fctidz saturates the output in case of overflow. This cl
makes the behaviour similar to s390 and sets the output to zero.
Change-Id: Ic043625c46147eb02a65dfdbbcd883a067ba6981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527783
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71061}
The arm implementation made the assumption that the {lhs} and {dst}
registers are either the same, or there is no overlap. This assumption
does not hold.
ia32 on the other hand has a lot of complicated logic (and unnecessary
code generation) for different cases of overlap.
This CL fixes the arm issue *and* simplifies the ia32 logic by making
the arm assumption hold, and using it to eliminate special handling on
ia32.
R=thibaudm@chromium.org
Bug: chromium:1146861
Change-Id: I8753c2ed70349e735c03293130c899c0c8a3a671
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526388
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71060}
For the fuzzer it's unwise to exit on uncaught exceptions, as this
terminates the whole fuzzing process. Just ignore those exceptions
instead.
Drive-by: Fix a typo.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: Ided1c0f35840c158f157acd8c0bb1c12ecf8a37f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526386
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71059}
The function was using an non-atomic marking state to check the color
of the object. This is incorrect because concurrent marking may be
running while the linear allocation area is freed.
Bug: chromium:1139165
Change-Id: I20ef22908dfd8dcd75858707e884e87658dcb1cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526391
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71057}
Instead of passing two bools to the {TaskRunner} constructor, pass to
enums. This makes the semantics more clear in the caller.
In the fuzzer, we actually *do not* want to catch exceptions. This
semantic fix will be done in a follow-up CL, such that this CL is a pure
refactoring.
R=szuend@chromium.org
Bug: v8:11074
Change-Id: I7f6df3a3f344524deb08db10b9317a6734b7ea42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526385
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71056}
This adds a guard for a forwarding address in the debug mode checks
of FixStaleLeftTrimmedHandlesVisitor::FixHandle.
Bug: chromium:1146601
Change-Id: I6681352a91177c1d138a409d17e5d170bd43f11b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526389
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71055}
Joining the thread from the watchdog is problematic, since e.g.
{pthread_join} (the implementation of {Thread::Join} on POSIX systems)
has undefined behaviour if multiple threads try to join at the same
time. In practice, this leads to deadlocks.
Thus implement termination by just calling {TaskRunner::Terminate}, but
not {TaskRunner::Join}. This fixes the deadlocks in the inspector
fuzzer.
The inspector test binary is fixed simarly, even though there it seems
to not cause problems so far.
In both files, the {Terminate} function is inlined into callers because
it's only a single line now, with one to two users.
Also, replace the single fuzzer test (which is invalid javascript) by
two tests: One called "invalid" explicitly, still with invalid
javascript, and one empty file, which is valid input. That one
reproduced the deadlock.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I8fb98b0cdbf3ceff6af6849397e5da5a4e9acd3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526384
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71054}
As part of an effort to prepare the Recorder interface for general use,
we had to make some changes to the way the existing Wasm Events are
being used. In particular,
- it is more fitting to use a ElapsedTimer than a TimedScope to
measure the durations in src/wasm/module-[decoder|instantiate].cc
- we want to rename the wall_clock_time_in_us field to duration_in_us
for clarity.
Because these Wasm events are already being instantiated in chromium,
renaming the field requires a two-step change. This is the first of
those changes.
Change-Id: If1b2990f7645616a59fc21d07ac10bf00701c0e5
Bug: v8:11109
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2518619
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71053}
Using KeyAccumulator::GetKeys directly enables fast-paths by checking
if the enum-cache is set.
Drive-by-fix:
- Reduce public interface of KeyAccumulator to prevent these
performance issues in the future.
- Fix value-serializer.cc includes
Change-Id: I2cc7b3bf9d1e42e699829427163ecbdee92c9007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520898
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71050}
This is a reland of 26f10ecd95
Change compared to original CL:
The deserializer changes StrongDescriptorArray to DescriptorArray.
Since this CL uses separate BodyDescriptors for the two kinds of
descriptor arrays, this caused a DCHECK failure when the deserializer
changes the map while the object is visited from the concurrent marking
thread. Fix this by disabling the corresponding checks.
Original change's description:
> [torque] allow exported classes with custom C++ class
>
> Introduce a new annotation @customCppClass that can be used for
> non-extern @export classes, that is, generate everything, remove
> boilerplate from all the internal lists and switches, but allow
> a custom C++ class, which in turn also allows overwriting the generated
> print and verify functions.
>
> Port DescriptorArray and StrongDescriptorArray as an example.
>
> Bug: v8:7793
> Change-Id: I744e52fb4102ac49c0097f1c95bb17d301975bf0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489687
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70989}
Bug: v8:7793
Change-Id: I7505fb111896991d16d7d113704c8c3676669f34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526383
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71048}
When setting optimized code on feedback vector we had a DCHECK that
ensured the optimization tier is kNone or it is kMidTier and we are
installing TurboFan code. While this holds usually, this fails in
few corner cases like:
1. Trigger a TF concurrent compilation
2. Create a new closure with --always-opt, which triggers a TF
concurrent compilation and installs optimized code. We set
OptimizationTier to kTopTier
3. Optimized code gets deoptimized / GC clears the optimized code, but
we haven't healed the optimized code slot / optimization tier yet.
4. Concurrent compilation finishes and tries to install optimized code
but the optimization tier is still set to kTopTier.
This cl fixes the DCHECK by actually checking we are not overwriting
valid optimized code except for tiering up.
Drive by fixes: Also print optimization tier with feedback vector and
print when marking a function for optimization with --always-opt.
Bug: v8:11101, v8:9684
Change-Id: Icad673ea01bb225f8b05e727a56f890af7e86514
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520900
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71047}
This is a major contributor to compilation (call path is
ExecuteCompilationUnits -> TopTierFinished -> SerializeNativeModule).
On Earth, it's ~200ms on my machine. Hence make this pause visible in
traces.
R=ahaas@chromium.org
Change-Id: I26ff97d531647fa7038f14325e8ab8ae3dff24e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520909
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71046}
Asan complains about the alloc-dealloc-mismatch because the startup data
is allocated via "new[]" in snapshot.cc and deallocated via "delete" in
inspector-test.cc.
A more failure-proof fix would be to have {StartupData} manage the
lifetime of the contained char*, but since this is in an API object, the
refactoring might be more involved. Since other users also just dealloc
explicitly via "delete[]", this CL just fixes the issue in
inspector-test.cc.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Change-Id: I84438b2f12ce8eb6b653d4861e899a2f003e1227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523200
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71045}
This is a tentative fix for the linked issue. The CL enables all
int64/uint64 tests for fast API calls on all platforms.
Bug: chromium:1144751
Change-Id: Ie892ad625257d3b0e0bdd9ac24261b3cbeaaba62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520902
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71043}
Replace by explicitly deleting the copy constructor and copy assignment
operator.
R=zhin@chromium.org
Bug: v8:11074
Change-Id: Ie36f75619243728e99dd6c7117a97f655d7c00f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523313
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71041}
The {ToV8Vector} method returns a {i::Vector} pointing to heap-allocated
memory, but that memory was never free'd. Since we already have a
{ToVector} method returning a {std::vector}, this CL switches to that
one instead.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Change-Id: I8ee0177f7dcfe2ecb435e684674b0cda6f613658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523198
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71040}
If a long branch doesn't use delay slot, then when optimizing it
to a regular branch, the instruction in delay slot should be set
to nop.
Change-Id: Id3015bc0c562725258705a8bc6647c4011d96c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524416
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71039}
Moves CallStubR to be private and drop the return_count argument from
CallStub and its callchain, and instead use the GetReturnCount on the
call descriptor.
Also removes unused Retain function from code-assembler.
BUG=v8:6949,v8:11074
Change-Id: Ic0ebc72f84c2eab156c545af56237d4c46548c05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523324
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71038}
Extend gen-postmortem-metadata.py with selected register values.
This information is not present in DWARF debuginfo. Exposing it
enables detailed analysis of V8 JS execution by observing binary-level
execution:
https://robert.ocallahan.org/2020/05/omniscient-js-debugging-in-pernosco.html
Bug: v8:11106
Change-Id: I3bde7dd07ac5ba6ff00d4a5fa9b635871507a866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2518957
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71035}
In a few places we incorrectly assumed to know the instance type of the
heap object. In particular, in JSCallReducer::ReduceDataViewAccess,
doing map inference on the receiver and determining that all maps are
JSDataView maps does not guarantee that the receiver is a JSDataView
constant because we might deopt before getting to the data view
operation.
Bug: chromium:1146652
Change-Id: I1611308c3ebe0d33fa6b0cf0938d777b4e6449ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524440
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71034}
There was already a method to clobber/thrash caller-saved registers.
Enhance it to also clobber vfp registers, and call this function after
each runtime call.
Bug: v8:11067
Change-Id: Id867f9a27161102ecdd239c9d52b61b5c0b303d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2522733
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71033}
This reverts commit 3b6f7802e5.
Reason for revert: Build failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20full%20debug/14666
Original change's description:
> [cleanup] Replace more uses of Min/Max by std::min/max
>
> Bug: v8:11074
> Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71022}
TBR=neis@chromium.org,zhin@chromium.org,mslekova@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:11074
Change-Id: Id6c50bd9ba4132e83f4eecec9e23c6c15e2d787b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524412
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71026}
Clean up src/wasm and test/
Bug: v8:11074
Change-Id: I1b3d3475a0fbfafe75bb49acfd851f8bd5af5182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519183
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71025}
Integer splats (especially for sizes < 32-bits) does not directly
translate to a single instruction on ia32. We can do better for special
values, like 0, which can be lowered to `eor dst dst`. We do this check
in the instruction selector, and emit a special opcode kX64S128Zero.
Also add a unittest to verify this optimization, and necessary
raw-assembler methods for the test.
Bug: v8:11093
Change-Id: Icfebef06a5ecf49619ea54f31a5296094fb53ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516300
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71024}
Bug: v8:11074
Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71022}
Rolling v8/build: dc348c1..248dc44
Rolling v8/third_party/aemu-linux-x64: E6ldKaGAf4ys3koLahqmkG71_M2ITgf9doIhan2oKMEC..a1yTNBS-h5GEUTwaKTzyZcC4sisB88wYX7_tvAkzSP0C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b8b4d61..434681c
Rolling v8/third_party/depot_tools: 91bb750..b674f8a
Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb
Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb
Rolling v8/tools/luci-go: git_revision:1a022d3a4c50be4207ee93451255d71896416596..git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb
TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I4c6f8d1531c267b63ea3f8f3161bbf02bceeef01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2522296
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71021}
NEONModifiedImmShiftLsl and NEONModifiedImmShiftMsl will also have a
DCHECK(is_uint8(imm)), however by that time we may have truncated the
uint64_t integer with a static_cast<int>.
Bug: v8:11033
Change-Id: Id0786e6525e385294748af6c77bdee4ca6db106c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520901
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#71019}
StringAdd_CheckNone is called from Turbofan with an empty context. This
builtin needs context when calling the StringAdd runtime function which
could potentially throw. Turbofan does bounds check before calling this
builtin so it is safe to pass an empty context. To enable TNodification
of this builtin this cl adds a new type that either accepts a context
or an empty context (Smi::Zero) and updates the builtin to use this new
type.
Bug: v8:6949, v8:11074
Change-Id: Iff12b391ff95109649f2c81fe081e277850f60d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523205
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71018}
This seems to be the convention in other trace events.
R=ahaas@chromium.org
Bug: v8:11074
Change-Id: Icf7be6ba3d52cac8c77dec787f294a3edee44d20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521590
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71017}
The test started failing on win64 ASan after a DEPS roll. Increase the
stack size to mitigate this.
Also, add a comment so say why we are restricting the stack size in the
first place.
R=thibaudm@chromium.orgCC=ahaas@chromium.org
Bug: v8:11120
Cq-Include-Trybots: luci.v8.try:v8_win64_asan_rel_ng
Change-Id: If0c084653687aef95acee8caa6712a1c872d2bca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523203
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71016}
Replace by explicitly deleted copy constructor and assignment operator
instead.
Also add a note to the macros that they are deprecated. Only marked
DISALLOW_ASSIGN and DISALLOW_COPY_AND_ASSIGN for now. Others are less
often used, and can probably be removed in a single CL later.
R=ahaas@chromium.org
Bug: v8:11074
Change-Id: I3825bfbbc24b0698f3aef671189fbff586dd5d23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523202
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71015}
Both to and from kind are PACKED_DOUBLE_ELEMENTS (constant defined above)
so we can safely inline and TNodify this call.
Bug: v8:6949, v8:11074
Change-Id: Ia9d5e162fdd833dcc4589bc87f6feb18947d2d2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521154
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71012}
