Cmp can deal with large immediates (in particular Smi::kMaxValue).
Bug: v8:7700
Change-Id: I4dedb6c52f263f626f924c0465acbd5a250b7fd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127227
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85082}
Increase length of strings in the test to ensure they are cachable
external strings even when the sandbox is disabled.
Change-Id: I1228e1abb1d88c0bb70edaeb718e1bf2f4cdd53d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127228
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85081}
With lazy compilation we disabled mprotect-based code protection. We
currently have no users and no test coverage of that flag. Hence remove
it from the code base.
R=ahaas@chromium.org
Bug: v8:13632
Change-Id: I1e39499dfbdb896287901b97c32f00366449c466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114296
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85080}
This mode is not used in production any more, and will be removed from
the code base soon. Thus stop executing this variant on bots and remove
the variant definition.
R=machenbach@chromium.org
Bug: v8:13632
Change-Id: I15ff76fa6c5b52f5287e758a80f955ffb1278261
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127158
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85076}
CheckSmi is used by Maglev in release mode, so it should
not be defined inside a #ifdef V8_ENABLE_DEBUG_CODE
Change-Id: I5dfe23d90fcc662fa91e541bdb8df10c5d2a4e7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128616
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85075}
... and add exception handlers trampolines as a jump target for CFI.
Bug: v8:7700
Change-Id: Ie0ef6617ae5a42965862e5f3cf0d7a50158267bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128528
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85072}
... and CheckJSArrayBounds.
Also remove unused CmpObjectType in macro assembler.
Bug: v8:7700
Change-Id: I44297fd01146d68643222ad270391c597d0cbe66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128093
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85069}
This reverts commit 6b2c271cfb.
Reason for revert: All open bugs were fixed.
Original change's description:
> [foozzie] Temporarily lower the amount of --future tests
>
> Drop --future from 25% to 5% for a few days until all currently open
> correctness cases associated with --future are fixed.
>
> No-Try: true
> Bug: v8:7700
> Change-Id: I161a0adbc767c5cec46409443fe58c634531487c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114292
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85010}
Change-Id: I804a4c33922595e380bdd11150ff826d6669d846
No-Try: true
Bug: v8:7700
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128527
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85068}
EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.
This is a reland of commit f51e0bb1db
reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/4111954
Bug: v8:13257
Change-Id: Ia124a4201686e0ea79f9cd07bc3888b9781cafa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128141
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85066}
If we are near OOM, the {DecommitPages} call can actually fail. Call
{FatalProcessOutOfMemory} in that case to get a proper OOM crash
signature.
To protect against bugs in the implementation, we add a check that
decommitting only fails with the ENOMEM error.
R=mlippautz@chromium.org
Bug: chromium:1403519
Change-Id: I54fabd1efa566cc1c474974577ec16f75cd3d726
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4118548
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85065}
The fuzzer limits the number of "steps" that should be executed in
Liftoff. A "step" typically means one Wasm instruction. The cost of
function calls is linear in the number of parameters and locals though,
so that should be accounted for.
In the linked issue (timeout), we were repeatedly calling a function
with a big number of reference locals, which all need to be initialized
to the null value.
R=thibaudm@chromium.org
Bug: chromium:1399868
Change-Id: Id071aeee6a0b2670b926880744ea82cc37881876
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4118547
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85064}
Just take the first GP parameter register; this is more efficient than
going through the call descriptor.
R=ahaas@chromium.org
Bug: v8:13565
Change-Id: If0c6988c359511c07c5f41b7fa79e3e55d3d81c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111934
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85062}
This removes EmbedderHeapTracer from V8's API. Going forward
v8::TracedReference is only supported with using CppHeap (Oilpan).
Bug: v8:13207
Change-Id: I4e0efa94890ed147293b5df69fd7e0edad45abb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111546
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85061}
StoreDataView with no args should store NaN, not zero.
Bug: v8:7700
Change-Id: I9688465fea2ac1a88f0bff2a7b7d1c419dc7e43e
Fixed: chromium:1403743
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127165
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85060}
ToBoolean was wrong for a couple of root heap numbers (namely, NaN,
holey NaN, and minus zero.
Fix this, and add an exhaustive test of root constant ToBoolean values.
Bug: v8:7700
Change-Id: I6939c6eb5130cb8a3a4f7007b1a0a1dcc415e8b2
Fixed: chromium:1403740
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128524
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85058}
When internalizing external strings, a new internalized external string object is allocated if the string is not in-place internalizable. This newly allocated strings external resource is set to null (the actual resource will be transferred by MakeThin to ensure unique ownership of the resource).
We need to preserve the original string in the InternalizedStringKey for
the second lookup (inside the critical section), as we need to access
the external resource in case of hash collisions to check for equality.
Bug: chromium:1402187
Change-Id: I62b637859b06f05d1b34cb26495f08ec44d2f2db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128089
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85057}
This histogram should give us information on which compilation methods
get used in the wild.
R=clemensb@chromium.org, mlippautz@chromium.org
Change-Id: I6906580c1b8df7a1dff9ce6c169c6861936857d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128555
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85056}
The {madvise} call should typically not fail.
There are only two errors specified (EINVAL and ENOMEM), both of which
would only happen for invalid parameters.
Thus add a CHECK that the {madvise} call does not fail.
R=mlippautz@chromium.org
Bug: chromium:1403519
Change-Id: Ib8c7ca9bbcab921b89305f1614319ecaddd79812
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4124534
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85054}
This reverts commit 84e470845a.
Reason for revert: Breaks TSAN stress-incremental-marking: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/10433/overview
Original change's description:
> [wasm][capi] Optimize all functions before serialization
>
> The existing implementation of `serialize` in the C-API is to produce
> a snapshot of the current state of the `NativeModule`. However, so far
> all users of `serialize` did not care about the runtime of `serialize`,
> but cared about `deserialize` starting up fast.
>
> With this CL all functions of a module get tiered up to TurboFan before
> serializing the module.
>
> R=clemensb@chromium.org
>
> Change-Id: Icaef846e33509d90b38559c0b689f798d35a98db
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4129495
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85052}
Change-Id: Ie0758b32ef3469fe75d3a45bc3e6950b3b192edb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4131634
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85053}
The existing implementation of `serialize` in the C-API is to produce
a snapshot of the current state of the `NativeModule`. However, so far
all users of `serialize` did not care about the runtime of `serialize`,
but cared about `deserialize` starting up fast.
With this CL all functions of a module get tiered up to TurboFan before
serializing the module.
R=clemensb@chromium.org
Change-Id: Icaef846e33509d90b38559c0b689f798d35a98db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4129495
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85052}
... required for U16_NEXT in builds with ICU.
Change-Id: I2ccda0c3fa7fd0139745e6233c6ab4a5dec46b50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128520
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85051}
Which is needed to filter tests in the testrunner.
Change-Id: I6ef24ac3e7a716329acb3e860872d5c83f7d84d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128521
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85050}
TurboAssembler::Switch considers its "condition" input is 64-bit.
However, Maglev's inner integers are rather Smis/32-bit integers.
Because we didn't not sign-extend the condition before calling
TurboAssembler::Switch, negative values were treated as positive
rather than negative.
Fixed: chromium:1403749
Bug: v8:7700
Change-Id: I78e934045330012186dc83dea0dc620ec977380a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128080
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85049}
Inline {GetCodeLocked} and {ResetCodeLocked} to make the code simpler
and more efficient.
Drive-by: Make {FindJumpTablesForRegionLocked} private.
R=ahaas@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel
Change-Id: Id0649924440737f3a04dbb536bd2141732f4f3bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4123535
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85048}
`CpuProfiler::StopProfiling()` return `nullptr` if no profiling is
active. Thus a `nullptr` check is needed before serializing the profile
returned by `CpuProfiler::StopProfiling()`.
R=clemensb@chromium.org
Bug: chromium:1394663
Change-Id: I364eeb1d9bd670de5179e242c4462f0fbfc9c607
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4126234
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85047}
The condition to pass to CheckPageFlag was inverted on arm64 compared
to x64/ia32/arm. This caused a bug in Maglev (fixed in
https://crrev.com/c/4128556), and seems like it could easily cause
other bugs in the future.
With this CL, CheckPageFlag now behaves similarly on arm64 and
x64/ia32/arm.
Change-Id: Ib6b7f157db08d2e771ceb450ab16344c3578c546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128518
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85044}
.. which should result in 0 if x is non-negative, and -0.0 otherwise.
- Fix two invalid modulus-related folds.
- Handle aliased inputs in Int32ModulusWithOverflow.
- Drive-by: rename left/right to lhs/rhs to match the algorithm
description.
Note there is no deopt loop here since a result of -0.0 will update
feedback to kSignedSmallInputs.
Bug: v8:7700
Change-Id: I84fca0e43ded152d3520cbe73cc43299ff1c4230
Fixed: chromium:1403575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128081
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85039}
