Code alignment was updated to 64-bytes on ppc:
https://crrev.com/c/3528993
This change is required to maintain the same alignment on AIX.
Change-Id: I8cc33c9abad1ceeac050fde30700d315ef549d7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3552087
Reviewed-by: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79639}
Define ctors for BasicMemoryChunk, ReadOnlyPage, MemoryChunk, Page and
LargePage. We can use those with placement-new to initialize pages. We
now initialize chunks at once either for ReadOnlyPage, Page or
LargePage. Previously initialization happened in multiple locations
starting with BasicMemoryChunk::Initialize.
Adding ctors to these classes should improve debugging, since debug
info for classes without ctors was removed with the compiler flag
`-fuse-ctor-homing`.
Change-Id: Ib842bb9b1e93a6576cad8299b7c5dbfe299baa33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545092
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79638}
Bidirectional phase switching by shortcuts "n", "b".
Improved selection of nodes when they are splitting or raising to a common ancestor.
Fixed minor inconsistencies in some variable names with the project style.
Added name and email to the AUTHORS file for first-time contribution.
Change-Id: I0c903dbf81c3d1d75503004ce412a81aace06a61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537008
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79636}
... with zero cost.
Bug: v8:9357
Change-Id: I66985c3fd3e7b4efa354eb564c641562cf55ab49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3518909
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79632}
This reverts commit 2ee36e4cf5.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/20570/overview
Original change's description:
> [maglev] Remove input_count from Node constructors
>
> Change the NodeBase bitfield to be out-of-line, and initialised by
> NodeBase::Allocate. This means that we don't have to thread the
> input_count through the Derived constructor just to pass it back into
> the NodeBase constructor, and so we can remove those arguments (plus the
> opcode ones while we're at it).
>
> Bug: v8:7700
> Change-Id: I0c96db8cdd05ef106b3cfeb31c5e0d4770d13cc9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3553103
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79627}
Bug: v8:7700
Change-Id: Ice38908e85f2980dbbe66c61fab17326b3d0be41
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3553005
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79631}
This patch enables PAC and BTI for runtime generated code when PAC
is enabled. Additional BTI landing pads will resolve to NOOP when
running on non BTI device and will not cause functional problems.
Change-Id: I3993481df2c3c47e3e81bfb76a8c355f642cd572
Bug: chromium:919548, v8:10026
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548457
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Andre Kempe <andre.kempe@arm.com>
Cr-Commit-Position: refs/heads/main@{#79630}
Change the NodeBase bitfield to be out-of-line, and initialised by
NodeBase::Allocate. This means that we don't have to thread the
input_count through the Derived constructor just to pass it back into
the NodeBase constructor, and so we can remove those arguments (plus the
opcode ones while we're at it).
Bug: v8:7700
Change-Id: I0c96db8cdd05ef106b3cfeb31c5e0d4770d13cc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3553103
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79627}
We could optimize String#startsWith in JSCallReducer for
three conditions:
- If search_element is definitely not a string, we make no change.
- If search_element is definitely a string and its length is less
or equal than max inline matching sequence threshold, we could
inline the entire matching sequence.
- Else we try to inline, and have a runtime deopt if search_element
is not a string.
Bug: v8:8400
Change-Id: I505090b91d35fbc2c91cdf985717c68135cba807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3517936
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79621}
They make assumptions which don't hold for API handlers.
Bug: v8:9237,chromium:1308360
Change-Id: I9f122c4e75a24d83ef3653cbf7a223ed522e4d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548899
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79614}
P10 comes with prefixed instruction (2 x 4-byte instructions)
which allow for using larger immediate values. `paddi` has
been added in this CL which uses a 34-bit immediate.
Prefixed instructions cannot cross 64-byte boundaries, i.e we cannot
have the first 4-bytes on one side and the second 4-bytes emitted on
the other side of the boundary. Therefore we need to align generated
code to 64 bytes and emit a nop whenever the boundary is being crossed
midway (check emit_prefix).
Change-Id: I90e9953089214e15eeef0d70147ea5943fe05f45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528993
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79612}
Commit 0719ace66e improves the code
generated for comparisons by avoiding the materalization of the
comparison bit.
Now, this commit aims at doing this same improvement for binary
operations. Since binary operations set the ZF flag, there is no
reason to insert a "== 0" comparison.
Note that this commit might increase register pressure, which might
actually reduce performance. It's hard to anticipate, so we'll land
it, and revert it if it's actually bad for performance.
Bug: v8:12484
Change-Id: I963f0c4afdd59b35b4bac468e47d987836433163
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545165
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79611}
Add a test for the case where SlicedStrings of ThinStrings are looked up
in the string table, testing the path that the original string's length
differs from the actual string's length.
Bug: chromium:1309767
Change-Id: I909c64397bf28ec33c3324d94882fbfe81ac4109
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3549837
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79610}
Maglev compilation can currently fail, e.g with unsupported bytecodes.
Bug: v8:7700
Change-Id: I837d69a5f9c27d4dc6fa9d03369f045fb5175d61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541921
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79609}
Change Checkpoints from IR Nodes to just normal Zone objects, pointed to
by the deopting Node. Also merge Checkpoint and DeoptimizationInfo --
this has the side effect that multiple Nodes that share a checkpoint
will point to the exact same deopt call.
Bug: v8:7700
Change-Id: Ib36aa13afe3af6a0a22d2cfe80a13fef4bea1227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545179
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79607}
Currently, OSB can not be safely accessed if sweeping is in progress.
This can, however, be easily lifted with atomic stores.
Having the consistent bitmap is needed for the generational barrier for
source objects (to retrieve the source object beginning).
Bug: chromium:1029379
Change-Id: I5fb8db579f881ddf240ce68ad51fa8264ee645dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545071
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79606}
- When the property being defined with DefineKeyedOwnIC or
DefineNamedOwnIC already exists, we should use the slow path to
check if the operation is allowed in case the property is
non-configurable or Object.preventExtensions() has been called on
the property.
- Since KeyedStoreIC:Store() reuses StoreIC::Store() when the key is a
name, we should use Runtime::DefineObjectOwnProperty() for
DefineKeyedOwnIC too.
- When dealing with public fields, Runtime::DefineObjectOwnProperty()
should use JSReceiver::CreateDataProperty() instead of
Object::SetProperty() for the specified semantics. This patch also
adds JSReceiver::AddPrivateField() for it and StoreIC::Store to
define private fields without triggering traps or checking
extensibility.
- To emit a more specific error message when redefining properties
on non-extensible objects, Object::AddDataProperty() now also takes
a EnforceDefineSemantics enum to distinguish between set and define.
- Drive-by: fix JSReceiver::CheckIfCanDefine() which should check for
extensibility even if the configurability check passes.
Bug: chromium:1259950, v8:9888
Change-Id: Ib1bc851ffd4b9c3a0e98cac96dafe743c08ee37e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3517934
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79603}
Remove StoreToFrame and the general diff encoding for checkpoints, and
instead make all Checkpoints immediately copy the live part of the
interpreter frame state.
This means that we don't need to recreate the frame state during graph
processing, and we don't have to copy the checkpoint's state for storing
in the deferred DeoptimizationInfo.
In theory the diff encoding was meant to save zone memory for unused
checkpoints, and for checkpoints that don't differ much from each other.
However,
a) We expect to do most checkpoint elimination during graph building,
so the assumption that many checkpoints will be unused seems less
probable, and
b) We need to copy the checkpoint's frame state for emitting deopts,
so we don't actually end up avoiding doing the copies.
So, we can simplify things by removing this complexity.
Bug: v8:7700
Change-Id: Iff9743fabbf7a017cccf0ece76a797c571764ea6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545178
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79602}
This is a reland of commit d9e1f2aee5
Change: disable regression test on non-SIMD hardware
Original change's description:
> [wasm][liftoff] Spill regs for multi-value merges
>
> If there is more than one value in the merge region, a stack-to-stack
> move can overwrite the source of a stack-to-register move. To avoid
> this, spill all registers.
>
> R=clemensb@chromium.org
>
> Bug: chromium:1299183
> Change-Id: I10495434d0a18c9072ee3882e00a687edd8c592a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523044
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79584}
Bug: chromium:1299183
Change-Id: I6f2af786ab91194a93945f5030575d1b8abee7fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548716
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79601}
Rather than emitting eager deopt code inline, use the full
DeoptimizationData+TranslationArray mechanism in maglev, for consistency
with TurboFan and simplification of implementing lazy deopts in the
future.
Bug: v8:7700
Change-Id: I67282b27493772c78ad28feaa4ad6a2c35c8e239
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545169
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79600}
This reverts commit 802c7b3e16.
Reason for revert: Cluserfuzz found a reason to have this.
Original change's description:
> [string] DCHECK instead of test that ThinString's actuals have same length
>
> ThinStrings always forward to internalized strings that have the same
> character contents and thus the same length.
>
> Change-Id: I5929d266f96b23029f4786baf993a431cf4ad38d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3541522
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79582}
Change-Id: Ib8a7b962242f8b8ab3ffc5c70ed1c84d187e5b8e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548459
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79599}
In LowerStringCodePointAt, rather than call StringCodePointAt
builtin, we could inline it using StringCharCodeAt.
Bug: v8:11743
Change-Id: I924f4180ffcfd583cfcbba57b2e0cf114adef068
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3517935
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79598}
This reverts part of crrev.com/c/2413252 since std::unique_ptr does
not satisfy is_standard_layout; and is_standard_layout is needed
to use offsetof:
error: offset of on non-standard-layout type [-Werror,-Winvalid-offsetof]
Fixed: v8:12721
Change-Id: Ifbb1235fc3b8d1d855d41a226117fed88c506078
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3540141
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79597}
Report fine-grain incremental mark/sweep statistics to the Recorder API.
These will be used by Blink to populate UMA histograms such as
V8.GC.Event.MainThread.Full.Incremental.(Mark|Sweep).
Bug: chromium:1154636
Change-Id: I1cbdcb2ffa49bd01d04a2e1d43921cebf956ac84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545070
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79596}
The debugger maintains a stack of promises used for catch prediction
with promise builtins and async functions. Previously this stack would
hold on to the individual promises strongly, and subtle bugs that lead
to not properly cleaning up the stack in some corner cases would often
lead to significant memory issues (e.g. leaking whole iframes).
This refactors the PromiseOnStack to be
(a) on the V8 heap, rather than allocating C++ structs with global
handles pointing to the promises, and
(b) hold on to the promises only weakly.
While this will not guarantee proper promise stack management, it will
at least ensure that edge cases don't lead to catastrophic (debugger
only) leaks.
Bug: chromium:1292063
Change-Id: I9c293ca2032de3a59e1e9624f132d37187805567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545176
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79594}
Before productionizing this, we probably want to just ignore the whole
section if it contains invalid data, but for now failing with a decode
error is more consistent with existing checks.
R=ecmziegler@chromium.org
Bug: v8:12537
Change-Id: I7fc5933573a4d6eddd039bf51361c5bee5c5170d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545177
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79593}
Accidentally, remembered sets for slots and source objects were passed
by value when visiting.
Bug: chromium:1029379
Change-Id: I1942a13605990c0b13c378d33d3ace602daddf0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545318
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79591}
This reverts commit 164a040a2a.
Reason for revert: roll failure: https://ci.chromium.org/ui/p/chromium/builders/try/cast_shell_linux/1164753/overview
Original change's description:
> cppgc: Add regression test and check for object start bitmap
>
> Access to the object start bitmap is only safe during marking until
> sweeping is started as the concurrent sweeper may clear and rebuild
> the bitmap at any time during sweeping.
>
> Adds a DCHECK and an additional test for a previously broken
> pre-finalizer scenario.
>
> Bug: chromium:1307471
> Change-Id: If67ade43f7cdad6de4720c0efeac11bfe8c22b3c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535782
> Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79550}
Bug: chromium:1307471
Change-Id: I181e63a34eae9369184fb86112bc64e53b8bfad5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545317
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79590}
