When reparsing the class scope to collect initializers in sloppy mode,
the class scope may still have a scope info without any allocated
variables. If its outer scope doesn't have an outer scope (which means
the outer scope in the optimized scope chain becomes the script scope),
we should also set the scope info in the script scope as is done
in Scope::DeserializeScopeChain() for the scope resolution.
Bug: chromium:1290587, v8:10704
Change-Id: I7804d53f330e59d4ab0405a11b132569f348b55d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3413647
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78784}
This patch takes advantage of memory information from the module
to avoid unnecessary reloads of the SSA environment after a Wasm call.
As far as I can sse, the SSA envinronment consists of the mem_start
and mem_size values. Both these values cannot ever change if:
initial_mem_size == max_mem_size.
Although this should be obviously true for memories defined in the
module itself, some explanation may be necessary for imported memories.
During module instantiation, the imported memory is checked as part of
InstanceBuilder::ProcessImportedMemory. The following properties are verified:
1) The current size of the imported memory is >= the initial declared size
2) The maximal size of the imported memory is <= the maximal declared size
The effective maximal limit will be min(imported_max, declared_max),
hence the optimization will only trigger if the imported memory is
already as large as it can be.
Since memory growth is impossible, there is no point in reloading the
environment anyway.
Change-Id: Ie6c6ad278175d253b61131972a6db7530bd52b90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412082
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78782}
On AIX, calling mmap on a pre-designated address with
MAP_FIXED will fail and return -1 unless the application
has requested SPEC1170 compliant behaviour with arguments
such as `XPG_SUS_ENV=ON`.
Therefore an AIX specific implementation has been added under
platform-aix.cc.
Change-Id: Ib5b8a19a3a9e6d202aed7e792c00a25ddc547c72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3403045
Reviewed-by: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78778}
1) when generating short builtin calls/jumps assemblers should use the
offset from the CodeRange base rather than the start of the code
range reservation because otherwise it's not guaranteed that the
PC-relative offset will fit into architecture's constraints.
The code range reservation start could be different from the code
range base in the following cases:
* when the "base bias size" is non-zero (on Windows 64),
* when we ended up over-reserving the address space for the code
range, which happens as a last resort to fulfil the CodeRange
alignment requirements.
See the VirtualMemoryCage description for details.
Drive-by fixes:
2) in case of over-reserving address space for external code range,
the pre-calculated hint for where the remapped embedded builtins
should be copied to was outside of the allocatable CodeRange region
and thus useless. The fix is to use the allocatable region instead
of the reservation region when calculating the hint.
3) when allocating CodeRange with zero base bias size we can create
the VirtualMemory reservation from the first attempt simply by
passing the required base alignment to the VirtualMemory
constructor.
Bug: v8:11880, chromium:1290591
Change-Id: If341418947e2170d967e22b38bcc371594939c1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412089
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78772}
Map::Hash relies on the fact that the map space is never compacted.
However this might change in the future, so instead of using the
address of the prototype's map, we use the prototype's identity hash
instead.
Bug: v8:12578
Change-Id: Ia4961ed55119681c0033aa187789f6710ff2d22c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412085
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78768}
Exports are properties in the global object. Pre-reserve the space,
since we know the count upfront.
Bug: v8:11525
Change-Id: Ia8ea992234ed8cf71a1060254766b0ba31562436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416231
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78767}
In current BitwiseSmi bytecodes the code to do Smi operation is inside a
loop. This CL fast path the Smi operation by peeling the first Smi check
out of the loop, and avoid Smi->Int->Smi conversion where possible.
Drive-by fix: Add CSA_DCHECK in Smi shift to avoid unexpected use.
Bug: v8:12442
Change-Id: I1adce560fb22a4409337e2958779eccf9197e4ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328784
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#78764}
- Use raw pointer when setting the SFI in CreateJSFunction
- Use some more factory->xxx_value() handle accessor to avoid handle
creation
Bug: v8:11525
Change-Id: I5ed62f56cf2e53cc765566c0c129c7851b704813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401591
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78763}
This is a reland of 3cb4039cd1
Changes since revert:
- Fix FLAG_stress_scavenge interaction with shared Isolate
- Use the shared Isolate's global handles to keep shared values
alive in transit during a postMessage
Original change's description:
> [string] Support shared strings in Value{Serializer,Deserializer}
>
> When FLAG_shared_string_table is true, postMessaging strings will share
> instead of copy.
>
> Note that not all operations on shared strings are supported, and shared
> strings may be slower than non-shared strings for some operations.
>
> Bug: v8:12007
> Change-Id: I3462128e15410d2568868143571571b3025722c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78614}
Bug: v8:12007
Change-Id: I5d9b99b2dac6f26d5ef046d7aec94f1a1d219419
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389533
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78761}
Implementations are added to macro-assembler to be shared between
liftoff and code generator.
Change-Id: I6bde65dc50f1e52b8fbca150854e0b0863dff301
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416190
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78760}
Change-Id: Idce43801ef5f2f3e194a63cea3522eb6710b681e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3413192
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78758}
The hello world sample needs to initialize V8's default platform in case
it is not built as stand-alone example.
Bug: v8:12427
Change-Id: I78b68fbed2c2a25b0ff03675beb94dfc5b9b4135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412088
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78756}
When sandboxed external pointers are enabled, external pointers now only
require 32 bits of storage space in a HeapObject. This CL does not shrink
the size of EmbedderDataSlots, which will happen in a follow-up CL.
Bug: v8:10391
Change-Id: I3cf8b68c3b985cf806a45183717f50462a88c281
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359629
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78754}
Implementations are added to macro-assembler to be shared between
liftoff and code generator.
Change-Id: I3fac2b82686836106cefa9a78f5feda6105679d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412359
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78748}
Implementations are added to macro-assembler to be shared between
liftoff and code generator.
Change-Id: Ia26b82de3f0af076ace3d53e285917029d2d5ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3407794
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78746}
This is a reland of 91f08378bc
When the class scope does not need a context, the deserialized
outer scope of the initializer scope would not be the class scope,
and we should not and do not need to use it to fix up the allocation
information of the context-allocated variables. The original patch
did not consider this case and resulted in a regression when we
tried to reparse the initializer function to look for destructuring
assignment errors. This fixes the regression by not deserializing
the class scope that's going to be reparsed, and using the positions
of the scopes to tell whether the scope info matches the reparsed
scope and can be used to fix up the allocation info.
Original change's description:
> [class] implement reparsing of class instance member initializers
>
> Previously, since the source code for the synthetic class instance
> member initializer function was recorded as the span from the first
> initializer to the last initializer, there was no way to reparse the
> class and recompile the initializer function. It was working for
> most use cases because the code for the initializer function was
> generated eagarly and it was usually alive as long as the class was
> alive, so the initializer wouldn't normally be lazily parsed. This
> didn't work, however, when the class was snapshotted with
> v8::SnapshotCreator::FunctionCodeHandling::kClear,
> becuase then we needed to recompile the initializer when the class
> was instantiated. This patch implements the reparsing so that
> these classes can work with FunctionCodeHandling::kClear.
>
> This patch refactors ParserBase::ParseClassLiteral() so that we can
> reuse it for both parsing the class body normally and reparsing it
> to collect initializers. When reparsing the synthetic initializer
> function, we rewind the scanner to the beginning of the class, and
> parse the class body to collect the initializers. During the
> reparsing, field initializers are parsed with the full parser while
> methods of the class are pre-parsed.
>
> A few notable changes:
>
> - Extended the source range of the initializer function to cover the
> entire class so that we can rewind the scanner to parse the class
> body to collect initializers (previously, it starts from the first
> field initializer and ends at the last initializer). This resulted
> some expectation changes in the debugger tests, though the
> initializers remain debuggable.
> - A temporary ClassScope is created during reparsing. After the class
> is reparsed, we use the information from the ScopeInfo to update
> the allocated indices of the variables in the ClassScope.
>
> Bug: v8:10704
> Change-Id: Ifb6431a1447d8844f2a548283d59158742fe9027
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988830
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#78299}
Bug: chromium:1278086, chromium:1278085, v8:10704
Change-Id: Iea4f1f6dc398846cbe322adc16f6fffd6d2dfdf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3325912
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#78745}
The allocatable registers have holes, so not all FP registers are one
half of a valid SIMD register. Thus check if {GetAliases} returned an
allocatable SIMD register before looking up if that register is being
used. Otherwise we run into a DCHECK because {simd_reg} is invalid.
The bug was only introduced recently: https://crrev.com/c/3404780R=thibaudm@chromium.org
Bug: chromium:1290079, v8:12330
Change-Id: I99df1645cfeec375daec82dbf41c110b5474339c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412075
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78742}
This turns some CHECKs in the mid-tier register allocator into DCHECKs.
The ones inside {CheckConsistency} should be DCHECKs anyway, even if
they are inside an "#ifdef DEBUG" block. This will make ClusterFuzz
correctly detect them as "checks that only happen in debug mode".
Others were just unnecessarily always included, instead of only in debug
builds.
R=thibaudm@chromium.org
Bug: chromium:1271369
Change-Id: I51acde3c951c7a2af9dee36e25b196364ddf8f5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406760
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78741}
This minor change in how we iterate the virtual registers speeds up the
consistency checks by a factor of more than four.
R=thibaudm@chromium.org
Bug: chromium:1271369
Change-Id: Ieb9640d52c84fabacbbcf0fea56825fb594cfc21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406759
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78738}
Moves between stack slots are rare; they mostly happen for tail calls
or for multi-return blocks. The bug exists since a long time, but was
only uncovered by the fuzzer now.
R=ahaas@chromium.org
Bug: chromium:1289678
Change-Id: Ibb0917717c6b7a468f5fcbb01be34267ba06a449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406749
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78736}