Commit Graph

77511 Commits

Author SHA1 Message Date
Michael Achenbach
b6ccbe97dd [test] Skip test not working with gc stress
No-Tree-Checks: True
No-Try: True
Bug: v8:7700
Change-Id: I6d02e9109664ab2dfaa578c03ee0286aad56880c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863274
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82819}
2022-08-30 13:33:08 +00:00
Jakob Kummerow
40122f5c42 [wasm] Skip SIMD test on bots without SIMD hardware
Bug: chromium:1356718
No-Tree-Checks: True
No-Try: True
Change-Id: Ibe8ed82903a10406f9907939ec8704ff448768a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863272
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82818}
2022-08-30 13:10:38 +00:00
Simon Zünd
3297ccca23 [debug] Immediately step-in for 'stack check triggered' debug breaks
This CL changes debug breaks that are triggered via interrupts (i.e.
via stack check). One client of this behavior is the `Debugger.pause`
CDP method.

The problem is that when we pause so early, the JSFunction didn't have
time yet to create and push it's context. This requires special
handling in the ScopeIterator and makes an upcoming change unnecessary
complex.

Another (minor) problem is that local debug-evaluate can't change
context-allocated local variables (see changed regression bug). Since
the context is not yet created and pushed, variables are written to
the DebugEvaluateContext that goes away after the evaluation.

The solution is to mirror what `BreakOnNextFunction` does. Instead
of staying paused in the middle of the function entry, we trigger
a "step in" and pause at the first valid breakable position instead.
This ensures that the function context is already created and pushed.

Note that we do this only in case for JSFunctions. In all other cases
we keep the existing behavior and stay paused in the entry.

R=jgruber@chromium.org

Fixed: chromium:1246907
Change-Id: I0cd8ae6e049a3b55bdd44858e769682a1ca47064
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854501
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82817}
2022-08-30 12:05:58 +00:00
Jakob Linke
ed90ea5cf7 [maglev] Implement Maglev-to-Turbofan OSR
This implementation sticks closely to what Ignition-to-Turbofan (and now
Sparkplug-to-TF) does. OSR is detected in the TieringManager by having
optimized code available, without having entered it. The osr_urgency is
increased to enable OSR for increasing loop depths. When a candidate
JumpLoop backedge is reached, we call into runtime to trigger OSR
compilation.

JumpLoop also detects the availability of cached OSR'd code. When a
matching OSR code object is available, Maglev 1) deoptimizes s.t. the
unoptimized frame layout is reconstructed, and 2) delegates the actual
OSR tierup to the unoptimized tier. For purposes of 1), we add a new
DeoptimizeReason that causes a one-time eager deopt without invalidating
any code.

Drive-by: Annotate OSR for more --trace-opt output.

Todo: Refactor non-Sparkplug-specific bits of the BaselineAssembler
into a generic spot that both SP and ML can use.

Bug: v8:7700
Change-Id: I6ebab2df8b87f9f70ffb78162a3c1226ec545468
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859850
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82816}
2022-08-30 11:51:28 +00:00
Jakob Kummerow
8e069d6294 [wasm][simd] Fix SpillAdjacentFpRegisters...
...to honor the {pinned} list under all circumstances.

Drive-by: DEBUG-mode helpers to print FunctionSig and LiftoffRegList
objects to stdout.

Fixed: chromium:1356718
Change-Id: I487db12294f687790cec1d658d7a7d754f3c2f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859752
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82815}
2022-08-30 11:24:28 +00:00
Dominik Inführ
f1e800f064 [heap] Move VerifySmisVisitor into heap-verifier.cc
This class is only used for heap verification and doesn't need to be
public.

Bug: v8:11708
Change-Id: I9d1750a6f701ed0d9a106f8d93ab3ff82bbf4f3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862208
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82814}
2022-08-30 10:54:58 +00:00
Darius M
d4697063a7 [compiler] fix incorrect string access in the background
Only Internalized and Thin strings should be accessed from the
background. My CL "[compiler] Remove map check in StringRef::length"
removed a check, and, while doing so, made it possible to read Cons
strings in the background, which is incorrect because such strings can
be mutated by the main threads.

Fixed: chromium:1357438
Change-Id: I3a5445f91d10e5ceab62ac208a04be5ed71798ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862007
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82813}
2022-08-30 10:06:17 +00:00
Camillo
d15537cf1f [runtime] Fix relaxed memmove in TypedArray.prototype.set
If either target or source are shared buffers, use relaxed memmove.

Bug: chromium:1353555
Change-Id: Ieaad826c610b0f2f808b4061947372d851f95978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862209
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82812}
2022-08-30 09:57:50 +00:00
Simon Zünd
af62c4f0e5 [sparkplug] Allow sparkplug->ignition deopt in func entry
Adapted from https://crrev.com/c/3862264.

Add a new teardown trampoline for the case where a Sparkplug function is
deoptimized during its function entry stack check. In these cases, the
stack is in an incomplete setup state, so instead of forwarding to
interpreter re-entry, we undo the partial stack setup and forward to
the standard interpreter entry.

R=leszeks@chromium.org

Bug: chromium:1246907, chromium:1357554
Change-Id: I0795b20cdc60d3ba28bc32cd55bdf82d72f83aac
Also-by: leszeks@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865144
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82811}
2022-08-30 09:56:47 +00:00
Dominik Inführ
810a0b5ff7 [heap] Move Verify* methods out of the heap class
Methods are now defined in heap-verifier.h in the HeapVerifier class.

Bug: v8:11708
Change-Id: I13e7f1760598f3659ad6aa31082840caf2e44038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857558
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82810}
2022-08-30 09:22:27 +00:00
Victor Gomes
c9c490891a [cleanup] Iterate WasmFrame and TypedFrame
This CL:
- Separates Wasm frame pointer iteration from TypedFrame iteration
- Introduces the frame StubWithContext that correspond to a TF-optimized
code without JS linkage
- Fixes WasmToJsFrame to be a WasmFrame
- Fixes the hack with JsToWasmFrame that calls TypedFrame when not
the right builtin
- Cleans up TypedFrame::Iterate

Change-Id: Ie238df5188f2e2f081f5353b4538b75b6e79f64a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859787
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82809}
2022-08-30 09:02:47 +00:00
jameslahm
1e30ca269c [snapshot] Ensure EphemeronHashTables sufficiently initialised
... when deserializing.

EphemeronHashTables require valid HeapObject keys, however
EphemeronHashTables are filled with Smi::uninitialized_deserialization_value
when deserializing. We could fill EphemeronHashTable's elements
with "the initial filler" which is undefined value to make sure
the elements are valid.

Bug: v8:13232
Change-Id: I268cdbd4303fbe9afa2f9a5d8aafcace397c8164
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864185
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82808}
2022-08-30 07:55:48 +00:00
Vasili Skurydzin
56b4ef2402 Aix: Fix typo in __linux_malloc, __linux_realloc arguments
Change-Id: Ia0078bed77f5f75eebd837b7ffcc34cfb2c7d305
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863723
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82807}
2022-08-30 07:30:48 +00:00
Dominik Inführ
0adc9cac02 [heap] Add --fast-forward-schedule and disable it for experimenting
Add a flag for disabling FastForwardSchedule() during incremental
marking.

This CL disables "schedule fast forwarding" by default to experiment
with this setup for a few days and to see whether this causes
performance regressions.

Bug: v8:12775
Change-Id: Id2c0a62f4b67b3a2379816581800cfb62361b40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865003
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82806}
2022-08-30 06:55:08 +00:00
Simon Zünd
24ee7ed5ec [debug] Fix DCHECK when looking for the closest breakpoint
This CL adjusts a DCHECK that verifies a bytecode offset when looking
for the closest breakpoint given that offset. When we pause on
function entry via interrupt, then the offset is
kFunctionEntryBytecodeOffset (-1), which is still a valid offset.

R=jarin@chromium.org

Fixed: chromium:1357554
Change-Id: I5b25b58f02be0e605191c38e9d1d93e334664c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862265
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82805}
2022-08-30 06:03:37 +00:00
Frank Tang
87ba2e2e11 [Temporal] Sync PR 2266 add ISODateTimeWithinLimits to CreateTemporalMonthDay
PR https://github.com/tc39/proposal-temporal/pull/2266

Disallow arbitrary integers for the reference ISO year in PlainMonthDay
Spec text: https://tc39.es/proposal-temporal/#sec-temporal-createtemporalmonthday

Also add missed assertion of calling ISODateTimeWithinLimits

Bug: v8:11544
Change-Id: Idd18428f3e6e6af53c2c207652688af269746782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855703
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82804}
2022-08-30 05:54:37 +00:00
ishell@chromium.org
91637c25fc Reland^2 "[ext-code-space] Enable Code-less embedded builtins"
This is a reland of commit 40901824d7
The reason for revert was regressions in `blink_gc:effective_size`
buckets of `system_health.memory_desktop` benchmarks.
See http://crbug/1356329#c51.

Memory Perf Sheriffs: This CL shifts GC times which regresses
`blink_gc:effective_size` but improves `v8:effective_size` bucket by
a similar amount. The `private_footprint_size` metric stays neutral
for the majority of the stories and for certain load stories it even
improves.

Original change's description:
> [ext-code-space] Enable Code-less embedded builtins
>
> Bug: v8:11880, v8:12592
> Change-Id: I8d3d6ad0a4c26eb1fea2a998ffeddd1d96afa690
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784593
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82642}

Bug: v8:11880, v8:12592, chromium:1356329, chromium:1356763
Change-Id: Ia9150ecb1f16581e249e4e3e566be20ac4591e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862503
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82803}
2022-08-30 05:38:57 +00:00
Frank Tang
f5ef68dead [Temporal] Fix TimeZone getPossibleInstantsFor
Subtract timeZone.[[OffsetNanoseconds]] from epochNanoseconds
before calling the IsValidEpochNanoseconds() for the case of
4. If timeZone.[[OffsetNanoseconds]] is not undefined

Bug: v8:11544
Change-Id: Icea2d8390a9db01054956f8c57b47dc5a88446d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855980
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82802}
2022-08-30 04:12:47 +00:00
Frank Tang
0f901f00e8 [Temporal] Sync PR 2297 change ToSecondsStringPrecision
Validate fractionalSecondDigits after truncation

https://github.com/tc39/proposal-temporal/pull/2297

Spec text:
https://tc39.es/proposal-temporal/#sec-temporal-tosecondsstringprecision

Bug: v8:11544
Change-Id: I648f087f4fa2cfd6245c7946cfa625a7c5e3b3b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855702
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82801}
2022-08-30 04:01:49 +00:00
v8-ci-autoroll-builder
a7c7c4dc12 Update V8 DEPS (trusted)
Rolling v8/build: 7e25322..adc338f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2417ba3..6552f9b

Rolling v8/third_party/depot_tools: b7ec673..bbb66d7

Rolling v8/tools/clang: 1eff359..ad4caa4

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ife992f3f909a23faa528e8ee1637b1213cc07fa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863152
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82800}
2022-08-30 03:53:27 +00:00
Igor Sheludko
71ce0f570b [heap] Remove data racy DCHECK from PagedSpaceBase::TryExpand()
Bug: v8:13235
Change-Id: Ic6509a74bb808de320734043a42c2da867c150a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858301
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82799}
2022-08-30 03:31:16 +00:00
Frank Tang
f03d02e23f [Temporal] Sync PR 2261
Disallow negative day lengths as round result

PR https://github.com/tc39/proposal-temporal/pull/2261

Also fix the missing extraValues=<"day"> to GetTemporalUnit

Spec Text: https://tc39.es/proposal-temporal/#sec-temporal.zoneddatetime.prototype.round

Bug: v8:11544
Change-Id: Ibc963d5d93dde30f29df707ef3b3ecea99cd4a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855704
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82798}
2022-08-30 01:20:37 +00:00
Frank Tang
f54b1eb461 [Temporal] Sync PR 2225 Consistently check overflow options
https://github.com/tc39/proposal-temporal/pull/2225

Call ToTemporalOverflow in ToTemporalDate and ToTemporalDateTime

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-totemporaldate
https://tc39.es/proposal-temporal/#sec-temporal-totemporaldatetime

Bug: v8:11544
Change-Id: I3d2846e2efc214ea5385be58cb49e319369b5900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855705
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82797}
2022-08-30 01:14:27 +00:00
Frank Tang
41419aa370 Revert "[intl] Return "UTC" instead of "Etc/UTC" or "Etc/GMT" as DefaultTimeZone"
This reverts commit 6b682148aa.

Reason for revert: Cause CHECK violation in https://bugs.chromium.org/p/chromium/issues/detail?id=1356838 
Original change's description:
> [intl] Return "UTC" instead of "Etc/UTC" or "Etc/GMT" as DefaultTimeZone
>
> Refactoring the code dealing with TimeZone Canonicalization.
> Change CanonicalizeTimeZoneName from return MaybeHandle<String> to Handle<String>
> Move TimeZoneId from JSDateTimeFormat to Intl and return Handle<String> instead of Handle<Object>
>
>
> Bug: v8:13112
> Change-Id: I678b0e0d407e5e4e9dd8b7120c0e99e7e2d9c5ea
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833435
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82505}

Bug: v8:13112
Change-Id: If4df4bc19b5d1a02c51e2c944abaca8a25b76a1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863883
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82796}
2022-08-29 22:25:08 +00:00
Shu-yu Guo
7524089264 [shared-struct] Use PersistentHandles to convey shared values
Shared values need to be kept alive while being conveyed across threads (i.e. by
postMessage). Currently they are meant to be conveyed through the
serializer/deserializer by the embedder via API. This both clunky and
the embedder has no good choice for what to do, because the most natural
choice is v8::Global and it is not designed to be threadsafe.

This CL removes the API and transparently handles conveying shared
values by using a wrapper around PersistentHandles called
SharedValueConveyors. Any isolate can own the conveyor provided it
outlives the receipt of the message by the receiving isolate. For
simpler lifetime management, the shared isolate currently owns all
conveyors.

Bug: v8:12547
Change-Id: I8f71b2faa0f8a1973f8b97ffccf4f5ad230f4e16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857453
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82795}
2022-08-29 19:44:47 +00:00
Michael Lippautz
76d61b2195 [base] Unify wrappers for malloc and friends
- Unify AIX and Starboard wrapping code.
- Move all wrapping code into `platform/memory.h`

Change-Id: I42c04dd1e982edff2db7bbfa9eecdbdd67f40714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858226
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82794}
2022-08-29 19:03:46 +00:00
Milad Fa
81f15091a4 PPC/s390: [wasm] Keep call_indirect index on the stack
Port c2d46fe966

Original Commit Message:

    When a call_indirect fails because of a signature mismatch or a null
    target, the value stack generated for debug doesn't contain the target
    index anymore, which makes it hard for users to understand the error.

    Keep the index on the stack, and ensure that the index is not modified
    until we generate the debug info. Previously, the index was shifted
    in-place to compute various offsets. Instead, use scaled loads to
    compute the offset directly in the load instruction.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I6ab0b5bfcac991f6e26a97bb2513556aa67dcf94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858300
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82793}
2022-08-29 17:42:36 +00:00
Jakob Kummerow
fac19a2413 [stringrefs] Create non-nullable references to strings/views
The string and view creating instructions string.new*, string.const,
string.concat, and string.as_* should all return non-nullable reference
types.

See https://github.com/WebAssembly/stringref/issues/42

Bug: v8:12868
Change-Id: I2a39aadd339a49b4aa2d145492cba85e6ab14b71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858236
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82792}
2022-08-29 16:35:26 +00:00
Victor Gomes
6862a4bce3 [fuchsia] Update checkout_fuchsia_boot_images
We follow Chromium and only download the image qemu.x64

Change-Id: I13e06c5646e889af2acfac8c8e9cb971a7a36c56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858299
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82791}
2022-08-29 16:05:59 +00:00
Milad Fa
99ca63fd13 PPC/s390: [builtins][masm] Move hot flags to the beginning of IsolateData
Port 8a56da4459

Original Commit Message:

    ... so that the offset fits into the maximum offset for load byte
    instruction for arm/arm64 (Ldrb) in order to produce smaller code.

    Update code generation so that the loading of the flag value is
    combined with the comparison operation where possible.

    Additionally, this CL moves the Isolate::is_profiling flag to the
    IsolateData so that it can be loaded directly via roots register which
    removes one indirection.

    The fields moved in the IsolateData:
     - is_marking_flag and is_minor_marking_flag (checked by write barriers)
     - is_profiling (checked on API callbacks/getter calls)
     - stack_is_iterable (not super hot, checked during deoptimization).

    the field size expectations clear.

R=ishell@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ibafb23e9a035caffe6921a304a3d318b54732167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862227
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82790}
2022-08-29 15:21:26 +00:00
Leszek Swirski
788be90666 [maglev] Fix colouring empty verticals
Accidentally tried to print the colour '-1' if there was no line colour
set yet but the current colour had changed.

Bug: v8:7700
Change-Id: Iba3cbe51fd0e31e389e614d0a42e59147a51b902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859355
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82789}
2022-08-29 15:18:15 +00:00
Shu-yu Guo
a3353bed02 Add syg@ to src/d8/OWNERS
Change-Id: I98f9808c139cb0f04efae2d732e9ed60e6d2d78b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3278678
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82788}
2022-08-29 15:17:08 +00:00
v8-ci-autoroll-builder
6f77b57801 Update V8 DEPS (trusted)
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220812.1.1..version:9.20220826.3.1

Rolling v8/tools/clang: ae771c8..1eff359

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I653b89dccbef92c384cad109aa7e00df9c96c08d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3860485
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82787}
2022-08-29 15:12:26 +00:00
Feng Yu
ccb86fc503 [test] Migrate rest cctest/compiler/test-run-js* to unittests/
Bug: v8:12781
Change-Id: I19de9ab655e3e4b7ad45cde7f9bc659741d856a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858928
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82786}
2022-08-29 15:00:45 +00:00
Victor Gomes
9c71246bda [fuchsia] Clean old fuchsia images from DEPS
System images are checked-out via the SDK update script, these fixed
images are outdated and not used anymore.

Change-Id: I4563e04bd252667a01470363f47bbae2ef17d5c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859354
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82785}
2022-08-29 14:57:55 +00:00
Victor Gomes
39295b0f81 [fuchsia] Add API target level default value
Bug: chromium:1357478
Change-Id: I6c412efa9ecc57fd8fbd47a5753c7731558df3b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859353
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82784}
2022-08-29 14:46:45 +00:00
Milad Fa
539f479cfb PPC [liftoff]: re-enable extract lane ops
Intermittent issues were fixed here:
crrev.com/c/3840820

Change-Id: If0e7acc57053ecfa188ca2c858029da7fdf4ff27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859519
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82783}
2022-08-29 14:45:25 +00:00
Junliang Yan
5507857c7d Reland "Fix CSA_CHECK failure on BE"
This is a reland of commit c060af4db3

Use LoadFullTagged function instead to avoid test failing
with v8_enable_verify_csa=true.

Original change's description:
> Fix CSA_CHECK failure on BE
>
> The load for external reference should be a full pointer load
> instead of tagged size.
>
> Change-Id: I3460a26abea5053ba6daa5c6ed908cb93431654a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842348
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Junliang Yan <junyan@redhat.com>
> Cr-Commit-Position: refs/heads/main@{#82625}

Change-Id: I85817634ce2de099a9fbd350defb57789cce9678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857442
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82782}
2022-08-29 14:26:15 +00:00
Camillo Bruni
efb772c400 [tools] Fix index.html links
Change-Id: I8570c748a9e4e509b0f609fcbb6aa37a3a986971
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862267
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82781}
2022-08-29 14:14:56 +00:00
Thibaud Michaud
c2d46fe966 [wasm] Keep call_indirect index on the stack
When a call_indirect fails because of a signature mismatch or a null
target, the value stack generated for debug doesn't contain the target
index anymore, which makes it hard for users to understand the error.

Keep the index on the stack, and ensure that the index is not modified
until we generate the debug info. Previously, the index was shifted
in-place to compute various offsets. Instead, use scaled loads to
compute the offset directly in the load instruction.

R=clemensb@chromium.org

Bug: chromium:1350384
Change-Id: Iad5359ec80deef25a69ac119119a0b5ca559a336
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854309
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82780}
2022-08-29 14:04:58 +00:00
Samuel Groß
e89d0061e8 [sandbox] Fail with OOM when external pointer table can't be grown
Bug: chromium:1355990
Change-Id: I1a822ce7b476baf5866070b11b65c464800d3b7b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859849
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82779}
2022-08-29 14:03:55 +00:00
Jakob Linke
972b01f9b5 [maglev] Fix test flake due to racing the compiler thread
Bump the limit to give TF enough time to finish compiling. The
`keep_going` limit is fairly ugly, but it lets us test the real
(=concurrent) pipeline.

Bug: v8:7700
Fixed: v8:13176
Change-Id: Iba97111d752c8a4894e99ab57e8f42abcc8c29bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862204
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82778}
2022-08-29 13:58:48 +00:00
Samuel Groß
5898b1f9e8 [sandbox] Detect double-initialization of external pointer fields
This CL adds lightweight checking to the ExternalPointerTable GC
algorithm to detect double initialization of external pointer fields.
These are forbidden as they interfere with the table compaction
algorithm.

Bug: v8:10391
Change-Id: Id69fdcce883aa86f8e2c456a0fe7a1f011719464
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858228
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82777}
2022-08-29 13:43:35 +00:00
Anton Bikineev
bae99d5b58 cppgc: Fix data race in DCHECK between markers
Read of size 2 at 0x7eef001a3666 by main thread (mutexes: write M0):
 0: LoadEncoded
 1: IsMarked<(cppgc::internal::AccessMode)0>
 2: operator()
 3: DrainWorklistWithPredicate
 4: DrainWorklistWithBytesAndTimeDeadline

Previous atomic write of size 2 at 0x7eef001a3666 by thread T8:

 0: __cxx_atomic_compare_exchange_strong<unsigned short>
 1: compare_exchange_strong
 2: TryMarkAtomic
 3: MarkNoPush

Change-Id: I0708516382ea860c877ff76ee02216f6f27c9d04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858239
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82776}
2022-08-29 13:17:35 +00:00
Samuel Groß
a94048877d [sandbox] Unsandboxify CodeEntryPoint
For code pointers, the sandbox will require a custom, lightweight CFI
mechanism (likely based on the external pointer table). Simply turning
all code pointers into ExternalPointers is not sufficient.
This CL therefore turns code pointers back into raw pointers for now so
that they don't block the external pointer table rollout.

Bug: v8:10391
Change-Id: Ib2ba246be546bbf19fcd0f4ae20f4e9a2cf2e099
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859348
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82775}
2022-08-29 13:12:36 +00:00
Clemens Backes
c497701814 [wasm] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jkummerow@chromium.org

Bug: v8:12887
Change-Id: Ieccf35730f69bcefa3740227f15e05686080d122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843517
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82774}
2022-08-29 12:43:46 +00:00
Jakob Linke
cf045ca244 [mksnapshot] Ditch the warning on empty builtins PGO data
This is the normal state on the main branch, let's not emit this warning
on every build.

Bug: v8:10470
Change-Id: I29744ea7f67881570fa12c249b12f00d2313289c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859851
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82773}
2022-08-29 12:30:55 +00:00
Camillo Bruni
77c83f67c4 [tools] Use v8.dev CSS on tools landing page
- Adopt v8.dev page structure and styling
- Use v8.dev-style navigation tabs

Change-Id: I036be991af57939ea260ab236ddb61875fda86db
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856261
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82772}
2022-08-29 11:42:05 +00:00
Igor Sheludko
8a56da4459 [builtins][masm] Move hot flags to the beginning of IsolateData
... so that the offset fits into the maximum offset for load byte
instruction for arm/arm64 (Ldrb) in order to produce smaller code.

Update code generation so that the loading of the flag value is
combined with the comparison operation where possible.

Additionally, this CL moves the Isolate::is_profiling flag to the
IsolateData so that it can be loaded directly via roots register which
removes one indirection.

The fields moved in the IsolateData:
 - is_marking_flag and is_minor_marking_flag (checked by write barriers)
 - is_profiling (checked on API callbacks/getter calls)
 - stack_is_iterable (not super hot, checked during deoptimization).

Drive-by: this CL defines the bool fields as uint8_t in order to make
the field size expectations clear.

Bug: v8:11880
Change-Id: I80c292c6ec919861684152b6062225aa0fda2d3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856580
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82771}
2022-08-29 11:22:56 +00:00
Camillo
ff9ce2f9ab [serializer] Use slow ReadVarintLoop in ReadHeader
This limits the number of DECHECK failures in fuzzing builds that have
no side-effects or security implications.

Bug: chromium:1355059
Change-Id: I909934c62711439f1edd95492b93ee0c582a495d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859751
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82770}
2022-08-29 11:15:45 +00:00