Commit Graph

79740 Commits

Author SHA1 Message Date
Marja Hölttä
806ae48bb5 [cctest] Disable an incorrect test
Bug: v8:13646
Change-Id: I04b1016b80c4bcbdb0cdd2552abdc6c3c9c543d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147608
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85148}
2023-01-09 15:01:53 +00:00
Clemens Backes
8fe57bf641 [x64] Make {Assembler::GrowBuffer} preserve most registers
This makes many callers of {GrowBuffer} a lot slimmer, by avoiding the
need to push and pop all values in otherwise caller-saved registers.
E.g. {emit_mov(Register, Operand)} was measured to be ~2x faster (from
2.3% of Liftoff compilation time to 1.2%).

R=bikineev@chromium.org
CC=dlehmann@chromium.org

Bug: v8:13565
Change-Id: I681747a491548adf1374187cd9f37520c153ef1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127230
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85147}
2023-01-09 14:33:52 +00:00
Michael Lippautz
0d89b699eb [cctest] Remove unnecessary deprecation ignore scope
The caller was rewritten but the ignore scope was left behind.

Bug: v8:12819
Change-Id: I76c297f43587bb5bd74c62cf39e0e979271a3b7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110939
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85146}
2023-01-09 14:15:35 +00:00
Clemens Backes
b4b3fd662d Avoid one allocation in Signature::Builder
Instead of allocating the signature and the buffer separately, allocate
them in one chunk in the Zone.

R=ahaas@chromium.org

Bug: v8:13565
Change-Id: Ie6317bc695473cad667e47ad7869a07376c96631
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138268
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85145}
2023-01-09 14:13:35 +00:00
pthier
f3b8717159 Dispose external resources exactly once
This CL handles 2 issues with disposing of external string resources in
the string forwarding table:
1) Resources of unmarked strings during GCs with stack are correctly
disposed (these were previously leaking).
2) Resources of unmarked strings during GCs without stack are disposed
at most once. Previously resources could be disposed multiple times if
the same resource had multiple entries in the string forwarding table.

Bug: v8:12957, chromium:1403564
Change-Id: I809ec1ada1ee813d7277e85ade9aa1e3e95a80f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136725
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85144}
2023-01-09 14:03:08 +00:00
Nico Hartmann
88eac4b870 [turboshaft] Basic TypedOptimization and new DeadCodeElimination
This CL introduces typed optimizations for Turboshaft, which replaces all operations that produce a constant output (and don't have side effects) by the corresponding constant.

In addition, a new pass for eliminating dead code is introduced that cannot only remove dead operations, but also rewrite branches that are not required into GotoOps.

Drive-by: Introduce -0 as a "special value" for Float32Type and Float64Type to fix a few issues where 0 and -0 have been treated as identical.

Bug: v8:12783
Change-Id: Ia1450ad7a9abb5d58c7d753596ed08a33a73184f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110993
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85143}
2023-01-09 13:23:56 +00:00
Michael Lippautz
322e42bf13 [heap] Remove Push/Pop for EmbedderHeapTracer wrapper object
EmbedderHeapTracer has been removed, making the separate main-thread
worklist obsolete.

Bug: v8:13207
Change-Id: I3f92457a73d6664b28646247548b78ade491be32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136716
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85142}
2023-01-09 12:12:02 +00:00
Jakob Linke
82e8025d69 [builtins] Remove read-only CodeDataContainer optimization
Since only applies to builds without v8_enable_external_code_space and
only saves minimal snapshot size it doesn't seem worth keeping around.

Bug: v8:7464
Change-Id: I81b520235c6174abc340cb74825e6cc86b2b8958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136722
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85141}
2023-01-09 11:19:23 +00:00
Victor Gomes
7b9fa44c98 [maglev] Fix ProtoApply with spread call
By propagating the call arguments mode.

Fixed: chromium:1405092
Bug: v8:7700
Change-Id: I6da52fedea1d5a0083d328fdbf39708f956b97cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138261
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85140}
2023-01-09 09:31:45 +00:00
pthier
027afd4273 [maglev][arm64] Port CheckJSObjectElementsBounds
Bug: v8:7700
Change-Id: I235b0991ea813333737594096f228c980cc5af4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138266
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85139}
2023-01-09 09:20:21 +00:00
Michael Achenbach
2f4f3f9829 [gcmole] Make gcmole test more robust to unrelated code changes.
Bug: v8:13637
Change-Id: I90362d4819151465b9e476441cd662c01dd4a50a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138267
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85138}
2023-01-09 09:01:27 +00:00
Jakob Linke
302892032c [factory] Remove dead code in NewOffHeapTrampolineFor
.. and restructure a bit. The V8_EXTERNAL_CODE_SPACE case is fully
handled in the initial code section (thus dead code further down can be
removed). Also, no need to guard both through an #ifdef and an `if`.

Change-Id: Ibc56bc5922908e7a73f26a2799ac29287336cb3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136721
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85137}
2023-01-09 09:00:25 +00:00
Dominik Inführ
3172b30fe4 [execution, heap] Lock global safepoint mutex in Isolate::Deinit
This CL locks the global safepoint mutex during Isolate::Deinit when
the shared heap is used. This prevents any shared GC between starting
isolate tear down and detaching from the shared heap isolate.

Not doing that resulted in deadlocks when the isolate's main thread
was blocking until background tasks finished while still being in
the running state.

It also solves the heap verification failures when one client isolate
stopped right before detaching from the shared heap isolate for a
shared GC. In this case the external string table was already
finalized. This CL ensures that there is no GC in-between these two
operations anymore.

Bug: v8:13267, chromium:1401078
Change-Id: I131bcf1506eb8d756e0092139b638fae051b902d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4120442
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85136}
2023-01-09 08:59:21 +00:00
Manos Koukoutos
0ab8a7a111 [wasm-gc][liftoff] Optimize final-type checks
This is a follow-up to crrev.com/c/v8/v8/+/4096478. Similarly to
Turbofan, we reduce type-checks for final types in Liftoff to type
identity.

Bug: v8:7748
Change-Id: I095880a7718bd2d675dd119f1f14869c97d641b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128522
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85135}
2023-01-09 08:56:51 +00:00
Darius M
521a399d35 [maglev] Temporarily disable in-heap Typed Array support
Commit 5d3e12941e
introduced support for in-heap Typed Arrays in Maglev. This is causing
a bug in the register allocator, that is taking me a while to fix. I'm
thus temporarily disabled this in-heap Typed Array support until I've
fixed the register allocator bug.

Fixed: v8:13639
Bug: v8:7700
Change-Id: Ic121bafcd22e248a5a340baec7d10a265a5a711a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146422
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85134}
2023-01-09 08:54:05 +00:00
Leszek Swirski
cebcd8c51b Revert "[flags,testrunner] Consider readonly flags for conflict detection"
This reverts commit ebd933037e.

Reason for revert: Breaks a test: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8792462319927467985/+/u/OptimizeForSize/CreateIsolateFromReadOnlySnapshot

Original change's description:
> [flags,testrunner] Consider readonly flags for conflict detection
>
> Flag conflict detection 1) bails out on incompatible flag values (e.g.
> --jitless and --turbofan) and 2) handles such bailouts transparently in
> the test runner by marking affected tests as OUTCOMES_FAIL.
>
> This CL adds full support for readonly flags to this system, together
> with required additional annotations in variants.py.
>
> Drive-by: assert proper use of v8_enable_slow_dchecks, and add
> support when dcheck_always_on is set.
> Drive-by: introduce has_maglev build variable detection based on
> v8_enable_maglev and use that for .status file annotations.
> Drive-by: protect against unintended overwrites of build variables
> in statusfile.py.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
> Bug: v8:13629,v8:10577
> Change-Id: I04de399139a0490806df8bfee7e75e2ec767b4b5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135879
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85130}

Bug: v8:13629,v8:10577
Change-Id: I0cb072c6c9f05d92894cc0af83c4d1a28df100d5
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147098
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85133}
2023-01-09 08:51:33 +00:00
Andreas Haas
b2123b6a60 [d8] Add missing call to {ResetOnProfileEndListener}
R=clemensb@chromium.org

Bug: chromium:1405157
Change-Id: I01d7b1f85034501cdf0441103f4308dcd6f7234d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138252
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85132}
2023-01-09 08:37:31 +00:00
Jaroslav Sevcik
ff2b5a6729 [inspector] Avoid sliding breakpoints for same scripts
We change the breakpoint hint logic to check if the script has not
locally changed (with a hash of the source text between the requested
breakpoint location and the actual breakpoint location). If the
text did not change, we set the breakpoint at the same
location as before.

Bug: chromium:1404643
Change-Id: I6ceecf9924e699aaf37518680d1cb79d3eb00959
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138260
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85131}
2023-01-09 07:29:47 +00:00
Jakob Linke
ebd933037e [flags,testrunner] Consider readonly flags for conflict detection
Flag conflict detection 1) bails out on incompatible flag values (e.g.
--jitless and --turbofan) and 2) handles such bailouts transparently in
the test runner by marking affected tests as OUTCOMES_FAIL.

This CL adds full support for readonly flags to this system, together
with required additional annotations in variants.py.

Drive-by: assert proper use of v8_enable_slow_dchecks, and add
support when dcheck_always_on is set.
Drive-by: introduce has_maglev build variable detection based on
v8_enable_maglev and use that for .status file annotations.
Drive-by: protect against unintended overwrites of build variables
in statusfile.py.

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel
Bug: v8:13629,v8:10577
Change-Id: I04de399139a0490806df8bfee7e75e2ec767b4b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135879
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85130}
2023-01-09 07:09:34 +00:00
v8-ci-autoroll-builder
e6902daebf Update V8 DEPS (trusted)
Rolling v8/build: 705c30a..7ab406c

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230107.0.1..version:11.20230108.3.1

Change-Id: Id52793459a5ae65df95837c5f66ef36c5fafe3f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4143951
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85129}
2023-01-09 04:01:07 +00:00
Clemens Backes
aa5f2e5c43 Revert "[x64] Add support for "cold calls" in hot paths"
This reverts commit 31ccfed461.

Reason for revert: Fails compilation on: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20cfi%20-%20builder/6527/overview

Original change's description:
> [x64] Add support for "cold calls" in hot paths
>
> This makes (specially annotated) calls to "cold functions" in hot paths
> more efficient by hiding the fact that we are actually calling a
> function here. Clang would otherwise unconditionally spill and reload
> registers that might be clobbered by the call. This would slow down the
> fast path.
>
> This CL allows to reverse priorities here: The fast path can stay fast
> (no spills and loads), but the slow path gets even slower. The inline
> assembly that implements the cold call spills and reloads *all*
> registers, because we do not know which registers are in use in the
> scope where the cold call is being emitted.
>
> I.e. this behaves like a custom calling convention with no caller-saved
> registers.
>
> The `preserve_all` attribute (experimental in clang, and incomplete for
> C++) would also solve this, but it is not production-ready yet (leads to
> crashes of clang and crashes of the generated code).
>
> R=​leszeks@chromium.org
> CC=​​dlehmann@chromium.org
>
> Bug: v8:13565, v8:13570
> Change-Id: I2b54a480da1c689113a67c601c29d73239b0ff2b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4116584
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85127}

Bug: v8:13565, v8:13570
Change-Id: I2f5b3343eb372fea13d2c4ab6354f2bc52e2c338
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4145819
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85128}
2023-01-08 21:03:06 +00:00
Clemens Backes
31ccfed461 [x64] Add support for "cold calls" in hot paths
This makes (specially annotated) calls to "cold functions" in hot paths
more efficient by hiding the fact that we are actually calling a
function here. Clang would otherwise unconditionally spill and reload
registers that might be clobbered by the call. This would slow down the
fast path.

This CL allows to reverse priorities here: The fast path can stay fast
(no spills and loads), but the slow path gets even slower. The inline
assembly that implements the cold call spills and reloads *all*
registers, because we do not know which registers are in use in the
scope where the cold call is being emitted.

I.e. this behaves like a custom calling convention with no caller-saved
registers.

The `preserve_all` attribute (experimental in clang, and incomplete for
C++) would also solve this, but it is not production-ready yet (leads to
crashes of clang and crashes of the generated code).

R=leszeks@chromium.org
CC=​dlehmann@chromium.org

Bug: v8:13565, v8:13570
Change-Id: I2b54a480da1c689113a67c601c29d73239b0ff2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4116584
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85127}
2023-01-08 18:44:18 +00:00
v8-ci-autoroll-builder
922fa2f9ee Update V8 DEPS (trusted)
Rolling v8/build: dac6050..705c30a

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230106.2.1..version:11.20230107.0.1

Change-Id: Ib856262f50acce14f20a07b0c1227b73ff749e3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4143948
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85126}
2023-01-08 04:03:53 +00:00
Frank Tang
d269492175 [test262] Roll test262
e6c6460a5b..f00d4118d

Bug: v8:7834
Change-Id: I02cecbc0d74ee2904d3d5d9d9f94f182a88b0cf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4126701
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85125}
2023-01-07 09:01:20 +00:00
v8-ci-autoroll-builder
3c79a84283 Update V8 DEPS (trusted)
Rolling v8/build: c2ac4bf..dac6050

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e5bf2c4..163b421

Rolling v8/third_party/depot_tools: 50985d5..6f90547

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230105.2.1..version:11.20230106.2.1

Rolling v8/tools/clang: 5c711ec..e8c31f9

Change-Id: I96f80a73c7886aa6beba8250309f417deb648dc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4143946
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85124}
2023-01-07 03:55:43 +00:00
v8-ci-autoroll-builder
4d716b2ffb Update V8 DEPS (trusted)
Rolling v8/build: 33bb56b..c2ac4bf

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/038b25e..e5bf2c4

Rolling v8/third_party/depot_tools: 58a343c..50985d5

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230104.1.1..version:11.20230105.2.1

Rolling v8/tools/clang: 3b54a13..5c711ec

Change-Id: I6538f8982f85f23fb540217d52aee55f142895f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4141158
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85123}
2023-01-06 04:28:47 +00:00
Choongwoo Han
362e792ee4 [wasm] Do not build loop exits for non-innermost loops
Loops can be unrolled only for innermost loops. But, the wasm graph
builder builds loop exits regardless of the condition. This CL detects
if the loop can be innermost using AnalyzeLoopAssignment, and do not
allocate unnecessary nodes if it can't be.

This reduces memory usage for the reported wasm binary from 1.3GB to
300MB.

Bug: v8:13543
Change-Id: I693800071f7eee4a9991e094830f23d27a96b13f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134466
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Choongwoo Han <choongwoo.han@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#85122}
2023-01-05 20:04:09 +00:00
Victor Gomes
5c613b9887 [maglev][arm64] Fix push/pop register list order
Maglev assumes a fixed register order (from low to high) when
iterating the frame, since it identifies tagged values using
a bitmap.

Bug: v8:7700
Change-Id: I2231b111b30068eeff408e8ceea896cb17e4b864
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135892
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85121}
2023-01-05 15:13:53 +00:00
Andreas Haas
4c46613505 Reland "[wasm][capi] Optimize all functions before serialization"
This CL is exactly the same as the original CL, without changes. The
issue was a missing Isolate::Scope, and it existed already before this
CL. I fixed the issue separately in https://crrev.com/c/4136720.

Original message:

Original change's description:
> [wasm][capi] Optimize all functions before serialization
>
> The existing implementation of `serialize` in the C-API is to produce
> a snapshot of the current state of the `NativeModule`. However, so
> far all users of `serialize` did not care about the runtime of
> `serialize`, but cared about `deserialize` starting up fast.
>
> With this CL all functions of a module get tiered up to TurboFan
> before serializing the module.

R=clemensb@chromium.org

Change-Id: Ib8ed33c63c137e167fb50ccf721184b2b16cf4d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4131635
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85120}
2023-01-05 14:41:00 +00:00
Manos Koukoutos
1ef0a093e8 [wasm-gc] Apply isorecursive canonicalization to tag signatures
We add a {canonical_type_index} field to tag objects and use it to
check for canonical subtyping between tags when needed.

Bug: v8:7748
Change-Id: I60723d8f72a9487af03f223c8f8a33ef8fa56461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135885
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85119}
2023-01-05 14:17:32 +00:00
Leszek Swirski
a0ba7818cd [string] Fix ConsStringIterator offset use
ConsStringIterator::Next has an `offset` out parameter with non-obvious
semantics -- namely, that the `offset` is the offset within the
currently returned string matching the offset passed into the
ConsStringIterator constructor. Notably, this will always be zero after
the first iteration. Added a comment to explain this.

This was being misused in string equality comparison, and in fact we can
remove its use there entirely, as the only way to have a slice offset in
string equality is to have a sliced string, which cannot point to a cons
string.

Change-Id: Idf9abc537220564ead0b056e9aff644d5c91426f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138255
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85118}
2023-01-05 14:11:09 +00:00
Andreas Haas
167efb5974 [mjsunit] Avoid creating v8.prof file in regression test
R=jgruber@chromium.org

Bug: v8:12926
Change-Id: I565455068a385c708dce9406120de9ec3f893341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4138257
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85117}
2023-01-05 14:03:22 +00:00
Andreas Haas
912a05d7b0 [wasm][capi] Add missing Isolate::Scopes
Missing Isolate::Scopes can cause the GC to fail.

R=clemensb@chromium.org

Bug: v8:12926
Change-Id: Iddfe73b4974d187261488189e55f0a6684ceb9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136720
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85116}
2023-01-05 14:00:26 +00:00
Darius M
8e84e825ed [maglev] Adapt CheckJSTypedArrayBounds for Float64Array
Fixed: chromium:1405150, v8:13638
Bug: v8:7700
Change-Id: I0b53d6bbd43ff7e068d8d82edfe2d956bb398223
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136729
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85115}
2023-01-05 12:53:29 +00:00
Clemens Backes
68047ec37f [wasm][streaming] Avoid UAF after context disposal
After a call to {StreamingDecoder::NotifyCompilationEnded}, no method on
the {StreamingProcessor} should be called any more. We were still
calling the {OnAbort} method later.

To make the semantics a bit more clear, we rename
{NotifyCompilationEnded} to {NotifyCompilationDiscarded}.

We also remove the {stream_finished_} field and reset the processor
instead, which will result in a nullptr access if we try to illegally
call any further methods.

R=ahaas@chromium.org

Bug: chromium:1403531, chromium:1399790, chromium:1400066
Change-Id: I4caef3801dfe9d653125efbd7bc9b5d13ce30dc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4132966
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85114}
2023-01-05 12:36:04 +00:00
Victor Gomes
59136c6045 [log] Remove is_listening_to_code_events cache
V8FileLogger has a dynamic behaviour when listening to
code events, i.e., it can stop listening without removing
itself from the Logger, which invalidates the field
is_listening_to_code_events_. This field is only updated
when adding/removing an event listener.

This cache was recently introduced in a refactoring
https://crrev.com/c/3582125

Bug: chromium:1400809
Change-Id: If93c88a6a64f5bf2c10265ac1db455ea498733a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136726
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85113}
2023-01-05 11:40:49 +00:00
Michael Achenbach
73aaf18f36 [gcmole] Remove legacy gcmole steps
This was running side-by-side in production now for >1 month. Now
we remove the sequential gcmole step and only keep running the
parallel version. We keep the sequential test run to ensure it keeps
working for developers who still use this locally.

Bug: v8:12660
Change-Id: If92516948d0cc3c03c9a4a18bd216ce63c18dfc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136727
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85112}
2023-01-05 11:14:47 +00:00
Michael Achenbach
43fd63554e [gcmole] Add regression test with multiple safepoints
Bug: v8:13536
Change-Id: I1cac6a34b6948f7e5365c5454ad6d3f928d906d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134164
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85111}
2023-01-05 09:47:58 +00:00
Vladimir Nechaev
ca3a939da8 [inspector] Provide more details about destroyed context
Runtime.executionContextCreated provides many details in
ExecutionContextDescription structure while
Runtime.executionContextDestroyed provides only executionContextId. This
information is insufficient for the clients that use uniqueContextId.

Bug: v8:12896
Change-Id: I31df0ed618dc1c8b55c7eba8f96eeaef2d4de6c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657439
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Vladimir Nechaev <nechaev@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85110}
2023-01-05 09:27:47 +00:00
Lu Yahan
d333e5b5aa [riscv] Fix disasm unittest error
Change-Id: I5e342abad192189fc88aae185901ba776643c0dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134473
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85109}
2023-01-05 09:10:11 +00:00
Yahan Lu
fcae4c1383 Revert "[riscv] Remove unnecessary unbound label count"
This reverts commit a6c2b39080.

Reason for revert: Failed tests

Original change's description:
> [riscv] Remove unnecessary unbound label count
>
> The bind_to function doesn't link branch long to trampoline, so it doesn't need to add  unbound_labels_count_.
>
> Change-Id: I2e3861a38eb65c285f19accb12bccb9f4c9fcfb1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4133426
> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
> Cr-Commit-Position: refs/heads/main@{#85103}

Change-Id: I651762d71a8e86bbe76a10224a63433cdacfadfe
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136999
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85108}
2023-01-05 07:37:08 +00:00
Simon Zünd
3094c4002b [debug] Fix stepping through single statement loops
The debugger utilizes the source position while single stepping
("Step-in") through the source to go from statement to statement and
skipping some expressions along the way. The debugger remembers the
"statement position" of the last stepping action.

This works well in general but falls flat for loops that only have
a single statement in them. Every step lands on the same statement,
just one loop iteration later.

We detect this case by checking if we are in the same frame and have
the exact same bytecode offset as the last step action.

Note that this also fixes "frame restarting" should we have restarted
a function while paused at the beginning of that function.

R=jarin@chromium.org

Bug: chromium:1401674
Change-Id: Id0a5753ed7cc9f23f22d869368d88e1c4b48566d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135881
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85107}
2023-01-05 07:18:16 +00:00
Simon Zünd
5b8d62d830 [debug] Only 'step-in' on function entry for scheduled pauses
This CL fixes a bug where we wouldn't pause (or even crash) when trying
to interrupt an infinite loop.

When we pause via stack check (i.e. a scheduled break) we currently do
one additional step-in. We do so to enter functions properly in case
we are paused in the middle of setting up the stack frame.

Loops also do a stack check, to support pausing infinite loops. In
that case we can skip the additional step-in as we are already
in a valid pause position (as implemented by this CL).

This CL also removes two bogus DCHECKs. We assumed that
a scheduled break never happens after a step. This is wrong, e.g.
a user can click the pause button after stepping over a long running
function.

Note that we duplicate the various loop interruption cctests to
also interrupt the loops with the "scheduled" break reason. Without
the changes in debug.cc, those won't pass.

The CL https://crrev.com/c/4136058 adds a regression test on the
blink side.

R=jarin@chromium.org

Fixed: chromium:1401674
Change-Id: I42b44744b17d24351f01b83c0446908c24e6c5fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134246
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85106}
2023-01-05 06:19:47 +00:00
v8-ci-autoroll-builder
70253ba04e Update V8 DEPS (trusted)
Rolling v8/build: 44b5138..33bb56b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a404e6d..038b25e

Rolling v8/third_party/depot_tools: 252b198..58a343c

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230103.1.1..version:11.20230104.1.1

Rolling v8/third_party/zlib: 18d27fa..fa5dc47

Change-Id: I49c9e11b32c782a4f0cb29b1559f708549d6e8bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4133999
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85105}
2023-01-05 04:05:20 +00:00
Lu Yahan
2bb36a2275 [riscv] Fix disasm error about fcvt.s.d
Change-Id: I1046f5d7147a032b6f7c830c4ae3235bc9f55088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4134468
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85104}
2023-01-05 03:19:51 +00:00
Lu Yahan
a6c2b39080 [riscv] Remove unnecessary unbound label count
The bind_to function doesn't link branch long to trampoline, so it doesn't need to add  unbound_labels_count_.

Change-Id: I2e3861a38eb65c285f19accb12bccb9f4c9fcfb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4133426
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85103}
2023-01-05 03:11:14 +00:00
Shu-yu Guo
071de173dc [string] Rename String::GetChars -> String::GetDirectStringChars
GetChars may give the misimpression that it's usable with all flat
strings, while it is only usable with direct strings.

Change-Id: I1fd1ae93f75aca4079a2f65b5440a693dc2eb5c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4133547
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85102}
2023-01-04 20:07:52 +00:00
Darius M
3f75b580eb [maglev] Fix bug because of output-input aliasing
Bug: v8:7700
Change-Id: Ide3704bd44b8f531720ba38127e98c00e59a7d57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136712
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85101}
2023-01-04 17:15:57 +00:00
Michael Lippautz
6eb0a668c2 [heap] Move wrappable extraction logic out of LocalEmbedderHeapTracer
Bug: v8:13207
Change-Id: I5d96454c7335e698ff79572706cf0c16640fdd53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136711
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85100}
2023-01-04 17:04:15 +00:00
Darius M
5d3e12941e [maglev] Support in-heap TypedArrays
Drive-by: fix a bug with TypedArray loads: because we used the output
register as a temporary, if it was actually aliasing with one of the
input registers, the generated code was incorrect.

Bug: v8:7700
Change-Id: Id297f728ca2de13ebc5993cea675900fbfdd7886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4135884
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85099}
2023-01-04 16:14:50 +00:00