This is a reland of commit 80fb281561
This CL fixes the signedness of rematerialized Numbers from immediates, which was introduced by the original change. Besides, BigInt truncation to zero bits is lowered to Int64Constant instead of NumberConstant of zero, which will flow into the state values directly.
Original change's description:
> [turbofan] Rematerialize BigInt64 in deopt
>
> This CL introduces two MachineTypes - SignedBigInt64 and UnsignedBigInt64, which are represented as Word64 but will be rematerialized to BigInt in deoptimization. This will avoid unnecessary conversions for BigInt64s when they are passed to StateValues.
>
> Bug: v8:9407
> Change-Id: I65fdee3e028ed8f9920b1c20ff78993c7784de48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858238
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Qifan Pan <panq@google.com>
> Cr-Commit-Position: refs/heads/main@{#83230}
Bug: v8:9407, chromium:1364319, chromium:1364400
Change-Id: I0b4e077b52f64af46018b6c045893bbd56153f32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899258
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83384}
V8-side implementation for trusted types fromLiteral.
Create a separate JSArray root map for template literal objects to
clearly identify untampered template literals belonging to a given
context.
Given that template literals are frozen arrays with a 'raw' property,
we don't expect additional polymorphism.
Drive-by-fix:
Avoid ValidateElements call in NewJSArrayWithElements.
Bug: chromium:1271149
Change-Id: I327b0fd99a2db3b57d35efa9293ddf2f14e555ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572044
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83383}
We set the JSArray's length to the elements's length before,
which is wrong when the elements have the slack part. We could
serialize the correct length and only the actual elements excluding
the slack part for JSArray's elements. And we do the same thing
for the objects to avoid serializing unnecessary elements.
Bug: v8:13304
Change-Id: Ib68e06f409bfcab5c57fb5532e188aa0099d1140
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905061
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83380}
We don't remove the code just yet in case we need to re-enable the
feature. This could be in case we discover workflows not covered by
the "Scope View" and the scopes we report on "Debugger.paused".
R=kimanh@chromium.org
Bug: chromium:1365858
Change-Id: I636cc861af932156944a3f6e0a149cce0f939329
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905185
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83379}
This reverts commit 2a7f86edcb.
Reason for revert: Blocking the roll (https://ci.chromium.org/ui/p/chromium/builders/try/mac-rel/b8802346196479466065/test-results?q=ExactID%3Aninja%3A%2F%2Fgin%3Agin_unittests%2FGinShellTest.HelloWorld+VHash%3A46648b293475ce2a&clean=)
Original change's description:
> Reland "[v8] Use |AllocateAtLeast| for resizing v8 zones."
>
> This is a reland of commit 4444874cdf
> This fixes a failure on the UBSan bots caused by assuming |Realloc| is always in-place if the new size is <= the value of |malloc_usable_size|.
>
> Original change's description:
> > [v8] Use |AllocateAtLeast| for resizing v8 zones.
> >
> > This is part of an ongoing effort to reduce fragmentation in Chrome. Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
> >
> > Bug: v8:13193, chromium:1238858
> > Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#83235}
>
> Bug: v8:13193, chromium:1238858
> Change-Id: I923bcbce8403dd7d84642340fd7202087b8a4440
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910268
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83372}
Bug: v8:13193, chromium:1238858
Change-Id: I32f9c4701a29c0516e3f587f1c6028e4d4158466
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909358
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83378}
Changes in preparation for incorporating IETF draft
https://github.com/tc39/proposal-temporal/pull/2385
The changes in this CL is needed to implement
https://chromium-review.googlesource.com/c/v8/v8/+/3901196
and several other PR just agreed on TC39
Rename DateRecord => DateRecordWithCalendar
Rename TimeRecord => TimeRecordWithCalendar
Rename DateTimeRecord => DateTimeRecordWithCalendar
Rename DateRecordCommon => DateRecord
Rename TimeRecordCommon => TimeRecord
Rename DateTimeRecordCommon => DateTimeRecord
Bug: v8:11544
Change-Id: I77397363569c15320154fe0b226036f8d6df74a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893552
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83375}
Blink has shipped import assertions since M91, so it is safe enough to
go straight to shipping here.
Bug: v8:10958
Change-Id: I3256172473a1ae8ce74e7fa63b14137e24568360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3911378
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83373}
This is a reland of commit 4444874cdf
This fixes a failure on the UBSan bots caused by assuming |Realloc| is always in-place if the new size is <= the value of |malloc_usable_size|.
Original change's description:
> [v8] Use |AllocateAtLeast| for resizing v8 zones.
>
> This is part of an ongoing effort to reduce fragmentation in Chrome. Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
>
> Bug: v8:13193, chromium:1238858
> Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83235}
Bug: v8:13193, chromium:1238858
Change-Id: I923bcbce8403dd7d84642340fd7202087b8a4440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910268
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83372}
This CL implements collection of garbage in the shared spaces in
the shared heap isolate. GC on such an isolate should now work
correctly without worker isolates. Support for worker isolates will
be implemented in a subsequent CL.
Bug: v8:13267
Change-Id: I30125ce3b791e2faa0504d065f23639d6106e6b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904647
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83371}
The string forwarding table invokes MakeThin even during a GC.
However during a GC we didn't update the invalidated object size for
OLD_TO_OLD because incremental marking was already stopped at that
point.
Change-Id: Ia2f0d2277b59b299c3c8bf5c3febbde634e3ec06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910028
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83368}
- Use non-idle tasks to be able to process finalizers on time.
- Only process finalizers while concurrent marking is still running.
Bug: v8:13294
Change-Id: I1a2812c3fc350ea679c4c916c230cf736f2aa3ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904648
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83367}
- Add Turboshaft to the wasm pipeline (behind a flag).
- Add a few operators.
- Implement SimplifyLoopsPhase, which ensures each loop has at most
two inputs.
- Remove the unneeded effect argument from
{FlagContinuation::FromTrap}.
Bug: v8:12783
Change-Id: I03a3f8cf3af40fc75bf57cfbad973b754b13dd8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899126
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83365}
There is no -0n, and we'd therefore never serialize such a BigInt.
But we can't trust serialized data to not have gotten corrupted
(or be fuzzer-generated), so guard against this case when
deserializing.
Fixed: chromium:1359937
Change-Id: If11d9a364480bae51911cc4a0ce8a719853139fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904414
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83362}
This test breaks when interrupts occur with unfortunate timing. Maglev
increases flakiness of this test since finished Maglev compiles all
raise a new interrupt (and interrupts abort-and-retry regexp
execution).
Disable concurrent recompilation for this test, and drive-by fix the
--trace-regexp-tier-up flag.
Bug: v8:7700
Change-Id: I170c911fe2308b0b5ad9941e695f11f8925455f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904604
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83359}
... to avoid it being accessible from BG threads.
Bug: v8:7700
Change-Id: I8fa7ac66016cb1f70925ed84a6552128d419f330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899128
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83356}
The DeepForEachInput helper was not incrementing the input_location
index in the IsResultRegister case, while other paths (graph printing,
code gen) were. Change these to consistently only increment the index
when the input is used (i.e. match DeepForEachInput).
Bug: v8:7700
Change-Id: Iaa54ef4e44db54023e3c19a088d14ad204bb2620
Fixed: chromium:1360800
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905722
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83355}
Correct the test expect result as the spec specifies the accumulator is 2*SEW
bits. Fix the simulator implementation as well.
R=qiuji@iscas.ac.cn
Change-Id: Ia5d11b3214cf32635c3767df75992b2a50ee6980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878452
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83354}
Correct the arguments for std::fma() to double as the instruction expects
both addend and destination are 2*SEW bits wide. Addressed corresponding
implementation in the simulator as well.
R=qiuji@iscas.ac.cn
Change-Id: Ib3963a61c00ee9dc73af019574a1665de406cc32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878448
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83353}
.. and just the option for now, there's no logic behind this yet.
--maglev-function-context-specialization enables FCS globally, and the
MaglevCompilationInfo stores for each compilation job whether FCS is
enabled.
Bug: v8:7700
Change-Id: I4c32fe93fca70ae3644588902e282910a9673b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905382
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83351}
... in Runtime_GrowArrayElements.
Runtime_GrowArrayElements is only used when the elements kind
is fast. And we could check the requested capacity according
to the elements kind and throw error early.
Bug: v8:13285
Change-Id: I68f59bc68995d622aac23be3e8daf05ac5fd5652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905062
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83350}
Only apply this optimization to the conditions that have multiple
branch uses.
Bug: v8:12484
Change-Id: Ieb74b8e879e62aa96344f2903f1fea6a1b769549
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902559
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#83347}
Fixing an issue in WasmInstanceObject::GetGlobalBufferAndIndex.
Bug: v8:13309
Change-Id: I52e65c109e43ce0300513604e71e587e1949f70a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3907666
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83345}
1. Correct the return type of RoundTowardsZero to fix issue with
double value > 2^64
2. In TemporalDurationToString:
a. Use std::fmod instead of % to get the remainder
b. Use extra xx_add variables to hold additional value which may
overflow the double during computation.
c. Use BigInt for days if the value is too large for double
to ensure the precision.
3. Add tests with Number.MAX_SAFE_INTEGER
and Number.MAX_VALUE in values for Duration toJSON in mjsunit
Bug: v8:11544
Change-Id: Icac4f669ed1c591e947b51c82dd48bdef7a6db6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900813
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83344}
As part of moving export wrappers to the isolate, it was tried to
compile them lazily on the main thread. This resulted in large
slowdowns in some cases, therefore we restore the eager parallel
compilation.
Bug: chromium:1365726
Change-Id: I9cc8d5728f3a5c71099f0e0fdcc605b37d4d6618
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905193
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83339}
On x64.release for linux this didn't affect binary size at all but
should improve readability of usages.
Bug: v8:7748
Change-Id: I46ecc9c2b4814244f6b5114f9ea199cd4d0220cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904602
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83337}
