Commit Graph

30804 Commits

Author SHA1 Message Date
Michael Lippautz
881fc0496c [cppgc, cppgc-js] Implement GC on allocation failure
So far Oilpan garbage collection was only ever triggered via growing
strategies in either V8 or stand-alone heap growing. This CL
implements a fallback for GC on allocation.

- Stand-alone implementation will defer to GCInvoker which is aware of
  stack support.
- CppHeap implementation will just trigger a full V8 GC.

Bug: chromium:1352649
Change-Id: If92f705b4e272290ca7022864fd7b90f0fcb809e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865148
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82844}
2022-08-30 19:36:18 +00:00
snek
6229eee365 [fastcall] fix options.data representation
The representation of `options.data` was previously refactored to
`v8::Value` when removing `v8::ApiObject`, but this is invalid for a
number of reasons (SMIs, v8::Value being a ZST, etc). To fix this, it
has been changed to `Local<Value>`, which also matches the
representation used for other fastcall parameters.

Bug: chromium:1052746
Change-Id: Ia4450bf3d908d4e1b7a85d6bd7ab45ea5f5f08f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3844662
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82843}
2022-08-30 19:35:14 +00:00
Matthias Liedtke
ad6b1249bb [fuzzer][wasm-gc] Fix fuzzer for array-len without type immediate
Fix for 75391be247.
The fuzzer should not generate type immediates for the new array len
opcode. As the old opcode was renamed in C++, the fuzzer switched to the
new opcode automatically.

Bug: v8:7748
Change-Id: Ife2d420e8ce5486f683f00bfff168f47745a86d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866171
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82842}
2022-08-30 19:34:11 +00:00
Jakob Kummerow
5578b13602 [wasm-gc][test] Fix test (after in-flight CL collision)
No-Try: True
No-Tree-Checks: True
Change-Id: Id63d073abaff59f975883f95870704ea6d55ac0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866172
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82841}
2022-08-30 18:28:15 +00:00
Feng Yu
061e1edfca [test] Fix wrong test names
Test names should be separated by "." but not "/". This CL fixes all
test names which are separated by "."

Bug: v8:13240
Change-Id: I4d97b0cc4b647f28cc2af9685c35b45b7d4561e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864190
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82840}
2022-08-30 18:01:58 +00:00
Jakob Kummerow
6168782925 [wasm-gc] call_ref: consume a type immediate
Per https://github.com/WebAssembly/function-references/pull/76,
call_ref and return_call_ref should consume type immediates specifying
the signature of the funcref. This is a breaking change.

To ease the migration, this patch introduces a temporary alternative
binary encoding for call_ref:
- 0x14 continues to *not* take a type immediate for now.
- 0x17 (formerly "let") is the new call_ref *with* type immediate. Module
  producers are encouraged to emit this encoding ASAP.
- After a few weeks of transitionary period, we'll update 0x14 to
  take a type immediate as well. At this point, module producers will be
  encouraged to switch back to 0x14.
- After a few more weeks of transitionary period, we'll drop 0x17 again.

We're not doing the same dance for return_call_ref because it currently
has no uses that we know of.

Bug: v8:7748,v8:9495
Change-Id: Id8d468be3949f84571efff713c937ffd1addff70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863280
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82839}
2022-08-30 17:51:49 +00:00
Feng Yu
fd9c2391fd [test] Migrate cctest/test-parsing to unittests/
- move cctest/test-parsing -> unittests/parser/parsing-unittest
- move common/{scope-test-helper, unicode-helper} to unittests/parser
  directory because these are only be used by tests in unittests/parser


Bug: v8:12781
Change-Id: Ie0fb043d5df6178bbe088d140a76f606454bbf29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855313
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82837}
2022-08-30 17:37:47 +00:00
Matthias Liedtke
b82cc92ee4 [wasm-gc] Fix table default ref value
- fix handling of undefined for non-externref tables
- add test for non-nullable ref table

Bug: v8:7748
Change-Id: I3f0f3aa68eb43208aea84cb8f21b37a539e14d26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862206
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82836}
2022-08-30 17:24:47 +00:00
Darius M
9a5776c0be [base] Implement shared mutex for Mac OS X
Bug: chromium:1355917, v8:12037
Change-Id: I5a0a19fd1abb06920f851ef04f5313e9d37dadc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855361
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82826}
2022-08-30 14:26:18 +00:00
Matthias Liedtke
75391be247 [wasm-gc] array.len: Add new opcode without type immediate
Bug: v8:7748
Change-Id: Ib5df6996583435275e9f9c8929763cb19d467d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865157
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82824}
2022-08-30 14:23:51 +00:00
Michael Achenbach
b6ccbe97dd [test] Skip test not working with gc stress
No-Tree-Checks: True
No-Try: True
Bug: v8:7700
Change-Id: I6d02e9109664ab2dfaa578c03ee0286aad56880c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863274
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82819}
2022-08-30 13:33:08 +00:00
Jakob Kummerow
40122f5c42 [wasm] Skip SIMD test on bots without SIMD hardware
Bug: chromium:1356718
No-Tree-Checks: True
No-Try: True
Change-Id: Ibe8ed82903a10406f9907939ec8704ff448768a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863272
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82818}
2022-08-30 13:10:38 +00:00
Simon Zünd
3297ccca23 [debug] Immediately step-in for 'stack check triggered' debug breaks
This CL changes debug breaks that are triggered via interrupts (i.e.
via stack check). One client of this behavior is the `Debugger.pause`
CDP method.

The problem is that when we pause so early, the JSFunction didn't have
time yet to create and push it's context. This requires special
handling in the ScopeIterator and makes an upcoming change unnecessary
complex.

Another (minor) problem is that local debug-evaluate can't change
context-allocated local variables (see changed regression bug). Since
the context is not yet created and pushed, variables are written to
the DebugEvaluateContext that goes away after the evaluation.

The solution is to mirror what `BreakOnNextFunction` does. Instead
of staying paused in the middle of the function entry, we trigger
a "step in" and pause at the first valid breakable position instead.
This ensures that the function context is already created and pushed.

Note that we do this only in case for JSFunctions. In all other cases
we keep the existing behavior and stay paused in the entry.

R=jgruber@chromium.org

Fixed: chromium:1246907
Change-Id: I0cd8ae6e049a3b55bdd44858e769682a1ca47064
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854501
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82817}
2022-08-30 12:05:58 +00:00
Jakob Linke
ed90ea5cf7 [maglev] Implement Maglev-to-Turbofan OSR
This implementation sticks closely to what Ignition-to-Turbofan (and now
Sparkplug-to-TF) does. OSR is detected in the TieringManager by having
optimized code available, without having entered it. The osr_urgency is
increased to enable OSR for increasing loop depths. When a candidate
JumpLoop backedge is reached, we call into runtime to trigger OSR
compilation.

JumpLoop also detects the availability of cached OSR'd code. When a
matching OSR code object is available, Maglev 1) deoptimizes s.t. the
unoptimized frame layout is reconstructed, and 2) delegates the actual
OSR tierup to the unoptimized tier. For purposes of 1), we add a new
DeoptimizeReason that causes a one-time eager deopt without invalidating
any code.

Drive-by: Annotate OSR for more --trace-opt output.

Todo: Refactor non-Sparkplug-specific bits of the BaselineAssembler
into a generic spot that both SP and ML can use.

Bug: v8:7700
Change-Id: I6ebab2df8b87f9f70ffb78162a3c1226ec545468
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859850
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82816}
2022-08-30 11:51:28 +00:00
Jakob Kummerow
8e069d6294 [wasm][simd] Fix SpillAdjacentFpRegisters...
...to honor the {pinned} list under all circumstances.

Drive-by: DEBUG-mode helpers to print FunctionSig and LiftoffRegList
objects to stdout.

Fixed: chromium:1356718
Change-Id: I487db12294f687790cec1d658d7a7d754f3c2f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859752
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82815}
2022-08-30 11:24:28 +00:00
Camillo
d15537cf1f [runtime] Fix relaxed memmove in TypedArray.prototype.set
If either target or source are shared buffers, use relaxed memmove.

Bug: chromium:1353555
Change-Id: Ieaad826c610b0f2f808b4061947372d851f95978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862209
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82812}
2022-08-30 09:57:50 +00:00
Simon Zünd
af62c4f0e5 [sparkplug] Allow sparkplug->ignition deopt in func entry
Adapted from https://crrev.com/c/3862264.

Add a new teardown trampoline for the case where a Sparkplug function is
deoptimized during its function entry stack check. In these cases, the
stack is in an incomplete setup state, so instead of forwarding to
interpreter re-entry, we undo the partial stack setup and forward to
the standard interpreter entry.

R=leszeks@chromium.org

Bug: chromium:1246907, chromium:1357554
Change-Id: I0795b20cdc60d3ba28bc32cd55bdf82d72f83aac
Also-by: leszeks@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865144
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82811}
2022-08-30 09:56:47 +00:00
Dominik Inführ
810a0b5ff7 [heap] Move Verify* methods out of the heap class
Methods are now defined in heap-verifier.h in the HeapVerifier class.

Bug: v8:11708
Change-Id: I13e7f1760598f3659ad6aa31082840caf2e44038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857558
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82810}
2022-08-30 09:22:27 +00:00
Simon Zünd
24ee7ed5ec [debug] Fix DCHECK when looking for the closest breakpoint
This CL adjusts a DCHECK that verifies a bytecode offset when looking
for the closest breakpoint given that offset. When we pause on
function entry via interrupt, then the offset is
kFunctionEntryBytecodeOffset (-1), which is still a valid offset.

R=jarin@chromium.org

Fixed: chromium:1357554
Change-Id: I5b25b58f02be0e605191c38e9d1d93e334664c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862265
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82805}
2022-08-30 06:03:37 +00:00
Frank Tang
87ba2e2e11 [Temporal] Sync PR 2266 add ISODateTimeWithinLimits to CreateTemporalMonthDay
PR https://github.com/tc39/proposal-temporal/pull/2266

Disallow arbitrary integers for the reference ISO year in PlainMonthDay
Spec text: https://tc39.es/proposal-temporal/#sec-temporal-createtemporalmonthday

Also add missed assertion of calling ISODateTimeWithinLimits

Bug: v8:11544
Change-Id: Idd18428f3e6e6af53c2c207652688af269746782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855703
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82804}
2022-08-30 05:54:37 +00:00
Frank Tang
f5ef68dead [Temporal] Fix TimeZone getPossibleInstantsFor
Subtract timeZone.[[OffsetNanoseconds]] from epochNanoseconds
before calling the IsValidEpochNanoseconds() for the case of
4. If timeZone.[[OffsetNanoseconds]] is not undefined

Bug: v8:11544
Change-Id: Icea2d8390a9db01054956f8c57b47dc5a88446d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855980
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82802}
2022-08-30 04:12:47 +00:00
Frank Tang
0f901f00e8 [Temporal] Sync PR 2297 change ToSecondsStringPrecision
Validate fractionalSecondDigits after truncation

https://github.com/tc39/proposal-temporal/pull/2297

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-tosecondsstringprecision

Bug: v8:11544
Change-Id: I648f087f4fa2cfd6245c7946cfa625a7c5e3b3b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855702
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82801}
2022-08-30 04:01:49 +00:00
Frank Tang
f03d02e23f [Temporal] Sync PR 2261
Disallow negative day lengths as round result

PR https://github.com/tc39/proposal-temporal/pull/2261

Also fix the missing extraValues=<"day"> to GetTemporalUnit

Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.zoneddatetime.prototype.round

Bug: v8:11544
Change-Id: Ibc963d5d93dde30f29df707ef3b3ecea99cd4a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855704
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82798}
2022-08-30 01:20:37 +00:00
Frank Tang
f54b1eb461 [Temporal] Sync PR 2225 Consistently check overflow options
https://github.com/tc39/proposal-temporal/pull/2225

Call ToTemporalOverflow in ToTemporalDate and ToTemporalDateTime

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-totemporaldate
https://tc39.es/proposal-temporal/#sec-temporal-totemporaldatetime

Bug: v8:11544
Change-Id: I3d2846e2efc214ea5385be58cb49e319369b5900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855705
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82797}
2022-08-30 01:14:27 +00:00
Michael Lippautz
76d61b2195 [base] Unify wrappers for malloc and friends
- Unify AIX and Starboard wrapping code.
- Move all wrapping code into `platform/memory.h`

Change-Id: I42c04dd1e982edff2db7bbfa9eecdbdd67f40714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858226
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82794}
2022-08-29 19:03:46 +00:00
Jakob Kummerow
fac19a2413 [stringrefs] Create non-nullable references to strings/views
The string and view creating instructions string.new*, string.const,
string.concat, and string.as_* should all return non-nullable reference
types.

See https://github.com/WebAssembly/stringref/issues/42

Bug: v8:12868
Change-Id: I2a39aadd339a49b4aa2d145492cba85e6ab14b71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858236
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82792}
2022-08-29 16:35:26 +00:00
Feng Yu
ccb86fc503 [test] Migrate rest cctest/compiler/test-run-js* to unittests/
Bug: v8:12781
Change-Id: I19de9ab655e3e4b7ad45cde7f9bc659741d856a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858928
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82786}
2022-08-29 15:00:45 +00:00
Thibaud Michaud
c2d46fe966 [wasm] Keep call_indirect index on the stack
When a call_indirect fails because of a signature mismatch or a null
target, the value stack generated for debug doesn't contain the target
index anymore, which makes it hard for users to understand the error.

Keep the index on the stack, and ensure that the index is not modified
until we generate the debug info. Previously, the index was shifted
in-place to compute various offsets. Instead, use scaled loads to
compute the offset directly in the load instruction.

R=clemensb@chromium.org

Bug: chromium:1350384
Change-Id: Iad5359ec80deef25a69ac119119a0b5ca559a336
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854309
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82780}
2022-08-29 14:04:58 +00:00
Jakob Linke
972b01f9b5 [maglev] Fix test flake due to racing the compiler thread
Bump the limit to give TF enough time to finish compiling. The
`keep_going` limit is fairly ugly, but it lets us test the real
(=concurrent) pipeline.

Bug: v8:7700
Fixed: v8:13176
Change-Id: Iba97111d752c8a4894e99ab57e8f42abcc8c29bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862204
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82778}
2022-08-29 13:58:48 +00:00
Clemens Backes
c497701814 [wasm] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jkummerow@chromium.org

Bug: v8:12887
Change-Id: Ieccf35730f69bcefa3740227f15e05686080d122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843517
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82774}
2022-08-29 12:43:46 +00:00
Thibaud Michaud
a72a4db7cd [wasm] Allow any return count for JSPI export
R=clemensb@chromium.org

Bug: v8:12191, v8:13231
Change-Id: I0104f54ce5cdc022f22800d4aeec68aac481219d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856573
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82769}
2022-08-29 11:03:05 +00:00
Samuel Groß
5c152a0f7b [sandbox] Remove a number of native allocations from WasmInstanceObject
Those are not safe in combination with the sandbox as they are stored as
raw pointers. Instead of turning them into ExternalPointers (which use
the ExternalPointerTable indirection), this CL simply turns them into
on-heap ByteArrays which is cheaper and should be unproblematic
security-wise as their contents can be corrupted without causing memory
corruption outside the sandbox address space (just incorrect behaviour
and/or further memory corruption *inside* the sandbox, which is fine).

Bug: chromium:1335046
Change-Id: Id2b901a58b7d6c91dd7596fca553d7c76cbc61ec
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845636
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82765}
2022-08-29 09:53:35 +00:00
Frank Tang
e3af299ce0 [test262] Roll test262
adba7dfd9c..8dcc0e19

Also add "Intl402" (notice the uppercase I) to the excluded dirs for noi18n
because of https://github.com/tc39/test262/pull/3638

Bug: v8:7834
Change-Id: Ibd53c7917a4fd8d1b27989e3c040c5ab47a66e50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857450
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82759}
2022-08-27 05:23:07 +00:00
Frank Tang
af04e3c3c1 [Temporal] Sync PR 2269 change toString by calling MaybeFormatCalendarAnnotation
Sync https://github.com/tc39/proposal-temporal/pull/2269
Add AO MaybeFormatCalendarAnnotation
Use MaybeFormatCalendarAnnotation in
TemporalDateToString
TemporalDateTimeToString
TemporalZonedDateTimeToString

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-maybeformatcalendarannotation
https://tc39.es/proposal-temporal/#sec-temporal-temporaldatetostring
https://tc39.es/proposal-temporal/#sec-temporal-temporaldatetimetostring
https://tc39.es/proposal-temporal/#sec-temporal-temporalzoneddatetimetostring

Bug: v8:11544
Change-Id: Ia361b1cba1b2e9db77125a8888054cfd89626611
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855699
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82758}
2022-08-27 03:05:28 +00:00
Shu-yu Guo
31e17fe62d [shared-struct, api] Support shared isolates in API
Currently the ability to create shared isolates is partially exposed to
API. Instead of fully exposing it, this CL makes shared isolate and
shared heap handling transparent to the embedder.

If a flag that requires the shared heap is true (currently
--shared-string-table and --harmony-struct), the first isolate created
in the process will create and attach to a process-wide shared isolate.
Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted.

Bug: v8:12547
Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82756}
2022-08-26 23:41:57 +00:00
Frank Tang
8ff03afee0 Revert "[Temporal] Use double/int32_t instead of int64_t for duration parsing"
This reverts commit a165e82ea7.

Reason for revert: SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22  

Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double instead of int64_t and int32_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}

Bug: v8:11544
Change-Id: Ia9d0a014463b00640d43b051753a554f42171c2b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858575
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82755}
2022-08-26 22:44:17 +00:00
Frank Tang
a165e82ea7 [Temporal] Use double/int32_t instead of int64_t for duration parsing
Use double instead of int64_t and int32_t in duration parsing result
so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double

Bug: v8:11544
Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82754}
2022-08-26 21:28:29 +00:00
Matthias Liedtke
ee9b0f9f02 [wasm-gc] Debugger: Provide type info for structs and arrays in tables
This change also modifies the way references are typed: Instead of
using the static type (which may be a generic type like anyref) the
actual type based on the referenced object is used.
While this is very useful for arrays and structs (and somewhat nice for
i31 not just being a number but also having some type information), it
means for non-null values that the reference type is "not nullable",
so it will show e.g. "ref $type0" although the static type  might be
"ref null $type0".

Bug: v8:7748
Change-Id: I00c3258b0da6f89ec5efffd2a963889b1f341c3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852485
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82753}
2022-08-26 14:51:20 +00:00
Matthias Liedtke
b592c968e0 [wasm-gc] Internalize JS init value in Table::grow(number, init_value)
This change follows up on 3cc931543f on which Table::grow() was missed.

Bug: v8:7748
Change-Id: I83dc4e4894354ad8c97e577da03d67a36f6d9443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858227
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82752}
2022-08-26 14:46:37 +00:00
Jakob Kummerow
9c445c7c51 [wasm-gc] Fix TF scheduling of inlined call_ref sequence
For the branching control flow structure we set up for feedback-directed
inlining-capable `call_ref` sequences, we have to manually take care of
the "instance cache nodes" in the SSA environment.

Drive-by: improve Runtime_WasmTierUpFunction to process type feedback,
making it usable for the included regression test.

Fixed: v8:13230
Change-Id: I06a449ad73af90b96d0cc15c3cb9a0e4bed87be6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859326
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82749}
2022-08-26 13:56:36 +00:00
Leszek Swirski
453abb7c9b [maglev] Re-enable maglev code on the FBV
Change the has-optimized FeedbackVector bit to two bits, one for Maglev
and one for Turbofan. Ignition and Sparkplug can check both bits, while
Maglev will only check the Turbofan one.

Bug: v8:7700
Change-Id: I95f6e4326180cac02f127a97438f960950f09d82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856569
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82748}
2022-08-26 13:53:57 +00:00
Matthias Liedtke
8600d58092 [wasm-gc] Rename array.new_fixed_static -> array.new_fixed
This is a left-over of the removal of the dynamic (rtt-based)
variants.

Bug: v8:7748
Change-Id: I93bb74a72543a5697f1102d283c7d65c6be99466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856577
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82746}
2022-08-26 13:11:38 +00:00
Feng Yu
1bd68aa9e1 [test] Migrate cctest/compiler/test-run-jsops to unittests/
Bug: v8:12781
Change-Id: I0c1234c5a649f3533eebbab89f7fe16140327d59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858927
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82743}
2022-08-26 11:07:32 +00:00
Qifan Pan
6fb86b9788 [turbofan] Support BigIntDivide
Bug: v8:9407
Change-Id: I29f8f5ec68f09e8631b59d3a6a2926bab3b3bcd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845638
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82741}
2022-08-26 08:51:36 +00:00
Frank Tang
4b14efad61 [Temporal] Add Calendar.prototype.weekOfYear
Also add AO: ToISOWeekOfYear

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.calendar.prototype.weekofyear
https://tc39.es/proposal-temporal/#sec-temporal-toisoweekofyear

Note- this is only the non-intl version. intl version in
https://tc39.es/proposal-temporal/#sup-temporal.calendar.prototype.weekofyear
will be implemented in later cl.

PR https://github.com/tc39/proposal-temporal/pull/2378

Sync spec text for ToISODayOfYear and ToISODayOfWeek
in the comment and add DCHECK for assertion.


Bug: v8:11544
Change-Id: If07ff76551707d17d125e41bc624c12da6efa45a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3531567
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82733}
2022-08-26 02:18:06 +00:00
Patrick Thier
348adb07ca Prepare StringForwardingTable for external strings
- Move StringForwardingTable implementation to own compilation unit.
- Refactoring preparing for layout change (Introduce explicit record
  class to make transition from contiguous Tagged_t fields to a
  heterogeneous record layout easier).
- Replace RootVisitor pattern for transitioning/cleanup during GC with
  callback.
- Minor cleanups.

Bug: v8:12957
Change-Id: Iae343393f470130eac0c54148a1303b67fb95aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845635
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82730}
2022-08-25 15:17:49 +00:00
Feng Yu
64ca6cc4f0 [test] Migrate cctest/test-temporal-parser to unittests/
Bug: v8:12781
Change-Id: I281047a0606b8f709a930998ef7e7a53f780f59d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840146
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82725}
2022-08-25 13:01:48 +00:00
Feng Yu
c6a94381a9 Reland "[test] Migrate cctest/test-inspector to unittests/"
This is a reland of commit 437b311a18

Original change's description:
> [test] Migrate cctest/test-inspector to unittests/
>
> test-inspector.cc -> inspector-unittest.cc
>
> Bug: v8:12781
> Change-Id: I37d2bc2d023ffd91b94d5a09cdbfe4a6e22fecf1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813062
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82512}

Bug: v8:12781
Change-Id: Iece26e724f21d459dd1e96423d3aa72f15c5424e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837705
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82724}
2022-08-25 12:49:54 +00:00
Leszek Swirski
a25aa43e84 [cleanup] Remove --stress-opt
--stress-opt never did what we wanted it to; it ran its runs in
different contexts (therefore not able to share feedback across runs),
and even if it didn't, each run would create new closures for any
defined closures, so we'd still more than likely end up poly- or
mega-morphic.

Fuzzers cover this use case better than --stress-opt ever did, so now
it's just using precious bot time. We can get rid of it.

Bug: v8:10386
Change-Id: Ibbb9207d887b4b1dc4ec9093858d477c0f95eb37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803228
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82722}
2022-08-25 12:26:24 +00:00
Al Muthanna Athamina
ee58c57b9c Skip unpredictable tests on predictable builders
Bug: v8:13234
No-Try: true
Change-Id: I63a5402ce5e4419972e0d6728c7615a341398648
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855450
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82720}
2022-08-25 11:29:55 +00:00