Commit Graph

75609 Commits

Author SHA1 Message Date
Frank Tang
86a219d9c9 [Temporal] Add Duration.prototype.with
Also add AO: ToPartialDuration
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-topartialduration
https://tc39.es/proposal-temporal/#sec-temporal.duration.prototype.with

Bug: v8:11544
Change-Id: I43282f5285a3c884229445547add6db2cde4fbe4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380102
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80767}
2022-05-27 00:53:03 +00:00
Adam Klein
2c2280554e Enable mjsunit/wasm/shared-memory-worker-gc
This test had been skipped since it was added in
4a416dbbe1.

Bug: v8:9380
Change-Id: I700f83fa4242baf44dd260fbc74520abf05101dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3670052
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80766}
2022-05-26 22:19:29 +00:00
Milad Fa
e3aee111a9 PPC: Use non prefixed instructions when possible
This CL adds a check to all integer/and fp load/store operations,
if the offset fits in an `is_int16` and if alignment requirements
are met (specific to lwa, ld and std) then a non prefixed load/store
instruction will be used.

Note that operation mode (MRI vs MRR) gets set during instruction selection.

Change-Id: I68e2aa1d559c7ff058d715e6e577a14b590b632b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669186
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80765}
2022-05-26 20:52:48 +00:00
Frank Tang
1b13172df3 [Temporal] Add PlainDateTime.prototype.withPlainDate
Also add AO: ConsolidateCalendars

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.withplaindate
https://tc39.es/proposal-temporal/#sec-temporal-consolidatecalendars

Bug: v8:11544
Change-Id: I98084f7cc92a837f6401a88ad10389a7c5df8b3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563541
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80764}
2022-05-26 20:42:09 +00:00
Andrey Kosyakov
495cc46baf Revert "Roll inspector_protocol to 87e75896dcfcafda7869b0c9714db9b6cdc4c765"
This reverts commit dec192fd2f.

Reason for revert: broke gcc builds because of [[nodiscard]]

Original change's description:
> Roll inspector_protocol to 87e75896dcfcafda7869b0c9714db9b6cdc4c765
>
> This lets us accept spec-compliant CBOR tag for message envelopes.
>
> This also includes a change in v8-inspector-session-impl.cc that
> relaxes an envelope check to allow spec-compliant envelopes.
>
> Change-Id: Id77c1e0fc4b62d78e8580f81ef38d50e3eb54a1d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3662540
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80761}

Change-Id: Iaa0cc65510c9af6391a2c7d0ef7baf903335a328
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669468
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80763}
2022-05-26 17:53:09 +00:00
Manos Koukoutos
66d3d28149 [wasm-gc] Improve array allocation
We inline array allocation for wasm-gc in the TF graph by using
AllocateRaw nodes. Additionally, we use memset to initialize large,
zero-initialized arrays. These changes give measurable speedup in some
benchmarks.

Bug: v8:7748
Change-Id: Icbd37d0fe673c673379139b96d0e1c175e95e357
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3666618
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80762}
2022-05-26 17:19:19 +00:00
Andrey Kosyakov
dec192fd2f Roll inspector_protocol to 87e75896dcfcafda7869b0c9714db9b6cdc4c765
This lets us accept spec-compliant CBOR tag for message envelopes.

This also includes a change in v8-inspector-session-impl.cc that
relaxes an envelope check to allow spec-compliant envelopes.

Change-Id: Id77c1e0fc4b62d78e8580f81ef38d50e3eb54a1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3662540
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80761}
2022-05-26 17:16:48 +00:00
Rob Paveza
c4d09aefb0 SHA256 hash crash: GetScriptHash
Initialization after reset + unnecessary use of handle scope appear to
be the culprit here. Most of the other functions in debug::Script do not
use HandleScope, so this reconciles these differences. Additionally,
the call to obtain and initialize the hash within
ActualScript::Initialize was inconsistent: all of the other fields were
initialized prior to resetting the script and source.

These reconciliations appear to fix this crash.

Bug: chromium:1325036
Change-Id: Ia86e83b6c99955a3ac80a4a8845c0df0172e991c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3648082
Commit-Queue: Robert Paveza <Rob.Paveza@microsoft.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Robert Paveza <Rob.Paveza@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80760}
2022-05-26 17:00:19 +00:00
Lu Yahan
bdb20626c1 [riscv64] Fix return value of lazy compile runtime function
Port commit 22a16bda86

Change-Id: I1a6815ca22f4b931ffd2468d8aeb82dc7a1e2bc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669661
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#80759}
2022-05-26 10:20:49 +00:00
Jakob Kummerow
7e5b7ad1e1 [wasm][cleanup] Simplify array.init_from_data
We can simply trap in the runtime, instead of returning sentinels.

Bug: v8:7748, v8:12425
Change-Id: I179c8675fabd3cb730f002ba99ba8cf942a9d4ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669108
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80758}
2022-05-26 06:58:49 +00:00
Frank Tang
cc8b442773 [Temporal] Add PlainTime.prototype.toPlainDateTime
Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.plaintime.prototype.toplaindatetime

Bug: v8:11544
Change-Id: I95bab9814471bb9347101d654f6dc902159f8fe3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538670
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80757}
2022-05-26 04:45:19 +00:00
Shu-yu Guo
9c4f57f66e Retain code correctly in %PrepareFunctionForOptimization
IsCompiledScope retains code to be safe against bytecode flushing, but
%PrepareFunctionForOptimization isn't currently initializing it with the
function's current compiled state. IOW, it's only retaining freshly
compiled code and is causing flakes for already-compiled functions.

Bug: v8:12697
Change-Id: Ie82a4adb8a136da708b3ae0ce27a42f5c277d324
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668318
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80756}
2022-05-25 23:39:58 +00:00
Frank Tang
600cebb4d0 [Temporal] Add Date.prototype.toTemporalInstant
Spec Text:
https://tc39.es/proposal-temporal/#sec-date.prototype.totemporalinstant

Bug: v8:11544
Change-Id: I65315152333291f76edc05cc41a528912a185d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3609214
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80755}
2022-05-25 18:20:10 +00:00
Frank Tang
06d61bd575 [Temporal] Add ZonedDateTime.prototype.startOfDay
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.zoneddatetime.prototype.startofday

Bug: v8:11544
Change-Id: I475e03fa9ba43290896a906524414cfbddd1f7bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3385610
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80754}
2022-05-25 18:19:08 +00:00
Milad Fa
9a57028480 S390: use r1 as scratch register
ip holds the jump table slot.

Change-Id: Ia56bf62835155d58ef10e57d761088d0b9a9710d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668285
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80753}
2022-05-25 17:04:57 +00:00
Milad Fa
68ae81bfc8 PPC/s390: [wasm] Fix return value of lazy compile runtime function
Port 22a16bda86

Original Commit Message:

    The Runtime_WasmCompileLazy function was returning a ptr-sized address,
    wrapped in an Object. This worked because no GC is triggered between the
    return from the runtime function and the point where we jump to the
    returned address.

    In a pointer-compressed world though, generated code assumes that all
    objects live in the same 4GB heap, so comparisons only compare the lower
    32 bit. On a 64-bit system, this can lead to collisions where a
    comparison determines that the returned address equals a heap object,
    even though the upper 32-bit differ.

    This happens occasionally in the wild, where the returned function entry
    pointer has the same lower half than the exception sentinel value. This
    leads to triggering stack unwinding (by the CEntry stub), which then
    fails (with a CHECK) because there is no pending exception.

    This CL fixes that by returning a Smi instead which is the offset in the
    jump table where the kWasmCompileLazy builtin should jump to. The
    builtin then gets the jump table start address from the instance object,
    adds the offset that the runtime function returned, and performs the
    jump.

    We do not include a regression test because this failure is very
    spurious and hard to reproduce.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I92907b97a9d44d8cf42bb356ef350a22f7c5d5e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3666249
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80752}
2022-05-25 15:57:29 +00:00
Manos Koukoutos
fe44d70604 [test] Skip failing test
Bug: v8:12907
Change-Id: I8a6da86b4c88b5cfcc9bbb349841c422ac81b64e
No-Tree-Checks: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667082
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80751}
2022-05-25 15:04:47 +00:00
Andy Wingo
e4941131f1 [stringrefs] Implement string.new_wtf8
Bug: v8:12868

Also adds the equivalent of Utf8Decoder, but for WTF-8.

Change-Id: I1548a44b0aea912cdd429eb85be4dfc606355cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660257
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80750}
2022-05-25 14:38:38 +00:00
Dominik Inführ
2864a4363e [heap] Combine fast path of generational and shared heap barrier
The fast path of all write barriers already got mostly unified in
https://crrev.com/c/3644964. However, the shared heap write barrier
still added a new branch in the fast path of the full write barrier.

This CL unifies the branch for the generational and the shared heap
write barrier in the fast path at the cost of an additional branch in
the slow path. This should hopefully the rest of the regressions caused
by introducing the shared heap write barrier.

Bug: chromium:1326446, v8:11708
Change-Id: Id5a8334c50a7455e53caf65891d4304d9d2e7702
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663091
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80749}
2022-05-25 14:29:57 +00:00
Maya Lekova
5480e036d2 [megadom] Add TF inlining for Megadom
The generated code checks if the receiver is a JS_API_OBJECT and if the
receiver requires an access check, and if not it lowers the call to an
API call.

We also add compilation dependencies on the protector cell to deopt if
our invariants change. (Note - the actual invalidation of these cells
will be implemented in a follow up CL)

Bug: v8:11321
Change-Id: I15722f1e5fac7176e292da4a35186e4609636aba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2719563
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80748}
2022-05-25 14:07:01 +00:00
Anton Bikineev
51d2256b8a cppgc: Conservatively scan compressed pointers
Due to collections with inlined storage, Oilpan still supports on-stack
Members, which are always compressed if pointer compression is enabled.
This CL scans halfwords (together with full words) on stack to find
potential pointers. Since on-heap pointers can only be compressed and
in-construction objects always reside on heap, only halfwords need to be
scanned for them.

The alternative potential followup approaches:
1) Use a separate uncompressed type for pointer in inlined collections;
2) Dynamically register regions of stack containing compressed pointers.

Bug: chromium:1325007
Change-Id: Ia706fd8e7383d30aff11f4014faa9edd3d289a55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644959
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80747}
2022-05-25 14:04:41 +00:00
Manos Koukoutos
9e7ada8e2b [wasm-gc][turbofan] Introduce wasm-gc-specific nodes
We introduce wasm-gc specific nodes into the Turbofan IR, corresponding
to the wasm opcodes:
ref.as_non_null, ref.is_null, ref.null, rtt.canon, ref.test, ref.cast.
We define them as simplified operators. These are lowered by a dedicated
phase in the wasm pipeline.
Optimizations based on these nodes will be introduced later.
Note: We rename ObjectReferenceKnowledge to WasmTypeCheckConfig and move
it to a separate file, as it is now used in simplified-operator as well.

Bug: v8:7748
Change-Id: Iceaf04eca089b08bad794f567359196e8ba78d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654102
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80746}
2022-05-25 14:03:36 +00:00
Dominik Inführ
8e47a2c603 [heap] Ensure unmapper task doesn't start during GC
There is now only one invocation left of
MemoryAllocator::Unmapper::FreeQueuedChunks in the GC epilogue.

Bug: chromium:1329064, chromium:1327132
Change-Id: Icc21ada4c5a8a9505ed6435ef1f62fe48b2dbb52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667079
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80745}
2022-05-25 12:24:17 +00:00
Seth Brenith
d21b37d3f2 Revert several changes that caused performance regressions
This change reverts the following:

400b2cc2c6 Don't rescue old top-level SharedFunctionInfos
Reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3657472

16a7150bae Reland "Disable recompilation of existing Scripts from
           Isolate compilation cache"
Reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3655011

2df4d58a9e Fix rehashing of script compilation cache
Reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3654413

c8848cf493 Refactor CompilationSubCache
Reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3629603

2507217839 Improve Script reuse in isolate compilation cache, part 1
Reviewed on https://chromium-review.googlesource.com/c/v8/v8/+/3597106

Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601, chromium:1328671, chromium:1328672, chromium:1328678, chromium:1328811, chromium:1328810
Change-Id: I1d318dc172e5214166d3b15f19903186f4fe6024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664023
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80744}
2022-05-25 12:11:28 +00:00
Milad Fa
a6cdc3a381 [buildtools] skip fetching GN on ppc and s390 platforms
GN is not available as a cipd package for ppc/s390 and
needs to be built from source.

Change-Id: I5f6eda13cd6227d20fc800cab7f54496a2d33f68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663154
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80743}
2022-05-25 12:03:37 +00:00
Igor Sheludko
c90cdd167f [api] Add more comments about interceptor callbacks
When a callback does not intercept the request
1) it should not call info.GetReturnValue().Set(),
2) it must not produce side effects.

Bug: v8:12873, chromium:1310062
Change-Id: If02994f24f1a68eb96c1af7cdd6dd7109f0617c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652786
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80742}
2022-05-25 11:38:44 +00:00
Simon Zünd
50f84564b4 [inspector] Reset the async task stack when resetting the context group
This CL fixes an issue with async stacks. The async task stack is not
torn down between page navigations or reloads. The result is that
any new async tasks are stacked on top of the old pages async task
stack.

This was not prominent until now for two reasons:
  1) Async tasks created in blink are always finished as long as
     destructors have time to run.
  2) When V8 is terminated while running the micro task queue also
     all async tasks created for Promises (including `await`) are
     cleaned up properly.

Introducing the stack tagging API made it more common for having
unfinished async tasks open outside the MTQ, which left the
async task stack non-empty during navigation.

This CL fixes this problem by clearing out all the async task
and async stack data structures for a context group when that
context group is reset.

R=bmeurer@chromium.org, victorporof@chromium.org

Fixed: chromium:1328785
Change-Id: Iee0c3c4a55f66e643829dae3726dc03c735da1dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3666620
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80741}
2022-05-25 10:51:23 +00:00
Darius M
702f0ff111 [compiler] Inline Array.prototype.at in JSCallReducer
Bug: v8:12865
Change-Id: I539a5b0a9c3c78ef9a767de75b71dd06de337d9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647351
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80740}
2022-05-25 10:01:03 +00:00
Samuel Groß
47d8833875 [sandbox] Remove V8_SANDBOX
V8_SANDBOX has been renamed to V8_ENABLE_SANDBOX in crrev.com/c/3647355
and its remaining uses in Chromium have now been renamed as well.

Bug: v8:10391
Change-Id: Ibb23ecab6687438b462685ef7fa044c0024dd098
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660251
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80739}
2022-05-25 09:42:44 +00:00
Clemens Backes
c282761a10 [wasm] Fix printing of WasmInstanceObject
There were multiple fields missing from the output.

R=jkummerow@chromium.org

Change-Id: Ie4c3171339943414c58c2fe6f0e507cdd531dd8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664497
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80738}
2022-05-25 09:12:53 +00:00
Liu Yu
7e50fa6275 [loong64][mips][wasm] Fix return value of lazy compile runtime function
Port commit 22a16bda86

Bug: chromium:1311960
Change-Id: Id06b901e5290a0c7d2c01f4fabbb98d0f47eb570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3665938
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80737}
2022-05-25 08:54:53 +00:00
Leszek Swirski
c2dadb6947 [maglev] Add support for DefineNamedOwnProperty
Add a generic DefineNamedOwn node for DefineNamedOwnProperty, and a
monomorphic fast path identical to SetNamedProperty for simple field
stores.

Bug: v8:7700
Change-Id: I35ff9d54be8bb8e437865e4d1ba38eb726034e24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663084
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80736}
2022-05-25 08:30:44 +00:00
Simon Zünd
9e27dbca79 [debug] Fix crash when live editing unused inner functions
This CL fixes a wrong assumption in the LiveEdit machinery. Namely
the assumption that every FunctionLiteral the parser finds, will have
a corresponding SFI created by the compiler. This assumption does not
hold in all cases. Inner functions that are never referenced by the
outer function don't get an SFI.

R=bmeurer@chromium.org

Fixed: chromium:1328453
Change-Id: I674f023f948954c1fcae04a4aa2afb69ea1642aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663443
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80735}
2022-05-25 07:51:03 +00:00
v8-ci-autoroll-builder
ca18e979b3 Update google_benchmark
Rolling v8/third_party/google_benchmark/src: 37be1e8..7eb8c0f

Introduce warmup phase to BenchmarkRunner (#1130) (#1399) (Matthdonau)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/7eb8c0f

Add support to get clock for new architecture CSKY (#1400) (Zi Xuan Wu (Zeson))
https://chromium.googlesource.com/external/github.com/google/benchmark/+/6c46c9f

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: Id8121e8c4d87442bde184c7c940d8b102ebdf9c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3665706
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80734}
2022-05-25 05:50:23 +00:00
Andreas Haas
be8ffebbd8 [bazel] Fix build script
The CL https://crrev.com/c/3530115 deleted files that were referenced
in the bazel build script.

R=bmeurer@chromium.org

Change-Id: I8e7bbcd90f7ada516209f478fe78e1437b04c697
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3664496
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80733}
2022-05-25 05:31:03 +00:00
Frank Tang
3ba8390cb9 [Temporal] Add PlainTime.(compare|prototype.equals)
Also add AO: CompareTemporalTime

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaintime.compare
https://tc39.es/proposal-temporal/#sec-temporal.plaintime.prototype.equals
https://tc39.es/proposal-temporal/#sec-temporal-comparetemporaltime

Bug: v8:11544
Change-Id: I8e2a320c2e296558e1fb15ef6e855e6b6a14ece2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538669
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80732}
2022-05-25 03:10:23 +00:00
Frank Tang
702f874a3b [Temporal] Add PlainDateTime.prototype.toPlain(Date|Time)
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplaindate
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplaintime

Bug: v8:11544
Change-Id: Ifb7115823d1d3d1ff53806f1b376d69302e00ae1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3385761
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80731}
2022-05-25 01:17:21 +00:00
Frank Tang
38e56036dd [Temporal] Add PlainTime.prototype.toZonedDateTime
Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.plaintime.prototype.tozoneddatetime

Bug: v8:11544
Change-Id: I147b1d21b4728520c5667a30548ec77f71d7445a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3554456
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80730}
2022-05-24 22:10:12 +00:00
Clemens Backes
22a16bda86 [wasm] Fix return value of lazy compile runtime function
The Runtime_WasmCompileLazy function was returning a ptr-sized address,
wrapped in an Object. This worked because no GC is triggered between the
return from the runtime function and the point where we jump to the
returned address.

In a pointer-compressed world though, generated code assumes that all
objects live in the same 4GB heap, so comparisons only compare the lower
32 bit. On a 64-bit system, this can lead to collisions where a
comparison determines that the returned address equals a heap object,
even though the upper 32-bit differ.

This happens occasionally in the wild, where the returned function entry
pointer has the same lower half than the exception sentinel value. This
leads to triggering stack unwinding (by the CEntry stub), which then
fails (with a CHECK) because there is no pending exception.

This CL fixes that by returning a Smi instead which is the offset in the
jump table where the kWasmCompileLazy builtin should jump to. The
builtin then gets the jump table start address from the instance object,
adds the offset that the runtime function returned, and performs the
jump.

We do not include a regression test because this failure is very
spurious and hard to reproduce.

R=jkummerow@chromium.org

Bug: chromium:1311960
Change-Id: I5a72daf78905904f8ae8ade8630793c42e223984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663093
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80729}
2022-05-24 21:38:32 +00:00
Patrick Thier
9964283126 Re-enable shared-memory tests under tsan/stress_incremental_marking
The underlying issue was fixed with https://crrev.com/c/3660258

Bug: v8:12883
Change-Id: If7a1fdaf122396396cfbaaae3a68ef89bafc1703
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663342
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80728}
2022-05-24 18:05:03 +00:00
Clemens Backes
23611173fb [wasm] Fix C API for dynamic tiering
The Wasm C API currently disabled dynamic tiering, in order to have
deterministic behaviour for serialization of Wasm modules.
As dynamic tiering is now shipped, also the C API should follow.

Serialization of a Wasm module now just serializes the current state, so
embedders are responsible for warming up a module before serializing it.

If requested, we can add an internal API to enforce full tier-up of all
functions, but we will leave that for later.

R=ahaas@chromium.org, jkummerow@chromium.org

Bug: v8:12899
Change-Id: I55df63f0b6c1f285e4983f9f7d5fb66aa41637bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660261
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80727}
2022-05-24 17:37:17 +00:00
Junliang Yan
1b67bf5184 ppc64: [baseline] fix constant pool issue
Change-Id: Ifbfa391482215ed13954422fef028a5697ac6bb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663149
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80726}
2022-05-24 16:00:02 +00:00
Junliang Yan
cd7ea202ca ppc64: [baseline] remove redundant function
Change-Id: I25b6f6d76177394e3812ce506a06381a1afcc863
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663148
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80725}
2022-05-24 15:53:22 +00:00
Junliang Yan
c77098bd8d ppc64: [baseline] set RC bit for branch properly
Change-Id: Ic7ac221c18f242740ae088b856d9295cd1256936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663147
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80724}
2022-05-24 15:50:45 +00:00
Leszek Swirski
54c6a307b1 [maglev] Add Float64 compare ops
Same pattern as Int32 compare ops.

Bug: v8:7700
Change-Id: Ia090cb97d6c5c99c6aa719ec5db1a2a8e2156472
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663340
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80723}
2022-05-24 15:49:42 +00:00
Peter Kasting
db24d136fb C++20 fixes.
Math between disparate enums is deprecated.  Use constexprs instead.

This requires switching some caller code to work with the new non-enum
constants also.

Bug: chromium:1284275
Change-Id: Ifb3c8757ed62e2a0966120f830f0a7e282b53a16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3661148
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80722}
2022-05-24 13:58:20 +00:00
Leszek Swirski
1f413298e4 [map] Cleanup: Smi validity "cells" are always valid
We can check map validity cells for Sminess without checking their
value, since their value as a Smi (and not a Cell) should always be
"valid"

Change-Id: Ie73079107144e352c358c0ec42abd0c10bdcf73a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663090
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80721}
2022-05-24 13:45:39 +00:00
Leszek Swirski
b636d185bc [ic] Clean up StoreHandler code methods
Clean up a couple of the StoreHandler methods returning Builtins to
directly return the Code object, so that it can be used as a handler
straight away without having to go via the MakeCodeHandler helper (which
wasn't making anything anymore).

Change-Id: I4976829d25e2bdad0cf41088b76121ac9b500cd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663083
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80720}
2022-05-24 13:30:19 +00:00
Camillo Bruni
f2265d0ca8 [maglev] Add and use GetInLivenessFor / GetOutLivenessFor helpers
Bug: v8:7700
Change-Id: I6b03c715153c7e9a63abc848ac87faef809b49a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663089
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80719}
2022-05-24 13:06:58 +00:00
Dominik Inführ
f6ebae93b0 [heap] Stop unmapper before full GC
Stop the unmapper tasks before running a full GC. This ensures that all
freed memory is actually reusable in the following full GC. We also need
to keep freed pages around until after the GC in order to be able to
perform page flags checks on them when updating pointers. However,
when unmapper tasks are still running pages freed during the GC may be
unmapped too early.

Bug: chromium:1327132
Change-Id: I4fde7853b987975ae6ef304e89c53eb20b004d55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660247
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80718}
2022-05-24 12:53:49 +00:00