Pop the correct number of bytes from the stack on return from the
WasmResume builtin.
R=ahaas@chromium.org
Bug: v8:13078
Change-Id: Ie1fffe1d02baab0ed91deca7dccadf1539068dd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776338
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81848}
This way we make tests more flexible wrt. future changes, especially
when it comes to module offsets.
Bug: v8:12868
Change-Id: Ie99806603603e5c731c61267469b14f81c88ffac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776195
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81846}
By making "v8_heap_base_headers" a "v8_header_set" instead of
a "v8_source_set".
Reported by Paul Harris on v8-users@.
Change-Id: I33263230631766e73f5d13aab497c47c98f807b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776339
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81845}
Some follow-up after getting rid of `let`.
Change-Id: I073372f4edd0847c4ffa428595a6f74158c87a98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773515
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81844}
This CL hardens a test to avoid static_cast-ing doubles that don't fit
into the 32-bit integer range.
Bug: chromium:1344965
Change-Id: I1f3a05800158cda9dc582bfa4427516932db9679
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776337
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81843}
Now that the main thread has its own LocalHeap, we don't need a
separate instance of MarkingBarrier in Heap for the main thread
anymore. We can just use the MarkingBarrier in
main_thread_local_heap(). This makes code between main and background
threads more uniform.
Bug: v8:13018
Change-Id: I3d2dab1b11815df9a92c2fa7eebf52bf2cb130f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769687
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81841}
Tasks may contain Globals, which have to get destroyed before isolate
shutdown.
R=cbruni@chromium.org
Bug: chromium:1345081
Change-Id: I915baafd870c7bb8475b19736878179d8a22ca5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3770108
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81840}
Normalize flag names, and print boolean flags using the canonical
"--no-<foo>" syntax.
Before (with fuzzing):
Cycle in flag implications:
assert_types -> concurrent_recompilation = 0
stress_concurrent_inlining -> concurrent_recompilation = 1
After (with fuzzing):
Cycle in flag implications:
--assert-types -> --no-concurrent-recompilation
--stress-concurrent-inlining -> --concurrent-recompilation
Before (no fuzzing):
Contradictory flag implications from --assert_types and
--stress_concurrent_inlining for flag concurrent_recompilation
After (no fuzzing):
Contradictory flag implications from --assert-types and
--stress-concurrent-inlining for flag --concurrent-recompilation
R=tebbi@chromium.org
Bug: chromium:1336577
Change-Id: Id82cff4845d845e964c43b922067905b8b378a0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3750935
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81839}
This reverts commit 9981f2e592.
Reason for revert: This CL landed by accident, we decided back then to land a different CL.
Original change's description:
> [d8] quit() should not dispose the isolate
>
> R=cbruni@chromium.org
>
> Bug: chromium:1338150
> Change-Id: I5e5f8ede942dd37112766812a3c84a356f0b6ca9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714355
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81827}
Bug: chromium:1338150
Change-Id: Ib058d90a0c09e7cc65bdecee20580dd9e1f184d9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773776
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81838}
This CL re-structures the write barrier slow path in order to prepare
for adding the shared write barrier. Behavior remains the same in this
CL, only code structure changes a bit (e.g. the branch for when
marking is off, got moved up to the IsMarking() check).
Bug: v8:13018
Change-Id: I991f896abb88e0c85de3123fa67d8f47282f632d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771840
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81836}
We will provide a replacement for raw pointers in future which should
only be used by backing stores. Any other callsite must go through
Trace(BasicMember<>).
Bug: v8:13089
Change-Id: Ibdae439b44ad94bd7af2532855be941c5334db99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3772328
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81833}
This CL fixes macro-asm to take in scratch registers as arguments.
Change-Id: Ib6070c9a9df050ce201d36027a0be44c77a54ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773875
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81832}
This adds support for reading modules in hex or decimal "array literal"
syntax, e.g. what --full-hexdump produces, or the result of printing
JS arrays using `console.log(JSON.stringify(bytes))` or similar.
Bonus feature: support reading input from stdin, e.g. for piping.
Change-Id: Ic268f266a243f843b6fbf1e3f090e1b06487f5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767743
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81829}
The used_or_unused_instance_size_in_words field already determines
whether the used fields are in- or out-of-object, so we can use it's
value for a fast HasOutOfObjectProperties check rather than using
NumberOfFields (which includes an iteration over the descriptor
array).
Change-Id: I6c5b4f3f793b8df7832def7465106f2af7306759
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1718152
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81828}
This is a reland of commit c66a80172e
The reland suppresses the deprecation warning on windows for
google_benchmark.
Original change's description:
> Update V8 DEPS
>
> Rolling both trusted-versions and trusted-origins and an additional patch coming from https://crrev.com/c/3706887.
>
> Rolling v8/buildtools/third_party/libc++/trunk: b126981..88bf407
>
> Rolling v8/buildtools/third_party/libunwind/trunk: 49191c5..955e2ff
>
> Rolling v8/third_party/depot_tools: 8168f76..f05fcf7
>
> Rolling v8/build: 679de1e..6e435d6
>
> Rolling v8/buildtools: 5cee6a2..a4506d5
>
>
>
> R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
>
> Bug: chromium:1345621
> Change-Id: I0659a5f98c83bbc6f061259e798a4b85a7cd7c63
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3766889
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Liviu Rau <liviurau@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81815}
Bug: chromium:1345621
Change-Id: I2975ca6ae04c99a9e53f3bbd6872b7d114febb7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773775
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81823}
The suspender is only needed by the wrapper, do not forward it to the JS
import.
R=ahaas@chromium.org
Bug: v8:12191
Change-Id: Id8e9a820491588b40fffb5dfd8706e85a16b8b23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768410
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81818}
Thread through compressed pointer into write barrier to allow to delay
compression after checking whether a write barrier is actually needed.
Change-Id: If7e6cbb69a57cc9aeeb551c11f685bace4e56c4c
Bug: chromium:1325007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769826
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81816}
... when external code space is enabled.
Currently this mode is guarded by V8_REMOVE_BUILTINS_CODE_OBJECTS flag
which is set to false until Code-less builtins are supported.
Drive-by:
* remove unnecessary methods from AbstractCode,
* avoid CodeDataContainer <-> Code roundtrips when accessing writable
state of Code objects via CodeT.
Bug: v8:11880
Change-Id: Iae3ff3b2feae68d875cbe9f82a6bb076460dd2f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769832
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81814}
We already generate BTI instructions with
`BaselineAssembler::JumpTarget()` on `VisitSingleBytecode()`, so we
shouldn't need to do it when binding a label.
Bug: v8:13082
Change-Id: Ie4d645a2379c3feb4909be524b42ebd85a8d35af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771861
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#81813}
When pointer compression is disabled, and sizeof(Tagged_t) is 8 (eg,
arm64 without pointer compression), the function
extract_first_nonzero_index is never used, which was causing a warning.
Bug: v8:13048
Change-Id: I5a0fba4da4201e3be147632d891d0d9e20cb46eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769694
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81812}
The Code::constant_pool() segfaulted on configurations with disabled
external code space when it was called on mallocced copy of a Code
object.
Bug: v8:11880
Change-Id: I86919002ef080486f1e4532c3a2d3352f4526508
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3772004
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81811}
- accelerated nodes selection for the old IR layout;
- implemented turboshaft blocks layout building (blocks coordinates and edges);
- extended interaction with user (selecting/hovering) for such things like: blocks/nodes/edges.
Bug: v8:7327
Change-Id: I0b01679e9dde0bb7d94ba80dd0ee744f334e1968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747871
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#81810}
Thic CL adds a CDP API skeleton that will be used to disassemble WASM
modules using V8's new disassembler.
Bug: v8:12917, chromium:1325626
Change-Id: I4ca81aca923e9716653cd90367e5fad319483aae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721381
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81809}
This includes several changes:
- avoid a very-unlikely-but-theoretically-possible OOB write
- avoid a somewhat-likely memory leak
- grow the buffer less aggressively for medium-length strings
Change-Id: I877f43d7e2e7cd4778ba8c7c7525ba988301f750
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771900
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81808}
Notably:
- As per convention, TrapIf/Unless should not return a control node.
- Wasm-gc pipeline should not depend on FLAG_wasm_inlining.
Change-Id: Ic593db1f979bec1cedfd9384b21487fc2763a35b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771640
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81806}
To work properly and securely, the sandbox requires cooperation from the
Embedder, for example in the form of a custom ArrayBufferAllocator and
later on custom type tags for external objects. As such, it likely does
not make sense to enable the sandbox by default everywhere.
Bug: v8:10391, v8:13058
Change-Id: Ief2720122f70b9a1bc3f2e6802e60b5b95b855d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771841
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81805}
DropRegisterAtEnd is used to free a register, to make space for the
result of a node. Normally this frees up an input that is dead at the
end of the node's lifetime, but under high local variable pressure, we
might not have a dead value to drop.
In these cases we have to spill a register through the normal spilling
mechanism. Additionally, allow freeing up a blocked free register (i.e.
a temporary) if this is possible.
Bug: v8:7700
Change-Id: I0099751918cf5cb65c2a09337a3f080eb2c4dd14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769833
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81804}
This CL fixes a bug in the units of the reported metrics for
V8.GC.Cycle.MainThread.Full.Incremental.Mark (ms instead of us).
It also reports incremental marking/sweeping metrics (both for the
unified heap and the C++ managed heap) only when incremental
marking/sweeping were used; otherwise, no zero values are reported.
Bug: chromium:1154636
Bug: chromium:1343507
Change-Id: Ibc0103ea62fa0eeb5f7184280c8514e99a5c21a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768502
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81803}
Similarly to TF, we inline ToBoolean directly on Maglev generated code.
Most of the code is run as deferred, it "returns" true after 6 simple checks.
ToBoolean is separated in a different function to be used by other nodes
later (e.g. ToBooleanLogicalNot).
Bug: v8:7700
Change-Id: I75d77b60ebfb1bb124c9e98ad381f8aefa0ac665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769688
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81800}
