Per https://github.com/WebAssembly/gc/issues/234, this implements
"nominal" type definitions with explicit supertypes, and statically
typed RTT-less instructions for allocation and testing/casting.
This should be fully backwards compatible with existing Wasm modules.
Spec: https://bit.ly/3cWcm6Q ("version 4")
Bug: v8:7748
Change-Id: Id5a1399b368fdfad22036cfd66f1bef593e640f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144916
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76844}
The very last part skipped the max_digits check, and earlier parts
forgot to account for that in their check. The reason why the last
part originally got special treatment no longer applies, so we can
fix this bug by removing the special case, simplifying the overall
logic.
Fixed: chromium:1248972
Change-Id: I1857dd8b63c00f9bdfb9237f2ea3621ecc1339e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160522
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76842}
This is a reland of a55c82d46b, now also
fixed for UBSan.
Original change's description:
> Reland "[wasm][test] Fix test expectation"
>
> This is a reland of 6f9cde1ee6, with
> special handling for MSan as well.
>
> Original change's description:
> > [wasm][test] Fix test expectation
> >
> > In the mprotect case, there could be one or multiple succeeding writes
> > until we finally crash. Thus do not check that we never successfully
> > write, but just check that the last printed statement is *before* a
> > write.
> >
> > R=jkummerow@chromium.org
> >
> > Bug: v8:12226
> > Change-Id: I04209691a9320a9b29dd0ec364539e062ad2dc03
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160343
> > Commit-Queue: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#76829}
>
> Bug: v8:12226
> Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
> Change-Id: I85ca98be43fc1d933d39a4602194e1771c33007c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162037
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76839}
Bug: v8:12226
Change-Id: I911295b73a385c899a993a729db3a499e58b7cb6
Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162041
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76841}
This reverts commit a55c82d46b.
Reason for revert: Fails on UBSan: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20cfi/31712/overview
Original change's description:
> Reland "[wasm][test] Fix test expectation"
>
> This is a reland of 6f9cde1ee6, with
> special handling for MSan as well.
>
> Original change's description:
> > [wasm][test] Fix test expectation
> >
> > In the mprotect case, there could be one or multiple succeeding writes
> > until we finally crash. Thus do not check that we never successfully
> > write, but just check that the last printed statement is *before* a
> > write.
> >
> > R=jkummerow@chromium.org
> >
> > Bug: v8:12226
> > Change-Id: I04209691a9320a9b29dd0ec364539e062ad2dc03
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160343
> > Commit-Queue: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#76829}
>
> Bug: v8:12226
> Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
> Change-Id: I85ca98be43fc1d933d39a4602194e1771c33007c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162037
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76839}
Bug: v8:12226
Change-Id: Ifb0f4b7e87c9c54271f7f3de29b1f1fc6e867f3f
Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162040
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76840}
This is a reland of 6f9cde1ee6, with
special handling for MSan as well.
Original change's description:
> [wasm][test] Fix test expectation
>
> In the mprotect case, there could be one or multiple succeeding writes
> until we finally crash. Thus do not check that we never successfully
> write, but just check that the last printed statement is *before* a
> write.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12226
> Change-Id: I04209691a9320a9b29dd0ec364539e062ad2dc03
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160343
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76829}
Bug: v8:12226
Cq-Include-Trybots: luci.v8.try:v8_linux64_msan_rel_ng
Change-Id: I85ca98be43fc1d933d39a4602194e1771c33007c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162037
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76839}
Activate argument count consistency (receiver is always included in
JS argument count) for x64 and ia32.
Bug: v8:11112
Change-Id: If60000b6566846c84f1042473d25d79bf5c86a9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160198
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76838}
The function used raw pointers but also created Refs, which can cause
GC. Thus the code isn't safe (this has already lead to crashes in an
older version of the code).
Drive-by: Remove unnecessary native_context field (get the native
context from the context instead).
Bug: v8:12205, v8:7790
Change-Id: I4868323f48fc411e8462b7824fde3d8715b55abc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160520
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76834}
Rolling v8/build: f16814b..1384630
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/53aef64..6b072fa
Rolling v8/third_party/depot_tools: 984ce94..287ed7c
Rolling v8/third_party/googletest/src: 955c7f8..159c9ad
Rolling v8/tools/clang: e74330f..83b09bd
Rolling v8/tools/luci-go: git_revision:4a0f3da2840eaa5341470174b57047313e074ecd..git_revision:dc21267f89df3981e809fe9566591d6916ae758b
Rolling v8/tools/luci-go: git_revision:4a0f3da2840eaa5341470174b57047313e074ecd..git_revision:dc21267f89df3981e809fe9566591d6916ae758b
Rolling v8/tools/luci-go: git_revision:4a0f3da2840eaa5341470174b57047313e074ecd..git_revision:dc21267f89df3981e809fe9566591d6916ae758b
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I1a08e93ba5d136d01a02754ddf98f6d21f50d014
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3159555
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76833}
Share the AVX and SSE4_1 code for Pextrd but delegate to base class for
the pre-SSE4.1 code (via CRTP).
Bug: v8:11589
Change-Id: Ic7709ccf7d9029829583c9287c1b0842ff11b799
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160332
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76832}
This reverts commit 6f9cde1ee6.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/40332/overview
Original change's description:
> [wasm][test] Fix test expectation
>
> In the mprotect case, there could be one or multiple succeeding writes
> until we finally crash. Thus do not check that we never successfully
> write, but just check that the last printed statement is *before* a
> write.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12226
> Change-Id: I04209691a9320a9b29dd0ec364539e062ad2dc03
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160343
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76829}
Bug: v8:12226
Change-Id: I11ed00268db8dae5c773ed14fda9a343566f910a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3161333
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76831}
r0 is used to indicate a value of "0" in which case
only the ra() value gets used.
Change-Id: I5ea5c51c1a652d042137c2d940818b93dac52492
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3159668
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76830}
In the mprotect case, there could be one or multiple succeeding writes
until we finally crash. Thus do not check that we never successfully
write, but just check that the last printed statement is *before* a
write.
R=jkummerow@chromium.org
Bug: v8:12226
Change-Id: I04209691a9320a9b29dd0ec364539e062ad2dc03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160343
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76829}
Currently the main test for disassembly just checks that there is
disassembly support for a assembler function, it doesn't verify the
output is as expected.
Add a new test case that checks the disassembly output against an
expected string.
Right now we only check a single instruction, subsequent patches will
move more instructions into this test case.
Bug: v8:12207
Change-Id: Id183bb2fd625713d82239363ebce3f4c77155acd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3150145
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76828}
We need to support pre-SSE4.1 for Pinsrd. Share the AVX and SSE4_1 code,
but delegate to base class for the pre-SSE4.1 code (via CRTP).
Bug: v8:11589
Change-Id: I7563670174e44d8061182aefc311593d9578b0e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3159183
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76827}
The idea of effect level was introduced in
https://codereview.chromium.org/1706763002. This change was trying to
optimize sequences like:
x = load o, i
cmp 1, x
to use a memory operand:
cmp 1, [o+i]
However, the load can be invalidated, like so:
x = load o, i
store o, i, v
cmp 1, x
Then, selecting a memory operand for cmp would be incorrect (it should
be using the loaded value x, not the store valued v:
store o, i, v
cmp 1, [o+i] # uses v, which is wrong, should use x
Effect levels were introduced to mark where levels of potentially
invalidating instructions:
effect level
x = load o, i 0
store o, i, v 1
cmp 1, x 1
Then when selecting instructions, CanCover will check to ensure that cmp
and load are on the same level.
ProtectedLoad, and LoadTransforms should not affect the effect levels in
this case, because they don't invalidate any prior loads:
x = load o, i
y = protected load o, i
cmp 1, x
Becomes:
y = protected load o, i
cmp 1, [o+i]
Bug: v8:12189
Change-Id: I585b94320def4ba554ae955fa5f8fcc9efd6dafe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158551
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76826}
Change them to use macro-assembler functions so they will emit AVX if
supported.
Rename the opcodes since they are no longer SSE specific.
Bug: v8:12148
Change-Id: Iaa2aa54dde9f9b41304394f98b8ed18dbb65715b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158679
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76825}
WPT and WebAssembly spec tests are not 100% in sync, which means that
there are aspects of the WebAssembly spec that get only tested by WPT.
Up until now WPT was only executed on the blink side, and failing tests
were just ignored. With this CL we add WPT to the existing wasm spec
test setup, so that we run both the spec tests, and WPT.
Bug: v8:12227
Change-Id: Iccbe696a6d9dd01f8bab1990736f1ed16e0cdf7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160347
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76823}
Avoid the usage of ASSERT_DEATH_IF_SUPPORTED with a matcher, as that's
not supported if death tests are not supported (e.g. on iOS).
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: Ieb33ac8605e82fde67bfcd0e81e85ac2d18e9b27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160341
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76822}
This reverts commit 0adc1410b1.
Reason for revert: Reverting due to fail on V8 Linux - noi18n - debug https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8836095186331011153/+/u/Check_-_default/function-exist
Original change's description:
> [Temporal] Part 1 - Skeleton
>
> 1. Expose all the functions to empty buildins.
> 2. Wire up basic structure of classes and internal slots.
>
> Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/
>
> This is just a CL to establish a skeleton for Temporal.
> The Temporal is very big. The prototype CL is in
> https://chromium-review.googlesource.com/c/v8/v8/+/2967755
> but too big to be reviewed so I break up the basic structure here first.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
> Bug: v8:11544
> Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76819}
Bug: v8:11544
Change-Id: I358f671452a986c8e87d1f831ab5eb1550a38441
Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160467
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76821}
Pinsrb, Pinsrw was separately defined in ia32 and x64 macro assembler,
move them into shared-macro-assembler.
Pinsrd can be moved also, but is not as straightforward, move that in a
future patch.
Bug: v8:11589
Change-Id: Ib5c7517236e0c3fb7b9a4643f0a3ee8237ee6545
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158681
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76820}
1. Expose all the functions to empty buildins.
2. Wire up basic structure of classes and internal slots.
Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/
This is just a CL to establish a skeleton for Temporal.
The Temporal is very big. The prototype CL is in
https://chromium-review.googlesource.com/c/v8/v8/+/2967755
but too big to be reviewed so I break up the basic structure here first.
Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
Bug: v8:11544
Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76819}
DataView constructor, DataView.prototype.byteLength
and DataView.prototype.byteOffset should throw
TypeError when the buffer was detached.
Both SpiderMonkey and JSC passed the test262 suites.
Bug: v8:12162
Change-Id: I126d24213c00e4d26540519bce9b5388862eb32c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140015
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76818}
We introduce the WasmInliningHeuristics virtual class and implement it
with a trivial heuristics that inlines direct calls based on callee
index only. Other, more meaningful heuristics will be introduced later.
Bug: v8:12166
Change-Id: I74fd8f61e0c97b975827fa062629e9ff7463e058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157952
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76816}
1) Code in JSCallReducer read a FeedbackCell twice and expected the
result to be the same.
2) JSInliningHeuristics, in the CheckClosure case, assumed that the
FeedbackCell contains a FeedbackVector.
Bug: chromium:1248743, v8:7790
Change-Id: I66d6dd5f7a879c2479572e1896dd78aeedd2fa27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160200
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76815}
The previous setup of the test was suboptimal and could easily hide
bugs. Since the whole test body was wrapped in an ASSERT_DEATH call
(without checking any message of the crash), any CHECK failure inside
the test body would make the test pass.
This CL leverages the fact that in our setup the "death test style" is
set to "threadsafe" anyway, so the process that is forked for the death
test just runs the whole test body including the single death test of
interest, and the parent checks that it indeed crashes. This allows us
to undo our previous setup and just include death test assertions
regularly in the test body. By checking that the child process fails
exactly between two print statements (around the write access) we ensure
that we observe the crash we intend to observe.
R=jkummerow@chromium.org
CC=mpdenton@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Change-Id: I293079ae2dbcbe154bef91314ed08cab567f4d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151965
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76814}
CopyChars takes a count parameter, not an end parameter, so we can save
some subtractions by passing in the count to WriteToFlat. Most of the
time the start,end arguments into WriteToFlat are 0,length anyway, so
this doesn't change a lot of places.
Change-Id: I9587c7afce529218a16b728c0477b87569df8e21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157947
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76813}
This is a reland of deb66c84c0
Added missing cctest.status entries to disable the tests on
non-simd hardware.
Original change's description:
> [wasm] Add tests for NaN detection in Liftoff
>
> Check that the flag is also set if only one of the lanes is NaN for SIMD
> operations.
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76801}
Bug: v8:11856
Change-Id: If45451703d80fe217eac8c610dac022dc778436f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158329
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76812}
The struct is reused across various GC cycles and std::move() may leave
the vector in valid but unspecified state.
Change-Id: I3c40795be7397d015b96116d3549953024b98808
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160197
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76811}
Rolling v8/build: 38820a5..f16814b
Rolling v8/third_party/aemu-linux-x64: _MqlabIiZ-51x79A36MyMSHmpsXJ6kjMY-4BqteuKPoC..FqiWusPGPs0zkuCyCSj2axBNOhCaD117fjIbnnj6h8kC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7a4741c..53aef64
Rolling v8/third_party/depot_tools: 8f09549..984ce94
Rolling v8/third_party/instrumented_libraries: 20795c9..cb29f9c
Rolling v8/tools/luci-go: git_revision:7b62727dc713b47d7a7ce9bca27500cb8e82ebd7..git_revision:4a0f3da2840eaa5341470174b57047313e074ecd
Rolling v8/tools/luci-go: git_revision:7b62727dc713b47d7a7ce9bca27500cb8e82ebd7..git_revision:4a0f3da2840eaa5341470174b57047313e074ecd
Rolling v8/tools/luci-go: git_revision:7b62727dc713b47d7a7ce9bca27500cb8e82ebd7..git_revision:4a0f3da2840eaa5341470174b57047313e074ecd
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Idfa651e9a56ed67f7d95647903f1b29f4e4e7c97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3159602
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76808}
If load imm32 using auipc/lui, for example load 0x7FFFFBF9, we should ensure imm32 + 0x800 is int32
Bug: v8:12171
Change-Id: I605ae9cad0b67cfd68d727ebdb3bcefea21904fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3141264
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76807}
We move the implementation in Liftoff (which is the most general and
handles AVX/SSE and also register aliasing) into shared-macro-assembler.
Also consolidate SSE/AVX for ia32.
No functionality change is expected.
Bug: v8:11589
Bug: v8:11217
Change-Id: I64cc71791f04332dd3505055f4672430c2daf5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3131373
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76805}
Bug introduced In crrev.com/c/3150138.
Fixed: v8:12220
Change-Id: I5cae11fdd43dc47dad0c8bf55daa6b925b629da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158543
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76804}
Move this from macro-assembler-x64 to shared-macro-assembler, and use
this implementation for ia32 (TurboFan and Liftoff).
Bug: v8:11589
Change-Id: If851560c8db1293924ca024725609c399c553a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124099
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76803}
This reverts commit deb66c84c0.
Reason for revert: Fails in no-sse config: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/36712
Original change's description:
> [wasm] Add tests for NaN detection in Liftoff
>
> Check that the flag is also set if only one of the lanes is NaN for SIMD
> operations.
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76801}
Bug: v8:11856
Change-Id: I16c50b3d0c1831a6d61159bdcf29610fd5aed8a4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158328
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76802}
Check that the flag is also set if only one of the lanes is NaN for SIMD
operations.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I3860ed1beac4faee1ade7180b67ca06762ca9b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158322
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76801}
Lu Yahan is a key contributor to the RISC-V target and I would like to
add him to the owners list so that he can approve changes in Gerrit.
Change-Id: I017fb2ef20320887959e9830fb63e05df121c7b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3145370
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/main@{#76800}
Also a couple of microoptimizations and consistent formatting in
WriteToFlat.
Change-Id: Ie642a4b8e0819b04603ee5c5d12eebccf6a2d59c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3151963
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76799}
This fixes the order of declaring class members for LiftoffCompiler,
LiftoffAssembler, LiftoffRegister, and LiftoffRegList.
The recommended order according to the style guide is: types, constants,
constructors, other members, data members.
R=thibaudm@chromium.org
Bug: v8:11879
Change-Id: I5c550ed11ed0169f07477b6a1723053316374707
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3157960
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76798}
This unblocks https://crrev.com/c/3099011 by speeding up the case for
the DebugPropertyIterator where only non-indexed properties (for large
arrays or typed arrays) are requested. Previously we'd walk through all
properties - including all indexed properties - and only filter out the
indexed properties in the end in `ValueMirror::getProperties()`.
Bug: chromium:1199701, chromium:1162229
Change-Id: I2555e3129fef29da347314eee400ea97ebf5e5b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114135
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76796}
The refactoring is triggered by https://crrev.com/c/3121905 where we
noticed that a bunch of tricky counter paths could be simplified,
making reasoning about corectness easier.
In this CL:
1. Use uniqe_ptr instead of Optional to allow moving SweepingJob away
from the header file.
2. sweeping_in_progress_ is replaced with simply checking for a job.
3. freed_bytes_ are moved to the job and the dependency is reversed,
avoiding the inside-out (Job->Sweeper) dependency completely.
4. Merge() and counter updates are merged into a Finalize() method.
5. FinishIfDone() allows for conditional finization.
6. young_bytes_ and old_bytes_ are removed as they were always updated
when the corresponding bytes in the ArrayBufferList was updated.
Change-Id: I56e5b04087166ce03d3a9195ac48359122a84c73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124776
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76795}
