 [perfetto,heap] Fix the order of GC trace event categories
This changes "v8[.gc],devtools.timeline" to "devtools.timeline,v8[.gc"
in some of the GC trace events because perfetto requires all categories
to be predefined.

Change-Id: I0e9a91c826f4e620f4946a1a96713aa2b45da26f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193591
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67727}
2020-05-12 06:45:54 +00:00
Milad Farazmand
4e1bf2bc92 Skip InterpreterWithNativeStack on jitless mode
As discussed under https://crrev.com/c/1981505,
Test requires an executable CODE_SPACE and is thus incompatible with
jitless mode.

Change-Id: Icddad50a3484f0cfc5fb4abd7175058d50bc06d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193911
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67726}
2020-05-12 05:27:34 +00:00
v8-ci-autoroll-builder
f3a0838e7f Update V8 DEPS.
Rolling v8/build: 10edae4..1b904cc

Rolling v8/third_party/aemu-linux-x64: fPXztkM0sEne8uTSiAXBgjYK_46aVSqohP1kVE4u-u8C..5LzaFiFYMxwWXcgus5JjF74yr90M5oz9IMo29pTdoLgC

Rolling v8/third_party/android_platform: 2244b5e..716366f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4ca83c7..e9a8d37

Rolling v8/third_party/depot_tools: aaf5669..454f4ba

Rolling v8/third_party/googletest/src: e3f0319..a09ea70

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ic8d837b9b9d623b938e085045f35a0c558bb9794
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195125
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#67725}
2020-05-12 03:48:54 +00:00
Shu-yu Guo
df8b8117a9 Add use counter for var redeclarations of catch bindings
Bug: v8:10516
Change-Id: I0a75b32ca4b90dc5a6c2f2f3ec66b183dc3ff99e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191411
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67724}
2020-05-11 22:50:24 +00:00
Ng Zhi An
9d825428b1 [clang-tidy] Make deleted constructor public
Making them private was a way to hide the constructor, we can
explicitly delete them, which give a better compilation error message as
well.

Also see: https://stackoverflow.com/q/55205874

Bug: v8:10488
Change-Id: Ic08acf0f9eb16bd2e90c3a707036befe7c9d193c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191866
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67723}
2020-05-11 21:22:24 +00:00
Ng Zhi An
add6623179 [clang-tidy] Use explicit default and override.
See
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-equals-default.html
and
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-override.html.

Also see
https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: Id377cab4db7ff211e800b2078ab91c3deb9a1b21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191350
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67722}
2020-05-11 19:38:53 +00:00
Ng Zhi An
5d1392b66b [wasm-simd][ia32] Implement f32x4 f64x2 pmin pmax
Same implementation as the one for x64 in https://crrev.com/c/2186630.

Bug: v8:10501
Change-Id: If2b6c0fdc649afba3449d9579452cf7047a55a54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188556
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67721}
2020-05-11 18:16:39 +00:00
Shu-yu Guo
131fa2c911 Revert "[wasm][debug] Fix tier down for multiple isolates"
This reverts commit 902f48bdda.

Reason for revert: Made TSAN unhappy: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/9480

Original change's description:
> [wasm][debug] Fix tier down for multiple isolates
> 
> If multiple isolates are using the same module, we need to keep it
> tiered down as long as any isolate still has a debugger open.
> Also, we cannot short-cut the {NativeModule::TierDown} method, since the
> previously triggered tier down might not have finished yet.
> For now, each isolate starts an independent tier down (i.e. a full
> recompilation). We could optimize this later by skipping functions that
> are already tiered down, or are already scheduled for tier down, but we
> still need to wait for tier-down to finish on each isolate.
> 
> R=​thibaudm@chromium.org
> 
> Bug: v8:10359
> Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67716}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: Ibf650e8b6143471b44f2822c1737e7de5f8bdb20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194372
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67720}
2020-05-11 17:31:51 +00:00
Seth Brenith
e769398540 [torque][cleanup] Simplify some Torque-defined classes
This CL is pretty mechanical; I just iterated through some Torque
classes making the following changes:

- Use @generateCppClass if it seems easy to
- Use @generatePrint if the existing printer doesn't do anything special
- Fix up any imprecise field types

It also includes two minor changes to implementation-visitor:

- Add a new -inl.h file with the things needed for
  torque-generated/class-definitions-tq.cc so we don't need to keep
  changing the compiler when we add @generateCppClass.
- Avoid emitting incorrect accessors for ExternalPointers. This isn't
  strictly necessary for correctness, as the accessors defined in C++
  already hide the ones inherited from generated code, but it makes me
  feel safer.

Change-Id: I4d5a8ba6f86ebff57a0d147619212a3993b087c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185824
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#67719}
2020-05-11 17:18:59 +00:00
Ng Zhi An
2d2b45cdfc [clang-tidy] Add override to overridden member functions
See
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-override.html
for more on this warning.

Bug: v8:10488
Change-Id: Ifa9443609fa30fa2d8f9fb9ed00ce9353fa9aa49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2189910
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67718}
2020-05-11 16:59:39 +00:00
Igor Sheludko
ae6c58c26d [ic] Fix stores to holey elements
... when the element is read-only in one of the prototypes:
* the length should not be updated,
* in strict mode the store operation should throw TypeError.

Bug: chromium:1055138
Change-Id: I7fc08e22c83f8a9848053cfe20851dc1b82f0e3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172090
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67717}
2020-05-11 16:42:19 +00:00
Clemens Backes
902f48bdda [wasm][debug] Fix tier down for multiple isolates
If multiple isolates are using the same module, we need to keep it
tiered down as long as any isolate still has a debugger open.
Also, we cannot short-cut the {NativeModule::TierDown} method, since the
previously triggered tier down might not have finished yet.
For now, each isolate starts an independent tier down (i.e. a full
recompilation). We could optimize this later by skipping functions that
are already tiered down, or are already scheduled for tier down, but we
still need to wait for tier-down to finish on each isolate.

R=thibaudm@chromium.org

Bug: v8:10359
Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67716}
2020-05-11 16:30:48 +00:00
Santiago Aboy Solanes
c36e959137 [compiler] Push up code to revisit uses in in-place replacements
If a node is reduced in-place (i.e not replaced by another node) we
check its inputs, and if we Recurse on at least one input we return
early. If this happens, we weren't revisiting its uses.

This CL changes this since we could have been missing revisiting of some
uses.

Change-Id: I7683a0747cec38484a047c6032980b5676b2d886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174505
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67715}
2020-05-11 16:02:09 +00:00
Jakob Kummerow
ccb7b42697 [wasm-gc] Implement array.get/array.set
With bounds checks, null checks, and a test case.

Bug: v8:7748
Change-Id: I9e7d68ecd883bd0279f22d11c1dc73cc8716a4cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192659
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67714}
2020-05-11 15:57:43 +00:00
Michael Lippautz
d65ea662c5 cppgc: Allocation cleanups
Bug: chromium:1056170
Change-Id: I99d073e268f5779f0985d6197432c50036060b60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192663
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67713}
2020-05-11 15:50:28 +00:00
Manos Koukoutos
6a6c151dda [wasm-gc] Implement br_on_null
Add br_on_null opcode, encoding, decoding, and elementary tests.

Bug: v8:7748
Change-Id: Id771ea7f57694e1c1bffc83c4232132bf9ad9dbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190424
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67712}
2020-05-11 15:49:23 +00:00
Santiago Aboy Solanes
1a6fe2a745 [compiler][heap] Update IsInConstantPool for Arm64
It will now return true for 32-bit constants as well.

When enabling this, two errors popped up: one in dissassembler where
we might have null hosts, and one in remembered set where we should be
compressing the address before storing.

As a drive-by: make ppc use full objects until their pointer compression
implementation is fully done.

Bug: v8:7703
Change-Id: I70f05f952d4e1305fe1fe030755f01f74ea5e5dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187622
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67711}
2020-05-11 14:28:29 +00:00
Dominik Inführ
d0b5b7d194 Initialize bitfield in Map with relaxed store
Need to use relaxed store for initializing bit_field. The concurrent marker accesses the has_prototype_slot bit in Map::bit_field to calculate header size.

Bug: v8:10315
Change-Id: I1eebd4a6f42b9263de7e424957b32884f7b910ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193712
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67710}
2020-05-11 13:17:31 +00:00
Toon Verwaest
7e05ebe2a4 [runtime] Return undefined as CallSite::getFunction for scripts
Scripts aren't callable functions. Even though internally they were for a
while, they aren't anymore. We shouldn't return them to users as if they were.
We already remove strict-mode functions from CallSites, so we now do the same
for internal functions that are created for scripts.

Bug: v8:10508
Change-Id: I270c714524439fba9ad90dd29826bed4811ba2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193716
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67709}
2020-05-11 13:06:11 +00:00
Clemens Backes
149843723d [wasm][debug] Make recompilation isolate-independent
Passing an isolate to {RecompileNativeModule} feels wrong, since
compilation and the generated code are totally isolate-independent. In
fact, the isolate is only used for updating counters.
Instead of passing the counters instead, this CL just refactors the code
to support a nullptr for the counters everywhere (some code paths
already supported that). The few recompilation would not make a
significant difference in the histograms anyway, and even have the risk
of skewing the data.

Drive-by 1: Rename {TierUp} to {StartTierUp} and update comments.
Drive-by 2: Remove non-actionable TODO.

R=thibaudm@chromium.org

Bug: v8:10359
Change-Id: Ic027f939bbc55398b90784922130fe1fe5573b0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187638
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67708}
2020-05-11 12:12:11 +00:00
Dominik Inführ
ace32e55ea [objects] Add WeakCell::relaxed_target method
Loads target but with relaxed load. Concurrent marking needs to load
field with relaxed load, since the main thread could change this field when unregistering.

Change-Id: I809b1d4db1dd58c92bdb998601c2f709073104af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192661
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67707}
2020-05-11 11:52:16 +00:00
Sami Kyostila
0056effb20 tracing: Enable using Perfetto client library from Chromium
We are currently porting Chromium over to use the Perfetto client
library for tracing[1]. When this mode is enabled, V8 should also use
the Perfetto library built by Chromium instead of building an
indepedendent copy. This patch enables that behavior, gated by the
|use_perfetto_client_library| flag set by Chromium.

We also roll Perfetto to the latest version, add a couple of missing
dependencies on v8_tracing and add a missing tracing category group.

[1] https://docs.google.com/document/d/1f7tt4cb-JcA5bQFR1oXk60ncJPpkL02_Hi_Bc6MfTQk/

(Internal) Bug: 155075662

Change-Id: I76d9626b1c83cb7a278dc3281b3a1db653ab8733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182637
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67706}
2020-05-11 11:17:57 +00:00
Manos Koukoutos
0a69768a4e [wasm-gc] Implement ref.as_non_null, optimize struct instructions.
Implement the instruction ref.as_non_null, as per the wasm gc extension.

Changes:
- Add the respective wasm opcode, move some asmjs opcodes around.
- Add a new type of wasm trap, IllegalCast.
- Modify wasm decoding and compilation pipeline.
- Add a minimal test.
- In wasm-compiler, generalize Unreachable to Trap.
- Optimize struct.get and struct.set for non-null types.

Bug: v8:7748
Change-Id: If2f794306c7cbfabc06e4f64988132346085d6dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187616
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67705}
2020-05-11 11:09:47 +00:00
Ulan Degenbaev
c74010bf47 [heap] Refactor root iteration
This replaces VisitMode with a set of option flags that allow skipping
specific roots like unserializable, weak, global handles, etc.
The advantage is that it is no longer coupled with the callers and does
not know about different types of GCs and their phases.

The CL is pure refactoring without behavior changes except for the
heap verification where more roots are verified that before.

Change-Id: I350b2ed14826e0efb75770111c6b28bb8d4d9845
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190420
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67704}
2020-05-11 11:02:07 +00:00
Jakob Gruber
5d827f508e [ic] Port CollectCallableFeedback to Torque
Collecting feedback for {Call,InstanceOf,Construct} is similar
but distressingly different. In preparation for adding a
CollectConstructFeedback helper, this CL ports {Call,InstanceOf}
feedback collection to Torque.

Bug: v8:8888
Change-Id: Iaacc137ef46a77a4fe2857ec41c5cc30614dfdf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187497
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67703}
2020-05-11 10:27:17 +00:00
Andreas Haas
a76f2cb741 [wasm][liftoff][arm] Fix register allocation in I64AtomicCompareExchange
In the existing code we used a register of the UseScratchRegisterScope
for the destination address. However, this register is needed for the
ParallelRegisterMove as well. With this CL we use fixed registers for
the destination address and the offset as well. The CL also changes the
implementation of CalculateActualAddress to allow to set an explicit
register for the result.

R=clemensb@chromium.org

Bug: v8:10108, chromium:1079449
Change-Id: I39c11b9ffa5f3e937ce4820b9991482ad711b4b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192652
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67702}
2020-05-11 10:16:46 +00:00
Michael Lippautz
7065b18682 cppgc: Fix iOS arm64 compile
Use same mangling as for x64 MacOS.

Bug: v8:10517
Change-Id: I26d7c4ab950d86e9010e76a0a6d71ea266639d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192653
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67701}
2020-05-11 10:01:00 +00:00
Michael Lippautz
95c860b335 cppgc: Polish custom spaces
Bug: chromium:1056170
Change-Id: I778dc23c82e8cfda34559e5e2e7515a73010a9d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192656
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67700}
2020-05-11 09:59:55 +00:00
Dominik Inführ
125d363004 Revert "[heap] Remove sweeping state in incremental marking"
This reverts commit 7f29c48ef6.

Reason for revert: Causing TSAN failures on test bots.

Original change's description:
> [heap] Remove sweeping state in incremental marking
> 
> Remove the SWEEPING state from incremental marking. Sweeping is now
> always completed when starting incremental marking. Before this change
> there needed to be a safepoint each for starting marking and completing
> sweeping. Now both happens within a single safepoint.
> 
> Bug: v8:10315
> Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67678}

TBR=ulan@chromium.org,dinfuehr@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:10315
Change-Id: I5e76990155cf7aeee3ecefe5e37f9028cb188a00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192658
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67699}
2020-05-11 09:36:32 +00:00
Clemens Backes
383d145351 [wasm][debug] Rename WasmCompiledFrame to WasmFrame
Also, rename the WASM_COMPILED frame type to just WASM.

R=jkummerow@chromium.org

Bug: v8:10389
Change-Id: I71f16f41a69f8b0295ba34bd7d7fad71729546f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67698}
2020-05-11 09:15:53 +00:00
Camillo Bruni
5fa30652ef [harmony] Stage --harmony-top-level-await
The V8-side of top-level await is complete.
Staging this feature to get fuzzing coverage.

Bug: chrome:1022182, v8:9344
Change-Id: I1b88d0450aa148b84c62659628d492ffc3074d0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185132
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67697}
2020-05-11 09:11:03 +00:00
Leszek Swirski
d4abe22e40 Revert "[snapshot] rehash JSMap and JSSet during deserialization"
This reverts commit 8374feed55.

Reason for revert: Breaking mjsunit/global-hash under the stress_snapshot variant, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20fyi/12560

Original change's description:
> [snapshot] rehash JSMap and JSSet during deserialization
> 
> To rehash JSMap and JSSet, we simply replace the backing store
> with a new one created with the new hash.
> 
> Bug: v8:9187
> Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67663}

TBR=cbruni@chromium.org,jgruber@chromium.org,verwaest@chromium.org,joyee@igalia.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:9187
Change-Id: I4a89768c031cd3971eefd9f88528ddd52e1284c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192657
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67696}
2020-05-11 09:06:43 +00:00
v8-ci-autoroll-builder
9470091b84 Update V8 DEPS.
Rolling v8/build: fed20a4..10edae4

Rolling v8/third_party/depot_tools: 8b35029..aaf5669

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Iebc6e8cb6649034ed4971b04a5c3b077982849c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191660
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#67695}
2020-05-10 03:47:01 +00:00
v8-ci-autoroll-builder
c9308ebf5b Update V8 DEPS.
Rolling v8/build: 2ec959d..fed20a4

Rolling v8/third_party/aemu-linux-x64: MeLYn-hjraOzvUMXrfer2KnMsBnC4w6qg8ctTIpuFcgC..fPXztkM0sEne8uTSiAXBgjYK_46aVSqohP1kVE4u-u8C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/06f14d9..4ca83c7

Rolling v8/third_party/depot_tools: 9a73531..8b35029

Rolling v8/third_party/zlib: 21c6af6..90fc47e

Rolling v8/tools/clang: 54f2e0d..de3e206

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I52e366c6899c4c6231242f7682dbdd4b24a01d36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191039
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#67694}
2020-05-09 03:50:00 +00:00
Bill Budge
f2d604aa2c [wasm] Torqueify WasmGetOwnProperty.
- Reworks it to use a builtin to GetProperty, after making sure it's
  an "own" property. This reduces the size of the builtin by 2/3 (from
  1476 to 596 bytes on x64).

Change-Id: I41c1642369f73e5322790f3091b8cea9a650a529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181642
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67693}
2020-05-09 00:24:40 +00:00
Ng Zhi An
db9d56f145 [wasm-simd][fuzzer] Add some conversion ops and swizzle
Bug: v8:10180
Change-Id: I830491f9141aba4b9b3165e08620723b5aaefa3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185480
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67692}
2020-05-08 21:50:40 +00:00
Tobias Tebbi
daa6da4e23 [torque] put exported classes into a separate header
Bug: v8:7793
TBR: danno@chromium.org
Change-Id: If6b1229af2b282bd24bf222b2a06a45cc640c557
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190750
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67691}
2020-05-08 21:28:00 +00:00
Deepti Gandluri
9c546d8fe0 [wasm-simd] Add use counter for SIMD opcodes
This CL adds use counters, as well as the callbacks needed to
register usage during the SIMD origin trial.

Change-Id: I35b7f48277b519b72136f86cf03508adbaa069b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2189334
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67690}
2020-05-08 19:14:00 +00:00