Commit Graph

77107 Commits

Author SHA1 Message Date
Samuel Groß
5015c4ea74 Reland "[sandbox] Sandboxify WasmExportedFunctionData::sig"
This is a reland of commit 6ec7be21e6

The issues that caused the CL to be reverted appear to be unrelated
to this change as they still occurred after the revert.

Original change's description:
> [sandbox] Sandboxify WasmExportedFunctionData::sig
>
> This CL changes the WasmExportedFunctionData class to store a direct
> ExternalPointer to the wasm::FunctionSig instead of referencing it
> through a Foreign. This in turn makes it possible to use a unique
> pointer tag for that external pointer when the sandbox is enabled.
>
> Drive-by: move WasmInternalFunction::call_target external pointer to the
> end of the object, in line with other external pointer fields.
>
> Bug: v8:10391, v8:12949
> Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82523}

Bug: v8:10391, v8:12949
Change-Id: I108810ce86b95289dfb6d6377535813deac79a9f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838109
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82565}
2022-08-18 14:41:01 +00:00
Michael Lippautz
0145c20325 [heap] Fix test that requires manual GC scheduling
Bug: v8:13141
Change-Id: I05e905a40a572c7f85f60629b2303cd73ae06a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838731
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82564}
2022-08-18 14:39:58 +00:00
Feng Yu
97669ca6a1 [test] Migrate cctest/test-assembler-x64 to unittests/
Bug: v8:12781
Change-Id: I1bf06cd74b82e98f44e00f8d6e9049d1b92c86cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827121
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82563}
2022-08-18 12:41:11 +00:00
Michael Lippautz
01a8325a2c [heap] Provide base::Malloc::AllocateAtLeast and use in Worklist
Provides a v8::base::Malloc::AllocateAtLeast() method that is also
UBSan-safe and use it in the GC's worklist.

Depends on https://crrev.com/c/3834601

Bug: v8:13193
Change-Id: I1bd182e613fb3c6a5a6b90bf56f12bd210d5ef8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833818
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82562}
2022-08-18 12:27:25 +00:00
Camillo
d35f3e2bef [modules] Handle termination exceptions better
- Force RecordError in case of a TerminationException
- Remove Module::RecordErrorUsingPendingException
- Use more raw objects and instance methods if possible

Bug: v8:12379
Change-Id: Ia7e73715c3cdfe59d3fa324be3ce4213e454ff26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829087
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82561}
2022-08-18 12:22:40 +00:00
Camillo
2ee9b29362 [runtime] Reduce STACK_CHECK code footprint
Add outlined StackLimitCheck::HandleInterrupt helper for the uncommon
path.

Change-Id: Ib13dc84ac632f3455d5933748428f9550a23d435
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829088
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82560}
2022-08-18 12:21:37 +00:00
Michael Lippautz
3e825c77f9 [handles] Remove black allocation of traced nodes
Traced nodes were allocated black, even outside of GCs. Nodes would
always survive one GC, while the objects pointed to could die.

This CL removes black allocation and relies on proper write barriers
(that are anyways in place) to mark the nodes and their objects. This
also means that marked nodes should always point to live objects which
is now verified in the atomic pause.

Bug: v8:13141
Change-Id: Ie5cdc92d8fe5f57865d02b71d3fae9425ae532fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820070
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82559}
2022-08-18 11:43:06 +00:00
Matthias Liedtke
63261c2608 [wasm-gc] Disallow anyref in JS interop
Also fix eqref/i31ref fromJS() handling to accept unwrapped Smis.
This does not convert HeapNumbers to Smis if they fit.

Bug: v8:7748
Change-Id: Ida70a826f9541b7f3fbe9eecbb2b4fe362b5ef70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829477
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82558}
2022-08-18 10:47:58 +00:00
Samuel Groß
4e10c14edf [sandbox] Fix heuristics in EPT::StartCompactingIfNeeded
The previous code incorrectly rounded down the number of entries to free
to kBlockSize (expressed in KB) instead of kEntriesPerBlock (expressed
in # of entries) to compute the start of the evacuation area. Further,
depending on the block sized used, the previous heuristics does not
necessarily guarantee that at least one full block would be evacuated.
This CL fixes both of these issues.

Bug: v8:10391
Change-Id: I5ddecd5d582bcf89e1c52df431f006889685320a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837860
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82557}
2022-08-18 10:15:37 +00:00
Tobias Tebbi
fd8ab37e54 [compiler] handle DefineOwnProperty for global object
Bug: chromium:1353360
Change-Id: Id39bfb72ba0ffc6e547b907bb82599fb4a0529a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834255
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82556}
2022-08-18 09:47:56 +00:00
Jose Dapena Paz
b263815199 [profiler][etw] Simplify method name passed to ETW.
In existing implementation, of MethodLoad event,
the method name passed to ETW is coming from
CodeEventLogger::CodeCreateEvent, and includes
the source file or URL, column and line numbers, method name
and a marker for the kind of code generation.

This is partially redundant, as the reference to source ID
will point to the already generated SourceLoad event, with
the file information. Also, Windows Performance Analyzer will
already pick line and column number for the stack representation.

So, for those cases, we just need to send to ETW the script
method name. Even better, this changeset uses the DebugNameCStr
logic to retrieve the inferred name in case there is no name
available.

Bug: v8:12987
Change-Id: If09c1fedc9da158a3c72932655e2e6b09e818d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763862
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#82555}
2022-08-18 09:45:26 +00:00
V8 Autoroll
cfe9945828 Version 10.7.0
Change-Id: Ia8c534ccbec53fc2d59b6d357697513bfec3a015
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837856
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82554}
2022-08-18 09:17:36 +00:00
JianxiaoLuIntel
edc094a538 Fix trace_turbo crash
`mksnapshot --trace_turbo` will crash because builtins have no bytecode.

Bug: v8:7327
Change-Id: I61740b9ce934e85d158518787a2c7dc76c57e8d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834641
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82553}
2022-08-18 07:55:30 +00:00
Dominik Inführ
dc5c3ee5dd [heap] Add IncrementalMarking::AdvanceForTesting bottleneck
Introducing IncrementalMarking::AdvanceForTesting as last bottleneck
for driving incremental marking in addition to AdvanceFromTask
and AdvanceOnAllocation.

Now that we have those 3 bottlenecks, Step() and AdvanceWithDeadline()
can become private methods in IncrementalMarking. We also don't need
the StepResult return value in Step() anymore, which allows us to
remove CombineStepResult.

Bug: v8:12775
Change-Id: I702714439ef7ea4b9abf2156387503d4d00a7a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823131
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82552}
2022-08-18 07:50:29 +00:00
Matthias Liedtke
772f6c8bcd Reland "[wasm-gc] Add extern.externalize"
This is a reland of commit ee89a26977

Original change's description:
> [wasm-gc] Add extern.externalize
>
> This adds `extern.externalize(ref null any): ref null extern` to wasm
> which packs wasm objects into JS objects if the js-interop flag is not set.
> This is the counterpart to extern.internalize introduced in
> 50ec8a11f2.
>
> Bug: v8:7748
> Change-Id: I67b8fe6d70b9f526ff6c43b0a4d7861c7ff5dad0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825879
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82492}

Bug: v8:7748
Change-Id: Ie13cfd6464006dcadc2a53f2dbf77f76ab185504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829940
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82551}
2022-08-18 07:41:29 +00:00
Peter Kasting
aa963d6af4 Ensure member classes are fully defined before they're used.
This fixes a compile error in C++20.

Bug: chromium:1284275
Change-Id: If7f634f56bea94d594bd7a1e660b902dbebbab1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835291
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82550}
2022-08-18 07:29:59 +00:00
Dominik Inführ
94a954de2b [heap, maglev] Add shared barrier for Maglev generated code
Maglev write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.

Bug: v8:11708
Change-Id: I9ff5ead0517e9682672452f9868b16fa0dd94be2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834256
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82549}
2022-08-18 07:17:06 +00:00
Frank Tang
d5f29b929c [Temporal] Fix limits tests
1. Add if/throw based on IsValidEpochNanoseconds()
in DisambiguatePossibleInstants, ParseTemporalInstant, GetIANATimeZoneEpochValueAsArrayOfInstantForUTC,
GetIANATimeZoneEpochValueAsArrayOfInstant,
JSTemporalTimeZone::GetPossibleInstantsFor, and
InterpretISODateTimeOffset(
2. Add assert IsValidEpochNanoseconds in GetISOPartsFromEpoch
3. Fix ISODateTimeWithinLimits

These changes are syncing of the following PRs:
https://github.com/tc39/proposal-temporal/pull/2277
https://github.com/tc39/proposal-temporal/pull/2084
https://github.com/tc39/proposal-temporal/pull/2312
https://github.com/tc39/proposal-temporal/pull/2273
https://github.com/tc39/proposal-temporal/pull/2117

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-disambiguatepossibleinstants
https://tc39.es/proposal-temporal/#sec-temporal-parsetemporalinstant
https://tc39.es/proposal-temporal/#sec-temporal.timezone.prototype.getpossibleinstantsfor
https://tc39.es/proposal-temporal/#sec-temporal-interpretisodatetimeoffset
https://tc39.es/proposal-temporal/#sec-temporal-getisopartsfromepoch
https://tc39.es/proposal-temporal/#sec-temporal-isodatetimewithinlimits


Bug: v8:11544
Change-Id: I38244d039f33e294b698d470b587b1b44b72fa09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831150
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82548}
2022-08-17 21:49:08 +00:00
Frank Tang
7e86bb86f1 [Temporal] Sync to PR 2295
Pass OrdinaryObjectCreate(*null*) to DifferenceISODateTime in NanosecondsToDays
and to DifferenceZonedDateTime in AddDuration

https://github.com/tc39/proposal-temporal/pull/2295

Bug: v8:11544
Change-Id: Ied1860b755b1cebd0fbcbc4bd574cd525f108378
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835263
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82547}
2022-08-17 20:26:48 +00:00
Frank Tang
a94b566a75 [Temporal] Sync to PR 1954
Move calendar validation out of ParseTemporalCalendarString
Spec PR https://github.com/tc39/proposal-temporal/pull/1954

Bug: v8:11544
Change-Id: I4dbfcba1a9f5940d5692547b7ea212ebe45ca341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835265
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82546}
2022-08-17 20:24:21 +00:00
Frank Tang
d4122c665a [Temporal] Group invalid calendar-number test together
See issues in
https://github.com/tc39/test262/issues/3553
and
https://github.com/tc39/proposal-temporal/issues/2165

Bug: v8:11544
Change-Id: Iefe6353e95178e1241a7f29c80b24baad2a8428d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835266
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82545}
2022-08-17 20:23:18 +00:00
Frank Tang
a9ed44ba39 [Temporal] Sync to PR 1685
Pass undefined for option in calendar monthDayFromFields and
yearMonthFromFields

https://github.com/tc39/proposal-temporal/issues/1685

Bug: v8:11544
Change-Id: I3fd37e176bd83dc0b01d92a3c323d2933291c49b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835262
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82544}
2022-08-17 20:09:58 +00:00
Milad Fa
50cdbb31ff PPC/s390: [heap, baseline] Implement shared write barrier for baseline compiler
Port 805df68f56

Original Commit Message:

    Baseline write barrier needs to use different page flag mask to also
    call into the slow path of the barrier for old-to-shared pointers.

R=dinfuehr@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I00c179ac04b74b1196951ae4d8c868d312d5a856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834633
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82543}
2022-08-17 19:13:11 +00:00
Jakob Kummerow
564c0978f4 [stringrefs] Support stringrefs in DevTools inspection
When a string is in a local or on the value stack at a breakpoint,
DevTools should be able to show its value.

Bug: v8:12868
Change-Id: I79014d74c8ef7b212469382bdedca85568b3bcc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834038
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82542}
2022-08-17 19:12:09 +00:00
Shu-yu Guo
a849c595ed Revert "[wasm] Refactor compilation tier computations"
This reverts commit e50472d6a3.

Reason for revert: compilation-hints-decoder breakage
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20ASAN/45708/overview

Original change's description:
> [wasm] Refactor compilation tier computations
>
> The way we initialized the "compilation progress" was pretty convoluted,
> with multiple levels of functions being called for initializing every
> single slot.
>
> This CL refactors this to compute one default value for the whole
> module, and only modifies those slots that need special handling (e.g.
> because of compilation hints, or lazy/eager compilation after
> deserialization).
>
> We also rename "liftoff_functions" to "eager_functions" in the
> deserialization path; the idea is that those functions should get
> eagerly compiled because we expect them to be needed during execution.
> Usually they would be Liftoff-compiled, but it's more consistent to use
> the existing logic to choose the baseline tier. In the default
> configuration, this will still use Liftoff, but if Liftoff is disabled
> we will use TurboFan instead.
>
> R=​jkummerow@chromium.org, ahaas@chromium.org
>
> Bug: v8:12425
> Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82521}

Bug: v8:12425
Change-Id: I45cef01ea40c50c3b86fbceca9b482a9bded535e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835290
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82541}
2022-08-17 18:52:20 +00:00
Dominik Inführ
2b2e4e4267 Reland "[heap] Handle old-to-new slot promotion to shared heap"
This is a reland of commit 9cca4e60f1

This CL disables the mjsunit tests as well in single generation mode.

Original change's description:
> [heap] Handle old-to-new slot promotion to shared heap
>
> The GC might promote an in-place internalizable string from new space
> directly into the shared heap. This means that the GC might need to
> create OLD_TO_SHARED slots when updating OLD_TO_NEW slots.
>
> This CL implements this both for minor and full GCs.
>
> Bug: v8:11708
> Change-Id: I6102b9024d1dd5dd602d654b006ea5897ab5baa6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804604
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82298}

Bug: v8:11708
Change-Id: I9e96fe7c3f263d4088536d3a15af6d00fa82625e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828099
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82540}
2022-08-17 16:39:18 +00:00
Peter Kasting
9dbcf87fac Use constexpr more, especially in place of enums.
This fixes C++20 compile errors due to math between disparate enum types
being deprecated (e.g. ENUM_A_VAL | ENUM_B_VAL).

Bug: chromium:1284275
Change-Id: I7fc83888bb9c8156909cbc3ea1b30ef94d4a2c1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830986
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82539}
2022-08-17 16:32:49 +00:00
Dominik Inführ
805df68f56 [heap, baseline] Implement shared write barrier for baseline compiler
Baseline write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.

Bug: v8:11708
Change-Id: I955f30376f3de912b418298cdcf1e38dd2adda2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834254
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82538}
2022-08-17 15:31:27 +00:00
Victor Gomes
208bda4824 [bazel] Remove zlib dependency
That entails that V8 built with bazel does not support
snapshot compression.

NOTE: Snapshot compression has always been supported, but it has never
been enabled. We do not even have a flag for it.

Change-Id: I4b67db618be2c62e6a6f34e71eb0dac2ec26fa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834031
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82537}
2022-08-17 15:30:25 +00:00
Darius M
456202730c [compiler] Remove map check in StringRef::length
The "length" field of strings should never be mutated once it has
been initialized. This means that the checks done by StringRef::length
were never really useful. This CL thus removes them.

Bug: chromium:1352386
Change-Id: I49f681daad119553eb0d4f1c2315bff5138197d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829541
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82536}
2022-08-17 15:29:21 +00:00
Nico Hartmann
d8b8024e92 Revert "[sandbox] Sandboxify WasmExportedFunctionData::sig"
This reverts commit 6ec7be21e6.

Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64/47984/overview

Original change's description:
> [sandbox] Sandboxify WasmExportedFunctionData::sig
>
> This CL changes the WasmExportedFunctionData class to store a direct
> ExternalPointer to the wasm::FunctionSig instead of referencing it
> through a Foreign. This in turn makes it possible to use a unique
> pointer tag for that external pointer when the sandbox is enabled.
>
> Drive-by: move WasmInternalFunction::call_target external pointer to the
> end of the object, in line with other external pointer fields.
>
> Bug: v8:10391, v8:12949
> Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82523}

Bug: v8:10391, v8:12949
Change-Id: I18a7c9603e30d7cd78fd599e59596015260a5818
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834259
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82535}
2022-08-17 15:28:18 +00:00
Junliang Yan
5493270399 PPC/s390: [masm][cleanup] Refactor call related assembler options
Port 00746406cf

Original Commit Message:

    ... which affect how builtin calls are generated.

    This CL replaces the following boolean options
     - builtin_calls_as_table_load,
     - inline_offheap_trampolines,
     - short_builtin_calls,
     - use_pc_relative_calls_and_jumps,

    with an enum BuiltinCallJumpMode and a boolean option
    use_pc_relative_calls_and_jumps_for_mksnapshot.

BUG=
LOG=N

Change-Id: I9ad83d27fc5b295ca4827e9608d4be10f7b10551
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831638
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82534}
2022-08-17 14:33:26 +00:00
Jakob Linke
e24efa1d91 [maglev] Properly iterate ML frames during tierup
.. at which time, the standard ML frame is not yet set up. Instead, an
INTERNAL frame with a few fixed tagged stack slots is created in
preparation for the runtime call in GenerateTailCallToReturnedCode.

Bug: v8:7700
Fixed: v8:13192
Change-Id: Icd7adbc25aa6a5446a43a0fb3ee70c65ee33cc5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835683
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82533}
2022-08-17 14:32:24 +00:00
Dominik Inführ
5a50fed9d1 [heap] Add shared barrier to range barrier
The range barrier needs to update the old-to-shared remembered set as
well.

Bug: v8:11708
Change-Id: I79c077bb0131f026bd8c6726100df8c5b576eaca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828100
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82532}
2022-08-17 14:31:16 +00:00
Milad Fa
e43e535d8f Fix builds with no spark-plug support
Currently getting a link error during debug builds.

Change-Id: I6baab7ea0e22a4d0faf4863e8c3b44f550ec900f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834029
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82531}
2022-08-17 14:30:08 +00:00
Yahan Lu
4516d7ca44 Revert "[WATCHLISTS] Add riscv watch"
This reverts commit 776b9eb9d9.

Reason for revert: Wrong email address

Original change's description:
> [WATCHLISTS] Add riscv watch
>
> Change-Id: I6e4dc69d6f22d3108ae74552b72bcafc0be3db64
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793476
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82092}

Change-Id: Ie5a9c4ca42e77f1d07fcbe8fbb521e97a0ae7422
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834579
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82530}
2022-08-17 14:29:02 +00:00
Victor Gomes
e83e582c9c [maglev] Support Switch on PostDominatingHole calculation
A switch can only produce a hole if it does not have fallthrough.
This actually only happens for SwitchOnGeneratorState bytecode.

We calculate the highest post dominating hole by traversing each
target.

Bug: v8:7700
Change-Id: Ia86ac08b1062dc48296e24beb95b3e3c3418ea6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826045
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82529}
2022-08-17 14:28:00 +00:00
Junliang Yan
af44a17ac3 fix BE dcheck failure on visited_fields_
due the different offset values on BE vs LE, the field_index
is incorrect on BE causing the visited_fields_ not to be set
to false during reference iteration.

Change-Id: I8f451cee7f9a18990de7ff2c67c904b1769b4f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831639
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82528}
2022-08-17 14:26:58 +00:00
Victor Gomes
980b623494 [BUILD] Add v8_use_zlib flag
This allows V8 to be compiled without zlib.

Currently we use zlib for 3 features:
1. Snapshot compression. The cl asserts v8_snapshot_compression
   implies v8_use_zlib.
2. Compression of translation arrays (experimental flag). The runtime
   flag is only enabled if v8_use_zlib.
3. Snapshot checksums. We fallback to a simple Fletcher algorithm if
   v8_use_zlib is false.

Change-Id: If043c3c21bba4d734573d7e1199d3ddf17b84f41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833817
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82527}
2022-08-17 14:25:56 +00:00
Michael Lippautz
0c9083b59e Revert "Disable failing wasm/grow-memory test on arm64 mac"
This reverts commit a362c78e16.

Reason for revert: Failure is fixed now, see bug.

Original change's description:
> Disable failing wasm/grow-memory test on arm64 mac
>
> Bug: v8:13184
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Change-Id: I0200ce6e7877acf06cbffd8f7edd276119278f50
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829468
> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82434}

Bug: v8:13184
Change-Id: I3dbe2e710e036efcc5b6375687cfcb099091ae1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829941
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82526}
2022-08-17 14:24:54 +00:00
Patrick Thier
37d733baed Implicitly retreive hash from string forwarding table
When a name's hash is a forwarding index, HasHashCode() and hash() now
implicitly retreive the hash from the string forwarding table.

Bug: v8:12957
Change-Id: Ibb278df16b1ae6a54c7cbe757c65d3a5210168e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827880
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82525}
2022-08-17 14:23:51 +00:00
Qifan Pan
5c4267d52f [turbofan] Lower BigInt multiply with truncation information
Bug: v8:9407
Change-Id: Id4ca4682d3fe4b2222a656c80dff95e5c099d5ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822671
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#82524}
2022-08-17 14:22:48 +00:00
Samuel Groß
6ec7be21e6 [sandbox] Sandboxify WasmExportedFunctionData::sig
This CL changes the WasmExportedFunctionData class to store a direct
ExternalPointer to the wasm::FunctionSig instead of referencing it
through a Foreign. This in turn makes it possible to use a unique
pointer tag for that external pointer when the sandbox is enabled.

Drive-by: move WasmInternalFunction::call_target external pointer to the
end of the object, in line with other external pointer fields.

Bug: v8:10391, v8:12949
Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82523}
2022-08-17 12:30:39 +00:00
Ryan Everett
1001662d54 [baseline][arm64] Generate Sbfx instead of (Asr; Sxtw) when Untagging Smi values.
Very small change to the arm64 macro assembler.
This improves Preact by 0.8% on a Neoverse-N1 machine.

Change-Id: I867e73eb9b999e6f74fd54d72c6bf3f139d3b62f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833819
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82522}
2022-08-17 12:04:48 +00:00
Clemens Backes
e50472d6a3 [wasm] Refactor compilation tier computations
The way we initialized the "compilation progress" was pretty convoluted,
with multiple levels of functions being called for initializing every
single slot.

This CL refactors this to compute one default value for the whole
module, and only modifies those slots that need special handling (e.g.
because of compilation hints, or lazy/eager compilation after
deserialization).

We also rename "liftoff_functions" to "eager_functions" in the
deserialization path; the idea is that those functions should get
eagerly compiled because we expect them to be needed during execution.
Usually they would be Liftoff-compiled, but it's more consistent to use
the existing logic to choose the baseline tier. In the default
configuration, this will still use Liftoff, but if Liftoff is disabled
we will use TurboFan instead.

R=jkummerow@chromium.org, ahaas@chromium.org

Bug: v8:12425
Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82521}
2022-08-17 11:14:38 +00:00
ishell@chromium.org
196eaa1407 [ext-code-space] Support Code-less builtins
The Code-less builtins mode is still disabled.

Bug: v8:11880
Change-Id: I725ae4187bb394f79c69d5d0d971961e3ea406e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827879
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82520}
2022-08-17 10:45:38 +00:00
Jakob Linke
63a2836076 [maglev] Fix Sparkplug tiering in presence of Maglev
We should only tier to Sparkplug from Ignition. Previously, the
'!ActiveTierIsSparkplug' condition was correct since only Ignition (and
Sparkplug itself) entered the TieringManager. But now that Maglev is
also present, the condition must be clarified to 'ActiveTierIsIgnition'.

Bug: v8:7700
Change-Id: Ic7ea898facf9ce65407d09cead35e0181e49db31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835562
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82519}
2022-08-17 10:06:52 +00:00
Jakob Linke
30ab4668fc [code] Add a ShortPrint impl for CodeDataContainer
.. just because it's convenient to see the object type and code kind for
short prints.

Before:
 - code: 0x014c00257515 <Other heap object (CODE_DATA_CONTAINER_TYPE)>

After:
 - code: 0x39b7002573b1 <CodeDataContainer MAGLEV>

Bug: v8:11880
Change-Id: I02576ffdef509ed021fc5632ea19448387188130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826255
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82518}
2022-08-17 10:05:48 +00:00
Anton Bikineev
a199f0997d cppgc: Reenable pointer compression on all platforms but M1 and Fuchsia
M1 is known to have regression in MotionMark.
Fuchsia fails due to binary size increase.

Bug: chromium:1325007
Change-Id: I599c53bf1318dfcc7b40764e89df81b972374ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835682
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82517}
2022-08-17 09:44:28 +00:00
Jakob Linke
07b0574a39 Revert "[test] Migrate cctest/test-inspector to unittests/"
This reverts commit 437b311a18.

Reason for revert: Causes issues for other CLs: https://ci.chromium.org/ui/p/v8/builders/try/v8_linux_chromium_gn_rel/76508/overview

Original change's description:
> [test] Migrate cctest/test-inspector to unittests/
>
> test-inspector.cc -> inspector-unittest.cc
>
> Bug: v8:12781
> Change-Id: I37d2bc2d023ffd91b94d5a09cdbfe4a6e22fecf1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813062
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82512}

Bug: v8:12781
Change-Id: I3355e5828814fdd489f7d31ecb694419b95f9c5b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829939
Reviewed-by: Liviu Rau <liviurau@google.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82516}
2022-08-17 09:15:38 +00:00