Commit Graph

62193 Commits

Author SHA1 Message Date
Marja Hölttä
ef2f167514 [Promise.any] Fix crash if "then" is not callble
Bug: chromium:1078825
Change-Id: I0cfa7dcef0efef8a066ee0e9a85d8d0f27343b1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187495
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67651}
2020-05-07 15:09:08 +00:00
Jakob Gruber
475c5faad1 [nci] Add NCI build- and runtime flags
In upcoming work these flags will be used to configure the
experimental native context independent code feature.

Build-time flags:

v8_enable_nci_code

Defines:

V8_ENABLE_NCI_CODE

Runtime flags:

--turbo-nci
--turbo-nci-as-highest_tier
--print-nci-code
--trace-turbo-nci

Drive-by: Remove unused embedded builtins and jitless defines.

Bug: v8:8888
Change-Id: I4466b440634a787bd84b052fe2466b22540216a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184295
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67650}
2020-05-07 13:00:17 +00:00
Jakob Gruber
ec01074831 [snapshot] Use adler32 to create the embedded blob checksum
The snapshot's Checksum function internally uses adler32, which
appears to be significantly faster than base::hash_range and almost as
fast as doing nothing at all.

Test times, measured with

$ time tools/run-tests.py --outdir out/release-with-dchecks/
--exit-after-n-failures=1 --quickcheck

base::hash_range: 1m35s
adler32: 1m15s
nop: 1m13s

Bug: chromium:1047818
Change-Id: I8def62f6276a3d06d06911abf5368f59331245ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187492
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67649}
2020-05-07 12:58:58 +00:00
Jakob Kummerow
13968f9e76 [wasm-gc] Fix garbage collection for structs
When the garbage collector needs to get a struct's type information,
it must be prepared to deal with forwarding pointers, as those will
only get cleaned up at the end of the GC cycle.

Bug: v8:7748
Change-Id: Ifdfdffcef27d1dbe07c86a3abd17711f46c1b900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187732
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67648}
2020-05-07 12:47:47 +00:00
Nico Hartmann
b40a6fd46e [turbofan] Fix abstract equality with undetectable
The code generated by TurboFan was incorrect when comparing to
non-oddball undetectables using abstract equality. In particular,
%GetUndetectable() == %GetUndetectable() did not return false.

Bug: chromium:1051008
Change-Id: Ib62adc72a20aa6cca9ef6499d5fe7429f04623cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187498
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67647}
2020-05-07 12:30:57 +00:00
Georg Neis
50ebabaf0b [turbofan] Weaken a DCHECK for coarse-grained unittest
R=nicohartmann@chromium.org

Change-Id: I55ef4e0713e0aa583ea01f1a86fee9cf0ef2c17a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184296
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67646}
2020-05-07 12:20:18 +00:00
Nico Hartmann
6204768bab [turbofan] Improve equality on NumberOrOddball
This CL cleans up CompareOperationFeedback by replacing it with a
composable set of flags. The interpreter is changed to collect
more specific feedback for abstract equality, especially if oddballs
are involved.

TurboFan is changed to construct SpeculativeNumberEqual operator
instead of the generic JSEqual in many more cases. This change has
shown a local speedup of a factor of 3-10, because the specific
operator is way faster than calling into the generic builtin, but
it also enables additional optimizations, further improving
runtime performance.

Bug: v8:5660
Change-Id: I856752caa707e9a4f742c6e7a9c75552fb431d28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162854
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67645}
2020-05-07 11:58:09 +00:00
Thibaud Michaud
ac33b53374 [liftoff][mv] Support multi-value calls
R=clemensb@chromium.org,ahaas@chromium.org

Bug: v8:10408
Change-Id: Id4f5136e36ab41a18a240e31c7a43bf634be2e44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179384
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67644}
2020-05-07 11:32:49 +00:00
Nico Hartmann
dc1af6a219 Revert "cppgc: Initial marking loop"
This reverts commit fb9a19fe0d.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/11028

Original change's description:
> cppgc: Initial marking loop
> 
> This CL introduces:
> - Worklist
> - MarkingHandler to manage gc marking phase
> - Integration into CollectGarbage for atomic pause GC
> - MarkingVisitor for main thread marking
> 
> Still missing from this CL:
> - Proper handling for stack scanning
> - Handling of previously not fully constructed objects
> 
> Bug: chromium:1056170
> Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67642}

TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org

Change-Id: I666481f44119771be685bf2555aa0dd5eda83a01
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187502
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67643}
2020-05-07 11:26:41 +00:00
Omer Katz
fb9a19fe0d cppgc: Initial marking loop
This CL introduces:
- Worklist
- MarkingHandler to manage gc marking phase
- Integration into CollectGarbage for atomic pause GC
- MarkingVisitor for main thread marking

Still missing from this CL:
- Proper handling for stack scanning
- Handling of previously not fully constructed objects

Bug: chromium:1056170
Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67642}
2020-05-07 10:54:49 +00:00
Mike Stanton
ee0c1b0e4d [TurboFan] investigate a crash in GenerateDeoptimizationData
We know the array CodeGenerator::deoptimization_literals_ is corrupted
somehow. Additional checks in place to validate.

Bug: chromium:1027130
Change-Id: Ie0146003f096d24e67aeb382372bca8472548c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182636
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67641}
2020-05-07 08:40:29 +00:00
Ng Zhi An
d64bcab369 [clang-tidy] Add override and remove virtual
See
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-override.html
for more on this warning.

Bug: v8:10488
Change-Id: I6805441fa24c80776cf94d18ff389c4c67bb5abd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2186635
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67640}
2020-05-07 08:28:24 +00:00
Clemens Backes
3c51da6cec [wasm][debug] Clear breakpoints when debugger is disabled
Currently WebAssembly breakpoint information survive disabling and
re-enabling the debugger. This is different from JavaScript, where
they are all removed. The frontend is expected to re-set the
breakpoint then.

Thus this CL remembers all wasm scripts where breakpoints have been set
in the Debug object, and clears them all when the debugger gets
disabled.

R=bmeurer@chromium.org

Bug: v8:10403
Change-Id: I5f8a8f3123727c954921920897ee7bf3b73f0ae8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184969
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67639}
2020-05-07 08:27:19 +00:00
Simon Zünd
a40e093856 Move to slow-path in Array#sort if the array is no longer a FastJSArray
After sorting the work array but before writing the values back into
the actual receiver, we have an accessor check. This accessor check
needs to be stricter, in order to catch Array prototype protector
cell invalidations.

R=jgruber@chromium.org

Bug: chromium:1077508
Change-Id: I3c3bd4711f9019f9d4423701724319eee9d800a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187171
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67638}
2020-05-07 08:08:39 +00:00
Stefano Sanfilippo
74bd2cf083 Rollforward [compiler,api] Pass non-strings to the modifying callback when unconditional codegen is on.
Original change reviewed in https://chromium-review.googlesource.com/c/v8/v8/+/1917147.

Added an expect fail/pass for the tests that caused a revert in https://chromium-review.googlesource.com/c/chromium/src/+/2184229.

This reverts commit dd1b1de11f.

Bug: chromium:1024786
Change-Id: I7db6faa4c17c232a0fafd389fc4a26e8116852c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183910
Auto-Submit: Stefano Sanfilippo <ssanfilippo@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67637}
2020-05-07 07:42:59 +00:00
Marja Hölttä
8bb8a28549 Move helper SFIs from NativeContext to Isolate, part 2
There's no need for them to be in NativeContext.

This CL moves the minimal subset of SFIs related to async iterators.

Bug: v8:10482
Change-Id: I80a34a886387398e6565afe77ab99f389d2ccabd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184233
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67636}
2020-05-07 07:05:19 +00:00
Anton Bikineev
d06f9f0932 cppgc: Return wasted freelist entries creation
Returned LABs can be of size less than sizeof(FreeListEntry).

Bug: chromium:1056170
Change-Id: Ib4094701472ce7cb5ee20b9fe632651570832dc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183051
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67635}
2020-05-07 05:37:19 +00:00
Yang Guo
ef12c74b7f [inspector] fix sourceURL magic comment parsing
R=szuend@chromium.org

Fixed: chromium:1078205
Change-Id: I16f8e19a249692fd16fd53a9a56a8f4cfed8b5c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185134
Auto-Submit: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67634}
2020-05-07 05:04:49 +00:00
v8-ci-autoroll-builder
c3566e9edd Update V8 DEPS.
Rolling v8/build: 3c7540e..4b54ad3

Rolling v8/third_party/aemu-linux-x64: J3cO22hWB2vC_byojuODbkHgkNGvxvrCAEPaKGOx3GwC..u-v5JkP8oS3BCzku9SpOrrUqZvzXDXE3MqO_M0oKrX4C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c5ffb21..ce41a35

Rolling v8/third_party/depot_tools: 4de5413..f7df9c4

Rolling v8/tools/clang: 116e3ee..54f2e0d

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ia694918582c7894c5d0c762c88e59f83751ed4ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187049
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#67633}
2020-05-07 03:58:49 +00:00
Michael Lippautz
7b70fdfb85 cppgc: Avoid recursive GC during sweeping
Destructors are allowed to allocate without triggering recursive
garbage collections.

This changes NoGCScope to provide a soft-bailout for garbage
collections to avoid introducing yet another scope.

Bug: chromium:1056170
Change-Id: I0fe51a21977ae954221b6b64b2f6e938ff6d3264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185131
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67632}
2020-05-06 23:25:01 +00:00
Michael Lippautz
f67e8ab213 cppgc: Add public garbage collection call
Adds a public method that embedders can use to trigger garbage
collections. Such garbage collections are always required to have a
source and reason specifying which components calls it why.

Change-Id: I6ae983f99227febc1b7f0dd15c191d5b1eaaf3f3
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181332
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67631}
2020-05-06 21:58:11 +00:00
Gus Caplan
767e65f945 [API] Fix microtask message reporting
RunSingleMicrotask calls Runtime::ReportMessage, but the implementation
of ReportMessage would unconditionally discard these exceptions. This
CL removes all of the intermediate logic and directly calls
MessageHandler::ReportMessage, restoring the ability of
RunSingleMicrotask to report exceptions that occur in microtasks.

Bug: v8:8326
Change-Id: I493de74383b2ab191d786611fb9eba9d27e7a243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162121
Commit-Queue: Gus Caplan <me@gus.host>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67630}
2020-05-06 20:26:42 +00:00
Junliang Yan
e87972b162 [ptr-compr][ppc] Implement pointer compression
Bug: v8:7703
Change-Id: If2d5c2da1d653247f49e5dfb2e50850b97119b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170798
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67629}
2020-05-06 19:06:32 +00:00
Ross McIlroy
f19c759baf [Tests] Add mjsunit test for issue 1076569.
BUG=chromium:1076569

Change-Id: I178e12e20f48dc4216c3f108352425e0aa91047f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185130
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67628}
2020-05-06 18:34:28 +00:00
Milad Farazmand
98c242cefb PPC: [wasm-simd] Implement simd FP Splat
This CL introduces VOR and VSRO opcodes which get used
for implementing F64x2Splat, I64x2Splat and F32x4Splat.

Change-Id: I64b4cd340fbe9ecf6a789a91e3219b6ad83ce3f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184830
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67627}
2020-05-06 18:20:07 +00:00
Ng Zhi An
a851275912 [clang-tidy] Use explicit default for constructor
See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: I3d2503b46172bc2fa310b24f04e944ff211ebf51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182310
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67626}
2020-05-06 18:15:17 +00:00
Clemens Backes
29e1b2810c [wasm] Fix compile time regressions in SIMD tests
Avoid templates, just encode all wasm opcodes as 2-byte LEB instead.

R=zhin@chromium.org

Bug: v8:10258
Change-Id: I3bfd5235b235a5d9366e0007e915a2c02a09b0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182638
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67625}
2020-05-06 17:22:47 +00:00
Ng Zhi An
7215211e37 [wasm-simd][fuzzer] Add some i64x2 ops to fuzzer
Bug: v8:10180
Change-Id: Ia7bb052d8f259939f17c7261a5ae3f2475bcf255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173945
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67624}
2020-05-06 17:02:37 +00:00
Ng Zhi An
d6e94b0352 [wasm-simd] Fix decoding memarg in interpreter
The location of the immediates depend on the opcode length if a
s128.load/store was encoded using multiple bytes.

Bug: v8:10258
Change-Id: I09de8a37d442c0711de96ba4bb1746ae6732d83e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182960
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67623}
2020-05-06 16:58:17 +00:00
Ng Zhi An
edb121ea1e [clang-tidy] Use explicit default for constructor
See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: Ief62795bbce5f1e531c3f9c245e3c0294d698cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183272
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67622}
2020-05-06 16:57:12 +00:00
Bill Budge
55752da95a [wasm] Torqueify more Wasm builtins
- Rewrites the following builtins in Torque:
  WasmThrow
  WasmRethrow
  WasmStackGuard
  WasmStackOverflow
  WasmTraceMemory
  WasmAllocateJSArray
  ThrowWasmTrap* builtins

- Changes return type of LoadContext* functions to NativeContext,
  so we can more easily construct JS objects.

Change-Id: Id034358f9f15e0acc58fd1f493b15d1cfd177a23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174830
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67621}
2020-05-06 16:56:08 +00:00
Leszek Swirski
afcd58b23e Reland "[offthread] Serialize new-space objects into old space"
This is a reland of 8c8e6b4117

Timeouts seem unrelated.

Original change's description:
> [offthread] Serialize new-space objects into old space
>
> If an object made it into serialization, it probably deserves to be in
> old space when it is deserialized. This will also make off-thread
> deserialization simpler, as there is no off-thread new space.
>
> Bug: chromium:1075999
> Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67606}

TBR=jgruber@chromium.org,ulan@chromium.org

Bug: chromium:1075999
Change-Id: Iac4e4eebeca1c343250269cdaad17e23645e9e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184970
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67620}
2020-05-06 16:35:27 +00:00
Leszek Swirski
4d1f17e4d6 [sandbox] Access ExternalString ResourceData via bottlenecks
Bug: v8:10391
Change-Id: I4e86394c53d02eab797c2daad2ccfde6acb83bf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2151350
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67619}
2020-05-06 16:34:07 +00:00
Michael Achenbach
8140856013 [foozzie] Add sanity check for missing natives suppression
This prevents bug flooding based on differences from calling
%GetOptimizationStatus in correctness tests. It is supposed to
be suppressed with --allow-natives-for-differential-fuzzing.
This ensures early bail-out in case the flag is forgotten at
some point. The v8_sanity_checks.js file is executed before
each correctness test case for this purpose.

NOTRY=true

Bug: chromium:1044942
Change-Id: I74a836a82562604b35e94e5e123a2a8bff939423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184294
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67618}
2020-05-06 16:21:47 +00:00
Jakob Kummerow
73a27ef150 [wasm-gc] Create struct maps on instantiation
and avoid runtime calls for struct allocation. We can load the
map from the instance and do the allocation in a CSA builtin.

Bug: v8:7748
Change-Id: I76dfcb6c28800d69046b3d7381d3b8ba774fbf09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169099
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67617}
2020-05-06 15:52:27 +00:00
Andreas Haas
d6a02c02b6 [predictable] Run worker task on the foreground task runner
On the PredictablePlatform, worker tasks were executed immediately
instead of posting them in a task queue first. This approach caused
problems because the execution of the worker task blocked progress of
the posting task, and the worker task was always executed in the
context of the posting task, e.g. with an already open HandleScope.

With this CL, worker tasks get posted into the foreground task queue
of the nullptr isolate instead of executing them immediately.
The tasks of the nullptr isolate are then executed after a task of
some other task queue is executed. As the worker tasks are thereby
executed on the same thread as foreground tasks, the behavior is
deterministic.

A consequence of this approach is that each pumping the message loop
of an Isolate may also execute other Isolate's background tasks.

This approach is needed because we don't have a BackgroundTaskRunner but
merely a CallOnWorkerThread method that doesn't know which Isolate the
task corresponds to.

R=clemensb@chromium.org, mlippautz@chromium.org

Bug: v8:9670
Change-Id: I6847ae042146431bc2376d27280be8829f529b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182453
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67616}
2020-05-06 15:49:07 +00:00
Clemens Backes
8aa7a464da Revert "[offthread] Serialize new-space objects into old space"
This reverts commit 8c8e6b4117.

Reason for revert: Makes Mac64 debug quite flaky: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20-%20debug/28766

Original change's description:
> [offthread] Serialize new-space objects into old space
> 
> If an object made it into serialization, it probably deserves to be in
> old space when it is deserialized. This will also make off-thread
> deserialization simpler, as there is no off-thread new space.
> 
> Bug: chromium:1075999
> Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67606}

TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org

Change-Id: I0baca3c3b7985fcda6b9055f93111ec99c207d29
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1075999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183925
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67615}
2020-05-06 14:35:32 +00:00
Manos Koukoutos
a3b5825244 [wasm][gc][refactor] Decode gc types with immediates consistently.
Motivation:
There were three versions of type decoding for wasm in the codebase.
Not all of them decoded gc types with immediates (reference types)
correctly.

Changes:
- Refactor the wasm binary decoder for unify type decoding.
- Update BranchTypeImmediate and SelectTypeImmediate to handle
  reference types.

Reference: https://github.com/WebAssembly/gc

R=jkummerow@chromium.org
Bug: v8:7748

Change-Id: I33b38c911d366570ca6ef2723ded5205698e1979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179003
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67614}
2020-05-06 14:31:29 +00:00
Dan Elphick
2cb1e2efed Reland "[heap] Remove FreeList when sealing RO_SPACE"
This is a reland of afd9493a34

LSAN_IGNORE_OBJECTs for FreeListCategories are now removed.

Original change's description:
> [heap] Remove FreeList when sealing RO_SPACE
>
> This releases the FreeListCategories for each MemoryChunk when sealing
> the ReadOnlySpace and deletes the FreeList.
>
> Additionally this also calls
> ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
> sealing when pointer compression is enabled even if no memory is to be
> shared.
>
> Bug: v8:10454
> Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67598}

Bug: v8:10454
Change-Id: I08fcd122437c65c01af526fa8316d5c9e3ebeb3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184297
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67613}
2020-05-06 14:21:27 +00:00
Igor Sheludko
d914a9af0c [builtins] Fix handling of read-only length in Array.prototype.pop
Bug: v8:10484
Change-Id: I977c5974d33472f5af20d7646ad4cf2c58049632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182452
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67612}
2020-05-06 14:14:47 +00:00
Jakob Gruber
e4be6d4156 [nci][x64] Add interface descriptors for ic-collecting builtins
These will be used by ic-collecting builtins called from both bytecode
handlers and js-generic-lowering.

For now only x64 is implemented.

Bug: v8:8888
Change-Id: I12a21b40061b7cb6c9b3cbad6134e7457a6cfa44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184237
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67611}
2020-05-06 14:09:07 +00:00
Nico Hartmann
adc2b6432c [turbofan] Fixes undefined in BigInt operations
When the input to a speculative BigInt operation was an undefined
constant, no necessary type check was inserted by the
RepresentationChanger. This CL fixes this.

Bug: chromium:1077804
Change-Id: I3d4e15b1e018803d56e46c7b23b9d4b03832ba8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182455
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67610}
2020-05-06 14:07:07 +00:00
Leszek Swirski
58b12f638d [offthread] Unify compiler.cc finalization logic
This patch unfies the finalization logic between the various unoptimized
compilation paths in compiler.cc, taking the various post-processings and
fixups needed for off-thread finalization and performing them in the same
order for the other finalizations.

It also unifies the general compilation path between streaming script
compilation, main-thread script compilation, and main-thread lazy
compilation, making the main-thread paths both use an iterative execution
and finalization, and making all three use the same job helper methods
and overall finalization helper.

Bug: chromium:1011762
Change-Id: Ibe56f6d2f75a2deffbe9e0b600ded8a02293b722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172790
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67609}
2020-05-06 13:41:09 +00:00
Leszek Swirski
65d738d432 [parser] Move Compiler::Analyze into Parser
Move rewriting, scope analysis, and internalization, to be unconditional
operations done after parsing rather than a separate compile phase. This
removes some of the complexity about rememberering when to call
Compiler::Analyze, and makes these paths a bit more uniform.

Also, forbid allocating any more AST strings after AstValueFactory
internalization, by nulling out the Zone. Add an InternalizePartial
method which doesn't null out the zone for those cases where we do want
to be able to allocate after internalizing (e.g. internalization before
scope analysis).

Change-Id: Id444246d8362a1d169baf664fc37657d9576fd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182458
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67608}
2020-05-06 13:35:37 +00:00
Clemens Backes
2c45f607a2 [wasm] Remove interpreter entry frames
Interpreter entry compilation was removed in
https://crrev.com/c/2172962. This CL removes the
{WasmInterpreterEntryFrame} and the corresponding
{WASM_INTERPRETER_ENTRY} code kind.

Some follow-up cleanups are left as TODOs.

R=jkummerow@chromium.org,bmeurer@chromium.org

Bug: v8:10389
Change-Id: I1a43eba1ac1a751e05990c688088d99fc901231f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182456
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67607}
2020-05-06 13:27:27 +00:00
Leszek Swirski
8c8e6b4117 [offthread] Serialize new-space objects into old space
If an object made it into serialization, it probably deserves to be in
old space when it is deserialized. This will also make off-thread
deserialization simpler, as there is no off-thread new space.

Bug: chromium:1075999
Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67606}
2020-05-06 13:16:41 +00:00
Clemens Backes
8e7c6ec606 [wasm][cleanup] Use vector comparison instead of strncmp
{base::Vector} comparison is easier to read (IMO), and more performant,
since {memcmp} will be used internally instead of {strncmp}.

R=ahaas@chromium.org

Bug: v8:10155
Change-Id: If92361688a85e96aa661d3e05cc9966e5ea2d04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164796
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67605}
2020-05-06 13:11:57 +00:00
Jakob Gruber
276eaea2c7 Sort interface descriptor list
Just alpha-sort the list.

Tbr: ishell@chromium.org
Bug: v8:8888
Change-Id: I8b31f4176d5ad623557a3c0d8ab3f6be80072566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184236
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67604}
2020-05-06 13:02:23 +00:00
Nico Hartmann
7e41bd38ac Revert "[heap] Remove FreeList when sealing RO_SPACE"
This reverts commit afd9493a34.

Reason for revert: Speculative revert due to https://ci.chromium.org/p/v8/builders/ci/V8%20Clusterfuzz%20Linux%20ASAN%20arm%20-%20debug%20builder/14978?

Original change's description:
> [heap] Remove FreeList when sealing RO_SPACE
> 
> This releases the FreeListCategories for each MemoryChunk when sealing
> the ReadOnlySpace and deletes the FreeList.
> 
> Additionally this also calls
> ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
> sealing when pointer compression is enabled even if no memory is to be
> shared.
> 
> Bug: v8:10454
> Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67598}

TBR=ulan@chromium.org,delphick@chromium.org

Change-Id: I135c1ebc2340a75a30305b84625710ef14d9cdb3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10454
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183921
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67603}
2020-05-06 12:56:55 +00:00
Leszek Swirski
bc2bc6bf72 [offthread] Make Heap::AlignWithFiller static
Enable the use of Heap::AlignWithFiller off-thread by making the method
static.

Bug: chromium:1075999
Change-Id: I8071ae678f954dd4e960b2cd83f63dd22a948920
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184230
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67602}
2020-05-06 12:38:31 +00:00