Commit Graph

77584 Commits

Author SHA1 Message Date
Frank Tang
a4afe1a09f [Temporal] Remove passing tests
Bug: v8:11544
Change-Id: I23435db7f625ee35f560fd84ee98d481081fb5ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868513
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83092}
2022-09-09 03:58:01 +00:00
jiepan
79da7bbb93 [wasm][revec] Add YMM register in register allocation
Bug: v8:12716
Change-Id: I0a1e807f7b0c64afa7d259361c47314e9c9e30db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867140
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83091}
2022-09-09 01:31:31 +00:00
Frank Tang
14d9b9a246 Reland "[Temporal] Use double/int32_t instead of int64_t for duration parsing"
This is a reland of commit a165e82ea7

The reason of revert is  SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22   which is the line
"nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);"
where seconds_mv is a double and nanoseconds_mv is a int32_t
In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error.


Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double and int32_t instead of int64_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}

Bug: v8:11544
Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83090}
2022-09-08 22:24:51 +00:00
Samuel Groß
68de20179c [sandbox] Skip mkgrokdump test in non-sandbox mode
When the sandbox is disabled, object layouts are now different as
ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit
(ExternalPointerHandles).

Bug: v8:10391
Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83089}
2022-09-08 21:42:16 +00:00
Frank Tang
95b02431bd [Temporal] Fix AddInstant and AddZonedDateTime
Change AddInstant to use BigInt::FromNumber(isolate, factory->NewNumber
instead of BigInt::FromInt64 to convert from double to BigInt.
Sync AddZonedDateTime with https://github.com/tc39/proposal-temporal/pull/2303 which call AddInstant as ? instead of ! marking.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-addinstant
https://tc39.es/proposal-temporal/#sec-temporal-addzoneddatetime

PR: https://github.com/tc39/proposal-temporal/pull/2303

Bug: v8:11544
Change-Id: I4bd176294780f761341c25a5f71643b437f99c82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859165
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83088}
2022-09-08 21:15:01 +00:00
Adam Klein
33806ecad7 Revert "[fuchsia] Migrate d8 to a component framework v2 Fuchsia component"
This reverts commit 50802793f7.

Reason for revert: blocking v8 roll:
https://ci.chromium.org/ui/p/chromium/builders/try/fuchsia_x64/1301026/overview

Original change's description:
> [fuchsia] Migrate d8 to a component framework v2 Fuchsia component
>
> In the process, switch to using the Fuchsia GN SDK templates for
> building the component and package.
>
> Bug: v8:12589
> Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
> Auto-Submit: Greg Thompson <grt@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Greg Thompson <grt@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83084}

Bug: v8:12589
Change-Id: I94ce2ef0e7cba5d39c8d18ca7dc7264289325e99
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885079
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83087}
2022-09-08 20:44:11 +00:00
Omer Katz
5767c95604 [heap] Update page promotion heuristics
This CL includes the following changes:
1) Ignore ShouldReduceMemory for MinorMC (since it can't move objects)
2) Make FLAG_page_promotion more explicit in the condition
3) Take wasted bytes into account for MinorMC (full GC can compact and
   "reset" wasted bytes)

Bug: v8:12612
Change-Id: I64d214e692b8ecd20189c59e2a77807f05e43817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879606
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83086}
2022-09-08 20:29:21 +00:00
Milad Fa
0c793e7073 PPC [liftoff]: implement simd min/max ops
Change-Id: I064347b21de1eb8013754e715d99f13c6e59c192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876443
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83085}
2022-09-08 18:10:11 +00:00
Greg Thompson
50802793f7 [fuchsia] Migrate d8 to a component framework v2 Fuchsia component
In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.

Bug: v8:12589
Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83084}
2022-09-08 16:58:50 +00:00
Samuel Groß
49c5967830 [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
Now that all external pointers have been sandboxed,
V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
shrinks external pointer slots to 32 bits when the sandbox is enabled.

Bug: v8:10391
Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83083}
2022-09-08 15:25:30 +00:00
Leszek Swirski
c5151fc751 [maglev] Support accessor loads via the prototype
Support LoadHandler::Kind::kAccessorFromPrototype, which is an accessor
on the prototype and is a direct call to the accessor.

Bug: v8:7700
Change-Id: I288972c027d37c8eb7c3558db4951bffdfba201f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882975
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83082}
2022-09-08 14:44:30 +00:00
Victor Gomes
ac5e66d40a [maglev] Add some debug code to ResumeGenerator
This mimics Ignition, which calls AbortIfRegisterCountInvalid.

This adds a --maglev-assert flag, since we do not want to emit
different code per IR node for debug vs. release modes.

Bug: v8:7700
Change-Id: Iddb17f0ccadf9d6009b242883b2e5d126875c844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83081}
2022-09-08 14:34:01 +00:00
Omer Katz
22543d70d1 [test] Make SamplingHeapProfilerRateAgnosticEstimates more robust.
Inlining of bar into foo required taking allocation in foo into account
as well (crrev.com/c/1021734), but this makes the test vulnerable to gc
timing changes since other allocations are also inlined into foo and may
die at arbitrary times (as observed when enabling MinorMC).
Fix by preventing inlining of bar into foo.

Bug: v8:12612
Change-Id: I2d8848d4002334d329c4b2cc8f18bff1296f5cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882970
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83080}
2022-09-08 14:14:21 +00:00
Dominik Inführ
ead6620e65 [heap] Decrease step size for ScavengeJob observer
Currently this observer uses 80% of initial new space capacity as
step size. But this means that after the first minor GC this will most
likely decouple from the current new space size since the allocation
counter isn't reset after a GC and surviving objects aren't
accounted.

Use 64K as step-size since this should be large enough to not cause
regression but it should still work for Scavenger and Minor MC such
that a step invocation will be performed close to reaching 80% of
new space capacity.

Bug: v8:12612
Change-Id: I4abc17eaeded90e0f72d9467a4410159ef0e6dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879618
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83079}
2022-09-08 14:07:31 +00:00
Omer Katz
7ed1c5a03b [heap] Prevent incremental marking during gc callbacks
Drive-by: merge all collector choosing criteria into
SelectGarbageCollector.

Bug: v8:12612
Change-Id: I84d9e1aa5f658f48d5deeab1a8ef49ed1871cba5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879608
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83078}
2022-09-08 13:44:13 +00:00
Leszek Swirski
a9fabeb657 [interpreter] Reshuffle registers for super()
Change the constructor and instance registers into a single
constructor_then_instance register, and add some register allocation
scopes to reduce temporary register use. This also allows us to change
FindNonDefaultConstructor to only need one output for both constructor
and instance.

Also make BuildCreateArrayLiteral a bit more friendly to the interpreter
register allocation.,

Bug: v8:13091
Change-Id: I0b6015b0bc6810bb4607157d715b7e536efb89f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876386
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83077}
2022-09-08 13:41:21 +00:00
Marja Hölttä
c7bf46eabc [baseline] Omit calling default ctors
I.e., implement a baseline handler for the FindNonDefaultConstructor
bytecode.

Bug: v8:13091
Change-Id: If1b119ae0479e54d2a89143bf8f40faeadb1abaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871206
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83076}
2022-09-08 13:27:50 +00:00
Camillo
9459c27b68 [deserializer] Reduce DCHECK noise for fuzzing
Skip over DCHECK in fuzzing that is always checked later by getting the
value from a Maybe object.

Bug: chromium:1359230, chromium:1360735
Change-Id: I9512e27fdeb1d6919e24bd631ae2caece7aed466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874934
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83075}
2022-09-08 13:17:28 +00:00
Milad Fa
c0f420ef5c PPC/s390: [log][compiler] Enable first-execution logging
Port b257641833

Original Commit Message:

    Re-implement the --log-function-events functionality after
    refactoring the tiering state bits on the FeedbackVector.

    The new version also tries to log first-execution of non-interpreter
    code and will handle OSR events.

    Not-yet supported:
    - First-execution logging when OSR-ing in Sparkplug or Maglev

R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I2a99ca0976bc81e5994fa2e1c6d8045c303fc0f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876375
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83074}
2022-09-08 12:37:23 +00:00
Dominik Inführ
c4177c539f [heap] Remove page from space in ReleaseEvacuationCandidates
We used to remove the page from the space in the "evacuation" phase,
such that the following "update pointers" phase wouldn't try to
update pointers for evacuation candidates.

In this CL we move page removal to ReleaseEvacuationCandidates() which
is run after the "update pointers" phase finished. In the
"update pointers" we can skip evacuation candidates to not update
pointers on those pages.

That way PostProcessEvacuationCandidates() can be renamed to
PostProcessAbortedEvacuationCandidates() since it now only handles
aborted evacuation candidates.

Bug: chromium:1359294, v8:12578
Change-Id: Ifc4f58d71b630c3ef72f2bd994fedeabba878945
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879486
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83073}
2022-09-08 12:30:49 +00:00
Dominik Inführ
682947f813 [heap] Clear markbits for evacuated objects in ReRecordPage
Move clearing of markbits in the evacuated area into ReRecordPage,
which also resets all other metadata for that memory area.

Since this case is now handled in ReRecordPage, all other use cases
can delete markbits for the whole chunk and allows the
VisitBlackObjects* methods to not deal with markbits anymore.

Bug: chromium:1359294, v8:12578
Change-Id: Ic98debe04efb7f415cf06efb58af0f728071aa65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879499
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83072}
2022-09-08 12:29:45 +00:00
Teodor Dutu
2a8f562877 Revert "[ptr-compr-8gb] Align Turbofan allocations to 8 bytes"
This reverts commit f97f7d79fc.

Reason for revert: a simpler approach will be used instead.

Original change's description:
> [ptr-compr-8gb] Align Turbofan allocations to 8 bytes
>
> In order to support a larger heap cage (8GB, 16GB), the cage offset
> will take up more than 32 bits. As a consequence, for 8GB cages, the
> least significant bit of the cage offset will overlap with the most
> significant bit of the tagged offset. To avoid this, allocations need
> to be aligned to 8 bytes to free up one bit from the offset.
>
> All changes are deactivated behind the build flag
> `v8_enable_pointer_compression_8gb`. Allocation folding is not yet
> supported.
>
> Bug: v8:13070
> Change-Id: I602c71232e98eac4e2701b0922704a7adc31a662
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817741
> Commit-Queue: Teo Dutu <teodutu@google.com>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82331}

Bug: v8:13070
Change-Id: Id2186898596847142a80aba7604e870093a26d8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879224
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Teo Dutu <teodutu@google.com>
Cr-Commit-Position: refs/heads/main@{#83071}
2022-09-08 12:14:15 +00:00
JialuZhang-intel
3c6cd92d81 [x64] use movl for move instruction with word32 operand.
Before:
  488bd6 REX.W movq rdx, rsi

After:
  8bd6 movl rdx, rsi

This CL can save a 1-byte encoding length for move instruction.

Change-Id: Ief482b4093f22ab810dbc693e8d9ed55a8c14c84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875397
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83070}
2022-09-08 11:52:25 +00:00
Camillo
2c0a49f39c [tools][profiling] Add googler pprof support for chrome helper
- Add gcert/gcertstatus support for chrome helper
- Skip pprof uploading for non-googlers
- Print better local results instructions for multiple chromium
  results files
- Fix docs link in --help text
- Exit silently when a keyboard interrupt ocurred

Drive-by-fix:
- format files
- sort imports

Change-Id: I88bae27102dbf3d560c4203774d9746e96fdbdc5
No-Try: True
No-CQ: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878166
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83069}
2022-09-08 11:43:06 +00:00
Ilya Rezvov
94c28eb72f Reland "Port JS-Wasm Promise Integration for arm64"
This is a reland of commit 0a1a579ad2

The original CL has a bag in assigning no_reg to scoped Register variable.
To fix it Scoped guard was added for automated release of scoped registers.

Original change's description:
> Port JS-Wasm Promise Integration for arm64
>
>
> Port Generic JS-Wasm Wrapper for arm64
>
> Change-Id: I256e6511d47af9ab04c577beb6b829dfee34a6ed
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841074
> Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83038}

Change-Id: I7b8b355f5689e51529223f1156e74e980c3b50ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879492
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83068}
2022-09-08 11:36:25 +00:00
Leszek Swirski
5d201ee105 [meta] Add DIR_METADATA for src/maglev
Bug: v8:7700
Change-Id: I4efa8f8b3b7df03b3fb6b6bd35c7310b0da07d49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879613
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83067}
2022-09-08 11:23:45 +00:00
Al Muthanna Athamina
c66e6ea05f Disable interrupt-budget-for-maglev flag
Bug: v8:7700
Change-Id: Ieff3e3b053f418e73699a208993c4d0771326522
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879614
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83066}
2022-09-08 11:22:35 +00:00
Thibaud Michaud
721ae440ca [wasm] Fix stack-switching JS limit offset
Add the missing KB multiplier. Also add a flag to set the fixed stack
size.

R=clemensb@chromium.org

Bug: v8:12191
Change-Id: I9782192d2eef1986286f726a05444a4bec49fc66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875902
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83065}
2022-09-08 11:19:36 +00:00
Leon Bettscheider
924cf85e00 [heap] IsMarkingComplete only for MajorMC
ShouldFinalize should only be called if major incremental marking is
active, and can crash if minor incremental marking is active, if
MajorMC's local_marking_worklists_ was reset.

The only caller is IsMarkingComplete. This CL changes the IsMarking
check to IsMajorMarking to solve this issue, and renames
IsMarkingComplete to IsMajorMarkingComplete.

Bug: v8:13012
Change-Id: Iba6bd5b7977ec8566c3ab0f047646d8cafd45038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879485
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83064}
2022-09-08 11:15:29 +00:00
Victor Gomes
8641d2609d Allow BytecodeArray::Disassemble to be called by a background thread
BytecodeArray::Disassemble fails a SLOW_DCHECK when invoking from
a background thread, due to the little hack to recover the handle
inside the function.

This CL changes the method to static with a handle as input.
The old method calls the static one, since it is allowed to be
called by the main thread.

Change-Id: I3546f0d2b160d15386da0980efc539693672c230
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879498
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83063}
2022-09-08 11:14:25 +00:00
Michael Achenbach
2acd2f9d44 [test] Add more logging to results-processing loop.
Bug: v8:13113
Change-Id: Ie42a654378660e4a2dc45d53d40683281e7343dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879496
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83062}
2022-09-08 10:43:16 +00:00
Omer Katz
a5b3c3df9b [heap] Minor MinorMC fixes
Fix broken DCHECK:
When using MinorMC, new space is a paged space and only uses the
TO_PAGE page flag. New large object space however still uses both
TO_PAGE and FROM_PAGE page flags. With MinorMC it still possible
to find reference to FROM_PAGEs, but those pages have to be large
pages.

Fix broken test:
MinorMC may only free empty pages when shrinking. Therefore, shrink
may actually not change the space capacity at all (e.g. when all
pages have live objects on them). More specifically, the capacity is
not guaranteed to be half the previous capacity.

Bug: v8:12612
Change-Id: Ib0edcafd758828f821f82bc8c796c205f162809c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879493
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83061}
2022-09-08 10:22:56 +00:00
Omer Katz
cab126f9ee [heap] Do full GC on allocation failure
On allocation failure in new space we used to do at most 2 GCs before
calling the near heap limits callback. The 2 GCs would empty new space,
thus insuring that the current allocation can succeed.
With MinorMC the 2nd GC has no effect and we should do a full GC instead
to empty new space.

Bug: v8:12612
Change-Id: I4f767136283b5d26fee4f4a3998359b3c1e2108b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879495
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83060}
2022-09-08 10:03:05 +00:00
Leszek Swirski
556e44de28 [ic] Store the getter in the FBV
For accessors, instead of storing the descriptor index + holder in the
LoadHandler, store the getter directly (avoiding the
map->descriptor->pair->getter hops). For the non-prototype case, where
there's no LoadHandler, store the AccessorPair directly as a weak
handler instead of the Smi handler. We can't store the getter here
directly, because it could be in new space, and then we can't use it in
the stub cache.

Required some rejiggling of ic.cc method signatures, to allow
ComputeHandler to return a weak ref.

Change-Id: I22c0e64bec9880a3ba23c2d1eeb3a1c23179ca4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865557
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83059}
2022-09-08 09:35:15 +00:00
Matthias Liedtke
319af35d1d [mjsunit] assertEquals: Assert equality of non-enumerable properties too
assertEquals() compares objects by comparing each property for both
objects. This was done by using Object.keys() which however only returns
enumerable properties.
With this change also non-enumerable properties are compared.

Still, the comparison doesn't require the properties to be equal.
So, if one property is marked enumerable in one object but not the
other, the objects would still be considered equal.
This could be adapted in a follow-up CL if desired.
The prototype is still ignored for the comparison.

Change-Id: I1bb9df055bfb764ac1c02d971ac6f4a50f4a98e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876384
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83058}
2022-09-08 09:25:26 +00:00
Jakob Linke
178f2eeb13 Reland "[maglev] Deopt on overflow in >>>"
This is a reland of commit 24e60017d4

The reland changes %ClearFunctionFeedback to clear *all* feedback
slot kinds including binary/compare/for-in slots. In the tests we
thus no longer have to resort to tricks to restore the function to
it's initial state, instead simply call %ClearFunctionFeedback.

Original change's description:
> [maglev] Deopt on overflow in >>>
>
> Re-enable the int32 fast path for ShiftRightLogical, but account for
> Maglev's missing signed/unsigned representation tracking by a)
> removing rhs==0 as the identity value (a shift by 0 is still a
> signed-unsigned conversion) and b) deoptimizing if the result cannot
> be converted to a non-negative smi.
>
> Note this is not a deopt loop, since a non-smi result will change the
> feedback to kSignedSmallInputs (from kSignedSmall).
>
> To fix this properly, we should track signed/unsigned representations
> and convert the result to a heap number if it doesn't fit within smi
> range.
>
> Bug: v8:7700
> Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f
> Fixed: v8:13251
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83025}

Bug: v8:7700
Change-Id: I2f607a0fb863b80e8589c9c1e86ee31fbac48c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879491
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83057}
2022-09-08 09:16:46 +00:00
Michael Achenbach
3c4654da69 [test] Dump traceback on test-runner interrupts
Bug: v8:13113
Change-Id: I7cd37446d9ecbe271e0e5df96a4dcfd43b307c27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879489
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83056}
2022-09-08 09:08:35 +00:00
Leszek Swirski
f1026c1917 [api] Add a check that FunctionTemplate getters have code
Attempting to set a FunctionTemplate without a code handler as an
accessor for a property will fail in the runtime, which expects to be
able to call the handler. Add an API check that guards against this.

Change-Id: I270f0ca3d20de507bc9bde2c4c8d23b2614313dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879490
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83055}
2022-09-08 08:42:25 +00:00
Victor Gomes
7cdd1ed397 [maglev] Workaround for generator resume middle loop issue
The current abort will crash if the generator is created by the
interpreter and resumed by the maglevved code.

This current workaround is not ideal since it can introduce
a deopt-reopt loop.

Bug: v8:7700, v8:13109
Change-Id: I7db71a896711255d866ace98eddde85538aa2903
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879228
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83054}
2022-09-08 08:31:09 +00:00
Jakob Linke
854a37282b [maglev] Move deferred code helpers to masm
Bug: v8:7700
Change-Id: Ie9be2aaf0a75cf1fd19f50ce4697f71e92a36df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879223
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83053}
2022-09-08 08:13:55 +00:00
Shu-yu Guo
43b4e42415 [rab/gsab] Remove unused string
Bug: v8:11111
Change-Id: I4af1cc85a15833c360a5a454f8d36f43840232ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878254
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83052}
2022-09-08 08:12:25 +00:00
Victor Gomes
62522ffb0c Add more owners to src/deoptimizer
Change-Id: If4c6792d36423daafb2a4454354db2d9e4abe297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879229
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83051}
2022-09-08 07:55:59 +00:00
Dominik Inführ
8d6c969feb [execution] Introduce Isolate::shared_space_isolate()
At the moment the shared heap is internally implemented as its own
isolate - the shared isolate. This CL prepares to remove the shared
isolate and replace it with shared spaces in the main isolate.

This CL introduces the --shared-space flag to opt-in into this shared
heap-approach. Isolate::is_shared_space_isolate() and
Isolate::shared_space_isolate() are added as well to identify the
main isolate (or shared space isolate).

Bug: v8:13267
Change-Id: I1a79c839de3b3b9cc988401e2e6e70ce3b02fa22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874928
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83050}
2022-09-08 07:54:55 +00:00
Jakob Linke
7a6caf0268 [interpreter] Add more owners
.. to increase bus factor in EU time zones.

Change-Id: I7f1bca0fd765f8f1720ff5534823b4daaa290ea3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879488
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83049}
2022-09-08 07:25:48 +00:00
Feng Yu
fee12dde9b [test] Cleanup superfluous test skips
Bug: None
Change-Id: I8cf2e4b651c0ccb784a5d668656cbfcd573b271d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878450
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#83048}
2022-09-08 06:49:47 +00:00
Dominik Inführ
d2be8de936 [heap] Assume COMPACTION_WAS_ABORTED page flags in ReRecordPage
Set COMPACTION_WAS_ABORTED page flag also when aborting evacuation
due to OOM.

Bug: chromium:1359294, v8:12578
Change-Id: Ia9833dbf9213375698cb7b1595ade7df5e24189d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3877145
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83047}
2022-09-08 06:24:16 +00:00
Frank Tang
0b670eef36 [Temporal] Fix bug in DifferenceTemporalPlainDateTime
The days is passing incorrectly between calls.
Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-differencetemporalplaindatetime

Bug: v8:11544
Change-Id: If818d0f42bdd3260e68eef2c6aba1c3781632c93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857869
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83046}
2022-09-08 01:48:36 +00:00
Frank Tang
edb902d99e [Temporal] Fix bug in RoundDuration
Access the correct years, months and weeks which modified previously
instead of the value from the input.

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-roundduration

Bug: v8:11544
Change-Id: I2ffaca5545e2359bc1cc03320068424bba4c7907
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3860649
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83045}
2022-09-08 01:45:06 +00:00
Shu-yu Guo
87ce9fce74 [shared-struct] Rework shared value serializer API again
This CL fixes redesigns the current API, which does not correctly
manage lifetimes of the shared object conveyors.

See design doc at
https://docs.google.com/document/d/1TV6agY9dafVJFvdPrUAGbEvos8wL2WDnsmf84n3OJVU/edit?usp=sharing

This CL also removes the incorrect behavior of serializing all shared
strings by sharing instead of copying. Shared strings may be sent to
another process, which should still work.

Bug: v8:12547
Change-Id: I7413abd2d871fd3d52c9b433445cfa1d03e4a732
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868713
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83044}
2022-09-07 23:41:26 +00:00
Michael Lippautz
99d2934c9a [d8] Fix cov build
Change-Id: I46763c17f7078a3a5730c5a160ec899663ed990b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879483
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83043}
2022-09-07 17:53:16 +00:00