Commit Graph

63123 Commits

Author SHA1 Message Date
Jakob Kummerow
abe8edaf7f Reland: [wasm-gc] Implement rtt.sub
Relanding without changes, revert reason was fixed by:
https://chromium-review.googlesource.com/c/v8/v8/+/2272564

Originally reviewed at:
https://chromium-review.googlesource.com/c/v8/v8/+/2260566

Original description:
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.

Bug: v8:7748
Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8
Tbr: ulan@chromium.org
Tbr: tebbi@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68581}
2020-06-29 14:55:45 +00:00
Nico Hartmann
99b96e1a27 Add mac_xcode_version to gclient_gn_args
Bug: chromium:1100266
Change-Id: Iaa847a50e9a79261fe9d9050db5046fa99352eaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273122
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68580}
2020-06-29 14:46:45 +00:00
Michael Achenbach
4146efbfe6 [foozzie] Refactoring - simplify suppressions
This makes output and test-case suppressions independent of the used
comparison configs and architecture. Such fine-grained suppressions
were only needed during the inception of differential fuzzing, but
by now, most remaining suppressions are implemented in d8 behind
a flag.

This prepares for running with more than two comparison configs in a
follow up.

No-Try: true
Bug: chromium:1100114
Change-Id: I072769adb3ef7c6e6c43459aa23ac906f461b307
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270095
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68579}
2020-06-29 12:59:20 +00:00
Nico Hartmann
b33e2b6e94 Set mac_xcode_version in DEPS
Bug: chromium:1100266
Change-Id: I20df6d0d5bdd07aa69c4eecf68c1d2152ddc1bec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272567
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68578}
2020-06-29 12:58:15 +00:00
Michael Achenbach
0b01726bb7 [foozzie] Remove outdated suppressions
It is obsolete to filter out error-message differences since the
time we pass --correctness-fuzzer-suppressions to d8, which already
stubs all messages:
https://cs.chromium.org/chromium/src/v8/src/execution/messages.cc?l=1031

No-Try: true
Bug: chromium:1100114
Change-Id: Iac42a8e2a32f9bae4034f79eaff429bf3ee41724
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270024
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68577}
2020-06-29 12:46:25 +00:00
Michael Achenbach
c220a05ca9 [foozzie] Refactoring - several code clean-ups
This simplifies the lengthy main method by extracting some code and
by replacing the scattered returns with exceptions.

We introduce two exceptions for early bail-out. This enables helper
methods on multiple layers. The early bail-out on time-out is
moved to the point where it is detected.

Previously on timeout and crash we also printed out the step number.
Clusterfuzz doesn't parse this, it was only for statistical purposes,
and the latest version of the experimental workbench only parses
crashes and timeouts, not the step in which they happened. Hence,
this CL removes those step numbers.

Except the change described in the last paragraph, this CL doesn't
intend to change behavior.

No-Try: true
Bug: chromium:1100114
Change-Id: Ie8c18f183e4fc538577f3eb49aaf6df1acd1e4e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270547
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68576}
2020-06-29 12:29:39 +00:00
Camillo Bruni
6b9c3926da [test] Disable promise error handling for benchmark
This slows down promise benchmarks since we process all unhandled promises.

Bug: vu:1099632
Change-Id: I2188a2842ec0a69ca93e5d406f10371ceff60f9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270235
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68575}
2020-06-29 11:41:16 +00:00
Jakob Kummerow
dff914aeb2 [wasm-gc] Protect subtyping cache with a mutex
The per-module caches for subtype relations and type equivalences are
accessed from several background compile jobs, so these accesses must
be guarded by a lock.
This issue was found by our TSan bots and caused the following revert:
https://chromium-review.googlesource.com/c/v8/v8/+/2270734

Bug: v8:7748
Change-Id: I0322972f8f72ca8aff3538bf3f78d4329e5f3a44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2272564
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68574}
2020-06-29 11:40:13 +00:00
Simon Que
f7f1cc14a9 infra: Set ios_use_goma_rbe=true for v8 iOS builders
This sets up a relative path symlink to the XCode sysroot.

Bug: chromium:1100006
Change-Id: I04bd8ff5158f6e00a91391e6a49530cf1a46f6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269452
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68573}
2020-06-29 11:16:43 +00:00
Manos Koukoutos
fe00ecb8ba [wasm-gc] Introduce HeapType class
Drive-by: Fix ref.is_null calling is_reference_type to typecheck its
argument (which would also allow rtts).

Bug: v8:7748
Change-Id: I2ad01d0f70ac15d37ac4cc344bd0280a7ca08073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264094
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68572}
2020-06-29 10:00:44 +00:00
Nico Weber
238088da68 mac/arm64: use sys_icache_invalidate().
Does step 5 of the linked bug.

Bug: chromium:1098923
Change-Id: I590cbaddb803f6343a61f7b49f7b8a4cb9773220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270704
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68571}
2020-06-29 09:52:53 +00:00
Camillo Bruni
81d37159e6 [tools] Add streaming test runner
This adds a simple test runner that prints a line for every test with
the appropriate status prefix: PASS, FAIL, CRASH or TIMEOUT

Change-Id: Ic1ba78667c38cd4392af027bb6cb671b274680b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264098
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68570}
2020-06-29 09:42:23 +00:00
Zhao Jiazhong
a5f902affc [mips][liftoff][mv] Remove multi-value overhead
Port 2332ebd86a
https://crrev.com/c/2264099

Original Commit Message:

  - Add a separate function to load return slots, instead of encoding this
  in the offset,
  - Add fast path for single return.

Change-Id: I065c35b95dbc6546387ea54d298bb5765bc342cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269456
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#68569}
2020-06-29 09:20:33 +00:00
Nico Weber
cf71540c68 mac/arm64: Port SignalHandler::FillRegisterState().
Bug: chromium:1098899
Change-Id: I3ff79c00063f7da36b141a3a7b0d2daa71c9801a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270705
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68568}
2020-06-29 08:27:23 +00:00
Shu-yu Guo
304565661b Revert "[wasm-gc] Implement rtt.sub"
This reverts commit 04ce88eae5.

Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135

Original change's description:
> [wasm-gc] Implement rtt.sub
> 
> RTTs are internally represented as Maps. To store supertype information,
> this patch introduces a WasmTypeInfo object, which is installed on Wasm
> objects' Maps and points at both the off-heap type information and the
> parent RTT.
> In this patch, rtt.sub always creates a fresh RTT. The canonicalization
> that the proposal requires will be implemented later.
> 
> Bug: v8:7748
> Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68564}

TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org

Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68567}
2020-06-26 18:16:37 +00:00
Milad Farazmand
ce9c43c307 S390: [wasm-simd] Prototype i32x4.dot_i16x8_s
Test and Instruction Selection changes are not included and must
be added when opcode is added to SIMD proposal.

Bug: v8:10583
Change-Id: I140d3477d4f3281b24974090c25807eb86af757f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2261162
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68566}
2020-06-26 16:54:02 +00:00
Milad Farazmand
b663563770 PPC: [wasm-simd] Implement simd unary operations
Change-Id: I1f323ecb531880feb49cb70797b8f39ad863a75d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2269841
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68565}
2020-06-26 16:36:42 +00:00
Jakob Kummerow
04ce88eae5 [wasm-gc] Implement rtt.sub
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.

Bug: v8:7748
Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68564}
2020-06-26 16:31:02 +00:00
Milad Farazmand
5c58419a4f AIX: ignore luci-go on the OS because it's missing
Change-Id: I663da3357f6e88848048ec42832fe7017d563ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264952
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68563}
2020-06-26 16:15:22 +00:00
Michael Achenbach
484357722b [test] Skip flaky test
TBR=mslekova@chromium.org

No-Try: true
Bug: v8:10647
Change-Id: I177abffb3286703df110f1875c70ac1120d07595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270541
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68562}
2020-06-26 15:11:42 +00:00
Michael Achenbach
f3abba13f6 [test] Work around Android linker warning in message tests
Bug: chromium:1099623
Change-Id: Icbb6b0ebcc10628fafbef57cc6d1af7861e408f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270170
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68561}
2020-06-26 15:05:32 +00:00
Benedikt Meurer
7842920a22 [inspector] Set limit for Wasm wire byte transfer via CDP.
The `Debugger.getScriptSource()` and `Debugger.getWasmBytecode()`
methods in the CDP return Wasm wire bytes as protocol::Binary, which is
send as Base64-encoded JSON string in the communication to the DevTools
front-end, and hence leads to either crashing the renderer that is being
debugged or the renderer that's running the front-end if we allow
arbitrarily huge Wasm byte sequences here. This CL introduces a limit,
based on the maximum allowed string length, to avoid the crash and
instead signal a proper error to the DevTools front-end.

Bug: chromium:1099680
Change-Id: I356d617301d17a4012f7f845773cf14e6ad1e4a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270174
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68560}
2020-06-26 14:36:32 +00:00
Manos Koukoutos
55ddbaa054 [wasm][refactor] Rework immediate-argument abstractions
Motivation:
The immediate-argument classes defined in function-body-decoder.h were
often adding an offset to the provided pc. This was inconsistent,
bug-prone, and counterintuitive. This CL imposes that all immediates
are passed as pc the start of the immediate argument they are parsing.
Some other smaller inconsistencies are fixed as well.

Changes:

src/wasm/:
- Enforce that all Immediates are passed the pc at the start of the
  argument they are parsing. Adapt all call sites.
- Remove unneeded offset arguments from two SIMD related immediates.
- Add a pc argument to all Validate functions for immediates instead
  of using the Decoder's current pc.
- Remove the (unused) pc argument from all Complete functions for
  immediates.
- Introduce Validate() for BranchOnExceptionImmediate.
- In WasmDecoder::Decode(), make sure len is updated before breaking out
  of the loop in case of a Validate() failure.
- Change the default prefix_len of DecodeLoadMem/DecodeStoreMem to 1.

wasm-interpreter.cc:
- Change the default prefix_len of ExecuteLoad/Store to 1.
- Adapt offsets in calls to Immediates.
- Remove redundant opcode_length argument from ExecuteSimdOp, use len
  in its place.

function-body-decoder-unittest.cc
- Adapt offsets in calls to Immediates.
- Introduce and use EXPECT_OK, as is done in other tests.

Change-Id: I534606c0e238af309804d4a7c8cec75b1e49c6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267381
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68559}
2020-06-26 13:29:42 +00:00
Andreas Haas
1f80b36c4b [wasm][ia32][liftoff] Implement remaining 32-bit atomic binops
R=clemensb@chromium.org

Bug: v8:10108
Change-Id: I44c03a7c39cca8f35e4221c659f918e109d85353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270166
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68558}
2020-06-26 13:22:52 +00:00
Clemens Backes
a06b4603e1 [wasm] Speed up ValueType::element_size_bytes
It turns out that Liftoff often needs to know the size of a value in
bytes. Currently we are loading the size_log_2 from an array and then
performing a shift by that amount. We can slightly speed this up by just
loading the correct value directly.

Drive-by: Use {int8_t} for the internal array, since all values will
easily fit in that range.

R=thibaudm@chromium.org

Bug: v8:10576
Change-Id: I1b832ba404ff9913e2272d332f312b371b6ce3d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267302
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68557}
2020-06-26 12:00:44 +00:00
Michael Achenbach
07e710208b [test] Work around Android linker warning in test output
Bug: chromium:1099623
Change-Id: I88ab0cec0ba505dcfc77d2f5eb271321633ca3be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270165
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68556}
2020-06-26 11:52:12 +00:00
Santiago Aboy Solanes
f954b72d27 [compiler] Perform further synchronization on acquiring prototype's Map
We would like that to make sure every time we read map's prototype's map
we read the same one.

CL created after the discussion on
https://chromium-review.googlesource.com/c/v8/v8/+/2210233.

Bug: v8:7790
Change-Id: I4b6ffe733cf0b011b1bd1a3620ae8f1f35fa5c87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264101
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68555}
2020-06-26 09:59:12 +00:00
Clemens Backes
70547c81a0 [liftoff] Speed up local.get implementation
Each single branch in the switch was push a new value on the operand
stack, but the code for that was not shared.
This CL refactors this such that we only allocate once, and then modify
the new slot as needed.
This makes the generated code a lot smaller (771 bytes instead of 1052
bytes on x64), and hopefully also faster.

R=thibaudm@chromium.org

Bug: v8:10576
Change-Id: I65cd5b7d91f881b4c236414d39f1dfd54e200b97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266533
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68554}
2020-06-26 09:01:12 +00:00
Ng Zhi An
6b24d5d7c2 [wasm-simd][arm] Prototype f64x2.ceil
Prototype f64x2.ceil on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintp, and for ARM v7 we fallback to runtime.

Since ARM v8 uses vrintp, which is the same instruction used for
Float64RoundUp (scalar), wasm-compiler reuses the Float64RoundUp check.

Bug: v8:10553
Change-Id: I5841c6a06f260debe8ae90d331bdcc2a0fa3278c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258813
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68553}
2020-06-25 18:38:31 +00:00
Andreas Haas
1e4282db0d Reland "[wasm] Re-exported globals preserve their identity"
This is a reland of f7a1932ef9

There was a wpt test in Chrome that expected the incorrect behavior.
I disable the test in https://crrev.com/c/2264418 so that we can land
the fix here.

Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}

Bug: v8:10556
Change-Id: I8e1b08fc9f72dde166cba167e6e320e714796769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264097
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68552}
2020-06-25 18:12:41 +00:00
Thibaud Michaud
9c378dada2 [regalloc] Reuse existing method to find intersection
The current code for AssignRegisterOnReload starts the search at
the first interval instead of relying on the cached {current_interval_},
which seems to be a main cause for slow compile time in the linked
issue's test case. Moreover, it does not take into account live range
holes of the current range. This change uses FirstIntersection instead
which already handles both issues.
Since inactive ranges are sorted by their next start, we can also break
early from the loop.

R=sigurds@chromium.org

Bug: v8:10533
Change-Id: I454df95376011462ce22e850a1c143d523b68538
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2263152
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68551}
2020-06-25 17:46:05 +00:00
Ng Zhi An
91bf68ae70 [wasm-simd][arm] Prototype i32x4.dot_i16x8_s
This implements I32x4DotI16x8S for arm.

Bug: v8:10583
Change-Id: I4541f4f5bc7daba03c6ab2040589893c8ef571bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230787
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68550}
2020-06-25 17:03:25 +00:00
Ng Zhi An
1ae2636293 Enable wasm_simd_post_mvp flag in fuzzer
Bitmask requires wasm_simd_post_mvp because it was merged into SIMD
proposal after 84 cut, which Origin Trial starts.

For now, bitmask is the only instruction that requires this flag to be
set, and no other post mvp instructions are included in the fuzzer.

We should revert this change (and also move bitmask out of the flag)
after this OT is over.

Bug: chromium:1098666
Change-Id: I7d45c805aaa18bfc1a5180e70b912d5f17d4a31d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264628
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68549}
2020-06-25 16:42:16 +00:00
Clemens Backes
7451f97bd5 [wasm] Skip test that times out on gc-stress
Similar tests are already skipped on tsan, using the same bug to also
skip this test. Note that it's a slightly different test, but based on
the same "worker-ping-test.js".

TBR=ahaas@chromium.org

Bug: v8:9506
Change-Id: Ie8d0aab5b1fd3ae6c77a65fa04ac4772b2836a1c
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267301
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68548}
2020-06-25 16:11:45 +00:00
Clemens Backes
490971092c [wasm] Experimentally allow modules >1GB
Add an experimental flag to allow modules up to a size slightly below
2GB, to make sure that we don't run into integer overflows.
Modules this large are not tested at all currently, hence the explicit
"experimental" in the flag name.

Drive-by: Fix one comparison to use ">" instead of ">=".

R=ahaas@chromium.org
CC=​bmeurer@chromium.org

Bug: v8:10642
Change-Id: I91cfc290c262b9b81750e3c8af5358c1cd2572b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266535
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68547}
2020-06-25 16:05:56 +00:00
Milad Farazmand
33376bdf1d PPC/s390: [liftoff][mv] Remove multi-value overhead
Port 2332ebd86a

Original Commit Message:

    - Add a separate function to load return slots, instead of encoding this
    in the offset,
    - Add fast path for single return.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Ia302772478b58fd25ee53a18e6ee03ac4b2ea9f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267477
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68546}
2020-06-25 15:59:56 +00:00
Ulan Degenbaev
4bbf78f9b2 Add a flag for flushing icache for embedded builtins
It will be used in a Finch experiment to evaluate if icache flushing
helps with crashes on certain CPUs.

Bug: chromium:889460
Change-Id: I1218ce93db001833e29fdeca8fde3e863e26dfdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267297
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68545}
2020-06-25 15:53:55 +00:00
Clemens Backes
15e54593de [wasm] Remove type from LocalIndexImmediate
The immediate itself is just the index, and the local type can easily be
looked up in every environment where the immediate is used. Hence remove
that field.

R=thibaudm@chromium.org

Bug: v8:10576
Change-Id: If3176fa4880a75bdc475ec61dea60e08001220f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266532
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68544}
2020-06-25 15:42:56 +00:00
Alex Turner
76e9ddb8f5 Speed up StackTraceFrame::GetScriptId()
This retrieves script name directly from StackFrameBase, bypassing
building of StackFrameInfo if one hasn't already been initialized,
thus avoiding computation of expensive properties that are not
required. This matches current behavior of GetScriptNameOrSourceURL()
and is a workaround until a dedicated API is available.

Bug: chromium:1098530
Change-Id: I181dc7feeebaf2f45758bbd29be24ab036e44b19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2261736
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68543}
2020-06-25 15:08:35 +00:00
Andreas Haas
0895c903ce [wasm][tests] Remove BigInt proposal tests
The BigInt proposal got to stage 4 and integrated into the main spec.
Therefore the proposal tests are unnecessary and will be outdated soon.

R=thibaudm@chromium.org

Change-Id: I149de015f098a89333dd907bf5a4d18a36086c2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264095
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68542}
2020-06-25 14:43:05 +00:00
Clemens Backes
c8b8475424 [wasm] Remove indirection for accessing local types
Local type information was stored in the {WasmFullDecoder}, and a
pointer to that vector was handed to {WasmDecoder}. Since
{WasmFullDecoder} inherits from {WasmDecoder}, we can just move the
vector to the {WasmDecoder} class, and save an indirection and an
unnecessary nullptr check.

Drive-by: Rename {GetLocalType} to {local_type}, since it's a simple
accessor.
Drive-by 2: Move fields of {WasmDecoder} to the end of the class, as
mandated in the style guide.
Drive-by 3: Rename some locals in the 'let' decoding to make the meaning
more clear.

R=thibaudm@chromium.org

Bug: v8:10576
Change-Id: I6ab9831f0c1955e47562e84c5fbf15807439b024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264360
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68541}
2020-06-25 14:15:25 +00:00
Marja Hölttä
f70c2d62fa [d8] Changes needed for testing Atomics.waitasync
Design doc:
https://docs.google.com/document/d/1BU-Zyco8YPP2Ra0Y3eVZ_BllzpUkJaJhmVmmnGD44Yc/edit#heading=h.mmdxlkic7kqd

Bug: v8:10239
Change-Id: Ie1b953c8242e32a0447440aaae7c2ed377c97511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259933
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68540}
2020-06-25 14:13:06 +00:00
Lutz Vahl
bad4049ceb Changed version number to 8.6
Change-Id: Ic302912d11ada06a1ce13668df85b9e582e651d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266737
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68539}
2020-06-25 14:10:56 +00:00
Jakob Gruber
5d417c0d49 [nci] Add feedback input to more nodes kinds
... and extend JS node wrapper functionality.

Node wrappers now have accessors for value inputs and
context/control/effect/frame-state inputs. Accessors are typed,
although types aren't very meaningful so far (in current examples we
only distinguish between Object/HeapObject).

The following node kinds now take an additional feedback vector input,
and use the new node wrapper functionality above:

- CloneObject
- CreateLiteralArray
- CreateLiteralObject
- CreateLiteralRegExp
- GetIterator
- GetTemplateObject
- HasProperty
- LoadProperty
- StoreProperty

Bug: v8:8888
Change-Id: I1eb33c078b11725a72ec983bbaa848b9a3c7b0d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259936
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68538}
2020-06-25 13:07:05 +00:00
Maya Lekova
bc8efc9a2c Revert "Update V8 DEPS."
This reverts commit 2b6b85abd9.

Reason for revert: Broken Android builder https://cr-buildbucket.appspot.com/build/8876523558361397488

Original change's description:
> Update V8 DEPS.
> 
> Rolling v8/build: 2dc7c7a..876a780
> 
> Rolling v8/third_party/aemu-linux-x64: UoYLOT0X6577j70eB9nPqYQs9Z3Nh5lA4I-pRtTchO0C..YFi4RbbToiNVSl0eKxjhhhAElSEXx2Y9i-5Q4eBGkUwC
> 
> Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/95c1f42..761dfad
> 
> Rolling v8/third_party/depot_tools: 35c6274..87c8b91
> 
> Rolling v8/third_party/zlib: 02daed1..93be846
> 
> Rolling v8/tools/clang: 42b285f..62d4c43
> 
> TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
> 
> Change-Id: Ia948991c7735b13585cf12a7ccfb0e372ab86320
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266393
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#68536}

TBR=machenbach@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ieea4f4fca222c053014bea68c4020ee27fa4a0d2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264104
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68537}
2020-06-25 11:35:37 +00:00
v8-ci-autoroll-builder
2b6b85abd9 Update V8 DEPS.
Rolling v8/build: 2dc7c7a..876a780

Rolling v8/third_party/aemu-linux-x64: UoYLOT0X6577j70eB9nPqYQs9Z3Nh5lA4I-pRtTchO0C..YFi4RbbToiNVSl0eKxjhhhAElSEXx2Y9i-5Q4eBGkUwC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/95c1f42..761dfad

Rolling v8/third_party/depot_tools: 35c6274..87c8b91

Rolling v8/third_party/zlib: 02daed1..93be846

Rolling v8/tools/clang: 42b285f..62d4c43

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ia948991c7735b13585cf12a7ccfb0e372ab86320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2266393
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68536}
2020-06-25 11:27:52 +00:00
Thibaud Michaud
2332ebd86a [liftoff][mv] Remove multi-value overhead
- Add a separate function to load return slots, instead of encoding this
in the offset,
- Add fast path for single return.

Drive-by: Reuse helper function for stack slot loads on ia32 and x64.

R=clemensb@chromium.org

Bug: v8:10576
Change-Id: Iea5ad2f0982c443cf2297227e9a2367cbb14581f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264099
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68535}
2020-06-25 11:10:02 +00:00
Clemens Backes
6e856b5e34 [wasm][interpreter] Remove RaiseException
This method was there to turn a trap into an exception. It's not used
any more, so can be removed.

R=ahaas@chromium.org

Bug: v8:10389
Change-Id: I39bb3141722ddf1e09271348016c1d6f6d72b928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264103
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68534}
2020-06-25 10:30:22 +00:00
Clemens Backes
f2cb20289d [wasm] Remove dead code from test utils
This removes several dead functions from the wasm-module-runner.cc.

R=ahaas@chromium.org

Change-Id: I35efbc6960a28f41d14ca5d8e828c4e6f2953409
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264100
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68533}
2020-06-25 10:22:52 +00:00
Mike Stanton
9957621277 [ic] Make FeedbackVector slot arrays immutable
Currently the FeedbackVector uses arrays in slots that are polymorphic,
usually in a <map, handler> tuple pattern. Helper functions try to
re-use an existing array if it's already in place.

For Concurrent TurboFan, it would be far better if these FixedArrays
were immutable. We could then count on semantic correctness when
harvesting their information from a background thread without locking.

Additionally, the arrays should always be initialized fully before
being set in place.

Bug: v8:7790
Change-Id: I81eae3bda48c2d0d8eea41d1bc9c62afb7e619d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264364
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68532}
2020-06-25 10:01:52 +00:00