Commit Graph

64414 Commits

Author SHA1 Message Date
Clemens Backes
a53c1e4bbf [wasm][fuzzer] Support functions returning i64
Those functions will return a BigInt, which we need to convert to int to
match the value returned by the interpreter.

R=ahaas@chromium.org

Bug: chromium:1127717
Change-Id: I328660ab73776de2bd90b19d18e46663efe6b6cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412177
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69922}
2020-09-15 17:23:22 +00:00
Clemens Backes
a97af0b566 [wasm][fuzzer] Fix printing locals declarations
The API in the wasm module builder changed recently
(https://crrev.com/c/2390144). The fuzzer was still emitting code for
the old API.
This CL fixes this for primitive types, and adds a TODO to implement
heap types when needed.

R=ahaas@chromium.org
CC=manoskouk@chromium.org

Bug: chromium:1127717
Change-Id: I514b6e53d0492e5706a5b06d24026da13c3a2165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412176
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69921}
2020-09-15 17:17:32 +00:00
evih
e950f0407e [wasm] Use js-to-wasm generic wrapper for i64 return
Currently, the generic wrapper is used for i32 and i64 params and 0 or 1
i32 and i64 return value.

Bug: v8:10701
Change-Id: I4b592d7e0e4ebcb3455520c094c92bf4177c5a5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412179
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69920}
2020-09-15 16:59:32 +00:00
Ng Zhi An
440bb7524b [wasm-simd] Check v128 imported global object
Check that a v128 imported global in a Wasm module is initialized with a
WebAssembly.Global object.

This is technically impossible, because creating WebAssembly.Global of
type v128 is an error, and creating one of any other type is a type
mismatch. However, we still need this check to avoid hitting an
unreachable case when setting the value of the global later on.

Also, this is not a validation error, since the v128 restriction is only
a Web/JS limitation. Other embedders can choose to do something
different with this module with an imported v128 global.

Bug: chromium:1127740
Change-Id: I6d444578c082b6b1c353cfa2fd82bb42eb14fc3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410659
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69919}
2020-09-15 16:58:02 +00:00
Omer Katz
81cc3bb4d0 cppgc: Fix bug in MarkingVerifier
Assigning to reference to std::unordered_set doesn't change the
reference. It merely replaces the content of rhs with that of lhs.
We should use pointers instead.

Bug: chromium:1056170
Change-Id: I496544ca4b16ce8ae8a9aff57cb05a07cad984c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412184
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69918}
2020-09-15 16:55:02 +00:00
Andreas Haas
f2e58d769e [wasm][liftoff][x64] Implement write barrier for global.set
R=ulan@chromium.org, thibaudm@chromium.org

Bug: v8:7581
Change-Id: I9b8f2d3967821a2edd577b13951d9b845ae2868e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404828
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69917}
2020-09-15 16:14:42 +00:00
Camillo Bruni
cfbf4fcbbc [test] Use Template::Set with const char* name in test-api.cc
Bug: v8:10884
Change-Id: I961033da39fea6e2e165aabb978208b581cfeaf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412170
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69916}
2020-09-15 14:19:37 +00:00
Jakob Gruber
c417a08d02 Bring back the js-function-inl.h inline header
This is a manual revert of 67cdacd. Experiments have shown that inline
headers do bring real benefits and we won't be proceeding with inline
header removal.

Bug: v8:10749
Change-Id: Icd3d0b3926d0b7a24edb19d9f177e9c8818abe09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412174
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69915}
2020-09-15 14:18:32 +00:00
evih
64610bda59 [wasm] Zero extend register containing i32 parameter in generic wrapper
We have to make sure that 32 bit negative values are zero extended.
Related testcase: https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8869450761469925696/+/steps/Check_-_extra/0/logs/memory_trap/0

Bug: v8:10701
Change-Id: I69ae4189d37e5d31a81254ec72dd6e02fb442b4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412168
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69914}
2020-09-15 14:01:37 +00:00
evih
a922ee7f99 [wasm] Js-to-wasm generic wrapper is js-to-wasm code
Bug: v8:10701
Change-Id: Ibb4879accb0e991ddb4434d878bd8ef779b70034
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2412171
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69913}
2020-09-15 14:00:32 +00:00
Andreas Haas
3bd1efd5e6 Reland "[wasm][liftoff] Support for most externref globals" on ia32
Global.set requires a write barrier. This write barrier was missing in
the original CL. The reland only adds the write barrier for ia32, and
bails out on the other platforms.

Original message:

With this CL we add support for all externref globals except for
imported mutable globals.

R=thibaudm@chromium.org, ulan@chromium.org

Bug: v8:7581
Change-Id: I86328a17200d1edc505f4c4357bdf795d95cf0c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404777
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69912}
2020-09-15 13:46:42 +00:00
Santiago Aboy Solanes
4f12b45deb Revert "[compiler] Replace JSDataView with direct reads"
This reverts commit b5f37051aa.

Reason for revert: Breaking the fuzzer https://bugs.chromium.org/p/v8/issues/detail?id=10918

Original change's description:
> [compiler] Replace JSDataView with direct reads
>
> Bug: v8:7790
> Change-Id: Id01c2e4359aa4294816ffe14c08a586a9b9b10c2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404768
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69904}

Change-Id: I9a470708f06328061d5d4ecf21fa38bc0e49ff45
Bug: v8:7790, v8:10918
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410196
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69911}
2020-09-15 13:28:02 +00:00
Jakob Gruber
a8a1776e79 [nci] Don't lower feedback-collecting operators
Feedback collection is currently implemented only for JS operators in
generic lowering. Missing feedback collection results in soft-deopts
immediately after tiering up to TF from NCI code.

In this CL we disable two large classes of such problematic lowerings
for NCI code, type hint lowering and typed lowering.

Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:8888
Change-Id: Ia8452775616074b7ad6dfe930f305449db3f5682
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410180
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69910}
2020-09-15 12:28:12 +00:00
Zhao Jiazhong
ef1d0a8a05 [mips][wasm-simd][liftoff] Implement pmin pmax
Port 863c2cb4eb
https://chromium-review.googlesource.com/c/v8/v8/+/2406593

Implement f32x4.pmin, f32x4.pmax, f64x2.pmin, and f64x2.pmax.

Change-Id: I102f8d80e72494f9dc48ae726a3eb272bcbe1661
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411806
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#69909}
2020-09-15 12:08:52 +00:00
Clemens Backes
b14c4627da [wasm] Rename an atomic counter and use relaxed ordering
The rename makes it clear that the atomic counter is an approximation
only. Explanation is added about the update of the counter (increased
when units are added, and reduced to zero if a worker finds no more
units). The comment also sais why it's safe to use relaxed memory
ordering in this case.

R=thibaudm@chromium.org, ahaas@chromium.org

Bug: chromium:1101340
Change-Id: I307d646189bc5732d50c92a94b2a654fa6a7f763
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410185
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69908}
2020-09-15 11:50:32 +00:00
Maya Lekova
d626121e70 [gcmole] Upload a new version supporting DisallowGarbageCollection
This is an attempt to fix a gcmole failure in
https://chromium-review.googlesource.com/c/v8/v8/+/2362960

Change-Id: Idff72ff3ae63863fb73f11231481469c700891c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410193
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69907}
2020-09-15 11:18:22 +00:00
Clemens Backes
6bcfa62079 [wasm] Use worker_count in job API
The signature of {GetMaxConcurrency} was recently extended to pass the
{worker_count}, i.e. the number of workers that are currently running.
This number allows us to return a more precise number for the current
maximum concurrency.
In the case of background function compilation, we were sometimes
returning a slightly too small number, resulting in too few workers to
be spawned, resulting in slightly longer compilation.
For wrapper compilation on the other hand, the returned number is
already correct, and this CL adds a comment explaining why.

R=thibaudm@chromium.org

Bug: chromium:1101340
Change-Id: I0e3122c8b99ba1cdf97616de922d4f07874b0aeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410383
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69906}
2020-09-15 10:35:02 +00:00
Santiago Aboy Solanes
29581b7f98 [compiler] Replace TemplateObjectDescription with direct reads
Bug: v8:7790
Change-Id: I5391c6688dfad81e37d260fbfef22c3dbdce0dce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404769
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69905}
2020-09-15 09:17:42 +00:00
Santiago Aboy Solanes
b5f37051aa [compiler] Replace JSDataView with direct reads
Bug: v8:7790
Change-Id: Id01c2e4359aa4294816ffe14c08a586a9b9b10c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404768
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69904}
2020-09-15 09:09:37 +00:00
Georg Neis
c5a8758cf4 Disable --turbo-direct-heap-access by default
Bug: v8:10917, v8:7790
No-Try: true
Change-Id: I11dfd404e619dd547923421ff7aef3428c746243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410190
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69903}
2020-09-15 09:08:32 +00:00
Georg Neis
4e4b3f0580 [compiler] Create canonical persistent handles in more places
Bug: v8:7790
Change-Id: I27a13c213c33e742cd66ed85e9c10c71b78a9384
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410182
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69902}
2020-09-15 08:55:12 +00:00
Alex Kodat
362b2c238b [cpu-profiler] Delete deopt_frames array if CodeMap entry not found
If code is deoptimized while CPU profiling, a deoptimization event
record is sent to the profiler. But if the profiler could not find
the associated CodeMap entry in CodeDeoptEventRecord::UpdateCodeMap
it would simply return without freeing the deopt_frames array.
This change frees the deopt_frames array no matter what in
CodeDeoptEventRecord::UpdateCodeMap, eliminating a storage leak.

Bug: v8:10861
Change-Id: I4e68566bb91dff13b38e255ddfed24b85b7a1d57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2386332
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69901}
2020-09-15 07:46:22 +00:00
Maya Lekova
b76f5ed4a0 Revert "Roll test262"
This reverts commit effbbb8cfe.

Reason for revert: Breaks UBSan, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/12858?

Original change's description:
> Roll test262
> 
> e8cdf92..6397602
> 
> Bug: v8:7834, v8:4628, v8:10903, v8:10905
> Change-Id: I65bf15d6308126a4955abe0a6b0647834f4ff066
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405804
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69899}

TBR=ftang@chromium.org,syg@chromium.org

Change-Id: Ibe552e02cf7e7eb270d32bb6cb0650223259e304
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7834
Bug: v8:4628
Bug: v8:10903
Bug: v8:10905
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410188
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69900}
2020-09-15 06:56:24 +00:00
Frank Tang
effbbb8cfe Roll test262
e8cdf92..6397602

Bug: v8:7834, v8:4628, v8:10903, v8:10905
Change-Id: I65bf15d6308126a4955abe0a6b0647834f4ff066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405804
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69899}
2020-09-15 03:56:32 +00:00
v8-ci-autoroll-builder
35db7c038e Update V8 DEPS.
Rolling v8/build: dc90e7d..62cb86f

Rolling v8/buildtools: a90362b..3ff4f50

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e53ee0c..534924e

Rolling v8/third_party/depot_tools: a1e1549..b71187b

Rolling v8/tools/clang: bf815f1..e075ddd

Rolling v8/tools/swarming_client: 4c095d0..44c13d7

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I8ce14af5aa4fee9f356fba79618c1cb0a88253ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409935
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#69898}
2020-09-15 03:53:52 +00:00
Milad Fa
b54b011ec9 [wasm-simd][scalar-lowering] Fix lowering on kS128Const
kFloat32x4 needs to handle the endianness similar to kInt32x4.

Change-Id: Iaab2d6785d56c06fd00654bff174900550db9e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411628
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#69897}
2020-09-15 03:26:21 +00:00
Milad Fa
0b36f190f4 [wasm-simd][scalar-lowering] Fix lowering on BE machines
As WASM is LE enforced, data is originally written to memory
in LE order regardless of the machine type, therefore we need
to read it back the same way.

Bug: v8:10507
Change-Id: I72896eeeed177a22ca87e8c380f99dca795ddc4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410475
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69896}
2020-09-14 22:54:26 +00:00
Milad Fa
b1281b3285 PPC/s390: [wasm-simd][liftoff][ia32][x64] Implement pmin pmax
Port 863c2cb4eb

Original Commit Message:

    Implement f32x4.pmin, f32x4.pmax, f64x2.pmin, and f64x2.pmax.

    Due to the way minps/maxps/minpd/maxpd works [0], we swap lhs and rhs.
    This is similar to the way TurboFan does this [1].

    [0] "If the values being compared are both 0.0s (of either sign), the
    value in the second operand (source operand) is returned." but pmin/pmax
    wants to return the lhs (which follows the definition of std::min<T> in
    C++ STL.)

    [1]
    https://source.chromium.org/search?q=instruction-selector-ia32.cc%20VisitPmin&ss=chromium%2Fchromium%2Fsrc:v8%2F

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I3c894d203dffedee579236e3aec681e6206a8e7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410474
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#69895}
2020-09-14 20:41:37 +00:00
Andrew Comminos
05af368100 [cpu-profiler] Remove support for context filtering
Since the web-exposed profiler will require COOP/COEP, it is no longer
necessary to perform isolation at the V8 level. Strip the unnecessary
complexity and unreliability of context filtering accordingly.

Bug: chromium:956688, v8:9881, v8:9860
Change-Id: I21a30d51f8daf7565ec95de8c265e9d3b9d10fad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2386144
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69894}
2020-09-14 20:24:46 +00:00
Milad Fa
d24457fab7 PPC/s390: [wasm-simd] Implement pmin/pmax
Port 3ba4431124

Original Commit Message:

    F32x4 and F64x2 pmin and pmax were accepted into the proposal [0], this
    removes all the ifdefs and todo guarding the prototypes, and moves these
    instructions out of the post-mvp flag.

    [0] https://github.com/WebAssembly/simd/pull/122

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I8b2ae60240f769e1f4c0b00e98d53846519b305e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410806
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#69893}
2020-09-14 19:40:06 +00:00
Ng Zhi An
0445e41bdc [wasm-simd][scalar-lowering] Fix lowering for unsigned average
Small int nodes are stored in sign-extended form, for unsigned average,
mask away the top bits before performing operation.

Bug: v8:10507
Change-Id: I04d3be5758e6ee3fd946adca0943b2874910b4cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405751
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69892}
2020-09-14 19:30:56 +00:00
Marja Hölttä
97c062bacb [Atomics.waitAsync] Ship Atomics.waitAsync
Bug: v8:10239
Change-Id: I3671d3bd5f4f6df1ca01237158b8f284b5e3d7ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410186
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69891}
2020-09-14 18:40:26 +00:00
Ng Zhi An
05749d8742 [wasm-simd][scalar-lowering] Fix all_true lowering
all_true requires the input to be of the respective type, but the
final result is always a Int32x4 with a single node. So keep
the replacement type of all_true (and any_true) nodes to be Int32x4,
and use a helper method to decide what SimdType the input should
be replaced with.

Also split up any_true and all_true for readability.

Bug: v8:10507
Change-Id: I58ca50ffffcbca3ec77bbae1371ddd179925fc96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2405803
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69890}
2020-09-14 18:27:56 +00:00
Ng Zhi An
863c2cb4eb [wasm-simd][liftoff][ia32][x64] Implement pmin pmax
Implement f32x4.pmin, f32x4.pmax, f64x2.pmin, and f64x2.pmax.

Due to the way minps/maxps/minpd/maxpd works [0], we swap lhs and rhs.
This is similar to the way TurboFan does this [1].

[0] "If the values being compared are both 0.0s (of either sign), the
value in the second operand (source operand) is returned." but pmin/pmax
wants to return the lhs (which follows the definition of std::min<T> in
C++ STL.)

[1]
https://source.chromium.org/search?q=instruction-selector-ia32.cc%20VisitPmin&ss=chromium%2Fchromium%2Fsrc:v8%2F

Bug: v8:10904
Change-Id: Ie58cae66cd48421c3ab40df33df979b0353b01ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2406593
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69889}
2020-09-14 17:01:36 +00:00
Thibaud Michaud
383c4a44cd [wasm][debug] Fix DebugInfo deadlock
Add a separate mutex for the {debug_side_tables_} field. This ensures
that we can use {GetDebugSideTableIfExists} even if {mutex_} is already
locked.

R=ahaas@chromium.org
CC=​​clemensb@chromium.org

Bug: v8:10889
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Icb67c45aec0cf66814705b83532f4833f36738e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402879
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69888}
2020-09-14 16:54:06 +00:00
Georg Neis
241c8fa48f [compiler] Unpark local heap in more places
Bug: chromium:1127405, v8:7790
Change-Id: Ibba029725b46c691b7848b0a092f0159259651c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2410381
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69887}
2020-09-14 16:09:26 +00:00
Daniel Clifford
c84ca9c480 Port some SloppyArgumentsElements CSA code to Torque
Specifically, all the EmitKeyedSloppyArgumentsXXX methods.

Change-Id: I5d98c0f031b858e1e5342020f5ad68526c57c42a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235694
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69886}
2020-09-14 15:44:16 +00:00
Almothana Athamneh
71728016c0 Change Mac on ARM64 builders to only perform v8testing
Bug: chromium:1126457
Change-Id: I9c5bc4d8d3ee8384642a6d2f9a8f1f821113eb97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2401418
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69885}
2020-09-14 15:22:06 +00:00
Thibaud Michaud
68db7aacb3 [wasm] Finalize wrappers sooner for sync compile
We currently wait until baseline compilation is finished to finalize
export wrappers, but this can happen concurrently.
This change triggers export wrapper finalization as soon as the last
export wrapper is compiled, while background threads start compiling
baseline units.

R=clemensb@chromium.org

Bug: v8:9916
Change-Id: I945a8de7a917f6bc79e8a50431d8da530a901956
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400342
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69884}
2020-09-14 15:05:36 +00:00
Samuel Groß
d46723aefd Updated libreprl from Fuzzilli and improved Fuzzilli test
The test now verifies that JavaScript programs can be executed
over the REPRL interface, that runtime exceptions can be detected,
and that the engine's state is properly reset between executions.

Change-Id: Ic8032c07e222307cbb4d332e7eaec61936a10ccd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2396082
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#69883}
2020-09-14 14:52:06 +00:00
Dominik Inführ
345518a026 [execution][heap] Make Isolate::is_profiling relaxed atomic
Concurrent allocation uses Isolate::is_profiling() to determine
whether logging is on. This races with the main thread when the
value in is_profiling is switched on/off by the cpu profiler.

Fix this by making is_profiling relaxed atomic. The profiler doesn't
turn off logging for correctness reasons, so it is fine when background
threads may read an old value and continue logging a bit longer. It is
also okay when background threads start logging again a bit longer when
profiling is stopped.

Bug: v8:10315
Change-Id: Id52d06f7a8239e10dfa63da38e761b2c00a2da4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404779
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69882}
2020-09-14 13:58:16 +00:00
Dominik Inführ
dfcd257910 [gcmole] Add support for DisallowGarbageCollection
Add support for DisallowGarbageCollection scope. This scope will be
introduced once this CL landed.

DisallowGarbageCollection works like DisallowHeapAllocation but also
disallows safepoints.

Bug: v8:10315
Change-Id: Ia7d777d4104b32810dd481ad9dbdf0edd075b6cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2395561
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69881}
2020-09-14 13:52:46 +00:00
Manos Koukoutos
d5cecd11d1 [wasm-gc] Fix i31ref decoding and some error messages
Bug: v8:7748
Change-Id: I4d6aef3ab503ffc9b9624b6d65d74f36141d550d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403258
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69880}
2020-09-14 13:04:47 +00:00
Camillo Bruni
d2ef872267 [log] Add Log::TearDownAndGetLogFile
CL in preparation of writing JavaScript-based log parsing tests.

- Return both temporary and normal log file in
  Log::TearDownAndGetLogFile
- Add file_name accessor to Logger and Log classes
- Use separate Log::WriteLogHeader method
- Remove unused logger_ instance variable from Log

Bug: v8:10668
Change-Id: Ie1f6f92cc6c55fd1dc664cac95f481bc29da7e18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2407773
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69879}
2020-09-14 12:50:57 +00:00
Omer Katz
e5efa94066 cppgc, heap: Avoid static const intializer in SegmentBase
Turns out the initializer is banned in Chrome

Bug: v8:10912
Change-Id: I28308d79daec463b24d0754ed8d3e447a848b19b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2407775
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69878}
2020-09-14 12:41:07 +00:00
Georg Neis
e371325bcb [compiler] Fix bug in SimplifiedLowering's overflow computation
It's unsound to ignore -0 inputs:
-0 - INT32_MIN is outside of INT32 range.

Bug: chromium:1126249
Change-Id: I3b92f16c1201705780acb0359975329aa2ca34d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404452
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69877}
2020-09-14 12:33:27 +00:00
Daniel Bevenius
7173685975 [heap] Add large_object_threshold to AllocateRaw
This commit adds a check in Heap::AllocateRaw when setting the
large_object variable, when the AllocationType is of type kCode, to
take into account the size of the CodeSpace's area size.

The motivation for this change is that without this check it is
possible that size_in_bytes is less than 128, and hence not considered
a large object, but it might be larger than the available space
in code_space->AreaSize(), which will cause the object to be created
in the CodeLargeObjectSpace. This will later cause a segmentation fault
when calling the following chain of functions:

   if (!large_object) {
      MemoryChunk::FromHeapObject(heap_object)
          ->GetCodeObjectRegistry()
          ->RegisterNewlyAllocatedCodeObject(heap_object.address());
   }

We (Red Hat) ran into this issue when running Node.js v12.16.1 in
combination with yarn on aarch64 (this was the only architecture that
this happed on).

Bug: v8:10808

Change-Id: I0c396b0eb64bc4cc91d9a3be521254f3130eac7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2390665
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69876}
2020-09-14 12:12:40 +00:00
Michael Lippautz
a29b44e570 api: Fix Detachedness typo
kUnkown -> kUnknown

Bug: chromium:1110816
Change-Id: I8138df76ade7f2a78632e329682cca83c64edac8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2407776
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69875}
2020-09-14 12:11:34 +00:00
Georg Neis
219b28bfe2 [turbofan] Fix bug in inlining
JSInliningHeuristic::Finalize did not take into account that by the
time it gets called some of the candidate nodes may have changed to
non-call operators.

Bug: chromium:1127319
Change-Id: I180ed36de98455be6b55790ba7bdb4391ff5fd5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2409273
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69874}
2020-09-14 12:01:55 +00:00
Camillo Bruni
12d8d12847 [license] Remove duplicated valgrind license file
LICENSE.valgrind is a stale copy of src/third_party/valgrind/LICENSE

Change-Id: I274ad8cbe4e347979a9152b3a31c4598d2525aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2398458
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69873}
2020-09-14 11:36:34 +00:00