This finishes the TSAN support for loads as we do not use movb or movw
to load from memory
Bug: v8:7790, v8:11600
Change-Id: I3c319da95c24cfa03f4de2367e007fd4cf7dd355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953321
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75204}
Adds support to webassembly and enables it by default.
Adds wee8 target.
We can compile without wasm with:
`bazel build :d8 --no//:v8_enable_webassembly`
Bug: v8:11234
Change-Id: I90b11eb71aed808005b66e40e37894616d8b1658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960803
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75200}
Fuzzing found a problem with --turbo-optimize-apply when the
Array.prototype iterator is replaced with a generator function.
We can the issue by installing a protector on the array iterator.
This CL also defines the --turbo-optimize-apply as 'future' to get
more test coverage.
Bug: v8:9974
Change-Id: Id5bc68fde98ea5d1f6a951c4381ca6283b892632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966058
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75197}
To enable deallocation of CodeEntry objects after they're no longer
being referenced by an active profile or alive on the heap, replace the
|used| bit with a proper reference count maintained by a CodeMap.
Bug: v8:11054
Change-Id: I3016cdbcbd1b4e8a26c3b1689e968cb2eef8e6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2965493
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#75193}
Empty function bodies can actually reach the compiler. We could prevent
this by making this a decoder error instead, but that would be a
redundant check, so we should just remove the DCHECK instead.
R=ahaas@chromium.org
Bug: chromium:1219898
Change-Id: Ie1bed30cee44be9ac42b5f5f980a122c8dc8b2ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966385
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75191}
Add tests for Intl Locale Info API to ensure the return items fit the
type definition in UTS35
Bug: v8:11887
Change-Id: Ie92d80518909df9472ffd887800832a656807b5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964597
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75190}
The object may have been poisoned again between marking and compaction
through executing pre-finalizers or custom weakness handling of
related objects.
Bug: chromium:1220666, chromium:1056170
Change-Id: Ibba4b42852a2921640d6f3ded473521febb2114f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966386
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75189}
When pushing/popping registers, we need a way in PPC and S390
to detect if Simd registers need to be pushed or not.
On PPC Simd registers are separate from FP registers, hence we
need to push them both. If Simd is not available then we push
an empty space in place of Simd registers.
On S390 the Simd and FP registers are shared. If Simd is available
then we only push them and not the FPs, else we push FP registers
as well as an empty space the size of FPs as the stack needs to look
like as if Simds were saved too.
We also need to check if we are generating builtins or
call is being made at runtime. We cannot use `SupportsWasmSimd128`
when generating builtin as `CpuFeatures` are turned off, so we need
to emit the `if/else` manually for checking the value of
`SupportsWasmSimd128`.
Change-Id: Id149c6578db9c2f92d903fd871d85c648d43ce70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2958963
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75188}
In heap-refs.cc, GetOwnFastDataPropertyFromHeap() bottlenecks reading
a fast property. To make it safe to use from the background thread we
need to verify the object didn't shrink, and risk an out of heap
bounds read.
Bug: v8:7790
Change-Id: Idebbe0ffea089bf2a70aa7d611618430169082fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928185
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75186}
This mutex wasn't really used anymore. This should also speed up
code object allocation a bit.
Bug: v8:11888
Change-Id: I8ddc2ecc1aec74e8eb3e2d4b96354c50f3bff350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966382
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75185}
Rather than letting a recursive macro expansion cause a stack overflow
and crash the compiler, this change updates Torque to emit an error as
soon as the recursion is detected. Eventually it would be nice to make
Cast macros a little more magical so they don't require so much human
effort to maintain, but at least this way Torque displays some
information about what went wrong. An example error message (manually
wrapped to 72 character width) follows.
src/builtins/cast.tq:157:10: Torque Error: Recursive macro call to
callable Cast<(class Context | Undefined | Zero)>(implicit class
Context)(Object): (class Context | Undefined | Zero)
src/builtins/cast.tq:758:3: Torque Error: Note: in specialization
Cast<(class Context | Undefined | Zero)> requested here
src/builtins/cast.tq:764:10: Torque Error: Note: in specialization
Is<(class Context | Undefined | Zero), Object> requested here
src/builtins/torque-internal.tq:64:3: Torque Error: Note: in
specialization UnsafeCast<(class Context | Undefined | Zero)>
requested here
src/objects/contexts.tq:75:10: Torque Error: Note: in specialization
ReferenceCast<(class Context | Undefined | Zero), Object> requested
here
src/builtins/iterator.tq:142:16: Torque Error: Note: in specialization
ContextSlot<class Context, class Context, (class Context | Undefined |
Zero)> requested here
Bug: v8:11727
Change-Id: I7b5b1852dee16a6860f593f27783f6b2d9366146
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2965032
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75184}
On a loop back edge both the cached instance and the cached memory
start have to get restored for the next loop iteration. In the original
CL we did not consider the case that by restoring the instance we may
overwrite the currently cached memory start.
Original description:
WebAssembly functions often have subsequent memory accesses, and each of
these memory accesses need the start address of the memory in a register.
With this CL the register with the memory start address is cached, so
only the first memory access has to load the memory start address into a
register, subsequent memory accesses can just reuse the register.
In first measurements with the epic benchmark this reduces the size of
the generated Liftoff code by a bit more than 5%.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: I884c0da24be8bc6b10f2c6bf5437b9a279819538
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960220
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75183}
... when we do have an isolate. This is a little leaner.
Change-Id: Ia95d9888b11cab9e43362f4fe78689a79dfa8b2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964604
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75181}
When we pass function arguments on the stack, untagged parameters
"come first", i.e. are put to lower addresses / can be popped off
first. So when a function instructs the stack walker to visit its
parameters (belonging to its caller's frame), it must skip past
any untagged parameters at the top of the caller's frame.
Change-Id: I5a42e4850b0808237ae937c90b0cec930df8571b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964394
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75180}
... behind the v8_enable_external_code_space build flag.
This is a first CL in a row of CLs that will make CodeDataContainer
the only type of objects that could contain references to Code objects
(besides the Code objects embedded into the generated code).
Eventually these changes will allow us to move Code space out of the V8
heap cage.
This CL adds |code| field to ensure that CodeDataContainer keeps the
respective Code object alive and |code_entry_point| field that contains
cached value of the code().InstructionStart().
Bug: v8:11880
Change-Id: Ie7ce75667d8da306797d203691b429671bc4530d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964093
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75179}
Since DiscardCompiled() can allocate, it could also a cause a GC. A full
GC might perform bytecode flushing, which could change the return value
of CanDiscardCompiled(). So a DiscardCompiled() invocation in one loop
iteration could violate the assumption that CanDiscardCompiled() holds
in subsequent iterations. Prevent DCHECK failure by checking whether
CanDiscardCompiled() still holds for each SharedFunctionInfo.
Bug: v8:11772
Change-Id: Ie9c704abeea801bd3f4f1bdf8fa9c51a8a9d447d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960274
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75178}
Now you can also clean build directories: x64.optdebug.clean
Or clean and build: x64.release.clean.d8
No-Try: True
Change-Id: I3df59416d4ce7db5306c0b09c9ee8293c7a345f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964595
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75176}
Rolling v8/third_party/google_benchmark/src: 0e1255a..5b75184
Manually roll forward to:
- roll across a compile-time failure
- adjust BUILD.gn
Change-Id: I4733fbc1ba565293a15d5360815c92b293eedc34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966378
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75175}
Remove the neg-neg implication sparkplug --> baseline-batch-compilation,
because it is wrong in the current setting.
Since sparkplug is off per default, the implication will turn off batch
compilation.
When sparkplug is turned on explicitly, there is no implication to turn
on batch compilation again.
Since batch compilation is gated behind --sparkplug anyways we can
safely remove it.
Bug: v8:11790
Change-Id: I8f5ffb542625bc8061ceef02bae688edecea8438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964600
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75174}
This fixes compilation of V8 in Node.js with Visual Studio 2019.
Without this change, MSVC errors with C3779 (a function that returns
'auto' cannot be used before it is defined) on the `static constexpr
auto registers()` method.
Bug: v8:11420
Change-Id: Id545199e2cdc10c8560031fb5950ec1171e5d554
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964095
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75173}
As we push TurboProp's interrupt budget back, the deopt savings we get
from this aren't worth the runtime overhead in the generated code.
BUG=v8:9684
Change-Id: I6eeb941b25c13958f6b9ddf33439d7928af9b302
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964813
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75172}
The Cobalt team uses base/wrappers.h to intercept some low level OS
functions and recently we found strdup to be a blocker. Thankfully it
only appeared once in V8.
Change-Id: Ib20f399f94933b5d407c1e22e1df674420003ba2
Bug: v8:10927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2963805
Auto-Submit: John Xu <johnx@google.com>
Commit-Queue: John Xu <johnx@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75171}
Cobalt is a V8 embedder and it has its own platform abstraction. So
to V8 the OS name is "Starboard" instead of Win/Linux/Android even
though the real OS is one of them. To select the right embedded file
writer for Cobalt, we need some customizations in
platform-embedded-file-writer-base.*.
Bug: v8:10927
Change-Id: I6dadb4690ade0b4aebec14bc87fdc6d71c03b3bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2963804
Auto-Submit: John Xu <johnx@google.com>
Commit-Queue: John Xu <johnx@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75170}
- Show related code object for Maps
- Fix opening transition trees
- Rename *LogEntry.prototype.codeLogEntry to .code
- Show Arrays as dropdowns in tooltips
- Avoid hiding the tooltip when clicking on the tooltip itself
- Show links to code variants (bytecode/baseline/optimized)
- Fix chunk offset calculation
- Fix code for browsers that don't support
navigator.scheduling.isInputPending
Bug: v8:10644
Change-Id: I858dc410657d26d076214368814a52177b124f4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964592
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75169}
Rolling v8/build: e6942ef..bc21621
Rolling v8/buildtools/linux64: git_revision:e0c476ffc83dc10897cb90b45c03ae2539352c5c..git_revision:72d5a6e15d868abc8451fe0a3b6596e86a2ffc40
Rolling v8/buildtools/third_party/libc++abi/trunk: 6c29693..f4328ad
Rolling v8/third_party/aemu-linux-x64: XSqCv80jM_M_v5sYf8LVksQaL1zsbc6Pp9y-6WBCkbsC..D99f9rA6SsUg1U4VGdh-MSQQX94eeW2Mi8I_xw6-ccwC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e30a74f..6434229
Rolling v8/third_party/depot_tools: 3b56309..e319aba
Rolling v8/tools/clang: de043ec..c6949cbTBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Ia70979bb89a4f20a75995819f4a9dc5c02a4ae1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2965998
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75167}
... to ensure that it'll not be triggered for Code objects which
are known to never be in new space.
This removes the need for having custom implementation of setters with
Code values - existing [CONDITIONAL_]WRITE_BARRIER macros will work
just fine.
Bug: v8:11879, v8:11880
Change-Id: I7ed70e51f9459040086dd4c67e61b11617dbdc24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964812
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75166}
This reverts commit 8e44ee5f75.
Reason for revert: Reverting due to UBSan failures - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/16888.
Original change's description:
> [cpu-profiler] Reference counting for code entries
>
> To enable deallocation of CodeEntry objects after they're no longer
> being referenced by an active profile or alive on the heap, replace the
> |used| bit with a proper reference count maintained by a CodeMap.
>
> Bug: v8:11054
> Change-Id: Id3d5941e509504415692f833e406ecdd2553d426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945541
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Andrew Comminos <acomminos@fb.com>
> Cr-Commit-Position: refs/heads/master@{#75164}
Bug: v8:11054
Change-Id: Iae3ae73014c7eafe20917cf088a569f370d9b53d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2965489
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75165}
To enable deallocation of CodeEntry objects after they're no longer
being referenced by an active profile or alive on the heap, replace the
|used| bit with a proper reference count maintained by a CodeMap.
Bug: v8:11054
Change-Id: Id3d5941e509504415692f833e406ecdd2553d426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945541
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#75164}
Moves TurboProp to optimize around the time of TurboFan right now, and
removes some of the special-case logic we had to avoid aggressive
early optimization of TurboProp.
BUG=v8:9684
Change-Id: I0299408891ff6fd57e6523ff309b5f16624466a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964814
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75163}
1. Add test to ensure none of the array contains undefined
2. Calculate the fixed array size by considering the code may filter out
some itmes returned by ICU.
3. Add test to check there are no undefined.
4. Add test to check the locale.timeZones return sorted array.
5. Also refactor the JSArray generation code.
Bug: v8:11871
Change-Id: I8ad4a779d137d9b7e2deead7a1aa38e599e1af2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953517
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75162}
StateBase requires a virtual destructor as it is destroyed through the
base class. Failing to provide a virtual dtor leaks internal state in
State (and possible in future RootState).
Bug: chromium:1056170
Change-Id: I4408a57dc05fdeb81408f571dd6eb87312ba7c9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964815
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75160}
No changes to the algorithm; minor speedup due to the move
from Handle<BigInt> to Digits.
Bug: v8:11515
Change-Id: Id85fe4f0c276d3ad826fee79205719092d0e0715
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947412
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75158}
The boolean value is expected to be present during code
generation.
Change-Id: I3f9bd8f3977badd7fc7c0a716858d0d46032ae95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2963834
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75157}
