It is currently incorrect and causing issues, put it behind a flag so
that we can fix these issues while working on the rest of maglev in
parallel.
Bug: v8:7700
Change-Id: Idab7056db1236366410c30c06473016842aee5ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3748659
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81612}
Merging register values can encounter constants, which are loadable but
don't have spill slots. Add support for these (in practice this is the
same behaviour, we're just fixing a DCHECK).
Bug: v8:7700
Change-Id: I9ab8ba1fc3a3a64fe16668bb317ad02f878f5849
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749579
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81611}
Duplicate subsections in the name section are disallowed by the spec.
Since the whole name section is optional, we shouldn't fail validation
because of it, but we'll ignore duplicate subsections.
Drive-by cleanup: reduce code duplication by reusing DecodeNameMap from
DecodeIndirectNameMap.
Fixed: chromium:1342338
Change-Id: Icae14c27a0255c6107517354f07ec8eb78d2a7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751211
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81608}
The stack-switching variant of the wasm-to-js wrapper was only generated
for js functions with matching arity. Also suspend for js functions with
mismatching arity and unknown callables.
R=ahaas@chromium.org
Bug: v8:12191
Change-Id: Iab3e2d85210c86a814ae1defab9cd57bf74d80d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749578
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81605}
Having interrupt budget updates be part of register allocation caused
various difficulties around gap moves for temporaries vs. gap moves for
phis. This patch splits them off into a separate node which is
separately allocated, and adds invariant checks that phi-updating nodes
don't do any other tricky register allocation.
Bug: v8:7700
Change-Id: I5a454fe4c5a5adff08d5a327ee34fbb43cda97ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751196
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81604}
This is a reland of commit 1ed7d0b8d1.
The (hopefully) last issue in chromium is fixed in https://crrev.com/c/3745533.
Original change's description:
> [flags] Enable freezing of flags
>
> This enables the --freeze-flags-after-init flag globally. Note that
> tests, fuzzers, Node and other still explicitly disable the flag. The
> chrome renderer process and default d8 execution will have it enabled
> though.
>
> R=cbruni@chromium.org
>
> Bug: v8:12887
> Change-Id: I9a15ef64227e5e6e04779d8d671a2c50d99c9097
> Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695264
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81214}
Bug: v8:12887
Change-Id: I6445c04abc55242d6e2f204d45ec9ce22c6ece34
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707284
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81603}
Limit the allowed module size in the streaming decoder to 256kiB to
avoid OOMs on systems that are very memory constained (32-bit ASan
builds).
Drive-by: Skip linting wasm fuzzer input files, as those are binary
files.
R=ahaas@chromium.org
Bug: chromium:1334577, chromium:1337558
Change-Id: Ie5599088fd25c0bc7c8f9f1a953d31fe61a21844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700073
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81602}
Parallel marking is running at the beginning of the atomic pause, so the
extraction of these objects must happen atomically.
Bug: v8:13045
Change-Id: I90d489597847e76ade7185cd7120816eddcdc9fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749204
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81593}
Now that we have block-lists this isn't strictly necessary anymore.
As a side-effect, AllocateRegister for results now can't use registers
used as inputs anymore either. We could explicitly use
FreeSomeRegister without blocklist in that case, but this CL doesn't
do that yet.
Bug: v8:7700
Change-Id: If4aef1face138e528dc4f8da674326805e4af67c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749194
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81592}
Merging typed slots in the marking barrier may require allocating a
new typed slots set. We need a CodePageHeaderModificationScope since
that slot set is actually written into the code page.
Bug: chromium:1336850, v8:12797
Change-Id: If3f7d2bb179c2554ea2888c5ad92f098bd29b1c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751210
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81590}
The test mjsunit/wasm/shared-memory-worker-gc is too slow on the gcov
bot.
No-Try: true
Bug: v8:13005
Change-Id: Idac2a6df836c981195d61f9c2737c06d548edb28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751204
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81587}
std::is_same is the wrong predicate to use because `unsigned long` need
not be equivalent to either `unsigned int` or `unsigned long long`.
Fixes: https://github.com/nodejs/node-v8/issues/229
Bug: v8:12982
Change-Id: Iafff3c6a33f841490fa66d48649d24f720c869f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749192
Auto-Submit: Ben Noordhuis <info@bnoordhuis.nl>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81581}
Refactor register saving (both general and double registers) as using a
PushAll helper taking a RegList.
Change-Id: I0ccdec091f60988cbdb6893eb9cdda11efd8e1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749176
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81580}
This field points to the start of an ArrayBuffer backing store, which
is guaranteed to be located inside the sandbox if it is enabled. As
such, this simply turns the field into a sandboxed pointer field.
Bug: chromium:1342548
Change-Id: I5a76e23cfc83b2a04cd461def1cd04337ccf5cf7
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749190
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81579}
Page allocation in a partially-reserved sandbox is generally best-effort
once the reserved part is fully allocated, which happens in this test.
As such, there is no guarantee that this test succeeds, and it does seem
to fail in practice on some bots with memory sanitizers enabled. The
same logic is essentially tested by the
VirtualAddressSpaceTest.TestEmulatedSubspace test so simply deleting
this test should be fine.
Bug: v8:13040
Change-Id: I1469bd9d2e330a6e834bb565ce4e7f5985be28a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749180
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81578}
Instead of just failing with a CHECK failure, do print the actual cycle.
Before:
# Check failed: iteration++ < 1000.
After:
# Cycle in flag implications:
--assert-types -> --no-concurrent-recompilation
--stress-concurrent-inlining -> --concurrent-recompilation
R=tebbi@chromium.org
Bug: chromium:1336577
Change-Id: I9707fbe19fbc3c27b54cf2ef7626a5f8825e8c60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707275
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81577}
To implement this, this cl introduces explicit check smi/heapobject
nodes that we use for the value (and also separate from CheckMaps
now). This will allow us to remove duplicate checks later.
The performance of StoreField itself isn't vastly better due to fixed
register requirements though.
Bug: v8:7700
Change-Id: I98caa290c88be64f41154fd232bde98fb46ce497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747870
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81576}
This adds support for a better error message when wasm code generation
is not allowed. Chrome will use this new API here: https://chromium-review.googlesource.com/c/chromium/src/+/3738183.
Bug: chromium:1255058
Change-Id: I8c9639c4fd08d1dff0a5a2fc6a8360f40a7e140e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3740721
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Paul Semel <paulsemel@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81573}
Unused as of this CL; users will follow.
Bug: v8:12917
Change-Id: I6c615fc53e782f7f00c8a20a00aabea08f3e4605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742699
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81566}
Maglev groups all its tagged spill slots together, and the number of
them doesn't change. This means that the generality of the existing
safepoint mechanism is massive overkill for maglev code.
This patch adds a maglev-specific safepoint table, which is the
safepoint of a code object if-and-only-if that code object has maglev
code. This safepoint stores the number of tagged and untagged slots
once, globally, and individual entries are just used for deopts and for
storing the state of pushed registers (this is currently unused, but
will be used in the future for pushing registers in deferred calls).
Bug: v8:7700
Change-Id: I15f84a6e957357825e84e33238f8a36f2e0b3012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747858
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81564}
We don't build with bundled sysroot on gcc builders, hence we need to
match the sysroot on tester bots. There is already a number of
Focal bots in chromium.tests and the capacity needed for these gcc
bots is insignificant.
No-Try: true
Bug: chromium:1307180
Change-Id: Id9d3d08bdb09923cf919b17286c949c6ac9005ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747872
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81563}
