Commit Graph

62252 Commits

Author SHA1 Message Date
Frank Tang
758212a82e [Intl] Fix hour cycle in formatRange
Bug: v8:9934
Change-Id: I8e4c0bb647913b703c01fd0d11329fba254e5350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195491
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67760}
2020-05-12 20:38:45 +00:00
Thibaud Michaud
2b2f3a4290 [liftoff][mv] Remove bailout for call_indirect
The recent changes to support multi-value calls should also apply to
indirect calls, so this bailout can be removed.

R=ahaas@chromium.org

Bug: v8:10408
Change-Id: Ia1b2e49caa6f308a4d2f30712a132c7e072df9f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196350
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67759}
2020-05-12 18:23:45 +00:00
Shu-yu Guo
81534e76cd Revert "Whitespace change to trigger bots"
This reverts commit e473d23215.

Reason for revert: Checking if build infra is fixed

Original change's description:
> Whitespace change to trigger bots
> 
> Some bots turned red. Might be an infra failure. Let's see if this CL
> makes it disappear.
> 
> Tbr: machenbach@chromium.org
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Change-Id: I269257184cfca5423fb2c52ae8cfc1ad696002e9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196352
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67757}

TBR=clemensb@chromium.org

Change-Id: Ibe1d2725cc2bd621a3243b8930b43f8ec732420b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2197254
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67758}
2020-05-12 17:11:07 +00:00
Clemens Backes
e473d23215 Whitespace change to trigger bots
Some bots turned red. Might be an infra failure. Let's see if this CL
makes it disappear.

Tbr: machenbach@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I269257184cfca5423fb2c52ae8cfc1ad696002e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196352
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67757}
2020-05-12 16:37:37 +00:00
Clemens Backes
cfe1b64bfc [wasm][debug] Only inspect code generated for debugging
Liftoff code generated for debugging has an extended function prologue
which checks the "hook on function entry" flag on the isolate. Because
of this, code positions between standard Liftoff code and Liftoff code
for debugging do not match up. When (lazily) generating debug side
tables, we always generate them for debugging-flavored Liftoff code.

The issue that this CL fixes happened when we tried to inspect non-debug
Liftoff code, and lazily generated the debug side table for that code.
As noted above, source positions would not match up in that case, and we
get DCHECK failures (or crashes in release builds) when inspecting the
code.

This issue was uncovered as part of the multi-threaded debugging effort,
but because of the similarity in the stack trace, it might also fix the
other issues linked below. We will get test coverage as soon as we add
multi-threaded debugging tests (which are in development, but are still
hitting other issues).

R=thibaudm@chromium.org

Bug: v8:10359, chromium:1071757, chromium:1079328, chromium:1072839
Change-Id: Ic0c14e635dc2a0b84ac86ceb6650288202dafedc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196349
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67756}
2020-05-12 16:05:25 +00:00
Manos Koukoutos
39932a0467 [wasm-gc][bug] Fix Fuzzer crashes on unimplemented experimental code.
Changes:
- Don't use UNIMPLEMENTED where it can be run.
- Implement OpcodeLength for gc types.
- Remove unreachable code.
- Request the correct feature 'gc' for the respective opcodes and types.

Bug: 1079337, 1079450, 1081529, 1081011, 1080444

Change-Id: Ib081139ca805c6f5471a372f862638a3606254b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196302
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67755}
2020-05-12 15:50:05 +00:00
Clemens Backes
e62a7f7697 Reland "[wasm][debug] Fix tier down for multiple isolates"
This is a reland of 902f48bdda, fixed
to avoid lock inversion problems detected by TSan.

Original change's description:
> [wasm][debug] Fix tier down for multiple isolates
>
> If multiple isolates are using the same module, we need to keep it
> tiered down as long as any isolate still has a debugger open.
> Also, we cannot short-cut the {NativeModule::TierDown} method, since the
> previously triggered tier down might not have finished yet.
> For now, each isolate starts an independent tier down (i.e. a full
> recompilation). We could optimize this later by skipping functions that
> are already tiered down, or are already scheduled for tier down, but we
> still need to wait for tier-down to finish on each isolate.
>
> R=thibaudm@chromium.org
>
> Bug: v8:10359
> Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67716}

Bug: v8:10359
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Ie98cf073fc79e5c6991df6d4466de7b560274070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194451
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67754}
2020-05-12 15:41:55 +00:00
Jakob Gruber
36df34cc5b [torque] Port CollectConstructFeedback
Previously implemented directly in InterpreterAssembler::Construct,
this will soon also be needed to implement a Construct_WithFeedback
builtin.

Bug: v8:8888
Change-Id: I01a00914c6554a5b83f414a93d85a15ec02df662
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193717
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67753}
2020-05-12 15:36:30 +00:00
Manos Koukoutos
eb23cef034 [wasm-gc] Implement ref.eq
Changes:
- Implement subtyping for eqref.
- (Driveby) Declare more functions as constexpr in ValueType.
- Make minor changes needed to handle ref.eq.
- Write an elementary test.

Bug: v8:7748
Change-Id: I11d54227798ce56de70f3a6f83305b2f80b2f57f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193715
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67752}
2020-05-12 15:35:25 +00:00
Milad Farazmand
b5939c7589 Revert "s390: [arm] Add missing RELATIVE_CODE_TARGET iteration"
This reverts commit 9d3cca1cd3.

Reason for revert: Only the test needs to be skipped on s390. Refer to this: https://crrev.com/c/1981505

Original change's description:
> s390: [arm] Add missing RELATIVE_CODE_TARGET iteration
> 
> Port b766299d2c
> Port 9592b043ee
> Port d915b8d668
> 
> Original Commit Message:
> 
>     Code object iteration was missing logic for RELATIVE_CODE_TARGET
>     reloc entries. Garbage collection could thus miss objects that were
>     referenced only as targets of pc-relative calls or jumps.
> 
>     RELATIVE_CODE_TARGETs are only used on arm, mips, and s390 and only
>     at mksnapshot-time.
> 
>     This exposed another issue in that the interpreter entry trampoline
>     copy we generate for profiling *did* contain relative calls in
>     runtime-accessible code. This is a problem, since code space on arm is,
>     by default, too large to be fully addressable through pc-relative
>     calls. This CL thus also disables the related
>     FLAG_interpreted_frames_native_stack feature on arm.
> 
>     objects.
> 
> R=​jgruber@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
> BUG=
> LOG=N
> 
> Change-Id: Ifbcaed98d90a2730f0d6a8a7d32c621dab1ff5b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2087693
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#66644}

TBR=michael_dawson@ca.ibm.com,mlippautz@chromium.org,jyan@ca.ibm.com,jgruber@chromium.org,joransiu@ca.ibm.com,miladfar@ca.ibm.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: Id645a9def23d278235ff77f25249d2187e8105ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196521
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67751}
2020-05-12 15:13:59 +00:00
Tobias Tebbi
75b30281de [torque] allow nested namespaces
- Change the Torque parser to support nested namespaces. All the rest
  of Torque has already supported them for a long time.
- Use nested namespaces in ic-callable.tq and torque-internal.tq.

Bug: v8:7793
Change-Id: I869ce21e4a6aeb5951815815cbd4feedfcb312b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196127
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67750}
2020-05-12 14:34:17 +00:00
Milad Farazmand
d746a0347c PPC/s390: [liftoff][mv] Support multi-value returns
Port b931af5dd8

R=thibaudm@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Idb61dd337187a8afd4e3b8705b80dab98eb11fa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195796
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67749}
2020-05-12 14:13:27 +00:00
Tobias Tebbi
45557b1f89 [torque] format namespaces without indentation
Bug: v8:7793
Change-Id: Id2a93f8ac8c512dbc5cdeb43a97e04d8d6684954
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196130
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67748}
2020-05-12 14:06:17 +00:00
Jakob Kummerow
8b2a322110 [cleanup][wasm] Move local functions to anonymous namespaces
in wasm-compiler.cc.

Bug: v8:10506
Change-Id: I056344d64a58a53db46540f958dc4256243e0547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196342
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67747}
2020-05-12 13:42:37 +00:00
Mike Stanton
723cf6857f [TurboFan] Remove unnecessary serialization code
ScriptContextTableRef::lookup() isn't called.

BUG=v8:7790

Change-Id: I8a89de2dff7b7e4ef7b37f54a0bd0fcae27d1a1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196183
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67746}
2020-05-12 12:34:47 +00:00
Jakob Kummerow
ee159a4bac [wasm-gc] Implement array.len
Bug: v8:7748
Change-Id: I736aaebb08be1d43662058f0ffde8b877b025017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193852
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67745}
2020-05-12 12:12:17 +00:00
Omer Katz
fff219bff7 heap,cppgc: Update StackState enum values
This CL adds 2 new values to the EmbedderStackState enum with more
explicit names. The old values are updated as aliases to the new
values and marked as soon to be deprecated. This CL also moves the
enum to v8-platform.h so that it can be reused by cppgc.

Depracating individual values in an enum is supported by GCC only
since version 6. Thus new macros were needed for the deprecation
(which delegate to the existing macros when supported). GCC versions
older than 6 are still used by the CQ bots.

Bug: chromium:1056170
Change-Id: Id1ea73edfbbae282b0d8a3bb103dbbbf8ebd417e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188971
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67744}
2020-05-12 12:07:27 +00:00
Leszek Swirski
040e832414 Reland "[heap] Refactor Heap::PerformGarbageCollection"
This reverts commit 6fba287c53.

Reason for revert: Not the cause.

Original change's description:
> Revert "[heap] Refactor Heap::PerformGarbageCollection"
>
> This reverts commit d0dbee4772.
>
> Reason for revert: Breaks MSVC bot (https://cr-buildbucket.appspot.com/build/8880517266974148704)
>
> Original change's description:
> > [heap] Refactor Heap::PerformGarbageCollection
> >
> > This ensures that PerformGarbageCollection runs completely within a
> > LocalHeap safepoint. External prologues and epilogues that may trigger
> > GC and run JS are moved outside.
> >
> > Bug: v8:10315
> >
> > Change-Id: I5c0081f0791ba5d27152c119a2a0d454056656d3
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190756
> > Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67736}
>
> TBR=ulan@chromium.org,mlippautz@chromium.org,dinfuehr@chromium.org
>
> Change-Id: I62e62d3f4cd50a3e8f0037902f158baef68cb3b1
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:10315
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195823
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67739}

TBR=ulan@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,dinfuehr@chromium.org

Bug: v8:10315
Change-Id: I8b9046c51fd43ca48066250085f589f6aa81d5f5

# Reland without changes.

No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I8b9046c51fd43ca48066250085f589f6aa81d5f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196301
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67743}
2020-05-12 10:57:12 +00:00
Leszek Swirski
faa6d7ad76 Revert "cppgc: Port ObjectStartBitmap"
This reverts commit 3df36990b3.

Reason for revert: Breaks MSVC bot (https://cr-buildbucket.appspot.com/build/8880517266974148704)

Original change's description:
> cppgc: Port ObjectStartBitmap
> 
> This ports ObjectStartBitmap from Blink.
> 
> Bug: chromium:1056170
> Change-Id: Ib959d9ac1c5e1e34ffa6418f77956e993c570ffc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181331
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67735}

TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org

Change-Id: Iaea15b11c0ee7b599fe1f275aded7414bce428ac
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196321
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67742}
2020-05-12 10:56:10 +00:00
Dominik Inführ
c25352f388 Reland "[heap] Remove sweeping state in incremental marking"
This is a reland of 7f29c48ef6

After fixing TSAN failures in https://crrev.com/c/2192661 and https://crrev.com/c/2193712, this CL and be relanded without changes.

Original change's description:
> [heap] Remove sweeping state in incremental marking
>
> Remove the SWEEPING state from incremental marking. Sweeping is now
> always completed when starting incremental marking. Before this change
> there needed to be a safepoint each for starting marking and completing
> sweeping. Now both happens within a single safepoint.
>
> Bug: v8:10315
> Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67678}

Bug: v8:10315
Change-Id: Ic949d125e72c4d17fd427d08d4b6f9056721eee9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196182
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67741}
2020-05-12 10:48:37 +00:00
Thibaud Michaud
83234b1cd9 [liftoff][mv] Remove multi-value "if" bailout
Multi-value "if" works out of the box in Liftoff.

R=ahaas@chromium.org

Bug: v8:10408
Change-Id: Ia3666ccd4faaa32f373020a3335a0304823f8881
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196123
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67740}
2020-05-12 10:44:57 +00:00
Leszek Swirski
6fba287c53 Revert "[heap] Refactor Heap::PerformGarbageCollection"
This reverts commit d0dbee4772.

Reason for revert: Breaks MSVC bot (https://cr-buildbucket.appspot.com/build/8880517266974148704)

Original change's description:
> [heap] Refactor Heap::PerformGarbageCollection
> 
> This ensures that PerformGarbageCollection runs completely within a
> LocalHeap safepoint. External prologues and epilogues that may trigger
> GC and run JS are moved outside.
> 
> Bug: v8:10315
> 
> Change-Id: I5c0081f0791ba5d27152c119a2a0d454056656d3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190756
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67736}

TBR=ulan@chromium.org,mlippautz@chromium.org,dinfuehr@chromium.org

Change-Id: I62e62d3f4cd50a3e8f0037902f158baef68cb3b1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195823
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67739}
2020-05-12 10:38:58 +00:00
Georg Neis
5009fb6ba7 [turbofan] Remove dead branch
A prototype map can't be deprecated.

Bug: v8:7790
Change-Id: I26ef4d9648985417212dcf4df0d47568861e9bc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196124
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67738}
2020-05-12 10:18:39 +00:00
Jakob Gruber
6888d68b5f [snapshot] Deoptimize all in --stress-snapshot mode
We don't yet support serialization of optimized code, so whenever the
serializer encounters an 'unexpected' Code object, it aborts.

Snapshot::ClearReconstructableDataForSerialization does not clear
weak links created through compilation dependencies. These links
make Code objects reachable even though recompilable data has been
cleared from JSFunctions/SFIs/JSRegExps.

Forcing a full deopt of the entire isolate is the simple of way of
solving this until serialization support for optimized code has been
implemented.

Bug: v8:10416,v8:10500,v8:10518
Change-Id: Ie1386cc9fa983b435825afa15441df38409bff98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196122
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67737}
2020-05-12 09:59:37 +00:00
Ulan Degenbaev
d0dbee4772 [heap] Refactor Heap::PerformGarbageCollection
This ensures that PerformGarbageCollection runs completely within a
LocalHeap safepoint. External prologues and epilogues that may trigger
GC and run JS are moved outside.

Bug: v8:10315

Change-Id: I5c0081f0791ba5d27152c119a2a0d454056656d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190756
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67736}
2020-05-12 09:23:04 +00:00
Anton Bikineev
3df36990b3 cppgc: Port ObjectStartBitmap
This ports ObjectStartBitmap from Blink.

Bug: chromium:1056170
Change-Id: Ib959d9ac1c5e1e34ffa6418f77956e993c570ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181331
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67735}
2020-05-12 09:14:05 +00:00
Thibaud Michaud
b931af5dd8 [liftoff][mv] Support multi-value returns
R=clemensb@chromium.org,ahaas@chromium.org

Bug: v8:10408
Change-Id: I436416e32d814b08543aa2dffbcf8464ec75923f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190423
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67734}
2020-05-12 09:04:35 +00:00
Jakob Gruber
4d53833f35 [regexp] Unconditionally get named capture in GetSubstitution
Prior to this CL we still implemented a HasProperty-GetProperty
sequence when accessing named captures in GetSubstitution. This was
briefly part of the spec (we also threw an exception when the property
was not present), but since late 2017 the GetProperty call has been
unconditional.

See https://tc39.es/ecma262/#sec-getsubstitution.

Bug: v8:10513
Change-Id: Id82c06958b0b0feffc6eede580b99ab8676a0dae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195821
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67733}
2020-05-12 08:45:05 +00:00
Marja Hölttä
bdda995338 Move helper SFIs from NativeContext to Isolate, part 4
There's no need for them to be in NativeContext.

This CL moves the rest of the Promise-related SFIs.

Bug: v8:10482
Change-Id: I7eb926be14bf44fb3cd01cb96b4769eff1c2911b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190752
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67732}
2020-05-12 08:02:59 +00:00
Georg Neis
fcd917e004 [heap] Add a comment to persistent-handles.h
R=dinfuehr@chromium.org

Bug: v8:10315
Change-Id: I595bc76907c9f0f437d460916aec804b55895376
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195822
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67731}
2020-05-12 08:01:55 +00:00
Pan, Tao
b47097d8bb [turbofan] Improve --trace-turbo-inlining
Add inlined bytecode size to candidate print, both bytecode size and
inlined bytecode size decide whether candidate to be inlined.

Change-Id: I6d659bb59819b0e9daad5289f47f329aa3ce9f7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191631
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67730}
2020-05-12 07:39:54 +00:00
Ulan Degenbaev
cf83949e47 [heap] Add a flag for measuring the impact of stack scanning in Scavenge
Change-Id: I3d5d856d86deb283173c7b6f0f302e3c4e4b67fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190755
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67729}
2020-05-12 07:24:14 +00:00
Dominik Inführ
302bfa21a6 Initialize bit field in map using relaxed store
Map::bit_field needs to be set with relaxed store. The concurrent marker
accesses the has_prototype_slot bit in Map::bit_field to calculate
header size.

Bug: v8:10315
Change-Id: Ie7ebb9316b8c703adfddf10df25949b872ce0c8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194012
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67728}
2020-05-12 07:19:34 +00:00
Ulan Degenbaev
e43dfd7f02 [perfetto,heap] Fix the order of GC trace event categories
This changes "v8[.gc],devtools.timeline" to "devtools.timeline,v8[.gc"
in some of the GC trace events because perfetto requires all categories
to be predefined.

Change-Id: I0e9a91c826f4e620f4946a1a96713aa2b45da26f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193591
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67727}
2020-05-12 06:45:54 +00:00
Milad Farazmand
4e1bf2bc92 Skip InterpreterWithNativeStack on jitless mode
As discussed under https://crrev.com/c/1981505,
Test requires an executable CODE_SPACE and is thus incompatible with
jitless mode.

Change-Id: Icddad50a3484f0cfc5fb4abd7175058d50bc06d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193911
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67726}
2020-05-12 05:27:34 +00:00
v8-ci-autoroll-builder
f3a0838e7f Update V8 DEPS.
Rolling v8/build: 10edae4..1b904cc

Rolling v8/third_party/aemu-linux-x64: fPXztkM0sEne8uTSiAXBgjYK_46aVSqohP1kVE4u-u8C..5LzaFiFYMxwWXcgus5JjF74yr90M5oz9IMo29pTdoLgC

Rolling v8/third_party/android_platform: 2244b5e..716366f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4ca83c7..e9a8d37

Rolling v8/third_party/depot_tools: aaf5669..454f4ba

Rolling v8/third_party/googletest/src: e3f0319..a09ea70

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ic8d837b9b9d623b938e085045f35a0c558bb9794
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2195125
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#67725}
2020-05-12 03:48:54 +00:00
Shu-yu Guo
df8b8117a9 Add use counter for var redeclarations of catch bindings
Bug: v8:10516
Change-Id: I0a75b32ca4b90dc5a6c2f2f3ec66b183dc3ff99e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191411
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67724}
2020-05-11 22:50:24 +00:00
Ng Zhi An
9d825428b1 [clang-tidy] Make deleted constructor public
Making them private was a way to hide the constructor, we can
explicitly delete them, which give a better compilation error message as
well.

Also see: https://stackoverflow.com/q/55205874

Bug: v8:10488
Change-Id: Ic08acf0f9eb16bd2e90c3a707036befe7c9d193c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191866
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67723}
2020-05-11 21:22:24 +00:00
Ng Zhi An
add6623179 [clang-tidy] Use explicit default and override.
See
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-equals-default.html
and
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-override.html.

Also see
https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: Id377cab4db7ff211e800b2078ab91c3deb9a1b21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2191350
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67722}
2020-05-11 19:38:53 +00:00
Ng Zhi An
5d1392b66b [wasm-simd][ia32] Implement f32x4 f64x2 pmin pmax
Same implementation as the one for x64 in https://crrev.com/c/2186630.

Bug: v8:10501
Change-Id: If2b6c0fdc649afba3449d9579452cf7047a55a54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188556
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67721}
2020-05-11 18:16:39 +00:00
Shu-yu Guo
131fa2c911 Revert "[wasm][debug] Fix tier down for multiple isolates"
This reverts commit 902f48bdda.

Reason for revert: Made TSAN unhappy: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/9480

Original change's description:
> [wasm][debug] Fix tier down for multiple isolates
> 
> If multiple isolates are using the same module, we need to keep it
> tiered down as long as any isolate still has a debugger open.
> Also, we cannot short-cut the {NativeModule::TierDown} method, since the
> previously triggered tier down might not have finished yet.
> For now, each isolate starts an independent tier down (i.e. a full
> recompilation). We could optimize this later by skipping functions that
> are already tiered down, or are already scheduled for tier down, but we
> still need to wait for tier-down to finish on each isolate.
> 
> R=​thibaudm@chromium.org
> 
> Bug: v8:10359
> Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67716}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: Ibf650e8b6143471b44f2822c1737e7de5f8bdb20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2194372
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67720}
2020-05-11 17:31:51 +00:00
Seth Brenith
e769398540 [torque][cleanup] Simplify some Torque-defined classes
This CL is pretty mechanical; I just iterated through some Torque
classes making the following changes:

- Use @generateCppClass if it seems easy to
- Use @generatePrint if the existing printer doesn't do anything special
- Fix up any imprecise field types

It also includes two minor changes to implementation-visitor:

- Add a new -inl.h file with the things needed for
  torque-generated/class-definitions-tq.cc so we don't need to keep
  changing the compiler when we add @generateCppClass.
- Avoid emitting incorrect accessors for ExternalPointers. This isn't
  strictly necessary for correctness, as the accessors defined in C++
  already hide the ones inherited from generated code, but it makes me
  feel safer.

Change-Id: I4d5a8ba6f86ebff57a0d147619212a3993b087c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185824
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#67719}
2020-05-11 17:18:59 +00:00
Ng Zhi An
2d2b45cdfc [clang-tidy] Add override to overridden member functions
See
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-override.html
for more on this warning.

Bug: v8:10488
Change-Id: Ifa9443609fa30fa2d8f9fb9ed00ce9353fa9aa49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2189910
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67718}
2020-05-11 16:59:39 +00:00
Igor Sheludko
ae6c58c26d [ic] Fix stores to holey elements
... when the element is read-only in one of the prototypes:
* the length should not be updated,
* in strict mode the store operation should throw TypeError.

Bug: chromium:1055138
Change-Id: I7fc08e22c83f8a9848053cfe20851dc1b82f0e3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172090
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67717}
2020-05-11 16:42:19 +00:00
Clemens Backes
902f48bdda [wasm][debug] Fix tier down for multiple isolates
If multiple isolates are using the same module, we need to keep it
tiered down as long as any isolate still has a debugger open.
Also, we cannot short-cut the {NativeModule::TierDown} method, since the
previously triggered tier down might not have finished yet.
For now, each isolate starts an independent tier down (i.e. a full
recompilation). We could optimize this later by skipping functions that
are already tiered down, or are already scheduled for tier down, but we
still need to wait for tier-down to finish on each isolate.

R=thibaudm@chromium.org

Bug: v8:10359
Change-Id: I7ea6a6f5d3977e48718ac5bc94f9831541f6173f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190758
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67716}
2020-05-11 16:30:48 +00:00
Santiago Aboy Solanes
c36e959137 [compiler] Push up code to revisit uses in in-place replacements
If a node is reduced in-place (i.e not replaced by another node) we
check its inputs, and if we Recurse on at least one input we return
early. If this happens, we weren't revisiting its uses.

This CL changes this since we could have been missing revisiting of some
uses.

Change-Id: I7683a0747cec38484a047c6032980b5676b2d886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174505
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67715}
2020-05-11 16:02:09 +00:00
Jakob Kummerow
ccb7b42697 [wasm-gc] Implement array.get/array.set
With bounds checks, null checks, and a test case.

Bug: v8:7748
Change-Id: I9e7d68ecd883bd0279f22d11c1dc73cc8716a4cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192659
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67714}
2020-05-11 15:57:43 +00:00
Michael Lippautz
d65ea662c5 cppgc: Allocation cleanups
Bug: chromium:1056170
Change-Id: I99d073e268f5779f0985d6197432c50036060b60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192663
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67713}
2020-05-11 15:50:28 +00:00
Manos Koukoutos
6a6c151dda [wasm-gc] Implement br_on_null
Add br_on_null opcode, encoding, decoding, and elementary tests.

Bug: v8:7748
Change-Id: Id771ea7f57694e1c1bffc83c4232132bf9ad9dbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190424
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67712}
2020-05-11 15:49:23 +00:00
Santiago Aboy Solanes
1a6fe2a745 [compiler][heap] Update IsInConstantPool for Arm64
It will now return true for 32-bit constants as well.

When enabling this, two errors popped up: one in dissassembler where
we might have null hosts, and one in remembered set where we should be
compressing the address before storing.

As a drive-by: make ppc use full objects until their pointer compression
implementation is fully done.

Bug: v8:7703
Change-Id: I70f05f952d4e1305fe1fe030755f01f74ea5e5dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187622
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67711}
2020-05-11 14:28:29 +00:00