AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
77,199 Commits 1 Branch 0 Tags 839 MiB
a084d3e594
Commit Graph

12488 Commits

Author SHA1 Message Date
Thibaud Michaud
ff44012623 [wasm] Move Suspender functions to WebAssembly 
Suspender.{returnPromiseOnSuspend,suspendOnReturnedPromise}
are not tied to a specific suspender anymore, so move them to
WebAssembly.{returnPRomiseOnSuspend,suspendOnReturnedPromise}.

With this change, the suspender property is not needed anymore on the
function data. Convert it to a boolean flag that just indicates whether
a function uses the JS Promise Integration API.

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: I1b6d8e3190ebf5049dbc7eedee448999cf077509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3748660
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81639}
 2022-07-11 14:52:43 +00:00
Thibaud Michaud
00282d7d10 [wasm] Take suspender as parameter for stack-switching 
This CL is the first step towards the 'static API':
https://github.com/WebAssembly/js-promise-integration/pull/1/files

The limitation of the previous API is that the stack-switching wrappers
are tied to a particular suspender. Since a suspender cannot be
re-entered until the corresponding computation has completed, this
prevents creating multiple concurrent instances of the same export.

Multiple APIs have been proposed and are still under discussion to
solve that, but the core idea is the same: the suspender should become a
runtime argument of the export and the import. This CL implements that.

For now, the suspender is still explicit everywhere: it is created in JS
and passed to the export, and forwarded to the JS import. Eventually,
the suspender may be completely hidden from JS: it would be materialized
by the export wrapper, and "swallowed" by the import wrapper, as
proposed in the PR above.

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: Ic425a3fd920c7ad03874c636cd835d31c0e04994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3748655
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81633}
 2022-07-11 11:11:32 +00:00
Marja Hölttä
70625046b9 [rab/gsab] Tests for Array.p methods, part 8 
In this part: slice

Bug: v8:11111
Change-Id: I66236039454ba50899a7c600b9a3df5fb5f7fc6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749582
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81629}
 2022-07-11 08:19:53 +00:00
Jakob Kummerow
348be8052b [wasm] Name section: skip duplicate subsections 
Duplicate subsections in the name section are disallowed by the spec.
Since the whole name section is optional, we shouldn't fail validation
because of it, but we'll ignore duplicate subsections.

Drive-by cleanup: reduce code duplication by reusing DecodeNameMap from
DecodeIndirectNameMap.

Fixed: chromium:1342338
Change-Id: Icae14c27a0255c6107517354f07ec8eb78d2a7b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751211
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81608}
 2022-07-08 12:29:51 +00:00
Andy Wingo
8a30ee7e98 [stringrefs] Implement string.as_wtf8, stringview_wtf8.advance 
We represent WTF-8 views as ByteArray instances.

Bug: v8:12868
Change-Id: I642ee2ef3d6fd7ea0f383073b282549c31233c7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3750931
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81607}
 2022-07-08 12:15:00 +00:00
Thibaud Michaud
d9e44b2d9b [wasm] Suspend on other JS import kinds 
The stack-switching variant of the wasm-to-js wrapper was only generated
for js functions with matching arity. Also suspend for js functions with
mismatching arity and unknown callables.

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: Iab3e2d85210c86a814ae1defab9cd57bf74d80d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749578
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81605}
 2022-07-08 10:53:10 +00:00
Andy Wingo
9662376ad9 [stringrefs] Implement string.encode_wtf16_array 
Bug: v8:12868
Change-Id: I4229cefc4dfdb29214712aeef18841092cdf9e87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3748653
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81600}
 2022-07-08 09:01:00 +00:00
Marja Hölttä
2b2ce1d8be [rab/gsab] Tests for Array.p methods, part 7 
In this part: sort

Bug: v8:11111
Change-Id: Idd1e7552b4cdda0cdec610189391dbb729c94cdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742703
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81599}
 2022-07-08 07:32:50 +00:00
Marja Hölttä
3483b970eb [rab/gsab] Fix flag mismatch in serialized data 
Bug: v8:11111,chromium:1339648
Change-Id: I3b472f74f37a4e1514ce20635b16970e95a36e15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735162
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81598}
 2022-07-08 07:08:10 +00:00
Andy Wingo
3f7c53b017 [stringrefs] Implement string.encode_wtf8_array 
Bug: v8:12868
Change-Id: Ide772c6e480783931942f6c02eb3e57dd3adf508
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751201
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81597}
 2022-07-08 06:50:40 +00:00
Marja Hölttä
0a8bd76651 [rab/gsab] Tests for Array.p methods, part 6 
In this part: shift, unshift, reverse

Bug: v8:11111
Change-Id: I13c156dc401b6a90b3bcccd9261b7240d8dc7498
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3740720
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81596}
 2022-07-08 06:40:00 +00:00
Michael Achenbach
f7b98adffd [test] Mark slow test 
The test mjsunit/wasm/shared-memory-worker-gc is too slow on the gcov
bot.

No-Try: true
Bug: v8:13005
Change-Id: Idac2a6df836c981195d61f9c2737c06d548edb28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751204
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81587}
 2022-07-07 14:39:01 +00:00
Andy Wingo
43cef7a627 [stringrefs] Encoding instructions return code units written 
See https://github.com/WebAssembly/stringref/issues/24.

Bug: v8:12868
Change-Id: Ib3854625aa18ae0e59f8d62d04e7132ca7381f60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749179
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81582}
 2022-07-07 11:39:41 +00:00
Andy Wingo
8aa97d5a5a [stringrefs] Expand domain of string.eq to include null values 
See https://github.com/WebAssembly/stringref/pull/32.

Bug: v8:12868
Change-Id: Ia804809b01eb06163c4477b3f06ac09e016b6277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747875
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81572}
 2022-07-07 07:41:37 +00:00
Andy Wingo
d29e9e005e [stringrefs] stringview_wtf16.slice end position is exclusive 
See https://github.com/WebAssembly/stringref/pull/31.

Bug: v8:12868
Change-Id: Iefe6b8e6c1b6f2eed8a2aca1818d5edbf6ab48ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747874
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81571}
 2022-07-07 07:33:17 +00:00
Andy Wingo
cd33c3780e [stringrefs] Rename stringview_iter.cur to stringview_iter.next 
See https://github.com/WebAssembly/stringref/pull/29.

Bug: v8:12868
Change-Id: I5a1e3662a7c3457c6835d7dfccf3a1583ef49f2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747873
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81570}
 2022-07-07 06:27:47 +00:00
Andy Wingo
6db9f2ba0e [stringrefs] Implement string.new_wtf16_array 
See https://github.com/WebAssembly/stringref/issues/1.

Bug: v8:12868
Change-Id: Icd197b4872a72ae84878b2ac48a66f7026ab90cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3745369
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81558}
 2022-07-06 14:32:26 +00:00
Joyee Cheung
81c14eb85d [runtime] return when failed access callback doesn't throw 
When the failed access callback is configured but it doesn't throw,
we should return instead of expecting an exception, otherwise
it would crash because there isn't one.

This patch also adds --throw-on-failed-access-check and
--noop-on-failed-access-check in d8 to mimic the behavior
of the failed access check callback in chromium.

Bug: chromium:1339722
Change-Id: Ie1db9d2fb364c6f8259eb9b8d81a21071c280a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3737305
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81557}
 2022-07-06 14:01:36 +00:00
Thibaud Michaud
d0b75e25da [wasm][stack-switching] Fix nested suspenders 
Fix some issues with nested suspenders:
- Fix scratch register conflict when returning from an inner suspender
- The outer suspender should stay in 'Active' state
- Suspenders should become 'Inactive' when they return

CC=ahaas@chromium.org

Bug: v8:12191
Change-Id: Ic6c6108c4f8df3d32417d7813eb04e0e2a46d27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743386
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81555}
 2022-07-06 13:48:06 +00:00
Liu Yu
2ac469ae5d [loong64][mips64][fastcall] Support EnforceRange annotation 
Port commit 8559a04f4c

Change-Id: I74bbbaddb196bba0945cc857e708534e4eb3f9b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747466
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#81551}
 2022-07-06 12:28:25 +00:00
ishell@chromium.org
cb762adc4f [tests] Skip tests that fail in --stress-snapshot mode 
Bug: v8:13038
Change-Id: I98832b00523535b57cde67d4d389aa361bc19a46
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3745405
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81542}
 2022-07-05 18:01:53 +00:00
snek
d89d185fad [fastcall] expose wasm memory to cfunction 
Load current Memory start/size off of the wasm instance when entering
fast calls, so they can use that info for whatever they need to do.
Fast calls from JS set the memory to null, and the memory does not
need to be piped from wasm to slow callbacks as wasm always calls
the fast function.

Change-Id: Ibfa33cdd7dba85300f95cbdacc9a56b3f7181663
Bug: chromium:1052746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719005
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81538}
 2022-07-05 16:24:01 +00:00
Luis Fernando Pardo Sixtos
6151ae0127 [shared-struct] Support shared arrays in Atomics.{load,store,exchange} 
Atomics.load, Atomics.store, and Atomics.exchange now accept shared
array objects as their 1st argument.

Currently these are implemented in C++ and not yet in CSA.

Bug: v8:12547
Change-Id: I54ed8816a696a4f45dda964739b1cfd917d39dc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723974
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81537}
 2022-07-05 15:49:01 +00:00
Marja Hölttä
f3f47a9fef [super IC] Add tests for a security bug 
Bug: chromium:1309467,chromium:1308360,v8:9237
Change-Id: I77b004e263a9bed98a0dfe5936bdad055bde36a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3745365
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81530}
 2022-07-05 14:17:18 +00:00
Maya Lekova
8559a04f4c Reland "[fastcall] Support EnforceRange annotation" 
This is a reland of commit 84e078c6cf. It fixes an undefined behaviour and guards against NaNs in d8-test.cc.

Original change's description:
> [fastcall] Support EnforceRange annotation
>
> This CL implements checks in case EnforceRange is requested for a
> given parameter by using TryTruncate* operators. It implements 2 such
> truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
> TryTruncateFloat64ToUint32.
>
> Bug: chromium:1052746
> Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81512}

Bug: chromium:1052746, chromium:1341851, chromium:1341891
Change-Id: I21e0e452c92cc93f8b06985a335f409855be0546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743518
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81529}
 2022-07-05 14:09:21 +00:00
Jakob Kummerow
9a30c98120 [wasm] Fix max index in function names section 
Fixed: chromium:1341180
Change-Id: Ib475310b18c31e5e3e0fc5e52dab736ebb6ac55a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738745
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81527}
 2022-07-05 12:32:01 +00:00
Manos Koukoutos
5e2174fbbc [wasm-gc] Allow array.new(_default) as constant expressions 
Additional change: Allow regular expressions in assertTraps.

Bug: v8:7748
Change-Id: I3bf99faec3d4f25fcf3caa4ed310f02f03196d4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743483
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81518}
 2022-07-05 06:20:51 +00:00
Manos Koukoutos
d9b62c1686 Revert "[fastcall] Support EnforceRange annotation" 
This reverts commit 84e078c6cf.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/22000/overview

Original change's description:
> [fastcall] Support EnforceRange annotation
>
> This CL implements checks in case EnforceRange is requested for a
> given parameter by using TryTruncate* operators. It implements 2 such
> truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
> TryTruncateFloat64ToUint32.
>
> Bug: chromium:1052746
> Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81512}

Bug: chromium:1052746
Change-Id: I2218681c7cb5d05dea6d8ac5347b19bc0070c1a6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743514
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81513}
 2022-07-05 04:43:23 +00:00
Maya Lekova
84e078c6cf [fastcall] Support EnforceRange annotation 
This CL implements checks in case EnforceRange is requested for a
given parameter by using TryTruncate* operators. It implements 2 such
truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
TryTruncateFloat64ToUint32.

Bug: chromium:1052746
Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81512}
 2022-07-04 14:34:10 +00:00
Frank Tang
a63e2ddfb4 [Temporal] Add toString to Duration 
Add AOs: MoveRelativeZonedDateTime,  DaysUntil, MoveRelativeDate,
RoundDuration,

Also fix bugs in CalendarDateAdd, TemporalDurationToString, IsValidDuration

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.duration.prototype.tostring
https://tc39.es/proposal-temporal/#sec-temporal-moverelativezoneddatetime
https://tc39.es/proposal-temporal/#sec-temporal-daysuntil
https://tc39.es/proposal-temporal/#sec-temporal-moverelativedate
https://tc39.es/proposal-temporal/#sec-temporal-roundduration

Bug: v8:11544
Change-Id: I351cdb88a930f3f7b48f351549d390e5bd02d91e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3715381
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81501}
 2022-07-02 01:47:22 +00:00
Manos Koukoutos
ccc74bc64e [wasm-gc] Remove 'let' opcode 
This opcode is being removed in favor of pre-declared non-defaultable
locals (details are still TBD).

Bug: v8:9495
Change-Id: I96ac053a1b5a852310c5dc0bbaeab0cbf5384663
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738743
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81496}
 2022-07-01 14:35:09 +00:00
Manos Koukoutos
a0a786656f [wasm-gc][refactor] Rename optRef -> refNull 
This makes the internal V8 name consistent with the text-format name.

Bug: v8:7748
Change-Id: I44f7ac1eb5e634b4f829e596bf1f14caeb748d54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726291
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81491}
 2022-07-01 12:33:23 +00:00
Samuel Groß
df723c28e3 Disable wasm/multiple-code-spaces test when TSAN is enabled 
TSAN may cause the sandbox to fail to obtain enough virtual address
space during initialization, thereby causing it to fall back to a
smaller backing reservation. This combined with the very inefficient
ArrayBufferAllocator that is used in standalone v8 builds when the
sandbox is enabled may cause some tests to run out-of-memory earlier
than they otherwise would. For now we just disable these tests on TSAN
builds, but should be able to re-enable them once we have a better
ArrayBufferAllocator on standalone v8 builds.

Bug: v8:13009, chromium:1340224
Change-Id: I93e46e05d47a8850788504c10a6498067400128a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738740
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81490}
 2022-07-01 11:50:12 +00:00
Marja Hölttä
70bcf02494 [rab/gsab] Tests for Array.p methods, part 5 
In this part: push, pop

Bug: v8:11111
Change-Id: I62ddc418acaec778270d69c9839e2236d3c8f1e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738259
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81483}
 2022-07-01 07:55:24 +00:00
Shu-yu Guo
0d6e95b43e [change-array-by-copy] Implement TypedArray.prototype.toSpliced 
Bug: v8:12764
Change-Id: I5f915d1c4dad22f1ce12423f6149a85ad32d6725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3733043
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81477}
 2022-06-30 21:47:38 +00:00
Deepti Gandluri
45c29ba6a0 Disable regression test when hardware doesn't support SIMD 
Bug: chromium:1338980
Change-Id: Iae76931fb375ab792659c937d673dfe65e364360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3739339
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81476}
 2022-06-30 21:29:54 +00:00
Jakob Kummerow
711b65f723 [wasm][simd][liftoff][arm] Fix f64x2.pmin/pmax 
The previous combination of a conditional and an unconditional move
produced an incorrect value when dst == rhs and lhs contained the
expected result.

Fixed: chromium:1338980
Change-Id: If3f722999ed9c0ffd687736280d048d232d75736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738219
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81475}
 2022-06-30 18:25:08 +00:00
Jakob Kummerow
6e429dcc9b [test] Make regress-12945 pass with --predictable 
Waiting for a background thread to finish a task isn't going to
work when there are no background threads. Luckily, we can sidestep
the problem by compiling with Turbofan immediately, instead of
triggering dynamic tier-up through repeated execution. As a nice bonus,
this makes the test faster in non-predictable modes too.

Fixed: v8:13020
Change-Id: I2d47bc07bbde48a210c6ea59551ae16e63bdae05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736443
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81459}
 2022-06-30 07:38:23 +00:00
Jakob Kummerow
c63092b7ae [wasm][arm][liftoff] Fix another GetUnusedRegister 
Fixed: chromium:1340488
Change-Id: Id3da10dd13256dfc15a6fef4dc412b5d30ccc8cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735126
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81455}
 2022-06-30 03:48:27 +00:00
Shu-yu Guo
c00444b927 [rab/gsab] Fix toStringTag for RAB/GSAB-backed TypedArrays 
Bug: v8:11111
Change-Id: I4846910d05bb5d83c964b2279efdb7cf2a4545b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3733028
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81451}
 2022-06-29 19:33:57 +00:00
Deepti Gandluri
aac1c2b533 Revert "[stringrefs] Implement string.new_wtf16_array" 
This reverts commit b9821eff10.

Reason for revert: Tests fail on gc-stress: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/39147/overview

Original change's description:
> [stringrefs] Implement string.new_wtf16_array
>
> See https://github.com/WebAssembly/stringref/issues/1.
>
> Bug: v8:12868
> Change-Id: Iea3940c48d5f47609ff7d32e366d2f41d2161372
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3734808
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Andy Wingo <wingo@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#81448}

Bug: v8:12868
Change-Id: I7abf8817c51057d9b984175ce162364acbb41ac4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735894
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81449}
 2022-06-29 18:20:47 +00:00
Andy Wingo
b9821eff10 [stringrefs] Implement string.new_wtf16_array 
See https://github.com/WebAssembly/stringref/issues/1.

Bug: v8:12868
Change-Id: Iea3940c48d5f47609ff7d32e366d2f41d2161372
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3734808
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81448}
 2022-06-29 16:32:26 +00:00
Andy Wingo
bd149e9fab [stringrefs] Implement string.new_wtf8_array 
See https://github.com/WebAssembly/stringref/issues/1.

Bug: v8:12868
Change-Id: Ic1c9b55b1ec35c32c79d9b2cb0be243b96fc4453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3734807
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81444}
 2022-06-29 15:58:01 +00:00
Andy Wingo
7a158c3195 [stringrefs] Parse GC opcodes 
Add parser support for wasm instructions that create stringrefs from GC
arrays, and which encode strings to GC arrays.

Bug: v8:12868
Change-Id: I38446855b7a55366f8107970811aec935defcdb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732935
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81440}
 2022-06-29 13:48:08 +00:00
Marja Hölttä
46bd4afee8 [rab/gsab] Tests for Array.p methods, part 4 
In this part: indexOf, lastIndexOf

Bug: v8:11111
Change-Id: I51481ccf44ad6c3ebc9216c1b6cc870fda73566e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726209
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81439}
 2022-06-29 13:29:07 +00:00
Frank Tang
1a5cfc20e1 [Temporal] Add toJSON, toString, and non-intl toLocaleString to Instant 
Also add AOs: FormatISOTimeZoneOffsetString, TemporalInstantToString,
GetUnsignedRoundingMode, ApplyUnsignedRoundingMode, RoundTemporalInstant

Also update the RoundNumberToIncrement implementation and a BigInt version.

Fix the test setup in test/mjsunit/temporal/instant-to-json.js since fromEpochSeconds and fromEpochMilliseconds do not take BigInt

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.tolocalestring
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.tostring
https://tc39.es/proposal-temporal/#sec-temporal-temporalinstanttostring
https://tc39.es/proposal-temporal/#sec-temporal-formatisotimezoneoffsetstring
https://tc39.es/proposal-temporal/#sec-temporal-getunsignedroundingmode
https://tc39.es/proposal-temporal/#sec-temporal-applyunsignedroundingmode
https://tc39.es/proposal-temporal/#sec-temporal-roundtemporalinstant
https://tc39.es/proposal-temporal/#sec-temporal-roundnumbertoincrement

This does NOT implement the intl version of toLocaleString
specified in (notice the "sup" not "sec" after #) yet.
https://tc39.es/proposal-temporal/#sup-temporal.instant.prototype.tolocalestring

Bug: v8:11544
Change-Id: I807afd5bf550d2a65a4732a8e536056eea79cf8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3696483
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81428}
 2022-06-29 08:31:17 +00:00
Thibaud Michaud
5ef3bb9b58 [wasm] Update suspender's parent on resume 
Only the parent of the continuation itself was updated. Also update the
parent of the suspender

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: I06684548abe70f4bbda48c12e9e8adda84e1ec27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726293
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81419}
 2022-06-28 17:01:20 +00:00
Manos Koukoutos
44cd69a77d [wasm][fuzzer] Adapt --wasm-fuzzer-gen-test to new format 
In crrev.com/c/3714237, we changed the representation of constant
expressions in mjsunit wasm tests to byte arrays. This CL complements
this change by updating the output of --wasm-fuzzer-gen-test to the
new format.

Change-Id: I6a9d861b5abe13621ffd2ceb3a54863b0188b40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726294
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81414}
 2022-06-28 14:19:06 +00:00
Jakob Kummerow
b9c4a84955 [wasm] Fix and harden all conditional tier-up checks 
This remodels the tier-up checks on loop back edges to avoid
modifying the cache state by taking temp registers passed in
from the caller, and not causing the instance to get cached.

Additionally, this introduces FreezeCacheState scopes, which
allow us to enforce that certain ranges don't cause any cache
modifications. Conditional jumps require such a scope to be
around, which should help ensure that we don't forget to add
them to any future code we write.

Drive-by cleanup: drop {pinned} lists from a few Load helper
functions. They don't allocate registers (and shouldn't), so
they don't need to know about pinned registers.

Fixed: chromium:1339321
Change-Id: I1c7660418a85259e96c5e0dcfeaf12dab2114e8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3724787
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81411}
 2022-06-28 13:38:19 +00:00
Manos Koukoutos
fd8309e806 [wasm] Rename "initializer" expression to "constant" 
Change-Id: I6f2e5fa04eba1b3c97212be945b776ebc2be5915
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726210
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81399}
 2022-06-27 12:56:41 +00:00
Manos Koukoutos
114a03ac82 [wasm-gc] Rename array opcodes 
Rename:
- array.init(_static) -> array.new_fixed(_static)
- array.init_from_data(_static) -> array.new_data(_static)
- array.init_from_elem_static -> array.new_elem_static
- (Wasm)ArrayInitFromSegment -> (Wasm)ArrayNewSegment

Bug: v8:7748
Change-Id: I5ea314d653dd0e9f7f1f556469794d880934e01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726207
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81393}
 2022-06-27 11:32:39 +00:00
Manos Koukoutos
c0956fbd1d [wasm] Fix bugs in inlining on 32-bit platforms 
- Use the lowered 32-bit signature when linking the inlined and caller
  graphs.
- Tolerate non-projection uses of Call nodes when linking the graphs.
  These can be left over by Int64Lowering.
- Drive-by: Inline really small functions even if their call count is
  low.

Bug: v8:12166
Change-Id: I5b472d3f617f2f23820a5d142102c0a6c5c769dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720715
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81386}
 2022-06-27 10:44:49 +00:00
Marja Hölttä
29e4a09ab5 [rab/gsab] Tests for Array.p methods, part 3 
In this part: entries, keys, values

Bug: v8:11111
Change-Id: I2a87be21348626e34f887c71026dba1120adb7d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723504
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81381}
 2022-06-27 09:05:17 +00:00
Andy Wingo
0257b0a3d4 [stringrefs] Fix WTF-8 rejection of surrogate pairs 
Quite embarassingly, the test that the WTF-8 decoder rejects surrogate
pairs was broken: the trailing surrogate was invalid.  (The range of the
second byte for leading surrogates is [A0,AF], and for trailing is
[B0,BF]).  Of course the actual functionality was broken, because the
code that detected surrogate pairs called IsSurrogatePair with swapped
arguments.

Bug: v8:12868
Change-Id: Icab5e2e4e200afb3d34f478ab4f98b739ada5645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723497
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81376}
 2022-06-27 06:57:57 +00:00
Manos Koukoutos
1186b5c061 [wasm-gc] Path-based type tracking for wasm-gc nodes 
This CL adds control-path type-tracking for wasm-gc nodes in the
WasmGCOperatorReducer. Nodes now use the types assigned to their
argument nodes, as well as the additional information tracked along
control paths.

Drive-by: Add support for multiple instances of the same node to
appear in control-path-state.

Bug: v8:7748
Change-Id: I73e8f84595609b3a5fb61a2bffeb973182d17676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717994
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81373}
 2022-06-26 12:51:47 +00:00
Marja Hölttä
d86959d0ca [rab/gsab] Tests for Array.p methods, part 2 
In this part: find, findIndex, findLast, findLastIndex

Drive-by: add missing tests for A.p.fill + detaching.

Bug: v8:11111
Change-Id: I7583ccce16bf294cc5ab6adbb7ce1f019a11ad18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721315
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81366}
 2022-06-24 23:50:39 +00:00
Shu-yu Guo
3c4c25dbd4 [change-array-by-copy] Implement Array.prototype.toSpliced 
Drive-by: add unscopable test for Array.prototype.toReversed.

Bug: v8:12764
Change-Id: I9d7dd8d4eae6d23811382b6795c2c6ff7f76be72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717552
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81364}
 2022-06-24 22:05:39 +00:00
Shu-yu Guo
902b23272a Revert "[maglev] Add internalized string compare fast-path" 
This reverts commit c4301c0489.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/42568/overview

Original change's description:
> [maglev] Add internalized string compare fast-path
>
> - Rename TryBuildCompareOperationBranch to TryBuildCompareOperation
> - Add CheckedInternalizedString conversion Node that checks for string
>   inputs and extracts internalised Strings from ThinStrings
> - Add BranchIfReferenceCompare Node
> - Add runtime functions to create internalised and thin Strings
> - Add deopt check to test/mjsunit/maglev/int32-branch.js
>
> Bug: v8:7700
> Change-Id: I0073c24fad9e3231c985153cd27b0b8fe6ee56f0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664498
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81361}

Bug: v8:7700
Change-Id: Id4e18f42a5b1f0d6909b0a017ae8e289ae8c8614
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723520
Owners-Override: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81363}
 2022-06-24 19:53:09 +00:00
Camillo
c4301c0489 [maglev] Add internalized string compare fast-path 
- Rename TryBuildCompareOperationBranch to TryBuildCompareOperation
- Add CheckedInternalizedString conversion Node that checks for string
  inputs and extracts internalised Strings from ThinStrings
- Add BranchIfReferenceCompare Node
- Add runtime functions to create internalised and thin Strings
- Add deopt check to test/mjsunit/maglev/int32-branch.js

Bug: v8:7700
Change-Id: I0073c24fad9e3231c985153cd27b0b8fe6ee56f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664498
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81361}
 2022-06-24 16:38:16 +00:00
Manos Koukoutos
930f3ffb73 [wasm][turbofan] Remove niche optimization 
The optimization of a trap inside a branch is being removed. Since it
does not speed-up non-trapping programs, and it is quite narrow, it is
not worth the maintenance cost.

Bug: chromium:1338947, chromium:1338950, chromium:1339153
Change-Id: I5b3f52e2b11d4c5113dd44fe23c14d74124a15f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721617
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81357}
 2022-06-24 15:52:49 +00:00
Manos Koukoutos
b20cd0e2a6 [wasm-gc][turbofan] Fix node typing in ref.cast optimized path 
Bug: v8:7748
Change-Id: Id886fa4c734bbd826770239ea145630570915749
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723505
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81355}
 2022-06-24 13:42:49 +00:00
Shu-yu Guo
258b146b1b [shared-struct] Do not depend on shared objects for optimized code 
It is an invariant that objects in the shared heap never point into
per-Isolate heaps. This is currently broken by DependentCode. At the
same time, shared maps and other holders of DependentCode are designed
to never invalidate optimized code. E.g., shared maps are effectively
immutable.

This CL does two things:

1. Prevent shared objects from being depended upon
2. DCHECK that shared objects never cause deoptimization

Bug: v8:12547, v8:12761
Change-Id: I0fedae9134a8f786a9200e70f99dba7b38cd2d80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704809
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81340}
 2022-06-23 21:22:58 +00:00
Andy Wingo
cf8fc47445 [stringrefs] Add wtf8_policy immediate to string.new_wtf8 
Following change in https://github.com/WebAssembly/stringref/pull/22.
This adds two new parsing modes: a strict UTF-8 parsing mode, and a
sloppy mode that should replace invalid subsequences with U+FFFD.

Bug: v8:12868
Change-Id: I03bd8d2a3408c399ce68f7b150d7650908804113
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719919
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81337}
 2022-06-23 18:45:02 +00:00
Ilya Rezvov
118dff9dcd [wasm-atomics] Use traps for atomic Load and Store OOB handling 
Bug: v8:12946
Change-Id: I3d9037a6dd940fe25f737efca49835b098d55081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691129
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81336}
 2022-06-23 18:43:56 +00:00
snek
4c81827c8d optimize Set#has 
Code for map methods was added a really long time ago but no one ever
brought that to set. Adds new common lowering for both collections and
updates the SetPrototypeHas builtin. My initial testing shows this to
be as much as 50x faster in some cases.

Change-Id: Ifea5be01c9e51013d57ac00bd817759ceace6669
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709246
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81330}
 2022-06-23 13:42:17 +00:00
Thibaud Michaud
2071ce3b6b [wasm][stack-switching] Throw on re-entrant suspender 
Throw a wasm trap when trying to re-enter a suspender that is active or
suspended.

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: Ic448a15db29de14fb8d6bb8408af8fbaae82a2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716481
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81326}
 2022-06-23 12:52:19 +00:00
Thibaud Michaud
e35039e773 [wasm][stack-switching] Support rejected promises 
If the returned promise rejects, we switch to the suspender's stack and
throw the value.
Re-purpose the WasmOnFulfilled data to also represent the rejecting
case and rename it to WasmResumeData.

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I91a301c3c6d9d243efbfabe7263555e11f0d9277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706606
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81325}
 2022-06-23 11:56:30 +00:00
Marja Hölttä
bcf8529626 [rab/gsab] A.p.fill: Support RAB / GSAB 
Bug: v8:11111
Change-Id: I2984b3ed6ac6b769f9b4ce758fdf4bfc3b6f6d49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714661
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81322}
 2022-06-23 10:18:49 +00:00
snek
d7bd292628 [fastcall] combine wasm and js fast call builder 
A lot of logic is missing from the Wasm entry for fast api calls.
The majority of the lowering is shared between wasm and js, and uses
the same graph operators, so this adds a common fast api call builder
which can be called from the wasm compiler and the js compiler.

Bug: chromium:1052746
Change-Id: I9dbd82548951b2b155a7b2459714239d0b251d71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708842
Commit-Queue: snek <snek@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81315}
 2022-06-22 18:58:23 +00:00
Andreas Haas
f8362a9515 [wasm] Resolve promise in separate task 
With recent changes, we resolve the promise of e.g. WebAssembly.compile
with the external API, and not the V8-internal API. The external API,
however, also handles microtasks, and depending on the MicrotasksPolicy,
may also execute microtasks immediately. This means the then-handler of
WebAssembly.compile may get executed within all the scopes that were
open when the external API was called. One of the open scopes is the
CancelableTask that finishes WebAssembly compilation.

The deadlock seen in the issue arises now when {quit()} gets called in
the then-handler of WebAssembly compilation.  The reason is that
{quit()} terminates the isolate, and during isolate termination, we wait
for all running CancelableTasks to finish. This, however, means a
deadlock, because the task that terminates the isolate is waiting for
itself to finish.

R=jkummerow@chrommium.org

Bug: chromium:1338150
Change-Id: I89243daffc76a456293519e24bfaad88277bb99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717990
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81311}
 2022-06-22 18:11:20 +00:00
Andy Wingo
c3f60e8c26 [stringrefs] Add wtf8_policy immediate to string.measure_wtf8 
Following change in https://github.com/WebAssembly/stringref/pull/22.

Bug: v8:12868
Change-Id: Ic7728bff5d03ab547cb26ff41d6966f95bfb6b62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717986
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81308}
 2022-06-22 16:21:58 +00:00
Patrick Thier
b4bb6cbce4 [string] Add checks for correct hash values in heap verification 
- Check that internalized strings always have a computed hash value.
- Check that ThinStrings never have a forwarding index.
- Add a simple test of various property access with
  --always-use-string-forwarding-table to make the CF aware of the flag.

Change-Id: Ie047c9f635d5e0ed999208ec3379ef09c395b3f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717988
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81303}
 2022-06-22 13:39:48 +00:00
Marja Hölttä
668a3e0eb5 [rab/gsab] Undo test splitting and make tests faster 
Part 1:
Revert "PPC: skip slow tests on the ppc simulator"

This reverts commit 9dfac00a1d.

Part 2:
Make the slow test faster.

Bug: v8:11111
Change-Id: I8f0291098d29917fa65c4b5b28bf03cbdbe7ebc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714229
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81301}
 2022-06-22 12:53:18 +00:00
jameslahm
0fe567e700 [web snapshot] Support DataView 
Bug: v8:11525
Change-Id: I5a29542032692c106bba14d010605e90954097b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706964
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81299}
 2022-06-22 12:01:48 +00:00
Andy Wingo
69bb334fda [stringrefs] Renumber stringref types 
0x65 is unavailable after
https://github.com/WebAssembly/gc/pull/295/files.

Bug: v8:12868
Change-Id: I8bdffb279c7e7cf72242c1565cf3401e5fa3f4d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717984
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81296}
 2022-06-22 10:27:47 +00:00
Luis Fernando Pardo Sixtos
afb26623df [shared-struct] Shared Array Initial prototype 
Initial implementation for concurrent shared arrays. Current implementation exposes a `SharedArray` constructor, but its syntax might
change in the future.

Shared arrays can be shared across Isolates, have a fixed size, have no
prototype, have no constructor, and can only store primitives, shared structs and other shared arrays. With this CL shared structs are also allowed to store shared arrays.

The Backing storage for the SharedArrays is a `FixedArrayBase`. This CL introdces a new ElementKind: `SHARED_ARRAY_ELEMENTS`. The new kind should match the overall functionality of the `PACKED_SEALED_ELEMENTS` kind, but having it as standalone kind allows for easier branching in CSA and turbofan code.

Bug: v8:12547
Change-Id: I054a04624d4cf1f37bc26ae4b92b6fe33408538a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585353
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81285}
 2022-06-22 02:24:46 +00:00
Jakob Kummerow
d750358a31 [wasm] Fix instance caching after br_table 
The tier-up check in any backwards jumps in a br_table list cause the
instance to get cached if it wasn't cached before. When the branch is
not taken, we must not rely on this caching to have happened.
This is a variant of crbug.com/1314184.

Fixed: chromium:1338075
Change-Id: Id511e98f29ec13f0a38b5595ceb4a607c58b92a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716478
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81279}
 2022-06-21 14:23:15 +00:00
Samuel Groß
a4d17470ab Reland "[sandbox] Also enable the sandbox outside of Chromium builds" 
This is a reland of commit 5b9401dde4

Now also skip tests that require large amounts of virtual address space
if tsan is enabled as tsan may cause V8 to create a smaller sandbox
which is then unable to allocate the required amount of memory.

Original change's description:
> [sandbox] Also enable the sandbox outside of Chromium builds
>
> Drive-by: include the right header in sandboxed-pointer-inl.h and fix
> missing sandbox initialization in generate-bytecode-expectations.cc.
>
> Bug: v8:10391
> Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81216}

Bug: v8:10391
Change-Id: I141080fdf61a77ef48b22e353e3cfbc1ff816e5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716474
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81277}
 2022-06-21 13:32:26 +00:00
Manos Koukoutos
7c74a9caea [wasm][test] Represent constant expressions with bytes 
Maintaining an AST class just for testing constant exressions does not
seem justified. This CL changes constant expressions in mjsunit tests
to be represented with bytes, like regular expressions.

Change-Id: If5ec5f4d863176952442b1a7e2fec8a61e385971
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714237
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81266}
 2022-06-21 09:03:18 +00:00
Maya Lekova
1de7e24902 [d8] Handle exceptions on async_hooks.createHook 
Before we assumed that no exception can be thrown when specifying a
function to be used as an async hook, but that's not the case when e.g.
the object passed to createHook is a proxy trapping on property access
and the trap throws an exception.

Bug: chromium:1337629
Change-Id: I7bd7893cd274afb6e642ed18aacb9e203f7fdd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714233
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81258}
 2022-06-21 08:54:53 +00:00
Marja Hölttä
bc7b89f7c7 [rab/gsab] Tests for Array.p methods, part 1 
In this part: copyWithin, includes

Bug: v8:11111
Change-Id: I63eee835661310c21ad53992ae3b161cc3214dfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3678206
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81241}
 2022-06-20 09:51:10 +00:00
Tobias Tebbi
95a23cf444 Revert "Skip mjsunit/turboshaft/simple on numfuzz until flake is solved" 
This reverts commit c56edd3eba.

Reason for revert: should be fixed now

Original change's description:
> Skip mjsunit/turboshaft/simple on numfuzz until flake is solved
>
> NOTRY=true
>
> Bug: v8:12826
> Change-Id: I08be2980f92c69504290bb6152e48595e6a6c9aa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629540
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80369}

Bug: v8:12826
Change-Id: I615c682447df58bf9ae7acd9e4429b3a55697d8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707593
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81220}
 2022-06-17 14:45:20 +00:00
Thibaud Michaud
7da19e25d2 [wasm][stack-switching] Propagate exceptions across stack segments 
Exceptions should propagate inside the logical stack, which can consist
of multiple wasm stack segments. When the outermost frame of the current
segment is reached, pick up the parent stack and continue the search
from there, and update the state to reflect the implicit stack switch.

Drive-by: cleanups.

R=ahaas@chromium.org
CC=​fgm@chromium.org

Bug: v8:12191, v8:12960
Change-Id: Ia5cb39a6ae197fb68e635f986952419dc43c7b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695376
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81208}
 2022-06-16 13:30:46 +00:00
Manos Koukoutos
97eff73b71 [wams-gc] Enable i31.new as constant expression 
Bug: v8:7748
Change-Id: Ib3b1d99107ad2a9c703e9dc546b522e208204d1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702443
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81205}
 2022-06-16 07:04:53 +00:00
Manos Koukoutos
7ba853bb98 Reland "[wasm-gc] Implement array.init_from_elem" 
This is a reland of commit 76a07814b2

Changes compared to original:
- Add WasmArray::SetTaggedElement, which uses write barriers.
- In Factory::NewWasmArrayFromElementSegment, the new array may have
  moved to OldSpace until it is initialized. Therefore, it needs write
  barriers; use the new method for that.
- Small readability improvements.

Original change's description:
> [wasm-gc] Implement array.init_from_elem
>
> Bug: v8:7748
> Change-Id: I65dbb496302045820063bd0f4f9ea054e6a645bd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695580
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81128}

Bug: v8:7748
Change-Id: Ic5def1886f662bddce72b8eaea274eb5e8ec0c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704513
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81196}
 2022-06-15 19:01:42 +00:00
jameslahm
cc709727e7 [web snapshot] Support resizable ArrayBuffer, detached 
... ArrayBuffer and shared ArrayBuffer.

Bug: v8:11525
Change-Id: I6b3f78d5cf6528123b40c49f2767ade2b6bfbed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706279
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81189}
 2022-06-15 15:41:33 +00:00
Andy Wingo
70289dd72a [stringrefs] Implement string.is_usv_sequence 
Bug: v8:12868
Change-Id: I2f12858db1956a3b14b95341f1459df8abc03db0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702797
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81188}
 2022-06-15 15:06:52 +00:00
Darius M
00fe5f5e65 Fix bug with SIMD fast path of array.IndexOf/Includes and negative 0 
For FixedDoubleArrays that are not aligned on 8 bytes, the SIMD fast
path of array.IndexOf actually falls back on a scalar loop. Because of
how this loop was written, it was failing to see that 0.0 == -0.0.


Bug: chromium:1335445
Change-Id: Idf70fd3ed9950e5b2b7cc72bb2ebca6879b3a04e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702803
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81163}
 2022-06-14 18:50:01 +00:00
Andy Wingo
310fe8e61c [stringrefs] Implement string.eq 
Bug: v8:12868
Change-Id: I56ccab1a0cfacfae236c4f87c31a84d3afecafc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702437
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81153}
 2022-06-14 14:17:42 +00:00
Andy Wingo
163ed720c7 [stringrefs] Implement string.concat 
Bug: v8:12868
Change-Id: I7f5487dc01b006caef582f792e007d3a3cabb324
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702435
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81151}
 2022-06-14 14:08:38 +00:00
Andy Wingo
9efa9e3c92 [stringrefs] Implement stringview_wtf16.encode 
Bug: v8:12868
Change-Id: I9b7cbd3851b3819bcc2c32e273ddae16b9d812ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702266
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81144}
 2022-06-14 12:45:36 +00:00
Leszek Swirski
a6b7f1f3f4 Revert "[wasm-gc] Implement array.init_from_elem" 
This reverts commit 76a07814b2.

Reason for revert: Failing on GC stress: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/23140/overview

Original change's description:
> [wasm-gc] Implement array.init_from_elem
>
> Bug: v8:7748
> Change-Id: I65dbb496302045820063bd0f4f9ea054e6a645bd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695580
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81128}

Bug: v8:7748
Change-Id: Ia72cc121c50af7906e54a1742529bf081c511a8a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704506
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81143}
 2022-06-14 12:44:33 +00:00
jameslahm
293654ec6b [web snapshot] Support TypedArray 
This CL adds serialization and deserialization
support for ArrayBuffer and TypedArray.

TODOs:
- Support resizable ArrayBuffer.
- Support detached ArrayBuffer.
- Support shared ArrayBuffer.

Bug: v8:11525
Change-Id: Ic9267a78e427ee20d55f2f0483b677eeee5c214b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688896
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81136}
 2022-06-14 11:04:51 +00:00
Andreas Haas
efb80afe2a [wasm] Add flag to disable the wasm native module cache 
The native module cache makes it difficult to test deserialization,
because the native module just gets loaded from the cache instead of
deserializing the serialized module. This CL adds a new flag,
--wasm-native-module-cache-enabled, to control whether the native module
cache is enabled or not. The cache gets disabled by handling all modules
like asm.js modules when the cache gets disabled, as the cache is not
used for asm.js.

The name of the flag is positive (i.e.
`enabled` instead of `disabled`) to avoid double negation. The flag is
true by default, and set to false in tests.

R=thibaudm@chromium.org
CC=clemensb@chromium.org

Bug: v8:12964
Change-Id: If2b96a95ccf37f2eb8a868ad1661c3325c1048f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3703836
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81132}
 2022-06-14 10:17:38 +00:00
Manos Koukoutos
76a07814b2 [wasm-gc] Implement array.init_from_elem 
Bug: v8:7748
Change-Id: I65dbb496302045820063bd0f4f9ea054e6a645bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695580
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81128}
 2022-06-14 09:30:51 +00:00
Andy Wingo
a66f078712 [stringrefs] Implement string.encode_wtf16 
Bug: v8:12868
Change-Id: Icdf4a04d55c59613e305ec8258485fd69b57e90a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702258
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81119}
 2022-06-13 19:45:20 +00:00
Andy Wingo
a541dbcbb4 [stringrefs] Implement string.encode_wtf8 
Bug: v8:12868
Change-Id: I81f175057ec0d40dbd1e9fd329a0e37ef3ade814
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702332
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81118}
 2022-06-13 19:42:21 +00:00
Pan, Tao
c2d239ddb3 Reland "[compiler] Remove the optimized OSR code if deoptimizing at inside of loop" 
This is a reland of commit c8c176190a

This CL includes:

- crrev.com/c/3679846 Add condition use_ic to the removing the optimized OSR code logic
- crrev.com/c/3686589 Add out of bytecode array to break condition of removing OSR code cache logic
- Add JumpLoop nesting level 0 to break condition of removing OSR code cache logic
- Change to use Deoptimizer::DeoptimizeFunction() to deoptimize OSR code

Original change's description:
> [compiler] Remove the optimized OSR code if deoptimizing at inside of loop
>
> If the optimized code is deoptimized and the deoptimized exit offset is
> inside of the optimized OSR code related loop, the optimized OSR code is
> also out of date, remove the optimized OSR code, it will avoid hit the
> optimized OSR code and soon later deoptimization of the optimized OSR
> code.
> This CL will reduce deoptimization. E.g. Deoptimization of JetStream2
> case navier-stokes function addFields is reduced from twice to once.
>
> Change-Id: I5bbf3039e916c3736b5b967d1f36b6ea90cfd40b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3648219
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Tao Pan <tao.pan@intel.com>
> Cr-Commit-Position: refs/heads/main@{#80826}

Bug: chromium:1330444
Change-Id: I97a466ddfa764438b45f33c6ae33cb921d57278d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3690451
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#81110}
 2022-06-13 15:29:41 +00:00
Igor Sheludko
09fa6a72da [tests] Disable concurrent Sparkplug for some tests 
... setting too low --max-old-space-size value.

Fixes: v8:12725
Change-Id: I5b1b533992d6b1024e81263525ed90914582e27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695594
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81107}
 2022-06-13 13:23:00 +00:00
Clemens Backes
dc748570c8 [wasm] Add flag to limit module size 
Add a new --wasm-max-module-size flag to replace the unused and more
specific --experimental-wasm-allow-huge-modules flag.
The new flag can be used in fuzzers to reduce the maximum allowed module
size, avoiding OOM on some systems (like 32-bit ASan builds).

R=ahaas@chromium.org

Bug: chromium:1334577
Change-Id: I2830d407c5b01be21a47b21392c1210061c40b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695267
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81102}
 2022-06-13 11:06:50 +00:00
Andy Wingo
f03814f83e [stringrefs] Implement stringview_wtf16.slice 
Bug: v8:12868
Change-Id: Ib92cbf7eae8e4b7bc76bc918011be747254d931f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700075
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81087}
 2022-06-11 11:46:33 +00:00
Andy Wingo
ea6bedaeb1 [stringrefs] Implement stringview_wtf16.get_codeunit 
Bug: v8:12868
Change-Id: I5fb5dccb5ff6b691348a519253de338fa91e8be1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695269
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81082}
 2022-06-10 18:00:48 +00:00
Tobias Tebbi
77ba98ef32 [turboshaft] add support for all JS machine-level operators 
In particular, this CL adds support for:
- exception handling
- source positions
- OSR
- various numeric operations and conversions

Since the test suite now passes with `--turboshaft`, this also adds a
new variant for Turboshaft and enables it on some bots.

Bug: v8:12783
Change-Id: Ia2dd2e16f56fc955d49e51f86d050218e70cb575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669251
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81074}
 2022-06-10 15:17:20 +00:00
Clemens Backes
436f088944 [wasm][streaming] Check for illegal section code 
Add a missing check to reject illegal sections.

The test is added in three forms, to give fuzzers more food: A fuzzer
regression test for the streaming fuzzer, a unit test for the streaming
decoder, and an mjsunit test for streaming compilation.

Drive-by: Remove a redundant line in the synchronous decoder (this is
already handled by the following statement.

R=ahaas@chromium.org

Bug: chromium:1335023
Change-Id: Ic8c3b301f1b58981c7d68eafcffc89531ed2c64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698549
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81071}
 2022-06-10 14:23:07 +00:00
Milad Fa
9dfac00a1d PPC: skip slow tests on the ppc simulator 
This CL splits two mjsunit files and skips the ones
which take the longest on the simulator and cause a timeout.

Change-Id: I89be764dc2d7684b401690a23bf53a3ef6384d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693667
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81065}
 2022-06-10 12:03:17 +00:00
jameslahm
b61ee5f34a [web snapshot] Support static methods, static async methods, 
... static generator methods and static async generator methods
for Class.

Bug: v8:11525
Change-Id: I58e8059c95e8a24e1a09d84aea84b82d35f5e2d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688891
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81058}
 2022-06-10 09:05:12 +00:00
Andy Wingo
03dcbc88e0 [stringrefs] Implement string.as_wtf16, stringview_wtf16.length 
Bug: v8:12868
Change-Id: I19190dc8163de42964fb3911f82e8aeabaf48524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695585
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81046}
 2022-06-09 16:03:15 +00:00
Manos Koukoutos
ccc8389f14 [wasm][refactor] Use MessageTemplate to describe errors 
- Functions related to table initialization now return an optional
  {MessageTemplate} if they fail. This is used to emit the correct error
  message in one test.
- InitExprInterface now uses {MessageTemplate} to describe errors.

Change-Id: I2428f7823859b95d14b6e81c8200f78da4510ceb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695579
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81045}
 2022-06-09 16:01:54 +00:00
Thibaud Michaud
cfea0eb0e8 [wasm][eh] Add WebAssembly.Exception traceStack parameter 
Context: https://github.com/WebAssembly/exception-handling/pull/197

This change adds the optional {traceStack: <bool>} parameter to the
WebAssembly.Exception constructor. When set to true, this captures the
stack and sets the `stack` accessor on the exception object.

R=jkummerow@chromium.org

Bug: v8:8091
Change-Id: I4430b6317b27ec62f11e951fbe95ee480ac72d37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688402
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81041}
 2022-06-09 15:37:18 +00:00
Andy Wingo
0c2bb397a0 [stringrefs] Implement string.measure_wtf16 
Bug: v8:12868
Change-Id: I717326b27ce783710ffd141370648dde7e0d74a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695561
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81035}
 2022-06-09 12:57:16 +00:00
Andy Wingo
18393c8c6e [stringrefs] Implement string.measure_utf8, string.measure_wtf8 
Bug: v8:12868
Change-Id: I13b32086e736490c54b583a514ac3592179adf7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695381
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81033}
 2022-06-09 12:45:53 +00:00
legendecas
a438bc4166 [builtins] Rename array grouping to group and groupToMap 
Rename array grouping methods according to the consensus on TC39 June
meeting.

Bug: v8:12499
Change-Id: I89cb3a49b0de45b74131877bb70d38b49233f275
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3692436
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81009}
 2022-06-08 18:12:52 +00:00
Andy Wingo
c842874cb5 [stringrefs] Implement string.const 
Current implementation doesn't cache the result, however.

Bug: v8:12868
Change-Id: Idd5eb7bbb49d018fec82a80bffb5288c0b6ee0f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695377
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81006}
 2022-06-08 16:49:14 +00:00
Al Muthanna Athamina
4e83492762 Skip mjsunit/compiler/regress-crbug-1211215 test on NumFuzz 
NOTRY=true

Bug: v8:12358
Change-Id: I89a880b9e187b8b149b670d38320aa46be0424dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695374
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81000}
 2022-06-08 14:01:18 +00:00
Thibaud Michaud
a28947f7bb [wasm][eh] Wasm exceptions are not JS errors 
Context: https://github.com/WebAssembly/exception-handling/pull/197

This change removes the wasm exception -> JS Error inheritance.

R=jkummerow@chromium.org

Bug: v8:8091
Change-Id: I479f16fe03d4d77d2ecd8409e96f9a3c063912b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688401
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80997}
 2022-06-08 12:56:36 +00:00
Al Muthanna Athamina
d1510ff43d Skip mjsunit/ignition/regress-672027 test on NumFuzz 
NOTRY=true

Bug: v8:12725
Change-Id: I3650d920bfe7ec432e84fc294d38baf13b2ef53a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695375
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80994}
 2022-06-08 11:57:54 +00:00
Al Muthanna Athamina
7680e5d586 Re-enable concurrent inlining tests 
Bug: v8:12013
Change-Id: Idb0ae37176b81623f6faaf5904352e95066684dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695373
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80993}
 2022-06-08 10:46:03 +00:00
Manos Koukoutos
15821ebb60 [wasm][refactor] Rename some symbols 
- Rename WasmTrapElemSegmentDropped -> WasmTrapElemSegmentOutOfBounds.
- Rename WasmArrayInitFromData -> WasmArrayInitFromSegment, in
  anticipation of array.init_from_elem.
- Rename InitExprInterface::result_ -> computed_value_, to
  distinguish it from the {result} values. Also, rename
  generate_result() -> generate_value().
- Drive-by: Restructure Runtime_WasmArrayInitFromSegment.

Change-Id: Ic372db909847c7a169f3d6732e64e8665f4200fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693702
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80991}
 2022-06-08 08:23:52 +00:00
Jakob Kummerow
4dd8d76b17 [wasm] Fix typing for unreachable AssertNonNull 
Performing the "swap with TypeCast" input optimization causes inconsistent
types for unreachable AssertNonNull instructions (that should inherit that
TypeCast's <bot> type).

Fixed: v8:12945
Change-Id: Ie51cd6531267a2828c6aac92948edda5c2a5db37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693708
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80989}
 2022-06-08 08:18:42 +00:00
Frank Tang
fdde51c674 [Temporal] Add Instant.prototype.(add|subtract) 
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.add
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.subtract

Also fix bug in IsValidEpochNanoseconds

Bug: v8:11544
Change-Id: Ied605c9de4ee38a18e2356a89e3a69d534a004d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3617394
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80983}
 2022-06-07 23:44:12 +00:00
Nico Hartmann
46ed47e66a [turbofan] Fix inconsistent typing of NumberFloor(NumberDivide(...)) 
In typed-optimization, Turbofan optimized NumberFloor(NumberDivide(...))
patterns where both inputs are known to be of Unsigned32 type, but the
replacement couldn't be typed consistently. This CL introduces a new
operator Unsigned32Divide, which has the same semantics, but can be
typed consistently and thus allows the simplified lowering verifier to
validate the graph correctly.

Bug: v8:12619
Change-Id: Iad77154d3d840c94edfd3ab91ffa37c840da0bc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644790
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80967}
 2022-06-07 10:11:49 +00:00
Frank Tang
6d33cb89a4 [Temporal] Add Instant.(compare|prototype.equals) 
Also implement AO: CompareEpochNanoseconds
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.instant.compare
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.equals

Bug: v8:11544
Change-Id: I953a890250ff0bf29cd24e4638bf17ceb5f9bb2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3382057
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80959}
 2022-06-06 17:44:42 +00:00
Frank Tang
88b644717f [Temporal] Add PlainDate.prototype.(add|subtract) 
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.add
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.subtract

Bug: v8:11544
Change-Id: Iacb4b9ba7d481005d14e2e4d42e2422133f5ab42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3617389
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80955}
 2022-06-06 15:49:55 +00:00
Igor Sheludko
ff64360d0a [rab/gsab] Skip slow tests on debug sim builds 
Bug: v8:11111
Change-Id: I52caef43e7f2b3921ef34eeb50e41f1dedf90e32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689570
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80949}
 2022-06-04 12:59:20 +00:00
Jakob Kummerow
11a1ac4bc2 Faster TypedArray.fill(0) and .fill(-1) 
Calling memset directly is faster than std::fill for multi-byte element
types.

Change-Id: I83b997740146688f87b86901825e31d6644bc25b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687700
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80945}
 2022-06-03 14:01:49 +00:00
Marja Hölttä
efadd2d0a2 [rab/gsab] RAB/GSAB support for A.p.concat 
It mostly worked out of the box. Only the dictionary mode prototype
chain walk code paths had to be updated.

Bug: v8:11111
Change-Id: Ia8336964d29304916a34e305f32bb33bb06e211a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683340
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80935}
 2022-06-03 09:40:09 +00:00
jameslahm
b425a0e94f [web snapshot] Support properties in Class. 
This CL adds the serialization and deserialization for
properties in class.

TODO: we could use serialized start_position and length
in function to add ClassPositions property to class.

Bug: v8:11525
Change-Id: I065039932b3c10c6b757b331aba0ced36eba84e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3682878
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80927}
 2022-06-03 02:43:29 +00:00
Manos Koukoutos
aee0ec979a [wasm-gc][turbofan] Implement typing phase 
We introduce a typing phase into the Turbofan compilation pipeline for
wasm-gc. It has two functionalities: (1) to type nodes that were not
typed during code generation (mainly phi nodes) and (2) to narrow types
as much as possible.
The following nodes are handled, which should be enough for our
purposes: TypeGuard, WasmTypeCast, AssertNotNull, Phi, LoadFromObject,
and LoadImmutableFromObject.
Loop phi types are computed by first assigning the type of the
non-recursive input, and updating once we have the type of the recursive
inputs, and repeating this process to a fixed point.

Drive-by: Remove the narrowing of function signatures during wasm
inlining, as it created some issues and should not be needed after this
series of changes.

Bug: v8:7748
Change-Id: I8a72488d5c221c4ae8257fc5abf6f0368cf10e96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3678208
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80912}
 2022-06-02 11:08:21 +00:00
Marja Hölttä
084356297d [rab/gsab] Add missing tests for TA.p.copyWithin 
Bug: v8:11111
Change-Id: I8190bc8cfd1e8e5b9d498e29bc2d0a25eae2e03a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683363
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80906}
 2022-06-02 07:31:49 +00:00
Marja Hölttä
bfa18f9e57 [rab/gsab] Move OOB check to ValidateIntegerTypedArray 
The OOB check belongs in ValidateIntegerTypedArray according to the
spec.

This also fixes the error types for OOB TypedArrays when doing Atomics:
OOB TypedArrays should get a TypeError, not RangeError.

Bug: v8:11111
Change-Id: Ice2e5695d69d84b2c20a4cf8f06880673d901a91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3676859
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80898}
 2022-06-01 16:12:16 +00:00
Dominik Inführ
c6527293a5 [heap] Fix external bytes accounting when promoting large objects 
Unlike other spaces we didn't update external bytes counters when
adding or removing pages from large spaces.

Bug: chromium:1329766
Change-Id: I5fbc8703964f9e4e846d986c32c5d57ed4f0c0c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3681118
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80877}
 2022-06-01 07:24:08 +00:00
Shu-yu Guo
7ff1857560 Reland "[shared-struct] Add Atomics.Mutex" 
This is a reland of commit ea9a1f1cbe

Changes since revert:
- Make the state field uintptr-aligned since arm64 faults on
  atomic accesses to non-naturally aligned addresses.

Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}

Bug: v8:12547
Change-Id: I776cbf6ea860dcc6cb0ac51694a9b584b53d255c
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673354
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80875}
 2022-06-01 01:12:07 +00:00
Shu-yu Guo
0f510c4ab1 [change-array-by-copy] Implement with 
Bug: v8:12764
Change-Id: I67b9b0e4f3c7ca6a2719c234b7f7605f07f86b28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3671760
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80874}
 2022-06-01 00:47:32 +00:00
jameslahm
16fa2f28b7 [web snapshot] Support properties in function 
This CL adds the serialization and deserialization
for properties in function. And we only support fast
properties in property array now.

Bug: v8:11525
Change-Id: If0bb3fee400ca957009d046ed74b92d8192c2514
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650675
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80858}
 2022-05-31 13:14:17 +00:00
Maya Lekova
11a304ffeb [megadom] Fix crash in d8 when realm is entered 
Bug: chromium:1329234
Change-Id: I59f171d3e2ab0c07f79f631971b1695b9f706600
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3677294
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80850}
 2022-05-31 12:09:38 +00:00
Darius M
7c4461add3 Reland "[builtins] use SIMD IndexOf/includes on large arrays" 
This is a reland of commit ab76ffc8bd.

Original change's description:
> [builtins] use SIMD IndexOf/includes on large arrays
>
> Change-Id: If751e813c7f45a4d18b84e8c0314a54c84894d61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3639203
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80771}

Change-Id: I81dcf3c97a15b95fd42927ff8e91602f109db315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3672418
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80840}
 2022-05-31 09:19:50 +00:00
Marja Hölttä
171ee1a7d4 [web snap] Support objects with dictionary elements 
Bug: v8:11525
Change-Id: I0196169d5bfe80df23179414f37c418db775cefb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663341
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80838}
 2022-05-31 08:38:22 +00:00
Andy Wingo
ec8b247201 [stringrefs] Implement string.new_wtf16 
Bug: v8:12868
Change-Id: Ied5e985db139517ec34446bcb8b16041e5d79af7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663092
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80823}
 2022-05-30 15:12:46 +00:00
Leszek Swirski
31925e51de [test] Disable mjsunit/regress/regress-crbug-620253 on TSAN 
Bug: v8:12920
Change-Id: Iec1f4a2effc45299e30ecf8a586c535dbb22ee20
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3676860
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80815}
 2022-05-30 12:18:29 +00:00
Shu-yu Guo
60e02cfb0c Revert "[shared-struct] Add Atomics.Mutex" 
This reverts commit ea9a1f1cbe.

Reason for revert: arm64 pointer alignment issue
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8812962856609920785/+/u/Check/mutex-workers

Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}

Bug: v8:12547
Change-Id: I226e16b743dc4b157fac33a9cbabab4d72cf290b
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673353
Owners-Override: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80790}
 2022-05-28 01:31:54 +00:00
Shu-yu Guo
ea9a1f1cbe [shared-struct] Add Atomics.Mutex 
This CL adds a moving GC-safe, JS-exposed mutex behind the
--harmony-struct flag. It uses a ParkingLot-inspired algorithm and
each mutex manages its own waiter queue.

For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing

Bug: v8:12547
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80789}
 2022-05-28 01:04:34 +00:00
Frank Tang
e85a0243ce [Temporal] Add PlainDate(Time)?.(compare|prototype.equals) 
Also add AO CalendarEquals, CompareISODateTime

Remove Isolate from CompareISODate argument
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.compare
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.equals
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.compare
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.equals
https://tc39.es/proposal-temporal/#sec-temporal-calendarequals
https://tc39.es/proposal-temporal/#sec-temporal-compareisodatetime

Bug: v8:11544
Change-Id: I5505c7923e3c1f76d44e292135b489ea20fbf13c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534458
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80787}
 2022-05-27 23:02:04 +00:00
Shu-yu Guo
5299e11bda [change-array-by-copy] Add RAB/GSAB tests for toReversed 
Bug: v8:12764
Change-Id: I51130143494e6442b335660d2fdcbc75f289fd92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3671759
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80785}
 2022-05-27 21:00:34 +00:00
Leszek Swirski
9ed9dff9dd Revert "[builtins] use SIMD IndexOf/includes on large arrays" 
This reverts commit ab76ffc8bd.

Reason for revert: Breaks on UBSan: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/21444/overview

Original change's description:
> [builtins] use SIMD IndexOf/includes on large arrays
>
> Change-Id: If751e813c7f45a4d18b84e8c0314a54c84894d61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3639203
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80771}

Change-Id: I62dd4249df122af567680cbaa18deb3c9ed44c90
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3672416
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80773}
 2022-05-27 09:17:44 +00:00
Darius M
ab76ffc8bd [builtins] use SIMD IndexOf/includes on large arrays 
Change-Id: If751e813c7f45a4d18b84e8c0314a54c84894d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3639203
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80771}
 2022-05-27 08:40:25 +00:00
Frank Tang
4ad4ba1dff [Temporal] Add Plain(Date)?Time.prototype.with 
Refactor ToTemporalTimeRecord to a new routine
ToTemporalTimeRecordOrPartialTime to share code with ToPartilTime
Change the return type of ToTemporalTimeRecord, RegulateTime

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaintime.prototype.with
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.with
https://tc39.es/proposal-temporal/#sec-temporal-topartialtime

Bug: v8:11544
Change-Id: I214147f497a405ee48e264833c7c0b9401596c01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3665269
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80769}
 2022-05-27 04:00:13 +00:00
Frank Tang
86a219d9c9 [Temporal] Add Duration.prototype.with 
Also add AO: ToPartialDuration
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-topartialduration
https://tc39.es/proposal-temporal/#sec-temporal.duration.prototype.with

Bug: v8:11544
Change-Id: I43282f5285a3c884229445547add6db2cde4fbe4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380102
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80767}
 2022-05-27 00:53:03 +00:00
Adam Klein
2c2280554e Enable mjsunit/wasm/shared-memory-worker-gc 
This test had been skipped since it was added in
4a416dbbe1.

Bug: v8:9380
Change-Id: I700f83fa4242baf44dd260fbc74520abf05101dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3670052
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80766}
 2022-05-26 22:19:29 +00:00
Frank Tang
1b13172df3 [Temporal] Add PlainDateTime.prototype.withPlainDate 
Also add AO: ConsolidateCalendars

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.withplaindate
https://tc39.es/proposal-temporal/#sec-temporal-consolidatecalendars

Bug: v8:11544
Change-Id: I98084f7cc92a837f6401a88ad10389a7c5df8b3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563541
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80764}
 2022-05-26 20:42:09 +00:00
Manos Koukoutos
66d3d28149 [wasm-gc] Improve array allocation 
We inline array allocation for wasm-gc in the TF graph by using
AllocateRaw nodes. Additionally, we use memset to initialize large,
zero-initialized arrays. These changes give measurable speedup in some
benchmarks.

Bug: v8:7748
Change-Id: Icbd37d0fe673c673379139b96d0e1c175e95e357
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3666618
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80762}
 2022-05-26 17:19:19 +00:00
Frank Tang
cc8b442773 [Temporal] Add PlainTime.prototype.toPlainDateTime 
Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.plaintime.prototype.toplaindatetime

Bug: v8:11544
Change-Id: I95bab9814471bb9347101d654f6dc902159f8fe3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538670
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80757}
 2022-05-26 04:45:19 +00:00
Frank Tang
600cebb4d0 [Temporal] Add Date.prototype.toTemporalInstant 
Spec Text:
https://tc39.es/proposal-temporal/#sec-date.prototype.totemporalinstant

Bug: v8:11544
Change-Id: I65315152333291f76edc05cc41a528912a185d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3609214
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80755}
 2022-05-25 18:20:10 +00:00
Manos Koukoutos
fe44d70604 [test] Skip failing test 
Bug: v8:12907
Change-Id: I8a6da86b4c88b5cfcc9bbb349841c422ac81b64e
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667082
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80751}
 2022-05-25 15:04:47 +00:00
Andy Wingo
e4941131f1 [stringrefs] Implement string.new_wtf8 
Bug: v8:12868

Also adds the equivalent of Utf8Decoder, but for WTF-8.

Change-Id: I1548a44b0aea912cdd429eb85be4dfc606355cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660257
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80750}
 2022-05-25 14:38:38 +00:00
Maya Lekova
5480e036d2 [megadom] Add TF inlining for Megadom 
The generated code checks if the receiver is a JS_API_OBJECT and if the
receiver requires an access check, and if not it lowers the call to an
API call.

We also add compilation dependencies on the protector cell to deopt if
our invariants change. (Note - the actual invalidation of these cells
will be implemented in a follow up CL)

Bug: v8:11321
Change-Id: I15722f1e5fac7176e292da4a35186e4609636aba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2719563
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80748}
 2022-05-25 14:07:01 +00:00
Darius M
702f0ff111 [compiler] Inline Array.prototype.at in JSCallReducer 
Bug: v8:12865
Change-Id: I539a5b0a9c3c78ef9a767de75b71dd06de337d9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647351
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80740}
 2022-05-25 10:01:03 +00:00
Frank Tang
702f874a3b [Temporal] Add PlainDateTime.prototype.toPlain(Date|Time) 
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplaindate
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplaintime

Bug: v8:11544
Change-Id: Ifb7115823d1d3d1ff53806f1b376d69302e00ae1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3385761
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80731}
 2022-05-25 01:17:21 +00:00
Patrick Thier
9964283126 Re-enable shared-memory tests under tsan/stress_incremental_marking 
The underlying issue was fixed with https://crrev.com/c/3660258

Bug: v8:12883
Change-Id: If7a1fdaf122396396cfbaaae3a68ef89bafc1703
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663342
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80728}
 2022-05-24 18:05:03 +00:00
jameslahm
560ce080fe [test] split websnapshot tests to avoid 
... timeout in the big websnapshot tests.

Bug: v8:12891
Change-Id: I7837ba985f835e20af294ea0206dfafb5def7619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660705
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80713}
 2022-05-24 09:57:58 +00:00
Solomon Kinard
ab2aa72dc7 v8: Copyright: Remove extra slashes 
Change-Id: I924a2b4dc4ab5e7be22fd2a9a1084473ba65fc35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3651039
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80711}
 2022-05-24 09:40:28 +00:00
Frank Tang
3c53e9adae [Temporal] Add PlainDateTime.prototype.withPlainTime 
Spec text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.withplaintime

Bug: v8:11544
Change-Id: I5277fb88675bb6d99b028a289329db06b95cc003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565026
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80706}
 2022-05-24 05:11:48 +00:00
Shu-yu Guo
116e6a528d [change-array-by-copy] Implement toReversed 
Bug: v8:12764
Change-Id: I7e76647be838749b723400914b144b9ec2a27cd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656520
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80703}
 2022-05-24 00:57:21 +00:00
Joyee Cheung
bb98b38735 [ic] handle access check for private names 
Previously the LookupIterator ignores private symbols
(including private names) for the access check. This patch
removes these exceptions so that they are always checked.

Drive-by: removes the unused should_throw parameter in
Runtime::DefineObjectOwnProperty()

Bug: chromium:1321899
Change-Id: I9677b1e377f01d966daa1603eee1ed9535ffab92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623419
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80700}
 2022-05-23 18:30:07 +00:00
Leszek Swirski
9ec29a4428 [maglev] Implement BranchIfInt32Compare 
Add an implementation of BranchIfInt32Compare, which is emitted whenever
a compare op is immediately followed by a branch.

Bug: v8:7700
Change-Id: I2c56d9de199bac8de33b33201f8614aee8e9894e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647693
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80694}
 2022-05-23 11:40:57 +00:00
Frank Tang
a2f22f4355 [Temporal] Add PlainDate(Time)? toPlain*Month* 
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.toplainmonthday
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.toplainyearmonth
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplainyearmonth
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplainmonthday


Bug: v8:11544
Change-Id: Ia97de3b4dde183ae4ee514deb4d13da5d5ff9bae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534451
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80680}
 2022-05-21 00:26:07 +00:00
Frank Tang
74aa5e7d68 [Temporal] Add Temporal.Duration.prototype.toJSON 
Also add AO: TemporalDurationToString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.duration.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-temporaldurationtostring

Bug: v8:11544
Change-Id: I7dfdb5458b88646a4ac7b7713e7c8e63352f7539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3438375
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80677}
 2022-05-20 22:38:35 +00:00
Andy Wingo
44932c1689 [stringrefs] Parse the string literals section 
Bug: v8:12868

Also adds wtf8.cc, wtf8.h to src/wasm, to implement WTF-8 validation and
possibly other utilities.  Also fixes a bug when parsing the string
literals section; I had misunderstood the way the unordered/ordered
sections mechanism worked.

Change-Id: I3c4205e0872379a69575f84ba33e0090a9d8d656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652789
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80674}
 2022-05-20 20:04:35 +00:00
Marja Hölttä
e819612aaf [web snap] Enable context referring to function 
Bug: v8:11525,v8:12820
Change-Id: Ic4cd3172a4d6884b8234ca6b6463dfc405e10ba1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652793
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80672}
 2022-05-20 16:10:44 +00:00
Tobias Tebbi
6e1fcf22f3 [test] remove flaky isOptimized check in regress-crbug-1323114.js 
Bug: v8:12893
Change-Id: Ibc2068011243b2ec811cd90646f0ec2a0d93cc05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657433
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80671}
 2022-05-20 14:50:02 +00:00
Leszek Swirski
47090774a4 [maglev] Add more Int32/Float64 arithmetic nodes 
Add Int32/Float64 nodes for:

  * Subtract
  * Multiply
  * Divide

and additionally Int32 nodes for

  * BitwiseOr/And/Xor
  * ShiftLeft/Right/RightLogical

The latter ones don't have Float64 equivalents since they're implicitly
Int32 operations. In the future we'll add support for Number feedback by
adding Float64-to-Int32 conversions and using the Int32 nodes.

The divide node does an Int32 division and deopts if there's a remainder
to the division -- we may want to make it output a Float64 instead if we
think that's more likely in real-world code. There's also no peephole
optimisations for constant operations, which would generate much better
code, especially for shifts.

Bug: v8:7700
Change-Id: Ief1d24b46557cf4d2b7929ed50956df7b0d25992
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652301
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80670}
 2022-05-20 14:48:59 +00:00
Marja Hölttä
0d57c9a863 [web snap] Fix context tree serialization 
Enforce the parent context has a smaller id, this time more forcefully.

Bug: v8:11525,v8:12820
Change-Id: I05bf675545b81b818eebfcaa40ee6bb93f5bcf9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652792
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80666}
 2022-05-20 12:21:50 +00:00
Jakob Kummerow
86be87df9c [bigint] Fix object literal property keys like 0x0n 
Fixed: chromium:1327321
Change-Id: I4868e0127b9dd14a0812cafca1681280534faa46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652788
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80661}
 2022-05-20 11:21:15 +00:00
Issack John
a679edbb6e JSON.parse errors made user-friendly part 2 
Part of the improve error messages initiative.

Based on a resource of JSON.parse() errors found at
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/JSON_bad_parse

added support for:
- 'Bad control character in string literal'
- 'Bad Unicode escape'

Previously JSON.parse('"a\bz"') would output:
SyntaxError: Unexpected token  in JSON at position 2
Now the output is:
SyntaxError: Bad control character in string literal in
JSON at position 2

Previously JSON.parse("[\"\\t\\u") would output:
SyntaxError: Unexpected end of JSON input
Now the output is:
SyntaxError: Bad Unicode escape in JSON at position 6

Bug: v8:6551
Change-Id: I3ba5450c41b8a388643a15bc58e4e3fc75855d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652254
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Issack John <issackjohn@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80642}
 2022-05-19 15:07:03 +00:00
Frank Tang
5354d8a1c6 [Temporal] Add PlainYearMonth.prototype.toJSON 
Also add AOs: TemporalYearMonthToString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plainyearmonth.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-temporalyearmonthtostring

Bug: v8:11544
Change-Id: Ibe8bd20ae5eb5b7721e50cf5386c20d8d23e18e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437894
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80627}
 2022-05-19 05:06:23 +00:00
Frank Tang
0b44a86009 [Temporal] Add PlainMonthDay.prototype.toJSON 
Also add AO: TemporalMonthDayToString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plainmonthday.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-temporalmonthdaytostring

Bug: v8:11544
Change-Id: Ibbc5b28a9c73474f7edc1b67c9beabf5bca54dbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437891
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80624}
 2022-05-19 02:44:13 +00:00
Frank Tang
a5697616eb [Temporal] Add PlainDate.prototype.toJSON 
Also add AOs: PadISOYear, FormatCalendarAnnotation, TemporalDateToString
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-padisoyear
https://tc39.es/proposal-temporal/#sec-temporal-formatcalendarannotation
https://tc39.es/proposal-temporal/#sec-temporal-temporaldatetostring

Change the ISODateTimeWithinLimits from
-8.64 × 10^21 - 8.64 × 10^16, 8.64 × 10^21 + 8.64 × 10^16
to
-8.64 × 10^21 - 8.64 × 10^13, 8.64 × 10^21 + 8.64 × 10^13
per https://github.com/tc39/proposal-temporal/pull/1723

Change to use AppendCStringLiteral instead of AppendCharacter when
appropriate.

Bug: v8:11544
Change-Id: I01f22657b2c3e5aacbea790593d7e9f60076ec74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3438379
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80622}
 2022-05-19 01:22:23 +00:00
Adam Klein
09c1012b21 Skip shared-memory tests under tsan/stress_incremental_marking 
Goal is to keep the tree green while the issue is investigated.
No impact on shipped product since shared-memory is flag-guarded off.

Bug: v8:12883
Change-Id: I9a434bdebc781023fa6693eef47db6dbe81cd4bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653320
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80619}
 2022-05-18 18:48:01 +00:00
Marja Hölttä
2cb5a08f43 [web snapshot] Add support for derived constructors 
Especially, this requires having the __proto__s of functions serialized.

Drive-by fix (gc stress): Handlify IterateBuiltinObjects.

Bug: v8:11525
Change-Id: I8dc50b9144d17134a7c9b8fdbabe23f5e44f197f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644613
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80608}
 2022-05-18 07:42:21 +00:00
Frank Tang
972d7e5abf [Temporal] Add TimeZone getOffset(Nanoseconds|String)For 
Also add the non-intl version of AO
GetIANATimeZoneOffsetNanoseconds which only implement for UTC.
(intl version implement other tz come later)

Also fix bug in JSTemporalTimeZone::offset_nanoseconds() that
"1000000L * offset_milliseconds()" may overflow int32_t before returning as int64_t by first casting offset_milliseconds() to int64_t in the operation so the whole formula is calculating under 64 bits not 32 bits. This bug fix some  *timezone-string-datetime tests.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.timezone.prototype.getoffsetnanosecondsfor
https://tc39.es/proposal-temporal/#sec-temporal.timezone.prototype.getoffsetstringfor
https://tc39.es/proposal-temporal/#sec-temporal-getianatimezoneoffsetnanoseconds

Bug: v8:11544
Change-Id: I2227dbfc8d6ed3ef83edcef5a9b903b8642b5902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534622
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80606}
 2022-05-18 07:15:48 +00:00
Andy Wingo
010de10eb8 [stringref] Add support for stringrefs in tables 
Bug: v8:12868
Change-Id: I42ef3e15b2a7fd2ef157aa0e657ddf98973e8d79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644956
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80605}
 2022-05-18 06:11:20 +00:00
Andy Wingo
59b7d6a0c1 [stringref] Add test for wasm-to-js calls 
Bug: v8:12868
Change-Id: I8d789457c725708e06f482d362d17c16a802a1f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644950
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80603}
 2022-05-17 19:14:37 +00:00
Solomon Kinard
87b4acd3d6 v8: Remove extra slashes 
Change-Id: Ib5d2e24ee4a83547b9d403d5d8b5d75173b8310b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3648093
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Solomon Kinard <solomonkinard@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80597}
 2022-05-17 15:27:27 +00:00
Manos Koukoutos
2a606bdb27 [wasm-gc][turbofan] Allow incompatible mutability in CsaLoadElimination 
Loading from/storing to the same field with incompatible mutabilities
is possible in unreachable code, specifically when a value is cast to
two different types with incompatible mutability for the same field
offset. Therefore, we allow this pattern in CsaLoadElimination.
When we detect it, we emit an Unreachable node to immediately crash the
program in case this unreachable code is somehow executed.

Bug: v8:7748, v8:12874
Change-Id: Ieb359d3e1b9f7bc4a91c556af2bba0507526d20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644806
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80587}
 2022-05-17 13:06:28 +00:00
Andy Wingo
1a3edfb7e5 [stringref] Add support for stringref globals, with JS interface 
Bug: v8:12868
Change-Id: I955155db468b2ecd86fa6c5a73c616b0e4c66446
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644949
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80584}
 2022-05-17 11:35:47 +00:00
Marja Hölttä
eb56775a69 [rab/gsab]: RAB/GSAB support for Function.p.apply 
Bug: v8:11111, chromium:1321013
Change-Id: Iec45b885e844ab02059470dd514f47133b0a6efe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650596
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80583}
 2022-05-17 10:50:27 +00:00
Solomon Kinard
b5c95961bd v8: Copyright: Remove extra slashes 
Change-Id: I3d3b1f0b86714e0d654ed18c055d394002dbec2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650832
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80582}
 2022-05-17 10:18:24 +00:00
Andy Wingo
e5af9c4f97 [stringref] Add support for passing stringref values to/from JS 
Bug: v8:12868
Change-Id: Ib4540352c7db4b4bdbf88b559da44b08e71dd483
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650603
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80580}
 2022-05-17 09:42:28 +00:00
Solomon Kinard
f54408434b v8: Copyright: Remove extra slashes 
Change-Id: Ib8ca0c771b50b712e5fd6acb470213235f69a99b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650833
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Solomon Kinard <solomonkinard@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80569}
 2022-05-16 18:19:06 +00:00
Issack John
718f743750 JSON.parse errors made user-friendly 
Part of the improve error messages initiative.

Based on a resource of JSON.parse() errors found at
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/JSON_bad_parse

Previously JSON.parse(NaN) would output:
SyntaxError: Unexpected token N in JSON at position 0
Now the output is:
SyntaxError: "NaN" is not valid JSON

Previously JSON.parse("{a:1}") would output:
SyntaxError: Unexpected token a in JSON at position 1
Now the output is:
SyntaxError: Expected property name or '}' in JSON at position 1

Bug: v8:6551
Change-Id: Ic9fad1fdbd295e1302805b81e6603fc526121960
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513684
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Issack John <issackjohn@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80567}
 2022-05-16 17:02:37 +00:00
Tobias Tebbi
b209cdf5bb [compiler] add test for crbug-1323114 
This is a follow-up to
https://chromium-review.googlesource.com/c/v8/v8/+/3630081

Bug: chromium:1323114
Change-Id: Ie6e3cbdecf370c5fdf9544c2f47f7b4f8f27bd70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647826
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80550}
 2022-05-16 11:50:56 +00:00
Jakob Kummerow
48a4195370 [wasm-gc] Fix type checking of null/undefined 
The LookupIterator only handles JSReceivers, so special-case oddballs.

Change-Id: I03d2875124775390c9b928fb7cfe4d938213b5d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645409
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80548}
 2022-05-16 10:44:46 +00:00
Andy Wingo
7d8b8b4f2f [stringref] Add support for parsing stringref instructions 
Bug: v8:12868

This wires up the parser and the decoder interface for stringref.  All
of the interfaces throw UNIMPLEMENTED, however.

Change-Id: If8cb131032e425a5672f793c6e4c24ddd188aebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645115
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80545}
 2022-05-16 10:10:06 +00:00
Marja Hölttä
36565f6b5c [rab/gsab] Fix memory size computations close to size_t limit 
Bug: v8:11111,v8:1321980
Change-Id: I4dead5d50a2e1a9c1011c16d13aad2722598e456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3642297
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80541}
 2022-05-16 09:13:38 +00:00
Andy Wingo
59518b083a [stringref] Add stringref type, section, feature flag definitions 
Bug: v8:12868
Change-Id: I69e149aa607ee77dd00267a0bbe4e5828dceb75e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647350
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80526}
 2022-05-13 14:28:43 +00:00
Andy Wingo
94ba69011e [stringref] Add tests that stringrefs are unsupported by default 
Bug: v8:12868
Change-Id: I9008da5f89c4c18ea45ddbe44cae832087c76b01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647349
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80523}
 2022-05-13 13:44:24 +00:00
jameslahm
557cc8a464 [web snapshot] Add support for double array 
This CL adds serialization and deserialization for
packed double array and holey double array.

Bug: v8:11525
Change-Id: Idce22e1c5d707e45127ae972587c6b7808ca2cda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3640751
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80514}
 2022-05-13 09:22:45 +00:00
Tobias Tebbi
b16d2a4e2f [wasm] add experimental string/Wasm GC array conversion fast-path 
This CL adds two experimental JS builtins to convert between
i16 Wasm GC and JS strings. This is a non-standard experimental
feature only available with the flag --wasm-gc-js-interop.

WebAssembly.experimentalConvertArrayToString(array, start, count)
Convert the `count`-many WTF-16 code units starting at index `start`
into a JS string. Throws a TypeError if `array` is not an i16 array,
or if `start` and `count` are not numbers or not in range.

WebAssembly.experimentalConvertStringToArray(string, sampleArray)
Convert `string` to an i16 array. The `sampleArray` parameter needs
to be an arbitrary i16 array, which is only used to extract the rtt.
Throws a TypeError if `string` is not a string or `sampleArray` is not
an i16 array.

Change-Id: I7ac2f6bd89b8f638427f61da1bb01ccba90d735b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3642301
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80505}
 2022-05-12 20:12:53 +00:00
Jakob Kummerow
8f3581125a [wasm-gc] Fix instantiation of modules with no types 
Fixed: v8:12866
Change-Id: Icba2ffc7837bf4942fd4bc741abeb7c98694c2d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644607
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andy Wingo <wingo@igalia.com>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80500}
 2022-05-12 17:48:17 +00:00
Jakob Kummerow
2f8f536b55 [wasm] Properly reject modules with unknown sections 
The IsValidSectionCode function shouldn't include internally-used
numeric identifiers of well-known optional sections.

Fixed: v8:12867
Change-Id: I9d894ee57157455e92a17ddcde94f32f05fb038d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644612
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80494}
 2022-05-12 15:08:02 +00:00
Jakob Kummerow
c875e86df1 [bigint] Convert BigInt property names to decimal 
Hexadecimal/octal/binary BigInt property names should be converted
to decimal, i.e. the following object literals should all be equivalent:
var o = {0xF: 1}, p = {0xFn: 1}, q = {15: 1}, r = {15n: 1}.

Test case by yangwenming@bytedance.com, uploaded at
https://chromium-review.googlesource.com/c/v8/v8/+/3634937

Fixed: v8:10600
Change-Id: Ie1d8a16e95697cd31cbc0784843779c921ce91fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3642302
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80490}
 2022-05-12 13:28:02 +00:00