In https://crrev.com/c/v8/v8/+/2536465 we added acquiring the lock in
WriteToFlat. Then, acquiring in TryStringToDouble not only is not
necessary but also has undefined behaviour.
This was causing timeouts and meant the tests were disabled in
https://crrev.com/c/v8/v8/+/2543398.
Bug: v8:7790, v8:11171
Change-Id: Iaab4e5079bac96786e536a2e4b766e93ea17e2c4
Fixes: v8:11171
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2544544
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71242}
This reverts commit e95e1b6234.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/23064
Original change's description:
> [heap] Introduce LocalIsolate for main thread
>
> Add a LocalIsolate for the main thread to Isolate. This LocalIsolate is
> kept alive during the whole lifetime of the Isolate. The main thread
> LocalIsolate starts in the Running state in contrast to the background
> thread LocalIsolates (those start in Parked).
>
> Code paths in Turbofan that used to create a LocalIsolate on the main
> thread can now simply use the main thread LocalIsolate.
>
> LocalIsolate for the main thread will help in reducing differences
> between the main and background threads. The goal is that the main
> thread behaves more like a background thread.
>
> The main thread LocalIsolate should also make it simpler to share code
> between main thread and background threads by using LocalIsolate for
> both.
>
> Bug: v8:10315
> Change-Id: I7fd61d305a6fd7079e2319d75c291c1021e70018
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509593
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71226}
TBR=ulan@chromium.org,yangguo@chromium.org,neis@chromium.org,leszeks@chromium.org,szuend@chromium.org,dinfuehr@chromium.org
Change-Id: Ia70b4bfe3b8fa26bf8d6a7dc612a310b0ed54073
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2543937
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71228}
This CL adds a cctest to verify that the tiering strategy for the
js-to-wasm wrappers works for functions that are only indirectly
exported through exported tables.
Bug: v8:10982
Change-Id: I8eede14ab620dbadb75af42b78bfac88230a6dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536644
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71227}
Add a LocalIsolate for the main thread to Isolate. This LocalIsolate is
kept alive during the whole lifetime of the Isolate. The main thread
LocalIsolate starts in the Running state in contrast to the background
thread LocalIsolates (those start in Parked).
Code paths in Turbofan that used to create a LocalIsolate on the main
thread can now simply use the main thread LocalIsolate.
LocalIsolate for the main thread will help in reducing differences
between the main and background threads. The goal is that the main
thread behaves more like a background thread.
The main thread LocalIsolate should also make it simpler to share code
between main thread and background threads by using LocalIsolate for
both.
Bug: v8:10315
Change-Id: I7fd61d305a6fd7079e2319d75c291c1021e70018
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509593
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71226}
This CL enables a first batch of feedback-based optimizations in NCI
code. Specifically, optimizations based on unary, binary, compare,
for-in-next, and for-in-prepare feedback are now enabled.
This has two main implications:
1. NCI code can now deopt. Deoptimized code is currently thrown away
permanently and cannot be reused. Now that shared/cached NCI code can
deopt, this leads to an interesting question of what should happen
with deoptimized NCI code. The answer in this CL is to remove the
cache entry (it may later be re-added).
2. Tiering up from NCI to TF still requires feedback; since NCI code,
starting with this CL, no longer collects full feedback, feedback must
be created in some other way. This is solved by sharing a
context-independent encoding of feedback across native contexts.
Feedback is shared through a new SerializedFeedback object type,
essentially a byte array of serialized feedback. Currently, only
smi-based feedback is shared, but map-based feedback will be added in
the future.
SerializedFeedback is kept in the NCI cache alongside NCI Code
objects. It is created on NCI cache insertion, and deserialized upon
NCI cache hits.
Bug: v8:8888
Change-Id: Ic0d5fbea3aa4d3b0a165624dab9d0283b07dcee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531775
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71224}
all_true, any_true, bitmask, and extract_lane all replace a simd type
with single scalar, so we don't need to set nullptr for the extraneous
lane, and can set num_lanes to 1.
So for a call node with any of the above nodes as one of its value, we
were incorrectly replacing the extract lane node with 4 nodes - it
should only be 1 scalar node.
Drive by fix for LowerShift, it needs to check if the shift value node
has replacement (e.g. if it is an extract lane node).
Also we weren't setting the lowered type of a kPhi node. This can be a
problem if the output of a Phi node is used by a F32x4ExtractLane and
I32x4ExtractLane, which is possible (and type correct since both take
v128). This will require that the output be both a float and a int,
which is impossible. So fix it to Int32x4, and the uses of the phi nodes
will convert appropriately.
Added a test for the call node. Also tested this code by running one of
our benchmarks, which exercises the Phi logic.
Bug: v8:10507
Change-Id: I01a76b349ba9d0e157b64e737bdb4c70f96aa954
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536952
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71218}
With more of scalar lowering implemented, this test can now run with
lowering. The only other tests that skip lowering are prototype
instructions.
Bug: v8:10507
Change-Id: Ia149956d2d406b6f76eb9155765474c23b89b894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507317
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71215}
S128Select and S128AndNot relies on the inputs being lowered to I32x4,
since they use Word32Xor, but it wasn't correctly specified. This means
that by default, their lowered type was set to be the output's lowered
type. If the result of these operations were used by F32x4ExtractLane,
then their lowered type will be set to Float32x4, so the inputs will be
lowered to Float32x4, and we get incorrect type of registers allocated.
Bug: v8:10507
Change-Id: I16dc7f2dcdaf2188997ff345a6b0fd22e10b7b36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536953
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71214}
It is becoming difficult to continue supporting the compiler dispatcher
and background compile task unittests alongside the off-thread
finalization work, so disable those tests when that flag is enabled.
Bug: chromium:1011762
Change-Id: Iba9aaa29b08723afb90edc127609fef1d63ceed5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539908
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71211}
- allow arrays to be allocated in LargeObjectSpace
- check requested array allocation length against maximum
- fix array element offsets for pointer-typed elements
- fix GC handling of arrays when there are forwarding pointers
- module builder: fix rtt.sub global initializer expressions
- debug printing: print "UNIMPLEMENTED" instead of crashing
- WasmGCTester: make some exceptions easier to diagnose
Bug: v8:7748, chromium:1141376
Change-Id: Ie0281658748f3dd5e5d90d85bab78f0ea2fc3865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2534815
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71208}
... and use Name::hash() where the hash is expected to be computed.
In particular, when we are dealing with internalized strings or symbols.
Bug: v8:11074
Change-Id: Ida22f134fee0ddf2c9b962d1bcca6aa0b632af5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529451
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71200}
Split globals.js into two parts, one being skipped on NCI due to
assertions about optimization status.
Change-Id: Ifc572526d9c6aed369802a65d12c4456cde65ce0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2539909
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71199}
Add a requirement to String::GetChars that we either have a string
access lock, or a string access lock is not needed. This prevents us
from reading strings during internalization that may be in the middle
of being made external.
To avoid taking the lock too often when known to be unnecessary (e.g.
for strings that were only just created), there's now a static
SharedStringAccessGuardIfNeeded::NotNeeded(). This is hopefully ugly
enough that it's used sparingly.
One fix required for this is to enter the Isolate when tearing down
IsolateData in inspector tests -- this is so that the V8Inspector
instance being torn down will see the current Isolate and be able to
verify its thread id against the current thread.
Bug: chromium:1011762, chromium:1148680
Change-Id: Ic5d29c1b066ebae5a351c7b4bb116b9b1bf61889
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536465
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71197}
- Add tests comparing super property access to normal property access
- Shift the work so that the framework takes less time and the thing
we're trying to measure takes more time.
- Optimize / disable the optimization for the target function, not the
whole test framework.
- Reduce the amount of boilerplate code in the tests.
Bug: v8:9237
Change-Id: Idde133298c9b8ffb3d49945ef9c67f5039634598
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2536635
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71196}
Fix the ASAN crahs when there are 9 or more items to be formatted by
ListFormat.
chromium DEPS rolled in
https://chromium-review.googlesource.com/c/chromium/src/+/2536432
This CL is mainly to add unit test to ensure it fix.
Cq-Include-Trybots: luci.v8.try:v8_linux64_asan_rel_ng,v8_mac64_asan_rel_ng,v8_win64_asan_rel_ng;luci.chromium.try:android-asan,win-asan,win-libfuzzer-asan-relBug: chromium:1146068
Change-Id: I4dfbd6ea0efe5b398196f95abc520bb93e16a7cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2528476
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71192}
The new platform can be used in combination with --single-threaded.
It disables background threads and thus avoids waiting on mutexes
and condition variables completely, which is useful for V8 embedders
that fork the V8 process after initialization.
As a bonus the new platform allows use to test --single-threaded and
has already uncovered an existing bug in parallel pointer updating code.
Change-Id: I3446fa027d2a077641cdaac0cd08062a1acae176
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2416501
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71187}
Don't deopt when a PropertyCell changes from readonly to writable.
Turbofan doesn't depend on readonly-ness unless the property is
also non-configurable, in which case such a change can't happen.
Change-Id: I3d1078a8adf1ec1b16d973dd71c4295d71003a8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531791
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71184}
Previously, CodeStubAssembler::AllocateOrderedHashTable() would
allocate hash tables of the (statically known) minimum capacity in-
dicated by the concrete table type.
This CL adds AllocateOrderedHashTableWithCapacity, which is inspired by
AllocateNameDictionary. It takes a Node<IntPtrT> indicating the desired
capacity.
Bug: v8:7569
Change-Id: I4bf28f69286e52773319a1ae37d33b2f55175a84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2503950
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71175}
Currently, we assume that stack trace creation always succeeds while
filling in the `exceptionDetails` structure. Stack trace creation can
fail under some circumstances so this CL introduces a null check.
R=clemensb@chromium.org
Bug: chromium:1147552
Change-Id: I4055d5276bbb7bf178b648bfc7bd84a288626c09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532310
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71169}
Per https://tc39.es/proposal-import-assertions/#sec-assert-clause-to-assertions,
import assertions should be sorted by the import assertion [[Key]]s,
in order to prevent hosts from relying on a changing order of the
assertions to determine behavior.
Prior to this change, the assertions were being sorted by pointer. With
this CL, the keys are sorted using a code point ordering so that the
order of the assertions received by the host will be stable and
non-surprising.
This CL also switches the SourceTextModuleDescriptor's ModuleRequestMap,
RegularExportMap, and RegularImportMap to use the code point order
comparison rather than their former shortlex sort. This change will not
be externally visible, but it seems best to make these consistent.
In order to avoid #including the fairly large ast-value-factory.h
into ast/modules.h, I changed ImportAssertions into a separate class
definition rather than keeping it as a typedef. The alternative would
be to define a common AstRawStringComparer in ast-value-factory.h and
then #include ast-value-factory.h in both ast/modules.h and
parsing/parser.h so that the ImportAssertions typedef would have a
full, shared definition of the AstRawStringComparer type.
Bug: v8:10958
Change-Id: I29c9544aa0a4340c56e1ee631be6cabb2a2eb921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2533038
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71165}
This CL reverses the count logic for the tiering strategy of the
js-to-wasm wrappers. The initial approach was that calls to each
function were counted up, until a threshold was reached and the function
would tier up. With this CL, each function is assigned a budget of calls
that can be handled through the generic wrapper. Calls are counted down
until the budget is exhausted, which will trigger the tier-up
for the function.
This approach comes with two advantages. Firstly, determining whether
a function's budget is exhausted is as simple as checking the flags set
from the decrement of the budget. Secondly, the code generated by the
generic wrapper does not depend on the specific value of the initial
budget.
Bug: v8:10982
Change-Id: I5e186c6cf836a9c197b41d0f7ad075b07c87a4da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532300
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#71153}
The fuzzer is expected to generate a lot of syntax and runtime errors,
and the respective messages just flood the fuzzer output. By always
putting a {TryCatch} scope around the execution, we prevent those
messages from being printed.
At the same time, inspector tests need to properly propagate uncaught
exceptions in the backend to the inspector, and fail on uncaught
exceptions in the frontend.
This CL allows for all these behaviours by extending the
{CatchExceptions} enum and the {TryCatch} logic in the task runner.
Drive-by: Use {base::OS::ExitProcess} instead of the explicit
{fflush} and {_exit}.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: Ic2cb3b0de2399d25bd8c53090575308cb0e09ab0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529135
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71152}
which was enabled a long ago and is not supposed to be disabled.
In addition this CL adds Representation::MightCauseMapDeprecation()
predicate and ensures it's consistent with the existing
MostGenericInPlaceChange() and CanBeInPlaceChangedTo().
Bug: v8:11104, v8:8865
Change-Id: Ia8046b76822c9b20fe3ce85de6b98570334aad21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527088
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71151}
For NCI compilation tasks, we don't actually install the generated
Code object on the function. In that case, we cannot make assertions
about function state.
Bug: v8:8888,chromium:1146013
Change-Id: Ia2342c52e565ccb1f6b5b09dda5e998b3fd3eb3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532297
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71140}
The new predicate allows a background thread to check if the given
object was recently allocated and may potentially be unsafe to read
from the background thread.
The current implementation has relatively high overhead as it loads
two pointers per heap space. It will be optimized in the future.
Bug: v8:11148
Change-Id: I2a9dfb2c70de4b8214b8f8a35681a8bab1a63ca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532296
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71130}
Address a few bits of code review feedback that came in after landing
https://chromium-review.googlesource.com/c/v8/v8/+/2493060:
- Add ModuleRequest:kAssertionEntrySize and use in place of a numeric
literal.
- Get rid of ModuleRequestLocation and separate module_request_positions
FixedArray, and merge these into AstModuleRequest and
v8::internal::ModuleRequest.
Change-Id: If6d628d29bfa6fbd9933c6cdaa706623128ccc5d
Bug: v8:10958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2530478
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71125}
Adds traits for checking for Member,WeakMember, and UntracedMember
types.
This allows the embedder to specify its own traits and restrictions
around cppgc types.
Bug: chromium:1056170
Change-Id: Ibe60b774128f72f1398267edd81233c50fca6eb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532299
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71121}
... instead of FLAG_concurrent_recompilation. The
optimizing_compile_dispatcher may be nullptr despite the flag being
set.
Bug: v8:8888,chromium:1145988
Change-Id: Ia3a6b1a95dde2b8cdd43dd2beebf04c66f145f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531781
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71116}
This CL
* renames Name::hash_field field to raw_hash_field.
* all local variables that store raw_hash_field value are also renamed
to raw_hash_field where possible.
Bug: chromium:1133527, v8:11074
Change-Id: I17313f386110b33a64f629cc2b9d4afd1e06c6c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2471999
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71114}
.. in which the given map already matched the default map provided by
SharedFunctionInfo::function_map_index().
Bug: v8:8888,v8:11147
Change-Id: I43f51219e1c9534760c653049ac64bc6021c6a75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2530876
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71107}
This CL aims at avoiding compilation of the same js-to-wasm wrapper
multiple times by iterating over all exported functions in the export
table and replacing the wrapper for all functions that share the same
signature with the function that tiered up.
Bug: v8:10982
Change-Id: I721de2f48844349de8a5d12f512a74957c66a0e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527082
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71103}
* Replace deprecated Factory::NewFunction* calls with JSFunctionBuilder.
* Drive-by: rename Factory::NewFunctionForTest to ..ForTesting (this is
the correct suffix recognized by our tooling to ensure it's only
called from tests).
Tbr: clemensb@chromium.org
Bug: v8:8888
Change-Id: I110063803e5b467bd91b75fe8fea2ca4174f2bcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529129
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71101}
When comparing a decoded i33 value (v) to an expected value (ex) given
as a 7-bit unsigned byte, we first truncated (v) to 7 bits. This
resulted in values which coincide with (ex) only in the last 7 digits to
erroneously be accepted.
Bug: v8:7748
Change-Id: Iaf40d5be7bbfa80535cec9109c7dd19a9d96edaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526387
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71091}
The tests assert that funcs are optimized / deoptimized a certain way.
Bug: v8:9237, v8:11138
Change-Id: Ia4879e722e442be52de0bf93919eb03fecb88147
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529136
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71087}
Bug: v8:11038
Change-Id: Ia8b8c1c438d67ccfe5f27c452852c0f096062f56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2503877
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71069}
Prototype i32x4.extadd_pairwise_i16x8_{s,u} and
i16x8.extadd_pairwise_i8x16{s,u} (names not confirmed) on ARM64 and
interpreter. With a simple test case.
Bug: v8:11086
Change-Id: If1ffc04e179e86ca5cc209bf9ef9d337298e3cc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2513872
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71068}
This change plumbs import assertions from SourceTextModuleDescriptor's
ModuleRequestMap into SourceTextModuleInfo via a new ModuleRequest
type, where previously there had been only the specifier.
SourceTextModuleDescriptor::module_map now deduplicates module requests
using the specifier and the import assertions. Continuing to use the
specifier alone would cause a loss of information in the event that
a module imports from the same specifier multiple times using different
sets of assertions. Failing to deduplicate at all would result in
multiple requests for statements like `import {a,b,c} from "foo.js"`,
which would be a potential performance issue. See design doc at
https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY
for more detail on this decision.
v8::internal::ModuleRequest holds the assertions as an array of the form
[key1, value1, position1, key2, value2, assertion2, ...]. However the
parser still needs to use a map, since duplicate assertion keys need to
be detected at parse time. A follow-up change will ensure that
assertions are sorted using a proper lexicographic sort.
Bug: v8:10958
Change-Id: Iff13fb9a37d58fc1622cd3cce78925ad2b7a14bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493060
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71066}
The arm implementation made the assumption that the {lhs} and {dst}
registers are either the same, or there is no overlap. This assumption
does not hold.
ia32 on the other hand has a lot of complicated logic (and unnecessary
code generation) for different cases of overlap.
This CL fixes the arm issue *and* simplifies the ia32 logic by making
the arm assumption hold, and using it to eliminate special handling on
ia32.
R=thibaudm@chromium.org
Bug: chromium:1146861
Change-Id: I8753c2ed70349e735c03293130c899c0c8a3a671
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526388
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71060}
For the fuzzer it's unwise to exit on uncaught exceptions, as this
terminates the whole fuzzing process. Just ignore those exceptions
instead.
Drive-by: Fix a typo.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: Ided1c0f35840c158f157acd8c0bb1c12ecf8a37f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526386
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71059}
Instead of passing two bools to the {TaskRunner} constructor, pass to
enums. This makes the semantics more clear in the caller.
In the fuzzer, we actually *do not* want to catch exceptions. This
semantic fix will be done in a follow-up CL, such that this CL is a pure
refactoring.
R=szuend@chromium.org
Bug: v8:11074
Change-Id: I7f6df3a3f344524deb08db10b9317a6734b7ea42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526385
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71056}
Joining the thread from the watchdog is problematic, since e.g.
{pthread_join} (the implementation of {Thread::Join} on POSIX systems)
has undefined behaviour if multiple threads try to join at the same
time. In practice, this leads to deadlocks.
Thus implement termination by just calling {TaskRunner::Terminate}, but
not {TaskRunner::Join}. This fixes the deadlocks in the inspector
fuzzer.
The inspector test binary is fixed simarly, even though there it seems
to not cause problems so far.
In both files, the {Terminate} function is inlined into callers because
it's only a single line now, with one to two users.
Also, replace the single fuzzer test (which is invalid javascript) by
two tests: One called "invalid" explicitly, still with invalid
javascript, and one empty file, which is valid input. That one
reproduced the deadlock.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I8fb98b0cdbf3ceff6af6849397e5da5a4e9acd3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526384
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71054}
As part of an effort to prepare the Recorder interface for general use,
we had to make some changes to the way the existing Wasm Events are
being used. In particular,
- it is more fitting to use a ElapsedTimer than a TimedScope to
measure the durations in src/wasm/module-[decoder|instantiate].cc
- we want to rename the wall_clock_time_in_us field to duration_in_us
for clarity.
Because these Wasm events are already being instantiated in chromium,
renaming the field requires a two-step change. This is the first of
those changes.
Change-Id: If1b2990f7645616a59fc21d07ac10bf00701c0e5
Bug: v8:11109
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2518619
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71053}
Asan complains about the alloc-dealloc-mismatch because the startup data
is allocated via "new[]" in snapshot.cc and deallocated via "delete" in
inspector-test.cc.
A more failure-proof fix would be to have {StartupData} manage the
lifetime of the contained char*, but since this is in an API object, the
refactoring might be more involved. Since other users also just dealloc
explicitly via "delete[]", this CL just fixes the issue in
inspector-test.cc.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Change-Id: I84438b2f12ce8eb6b653d4861e899a2f003e1227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523200
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71045}
This is a tentative fix for the linked issue. The CL enables all
int64/uint64 tests for fast API calls on all platforms.
Bug: chromium:1144751
Change-Id: Ie892ad625257d3b0e0bdd9ac24261b3cbeaaba62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520902
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71043}
The {ToV8Vector} method returns a {i::Vector} pointing to heap-allocated
memory, but that memory was never free'd. Since we already have a
{ToVector} method returning a {std::vector}, this CL switches to that
one instead.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Change-Id: I8ee0177f7dcfe2ecb435e684674b0cda6f613658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523198
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71040}
In a few places we incorrectly assumed to know the instance type of the
heap object. In particular, in JSCallReducer::ReduceDataViewAccess,
doing map inference on the receiver and determining that all maps are
JSDataView maps does not guarantee that the receiver is a JSDataView
constant because we might deopt before getting to the data view
operation.
Bug: chromium:1146652
Change-Id: I1611308c3ebe0d33fa6b0cf0938d777b4e6449ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524440
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71034}
Clean up src/wasm and test/
Bug: v8:11074
Change-Id: I1b3d3475a0fbfafe75bb49acfd851f8bd5af5182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519183
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71025}
Integer splats (especially for sizes < 32-bits) does not directly
translate to a single instruction on ia32. We can do better for special
values, like 0, which can be lowered to `eor dst dst`. We do this check
in the instruction selector, and emit a special opcode kX64S128Zero.
Also add a unittest to verify this optimization, and necessary
raw-assembler methods for the test.
Bug: v8:11093
Change-Id: Icfebef06a5ecf49619ea54f31a5296094fb53ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516300
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71024}
The test started failing on win64 ASan after a DEPS roll. Increase the
stack size to mitigate this.
Also, add a comment so say why we are restricting the stack size in the
first place.
R=thibaudm@chromium.orgCC=ahaas@chromium.org
Bug: v8:11120
Cq-Include-Trybots: luci.v8.try:v8_win64_asan_rel_ng
Change-Id: If0c084653687aef95acee8caa6712a1c872d2bca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523203
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71016}
Rename the field "deffered_queue_" to "deferred_queue_".
R=szuend@chromium.orgCC=yangguo@chromium.org
Bug: chromium:1142437
Change-Id: I004082b7a798c8b7df92c7adea32e71cb11d7bef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520899
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71009}
While writing a new test I realized that the test did not fail if
running into a CHECK or UNREACHABLE *after* printing the last expected
line.
That is because both stderr and the exit status are ignored. This CL
fixes that.
This will uncover a lot of memory leaks, which I plan to address in
follow-up CLs.
R=machenbach@chromium.org
CC=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Cq-Include-Trybots: luci.v8.try:v8_linux64_asan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_asan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_win64_asan_rel_ng
Change-Id: I65f325abf102e063bb4f449353c47e94d84de652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519567
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71006}
Keep tasks in unique_ptrs, such that they are freed independent of
whether they have been executed or not.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107, v8:11074
Change-Id: Ia265df3187c724b63e0f576d33235c1bfa522c4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517694
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71005}
The inspector fuzzer is running into timeouts most of the time
currently, because the test explicitly needs to quit execution.
Make fuzzing more efficient by adding a watchdog thread which stop
execution after 2 seconds. This will still result in valid test cases,
i.e. everything that was executed within those two seconds will count as
covered code.
Drive-by: Slightly simplify the storage of task runners. No need to
clear the vector after termination.
R=szuend@chromium.org
Bug: chromium:1142437, chromium:1145285
Change-Id: I7b5fe7ddcbce731fbc3d74ee8c43f7249f34b918
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520906
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71002}
DecideToPretenureDuringCompilation expects a particular number of
allocation sites. So enable lazy feedback allocation always in the test.
It is possible to make the test work for --no-lazy-feedback-allocation
too, but the test already runs in a controlled environment by setting
various flags so it is OK to enable lazy feeedback allocation to keep
test simple
Bug: v8:10219
Change-Id: I8b979b6df7e7cc27299704823ab691f96abe5431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521591
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71000}
This cl implements tiering up support from Turboprop to TurboFan behind
turboprop_as_midtier flag. More specifically:
1. Scales down the bytecode size when updating the interrupt budget in
optimized code (TP / NCI).
2. Runtime profiler tiers up from TP->TF with --turboprop-as-midtier
3. Looks for the correct code kind when looking for optimized code in
the feedback vector.
4. After servicing the optimization marker continues with mid-tier
optimized code if it exists
Bug: v8:9684
Change-Id: Iaf5783e75555c50c97901504fd122f62ff30be5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480363
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70993}
This reverts commit 0147db5a4a.
Reason for revert: Data races: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/34056
Original change's description:
> [super] Optimize super property access in JSNativeContextSpecialization
>
> Generalize the existing property lookup machinery
> (JSNCS::ReduceNamedAccess) to handle the case where the
> lookup_start_object and the receiver are different objects.
>
> Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit#heading=h.xqthbgih7l2l
>
> Bug: v8:9237
> Change-Id: I28b6d87ce6537acd8cf972bbe7dc6d63d581aadc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487122
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70988}
TBR=marja@chromium.org,mvstanton@chromium.org,neis@chromium.org
Change-Id: Ib5ddb919ae569fe5ddf266d986f1c8bc0fe9621a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520908
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70992}
Calling {Exit} does not stop execution in the current thread (or
process), it just tells the two task runners to stop. Hence following
code would still be executed.
This CL replaces the calls to {Exit} to {FATAL} for internal errors
where we want to stop immediately.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I70c1c39da28a3cd040214d46eddf61f05a12bce7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519568
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70984}
This reverts commit c3b2b64be4.
Reason for revert: Scheduled revert.
The flag flip is in 88.0.4315.0. Group report links:
https://chromeperf.appspot.com/group_report?rev=70949https://chromeperf.appspot.com/group_report?rev=823663
Original change's description:
> [nci] Enable --turbo-nci behind --future to gather perf data
>
> .. to be reverted in a day or two.
>
> Bug: v8:8888
> Change-Id: Iee156da614b50c351ca9a07cc497177c92de865d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512907
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Lutz Vahl <vahl@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70949}
TBR=machenbach@chromium.org,jgruber@chromium.org,vahl@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8888,v8:11087
Change-Id: I57411474d885dd69613a85f5fa3a801a573fcd08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517690
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70982}
Integer splats (especially for sizes < 32-bits) does not directly
translate to a single instruction on x64. We can do better for special
values, like 0, which can be lowered to `xor dst dst`. We do this check
in the instruction selector, and emit a special opcode kX64S128Zero.
Also change the xor operation for kX64S128Zero from xorps to pxor. This
can help reduce any potential data bypass delay (search for this on
agner's microarchitecture manual for more details.). Since integer
splats are likely to be followed by integer ops, we should remain in the
integer domain, thus use pxor.
For i64x2.splat the codegen goes from:
xorl rdi,rdi
vmovq xmm0,rdi
vmovddup xmm0,xmm0
to:
vpxor xmm0,xmm0,xmm0
Also add a unittest to verify this optimization, and necessary
raw-assembler methods for the test.
Bug: v8:11093
Change-Id: I26b092032b6e672f1d5d26e35d79578ebe591cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516299
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70977}
Add a new function on the public API to allow serializing a function to
a string using the built-in toString() implementation, allowing
serialization without worrying about untrusted author script overriding
the toString() implementation. This is similar in nature to
Object::ObjectProtoToString() (but that only returns "[object Function]"
for any passed function).
Add tests for the same.
Bug: chromium:1144841
Change-Id: Ie4c29b870034c0817c23bf91f9424f956098823d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2514768
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70976}
This is a reland of adceb45979
Redesign test to not be OS dependent.
Original change's description:
> [x64][ia32] Add stack overflow check in InvokePrologue
>
> In case of no arguments adaptor frame, we massage the arguments in InvokePrologue pushing undefined objects if the actual argument count is below the parameter count. This CL adds a stack overflow check before pushing these undefined objects to the stack.
>
> Change-Id: I2a88bf6fdfd17958f6f6884143a67d50ea842fd2
> Bug: v8:10201
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491039
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70927}
Bug: v8:10201
Change-Id: Ifab3413b748cdf3bb998a5080cd1fcb3b67a737b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517921
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70973}
ICU68-1 change the output skeleton format. So we need to change
resolvedOptions code for 68 migration.
Chromium roll
https://chromium-review.googlesource.com/c/chromium/src/+/2474093
Bug: v8:10945
Change-Id: I3b2c7fbe8abb22df8fa51287c498ca3245b8c55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477431
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70972}
Rename-only CL: Rename "code kind" to "code like".
The reason is CL feedback when using this feature, and a desire for
consistency across V8 + Blink. An additional benefit would be to
disambiguate from the v8::internal::CodeKind type, which is unrelated to
any of this.
Original CL: crrev.com/c/v8/v8/+/2339618
CL whose review prompted this change: crrev.com/c/2340905
Bug: chromium:1096017
Change-Id: Id59016fc2906ab6cd1414e598338b3963811b92f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509598
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70970}
Convert Profile, CodeMap and their helpers to ES6 classes.
Code cleanup will happen in a separate step.
Bug: v8:10667
Change-Id: Icfb28f6d9ef7f00efba93b347fdf210a9af36a49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509591
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70969}
.. by the runtime flag --enable-experimental-regexp-engine.
Introduced in https://chromium-review.googlesource.com/c/v8/v8/+/2461244
Tbr: neis@chromium.org
Bug: v8:10765
Change-Id: Ic32464ced7e5ddb4c31fe165eddb6b9d19260efc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516920
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70963}
Timeouts occurred in test-concurrent-feedback-vector/CheckLoadICStates
because the main thread could enter "handshaking" mode precisely at
the moment when the worker thread successfully saw all states.
The main thread would miss this, and end up waiting forever on
a signal from the worker thread.
Bug: v8:11082
Change-Id: I0441785d908c5e27562a3620bb2195483727f118
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519553
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70962}
Currently MockPlatform has shorter lifetime than the isolate that uses
it. Creating isolate before MockPlatform leads to races in concurrent
tasks that were scheduled before the MockPlatform replaced the default
TestPlatform. This caused issues after landing
https://chromium-review.googlesource.com/c/v8/v8/+/2502808
This CL ensures that MockPlatform is valid throughout the whole
lifetime of the isolate
Change-Id: Ia888fba93819ea98b935a1d36307d98dd358fcad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507379
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70950}
.. to be reverted in a day or two.
Bug: v8:8888
Change-Id: Iee156da614b50c351ca9a07cc497177c92de865d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512907
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70949}
For atomic.wait we have to check in generated code if the memory is
shared. If not, the code has to trap. In compiled code, this is done in
the runtime function. In the interpreter, however, this check was
missing. This CL adds the check to the interpreter.
R=thibaudm@chromium.org
Bug: chromium:1144603
Change-Id: If897e3f10b404ff677341ee14ad9eda7f5e64d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512922
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70948}
Concurrent allocation test was failing flakily. Do not fix this simply
by increasing heap size since this would reduce frequency of GCs.
Instead allow allocations to fail. Even in this case the allocation
code path is still executed which we want to test.
Bug: v8:11084, v8:10315
Change-Id: I0daa9ad9177aab8b02b7decf2ccfd50e0d8ab9b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516471
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70946}
Minor refactors to improve readability and consistency between
FeedbackVectorSpec and FeedbackMetadata:
- Rename FeedbackVectorSpec::slots to slot_count.
- Rename FeedbackVectorSpec::closure_feedback_cells to
create_closure_slot_count, likewise all related fields.
- Store FeedbackVectorSpec::slot_kinds_ as an array of
FeedbackSlotKind.
Bug: v8:8888
Change-Id: I3a45177163d1484b1625de8dfba5c6c05cfc426d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2512908
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70943}
IWYU some headers, remove/inline helpers that were only used once.
Bug: v8:11074
Change-Id: I3e3d7e22b56e77076f1a2faac07ca727fb6e4f46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2513871
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70931}
Remove the duplicate utility function and use the base::Stack
equivalent instead which provides more stack utilitiy functionality.
Change-Id: Ia7a79f2530b64ceb6e2ce33445c876980b4b2a3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509595
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70930}
This reverts commit adceb45979.
Reason for revert:
- ConcurrentAllocationInLargeSpace fails in verify CSA bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20verify%20csa/20547
- New test fail on Windows bot: https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29622
Original change's description:
> [x64][ia32] Add stack overflow check in InvokePrologue
>
> In case of no arguments adaptor frame, we massage the arguments in InvokePrologue pushing undefined objects if the actual argument count is below the parameter count. This CL adds a stack overflow check before pushing these undefined objects to the stack.
>
> Change-Id: I2a88bf6fdfd17958f6f6884143a67d50ea842fd2
> Bug: v8:10201
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491039
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70927}
TBR=neis@chromium.org,ishell@chromium.org,victorgomes@chromium.org
Change-Id: I7371e1603659ce512a39c0c0a8bb01baf7b916e0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2514505
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70928}
In case of no arguments adaptor frame, we massage the arguments in InvokePrologue pushing undefined objects if the actual argument count is below the parameter count. This CL adds a stack overflow check before pushing these undefined objects to the stack.
Change-Id: I2a88bf6fdfd17958f6f6884143a67d50ea842fd2
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491039
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70927}
This adds a first simple version of the inspector fuzzer, which is a
stripped-down version of the inspector-test executable. The fuzzer
generates inputs which are compatible with inspector-test.
There are still memory leaks, and the fuzzer will probably run into
timeouts most of the time. Both of this will be addressed in follow-ups.
R=szuend@chromium.org, machenbach@chromium.org
Bug: chromium:1142437
Change-Id: I4d13da460f571d791a3642b0705a1f07b442c11b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505722
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70922}
This also extracts the {FrontendChannelImpl}, the {SetTimeoutTask}, and
the {SetTimeoutExtension} for reuse by the inspector fuzzer.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I75e49d6fbb4b801ace1ffc9cac963d6b83c52f36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505717
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70909}
IsCompleted is backwards. For a more consistent api, the function is
renamed IsActive and logic is flipped.
Following up on https://chromium-review.googlesource.com/c/v8/v8/+/2461840
The intend is to make the distinction between IsActive and IsValid obvious.
Change-Id: Iaf00b9f6ffa8f1efe93ae29f09899737ef20f04d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2510969
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70901}
- Provide GetRealStackAddressForSlot that deals with ASAN fake stacks
properly, also accounting for the fact that ASAN gets its real stack
address in a nested call.
- Fix cppgc on-stack getter.
- Reuse platform routines in global handles.
Bug: chromium:1139914, chromium:1056170
Change-Id: If11a40d543b33edcea220bb70f170ac018e15053
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2509594
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70899}
We previously assumed that a fake stack should be mapped back to a
real stack based on fake-stack offsets. This is not correct: Fake and
real stack are disjoint and both contain the corresponding slot
values.
For global handles this means that on-stack handles must be registered
using their real stack frame base to be able to purge them
occasionally based on the current stack address.
When dealing with a slot though, the GC can just dereference the slot
for a value, indeppendent of whether the slot is in a fake or real
frame.
Drive-by: Fix tests that do not want stack handles by creating
handles on heap.
Change-Id: I2c86c8e047bd0d48c24c2642b2b4dba284a93909
Bug: chromium:1139914
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507720
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70897}
Building these objects takes a lot of time and memory for realistic
applications and exposing them via the Scope view in DevTools isn't
practical either. We have a replacement in the Console now, and if
this needs more exposure we can think about other, more scalable
ways with better UX.
Fixed: v8:10986
Bug: chromium:1141781
Change-Id: I6177d63a987749889a9880cf0738031191eb5705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507696
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70894}
This commit adds the 'l' (linear) RegExp flag (as in e.g. /asdf|123/l)
that forces execution in linear time. These regexps are handled by the
experimental engine. If the experimental engine cannot handle the
pattern, an exception is thrown on creation of the regexp.
The commit also adds a new global V8 flag and changes an existing one:
* --enable-experimental-engine, which turns on recognition of the RegExp
'l' flag. Previously this flag also caused all supported regexps to
be executed by the experimental engine; this is not the case anymore.
* --default-to-experimental-regexp-engine takes over the previous
semantics of --enable-experimental-regexp-engine: We execute all
supported regexps with the experimental engine.
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:10765
Change-Id: I5622a89b19404105e8be280d454e9fdd63c003b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461244
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Cr-Commit-Position: refs/heads/master@{#70892}
When searching for a target map during map update, attempt to
update field representations in-place to the more general
representation, where possible.
Bug: chromium:1143772
Change-Id: I6a43c94910a1d2d8f8b0ad89048f94b51461f76c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2507715
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70887}
This allows GC to go slightly over the max heap limit in order to give
NearHeapLimitCallback a chance to run and increase the limit.
Based on the suggestion by Kenton Varda.
Change-Id: I9c084b5a4c8fb7b9ce331b565958391c1be56add
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505724
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70884}
Fix super calls so that arguments are evaluated before the
super constructor is checked to be in fact a constructor.
A new bytecode is introduced to split the IsConstructor check
out from the current GetSuperConstructor bytecode.
Bug: v8:10111
Change-Id: I3af99e32a34d99493806bb01b547d6f671cdc9de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493077
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70881}
This CL changes the "small" versions of ordered hash tables, like
SmallOrderedNameDictionary and the corresponding handlers, like
OrderedNameDictionaryHandler, to use InternalIndex rather than int
as the type used for indices.
This is part of an effort to make the interfaces of the
ordered and unordered name dictionaries more similar.
Bug: v8:7569
Change-Id: I3b6fe79dfd3c6743f58a04cfe82798fe2ef09e19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505720
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70876}
For-in now collect feedback as well, the test passes.
Tbr: neis@chromium.org
Bug: v8:8888
Change-Id: I4e2ae41b60aa43132a24f001dc4de460a270a1a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505766
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70874}
This changes the ordered hash data structures in ordered-hash-table.h to
use InternalIndex as the type used for indices, rather than int.
This makes the interface more similar to the (unordered) hash tables in
dictionary.h and hash-table.h
Bug: v8:7569
Change-Id: I2389b0c7d103eb7c33c5ed620b16eb198109b54c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2503949
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70873}
Inside of LoopPeeler::PeelInnerLoopsOfTree we call the typer, which
inspects heap objects, so we need to unpark the local heap.
Reverted in https://chromium-review.googlesource.com/c/v8/v8/+/2502333
Original change's description:
> [compiler] Replace Symbol with direct reads
>
> Bug: v8:7790
> Change-Id: I49120a6349777fd992a97d697940e79b2e71dbd1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400988
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69812}
Bug: v8:7790, chromium:1137594
Change-Id: I8539175002e19b04b84009eb6b2cc5ced4ee53c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502339
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70872}
The speedup in https://crrev.com/c/2504853 left out checking the array
lengths, this adds that check.
Bug: v8:7783
Change-Id: I8de01fa2dff3e051246ee3a268cdce2128ad16ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505252
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70869}
This is a reland of e68285e21d
Failing wasm tests seemed to recover on their own.
Original change's description:
> cppgc-js: heap snapshot: Add logic for querying detachedness
>
> Adds infrastructure to allow embedders specifying a detachedness state
> that is queried when encountering an object with a TraceReference that
> has a non-zero wrapper class id set.
>
> Change-Id: Ie7f2f253544ee25a25565eb08d82e9df5f0a74d2
> Bug: chromium:1056170
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502345
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70841}
Bug: chromium:1056170
Change-Id: I293a9d38f841b4d0faa4af7408bb57544f11d566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505713
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70867}
This reverts commit 1eecdf3450.
Reason for revert: unacceptable binary size increase (+65.5 KiB)
We’ll reland once we implement a more efficient way to store the
sequences.
Original change's description:
> Update RegExp sequence property support
>
> This patch aligns --harmony-regexp-sequence with the latest version of
> the corresponding TC39 and Unicode proposals.
>
> The list of supported properties has been changed:
>
> - https://github.com/tc39/proposal-regexp-unicode-sequence-properties#proposed-solution
> - https://unicode.org/reports/tr18/#Full_Properties
>
> Furthermore, the Unicode data now uses Unicode v13.0.0 instead of v12.0.0.
>
> Bug: v8:7467
> Change-Id: I1ac386d87af68d68e84e919cb5ffc1313443844a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497163
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Mathias Bynens <mathias@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70752}
TBR=yangguo@chromium.org,jgruber@chromium.org,mathias@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7467
Change-Id: I6721f4862827dc686d96d79498a1e8fdae4481d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505758
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70866}
Test was skipped because the generated test contains multi-byte opcode,
and wasn't correct. Fix up the test with the correct encoding. The
fuzzer now generates multi-byte opcodes correctly, and so shouldn't be
an issue.
Bug: v8:10486
Change-Id: I1f5ad7d456320a30da6c553f65fdca0fc86a291a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505238
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70864}
PPC has a larger page size than other platforms, so increase the page
size in the test to account for this.
Change-Id: I392064e9ef3f87c5bddb7763b35661aee5b4669d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502330
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70857}
This is a reland of 44f46defcf with a
fix for failures with --turbonci_as_mid_tier
Original change's description:
> [turboprop] Pass required parameters as value inputs to TierUpCheck node
>
> TierUpCheck node tail calls interpreter entry trampoline when additional
> processing is needed for tiering up. Calling IET requires target,
> new_target, input count and context as parameters. Earlier these were
> created as parameter nodes in effect-control-linearizer. This causes
> problems with Turboprop since TurboProp doesn't use the second scheduler
> and cannot reschedule these nodes to the start block. We should instead
> create these parameter nodes in bytecode-graph-builder and pass them
> as value inputs to TierUpCheck node.
>
> Bug: v8:9684
> Change-Id: Icfe5a33b4e628d5a3ba9a3121b2b0746be6aed5c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498695
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70790}
Bug: v8:9684
Change-Id: Ic1a7d39aab0a599d0dd421f237e7bc640fcd6eb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504258
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70856}
This CL splits the class definitions per .tq file, to realize the
following relationship:
A class defined in src/objects/foo.tq has a C++ definition in
src/objects/foo.h. Torque then generates:
- torque-generated/src/objects/foo-tq.inc
An include file (no proper header) to be included in src/objects/foo.h
containing the Torque-generated C++ class definition.
- torque-generated/src/objects/foo-tq-inl.inc
An include file (no proper header) to be included in
src/objects/foo-inl.h containing inline function definitions.
- torque-generated/src/objects/foo-tq.cc
A source file including src/objects/foo-inl.h that contains non-inline
function definitions.
Advantages of this approach:
- Avoid big monolithic headers and preserve the work that went into
splitting objects.h
- Moving a definition to Torque keeps everything in the same place
from a C++ viewpoint, including a fully Torque-generated C++ class
definition.
- The Torque-generated include files do not need to be independent
headers, necessary includes or forward declarations can just be added
to the headers that include them.
Drive-by changes:
A bunch of definitions and files had to be moved or created to realize
a consistent 1:1 relationship between .tq files and C++ headers.
Bug: v8:7793
TBR: hpayer@chromium.org
Change-Id: I239a89a16d0bc856a8669d7c92aeafe24a7c7663
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2470571
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70853}
This simplifies the logic since we can guarantee to have a
Handle<String>. The removed constructor was only used in tests.
Change-Id: I13519e474fe92892e9e8a39802d84cfab2c5b5ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505711
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70849}
Disable the BackgroundCompileTask and CompilerDispatcher unittests when
--finalize-streaming-on-background is enabled. The inner function API to
concurrent compilation doesn't yet support off-thread finalization, so
these tests break under that configuration.
Bug: chromium:1011762
Change-Id: If8d8d8e814161668e12f309e8d69ef8e8a29ab4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502329
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70846}
This reverts commit e68285e21d.
Reason for revert: ASAN test failing:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20ASAN/29838?
Original change's description:
> cppgc-js: heap snapshot: Add logic for querying detachedness
>
> Adds infrastructure to allow embedders specifying a detachedness state
> that is queried when encountering an object with a TraceReference that
> has a non-zero wrapper class id set.
>
> Change-Id: Ie7f2f253544ee25a25565eb08d82e9df5f0a74d2
> Bug: chromium:1056170
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502345
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70841}
TBR=ulan@chromium.org,mlippautz@chromium.org,omerkatz@chromium.org
Change-Id: Ic13337b9c5b336a81efa5f2672f5a501084b5326
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2505613
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70843}
https://github.com/tc39/proposal-dynamic-code-brand-checks
An experimental implementation of the TC39 "Dynamic Code Brand Checks". This
implementation sticks an API-only symbol on each "code kind" object, which
is more flexible, but costs memory for each instance.
Bug: chromium:1096017
Change-Id: Idfeca035c61204ca0cea8ec735fdfa40a49d85e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339618
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70842}
Adds infrastructure to allow embedders specifying a detachedness state
that is queried when encountering an object with a TraceReference that
has a non-zero wrapper class id set.
Change-Id: Ie7f2f253544ee25a25565eb08d82e9df5f0a74d2
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502345
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70841}
The flag has been enabled by default for two version now, so it is time
to remove it.
R=binji@chromium.org
Bug: v8:9921
Change-Id: I833e04a3f9d238e7bcf27e93148c9492776af3c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402034
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70838}
This is a reland of d7ece57e20 with
a fix to failures on NumFuzz.
Original change's description:
> [turboprop] Add a slot for optimization marker in feedback vector
>
> Optimization marker and the optimized code used to share the same slot
> in the feedback vector as they were mutually exclusive. With turboprop
> we would want to mark the function for tier up to Turbofan while holding
> the optimized code for Turboprop. So this cl uses the existing padding
> field to hold the optimization marker instead.
>
> As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function
> and fixes a minor bug in Runtime_GetOptimizationStatus.
>
> Bug: v8:9684
> Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70789}
Bug: v8:9684
Change-Id: Ie6aa3c061a852bb047b5921e4e747d43505568e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502871
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70834}
The value of a node was accessed without prior HasValue check. With
WebAssembly this node is not guaranteed to be a value.
R=mslekova@chromium.org
Change-Id: I62170183f3940a04b0550dfbb78cb49d2f5d7f72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504250
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70833}
We made array-concat run faster in https://crrev.com/c/2504853.
Bug: v8:7783
Change-Id: Iabefb58f92e24ffa4e0589a7c8b9e2b3e12c6e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504859
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70831}
