The test makes sure that JSON parsing doesn't stack overflow if given a
deeply nested JSON object. This deep nesting makes the test slow, so we
can test ~the same thing by lowering both the nesting and the stack
size.
Bug: v8:12029
Change-Id: I689ffc1b9db167a1cf1de93beeb09c89e03264a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059685
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75976}
Use the result of scripts.find() instead of using operator[] when
looking up scripts. This avoids an ugly const_cast, and avoids doing the
lookup twice.
Change-Id: I7c1a6be28928e2e3d928c389328be8785be3cff7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056989
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75974}
is_deprecated and is_stable are mutable and can be changed
concurrently. We protect against changes through dependencies. CHECKs
on such fields are invalid.
Bug: v8:7790,chromium:1234206
Change-Id: I9bb7fab0342e0e2c33377c162b1912a8f93e760b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059682
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75973}
The test currently fails on machines with sparkplug enabled:
```
Flag --sparkplug: value implied by --jitless conflicts
with explicit specification
```
And passes on platform without sparkplug.
Bug: chromium:1233401
Change-Id: Ia0277f8d356e34efb611ca9960c11ec78b9b94ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058300
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75970}
R=leszeks@chromium.org
Bug: chromium:1233401
Change-Id: Ieaf7513d2dbd9bc84a996defbf0a929d35befa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059082
Commit-Queue: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75967}
We add new alternative "new_object" in order to
emit new struct and array types. We check whether
heaptype is struct or array type so we could emit
"NewDefault" or "NewWithRtt". The additional methods
(IsArray/StructType, GetArray/StructType) was added to WasmModuleBuilder.
Bug: v8:11954
Change-Id: I7a0e73edfbaa49beb1efd60b0f1b9916dc50df22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056459
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#75966}
FP Div, Min and Max are added in this CL.
Opcodes are also reordered in macros to match the
instruction selector.
Change-Id: Idd6909721b0d06d523c93873e5faff39449d937c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058294
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75965}
Previously we do not tier down from baseline to interpreter, which
breaks per-bytecode side effect checks (to check whether e.g. we are
mutating a temporary object, which is not considered a side effect).
R=leszeks@chromium.org
Bug: chromium:1233401
Change-Id: Ie08b5352aa4c124421b4c9abce18326938bbc822
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056981
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75963}
Previously we'd report all property edges with symbol names as <symbol>,
which was not very useful, especially with private class fields now
seeing more adoption.
Fixed: chromium:1232467
Change-Id: I53cf0811c4b83d016b988b687c6decbddd3c2fdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055309
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75962}
Found these when compiling the arm64 simulator for MSan (Release) and
ASan (Debug and Release). Depending on the exact configuration (and
compiler), different functions will get inlined and different symbols
need to be available at link time.
1) Since GetRecoveredTrapCount is used in a unittest, it needs to be
exported.
2) The thread-local g_thread_in_wasm_code cannot be exported on
Windows, hence it cannot (safely) be used in unit tests. Use the
{GetThreadInWasmThreadLocalAddress} function instead, which will
return the address of that thread-local variable.
R=ahaas@chromium.org, mseaborn@chromium.org
Bug: v8:11955
Change-Id: I118f60c1580a8362f8232541576a1c41da7042bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049077
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75960}
Use write barrier when storing code into JSFunction::Code field.
Earlier, code from SharedFunctionInfo was always a builtin and hence
it was safe to skip write barrier there. With Sparkplug we could
also store baseline code and hence it isn't safe to skip write barrier.
Change-Id: I6a68ac759d619cdbeec8d4a37e9493d46f7aa790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056982
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75959}
The OSR entry stack check is needed as a function entry stack check to
make sure the call isn't overflowing, but emitting it as part of the
loop peeling meant that it would be within any exception handler ranges
that the loop is in.
In particular, this meant that code like this:
try {
loop {
OSR();
}
} catch {}
would logically insert the entry stack check inside the try, and thus
stack overflows of the function call would be caught within the
function, and the function could continue runnning in an overflown
state.
Bug: chromium:1232875, chromium:1034322
Change-Id: I846c6f520fd3a897da016132419ad48043859c33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056980
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75958}
Drive-by: Remove invalid DCHECK(!is_deprecated) since we cannot
guarantee this in a concurrent setting.
Drive-by: Instead, check for deprecation during dependency validation.
Drive-by: Remove addtl. invalid or outdated DCHECKs.
Bug: v8:7790
Change-Id: Ia77a82976b987fe1eaca6178dac6c7b75fbf98fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041666
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75957}
Fix ia32 for v8_enable_webassembly=false.
This is not a configuration that we test on CQ or the waterfall, but
it was working at some point so this CL makes it compile again.
R=zhin@chromium.org
Change-Id: I78dafe08199c89ec24613a62a3085e923a51b43e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056450
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75953}
This means that we are now background serializing
RefSerializationKind::kBackgroundSerialized classes on all configs.
Bug: v8:7790
Change-Id: Iaa54718303e07e37a95d3f54d0c4c173d4174967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056453
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75952}
.. instead of recalculating them at the risk of getting different
answers.
In a concurrent setting, repeated type/rep calculations are not
guaranteed to return the same answer. Instead, calculate them once and
pass them into dependency creation methods.
Note with this CL we now get the type/rep off the holder map and not
the field owner map. The results should be identical and behavior
should not change (verified by CHECKs).
Bug: v8:7790
Change-Id: I2b4c3bb8907082c69448ca743d3c8740cd8f71f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055306
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75951}
ComputeMinObjectSlack is called concurrently from background threads
(when --concurrent-inlining) and must therefore be thread-safe.
This CL adds a compiler-specific thread-safe variant
of ComputeMinObjectSlack in addition to the plain old non-thread-safe
one. Thread-safety is achieved through locking: on the bg thread, a
shared lock when traversing transitions, and on the main thread, an
additional exclusive critical section when overwriting prototype
transitions.
Tbr: leszeks@chromium.org
Bug: v8:7790,v8:12010,chromium:1231901
Change-Id: If5af83df1ab896b22477921449fb5ba4c8d3e8a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045342
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75949}
This cl uses the newly added instructions on power10 for
extracting the sign bits.
Change-Id: I9e4fa3bdd7fa5fc7004695c1d3ac29e3906d5207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056506
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75947}
We can emit a 9-byte nop, so leave more padding, otherwise the
disassembled code looks a bit off, e.g.:
0x265ef7799a73 5b3 e902010000 jmp 0x265ef7799b7a <+0x6ba>
0x265ef7799a78 5b8 0f1f840000000000 nop
0x265ef7799a80 5c0 83c004 addl rax,0x4
Bug: v8:11879
Change-Id: I697e97b45644e28e544705b972c88702f7f27ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054255
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75944}
Rolling v8/build: ff4b382..e3754f7
Rolling v8/buildtools/linux64: git_revision:d565aa3e72dd9e81da9595ee8c9d7b24cb45c48b..git_revision:c0a2d23c21e87f27f5af3e5dc2a99f2ef3480b9e
Rolling v8/buildtools/third_party/libc++abi/trunk: e8bf577..bfcda91
Rolling v8/buildtools/third_party/libunwind/trunk: d7b11d7..23a5972
Rolling v8/third_party/aemu-linux-x64: jIoBgZ-iUWXLCCH8YkbLabPLzKXZ54b27lb6trJpzpUC..LiTUyHa0AyC2fE72v094aZIjv1aTdQEZfYm-LIJVQIwC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9ac1fdf..10f6e4b
Rolling v8/tools/clang: 131233f..2a8bb1c
Rolling v8/tools/luci-go: git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d..git_revision:75ff299b9adf969190cafebe902255856a346f0b
Rolling v8/tools/luci-go: git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d..git_revision:75ff299b9adf969190cafebe902255856a346f0b
Rolling v8/tools/luci-go: git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d..git_revision:75ff299b9adf969190cafebe902255856a346f0b
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Ie13b5864c24cc43c5e49ba794af1ca0024fd8e01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056498
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75943}
Port 593fbb69c4
Original Commit Message:
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).
This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I0b87d73776b59ade36faea2f4772c63c89eb740e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056455
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75942}
It was previously only passed to compilation units in src/bigint/,
but inconsistencies arise when it's not passed to other compilation
units that #include src/bigint/bigint.h.
Fixed: chromium:1233397
Change-Id: Idb310d8c13bad12766699086574aa2c3869eb56c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056452
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75941}
This changes builtin definition so that builtins are now located in GL
.text section, to maintain their alignment in the resulting binaries
and make sure the off-heap code is aligned to kCodeAlignment.
Change-Id: I4662ca59273fa2dd11e7ecf63969597b9dd9664b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054431
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Cr-Commit-Position: refs/heads/master@{#75940}
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).
This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ibb4a38d2049cff66fec9450db4f7f375d006beac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055302
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75938}
Some of the fields come from MapRef calls and we have to still serialize
them while Map is bg-serialized. An alternative would be to move them to
MapData but that comes with a cost since different maps with the same
descriptor array wouldn't share said data.
Bug: v8:7790
Change-Id: I25d8eaf7b0a8bf7de0f21272cc6f86cc172b8b08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008640
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75936}
This reverts commit 67960ba110.
Reason for revert:
This has been properly fixed by https://crrev.com/c/3053740.
Now dcheck_always_on already defaults to false for subprojects
like V8 and no other switch is required. The switch didn't fully
work anyways due to https://crbug.com/1231890.
Original change's description:
> Reland "[build] Add V8-specific dcheck_always_on"
>
> This is a reland of cecc666f4d
>
> Depends on:
> https://crrev.com/c/3043611
>
> Original change's description:
> > [build] Add V8-specific dcheck_always_on
> >
> > This makes the V8 dcheck control independent of Chromium's and
> > prepares switching Chromium's default behavior without affecting V8
> > developers or builders.
> >
> > Preparation for: https://crrev.com/c/2893204
> >
> > Bug: chromium:1225701
> > Change-Id: I520b96019b04196f4420716ff3500ebd6c21666f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038528
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75827}
>
> Bug: chromium:1225701
> Change-Id: I56568b78592addba01793d2d14f768c9ee10103d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041670
> Reviewed-by: Liviu Rau <liviurau@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75839}
Bug: chromium:1225701, chromium:1231890
Change-Id: I7e27f5774d8e162977f30f685da4b15dadcc1084
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055294
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75935}
The implementation came in with
https://chromium-review.googlesource.com/758999.
This feature was never enabled by default, is not used anywhere, and
is not on any standardization path.
Bug: v8:10953
Change-Id: Ia2b0a556c1fb504a4cd05bdfa9f0a9c5be608d26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053589
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75934}
This is no longer used, tail calls are dealt with inside of
VisiTailCall.
Bug: v8:11879
Change-Id: I3e5b74c61c959a6697bc3fd05c8f9aa60cce9fa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049570
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75931}
