Causes flakyness in TSAN runs when flag is written by EnforceFlagImplications
and read by ConcurrentMarking.
BUG=v8:8924
Change-Id: I2b0bf0fbb678e03492d7ed13e48657de9316b700
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505796
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60062}
This CL builds on top of feedback preprocessing. It brokerizes
all parts of element access reduction and disallows heap access there
(except for debug tracing).
To make this work without breaking tests (when concurrent inlining is
enabled):
- We don't inline functions that weren't serialized for compilation.
- We don't optimize for constant typed-array receivers when the typed
array wasn't serialized.
This means that from now on --concurrent-inlining (and thus --future)
may result in less optimization than the default configuration.
Bug: v8:7790
Change-Id: I22685258b7d841fc9183bf99775d3f09cd272927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495556
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60061}
When VTune JIT support is enabled, the WasmEngine of an Isolate tries to
enable code logging by EnableCodeLogging() method. This multithreaded
method requires a Mutex for safety. However, as the WasmEngine is not
created, the Mutex of it is not initialized. An attempt of acquiring
this Mutex results in an error. The bug is fixed by creating WasmEngine
before it enables code logging.
Change-Id: I59e749190288ec412f6661233e8f62b0dff3cd7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1337376
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60060}
... when the latter is not already available.
Bug: v8:8834
Change-Id: Ib45b0e04c35a797e2d36a96b891ff1f82d4de02c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505574
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60059}
This piggy-backs off similar support for lite mode, which silently skips
tests that require optimization in lite (and now jitless) modes.
Bug: v8:7777,v8:8778, v8:8885
Change-Id: I666d92685ca71682224028743f02d0cce3723135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503758
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60057}
... when pointer compression is enabled and some number of cleanups.
Bug: v8:7703
Change-Id: If7344abf68a1c4d54e4a79d066dc185f25055d7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477737
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60056}
Yu Yin is working for company that is willing to maintain MIPS ports
therefore I am transferring ownership to Yu Yin.
No-Presubmit: true
TBR=mstarzinger@chromium.org
NOTRY=true
Change-Id: Ibb534165a1a67ad65a58ea85f5885a70b59302be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505454
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Predrag Rudic <prudic@wavecomp.com>
Commit-Queue: Predrag Rudic <prudic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#60054}
Unicode v12 was released today:
https://unicode.org/versions/Unicode12.0.0/
This patch updates the following sequence property escapes per
Unicode 12:
- Emoji_Flag_Sequence (no changes)
- Emoji_Keycap_Sequence (no changes)
- Emoji_Tag_Sequence (no changes)
- Emoji_ZWJ_Sequence
Note that Emoji_Modifier_Sequence is still using Unicode 11 data. This
will be fixed automatically once a version of ICU with Unicode 12 support
rolls into V8, at which point I'll update the relevant tests.
Bug: v8:7467
Change-Id: Iba575a471382ba7b029da06c2868c368ff43c649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503764
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60052}
Port https://crrev.com/c/1469821
Original Commit Message:
Refactor the CallApiCallback builtin to
- pass the context as with other stubs, and
- pass holder and call data in registers.
This avoids having to place holder and call data onto the stack, and
thus makes it possible to easily call the CallApiCallback builtin from
other builtins while just forwarding the (stack) arguments. The idea
is to use this in the future to optimize the general case of calling
into any API method via a FunctionTemplateInfo and doing appropriate
security and/or interface checks upfront as necessary (eventually making
the HandleApiCall C++ builtin obsolete at some point).
Change-Id: Ice52b68678fbea69e765c22daa3134524860e5de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505234
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Predrag Rudic <prudic@wavecomp.com>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60049}
This CL refactors the torque-compiler module slightly to allow
compilation of string inputs in addition to file path inputs. The
added functionality is then used to implement the first
'goto type defintion' unit test.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: I178a387abda6e319e66d41c50431cb139ac6e9f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503263
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60047}
This adds overloads of v8::Isolate::{Add,Remove}MicrotaskCompletedCallback,
that use MicrotasksCompletedCallbackWithData, and marks the original one
as V8_DEPRECATE_SOON for transition.
Bug: v8:8124
Change-Id: I124c3108545e1a2b29cd95620f36901431663c65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1493766
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60045}
This reverts commit 83fa171781.
Reason for revert: Mac ASan failure. This also happens for WebRTC and is due to this change: https://chromium-review.googlesource.com/c/chromium/src/+/1500198
Original change's description:
> Update V8 DEPS.
>
> Rolling v8/build: 80892bf..0416321
>
> Rolling v8/third_party/depot_tools: cf661ac..7e68767
>
> TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org
>
> Change-Id: I029046d9e7fbceaed48d94e9e20c2eba61b08cac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1504778
> Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#60043}
TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org,v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com
Change-Id: If8c60c8d83f70a0fc966d7bda00999bc5630431e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505272
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60044}
This is in preparation for the removal of Unibrow.
Bug: v8:8362
Change-Id: Icb969457e71d64d765eaf0fd1d0b8b9c6b6eb388
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1490572
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60042}
The bulk memory operations should not bounds check ahead of time, but
instead should write as many bytes as possible until the first
out-of-bounds access.
Bug: v8:8890
Change-Id: Ia8179fe268fc65816c34a8f3461ed0a0d35600aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497520
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60040}
Align the Table implementation limits with the JavaScript Embedding
limits defined in the specification (from MAX_UINT32 to 1e7).
Introduce a new helper (max_table_init_entries) that returns the
maximum number of Table entry at initialization. It takes into account
the maximum Table size, which can be passed by a flag.
Bug: v8:8633
Change-Id: Idfa19418e81f478f7886a30876e66c9b216e25ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496971
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60036}
This reduces the number of {BackgroundCompileScope}s per compilation
unit from 2 to 1. This reduces the number of concurrent accesses to the
{SharedMutex}.
R=ahaas@chromium.org
Bug: v8:8916
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Change-Id: I872683101dfc9361aa7054ea67f16e3f3f2b82b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495989
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60034}
In the recent port of reduce() and reduceRight(), a check for a length
change during the loop (standard for iterating builtins) was omitted.
We did get array bounds check protection, however it didn't expose
the issue in our tests because the bounds check is against the
backing store length, not against the length in the referring JSArray.
Also added a test for reduceRight().
R=jgruber@chromium.org
Bug: chromium:937676
Change-Id: I76e22e0d71965bff84a0822b1df5dc818a00b50e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503732
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60033}
Port 9c7b6e1e8a
Original Commit Message:
This is the implementation of crrev.com/c/766371 for arm.
Original description:
Add the ability to return (multiple) return values on the stack:
- Extend stack frames with a new buffer region for return slots.
This region is located at the end of a caller's frame such that
its slots can be indexed as caller frame slots in a callee
(located beyond its parameters) and assigned return values.
- Adjust stack frame constructon and deconstruction accordingly.
- Extend linkage computation to support register plus stack returns.
- Reserve return slots in caller frame when respective calls occur.
- Introduce and generate architecture instructions ('peek') for
reading back results from return slots in the caller.
- Aggressive tests.
- Some minor clean-up.
R=ahaas@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, miladfar@ca.ibm.com
BUG=
LOG=N
Change-Id: I83df1af8c49f6d6c5b529db599fce61a1da2490d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496549
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60032}
When a function is exported from a WebAssembly module, it is implicitly
wrapped in a WasmExportedFunction. For functions that were imports into
this module, the exported function appears like other Wasm function,
e.g. can be used in tables. When that exported function was re-imported
to another module, the logic to compute the import kind mistakenly
assumed the exported function was indeed originally a Wasm function
and tried to call it directly, instead of treating it like an imported
JS function.
R=ahaas@chromium.org
BUG=v8:8947
Change-Id: Ib8fac81fbe0f49c50cfbfb2e69d9bb60aef91fcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503632
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60031}
This allows us to change the page size without affecting Scavenger
heuristics and performance.
Bug: chromium:852420
Change-Id: Idcff4296e88e16f9af0ee6ecd00c63d789866fd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499494
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60028}
The `TurboAssembler::CallRecordWriteStub()` method which generates out-of-line
code to call the write barrier would push and pop arguments to move them to
different registers. Let's use `mov` instructions instead, making sure we handle
overlapping registers.
Change-Id: Ideb654cd558e984ccb90c7cf44b1c2c49f1c5b50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499496
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60026}
This CL changes the language server to store file paths as URIs and
decodes them on-demand during compilation. For now, this will
eliminate the need for an URI encoding function.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: If79f635cb60035f58712c1458ecca3bfa23a6e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1502992
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60025}
Launching Python scripts can fail on Windows if the Python executable
isn't given as the first argument to the shell. This change adds the
path of the current Python executable, as per the behavior of v8gen.py
Change-Id: Iedaf57bcafc4c6aa6ebb89e945ee967cf393da04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497522
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60023}
This reverts commit 821bc64951.
Reason for revert: Fails on ARM hardware :(
https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/9271
Original change's description:
> [wasm simd] Fix F32x4 Min and Max
>
> - Fix F32x4 tests to save results in globals, so they can be checked
> in C++ code. Perform correct checks in case of NaNs.
> - Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
> deal with NaNs.
> - Enable tests for all float values on all platforms, except skip
> denormalized results on ARM, and skip extreme values for reciprocal,
> reciprocal square root approximation opcodes.
> - Disable Min, Max test for interpreter (see v8:8425) since it doesn't
> handle NaNs correctly.
> - Fix vmin, vmax implementations in ARM simulator.
>
> Bug: v8:8639
> Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60021}
TBR=bbudge@chromium.org,gdeepti@chromium.org
Change-Id: Ib0dc8395ff86263fe0c02faa53d90c7da46b50a6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8639
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501732
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60022}
- Fix F32x4 tests to save results in globals, so they can be checked
in C++ code. Perform correct checks in case of NaNs.
- Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
deal with NaNs.
- Enable tests for all float values on all platforms, except skip
denormalized results on ARM, and skip extreme values for reciprocal,
reciprocal square root approximation opcodes.
- Disable Min, Max test for interpreter (see v8:8425) since it doesn't
handle NaNs correctly.
- Fix vmin, vmax implementations in ARM simulator.
Bug: v8:8639
Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60021}
Passive elements have a different binary format, where the contents are
instructions instead of function indexes:
0xd0 0x0b -> (ref.null)
0xd2 var:x 0x0b -> (ref.func x)
Bug: v8:8891
Change-Id: Ie7e8efe7b5acdf99622880dd97d28d3c13744dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497516
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60020}
This reverts commit f8a676707d.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/25576
I don't think I've seen MSAN being flaky. Chances are that the change to SFI's object layout indeed left some field uninitialized.
Original change's description:
> Remove builtin-function-id in SFI
>
> builtin_function_id corresponded to BuiltinFunctionId (a manually maintained list of 'interesting' functionsmainly used during optimization). With this change, we nuke builtin-function-id in favor of builtin-id and 8 bits is freed up in SFI.
>
> Bug: v8:6993
> Change-Id: Iee9b539475bc6531c9aa65b1904d1402a9ef30db
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495898
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60017}
TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org,bmeurer@chromium.org,duongn@microsoft.com
Change-Id: Ic3964ce182ddbd7ef529ddb8b78b9bdfb1be7887
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499500
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60018}
builtin_function_id corresponded to BuiltinFunctionId (a manually maintained list of 'interesting' functionsmainly used during optimization). With this change, we nuke builtin-function-id in favor of builtin-id and 8 bits is freed up in SFI.
Bug: v8:6993
Change-Id: Iee9b539475bc6531c9aa65b1904d1402a9ef30db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495898
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60017}
If buffer_ is empty and start_ is zero, even though the MemCopy would be
a no-op, &buffer_[start_] is undefined. buffer_.data() + start_ would
work, but due to a C/C++ language bug, that is technically undefined
too[*] if an empty buffer_.data() returns nullptr, so add a length() ==
0 check, matching methods above.
This was caught by building with _LIBCPP_DEBUG=0.
[*] https://www.imperialviolet.org/2016/06/26/nonnull.html
Bug: chromium:893810
Change-Id: I9f0834ffae6769e0e191e786842e6ecc6c95a58a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1483616
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60016}
AllocateUninitializedJSArrayWithElements into the method.
Prior to the change, if the caller forgets to handle empty case on
their side, AllocateUninitializedJSArrayWithElements would allocate a
new empty FixedArray rather than return the canonical one. This refactor
shifts the burden of canonicalization from the callers to
AllocateUninitializedJSArrayWithElements.
Bug: v8:6777
Change-Id: I1246cb288861b65b51938414a454f21af78f8399
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1480330
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60015}
Moving to gtest allows negative test cases as the current parser
implementation exits the process on a parser error. The CL adds two
small negative tests. The idea is less to get full coverage, but to
have a place for regression tests.
Drive-by-change: Lexer errors need a valid source position scope and
Json parser needs a valid SourceId, otherwise we read OOB when the
error message is generated.
R=petermarshall@chromium.org
Bug: v8:8880
Change-Id: I56c4b9e0a29c8333b2e5e44f8116e5178552d2f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1498472
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60014}