Move the current code sequence in TurboFan to a macro-assembler helper
function to allow Liftoff to reuse it.
Bug: v8:10997
Change-Id: I6205350897a4afc7ca9d0f84fd514be24508aef0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2620905
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72054}
Also fix the simulator to avoid overrating dst register
during VectorPack.
Bug: v8:10971
Change-Id: I137e3cf4f73ddfc12c50099d519668858f95ecf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2625487
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72051}
- Modify InstructionSelectors to track both padding and multiple
slot values to correctly adjust stack pointers when pushing
arguments. Pass stack offset as an immediate operand.
- Modify CodeGenerators to handle alignment padding.
Bug: v8:9198
Change-Id: I1c132284e07b5f5e73ce570a641f17decdfba504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2596027
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72049}
bulk-memory shipped in V8 v7.5, hence the feature flag can be removed
now. This saves some binary size and a few dynamic checks for the flag.
R=ahaas@chromium.org
Bug: v8:11074
Change-Id: Ia73622637939f2192940fdd6909520786ed27286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622913
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72045}
This adds the following internal properties to `WasmInstanceObject`
values in DevTools:
- `[[Module]]` pointing to the `WasmModuleObject`, allowing the
developer to find the module to an instance no matter where in
DevTools front-end the instance is inspected.
- `[[Functions]]`, `[[Globals]]`, `[[Memories]]`, and `[[Tables]]`
are shown (when they aren't empty), allowing developers to inspect
the entities within an instance no matter where in DevTools front-end
it's inspected.
This also updates the _Module_ scope for Wasm frames to show the entity
containers (`functions`, `globals`, `memories` and `tables`) in addition
to the `instance` and `module` to make it easier accessible (fewer
clicks to get there), but also to align it better with the _Add property
path to Watch_ and _Copy property path_ features (since exactly the same
names are exposed via Debug Evaluate on Wasm frames).
```
> Stack
> Locals
v Module
> module
> instance
> functions
> globals
> memories
> tables
```
Drive-by-fix: Move GetWasmModuleObjectInternalProperties() logic into
debug-wasm-support.cc
Screenshot: https://imgur.com/ksEHG2I.png
Doc: http://bit.ly/devtools-wasm-entities
Fixed: chromium:1165294
Bug: chromium:1071432, chromium:1164241, chromium:1165304
Change-Id: Ia88fb2705287c79988ff2b432e4a33ac34e098f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622912
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72042}
`0x12345678` will be written to memory in the same order on BE
machines however, as Wasm is LE enforced, a memory load will
force a byte reverse operation on BE machines which changes the value.
To fix the problem, we write the reversed value to memory.
Change-Id: I0d562768d5cef823cb918ed1b57a2a41e404ffc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622927
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72041}
The dead target check in TransitionArrayNeedsCompaction, confirming that
Smi (uninitialized) targets imply that no other target is dead, has to
additionally support Smi entries.
Bug: v8:11305
Change-Id: I6f3fa9e7420b1bd0a64a25dae670f439e3f41162
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622914
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72040}
Make sure gcmole detects issue in DisallowGarbageCollection scopes.
DisallowGarbageCollection is widely used in the codebase to document
code that doesn't allocate. However, this has the rather unexpected
side-effect that gcmole is not run when such a scope is active.
This CL changes the default behavior of gcmole to run even with
DisallowGarbageCollection scopes present. This will give us the best
results of both worlds, dynamic checks by the fuzzer, and static
analysis by gcmole.
To allow crazy local raw pointer operations there is a new
DisableGCMole scope that explicitly disables gcmole.
Change-Id: I0a78fb3b4ceaad35be9bcf7293d917a41f90c91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615419
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72039}
Add a pre-loop over transition arrays during compaction, that checks
whether compaction is needed at all, and whether any of the entries are
still uninitialized values as part of deserialization (and therefore no
other targets can be dead). Bails out of compaction early if this is the
case.
Bug: v8:11305
Change-Id: I27af792a8a0bd3df17892f54ac95ed15e4bdfcc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622910
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72038}
.. instead of implicitly using -1 as a marker in a few spots.
Bug: chromium:1161357
Change-Id: Icfb9a2b81dbda844c8405c57454d63ae89dfe4f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2606336
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72037}
The frame pointer did not point to the previous frame pointer, which
made the stack non-iterable with SafeStackFrameIterator.
This can cause pointer authentication failures when CFI is enabled,
as we expect the value stored above the previous frame pointer to
be a return address.
Bug: v8:10026
Change-Id: Ia55181038b1b277d0a6df519f1e7f61859847b1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614429
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#72036}
... and fix an issue in TurboFan and issues in Liftoff.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I3493205ab56a4ded550af6fcd75c465f7d8894ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618246
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72035}
The watchdog previously didn't terminate execution, it just prevented
the execution of additional tasks.
This CL fixes that by making {TaskRunner::Terminate} actually terminate
execution in the isolate.
It also adds a regression test for this.
R=szuend@chromium.org
Bug: chromium:1154412, chromium:1142437
Change-Id: Ic6638e8a5c37e8840a85651b4d4bea2ee0f71c43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622212
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72031}
Use a bit to work around the issue of ICU getType() bug.
Bug: v8:11295
Change-Id: I15d65bd44c489031d789e7638ea8abab90128124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614216
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72028}
Rolling v8/build: d1a7463..d599553
Rolling v8/buildtools: 2277272..235cfe4
Rolling v8/buildtools/linux64: git_revision:0d67e272bdb8145f87d238bc0b2cb8bf80ccec90..git_revision:595e3be7c8381d4eeefce62a63ec12bae9ce5140
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e174329..d1a3011
Rolling v8/third_party/depot_tools: c1aa4ec..82b992a
Rolling v8/tools/clang: 01d7e1f..2246beeTBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: Ib358f0e49fab39cf13fb91a0db2a2b453b28c94a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2622902
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72026}
Prototype these 4 instructions:
- i64x2.widen_low_i32x4_s
- i64x2.widen_high_i32x4_s
- i64x2.widen_low_i32x4_u
- i64x2.widen_high_i32x4_u
Implementation is the same as x64.
Drive-by fix to add a missing CpuFeatureScope to x64.
Bug: v8:10972
Change-Id: Iacc84bce156053d0ac39b1a419727c93c499a8c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2612339
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72025}
Also remove some ifdefs since it is implemented on all architectures.
Bug: v8:10997
Change-Id: I06f82e2c67219a8990bdd7c78e63b1300c8f34d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2620907
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72024}
Implementation is the same as x64.
Disassembly support for the new instruction, pmulhrsw, is already
supported due to the macro list.
Bug: v8:10971
Change-Id: I099c4f8c3da521006ef5e2b151626f25a5df1ed9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2620898
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72021}
Currently, the CodeMap utilizes double indirection into a deque for
entries in its map. Since we don't reuse CodeEntry objects, this doesn't
confer any benefits really -- avoid this step and save memory by
maintaining only a single mapping.
Bug: v8:11054
Change-Id: I2cbc188ff64dd2faa9c4c03d9892b4c8e5e68794
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617746
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#72019}
This CL fixes a bug in the code generation for I32AtomicCompareExchange
in Liftoff on ia32. The problem is the inconsistency that
LiftoffAssembler::PeekToRegister(...) introduces to the cache state.
PeekToRegister loads the value from the value stack into a register, but
does not pop the value off the stack. When the value was already stored
in a register, the use counter of that register gets decreased, even
though the value is still on the stack.
The problem arises when this register later gets reused, which is
necessary unfortunately on ia32. When SpillRegister is called for this
register, all stack values that are stored in this register get written
to memory. SpillRegister uses the use counter of the register to detect
when the register was spilled to all stack slots that were cached by
this register. However, as described above, the value stack and the use
counter are inconsistent at that moment, so SpillRegister finishes
early and does not spill the register to all stack values, and this
causes the bug later.
With this CL the decrement of the use counter gets delayed until when
the value actually gets popped off the stack.
R=clemensb@chromium.org
Bug: chromium:1145135
Change-Id: I07cb256a7e5135dbce41b246c120650635ad2758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2602464
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72018}
In memory64, the index is a 64-bit value even on 32 bit. Thus the bounds
check needs to check explicitly that the high word is zero. The (pointer
sized) low word is then checked against the actual memory size.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: I311664ccadaec44a6c88777a60b1a3b45b6c0642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617088
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72016}
We're making a copy of ieee754.(cc|h) in Chromium in
crrev.com/c/2582607. To ensure this copy stays in sync, we're adding a
watchlist for changes on the original ieee754.(cc|h).
Also, watch for changes in dependency of ieee754.(cc|h)
overflowing-math.h, and for changes in the licenses (LICENSE.fdlibm).
Bug: chromium:1145192
Change-Id: I5a967266c8b5c5c973afc48d9b453915f228a268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2593649
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Caleb Raitto <caraitto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72015}
This adds a first execution test for memory64 in the form of a cctest.
Several things are still not working correctly, hence this test only
checks TurboFan on 64-bit systems, and Liftoff.
Bounds checks in Liftoff are fixed to work correctly on 32-bit.
Follow-up CLs will extend the test to also test TurboFan on 32-bit, the
interpreter, and traps. All of those features still have issues.
R=manoskouk@chromium.org
Bug: v8:10949
Change-Id: Ic7edcf3783421634fe2ec99eac6f257c557a29b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2610968
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72014}
For simplicity this CL includes a first crude conversion of
tickprocessor.mjs. Later CLs will introduce more ES6 syntax and clean
up more code.
Bug: v8:10667
Change-Id: Ief2ca623f5562114fb976a95d156e2ab3f961114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2611252
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72013}
This change unifies the locals, stack, and globals objects exposed for
WebAssembly frames via the Scope view and via DebugEvaluate to use the
same underlying objects (implemented via interceptors). This also
means that for locals and globals we now consistently expose names
prefixed by a dollar symbol everywhere.
Drive-by-fix: Move the debug::ScopeIterator implementation for WasmFrame
into debug-wasm-support.cc, so WebAssembly scope details are all found
in one place instead of scattered around the code.
Drive-by-cleanup: Rename GetJSDebugProxy to GetWasmDebugProxy for
consistency. GetJSDebugProxy is a bit misleading, since the debug proxy
is not about JavaScript, but just exposed to JavaScript.
Doc: http://bit.ly/devtools-wasm-entities
Bug: chromium:1159307, chromium:1127914, chromium:1162229
Change-Id: If932bd06bbce72542823f63dac1bd976ab33937a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615348
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72009}
1) Since we collect a stack trace for unhandled promises we might end up
invoking code right before the shutdown phase.
2) Any dynamic module import that happens in this phase will enqueue a
microtask job with a freshly allocated DynamicImportData object. It
only gets deleted when fully emptying the microtask queue.
3) Since we're exiting we might end up with a non-empty microtask queue.
4) LSAN detects this as a leak on shutdown.
To make LSAN happy again d8 now keeps track of DynamicImportData to
free them on destructing PerIsolateData.
Bug: chromium:1158223
Change-Id: I9bb21f71bffc75a0d5f4ffc5bf0727c7b4cbab88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2599755
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72008}
Previously the implementation of the scope iterator objects and the
debug proxy lived in src/wasm, and they are now being moved to
src/debug, to better align with the JavaScript debugging interface,
which also lives in src/debug.
Bug: chromium:1162229, chromium:1071432
Change-Id: I7f89ced88a1231ad6a923be6e85a93f1876a2024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2621084
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72007}
We shouldn't be creating those anymore since they are not thread-safe.
Bug: v8:7790
Change-Id: I4546d995fa32eb076c8dfe9d95301fad719c9e07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615347
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72006}
ToNumber was already returning base::Optional but it still needed to be
updated for the internal external uncached string case.
As a note, both IsExternal and IsSeqString do not need to be updated
since they only look at the map.
Bug: v8:7790
Change-Id: Icb5ba7f40982c01cada2a9c2b96b824edce70d44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2615422
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72005}
