Commit Graph

76803 Commits

Author SHA1 Message Date
Matthias Liedtke
fb9504f31e [wasm-gc] Remove ref.is_func & ref.as_func op
Preparation step to remove the subtype relationship between funcref and anyref.

Bug: v8:7748
Change-Id: Ic2d3467addff16dc0df466234cb7ce6e573ba666
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3797829
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82111}
2022-08-01 15:26:22 +00:00
Jakob Kummerow
32217caa20 [wasm-gc][arm] Fix call_direct feedback collection
...for very large feedback vector indices.

Fixed: v8:13118
Change-Id: I38f1507ffe29e63ae58fd6436dffec7d0d610f95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791247
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82110}
2022-08-01 15:14:22 +00:00
Nico Weber
d15d49b09d Make bitfields only as wide as necessary for enums
clang now complains when a BitField for an enum is too wide.
We could suppress this, but it seems kind of useful from an
uninformed distance, so I made a few bitfields smaller instead.

(For AddressingMode, since its size is target-dependent, I added
an explicit underlying type to the enum instead, which suppresses
the diag on a per-enum basis.)

This is without any understanding of the code I'm touching.
Especially the change in v8-internal.h feels a bit risky to me.

Bug: chromium:1348574
Change-Id: I73395de593045036b72dadf4e3147b5f7e13c958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794708
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82109}
2022-08-01 15:09:04 +00:00
Matthias Liedtke
9182c028c1 [fuzzer][wasm] Fix struct.new_default for immutable structs
struct.new_default may not be called for immutable structs.
Follow-up to d2c75d321e.

Change-Id: I7b682938ca5da00ef6c9bec29856133301beb6b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802688
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82108}
2022-08-01 15:00:34 +00:00
Michael Lippautz
0505419a1e cppgc: Split of roots visitation from regular Visitor
Introduce RootVisitor and related class hierarchy to just handle
roots. This avoids the awkard definitions for roots visiation in all
the cases they are not needed.

Change-Id: Ib0912e4bf543db2ecf68caead6929c68d6afdda6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782794
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82107}
2022-08-01 14:36:03 +00:00
Victor Gomes
88b2939daf [maglev] Support ThrowIf<condition> bytecodes
- ThrowReferenceErrorIfHole
- ThrowSuperNotCalledIfHole
- ThrowSuperAlreadyCalledIfNotHole
- ThrowIfNotSuperConstructor

Bug: v8:7700
Change-Id: I565a196869905cddaf1203deae7469dcadbfcdf6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802685
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82106}
2022-08-01 14:33:12 +00:00
Clemens Backes
405fa4d649 [wasm][memory64] Bump memory limit to 16GB
Bump the memory size limit of memory64 memories from 4GB to 16GB. Tests
are added for larger sizes (5GB, 16GB).

Drive-by: Improve two decoder errors to properly include the unit,
  tested by the new tests.

R=jkummerow@chromium.org

Bug: v8:10949
Change-Id: I99dfc216b9213838784214c0b65ba863831d5884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789507
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82105}
2022-08-01 14:26:32 +00:00
Michael Lippautz
4a33fd7919 [api] Remove heap layout verification on setting embedder fields
- No slots are invalidated as all slots are always treated as tagged
  or aligned pointers.
- The map is not updated.

Change-Id: Ifb8ffddfa3b626de3233f17f67b46fec36146f2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3795378
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82104}
2022-08-01 14:24:03 +00:00
Liu Yu
3e7a755699 [loong64][mips64][wasm] Fix 64-bit addressed loads
Port commit 044a18ac24

Bug: v8:10949
Change-Id: I1dfe8fdc4439f621d2ae9f38e63310a1e6f0b7f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3798964
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#82103}
2022-08-01 14:18:02 +00:00
Leszek Swirski
bb78114a17 [maglev] Fix loop value lifetime extension
Make sure to always start at the innermost loop, and to have Jump phis
participate in the lifetime extension.

Bug: v8:7700
Change-Id: Iefb9108519d027782ba9f0ce8c0696fba0a0aa52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793390
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82102}
2022-08-01 14:10:42 +00:00
Victor Gomes
a7d83080ea [maglev] Support StaLookupSlot
Bug: v8:7700
Change-Id: I3ea3027feb51f10ef0587328835d5a3a1002ed54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803029
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82101}
2022-08-01 14:08:04 +00:00
Jakob Linke
440a0829f7 [regexp] Properly consider negated character classes for desugaring
.. instead of their non-negated form.

Fixed: v8:13097
Change-Id: I6426f5bbce2dfec2bbc64346d04f3b833d17c2b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802690
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82100}
2022-08-01 13:47:35 +00:00
Marja Hölttä
97077520b0 [maps] Avoid creating 2 maps by normalizing and then copying
Instead, create only 1 normalized map.

This will benefit ES5-style classes.

Bug: v8:13091
Change-Id: I495ea4a69aedef01b97f4b0d5aad19bb355ce004
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776692
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82099}
2022-08-01 13:46:32 +00:00
Clemens Backes
57cd8c8582 [API] Test more structs for copyability
It's difficult to say which structs might in the future have deprecated
fields, so this CL adds tests for two more for now.
Once we add deprecated fields, we then need to define copy/move
constructs and assignment operators via
{ALLOW_COPY_AND_MOVE_WITH_DEPRECATED_FIELDS} (same as for other structs
which are not tested yet).

R=mlippautz@chromium.org

Bug: v8:13092
Change-Id: I89a330661a02d86d3d48e216b69cb6f77f02cff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82098}
2022-08-01 13:34:52 +00:00
Darius M
ba7d9e5fa0 [turboshaft] port value numbering optimization
Bug: v8:12783
Change-Id: I5b7acf2445b0f898158448dde206a0cecdab6a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764345
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82097}
2022-08-01 13:30:12 +00:00
Dominik Inführ
6fbe1bf298 [heap] Also record old-to-shared slots on promotion and evacuation
When an object either gets promoted or evacuated, old-to-shared slots
need to be recorded like we already do for old-to-old or old-to-new.

Bug: v8:11708
Change-Id: Ifb5b3d50a59aa45bf8289e1cd7610bb2f317fd6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794648
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82096}
2022-08-01 13:23:06 +00:00
Victor Gomes
2ca9baa21a [maglev] Support TestIn bytecode
Create a HasProperty node to mirror TF.

Bug: v8:7700
Change-Id: Ie332d54031eef640c247e7c7c5d06c033636fc7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803027
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82095}
2022-08-01 13:22:03 +00:00
v8-ci-autoroll-builder
7c023a2c23 Update V8 DEPS (trusted-origins)
Rolling v8/build: 0572ff1..4bfce1a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Iaf282b305b9cda21b347cfaaa1338c0195e2806f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3796863
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82094}
2022-08-01 05:03:52 +00:00
Yoshisato Yanagisawa
5b41233f3a Implement Function::Experimental_IsNopFunction.
The function returns true if the function does not do anything like:
() => {}.

Change-Id: I049d7956c443b5d2bb8017a48547376f13acd0a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3778969
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82093}
2022-08-01 01:36:02 +00:00
Lu Yahan
776b9eb9d9 [WATCHLISTS] Add riscv watch
Change-Id: I6e4dc69d6f22d3108ae74552b72bcafc0be3db64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793476
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82092}
2022-07-30 11:20:10 +00:00
v8-ci-autoroll-builder
d1077c3698 Update V8 DEPS (trusted-origins)
Rolling v8/build: ce68e6e..0572ff1

Rolling v8/buildtools: af18ab7..6940fd4

Rolling v8/third_party/android_platform: 5ecb463..de32b18

Rolling v8/third_party/zlib: 64bbf98..c4e1268

Rolling v8/tools/clang: 37aede2..b11b8b4

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I5dcf21dfc7a92999a08c81678ee394a096dde544
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3796107
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82091}
2022-07-30 04:54:50 +00:00
Lei Zhang
6f7d3bedb1 Define V8_COMPILER_IS_MSVC before first use.
In https://crrev.com/c/3764190, V8_COMPILER_IS_MSVC gets used before it
is defined, so it has no effect. Move the V8_COMPILER_IS_MSVC define up
to fix this.

Change-Id: I94c63ad2a8a7555c85730792c1f91e1285a9b77f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3774095
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82090}
2022-07-29 23:03:11 +00:00
Danylo Boiko
614dbbff2f [turbolizer] TurboFan nodes history improvements
Added:
- history's circles titles
- history's records titles
- ability to move to node from history view
- new hotkey for turboshaft layout

Bug: v8:7327
Change-Id: I7ecfdbef2c1bf9534c76f8ac253e846beeea8cb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779909
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82089}
2022-07-29 18:55:09 +00:00
Danylo Boiko
07e7da140a [turbolizer] TurboFan nodes history (beta)
Bug: v8:7327
Change-Id: I233173b92ab2acd6e6184abf2769a607df7b6a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779695
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82088}
2022-07-29 18:33:09 +00:00
Milad Fa
3a35d903de S390 [liftoff]: Fix usage of offset register during load
zero extending the offset register must happen regardless
of the length of the offset_imm.

We can only use ip as the offset_reg as r0 and and r1
are being used as scratch later on.

Change-Id: I5517f974af40eb014b8e1f58f8e531909c4d466a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3794646
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82087}
2022-07-29 18:27:59 +00:00
Clemens Backes
e2c3e4f200 [wasm] Allocate the lazy compile table anywhere
The jump table and far jump table are allocated once per code space, but
the lazy compile table only needs to exist exactly once, and it does not
really matter in which code space we allocate it.
Before dynamic tiering, we could always allocate it in the initial code
space (which was empty at the point when we allocated it), but with
deserialization of a partially tiered module we can end up in a
situation where we first deserialize some TurboFan functions into the
initial code space, and when we later try to allocate the lazy compile
table (when we encounter the first non-serialized function) we do not
have enough space any more in the initial code space.

This CL allows to allocate the lazy compile jump table in any code space
to avoid that failure.

R=thibaudm@chromium.org

Bug: chromium:1348472, chromium:1348214
Change-Id: I58c9a8a6541f2ab7df26ddfd1b65d31cc99337fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792607
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82086}
2022-07-29 17:21:59 +00:00
Samuel Groß
ba8ad5dd17 [sandbox] Decommit empty blocks in the ExternalPointerTable during Sweep
With this CL, blocks at the end of the ExternalPointerTable that are
completely empty after sweeping will be decommitted to reduce the
table's memory footprint.

Bug: v8:10391
Change-Id: I1002e95a0f9c22400fdd2620047d86738a1f7af4
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791903
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82085}
2022-07-29 17:02:40 +00:00
Milad Fa
f28466f36c PPC/s390: [liftoff] Mark unused parameters per platform
Port 781a5b5ad6

Original Commit Message:

    Many platform-dependent LiftoffAssembler methods do not use all
    parameters. Comment out the name of unused ones, to make it easier to
    see which implementation uses which parameters.

    Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
    unused there.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I861df687e373ed7dd302fc5e2e1299f09f899166
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792177
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82084}
2022-07-29 16:55:39 +00:00
Tobias Tebbi
6f95f22e3e [builtins] suppress builtin PGO warnings
Bug: v8:13119
Change-Id: Idbacfe1fd8259a8ff378ec97c770cc997c0c813d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792606
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82083}
2022-07-29 15:47:49 +00:00
Joyee Cheung
c0690fa8f0 Reland "[heap] pre-populate the single_character_string_cache"
This is a reland of commit 07e11a64e4.

The original change removed the fill_thehole_and_call_runtime bailout
in StringBuiltinsAssembler::StringToArray() so when the string
is external and cannot be unpacked, the FixedArray won't be filled
with holes before we call into the runtime, thus failing a
heap verification if a GC happens before the array is filled. This
reland adds back the bailout for this case.

Bug: v8:12718, chromium:1330410

Original change's description:
> [heap] pre-populate the single_character_string_cache
>
> This simplifies the code and removes the runtime overhead of
> spontaneously adding strings to the cache.
>
> Bug: v8:12718
> Change-Id: I2ed49bd82e3baf2563eeb8f463be72c0308c52c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616553
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#80803}

Change-Id: I25e8724d511a8d0d971fa2a9b6ba8a0eafce4413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793525
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82082}
2022-07-29 15:20:29 +00:00
Clemens Backes
d6e2554d11 [wasm] Fix memory growth near the maximum
If we grow memory (out-of-place, so only without trap handling and only
if the maximum is >1GB) and the previous size is close to the maximum,
then the minimum growth we calculate can be bigger than the allowed
maximum. In this situation, the {std::clamp} has undefined behaviour,
since the provided lower limit is bigger then the upper limit.

Thus apply {std::min} and {std::max} in an order such that {max_pages}
has precedence over {min_growth}.

R=thibaudm@chromium.org

Bug: chromium:1348335
Change-Id: I4f9e9ce10a0685892248eaf0e06ffd2e84b9a069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793396
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82081}
2022-07-29 14:39:19 +00:00
Peter Kasting
c30e800c1f Mark some functions not-inline whose definition is out-of-line.
This fixes some instances of -Wundefined-inline in the C++20 build.

Bug: chromium:1284275
Change-Id: I134e866183e1e42b9726153964af9910d03cd3b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791525
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82080}
2022-07-29 14:11:59 +00:00
Jakob Kummerow
2f4df8da27 [wasm-gc] Increase struct field limit to 2000
Due to popular demand.
As a necessary byproduct, this drops our former experimental in-progress
support for accessing struct fields from JS as `.field0` etc. If we need
something similar in the future, we'll have to build a new mechanism for
it that scales to >1020 fields.

Bug: v8:7748
Change-Id: I08b2051bd9f76cf7128f3d4c74910ca891c38130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793616
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82079}
2022-07-29 13:36:59 +00:00
Dominik Inführ
19bc589da7 [heap] Keep OLD_TO_SHARED slots across GCs
So far all OLD_TO_SHARED slots were deleted after a shared GC. The
remembered set was rebuilt in the next shared GC from scratch. This CL
changes this behavior to only remove slots that don't point into the
shared heap anymore.

We still need to remove the full OLD_TO_SHARED slot set for young
generation pages though. During a shared GC we use the OLD_TO_SHARED
remembered set to cache references into the shared heap even for
pages in the young generation to avoid the second new space object
iteration.

Bug: v8:11708
Change-Id: If92fca25e8fe7e7bf5fc5562c974b0d4c121cb02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3790967
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82078}
2022-07-29 13:35:56 +00:00
Clemens Backes
9a7e151f6b [wasm][test] Clean up grow-memory tests
Call test functions immediately, and make them print their name before
execution.

R=thibaudm@chromium.org

Change-Id: I2057e2b3c2032c342a86705dbda8992aa54493e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793612
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82077}
2022-07-29 13:07:59 +00:00
Victor Gomes
00a652a31f [maglev] Support Throw and ReThrow
It also changes Abort to be a ControlNode.

Bug: v8:7700
Change-Id: I836c353f8110140c023c582ea91c456e23196921
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793397
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82076}
2022-07-29 13:05:39 +00:00
Clemens Backes
6735d74ac8 Revert "[test][wasm] Increase coverage for value types in signature"
This reverts commit cd617a5802.

Reason for revert: SIMD needs to be skipped if not supported: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/47699/overview

Original change's description:
> [test][wasm] Increase coverage for value types in signature
>
> Change-Id: I19105432a71b5850264624c23d7bb732193100f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791046
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82071}

Change-Id: I0dc0cd479a2396ac65a14550468254eb5c5c7484
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793398
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82075}
2022-07-29 12:54:09 +00:00
Clemens Backes
044a18ac24 [wasm] Fix 64-bit addressed loads on arm64
The {LiftoffAssembler::Load} method already receives an {i64_offset}
parameter which skips the UXTW (zero extension of 32-bit addresses) in
the memory operand. The same needs to happen on stores.

On 32-bit platforms, we cannot have addresses >=4GB anyway (they would
be detected as OOB before reaching the point in question), so this is
not a problem. On x64, all 32-bit registers are zero-extended already
(which is debug-checked in the generated code), so this is also no
problem (and we just ignore the additional parameter).

R=jkummerow@chromium.org

Bug: v8:10949
Change-Id: I3c2266dde1bf9d182b6759893f7f64540ae12261
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791051
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82074}
2022-07-29 12:26:49 +00:00
Matthias Liedtke
3decc4bb4a [fuzzer] Fix fuzzer handling for table<externref>
Table<any> is not allowed any more and may therefore not be generated by
the fuzzer. Instead, the new type is table<externref>.

Bug: chromium:1348437
Change-Id: Ibf788222fc777508e59178db48e6497a18b250d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793610
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82073}
2022-07-29 12:10:49 +00:00
Manos Koukoutos
d2c75d321e [wasm-gc] Disallow new_default with immutable fields
This is required by the MVP spec. In the future, it might be possible
to pass values for any immutable fields.

Bug: v8:7748
Change-Id: Ie7705b48e9d6ebb87d5e1b0a2a10556302395db6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793383
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82072}
2022-07-29 12:03:29 +00:00
Matthias Liedtke
cd617a5802 [test][wasm] Increase coverage for value types in signature
Change-Id: I19105432a71b5850264624c23d7bb732193100f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791046
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82071}
2022-07-29 11:34:19 +00:00
Clemens Backes
781a5b5ad6 [liftoff] Mark unused parameters per platform
Many platform-dependent LiftoffAssembler methods do not use all
parameters. Comment out the name of unused ones, to make it easier to
see which implementation uses which parameters.

Also, remove {is_load_mem} from arm's {LoadInternal}, because it is
unused there.

R=jkummerow@chromium.org

Bug: v8:10949
Change-Id: I57281237c493cc35c3cd31d814bca9bef510fdd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791049
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82070}
2022-07-29 11:30:19 +00:00
Tobias Tebbi
969f02e846 [compiler] fix CodeDataContainer::raw_code race with concurrent TF
Bug: v8:13114
Change-Id: I69ec1cbc8021e4c86aec705466f028cc95a05261
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793395
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82069}
2022-07-29 10:54:29 +00:00
Victor Gomes
a33f3f9cae [maglev] Support easy bytecodes that just call runtime
Support slow path for the following bytecodes:
- LdaLookupSlot
- LdaLookupContextSlot
- LdaLookupGlobalSlot
- LdaLookupSlotInsideTypeof
- LdaLookupContextSlotInsideTypeof
- LdaLookupGlobalSlotInsideTypeof
- DefineKeyedOwnPropertyInLiteral
- CollectTypeProfile
- Debugger

Bug: v8:7700
Change-Id: Idf661ca739de184df2eb22e1fb7247c71c6dd438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793393
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82068}
2022-07-29 10:27:49 +00:00
Clemens Backes
57ac80c7b5 [wasm] Account for the lazy compilation jump table
If dynamic tiering or lazy compilation is enabled (which is the
default), the initial code space needs to be big enough to also hold the
lazy compilation jump table.
Otherwise a CHECK will fail later when trying to allocate that table (in
UseLazyStub).

R=ahaas@chromium.org

Bug: chromium:1348472, chromium:1348214
Change-Id: If7a091a5782f1b2099d35d1a06292dddbaeb0598
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793389
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82067}
2022-07-29 09:28:39 +00:00
Leszek Swirski
5c261ebc7e [maglev] Allow materialising from another reg for reg merges
If a value is expected to be in a particular register for a register
merge, allow for it to be moved there from another register, without
expecting it to be spilled.

Bug: v8:7700
Change-Id: I9ef5e77b3a744a6284f4790ec9d5a7c60739a710
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793391
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82066}
2022-07-29 09:23:39 +00:00
Dominik Inführ
9a36053b45 [heap] Use full write barrier when setting maps
In addition to the marking barrier we now also need the shared barrier
for properly tracking the old-to-shared remembered set. So invoke
the full write barrier for set_map and set_map_after_allocation.

Bug: v8:11708
Change-Id: Ic234e7fad3733ab1348298f5fcc2b76e44cf4b8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793388
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82065}
2022-07-29 09:14:40 +00:00
Manos Koukoutos
4f0ef8c31d [wasm] Use isorecursive canonical types for call_indirect
Currently, we canonicalize types for call_indirect by looking in the
current module for a signature of the same shape. This is not enough
as of wasm-gc. Instead, the canonical identifier representing a type
has to be computed via isorecursive canonicalization.
This change is implemented behind a flag for now.
Future work: Also integrate export wrappers with isorecursive
canonical types. We need to store wrappers in instance-independent
storage.

Drive-by:
- Always emit type check for call_indirect. We did not emit a check
  only when typed-function-references was enabled, but not gc. This
  is not something that will be possible long-term.
- Fix some wasm cctests.

Bug: v8:7748
Change-Id: I7cced187009ac148c833dff5e720a8bb9a717e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784600
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82064}
2022-07-29 08:55:49 +00:00
Lu Yahan
637b591934 Reland "[riscv][Cleanup] Use CmpInstanceTypeRange in MacroAssembler"
This is a reland of commit 859ff48961

Original change's description:
> [riscv][Cleanup] Use CmpInstanceTypeRange in MacroAssembler
>
> Bug: v8:11325
>
> Change-Id: I2eae55b49ea01567460bd0adfbb819c893ce7cd7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793210
> Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
> Cr-Commit-Position: refs/heads/main@{#82054}

Bug: v8:11325
Change-Id: I9db48ed2783a875b617d4161ce7405c0c32bebbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793466
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#82063}
2022-07-29 08:50:59 +00:00
Victor Gomes
ec5aaba24a [maglev] Support Create[Block/Catch/With]Context
Bug: v8:7700
Change-Id: I51f3da86cb71ec5980c799a77ce280d83ca42cd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793387
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82062}
2022-07-29 08:46:30 +00:00