This CL includes the following minor cleanups:
* Renames MakeRaisesException -> MakeWithErrorSupport
* Removes remaining WrapperTraits related code
* Makes the public header follow the IWYU principle
Bug: chromium:1052746
Change-Id: I60e730fa15f9bde421a7b6273093c84870666a64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316296
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69043}
... that controls whether the TF graph zones should support compression.
Bug: v8:9923
Change-Id: Ifbe237b75e9c92e62eb32b69d6b3b1a818269b83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308347
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69036}
* Added GN flag v8_enable_zone_compression.
* AccountingAllocator supports allocation of zone segments via both
malloc/free and bounded page allocator. The latter implementation is
known to be not efficient yet. This issue will be addressed in a
follow-up CLs.
* Add support_compression flag to Zone constructor/instance.
Bug: v8:9923
Change-Id: I12ee2d85267dd16f455b1b47edc425dc90c57bcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308345
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69035}
This adds an internal property [[IsDetached]] to the inspector preview
of ArrayBuffer instances, which indicates whether the ArrayBuffer was
detached (i.e. transfered via `postMessage`). Previously it was rather
impossible to tell whether an ArrayBuffer was detached, you had to know
that V8 violates the ECMAScript specification and simply sets the
byteLength accessor to 0 upon detaching an ArrayBuffer (but even then it
was still impossible to tell whether that ArrayBuffer wasn't simply an
empty one from the get go).
Before: https://imgur.com/UcOF83c
After: https://imgur.com/WjmTehZ
Fixed: chromium:1109102
Change-Id: I8fb6e2be2fbfe5c62b05dc9d2a0f18378eb4de6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316075
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69034}
The following adds support for JSMember through the existing
GlobalHandles implementation also used for TracedReference.
In addition, JSMember now supports set, clear, copy, move, comparison
and interaction with Local.
Bug: chromium:1056170
Change-Id: Ia50218bcfe4c056b3533a5b14eea954ade1da243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2310357
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69028}
A small step for a JSFunction, one giant leap for V8.
Tbr: clemensb@chromium.org
Bug: v8:8888
Change-Id: I968bb819763994ec611cde7e502adea30339a387
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315979
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69018}
Design doc:
https://docs.google.com/document/d/1szInbXZfaErWW70d30hJsOLL0Es-l5_g8d2rXm1ZBqI/edit?usp=sharing
V8 can already collect data about how many times each basic block in the
builtins is run. This change enables using that data for profile-guided
optimization. New comments in BUILD.gn describe how to use this feature.
A few implementation details worth mentioning, which aren't covered in
the design doc:
- BasicBlockProfilerData currently contains an array of RPO numbers.
However, this array is always just [0, 1, 2, 3, ...], so this change
removes that array. A new DCHECK in BasicBlockInstrumentor::Instrument
ensures that the removal is valid.
- RPO numbers, while useful for printing data that matches with the
stringified schedule, are not useful for matching profiling data with
blocks that haven't been scheduled yet. This change adds a new array
of block IDs in BasicBlockProfilerData, so that block counters can be
used for PGO.
- Basic block counters need to be written to a file so that they can be
provided to a subsequent run of mksnapshot, but the design doc doesn't
specify the transfer format or what file is used. In this change, I
propose using the existing v8.log file for that purpose. Block count
records look like this:
block,TestLessThanHandler,37,29405
This line indicates that block ID 37 in TestLessThanHandler was run
29405 times. If multiple lines refer to the same block, the reader
adds them all together. I like this format because it's easy to use:
- V8 already has robust logic for creating the log file, naming it to
avoid conflicts in multi-process situations, etc.
- Line order doesn't matter, and interleaved writes from various
logging sources are fine, given that V8 writes each line atomically.
- Combining multiple sources of profiling data is as simple as
concatenating their v8.log files together.
- It is a good idea to avoid making any changes based on profiling data
if the function being compiled doesn't match the one that was
profiled, since it is common to use profiling data downloaded from a
central lab which is updated only periodically. To check whether a
function matches, I propose using a hash of the Graph state right
before scheduling. This might be stricter than necessary, as some
changes to the function might be small enough that the profile data is
still relevant, but I'd rather err on the side of not making incorrect
changes. This hash is also written to the v8.log file, in a line that
looks like this:
builtin_hash,LdaZeroHandler,3387822046
Bug: v8:10470
Change-Id: I429e5ce5efa94e01e7489deb3996012cf860cf13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220765
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69008}
DateTimeFormat's fractionalSecondDigits shipped in M84, so we
can drop the --harmony_intl_dateformat_fractional_second_digits
flag now.
Bug: v8:10485
Change-Id: If7a1a8599722073d7382635219a6fb46cdc47474
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311410
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69007}
This CL fixes passing the receiver of a fast call as an effect input
only in cases where the opcode supports it.
It also introduces a test for callbacks without fallback support and a
test where ConvertReceiver is not introduced.
Bug: chromium:1052746
Change-Id: I6f396f4c9cbaab7ae915c908a9f805d9770f8946
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312777
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69005}
Bug: v8:10720
Change-Id: I7a05bfb3c87c4f0f5516608da5d42fdaff466536
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304572
Commit-Queue: Richard Stotz <rstz@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69001}
This reverts commit d8f8a7e210.
Reason for revert: Breaks code_serializer variant - https://cr-buildbucket.appspot.com/build/8874070652992164976
Original change's description:
> Reland "[flags] warn about contradictory flags"
>
> This is a reland of b8f9166664
> Difference to previous CL: Additional functionality to specify
> incompatible flags based on GN variables and extra-flags, used
> to fix the issues that came up on the waterfall.
>
> This also changes the rules regarding repeated flags: While
> explicitly repeated flags are allowed for boolean values as long
> as they are identical, repeated flags or explicit flags in the
> presence of an active implication are disallowed for non-boolean
> flags. The latter simplifies specifying conflict rules in
> variants.py. Otherwise a rule like
>
> INCOMPATIBLE_FLAGS_PER_EXTRA_FLAG = {
> "--gc-interval=*": ["--gc-interval=*"],
> }
>
> wouldn't work because specifying the same GC interval twice
> wouldn't actually count as a conflict. This was an issue with
> test/mjsunit/wasm/gc-buffer.js, which specifies
> --gc-interval=500 exactly like the extra flag by the stress bot.
>
> Also, this now expands contradictory flags checking to d8 flags
> for consistency.
>
> Original change's description:
> > [flags] warn about contradictory flags
> >
> > Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> >
> > Bug: v8:10577
> > Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#68168}
>
> Bug: v8:10577
> Change-Id: I268e590ee18a535b13dee14eeb15ddd0a9ee8341
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235115
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68989}
TBR=machenbach@chromium.org,neis@chromium.org,clemensb@chromium.org,tebbi@chromium.org,tmrts@chromium.org
Change-Id: I7969065b0edbc463a94e530485bc2ab623d77b62
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312782
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68992}
The object is passed now as an v8::ApiObject instead of unwrapped
C++ pointer and the embedder should do the unwrapping.
Bug: chromium:1052746
Change-Id: If5671c5fdbbe8d58435c7bd9aceccf5e17f8ea21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304571
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68991}
This is a reland of b8f9166664
Difference to previous CL: Additional functionality to specify
incompatible flags based on GN variables and extra-flags, used
to fix the issues that came up on the waterfall.
This also changes the rules regarding repeated flags: While
explicitly repeated flags are allowed for boolean values as long
as they are identical, repeated flags or explicit flags in the
presence of an active implication are disallowed for non-boolean
flags. The latter simplifies specifying conflict rules in
variants.py. Otherwise a rule like
INCOMPATIBLE_FLAGS_PER_EXTRA_FLAG = {
"--gc-interval=*": ["--gc-interval=*"],
}
wouldn't work because specifying the same GC interval twice
wouldn't actually count as a conflict. This was an issue with
test/mjsunit/wasm/gc-buffer.js, which specifies
--gc-interval=500 exactly like the extra flag by the stress bot.
Also, this now expands contradictory flags checking to d8 flags
for consistency.
Original change's description:
> [flags] warn about contradictory flags
>
> Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
>
> Bug: v8:10577
> Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68168}
Bug: v8:10577
Change-Id: I268e590ee18a535b13dee14eeb15ddd0a9ee8341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235115
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68989}
Some platforms disable reading of bytes in the .text section,
so move the metadata into a separate .rodata section.
Bug: v8:10707
Change-Id: I30ef7a180f489f175c31f9d4dcd02115c9f516c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2301113
Commit-Queue: Toan Pham <toanpham@google.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68984}
This CL introduces a new pipeline mode in which each optimization
triggers both a Turbofan and an NCI compilation job. The TF code is
installed, the NCI code is inserted into the code cache for future
consumption by other contexts.
--turbo-nci enables this mode.
The old configuration (with NCI replacing TF) is still available under
the --turbo-nci-as-highest-tier flag. This flag remains useful for
testing purposes.
Drive-by: Refactor tracing in compiler.cc.
Bug: v8:8888
Change-Id: I62522e61788762250ff717eef84eae914e266f3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299360
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68983}
If we insert a second SIMPLE_PROPERTY_ARRAY we move from kWeakRef
encoding to kFullTransitionArray encoding. As always, we are searching
in the meantime in a background thread.
Bug: v8:7790
Change-Id: I5e3d85657dda4c199e50b9c35e7f617f1821a8f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243218
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68980}
This CL makes the ScriptContextTable concurrently accessible from the
background thread (in particular ScriptContextTable::get_context).
A cctest is added to check synchronization with tsan.
Bug: v8:7790
Change-Id: I2e2dc8c6a7cfa369787959c4d5ed5f357f4720fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260567
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68979}
The load splat, load extend, load zero macros are essentially the same,
consolidate them into a single macro.
Change-Id: Ic812043b37524deb3a9e6ddc223bb95ae77e1d4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304715
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68978}
v128.const (kExprS128) is the only constant expression supported
(similar to the other value types).
Bug: v8:10731
Change-Id: I9b11b47a851903dfd79d3590eff67b615057f81c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308389
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68975}
Prototype in TurboFan x64 and interpreter, bailout in Liftoff.
Suggested in https://github.com/WebAssembly/simd/pull/237.
Bug: v8:10713
Change-Id: I5346c351fb2ec5240b74013e62aef07c46d5d9b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300924
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68973}
On desktop systems, we use a very basic tiering strategy: Everything is
initially compiled with Liftoff, and once that is done, the module can
start being used. Concurrently to the execution, we re-compile all code
with TurboFan, and hot-swap each function once TurboFan finishes.
We should start using a more dynamic strategy where each function is
tiered-up when judged necessary. This change will then tier-up each
liftoff function once it has been called 5 times.
I then added a counter in the native module, that is updated directly
from Liftoff code, and a runtime call is then made when the counter
reaches the goal.
R=clemensb@chromium.org
CC=thibaudm@chromium.org
Bug: v8:10728
Change-Id: I8dc2b02fdff8d97781bb1cf496886594b3d7f644
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2306803
Commit-Queue: Arnaud Robin <arobin@google.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68971}
V8 already depends on cppgc_base which means that unittests does not
need to depend on cppgc_for_testing any longer.
Move the cppgc_for_testing dependency to the stand-alone
cppgc_unittests binary
Bug: v8:10674
Change-Id: I07bfe30901eb1683d2e0ee0189f73b5244884f27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2310249
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68970}
With work on NCI proceeding, it makes sense to test multiple
pipeline configurations.
The nci variant (passes --turbo-nci) now spawns dedicated NCI
compilation jobs and inserts generated code into the code cache.
The nci_as_highest_tier variant (passes --turbo-nci-as-highest-tier)
simply replaces TF with NCI code (no extra jobs, no extra caching).
This mode stresses NCI generated code more than the nci variant, in
which NCI code only runs on cache hits.
Bug: v8:8888
Change-Id: I4c2a43cce5271a6c288e7aba195dcc9daed6af9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299361
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68964}
They have been replaced with {array,struct}.new_with_rtt.
Also, rework tests that used those instructions.
Bug: v8:7748
Change-Id: I2aaccb1958bf2b8d6cad4969abc612216856393d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307318
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68961}
For debugging code, disable opcode merging. Otherwise, the effect of the
first merged opcode would not be observable when stepping.
R=thibaudm@chromium.org
Bug: v8:10350
Change-Id: Id656c9dee8f9676bf3d7881f3782e5ead76b5e71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2306802
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68960}
We currently still merge opcodes (i.e. i32 comparisons plus a br_if).
This CL adds a test for this, which checks for the current behaviour.
A follow-up CL will fix this and update the expected output accordingly.
R=thibaudm@chromium.org
Bug: v8:10350
Change-Id: I846aa931a3ec1a27043f04e830503d5732ae473e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307232
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68957}
I was looking around and couldn't find any tests for select with v128
params. Adding it for completion.
Change-Id: I9e3770e37eaddb23fc99649579b175536c1df844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2308093
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68951}
The CanTailCall check only passes if the return locations are the
same in the caller and the callee. However, stack returns are expected
to be at a different offset depending on the stack space reserved for
parameters.
R=clemensb@chromium.org
Bug: v8:7431
Change-Id: Iaac15fce889d6cd7d1ac88f320a872202281fb5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289789
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68933}
Exposes initial_async_iterator_prototype the same way that
initial_iterator_prototype is exposed, to let blink implement
async iterables better.
Bug: chromium:1087157
Change-Id: I94f65eedb3aad0bf62cb4808935f320fe4bf4e9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300779
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68921}
The {operator==} on {VarState} did not check the spill offset, so when
merging stack states, we forgot to move stack values if both source and
destination were stack slots, but at different offsets.
This CL fixes this by removing the {operator==}, because the semantics
(and use) are not clear, and it's only used in one place anyway.
The equality check was mostly redundant, so inlining it also makes the
code smaller and faster.
R=ahaas@chromium.org
Bug: v8:10702
Change-Id: I6c8b2cfd1002274175c9a17d305692e4631fd7dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2304574
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68916}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
... and prohibiting accidental use of the old-style.
Bug: v8:10689
Change-Id: Id75774ac12e3d0f95cb3a538066dffbf7815e438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300490
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68905}
This is exactly the same issue as in https://crrev.com/c/2299364 for test-torque.cc
Change-Id: I066d93918c94d0c68278c72d9b60ec92a1c5f68b
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300546
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68897}
We must perform "smi-checks" before loading an object's map
whenever the object might be an i31ref.
Bug: v8:7748
Change-Id: I2d9839ddcb0c2e8c35b9bea38afe50d55dd084cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299370
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68893}
This CL ports MarkingVerifier from blink.
The existing verifier checks only references on heap.
This new verifier checks references both on heap and on stack.
Bug: chromium:1056170
Change-Id: I083dcb0087125312cca34a2201015a9aecfe6ea4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300484
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68891}
We cannot allocate large arrays exceeding the size of
kMaxRegularHeapObjectSize in young space. Bailout of optimization in
such cases.
Bug: chromium:1105746
Change-Id: I4f7357c2dd7b3e70d747f9067660725ecf6ae768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2300481
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68889}
In this test we both search and insert a transition in the main thread,
while the background thread searches.
Bug: v8:7790
Change-Id: Ic899f6c36c9bf9f7f5364ea30eb1c875b7ef6535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2243211
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68878}
The cctests were wrong, since they access the first parameter using `Parameter(0)`. They should instead use `Parameter(1)`, since the index 0 is the receiver, and the receiver is set to be always the undefined object in `FunctionTester::Call`.
The reason it used to work is that the tests would set up an access to the stack with the wrong number of parameters, accessing only a stack suffix.
Change-Id: I02b7ee97c8759c7aecda0338863b7727762df1ba
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299364
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68876}
The snapshot code assumes that the entire snapshot's length fits into
an int, which implies that it doesn't support individual objects that
are bigger than that. That's okay, because it isn't reachable from
user code, and embedders would notice at compile time when they run
into this limit. So we can just continue to skip the few regression
tests we have for huge TypedArrays in the stress_snapshot variant.
Change-Id: Ib37c0582763d549a3d5c5ccc3a78d200b176f3b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299373
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68874}
This change adds a has_error parameter on the stack
which allows the fast callback to report an error. In case
this parameter is set to non-zero, the generated code calls
the slow (default) callback, which can throw the exception.
Bug: chromium:1052746
Change-Id: Ib11f6b0bef37d5eb1d04cd6d0a3ef59028dcc448
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183929
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68871}
mjsunit/regress/regress-896326.js failed on mips simulator, because mips
simulator has larger stack size and won't throw the expected RangeError
exception.
This CL set sim-stack-size to 100K in regress-896326 just like setting
the native machine's stack-size.
Change-Id: I51328b10a7b54addab2adb90401680c0581d7ee2
Bug: v8:10709
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299880
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68865}
When creating a new JSFunction (either through Factory::NewFunction or
the FastNewClosure builtin), install the cached Code object if one
exists. In the former, this happens explicitly; in the former implicitly
through %CompileLazy.
Drive-by: Clean up nci tracing methods.
Drive-by: Rename maybe_has_... to may_have_cached_code.
Bug: v8:8888
Change-Id: I98d87df10df496c45749b3fd76c072c36af45b68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2294662
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68863}
This is a follow-up fix for
https://chromium-review.googlesource.com/c/v8/v8/+/2292230
In this CL fixes the case when the property cell is added to the
dictionary but the value is not actually stored which leaves
PropertyCell with the hole in the dictionary.
Now the logic for GlobalDictionary matches the logic for
NameDictionary - the property cell is added to the dictionary in
LookupIterator::ApplyTransitionToDataProperty().
Bug: chromium:1104711, chromium:1105383
Change-Id: I56da16d85d13288fbc41fd60dbce556fec5e7d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2297472
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68860}
Make locales and options required
and no default for type in options.
Bug: v8:10623
Change-Id: I5df065a95e82ecb3b8b036d1b4738f296aa7243f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2291617
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68854}
Adds basic framework to pipeline.cc to enable a seperate fast register
allocator for the TurboProp mid-tier. As part of this, common logic as
well as a base class for RegisterAllocationData is moved to a seperate
register-allocation.h header file. The current register allocator's
RegisterAllocationData is renamed to TopTierRegisterAllocationData, and
the former name is the new base class held in PipelineData.
BUG=v8:9684
Change-Id: I28285b7d6112505bf90e88ea3cda66d03dfabc74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2295359
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68852}
There is a sign-extension bug happening when packing 2 32-bit ints into
a 64-bit int. We are OR-ing int32_t with a uint64_t, so an integral
conversion converts int32_t to uint64_t, which is a sign extension, and
this gives unexpected results for a negative value:
0x80000000 | uint64_t{0} -> 0xffffffff80000000
What we want is 0x0000000080000000.
Created a helper function to do this work of combining two uint32_t
into one uint64_t. The use of this function will also ensure that
if callers passed a int32_t, it would first be converted to a
uint32_t, and will not have this sign extension bug.
Sneaked a small regression test into the existing v128.const cctest,
and also cleanup the loop to reset `expected` array to 0.
Bug: chromium:1104033
Change-Id: Icaca4c5ba42077dd4463697b9220cdbca9974b5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2293044
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68850}
The host object may have an impossible markbit pattern if it is a
one-word filler followed by an already marked object.
Bug: v8:10698
Change-Id: I498e6f0768fbdb181fc893f98f224dd3cd0e37e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2295600
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68848}
The named LoadIC code was missing a check for "names" that
convert to TypedArray indices. This was flushed out by the
recent bump of the max TypedArray size from 2^32-1 to 2^32.
Named StoreICs had the same bug; fixed here as well.
Bug: v8:4153
Fixed: chromium:1104608
Change-Id: I6bd2552d6ccc238104f92e7b95d19970d4a75dae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2295606
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68840}
For the first test, we just test that we can search on two threads at
the same time. This CL sets the base for the future tests for more
complicated cases.
Bug: v8:7790
Change-Id: I1becf4493897b55e7ee0a7f37ab5bf1203bf14eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2241530
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68838}
This CL adds functionality to read the source positions directly
from the JS heap rather than from serialized data.
In order to do this, we create a PersistentHandles container in the
OptimizedCompilationInfo which gets passed onto the JSHeapBroker. This
allows us to create the handles in the main thread and pass them safely
to the background thread.
In order to read safely from the background thread, we need a LocalHeap
which blocks the GC from running and potentially moving the handles.
This LocalHeap is created only when the JSHeapBroker has finalized
serializing and destroyed when retiring it.
Bug: v8:7790
Change-Id: I19f8b08d12e5be0a3df34d6af2043310c0c7b6fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277802
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68836}
The Sw/Sd in FillStackSlotsWithZero should't use kSystemPointerSize as
address offset, because the start address should be inclusive, and
the end address should be exclusive.
The skip-stack-guard-page test case failed due to this bug, and besides,
it also needs larger stack size on mips simulator.
Change-Id: Ieff55fe2c5a13e6dad1c5d073e1c0d22fe789d41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282663
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68834}
Rename functions for main thread allocation to indicate that they are
used for main thread allocation.
Bug: v8:10315
Change-Id: Idd359a7a439ec2e93f0bdc2f1bed987755790bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2292308
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68828}
Sync the implementation with the latest version of https://github.com/tc39/ecma402/pull/347
Bug: v8:10692
Change-Id: I4e2144da9f770607b4d79e7ce32f079dd2eef54c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290627
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68827}
This is a reland of d6a14abe05
Test wasn't written with incremental/concurrent marking in mind, so
simply disabling it for this particular unittest.
Original change's description:
> [heap] Move start of incremental marking in allocation
>
> Move start of incremental marking out of
> RefillLinearAllocationAreaFromFreeList. This avoids a potential
> safepoint while holding allocation_mutex_.
>
> Bug: v8:10315
> Change-Id: Ieb60ac68f26199eea7b6b7ad6d874851382f3d69
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287496
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68751}
Bug: v8:10315
Change-Id: I2a665400d9a784b1557474a051839d5c8b45e9e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2292241
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68818}
In order to support conservative stack scanning, we need to be able to
pin pages if they're pointed to by an ambiguous pointer. This CL lets us
do this by providing an IS_PINNED flag which, when enabled, prevents a
page from being selected as an evacuation candidate during compaction.
Bug: v8:10614
Change-Id: I45d1c74b83aad1b56e078cc270749a0aee804716
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278465
Commit-Queue: Jake Hughes <jakehughes@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68815}
- was missing an import sys
- check for long
- check for xrange
This file is now flake8 warning free, and should work on both Py2 and
Py3.
$ flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
Bug: v8:8594
Change-Id: Iae857f4686bcad509fa700954b7f30f86150739f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288177
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68809}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: I55c686bbedfa1fd1955a5927df3f72b366312fd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288867
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68808}
This implements v128.const for ia32, x64, arm, and arm64.
Moves one of the test case under the correct header.
Bug: v8:9909
Change-Id: I93eb179ac5fd0bc22e3dd5277f7d73699ac8b452
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290623
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68806}
Since we are not using CodeAssemblerVariables anymore, we can properly
scope the class so that the only way to instance one is through the
typed version (i.e TypedCodeAssemblerVariable).
Bug: v8:6949
Change-Id: I3ee99bcbb9421aadd0944af57f6452e832719758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290858
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68797}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: I2fc4a44ea05e4d087565811f343893f0e97dc660
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288857
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68789}
This CL removes the GetTraceDescriptor virtual call from garbage
collected mixins and replaces it with querying the object start
bitmap.
The CL also removes the mixin macros which are now no longer needed.
Bug: chromium:1056170
Change-Id: I27ed299f93025d09a3bb3f0d17b14bed3c200565
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68787}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: Ic7d893b8d6772bd923c37c3d1e7cff5cc6667192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288868
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68786}
This is a reland of bebb2bdc06
Original change's description:
> [heap] Allow LocalHeap on the main thread
>
> This changes the safepoint scope to skip LocalHeap that is active
> for the current thread to avoid deadlocking.
>
> Bug: v8:10315
> Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68769}
Bug: v8:10315
Tbr: dinfuehr@chromium.org
Change-Id: I1974d8b6ffffbf3244e7ede2d20d9b2d623df150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290851
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68785}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: Icc60fdbf247ec05f9b5688b3d2d73d4fed06ea89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289770
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68784}
Instead allocating the bitmap with malloc, we now reserve a block
at the start of the memory chunk. This CL is a partial revert of
https://chromium-review.googlesource.com/c/v8/v8/+/1254125
Additionally it refactors field offset computation and moves them
to MemoryChunkLayout.
Having the bitmap in the memory chunk simplifies sharing of RO pages
and also solves the malloc fragmentation issues.
Bug: chromium:1073140
Change-Id: Ibc04f48921fc9496370858ce4c25c56b31c93c89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289979
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68783}
PersistentHandles::NewHandle/LocalHeap::NewPersistentHandle currently
erase the type of the object. This patch templatizes them to preserve
the type and introduces versions that take Handle<T>
Bug: v8:10315
Change-Id: I899179a5b842b7b16144b340f6cd2b91e1db228f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287501
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68779}
The test creates a mock platform. The bug was that the lifetime of the
mock platform was shoter than the lifetime of the isolate. Even though
the mock platform restores the old platfrom, a background thread may
still have a pointer to the mock platform leading to UAF.
Bug: v8:10690
Tbr: dinfuehr@chromium.rg
Change-Id: Ic14bf408e5e3e9e7d07e01af545bb88c21462300
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290850
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68777}
This reverts commit bebb2bdc06.
Reason for revert: Breaks GarbageCollectionWithLocalHeap test.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31107
Original change's description:
> [heap] Allow LocalHeap on the main thread
>
> This changes the safepoint scope to skip LocalHeap that is active
> for the current thread to avoid deadlocking.
>
> Bug: v8:10315
> Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68769}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: Ifba8218f9104afed3f2d92258296067f8f424062
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290573
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68770}
This changes the safepoint scope to skip LocalHeap that is active
for the current thread to avoid deadlocking.
Bug: v8:10315
Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68769}
Motivation: With rtt.sub now allowed in constant expressions, we have
to generalize WasmInitExpr to be able to handle expressions with
operands. This is the second CL that prepares the ground for this
change.
Changes:
- Remove the error from read-value-type when reading a generic rtt.
- Add validation for HeapTypeImmediate in ModuleDecoder. Use it to
validate null constants immediates, which was missing. Add tests.
- Change ValueType::name to print rtt depths as integers.
- Move global initializer building in wasm-module-builder to its own
function.
Bug: v8:7748
Change-Id: Ic041e1c7d032f2a1063a21fec1bfe96cb0d8120e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284983
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68767}
Motivation: With rtt.sub now allowed in constant expressions, we have
to generalize WasmInitExpr to be able to handle expressions with
operands. This CL prepares the ground for this change and adds no
functionality.
Changes:
- ValueType::heap_representation and HeapType::representation now
return HeapType::Representation.
- Add ValueType::is_rtt().
- WasmInitExpr:
- Make kind private. Rename val -> operator, make it private. Add
accessors.
- Rename kGlobalIndex -> kGlobalGet.
- Squash global_index and function_index into index.
- Add heap_type Immediate. Use it for RefNullConst. TypeOf in
module-decoder.cc can now fully determine the type of a
WasmInitExpr.
- Add class constructors/static method constructors for each Operator
kind.
- Delete copy constructor. WasmInitExpr will use std::unique_ptr for
its operands.
- consume_init_expr now uses a stack.
- A few minor improvements.
Bug: v8:7748
Change-Id: I3ba3ee7ac2d6bc58e887790c37110ceb80658985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284483
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68759}
By introducing a globally known map for each generic type.
These maps are never used to allocate objects, they only
serve as sentinels for generic heap types.
Bug: v8:7748
Change-Id: I950a8c712dc1510759a833fe9122b9e9a6222dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288860
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68755}
For 64-bit binary operations, Liftoff on arm made the assumption that
register pairs are always ordered, i.e. the register code for the low
word is lower than the register code for the high word.
Ensuring this was only implemented in {GetUnusedRegister} in
https://crrev.com/c/2168875. Other cases were missing though, e.g.
return values, but also different places were we
construct register pairs internally.
Thus, this CL removes this constraint again and instead handles
unordered register pairs in 64-bit binary operations on arm.
R=thibaudm@chromium.org
Bug: chromium:1101304
Change-Id: I4cd9fb1577f82ab06d34c9dde6533cf04a2cade7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287870
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68752}
This rounds up all SIMD instructions as included in the proposal as of
9f1295a494.
Bug: v8:10180
Change-Id: Icd4cb0aeddede6a611de6f8f3916dc036977c499
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2285789
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68746}
And removed the ifdef guards around instruction-selector and
tests since v128.const is now implemented for x86, x64, arm, arm64.
Bug: v8:8460
Change-Id: I0ed8aede0a07db2fd286bf0c3385eba1079558f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2285149
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68745}
Due to an optimization in how resumable functions are compiled, we can
actually see another Oddball type as StrictEquality inputs. I'm giving
up on getting the DCHECK right and removing it entirely.
Bug: chromium:1102683
Change-Id: Ia210777c66641e898e96900713710a51ebed311d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287494
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68735}
Native context independent code generation should, at the moment, not
use any collected feedback.
We implement this by returning InsufficientFeedback from the heap
broker's ReadFeedbackForX methods if currently compiling nci code.
Thus all feedback.IsInsufficient() calls inside the compiler will
return true (disabling feedback-based optimizations).
FeedbackSource::IsValid() (used in generic lowering) can still return
true.
Bug: v8:8888
Change-Id: I198b6457276073e7376c777b206c50726f1b3645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284494
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68726}
We used to expose raw WasmGC objects via the JS interface and made
use of that in our cctests. Since those objects would cause crashes
when used in JavaScript, this patch prevents such interactions, and
migrates the tests to use the C-Wasm interface instead.
Bug: v8:7748
Change-Id: I76a10663cda43c940c8c22c57c14922be9b05134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284497
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68725}
The unregister_token slot is iterated as a custom weak pointer slot,
which means the heap verifier treats it as a strong slot. Currently,
popped WeakCells (that is, WeakCells for which the owning
FinalizationRegistry's finalizer has already been invoked) neither
clears out the unregister_token slot nor marks it, which trips the heap
verifier.
Bug: chromium:1102161
Change-Id: I0a803f12379fc9df6935bc8331b3d5ecb199571a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284202
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68723}
This is needed for write-barrier and persistent-handle code that does
not otherwise get an instance of LocalHeap
Bug: v8:10315
Change-Id: I480e31f32141510f2f9e678af3449d5841e3156e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284492
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68720}
Rather than only removing the continuation range for the last return
statement prior to a synthetic return statement, remove the
continuation tracking for whatever statement occurs prior to the
synthetic return.
Bug: v8:10628
Change-Id: Ieb8e393479c9811cf1b9756840bbfdbe7f44a1b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280585
Commit-Queue: Benjamin Coe <bencoe@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68719}
By default the v8::MeasureMemory API forces GC after some timeout.
There are use cases that require low overhead measurements without
forcing GC at all.
Change-Id: I7d57c552d78d86800c4f37acb680c70c6422477f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257856
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68718}
- Adds JSVisitor that is used for unified heap marking.
- Adds JSMember as supported reference type that also encapsulates a
write barrier in future. JSMember is a replacement for
TracedReference which can be deprecated with EmbedderHeapTracer once
the library is used to handle unified heap collections.
The dispatch for v8::JSMember on cppgc::Visitor is provided through a
specialization of TraceTrait.
Bug: chromium:1056170
Change-Id: I60d976ae66db3e5fa2e690a21627bdcb8c6871af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284488
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68716}
This CL implements two additional evaluator module proxy operations for
accessing globals and values on the wasm operand stack.
Drive-By: Also fix how the breakpoint position is computed in the evalutor
tests.
Bug: chromium:1020120
Change-Id: I161768da9e12586b2c710f5b26922b9600527814
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282526
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68704}
This moves marking write barrier related functions from Heap and
IncrementalMarking into a separate class: MarkingBarrier.
Additionally, a new WriteBarrier class is added at the heap API level
that dispatches to MarkingBarrier.
Future CLs will move slots recording in MarkingBarrier and apply
the same refactoring to the generational barrier. An instance of
MarkingBarrier will be added to each LocalHeap and enable it to
emit a write barrier from a background thread.
Bug: v8:10315
Change-Id: Icc147b48563d88c85d99ead99b1e201f523721d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280083
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68703}
In many cases, this simply requires early returning from tests which
rely on scavenger.
Bug: v8:10614
Change-Id: I5fc93b1cbc807b73bfbb113d087952e347001ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270548
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jake Hughes <jakehughes@google.com>
Cr-Commit-Position: refs/heads/master@{#68702}
This will allow it to take an OffThreadIsolate in the future, without
requiring GetIsolate on SharedFunctionInfo.
Change-Id: I7db56d5f0587585f829b26e60683c133760d8ff1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282534
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68696}
This is the last batch of operators which used to embed the feedback
vector as a HeapConstant:
- CreateEmptyLiteralArray
- LoadGlobal
- LoadNamed
- StoreDataPropertyInLiteral
- StoreGlobal
- StoreInArrayLiteral
- StoreNamed
- StoreNamedOwn
They now take the vector as an input. In NCI mode, the vector is
loaded from the closure at the beginning of the function.
Bug: v8:8888
Change-Id: Ifd2d2a556db343512b61e099a73702822b1ba9f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282525
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68695}
Prior to this CL, the construct node layout was:
{target, args..., new_target}
The new layout is:
{target, new_target, args..., feedback_vector}
Having new_target at index 1 brings it closer to call node layout,
which is now identical except that it has receiver at index 1. The new
feedback vector input will be needed for NCI code.
Affected node kinds are:
- JSConstruct
- JSConstructWithArrayLike
- JSConstructWithSpread
- JSConstructForwardVarargs (just the new_target position change)
Bug: v8:8888
Change-Id: I4c68a0901d01e8862fd276c8a858799d5f4ff024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278475
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68692}
Port 871183ea12
Original Commit Message:
- Add wasm opcode, decode and compiler code for v128.const
- Add codegen implementations for v128.const on x64/Arm64
- Reuse/Rename some shuffle specific methods to handle generic
128-bit immediates
- Tests
R=gdeepti@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ia4990f768b6fac0ac72cf79129a53b531c9c2fa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280541
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68691}
ForInNext can get lowered to a low-level call to the ForInFilter
builtin. We currently type low-level Call nodes simply as Any, leading
to a CHECK failure when the verifier expects a primitive.
This CL fixes the issue simply by manually setting the type as part of
the lowering. An alternative would be to have the Call typing inspect
its input similar to what the JSCall typing does. We can consider this
if we hit the same issue in other cases.
Bug: chromium:1102053
Change-Id: I6682d8cf95c6a3ebaff9c8de677aa20ca676573f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282523
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68688}
This change also makes it possible to create Torque references to
elements in the context.
Change-Id: I064b73dedf8463c8d92b94b0e59f3cb4e366611a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280084
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68677}
Split off MarkingWorklists and from Marker and introduce MarkerBase.
MarkerBase refers just to interfaces types for passing along visitors.
The concrete Marker provides the impl for these interfaces. Unified
heap marker uses different marking visitors internally but provides an
implementation for the same interface.
Change-Id: Ibc4b2c88e2e69bd303a95da7d167a701934f4a07
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270539
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68676}
After r68405 reduced the default stack size on Arm64 a couple of tests
hit stack limits on the Arm64 android bots. Reduce the argument count
on these tests to avoid this issue.
BUG=chromium:1099623
Change-Id: I8957043b74bd416bb78223599b1a661a4887f54a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280095
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68670}
This adds Google benchmark for microbenchmarking C++ code as an
optional dependency.
To enable, add the following to the .gclient before syncing
"custom_vars": {
"checkout_google_benchmark": True
}
Change-Id: Id0eab772dd71558906658ef4bb60e31acd665948
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2275964
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68663}
Split off MarkingState from MarkingVisitor.
With this CL the marking implementation is moved to "MarkingState"
which is the new bottleneck for marking a single object.
MarkingVisitor merely forwards to MarkingState, which knows how to set
the markbit and add the object to the worklist accordingly. This
allows to have a "UnifiedHeapMarkingVisitor" in future which can
easily reuse Marking to provide C++ marking.
Change-Id: I87ebbe37e8e8cd841e872cae9dc3490e2b55c4dd
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270172
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68660}
Using x16/x17 for tail calls allows us to use a "BTI c" instead
of "BTI jc" landing pad. This means that we cannot enter functions
with a jump to a register other than x16/x17 anymore.
Bug: v8:10026
Change-Id: If5af1af861acc19f9e0dfc19c38d6a57a6fb6b6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276049
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#68655}
This changes the default scope info for SyntheticFunctionContexts
to the EmptyScopeInfo which does not contain an extension slot.
The bug happened because, previously, the native context scope info
was used as dummy.
Change-Id: I4d6bf6918c11c79201d16bde99ed76800ad6f6c5
Bug: v8:10629
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277806
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68636}
Motivation:
We used to approximate s33/i33 value parsing by first checking for
specific negative codes, and then parsing an u32 value if that failed.
This is not correct in all cases.
Changes:
- Implement i33 parsing in Decoder.
- Factor out parsing of heap types into read_heap_type.
- Introduce HeapType::kBottom.
- Introduce helper functions in WasmFeatures and value_type_reader.
- Remove macros from the parsing of value types.
- HeapType::code now returns an i32 for compatibility with the i33
requirement.
- Introduce HeapType::Repr.
- Renamings: HeapType::type() -> representation(),
ValueType::heap() -> heap_representation()
Bug: v8:7748
Change-Id: I04deabce8837a48af2226411cd706a397f9e5725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274118
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68633}
Also should address minor performance regressions for instance types
that should (and used to) use map compare rather than instance_type
comparison.
In the process, convert a bunch of IsXXX methods from the CSA into
exported Torque methods that call through to the Cast<> to ensure
there is only a single implementation of the type checkers. Also clean
up and remove duplicate/redundant code and unused Torque imports.
Bug: v8:7793, chromium:1098481
Change-Id: I3cd5146d913bb75bab4f73415b1b94bc30924725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270545
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68621}
Prototype f64x2.nearest on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintn, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintn, which is the same instruction used for
F64RoundTiesEven (scalar), wasm-compiler reuses the Float64RoundTiesEven
check.
Bug: v8:10553
Change-Id: Ia4c4245cac87c132331f54e81dad323fc3fb9f6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2268358
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68619}
e.g. the following is now valid Torque code:
macro TestA(implicit c: Context)() {}
macro TestB(): bool {
return TestA();
}
This is handy for more flexible usage of generics that may or may not
use implicit parameters deep inside their specializations.
Note that this change doesn't change the fundamental rigor (or lack
thereof) around checking the usage of implicit parameters, which
already do not require '_' before their parameter identifier if
unused. It just silences errors in cases where a call site doesn't
implicitly pass a parameter that ultimately doesn't have a use site
and adds meaningful error messages in the case that it does.
Bug: v8:7793
Change-Id: I559d06c0864a7e79fe52bee5a9a7af9941889748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2274127
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68618}
This is likely the major change of the series, as Call nodes are the
focus of call reducer (and to a lesser extent other phases like
inlining).
This CL essentially adds the new input to Call nodes, and updates the
rest of the pipeline. As a (fairly large) drive-by, I also introduce
the JSCallNode wrapper class and apply it in call reducer.
This change, although large, will hopefully make future refactorings
*much* easier, since it is now clear where certain assumptions about
Call node layout are made.
Bug: v8:8888
Change-Id: Ia15fe0ba459b6034863a5815a4e4662cee41fc83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264353
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68616}
OldGenerationAllocationCounter() needs to be invoked in safepoint,
otherwise invocation races with background threads incrementing the
counter.
First landed in https://crrev.com/c/2235544 and relanded in https://crrev.com/c/2259854 because of regressions. This CL also invokes UpdateNewSpaceAllocationCounter() in the safepoint.
Bug: v8:10315
Change-Id: I6104bed0aad848250feecfe51d6d849b184a8842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260560
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68614}
This patch does not include support for RTTs for i31ref yet.
Bug: v8:7748
Change-Id: Ifbeb8e305c2d0a57e4d5d6be761d046e330e0da1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273135
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68613}
It seems that the mix of atomic and non-atomic updates to the same
memory location is not working correctly. One fix is changing all memory
updates to be atomic. Another fix is removing the non-atomic access that
happens while the workers are already running (using atomic accesses).
This CL implements the latter.
R=ahaas@chromium.org
Bug: v8:10647, v8:10650
Change-Id: I84b4f3f442b6be3c4ea6e51962a523f443f5e43b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273133
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68603}
On mips platform, call operations may be followed by trampolines, which
leading to wrong information of the call instr's location in safepoint.
This CL fix it by adding a last_call_pc_ to record the location.
Besides, this CL also fix a bind operation in CheckTrampolinePool, which
may try to use trampoline before it's emission.
Change-Id: Ic0cbdb93afffa60a7389ee8177c381087fcaf52e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2095645
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68600}
When filling stack slots, the start offset can be too large to fit into
the immediate of a str instruction (which is used to handle remainders
after stp). For example, a function with 32 i64 params will require 256
bytes reserved for the params, so the offset starts at 256 + 16
(instance) = 272. This does not fit into a int9, so we hit an
UNREACHABLE case when emitting str.
The fix here checks that start can fit in an unscaled immediate, and if
it doesn't fallback to the general case. We could use the Str
from macro-asesmbler, but that uses another instruction, so we are not
saving anything.
A check for IsImmLSUnscaled(-start-12) is sufficient because 12 is the
largest possible value for remainder. So if -start-12 fits, everything
else will fit.
Bug: v8:10645
Change-Id: I1c415499ada3a807d5f3889f091150bfefdf471d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267369
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68594}
Prototype f64x2.trunc on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintz, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintz, which is the same instruction used for F64
trunc (scalar), wasm-compiler reuses the Float64RoundTruncate check.
Bug: v8:10553
Change-Id: I074d5b4172809915d4b37c59bd3b0dcbf9a45e1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2268357
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68592}
Prototype f64x2.floor on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintm, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintm, which is the same instruction used for
Float64RoundDown (scalar), wasm-compiler reuses the Float64RoundDown check.
Bug: v8:10553
Change-Id: I6f3d5c378a811ed94859535667aed1fa2d1ee552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2265234
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68589}
An 'arguments' array cannot be allocated in young space when its size
exceeds kMaxRegularHeapObjectSize. In this case the optimizations in
JSCreateLowering::ReduceJSCreateArguments are skipped.
Bug: chromium:1098565
Change-Id: I30fdc78a1eb6e51fcd293785a46c9fd78995da9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273121
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68585}
The test was taking more than a minute before CL
https://crrev.com/c/2259933. Afterwards, it takes a lot longer, but I
could never reproduce a hang locally.
Let's re-enable and mark SLOW to increase the chance that it runs to
completion. We can then see how much slower it really got.
Also add some output that helps triaging in case it really hangs.
R=ahaas@chromium.org
Bug: v8:9506
Change-Id: I09a935ca0018517d45c6c008a099b8052bc45c47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273117
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68582}
Relanding without changes, revert reason was fixed by:
https://chromium-review.googlesource.com/c/v8/v8/+/2272564
Originally reviewed at:
https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Original description:
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I7fd4986efa3153ac68037ec418ea617f3f7636e8
Tbr: ulan@chromium.org
Tbr: tebbi@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273123
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68581}
This slows down promise benchmarks since we process all unhandled promises.
Bug: vu:1099632
Change-Id: I2188a2842ec0a69ca93e5d406f10371ceff60f9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270235
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68575}
This reverts commit 04ce88eae5.
Reason for revert: TSAN failure: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32135
Original change's description:
> [wasm-gc] Implement rtt.sub
>
> RTTs are internally represented as Maps. To store supertype information,
> this patch introduces a WasmTypeInfo object, which is installed on Wasm
> objects' Maps and points at both the off-heap type information and the
> parent RTT.
> In this patch, rtt.sub always creates a fresh RTT. The canonicalization
> that the proposal requires will be implemented later.
>
> Bug: v8:7748
> Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68564}
TBR=ulan@chromium.org,jkummerow@chromium.org,tebbi@chromium.org
Change-Id: I311732e1ced4de7a58b87d4a9b6056e0d62aa986
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270734
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68567}
RTTs are internally represented as Maps. To store supertype information,
this patch introduces a WasmTypeInfo object, which is installed on Wasm
objects' Maps and points at both the off-heap type information and the
parent RTT.
In this patch, rtt.sub always creates a fresh RTT. The canonicalization
that the proposal requires will be implemented later.
Bug: v8:7748
Change-Id: I8286dd11f520966155cd95c2bd844ec34fccd131
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260566
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68564}
Motivation:
The immediate-argument classes defined in function-body-decoder.h were
often adding an offset to the provided pc. This was inconsistent,
bug-prone, and counterintuitive. This CL imposes that all immediates
are passed as pc the start of the immediate argument they are parsing.
Some other smaller inconsistencies are fixed as well.
Changes:
src/wasm/:
- Enforce that all Immediates are passed the pc at the start of the
argument they are parsing. Adapt all call sites.
- Remove unneeded offset arguments from two SIMD related immediates.
- Add a pc argument to all Validate functions for immediates instead
of using the Decoder's current pc.
- Remove the (unused) pc argument from all Complete functions for
immediates.
- Introduce Validate() for BranchOnExceptionImmediate.
- In WasmDecoder::Decode(), make sure len is updated before breaking out
of the loop in case of a Validate() failure.
- Change the default prefix_len of DecodeLoadMem/DecodeStoreMem to 1.
wasm-interpreter.cc:
- Change the default prefix_len of ExecuteLoad/Store to 1.
- Adapt offsets in calls to Immediates.
- Remove redundant opcode_length argument from ExecuteSimdOp, use len
in its place.
function-body-decoder-unittest.cc
- Adapt offsets in calls to Immediates.
- Introduce and use EXPECT_OK, as is done in other tests.
Change-Id: I534606c0e238af309804d4a7c8cec75b1e49c6ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267381
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68559}
Prototype f64x2.ceil on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintp, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintp, which is the same instruction used for
Float64RoundUp (scalar), wasm-compiler reuses the Float64RoundUp check.
Bug: v8:10553
Change-Id: I5841c6a06f260debe8ae90d331bdcc2a0fa3278c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258813
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68553}
This is a reland of f7a1932ef9
There was a wpt test in Chrome that expected the incorrect behavior.
I disable the test in https://crrev.com/c/2264418 so that we can land
the fix here.
Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}
Bug: v8:10556
Change-Id: I8e1b08fc9f72dde166cba167e6e320e714796769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264097
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68552}
Bitmask requires wasm_simd_post_mvp because it was merged into SIMD
proposal after 84 cut, which Origin Trial starts.
For now, bitmask is the only instruction that requires this flag to be
set, and no other post mvp instructions are included in the fuzzer.
We should revert this change (and also move bitmask out of the flag)
after this OT is over.
Bug: chromium:1098666
Change-Id: I7d45c805aaa18bfc1a5180e70b912d5f17d4a31d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264628
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68549}
Similar tests are already skipped on tsan, using the same bug to also
skip this test. Note that it's a slightly different test, but based on
the same "worker-ping-test.js".
TBR=ahaas@chromium.org
Bug: v8:9506
Change-Id: Ie8d0aab5b1fd3ae6c77a65fa04ac4772b2836a1c
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267301
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68548}
The BigInt proposal got to stage 4 and integrated into the main spec.
Therefore the proposal tests are unnecessary and will be outdated soon.
R=thibaudm@chromium.org
Change-Id: I149de015f098a89333dd907bf5a4d18a36086c2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264095
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68542}
Local type information was stored in the {WasmFullDecoder}, and a
pointer to that vector was handed to {WasmDecoder}. Since
{WasmFullDecoder} inherits from {WasmDecoder}, we can just move the
vector to the {WasmDecoder} class, and save an indirection and an
unnecessary nullptr check.
Drive-by: Rename {GetLocalType} to {local_type}, since it's a simple
accessor.
Drive-by 2: Move fields of {WasmDecoder} to the end of the class, as
mandated in the style guide.
Drive-by 3: Rename some locals in the 'let' decoding to make the meaning
more clear.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I6ab9831f0c1955e47562e84c5fbf15807439b024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264360
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68541}
This method was there to turn a trap into an exception. It's not used
any more, so can be removed.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: I39bb3141722ddf1e09271348016c1d6f6d72b928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264103
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68534}
This removes several dead functions from the wasm-module-runner.cc.
R=ahaas@chromium.org
Change-Id: I35efbc6960a28f41d14ca5d8e828c4e6f2953409
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264100
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68533}
This reverts commit f7a1932ef9.
Reason for revert: Breaking wasm wpt tests: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/5408
Original change's description:
> [wasm] Re-exported globals preserve their identity
>
> V8 fails a recently added spec test that when an imported global get
> re-exported, it should preserve its identity. This CL fixes the behavior
> in V8.
>
> Drive-by change: fix the object printer of globals: a global which
> stores a reference type only has a tagged buffer, a global which stores
> a value type only has an untagged buffer.
>
> R=clemensb@chromium.org
>
> Bug: v8:10556
> Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68513}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I06eb1996cafe7d4e93a7e59d21679fea239cf961
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264956
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68528}
Prototype f32x4.nearest on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintn, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintn, which is the same instruction used for
F32RoundTiesEven (scalar), wasm-compiler reuses the Float32RoundTiesEven
check.
Bug: v8:10553
Change-Id: I066b8c5f10fd86294afe1c530c516493deeb7b53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258037
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68526}
Some operations require an immediate argument that represents a heap
type. This CL introduces a class to represent it and uses it where
appropriate. Also, the redundant TypeIndexImmediate is removed.
Bug: v8:7748
Change-Id: Ib4b1d50764a79f5dd3240688f8165c39745eaad8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2260874
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68522}
Fix returning from TryAllocateLinearlyAligned without updating the
allocation stats if a preceding filler was required. Also makes
AllocateRaw take an int instead of size_t in line with other Spaces.
Bug: v8:8875, chromium:1097389
Change-Id: If0932caa94dce1cd45b41f44fa225a2007772ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2264354
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68516}
V8 fails a recently added spec test that when an imported global get
re-exported, it should preserve its identity. This CL fixes the behavior
in V8.
Drive-by change: fix the object printer of globals: a global which
stores a reference type only has a tagged buffer, a global which stores
a value type only has an untagged buffer.
R=clemensb@chromium.org
Bug: v8:10556
Change-Id: I949d147fe4395610cfec6cf60082e1faecb23036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235702
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68513}
Since the interpreter is not used in production any more, it does not
need to support lazy compilation. Since the code is still (accidentally)
triggered by indirect calls, we need to refactor that code. It only
allows calls within the same instance anyway.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Ied1c8effd4c9fbb857a068db587de3463867ac80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259942
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68512}
This allows the compiler to eliminate more unneeded branches. Since all
functions just do a lookup in a static table (either directly, or via
compiling a switch to such a lookup), they are also good candidates for
inlining, which is made possible by this change.
One DCHECK is removed instead of pulling in the inl header, which would
require more refactoring since the check is in a non-inl header.
R=thibaudm@chromium.orgTBR=jkummerow@chromium.org
Bug: v8:10576
Change-Id: If0fd25fd62c5f30b896fc67a5458a5ae475a6351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259944
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68508}
Test has flaky data race and will be fixed after branch to avoid
regressions.
Bug: v8:10637, v8:10315
Change-Id: Iddbbd91701aea622803146b84c9a9aa334bda927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2263155
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68506}
With this CL d8 exits with an error code if there is an unhandled
promise rejection, e.g. due tue a failed assertion in a promise. Up
until now these assertions were just ignored.
Bug: v8:10556
Change-Id: I25f20e4be45a2de130562deb15f6a144f0ac976f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238569
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68503}
The IsInBounds function is used in a few different places, when used for
bounds checks on 32-bit platforms, size_t for max_memory_size leads to
incorrect out of bounds accesses as size_t is not guaranteed to be
64-bit on all platforms. Use specific uint32_t, uint64_t methods for
Wasm bounds checking instead of size_t.
Bug: chromium:1080902
Change-Id: I0e21f0a310382c8ed0703c8302200d3352495c13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256858
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68500}
Prototype f32x4.trunc on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintz, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintz, which is the same instruction used for F32
trunc (scalar), wasm-compiler reuses the Float32RoundTruncate check.
Bug: v8:10553
Change-Id: I65ddc36ccff21f8f0ff21a6e768184c084ffcfea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256770
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68498}
Both the .return and .throw methods are delegated to the underlying sync
iterator. These methods are retrieved using GetMethod [1], which checks
for either null or undefined instead of only undefined.
[1] https://tc39.es/ecma262/#sec-getmethod
Bug: v8:10395
Change-Id: Ide8db4270d48783da6fd1d45a5b01f2858e2828c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258667
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68493}
Scalar lowering for i8x16, i16x8, i32x4 bitmask.
Depending on which lane we are lowering, we can either shift the MSB
into the correct final bit position, then do a big OR of all the nodes.
Bug: v8:10308
Change-Id: Iddf6c077b5a8658a487cef59f2e3bbae3c8bd98d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219327
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68491}
After https://chromium-review.googlesource.com/c/v8/v8/+/2250254,
allocated_object_size in RO_SPACE is incorrect. This changes it to use
the accounting_stats_ value. This also fixes the Capacity() which was
previously uninitialized. Both are tested in new ReadOnlySpace allocation
tests in test-spaces.cc.
Couple of cleanups:
* area_size_ becomes const since its value is fixed after construction.
* Deletes incorrect comment in base-space.h
Bug: v8:10454
Change-Id: I9bbbc1ef2548722eee9dae1bb8d67448eccf8955
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259937
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68489}
There is currently no API call that allows access to the id of the
script underlying a Module. As this function can only be used for
SourceTextModules, we also add IsSourceTextModule() and
IsSyntheticModule() to allow callers to distinguish them.
Bug: v8:10616
Change-Id: Ia55ea8e6993922b695019852e38ca54ffce32cbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2248199
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68487}
along with a very basic test case.
Bug: v8:7748
Change-Id: I93d4b280922dd9eba8defc1a83ca08a2a957376a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2254023
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68485}
Due to recent spec changes, this CL removes the type immediate of
ref.is_null again. Instead we check if the type of the input parameter
is nullable.
R=jkummerow@chromium.org
Bug: v8:10556
Change-Id: If07d30fe4dd27664be7774422573b2ab2b0dfa20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247654
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68484}
The interpreter is not used in production code any more, hence move it
from src/wasm to test/common/wasm.
It's still used in unit tests, cctests, and in fuzzers.
Because of this move, a few more methods had to be exported via
V8_EXPORT_PRIVATE.
R=ahaas@chromium.org, yangguo@chromium.org
Bug: v8:10389
Change-Id: If626b940a721146c596fd7df4faaea633e710272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257226
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68480}
Following up on previous changes for unary ops:
https://crrev.com/c/2246576
Bug: v8:8888
Change-Id: Ie4dd9a307fb0415e93babf412e3d8d9e86791761
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257227
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68479}
This change enables automatic generation of Cast<> operators for
classes that are defined in Torque.
* Cast<> macros are generated for all classes that are defined in
Torque code that are neither shapes nor marked with a new
@doNotGenerateCast annotation.
* Implicitly generated Cast macros simply call through to an
internally-defined "DownCastForTorqueClass" macro that implements
the cast using one of three strategies for efficiency. If the class
has subclasses (i.e. a range of instance types including subtypes),
the DownCastForTorqueClass checks for inclusion in the instance type
range. If the class has a single instance type (i.e. no subclasses),
then either 1) a map check is used if the class has a globally-
defined map constant or 2) an equality check for the instance type
is used.
* Added new intrinsics to introspect class information, e.g. fetching
instance type ranges for a class, accessing the globally-defined map
for a class.
* Removed a whole pile of existing explicit Cast<> operators that are
no longer needed because of the implicitly generated Cast<> macros.
* Added tests for the new Cast<> implementations.
Bug: v8:7793
Change-Id: I3aadb0c62b720e9de4e7978b9ec4f05075771b8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250239
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68478}
This extends the opcode macro lists to include both the long name
(e.g.: JSAdd) and short name (Add) to reduce duplication. The change
is only for JS operators for now but can be extended to others in the
future.
Drive-by: Base more predicates off the macro lists for robustness.
Bug: v8:8888
Change-Id: I10debdf86166dbe9dac63a6df57938820a8af8d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68477}
Just a test for now to document how trailing space after async
functions is not removed by SourceRangeAstVisitor.
Bug: v8:10628
Change-Id: I40f0d911c59540ea835c807a2be5b0d1488291d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2259852
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68476}
Chrome may send memory measurement requests to multiple renderer
processes at the same time. This may lead to multiple GC happening at
the same time if the processes are idle. Randomization spreads out
the GCs over time to reduce the load on the system.
Bug: chromium:1049093
Change-Id: I5aa67fb07f8a55d0ba769bf823168b35cb3c23cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2208861
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68472}
Prototype f32x4.floor on ARM for both ARM v7 and ARM v8. ARM v8 has
support for vrintm, and for ARM v7 we fallback to runtime.
Since ARM v8 uses vrintm, which is the same instruction used for F32
Floor (scalar), wasm-compiler reuses the Float32RoundDown check.
Bug: v8:10553
Change-Id: I540e82a156131821f732cd427df2e5c68f4094d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252541
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68470}
Adjust atomics.wait, atomics.notify semantics for when they are used
with non-shared Wasm memory to mirror the spec change introduced
in: https://github.com/WebAssembly/threads/pull/147. This does not
need to be gated by the flag here, as this will only decode if
the flag is enabled.
Bug: v8:9921
Change-Id: I7f2e018fed6bd131ad4c386def1e838626c28a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2256863
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68468}
Let's see if this is still flaky after almost 5 years.
Bug: v8:4573
Change-Id: I4cd2779b2c4aefc7bb20597db2fccc0e7e7c39c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255467
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68465}
This changes black/white list to block/allow list.
Bug: v8:10619
Change-Id: Id55d72f90891670ca57b62dfeb6b3251025927dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257228
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68464}
This allows the implementation of different stack scanning mechanisms in
V8 (e.g. conservative scanning) while re-using the stack walking API.
Change-Id: I9b9c3b8ffe5d527ca3f7105776821776b509b187
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2238194
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68457}
Add nullptr guard for the return value of AllocateBasicChunk.
Bug: chromium:1097502
Change-Id: Ia4642151a119ccabe58d7084077808aac93e5d1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257221
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68454}
This is a follow-up to https://crrev.com/c/2249928. The arguments for
{SubVector} are {from, to}, not {from, size}.
R=jkummerow@chromium.org
Bug: chromium:1097442
Change-Id: I3c5571ff7f0c6b8e235ecf4164591630dbd05739
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2255465
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68451}
This implements I32x4DotI16x8S for ia32.
Also fixes instruction-selector for SIMD ops, they should all set operand1 to be a register, since we do not have memory alignment yet.
Bug: v8:10583
Change-Id: Id273816efd5eea128580f3f7bde533a8e1b2435d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231031
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68444}
Replace by "consistency check", or "validity check", or more specific
wording as appropriate.
R=ecmziegler@chromium.org
Bug: v8:10619
Change-Id: Ifd7852d8f703d5b784d53671b82d65db15722ede
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2253855
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68440}
