Don't create DataField and FastDataConstant access infos with a kNone
field representation. Instead return Invalid.
Bug: chromium:1239601
Change-Id: I4df7aa298974f9dcd650ead50aaa349c84feb487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097463
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76343}
The validation was too strong in the case where the incrementation
produces type None.
Bug: chromium:1236716
Change-Id: I948b370594fa7dad1ba6e5b951f473855bf1346b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097865
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76338}
This is a reland of a3b2c4ec81
The fix is in PS3, for UBSan. We use WriteUnalignedValue for
potentially unaligned memory writes.
Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
> both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
> we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}
Bug: v8:11908
Change-Id: I5ded6d01cff40803b2f70525163f760edcf97165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093506
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76327}
The {CodeSpaceWriteScope} in {InstanceBuilder::Build} was kept open
while processing imports, which could compile another wasm module via
{compiler::ResolveWasmImportCall} and
{WasmEngine::SyncCompileTranslatedAsmJs}. This leads to errors since
{CodeSpaceWriteScope}s for different modules cannot be held open at the
same time.
This CL fixes that by only opening the {CodeSpaceWriteScope} for the
actual compilation of import wrappers.
Drive-by: Only call {ProcessImports} if there are imports to be
processed, to avoid some of the overhead of {ProcessImports} and
{CompileImportWrappers}.
R=jkummerow@chromium.org
Bug: chromium:1239522
Change-Id: Ifbaf64a4be92088ae4a3fd7e9700a33397b2a967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097283
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76311}
Bug: v8:12008
Change-Id: I2e1d918a1370dae1e15919fbf02d69cbe48f63bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76308}
The static limit didn't account for possible S128 elements.
This patch makes the limit element type specific.
Fixed: chromium:1237024
Change-Id: Ic1e37656e2882c0eb7ea6400c83e4094eb747e88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097269
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76303}
- Remove flag --block-concurrent-recompilation and its implementation,
including %UnblockConcurrentCompilation.
- Rewrite tests that used it in terms of the primitives introduced in
my previous CL:
https://chromium-review.googlesource.com/c/v8/v8/+/3071400/
- Remove "sync"/"no sync" arguments from %GetOptimizationStatus,
assertOptimized, etc. These are now always "no sync": they don't
do any magic.
- Remove "if %IsConcurrentRecompilationSupported then quit" from some
tests in favor of --concurrent-recompilation in their Flags line.
Bug: v8:12041, v8:7790
Change-Id: I966aae4fec85e6f9e7aeed2ba2c12e9198a3991f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077149
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76298}
This reverts commit a3b2c4ec81.
Reason for revert: UBSan https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8839060153390139249/+/u/Check/gdbjit
Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
> both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
> we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}
Bug: v8:11908
Change-Id: Ic1a74a9239e8ef6107efd36f61c089ae6bfc5b6c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093365
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76274}
- Add new enum WASM_CODE to JitCodeEvent::CodeType
- Use AddressRegion instead of AddressRange (remove the latter)
- Change CodeDescription constructor to take an AddressRegion,
both JIT_CODE and WASM_CODE use this
- Add a simple mjsunit test that sets --gdbjit to check that
we don't crash.
- Add a api test for adding WASM_CODE
Bug: v8:11908
Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76271}
d8 throws on unhandled rejected Promises since
https://crrev.com/c/2238569 so no special handling beyond throwing in
the async hooks themselves is needed.
Drive-by-fix: Use v8::Isolate* as local variable.
Bug: chromium:1238467
Change-Id: I271720cd9cfd1d30b58b5407c700b0f730910968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090333
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76255}
We now have %FinalizeOptimization() to block until all concurrent
compile jobs are done.
Bug: v8:7790,v8:12004
Change-Id: Ibb9955be06957b3f395b680e9be570c7c3ec0dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086478
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76231}
One of the subtests relies on that.
R=jgruber@chromium.org
Bug: v8:12069
Change-Id: I648a766baf4d977f4df607754f666bd9e9102168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086473
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76218}
... which didn't properly handle negative Smi indices with
JSTypedArray receivers.
The logic was broken by the spec violation fix
https://chromium-review.googlesource.com/c/v8/v8/+/2972727
Bug: chromium:1227476, chromium:1209405
Change-Id: I9bfa57d56bebccad00ed29666489f2003694e0a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086472
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76217}
Re-enable the creation of elements transition groups in
JSHeapBroker::ProcessFeedbackMapsForElementAccess. This turned out to be
quite important for performance.
Bug: v8:7790,v8:12031
Change-Id: I4d24837a668a5f7e78a5078212a7dc34b767d703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085262
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76215}
All marked as FAIL at this stage.
Bug: v8:11544
Change-Id: I6e4346a57aa3df054d2ef5bd353544fba7fd855b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3044350
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76211}
This CL adds back the 8-byte element types and extends the fast API
by hiding the unaligned memory reads performed for them.
Bug: chromium:1052746
Change-Id: Ide49ce6bd2c77b9d2d544ca2df47b5f95c93eaa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056988
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76207}
This test depends on the profiler which runs in a separate thread and
there is not incentive to control exact timing here to get the same
predictable results on every run.
Bug: v8:12066
Change-Id: I2da8eac97f3e8bf5f2158063f14063a0e321e891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084371
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76192}
Some tests want to invalidate part of the VM state after an optimization
has consumed the old state but before the code is installed.
The existing mechanism for this is --block-concurrent-recompilation
and %UnblockConcurrentRecompilation(). The former suspends optimization
right after PrepareJob, before the background ExecuteJob phase. The
intrinsic can then be used to unblock it again.
This was good enough so far because the main "consume" work used to
happen on the main thread. With concurrent inlining this is no longer
true and we need something else.
This CL introduces three intrinsics:
%DisableOptimizationFinalization turns off automatic finalization of
background optimizations.
%FinalizeOptimization() can then be called at an appropriate time to
manually finalize (and thus install) the code and reenable automatic
finalization.
In case one wants to perform some action on the main thread after the
concurrent optimization has finished but before it is finalized, one can
do so with the help of %WaitForBackgroundOptimization() (see tests).
In a followup CL I'm removing the old mechanism since it now seems
redundant.
Bug: v8:12041, v8:7790
Change-Id: Ib7195789105922eb7e4bff86dc5bc11e96a4f97b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071400
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76190}
Since array.new_with_rtt implicitly introduces a loop, we should mark
any loop including this instruction as non-innermost.
Bug: chromium:1236958
Change-Id: I2d92b5fdba748df0e4ac1d6cbc524428b1042578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080574
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76178}
We currently print reference type indices as unsigned LEB. This will not
work properly for large indices (>=64), as they will be interpreted as
negative indices when read back. They may also alias with builtin types.
In this CL, we fix this by defining builtin types as negative numbers.
We add positive byte constants that can be used in function bodies.
We adapt wasm-module-builder and tests to the above changes.
Bug: v8:7748
Change-Id: I4dfaa65d4cbf77a6731ca2283148bd842ea5c56b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080569
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76176}
Check that the tag argument matches the exception's own tag, and throw a
type error if not.
R=jkummerow@chromium.org
Bug: chromium:1237751, v8:11992
Change-Id: Ia404b83c202a247791583f0252833c36801e9ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081523
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76175}
This is a partial fix to mitigate immediate issues. The code needs some
overhaul to match the recent spec changes.
Drive-by-fix: Partially update comments to match spec
Bug: v8:11949
Change-Id: I6b03d38c758176e29e8951af21c43d030bbb684d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075360
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76172}
Excluded keys should not be performed with GetOwnPropertyDescriptor on
source object in CopyDataProperties.
The key values fetch in CopyDataProperties might be arbitrary kind. It
may be smi, string, and symbol. Yet the proxy keys collected by
KeyAccumulator are not expected types for numeric keys. Those keys
should be converted to expected types.
Also updates a typo in comments of
BytecodeGenerator::BuildDestructuringObjectAssignment. The elements in
rest_runtime_callargs should be [value, ...excluded_properties].
Refs: https://tc39.es/ecma262/#sec-copydataproperties
Bug: v8:11532
Change-Id: If71bfedf8272ce8405e8566a016fae66b3007dd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060275
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76171}
Design doc: https://bit.ly/36MfD6Y, section "Improving Computational
Complexity of CSALoadElimination".
We optimize CsaLoadElimination::AbstractState::KillField() by
fine-graining AbstractState. We now represent it with 6 maps
corresponding to (object kind, offset kind) pairs. This makes it
possible for KillField() to manipulate the state faster. For more
information consult the above design doc.
Bug: v8:11510
Change-Id: I7d991cd47f946edb20e746bc7e6792ae3c70004f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038521
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76165}
Adds a minimum estimated size.
Data suggests that estimated instruction size (+ relocation info size)
is linear to bytecode array length. This CL adds a constant for this
equation. The ratio remains the same.
This is important, because we want to increase success rate of
estimation when compiling on-heap.
When off-heap, we round up the assembler buffer to 4kB, so this CL
will only impact JS functions with more than 585 bytecodes, i.e, the
new added constant will be negligible.
Note: Relocation info (for Sparkplug) is usually so small that it is
not useful to have a separate zone for this.
Bug: v8:11872
Change-Id: I789e72f80b970d1f541965e7ae808b61c8174326
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069155
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76144}
C++ frames can get quite big in sanitizer builds. In the linked bug it
was an ASan debug build, which overflowed the stack by more than 8kB
just from C++ frames (when entering the runtime, there was no overflow
yet).
Hence increase the allowed stack overflow a bit for sanitizer builds,
from 8kB to 32kB.
R=jkummerow@chromium.org
Bug: chromium:1236560
Change-Id: I119fdb859f7ab5e6a0a4174cf79f0a16baa39432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078359
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76142}
So that it is possible to differentiate modules in the stack trace even
when they are anonymous.
R=kimanh@chromium.org
Bug: v8:11808
Change-Id: I12a1f07accdf62c404052f32624e9914381a7451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074472
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76141}
Firstly, the fast path checking for applicability of the equality
"A/B = 0 with remainder A" must use the condition "A<B", not "A<=B".
Secondly, *all* early return paths must ensure that enough padding
'0' characters are written.
Fixed: chromium:1236694
Bug: v8:11515
Change-Id: I3fa7e17f5f3969ddbb5417b53abf3bff3fc1355b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075365
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76139}
This patch makes V8 accept the binary format produced by Binaryen
after https://github.com/WebAssembly/binaryen/pull/3933 when the
--experimental-wasm-gc-experiments flag is present. The explicit
inheritance information is not used for anything. Validation is
performed only insofar as explicit supertypes must be valid types.
Bug: v8:7748
Change-Id: Id5b5050aa03591281632e3a2a161aa93422e10bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071406
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76135}
This was handled in JS but not in C++.
Bug: chromium:236703, v8:11025
Change-Id: Ic9adc4ceb4d2af2614427fec459c3e950654572f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074460
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76125}
Maximum frame size (in bytes) is used to check for stack overflows
in the prologue.
The maximum number of call arguments is pre-calculated and included
in this check. However the count was added to the frame size wihout
converting the count to bytes, resulting in inaccurate stack overflow
checks.
Bug: chromium:1235182
Change-Id: I21bca4e183fccfd055f2f1d5a40b71651c14b911
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071399
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76090}
These should be reenabled when the underlying issue is fixed.
Bug: v8:7790,v8:12031
Change-Id: Id950cceaa10209b17c2857d61183a2394638d6fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068951
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76078}
Add support to flush only baseline code. FLAG_flush_baseline_code
controls if baseline code is flushed or not and FLAG_flush_bytecode
controls if bytecode is flushed or not. With this CL it is possible
to control if we want to flush only bytecode / only baseline code / both.
This also lets us have different heuristics for bytecode and baseline
code flushing.
Bug: v8:11947
Change-Id: Ibdfb9d8be7e7d54196db7890541fa0b5d84f037e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060481
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76075}
Invalid ref construction (should assume a memory fence), and invalid
unconditional use of an optional ref.
Bug: v8:7790,chromium:1236303,chromium:1236307
Change-Id: Id0a12222d3d29a0728290ad5269da0946647a5ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3070698
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76074}
Also introduce a separate error type for WebAssembly.Exception,
since the properties should not be added to RuntimeError.
R=jkummerow@chromium.org
Bug: v8:11992
Change-Id: I8f4ae0da9a95184366e07dc43e58a5a9ff4382ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055304
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76061}
Based on a CL by mvstanton@.
Bug: v8:7790,v8:12030,v8:12031,v8:12041
Change-Id: I58b75bd96c724a99133bec7d3bd6cf4e0c9be6d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059683
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76055}
stress_flush_bytecode controls stress flushing of both bytecode and
baseline code. So rename the flag to better reflect its functionality
Bug: v8:11947
Change-Id: Ie6c124a476c3a7c6eabd1d75de030ee15fe78e32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062567
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76043}
Previously, when the Load IC saw a deprecated map, it would migrate to
the new map but not update the feedback vector. This would lead to a
deopt the next time the same object was seen.
With this CL, the feedback vector will be updated to the target of the
deprecated map. In order to do this, we need to mark the IC for
recomputation. Without that call, the map and handler would look the
same to IC::UpdatePolymorphicIC amd would decline to update, causing
the IC to go megamorphic instead.
Bug: v8:10816
Change-Id: I0dcf97fb278bc0b167df6ce24d5db179f599f535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032983
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#76042}
Regressed in crrev.com/152ecad8cd4d170e4091a79eaa8d70d10d94734d.
Fixed: chromium:1234931
Change-Id: I8f2b603a914fccaeaeb3dcffa63070cf8fb6f0e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064604
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76033}
A JSFunction object may count as 'ObjectMayBeUninitialized', yet still
be safe to read for other reasons (e.g. because it has been loaded
through a chain of acquire-loads and immutable-after-initialization
guarantees).
Bug: chromium:1235071,v8:7790
Change-Id: I18c81695f001fd67e69d98dde641b71ed7b7e53d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064606
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76031}
Change-Id: I0ba9c4bf13ff13e69d960fba44f93124be5a31a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063499
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76029}
The original CL was flaky because deserialization did not wait correctly
for the compilation of missing functions to finish. The baseline-finished
event was set even when there were still some functions missing. The
combination of deserialization and lazy compilation was also not handled
correctly.
Original change's description:
> [wasm] Support partial serialization of modules
>
> At the moment a WebAssembly module can be serialized successfully when
> all functions were compiled with TurboFan. However, for some functions
> it may not be necessary to be compiled with TurboFan, e.g. for functions
> where Liftoff code is as good as TurboFan code.
>
> With this CL we allow WebAssembly modules to get serialized even when
> not all functions are compiled with TurboFan. Missing functions are
> marked as missing in the serlialization. Upon deserialization, missing
> functions either get compiled by Liftoff, or initialized with a
> lazy-compilation stub, depending on the V8 configuration.
>
> Bug: v8:11862
Change-Id: I79a9e8e14199cff87fce6ae41a87087e047bbc65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060485
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76017}
Rename CopyAndConvertArrayToCppBuffer as
TryCopyAndConvertArrayToCppBuffer and implement type specialization for
int32_t and double in order to speed up V8 bindings with sequences.
This API is used by Blink code, for example see
https://chromium-review.googlesource.com/c/chromium/src/+/3027405.
Bug: v8:11739
Change-Id: I026a7f5e7833fb1afcc2ea9c296b66c7f733cbb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036407
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76016}
Introduce a flush_baseline_code flag to control if baseline code is
flushed or not. Currently flush_baseline_code implies flush_bytecode
as well. So if flush_baseline_code is enabled both bytecode and baseline
code are flushed. If the flag is disabled we only flush bytecode and
not baseline code.
In a follow-up CL we will add support to control baseline and bytecode
flushing independently i.e. we can flush only bytecode / only baseline
code / both.
Bug: v8:11947
Change-Id: I5a90ed38469de64ed1d736d1eaaeabc2985f0783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059684
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76003}
This reverts commit bce81d6be0.
Reason for revert: Newly introduced test is flaking, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20ASAN/41030/overview or https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/43171/overview
Original change's description:
> [wasm] Support partial serialization of modules
>
> At the moment a WebAssembly module can be serialized successfully when
> all functions were compiled with TurboFan. However, for some functions
> it may not be necessary to be compiled with TurboFan, e.g. for functions
> where Liftoff code is as good as TurboFan code.
>
> With this CL we allow WebAssembly modules to get serialized even when
> not all functions are compiled with TurboFan. Missing functions are
> marked as missing in the serlialization. Upon deserialization, missing
> functions either get compiled by Liftoff, or initialized with a
> lazy-compilation stub, depending on the V8 configuration.
>
> Bug: v8:11862
> Change-Id: Ic833a17639bf841c5def6fe3c35173fe0376c246
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960209
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75987}
Bug: v8:11862
Change-Id: I5445c097ec47f407e5f951d4cf6d2168113f80e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060484
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75997}
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159
Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").
R=clemensb@chromium.org,nicohartmann@chromium.org
Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
This will change the behavior of %TypedArray%.prototype.fill.
Bug: v8:11111
Change-Id: I66e7d3decf07663a6497c3c86374b3c77ab6a682
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056977
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75988}
At the moment a WebAssembly module can be serialized successfully when
all functions were compiled with TurboFan. However, for some functions
it may not be necessary to be compiled with TurboFan, e.g. for functions
where Liftoff code is as good as TurboFan code.
With this CL we allow WebAssembly modules to get serialized even when
not all functions are compiled with TurboFan. Missing functions are
marked as missing in the serlialization. Upon deserialization, missing
functions either get compiled by Liftoff, or initialized with a
lazy-compilation stub, depending on the V8 configuration.
Bug: v8:11862
Change-Id: Ic833a17639bf841c5def6fe3c35173fe0376c246
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960209
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75987}
The test makes sure that JSON parsing doesn't stack overflow if given a
deeply nested JSON object. This deep nesting makes the test slow, so we
can test ~the same thing by lowering both the nesting and the stack
size.
Bug: v8:12029
Change-Id: I689ffc1b9db167a1cf1de93beeb09c89e03264a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059685
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75976}
ComputeMinObjectSlack is called concurrently from background threads
(when --concurrent-inlining) and must therefore be thread-safe.
This CL adds a compiler-specific thread-safe variant
of ComputeMinObjectSlack in addition to the plain old non-thread-safe
one. Thread-safety is achieved through locking: on the bg thread, a
shared lock when traversing transitions, and on the main thread, an
additional exclusive critical section when overwriting prototype
transitions.
Tbr: leszeks@chromium.org
Bug: v8:7790,v8:12010,chromium:1231901
Change-Id: If5af83df1ab896b22477921449fb5ba4c8d3e8a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045342
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75949}
It was previously only passed to compilation units in src/bigint/,
but inconsistencies arise when it's not passed to other compilation
units that #include src/bigint/bigint.h.
Fixed: chromium:1233397
Change-Id: Idb310d8c13bad12766699086574aa2c3869eb56c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056452
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75941}
This reverts commit 67960ba110.
Reason for revert:
This has been properly fixed by https://crrev.com/c/3053740.
Now dcheck_always_on already defaults to false for subprojects
like V8 and no other switch is required. The switch didn't fully
work anyways due to https://crbug.com/1231890.
Original change's description:
> Reland "[build] Add V8-specific dcheck_always_on"
>
> This is a reland of cecc666f4d
>
> Depends on:
> https://crrev.com/c/3043611
>
> Original change's description:
> > [build] Add V8-specific dcheck_always_on
> >
> > This makes the V8 dcheck control independent of Chromium's and
> > prepares switching Chromium's default behavior without affecting V8
> > developers or builders.
> >
> > Preparation for: https://crrev.com/c/2893204
> >
> > Bug: chromium:1225701
> > Change-Id: I520b96019b04196f4420716ff3500ebd6c21666f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038528
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75827}
>
> Bug: chromium:1225701
> Change-Id: I56568b78592addba01793d2d14f768c9ee10103d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041670
> Reviewed-by: Liviu Rau <liviurau@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75839}
Bug: chromium:1225701, chromium:1231890
Change-Id: I7e27f5774d8e162977f30f685da4b15dadcc1084
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055294
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75935}
The implementation came in with
https://chromium-review.googlesource.com/758999.
This feature was never enabled by default, is not used anywhere, and
is not on any standardization path.
Bug: v8:10953
Change-Id: Ia2b0a556c1fb504a4cd05bdfa9f0a9c5be608d26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053589
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75934}
In inlined-call-polymorphic we need value numbering phase to
deduce that TurbofanStaticAssert is always true. Turboprop doesn't
enable this phase. So use %OptimizeFunctionTopTier so this function
always tiers up to TurboFan.
Bug: v8:12013
Change-Id: I803bddaca8cb0ba0ad56cbd9874d90b118698e3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053579
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75913}
The WebAssembly.Exception constructor creates a WasmExceptionPackage,
which represents an exception thrown from wasm. The first argument is a
WebAssembly.Tag, and the rest are the values to encode in the exception.
R=jkummerow@chromium.org
Bug: v8:11992
Change-Id: I1327b2e4545159397ffe73a061aa577608167b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049074
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75912}
This is a reland of b99fe75c6d.
The test is now skipped on non-SIMD hardware.
Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
> the register. This is a bit cleaner, and I first thought that
> this would be the bug.
>
> R=jkummerow@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}
TBR=zhin@chromium.orgCC=jkummerow@chromium.org, thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: I662b62fafe99389be7a6c23b970fdf3768f866cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051610
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75901}
This reverts commit b99fe75c6d.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/43105
Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
> the register. This is a bit cleaner, and I first thought that
> this would be the bug.
>
> R=jkummerow@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}
Bug: chromium:1231950, v8:12018
Change-Id: I4e7a9d6fa6809b7c4d9be919cd5698737d784849
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049085
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75900}
This extends https://crrev.com/c/2917612 also for SIMD, which
(sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
As part of this CL, that method is renamed to {GetEffectiveAddress}
which IMO is a better name. Also, it just returns a register to make the
semantic of that function obvious in the signature.
Drive-by: When sign extending to 32 bit, only write to the W portion of
the register. This is a bit cleaner, and I first thought that
this would be the bug.
R=jkummerow@chromium.org
CC=thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75898}
This CL adds support for classes with methods.
More specifically:
- A new ValueSerializer is added and classes are serialized separetely
from functions, although the common parts are handled in the same way
and abstracted away.
- The function prototype is serialized as an object and any missing
information is set up again during deserialization.
- FunctionFlagsToFunctionKinds() is updated to allow for more function
kinds.
- Context serialization is updated to support serializing BlockContexts
and creating ScopeInfos of type CLASS_SCOPE.
- Map serialization is updated to support properties with custom
attributes.
Bug: v8:11525, v8:11706
Change-Id: I16ca7cbc17b1811721081cda05124ce36073f9be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3006416
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75893}
Enabling --turbo-optimize-apply breaks tests because we are
passing the wrong receiver;
in JSCallReducer::ReduceCallOrConstructWithArrayLikeOrSpread
we create a Call node with the wrong ConvertReceiverMode, we
pass kNullOrUndefined while it should be kAny. This may break
calls to API or in general calls to functions that use the
receiver.
Bug: chromium:1231108, v8:9974
Change-Id: Ib35a1bf8746ad254b6d63274f3ae11b12aa83de8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043690
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75886}
This is a reland of 84d5b027a7
It removes support for 8-byte types which were causing
unaligned reads.
Original change's description:
> [fastcall] Implement support for TypedArray arguments
>
> This CL adds TypedArrays as supported arguments for fast API calls.
> It implements "exact type" matching, i.e. if Float32Array is expected
> and e.g. Int32Array is passed instead, the generated code bails to the
> slow callback.
>
> Bug: chromium:1052746, chromium:1018624
> Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75756}
Bug: chromium:1052746, chromium:1018624
Change-Id: I872716d95bde8c340cf04990a3e4ae8ec8cd74a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035090
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75877}
According to the spec https://tc39.github.io/proposal-error-cause,
the property 'cause' should not present on Error.prototype.
Bug: v8:12006
Change-Id: Ib1601769793b808c5f5a7065effcc77d1def4cbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3037911
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75872}
The test is flaky on that hardware but seems to work just fine on other
arm hardware.
R=machenbach@chromium.org
Bug: v8:10948
Change-Id: Ic60cc23c1b4825623a91e3defcd21eada74554a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043954
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75867}
And use it to remove the set of TurboProp test skips.
BUG=v8:9684,v8:12013
Change-Id: I878e2b9c595449c954735290959d3b38eead5a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043963
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75865}
...while on-heap objects are referring to it. This is accomplished
by storing a reference to its associated WasmInstanceObject on every
WasmTypeInfo object.
Details: https://bit.ly/2UxD4hW
Fixed: v8:11953
Change-Id: Ifb6f976142356021393d41c50717d210d525d521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043959
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75863}
Some skips are no longer required.
BUG=v8:9684
Change-Id: I921f2032ea5c19429c735120ba80a09b8f1e352e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043961
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75854}
Adds incompatibility between future/turboprop variants and stress-concurrent-inlining
due to incompatibility from both configs weakly setting --interrupt-budget. Also ensures
we maintain this incompatibility if --future is passed as an extra flag as is done on
some bots.
BUG=v8:9684
Change-Id: I4855b92a64db00da15efc2384e241d4bf0c373c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041677
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75853}
RegExp match indices have shipped since M90
Bug: v8:9548
Change-Id: I8bf54ce1a50b5079aad71140f75c979a09aae5bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042842
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75848}
This is a reland of 4cc547c759
Change: prevent a memcpy to nullptr by skipping the call to copy_out()
when the length is zero.
Original change's description:
> [wasm][eh] Add WebAssembly.Tag.type
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Id069ffbf76bf836b613287788b1b1fccbb577475
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021173
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75815}
Bug: v8:8091
Change-Id: I22f400b6e36d1322a4eabd20a68b4bdd70d61377
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041436
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75847}
Currently deopt fuzzer passes --future and so should skip the same tests
as the future variant.
BUG=v8:9684
Change-Id: I3d10dae7ba7cffc36bd4777941ac053c42c80cef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041668
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75835}
With lazy feedback allocation we don't tier up to baseline early. This
test requires us to tier up to baseline. So add
--lazy_feedback_allocation as a required flag.
Bug: v8:12009
Change-Id: Ibbc1d1cc74ae368ef414f513a0cd46e9bf068186
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042718
Commit-Queue: Mythri Alle <mythria@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75829}
This makes the V8 dcheck control independent of Chromium's and
prepares switching Chromium's default behavior without affecting V8
developers or builders.
Preparation for: https://crrev.com/c/2893204
Bug: chromium:1225701
Change-Id: I520b96019b04196f4420716ff3500ebd6c21666f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038528
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75827}
This CL fixes a previous change in String.prototype.startsWith which
didn't throw an exception (in the optimized version) when `undefined`
was passed as a receiver and the search string was the empty string.
Bug: chromium:1230260
Change-Id: I835bd409b09b78bf7235c77596f62b588c95611d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040841
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75818}
This is a reland of ea55438a53. Relanding
after a fix lands here:
https://chromium-review.googlesource.com/c/v8/v8/+/3030711. The failures
were caused because baseline code could be flushed during the process
of deoptimization after we choose which entry (InterpreterEnterAt* /
BaselineEnterAt* ) builtin to use. BaselineEnterAt* builtins expect
baseline code but it could be flushed before we execute the builtin. The
fix is to defer the decision.
Original change's description:
> [sparkplug] Support bytecode / baseline code flushing with sparkplug
>
> Currently with sparkplug we don't flush bytecode / baseline code of
> functions that were tiered up to sparkplug. This CL adds the support to
> flush baseline code / bytecode of functions that have baseline code too.
> This CL:
> 1. Updates the BodyDescriptor of JSFunction to treat the Code field of
> JSFunction as a custom weak pointer where the code is treated as weak if
> the bytecode corresponding to this function is old.
> 2. Updates GC to handle the functions that had a weak code object during
> the atomic phase of GC.
> 3. Updates the check for old bytecode to also consider when there is
> baseline code on the function.
>
> This CL doesn't change any heuristics for flushing. The baseline code
> will be flushed at the same time as bytecode.
>
> Change-Id: I6b51e06ebadb917b9f4b0f43f2afebd7f64cd26a
> Bug: v8:11947
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992715
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75674}
Bug: v8:11947
Change-Id: I63dce4cd9f6271c54049cc09f95d12e2795f15d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035774
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75810}
GC may change heap state and make this dependency fail. That's okay -
it passed once before, meaning that compilation saw a self-consistent
JSFunctionRef state.
Bug: chromium:1230930
Change-Id: I367b10e4aa88101f1ca83a46f596c5f289f6cab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040838
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75802}
This wraps up the transition away from kSerialized ref kinds.
Since JSFunctionRef is a complex type, we don't attempt full
consistency on the background thread. Instead, we serialize functions
on the background in a partially-racy manner, in which consistency
between different JSFunction fields is *not* guaranteed. Consistency
is later verified through a new compilation dependency kind during
finalization.
Bug: v8:7790, v8:12004
Change-Id: Ic2b78af9c9fe183c8769d323132bb304b151dc75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968404
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75789}
This is a reland of 0b091e9bd3
Some blink web tests have been temporarily disabled to allow landing
changes to the JS API in V8.
Original change's description:
> [wasm][eh] Rename Exception to Tag in the JS API
>
> See:
> https://github.com/WebAssembly/exception-handling/issues/159
>
> This change only does the rename where it's observable. This should also
> be renamed throughout the codebase for consistency and will be done
> separately.
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75718}
Bug: v8:8091
Change-Id: Id5375b5287fff81b8e0096377a55ef63e6d9b985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035083
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75785}
Slightly lowers the interrupt budget for Turboprop and increases the
interrupt budget scaling factor for TurboFan. This gives the best
balance between benchmark performance and reducing optimization
overhead.
BUG=v8:9684
Change-Id: I6d555fb27d089bc8a6849612a4e02b2155020d85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026713
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75764}
This CL fixes the behaviour of String.prototype.startsWith when
undefined is passed as the search term. It also implements a small
shorthand when the search term is empty (according to the spec).
Bug: v8:11977
Change-Id: Iec2aa5f4301fcf444f20d5c1a80d3f634624d6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035089
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75763}
This CL adds TypedArrays as supported arguments for fast API calls.
It implements "exact type" matching, i.e. if Float32Array is expected
and e.g. Int32Array is passed instead, the generated code bails to the
slow callback.
Bug: chromium:1052746, chromium:1018624
Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75756}
When the FFT multiplication algorithm invokes itself for the
recursive steps, the input is "mod Fn"-normalized, i.e. it is
at most of the shape (1 << N), but we only read N bits of it,
so in the rare case where it was exactly 1 << N, that lone top
bit was ignored, leading to an incorrect result of the overall
multiplication.
Fixed: chromium:1228267
Change-Id: I7b245fc3701696d95e5d75fb970f02d72ce40ff8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032081
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75755}
Just like many other operations implemented in elements.cc, copyWithin
also needs to use relaxed atomics if operating on a shared array buffer
to avoid races with other threads.
Since the ranges can overlap, this CL also adds a {Relaxed_Memmove}
function that either copies forwards (like {Relaxed_Memcpy}) or
backwards depending on the ordering of source and destination.
R=leszeks@chromium.org
Bug: chromium:1221035
Change-Id: I76b7e43810ac9b85f4ff9abbc5a0406618771c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032084
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75752}
This test is only testing a d8-specific feature, so there's no need to
test it under a wide variety of conditions. And at the moment its
flakiness in the arm64/debug/simulator config are blocking the v8 roll.
Change-Id: I35456989f7875331a415ca3ff478c67a8e7e79bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027743
Commit-Queue: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75728}
This reverts commit 0b091e9bd3.
Reason for revert: Causes Web Platform Test failures, blocking roll
E.g., https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/12616/overview
Original change's description:
> [wasm][eh] Rename Exception to Tag in the JS API
>
> See:
> https://github.com/WebAssembly/exception-handling/issues/159
>
> This change only does the rename where it's observable. This should also
> be renamed throughout the codebase for consistency and will be done
> separately.
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75718}
Bug: v8:8091
Change-Id: Id2067e1cdc33fa657ef738ef5fafad84057f7209
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027261
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75725}
Also, copying hints can be removed from literals. Shallow
copying wasn't used for some time, because of the
way we treat mutable heap numbers.
Change-Id: Ieeba44a9f8e80c4183af8f4751f68dd3a542532e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009230
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75717}
This avoids a DCHECK failure if we continue using the Assembler after
code generation abortion. Even though it might not be the best style to
still call methods on the Assembler after abortion, it's not a problem
apart from the firing DCHECK, so we apply this simple fix instead of
making sure to really abort everything immediately.
R=leszeks@chromium.org
Bug: chromium:1228720, chromium:1217074
Change-Id: Iac3a652f21e34534dd28fb1ab580ab2ee6df06dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024157
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75716}
Added a parameter to Object::FitsRepresentation() to disallow coercion.
Normally, when we ask if a Smi can "fit" into a Double representation
we'd answer yes, because the Smi can be converted to a HeapNumber.
However, from the compilers perspective, the object is found in a
field with a particular representation. In this case, finding a
Smi in a field with representation Double means something is awry.
Therefore, it's useful for the compiler to be able to ask if
the object fits the field without coercion.
Bug: chromium:1227324, v8:7790
Change-Id: I12033736030d904ef9c29516c07999600a5f508a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015570
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75706}
Mark --turbo-fast-api-calls flag as incompatible with stress_snapshot
variant to avoid listing all related tests in the status file.
Change-Id: If130780461e50e72ea6a43d750b2f7ad7764db2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024147
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75705}
When there are multiple entries into a deferred block region, ensure
that we freeze the set of deferred spill virtual registers when we have
processed the first entry point to that deferred block. This ensures
that we don't add another vreg into the set of deferred spills, and
then specify that that deferred spill slot is live across the whole
deferred block, when it is only live from certain entry points.
BUG=chromium:1227568,v8:9684
Change-Id: I647851be9a00fba262768e4f1a7846669b585a2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021178
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75704}
Monotonicity of typing of arithmetic operations could fail in the
presence of optimized_out Oddball inputs, which can arise in dead code
in resumable functions. The CL fixes these with a small change to
BinaryNumberOpTyper.
Bug: chromium:1227677
Change-Id: I1e1d2e174b757e839d776685f52f7c4ac900844b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3020972
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75683}
This reverts commit ea55438a53.
Reason for revert: Likely culprit for these failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20NumFuzz/15494/overview
Original change's description:
> [sparkplug] Support bytecode / baseline code flushing with sparkplug
>
> Currently with sparkplug we don't flush bytecode / baseline code of
> functions that were tiered up to sparkplug. This CL adds the support to
> flush baseline code / bytecode of functions that have baseline code too.
> This CL:
> 1. Updates the BodyDescriptor of JSFunction to treat the Code field of
> JSFunction as a custom weak pointer where the code is treated as weak if
> the bytecode corresponding to this function is old.
> 2. Updates GC to handle the functions that had a weak code object during
> the atomic phase of GC.
> 3. Updates the check for old bytecode to also consider when there is
> baseline code on the function.
>
> This CL doesn't change any heuristics for flushing. The baseline code
> will be flushed at the same time as bytecode.
>
> Change-Id: I6b51e06ebadb917b9f4b0f43f2afebd7f64cd26a
> Bug: v8:11947
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992715
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75674}
Bug: v8:11947
Change-Id: I50535b9a6c6fc39eceb4f6c0e0c84c55bb92f30a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017811
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75679}
A single ClusterFuzz report flushed out two minor issues in the
bit fiddling routines.
Bug: chromium:1227752,v8:11515
Change-Id: I16ab914b7c3859f55aa141ced371dd80171d0cb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3017809
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75678}
Currently with sparkplug we don't flush bytecode / baseline code of
functions that were tiered up to sparkplug. This CL adds the support to
flush baseline code / bytecode of functions that have baseline code too.
This CL:
1. Updates the BodyDescriptor of JSFunction to treat the Code field of
JSFunction as a custom weak pointer where the code is treated as weak if
the bytecode corresponding to this function is old.
2. Updates GC to handle the functions that had a weak code object during
the atomic phase of GC.
3. Updates the check for old bytecode to also consider when there is
baseline code on the function.
This CL doesn't change any heuristics for flushing. The baseline code
will be flushed at the same time as bytecode.
Change-Id: I6b51e06ebadb917b9f4b0f43f2afebd7f64cd26a
Bug: v8:11947
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992715
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75674}
This CL implements the resolution of function overloads based on
run-time checks of the type of arguments passed to the JS function.
For the moment, the only supported overload resolution is between
JSArrays and TypedArrays.
Bug: v8:11739
Change-Id: Iabb79149f021037470a3adf071d1cccb6f00acd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2987599
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75664}
We cannot emit the constant pool within the safepoint table data. It
seems like we also don't do that, but the forgotten
{BlockConstPoolScope} triggered a DCHECK.
R=leszeks@chromium.org
Bug: chromium:1227351, chromium:1217074
Change-Id: I187004c83e05002c651a15643bddea5b02cb00c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015559
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75657}
The stack overflow used to occur when too many bound functions
are nested. The CL also adds a regression test.
Bug: chromium:1226264
Change-Id: I34329d8392d2385207dbd9a8d3188ad4f7cb3c2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011161
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75640}
The JSCallWithArraylike can be replaced with a JSCall if its probable arguments list is empty literal array. This replacement will introduce a deoptimization check to make sure the length of arguments list is 0 at runtime.
This CL change this optimization to a diamond speculation which may help avoid deoptimization once and keep the fast path. This change may benefit a following usecase,
function calcMax(testArray) {
Array.max = function(array) {
return Math.max.apply(Math, array);
};
var result = [];
for (var i = 0; i < testArray.length - 3; i++) {
var positiveNumbers = [];
for (var j = 0; j < 3; j++) {
if (testArray[i + j] > 0) {
positiveNumbers.push(testArray[i + j]);
}
}
result.push(Array.max(positiveNumbers));
}
return result;
}
testArray = [-1, 2, 3, -4, -5, -6, -7, -8, -9, 10];
for (var i = 0; i < 1000000; i++) {
calcMax(testArray);
}
Bug: v8:9974
Change-Id: I595627e2fd937527350c8f8652d701c791b41dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967757
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75636}
The bugfix yesterday missed a case (CL
758816f438).
A better approach is to compute the ideal representation of the
value, then check if it can be in-place changed to the
recorded representation.
Bug: chromium:1226988, v8:7790
Change-Id: I90e58b8efb83892c033693a1a0f946b3059a330c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011162
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75615}
We did not handle conflicts between regular register moves and the
cached instance / cached memory start correctly. This could lead to us
overwriting a regular register when restoring the cached instance, which
results in either crashes or miscalculations afterwards.
R=ahaas@chromium.org
Bug: chromium:1217064
Change-Id: Icd4b08b97a47726108a50d51b3a7ba410d132f98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003158
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75602}
In GetOwnFastDataPropertyFromHeap, we read a property value
then compare it with the expected representation. We already
had code to bail out of that particular optimization if there
was a mismatch, however it missed the case of expected
representation being a HeapObject, and when a Smi value was found.
The fix is to use the excellent pre-existing method
Object::FitsRepresentation() to make this check. Thusly, all
cases are handled.
Bug: chromium:1225607, v8:7790
Change-Id: I7d9b1b7722d9691cf5427f8456a6deb466dda0d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008218
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75587}
TurboFan reads the value in HeapNumber, and TSAN detects a data
race between this read and sets on the main thread elsewhere.
We mark this as relaxed atomic (meaning, correct value of the read
is not guaranteed). The compiler uses the dependency mechanism
to re-read the value safely on the main thread later, and aborts
compilation if a change is detected.
Bug: chromium:1224277, v8:7790
Change-Id: I8931d8989812550c0c57b6bd27aa796f6f5e779d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996201
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75586}
The new DCHECK fires when the tier was set to {kNone}, which was the
case for wrappers.
Since the compiler is only interesting for proper Wasm functions, we
keep the DCHECK but only print the compiler for code objects that
represent actual Wasm functions.
R=thibaudm@chromium.org
Bug: chromium:1223839
Change-Id: Icc0f13b34b53fee2a8d53857a4769ab4d80ab805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003467
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75562}
This is a reland of d3cacbbbd5
Changes: Skipped the test in the 'stress' variant instead.
Original change's description:
> Reland: ScopeInfo, SharedFunctionInfo never-ever serialized
>
> This relands squashed CLs:
>
> 59b9aaf7db
> 8f84d0bb8f
>
> The revert was at crrev.com/c/2996198.
>
> Changed: Fixed a test in which bytecode flushing caused a behavioral
> change between serialized- and unserialized SFI Refs. The serialized
> SFI ref kept bytecode alive while unserialized SFIs allow flushing.
> The test was fixed by adding a %PrepareFunctionForOptimization
> annotation.
>
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7790, v8:11939
> Change-Id: I170f8085bd7454a2a5f2bb03c8824e2862857827
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999089
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75504}
Bug: v8:7790, v8:11939
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Change-Id: I10c3fce3a1e5007b4dadfead2baf1f4434d8880b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998590
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75531}
When adding up the results of the recursive steps, the Karatsuba
algorithm can temporarily have intermediate results that are one
bit bigger than the final result. This patch makes sure we handle
that case correctly.
Since that extra bit would always get subtracted again, the old
code would not have caused incorrect results or memory corruption,
but it did run into DCHECK-failures, and potentially could have
caused segfaults.
Bug: v8:11515, chromium:1223724
Change-Id: I3592835d01cc36def8f0a9bae625e9249864ef78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988758
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75509}
It is possible that we fallback to GenericLowering for minimorphic
property accesses. So handle MinimorphicPropertyAccess in
ShouldUseMegamorphicLoadBuiltin.
Bug: chromium:1223733
Change-Id: Ia1ba8c8786be91dda841d4138cffe81185c066b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997104
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75505}
This relands squashed CLs:
59b9aaf7db8f84d0bb8f
The revert was at crrev.com/c/2996198.
Changed: Fixed a test in which bytecode flushing caused a behavioral
change between serialized- and unserialized SFI Refs. The serialized
SFI ref kept bytecode alive while unserialized SFIs allow flushing.
The test was fixed by adding a %PrepareFunctionForOptimization
annotation.
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790, v8:11939
Change-Id: I170f8085bd7454a2a5f2bb03c8824e2862857827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999089
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75504}
Start a local symbol server using the local-web-sever node package:
ws --stack system-analyzer/lws-middleware.js lws-static cors
The system-analyzer will then use it to symbolize profiles.
Note: The symbol server will execute `nm` and `objdump` locally.
Change-Id: Icff6e9f5af24f214f353c049f5cd13eedccf0f88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979591
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75501}
We've already been zero-extending 32-bit offset registers since
https://chromium-review.googlesource.com/c/v8/v8/+/2917612,
but that patch only covered the case where offset_imm == 0.
When there is a non-zero offset, we need the same fix.
Bug: chromium:1224882,v8:11809
Change-Id: I1908f735929798f411346807fc4f3c79d8e04362
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998582
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75500}
Bug: v8:7790, chromium:1225300
Change-Id: I36ae331db0abb072ebc597b4682c3983a00d8a1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999084
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75497}
regress-crbug-482998 is skipped and regress-331444 is marked
as slow.
Bug: v8:11875
Change-Id: I01c14dee704c5179d62b79cca0681f833102680d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996842
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75481}
This will automatically skip the test in the stress_snapshot variant,
where Wasm is not supported.
R=cbruni@chromium.org
Bug: v8:11937
Change-Id: I29078e070a7b1526470e15d8667c5256ea4d8fe1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996642
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75473}
Adds support for a seperate dynamic map checks trampoline that takes the
feedback vector as an argument rather than reading it from the stack
frame, to enable it to work for inlined functions. Plumbs the logic
through the compiler to select between these trampolines based on the
framestate.
BUG=v8:9684,chromium:1224367
Change-Id: Ibc7facdc78930aedec4a102693a926f64f6de7e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992724
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75461}
https://crrev.com/c/2972915 previously added more gitignore files to the
repository. This left the repo dirty after running mjsunit tests due to
lingering .log files.
- Add test/mjsunit/tools/tmp dir to keep and ignore temporary log files
without the need for a platform specific tmp dir
- Use temporary logfiles with --logfile=+ for log-ci.js tests
Change-Id: I1b1a47f45603d6c3027c6ca7050c78e8df0664ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992720
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75451}
This CL skips some recently added tests that do not work for TPH at the moment,
including:
* One uses --concurrent_inlining
* One Requires local heaps
* 7 tests that create multiple isplates
* 3 LogMaps* tests that is expected to fail due to map address reuse
This CL also set v8_enable_allocation_folding = true for TPH.
Bug: v8:11641
Change-Id: I5db32f5f9e730dc4e12e4869ec78210bde23ca0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994219
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75432}
This is a reland of 8f17052ce0
Changes can be seen in PS1..4 (re-marked kraken/audio-beat-detection)
Original change's description:
> [test] Unmark TSAN tests as SLOW/SKIP
>
> We allowed more time for tsan testing [1] so unmarking some tests.
>
> [1]: https://chromium-review.googlesource.com/c/v8/v8/+/2979671
>
> Bug: v8:7790, v8:11600, v8:11906
> Change-Id: I026a32abe0380c2d32327aaa8b301ef51f22a5e2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979602
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75357}
Bug: v8:7790, v8:11600, v8:11906
Change-Id: Ie5b8886820d8e7d18c8ceee612a5c4d9ef72bc49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983536
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75408}
Newly added test under https://crrev.com/c/2987824 needs
to be skipped on unsupported platforms.
Change-Id: Ib5d222c09726cd63328ea894c3e6ea7e1e1bd3e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988361
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75390}
The cached memory start was not preserved across stack checks in debug
code. This only manifests if the stack check is actually executed, hence
it's tricky to reproduce.
R=ahaas@chromium.org
Bug: chromium:1222648
Change-Id: I8d678305022e3521bd457ad49ebed30d81b05231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2987824
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75388}
Adds support for Turboprop, limiting the amount of bytecode that
can be inlined into a function compared with TurboFan using a
scaling factor, currently set to 1/4.
To enable inlining, we make sure to only emit the tierup check
for the main (non-inlined) function and skip it for any inlined
functions.
BUG=v8:9684
Change-Id: I1399e2b275f797a5d3fd49c89f23296f75439eee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982337
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75352}
https://github.com/tc39/ecma262/pull/1490 changed the spec so that the
"name" property of a class should be installed after "length" but before
"prototype". This CL adapts accordingly.
After this change, there is now no need for the separate code path to
set the "name" accessor at runtime. Delete the relevant runtime code as
well.
Bug: v8:8771
Change-Id: I8f809b45bf209c899cf5df76d0ebf6d9a45a6d4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2974772
Commit-Queue: Timothy Gu <timothygu@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75340}
This CL adds support in TurboFan for passing JSArrays as arguments to
fast API callbacks. It also extends the v8::Array class with a
CopyAndConvertArrayToCppBuffer method to allow the embedder to perform
quick conversions of their JSArrays to a C++ buffer. The CL also adds
tests in d8. Design doc:
https://docs.google.com/document/d/1BNKKZNgrGYafx8kqSfNEQqQYY5n4A6mGufss_Vz-h-4/edit#heading=h.c0kgf82jnlpp
Bug: chromium:1052746, chromium:715122
Change-Id: If47ac60d9ebe6462bbf3adff002e2da8e14e8fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940900
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75333}
... which didn't properly handle non-Smi integer indices with
JSTypedArray receivers.
The addition of new JSReceiver::OrdinaryDefineOwnProperty() overload
with LookupIterator::Key caused circular dependency between lookup.h
and js-objects.h, so the LookupIterator::Key was moved out of the
LookupIterator class in order to make it forward-declarable.
Bug: chromium:1209405
Change-Id: I265f0c00f65ab6476c8f1d0ca1264f555d43465f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972727
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75326}
The change is made since for switch statements with lots of cases,
where each case is a constant integer, the emitted bytecode is still
a series of jumps, when we can instead use a jump table.
If there are 6 or more cases (similar to GCC) of Smi literals, and
if the max Smi case minus the min Smi case is not more than 3 times
the number of cases, we use a jump table up front to handle Smi's,
and then use traditional if-else logic for the rest of the cases.
We then use the jump table in interpreter/bytecode-jump-table to
do the optimization.
This tries to go off issue 9738 in v8's issue tracker. It is not
exactly the same, since that recommends doing the work at JIT-time,
but has similar ideas. It also partially goes off issue 10764.
Bug: v8:9738
Change-Id: Ic805682ee3abf9ce464bb733b427fa0c83a6e10c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904926
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75323}
This is a reland of 3296de2f65
It includes pthier@'s fix of overzealous OSR
Original change's description:
> [sparkplug] Trigger compilation when a FBV exists
>
> We were gating baseline compilation on FBV allocation, but in some
> cases, the feedback vector may be allocated eagerly (notably, if we are
> logging function events). Instead, unconditionally try baseline
> compilation after ensuring the feedback vector exists.
>
> Bug: v8:11420
> Change-Id: I1264a1d541a74d4eccb5caf65c360ac23836a1a8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953161
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75242}
Bug: v8:11420
Change-Id: Ia6864856926d6760bbe6c89ee010fa62cf23b6ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2976660
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75319}
To enable experimentation with inlining, temporarily disable dynamic
map checks which currently don't support inlining.
BUG=v8:9684
Change-Id: Iba674550213b393ab150ba241a2dad4ca8fdfd85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2978257
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75311}
This partially reverts https://crrev.com/c/2649032
The previous CL was a bit too aggressive in replaceing movl with Move
which does sign extension for int32.
We can only safely replace movl if the input is in the [0, 2**31] range.
Bug: chromium:1220855
Change-Id: I6c29db1acd7de6b03ffaf802a868b6a531252bc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2975860
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75304}
Various field dependencies assume that the receiver map and the field
owner map agree on field meta data. That's not necessarily true when
the receiver map is already deprecated. We should skip over deprecated
maps.
- Fix a bug in SerializerForBackgroundCompilation. It used to process
even deprecated maps.
- Fix a bug in FilterRelevantReceiverMaps. It used to store the original
map rather than the new version.
- Turn some compilation dependency DCHECKs into CHECKs.
- CHECK in MapRef::FindFieldOwner that the map is not deprecated. While
there might be valid use cases for calling the underlying
Map::FindFieldOwner on a deprecated map, we never want to do that in
the compiler.
Note that we skip any deprecated maps in JSNativeContextSpecialization's
ReduceNamedAccess. That's why I believe the issue could only be observed
with --concurrent-inlining and only in the form of a failing DCHECK.
Bug: chromium:1221812, v8:7790
Change-Id: I998b4ce1954be01eb6e0feb491ccc6b8306c685f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2976655
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75294}
This reverts commit 3296de2f65.
Reason for revert: Blocks the roll - https://chromium-review.googlesource.com/c/chromium/src/+/2970676
Original change's description:
> [sparkplug] Trigger compilation when a FBV exists
>
> We were gating baseline compilation on FBV allocation, but in some
> cases, the feedback vector may be allocated eagerly (notably, if we are
> logging function events). Instead, unconditionally try baseline
> compilation after ensuring the feedback vector exists.
>
> Bug: v8:11420
> Change-Id: I1264a1d541a74d4eccb5caf65c360ac23836a1a8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953161
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75242}
Bug: v8:11420
Change-Id: Ia9524e3a57eda7ec069f29652acc7593bf680509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2976654
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75287}
We were gating baseline compilation on FBV allocation, but in some
cases, the feedback vector may be allocated eagerly (notably, if we are
logging function events). Instead, unconditionally try baseline
compilation after ensuring the feedback vector exists.
Bug: v8:11420
Change-Id: I1264a1d541a74d4eccb5caf65c360ac23836a1a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953161
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75242}
- Add tests and fix Chunk calculations in Timeline class
- Cache DOM nodes directly as properties in TimelineTrackBase
- Keep track of last focused entry in timeline tracks and reuse it
to position the tooltip when the view is locked
Bug: v8:10644
Change-Id: I356dcf7eed220df89f6a7ff926f00f78b119160e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968943
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75224}
This isn't used outside of tests, so let's just remove it.
Change-Id: I06b7ec11911fd8ebc3bbabcba16d0c2a3fafddab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968413
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75220}
This also removes intrinsics that were just used in tests. It keeps
InlineIncBlockCounter for now because it's a less straightforward.
Change-Id: I77e55d7a746294892d0fd7ab577ebf8eb42f1f08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953195
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75217}
WebAssembly.Exception is the static representation of a wasm exception.
It holds the signature and the tag of the exception, can be imported and
exported from a wasm module, and will eventually allow inspecting a
wasm-thrown exception from JS.
R=clemensb@chromium.org
Bug: v8:8091
Change-Id: Ided352777e1217e6f873b84a2fc21c3acf59ff6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966384
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75214}
The PropertyArray may store the hash of it's parent object. This hash
can be installed at various points. Meanwhile, the background compiler
thread inspects the length field.
BUG=chromium:1220974
Change-Id: I7b13fd4546fb48e649fcbf67dee02d7c668393f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967471
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75208}
Fuzzing found a problem with --turbo-optimize-apply when the
Array.prototype iterator is replaced with a generator function.
We can the issue by installing a protector on the array iterator.
This CL also defines the --turbo-optimize-apply as 'future' to get
more test coverage.
Bug: v8:9974
Change-Id: Id5bc68fde98ea5d1f6a951c4381ca6283b892632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966058
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75197}
Empty function bodies can actually reach the compiler. We could prevent
this by making this a decoder error instead, but that would be a
redundant check, so we should just remove the DCHECK instead.
R=ahaas@chromium.org
Bug: chromium:1219898
Change-Id: Ie1bed30cee44be9ac42b5f5f980a122c8dc8b2ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966385
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75191}
When we pass function arguments on the stack, untagged parameters
"come first", i.e. are put to lower addresses / can be popped off
first. So when a function instructs the stack walker to visit its
parameters (belonging to its caller's frame), it must skip past
any untagged parameters at the top of the caller's frame.
Change-Id: I5a42e4850b0808237ae937c90b0cec930df8571b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964394
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75180}
Moves TurboProp to optimize around the time of TurboFan right now, and
removes some of the special-case logic we had to avoid aggressive
early optimization of TurboProp.
BUG=v8:9684
Change-Id: I0299408891ff6fd57e6523ff309b5f16624466a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964814
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75163}
No changes to the algorithm; minor speedup due to the move
from Handle<BigInt> to Digits.
Bug: v8:11515
Change-Id: Id85fe4f0c276d3ad826fee79205719092d0e0715
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947412
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75158}
In the same vein we did tagged stores, we can do tagged loads.
As a drive-by, move GetTSANRelaxedStoreStub to CodeFactory.
Bug: v8:7790, v8:11600
Change-Id: Ic1ef3245623756538eab64c3358047e3797195c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953162
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75145}
Just as other skipped tests, this new test uses SAB to synchronize
between Workers, thus timing (and hence amount of allocations) is
nondeterministic.
R=syg@chromium.org
Bug: v8:11881
Change-Id: I9cd375a1f804aac4248a7c491e75a1c7c7919e82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959627
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75136}
Use the Streams API for file Blobs, instead of FileReader, to allow
large files to be loaded in chunks.
Change-Id: I241e0daff3f9c3d491dde2f3e8e52ea2236f05be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953286
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75095}
This failure comes as the feedback is cleared but the CallFeedbackContent field remain unchanged.
Bug: v8:11851
Change-Id: I75a0acad74dcaab1feafe97779e03caa8b7833de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948426
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75090}
This test is nondeterministic because it uses a SAB to synchronize
between workers. Workers still execute in their own thread (with their
own isolate) in predictable mode. Thus timing, and hence allocations,
are unpredictable in both isolates.
R=zhin@chromium.org
Bug: v8:11746
Change-Id: Ic6b213f7e4062b2146e2b203c724bfc705b6e68d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953323
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75086}
Loop fallthroughs should leave values according to their out-type on the
stack, even when the stack is polymorphic.
Bug: chromium:1217470
Change-Id: I0a7e0569fa24fc16fcac76569a5ba14b6c7b0a9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949090
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75043}
--stress-concurrent-inlining has a negative implication for
--lazy-feedback-allocation. We need to explicitly add
--no-stress-concurrent-inlining, since the test relies on lazy feedback
allocation.
Bug: v8:11853
Change-Id: I2bd8f0da05a766dd7282cdb3b70c4a1b478c71cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948647
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75037}
* Skip 8 tests that timeout due to the low-performance of current MMTk non-moving GC.
- This will be enabled after TPH performance issues are addressed.
* Skip 2 new tests that creates a second isolate -- TPH does not support it at the moment.
* Skip 1 test that expects concurrent sweeping behavior of cppgc.
Bug: v8:11641
Change-Id: If86cdcc303b01536d278368886bb30d91da5c5c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909692
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75036}
This CL updates Realm.eval() to also handle reading source code as a
JavaScript function or from a file. To distinguish between different
argument types, an additional options bag needs to be provided. If no
options bag is provided, the behavior defaults to the current one,
which is reading source code from a string.
Bug: v8:11525, v8:11706
Change-Id: I68238335eb91171041dca2c83db211c40dd68359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944435
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#75021}
Currently, the serializer and deserializer assume that all top-level
declarations to be serialized will be objects.
This CL removes this assumption.
Bug: v8:11525, v8:11706
Change-Id: I5acf5e7a3b73aba5ffc5b1d5eb9cb51b3804a4af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945178
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#75020}
This is needed for JSCallReducer.
Bug: chromium:1217562
Change-Id: I1f06040a74c393598c134301ba0cf04a46380107
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945184
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75019}
Predictable does not contradict --wasm-tier-up any more, hence unskip
the tests.
R=ahaas@chromium.org
Bug: v8:11319, v8:11848
Change-Id: Iaefcf6c80e65d27c527aa1a45b054ace1d85fe39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945171
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75013}
This is a reland of 79d63a5ef3. Some fixes
landed already, and two tests need to be skipped now (one with a tracking
bug).
Original change's description:
> [wasm] Remove all implications from --predictable
>
> In predictable mode, we want to execute the same code as otherwise,
> modulo timing. Hence remove any implications which change behaviour
> (like tier-up or asynchronous compilation).
> Note that --predictable is a debugging flag, so the configurations does
> not need to "make sense" in production.
>
> R=ahaas@chromium.org
>
> Bug: v8:11848
> Change-Id: If74fbacadeb087d977922c41f33fd18738b50ded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940898
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74973}
Bug: v8:11848
Change-Id: I3564e4351d6545bb9643d1ae44722eb2606b8961
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944936
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75009}
Changes:
- Add struct.new_with_rtt as a new WasmInitExpr. Parse it in
consume_init_expr(). Add it to
InstanceBuilder::EvaluateInitExpression().
- Change WasmInitExpr::operand_ to vector operands_.
- In consume_init_expr(), use parsed over hard-coded opcode length.
- Improve WasmStruct::WasmStructPrint slightly.
- Add Factory::NewWasmStruct().
- Add WasmValue::CopyToWithSystemEndianness.
- In wasm-module-builder.js, generalize emit_init_expr for expressions
with operands. Add missing init. expression types.
- Add tests.
Bug: v8:7748
Change-Id: Ica12378d202730aff1b57c7d4240aa00ef124f8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940893
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75006}
The flag --trace-ignition-dispatches has been broken for a long time,
since it was not designed to work with bytecode handlers that are
generated ahead of time by mksnapshot. This splits the existing
--trace-ignition-dispatches logic into two separate parts:
1. A gn argument which instructs mksnapshot to include dispatch counting
in the bytecode handlers, and ensures that the Interpreter allocates
the array of counters, and
2. A runtime flag which enables the ignition-statistics extension which
implements the JS-accessible function getIgnitionDispatchCounters().
Change-Id: I89323425697f5641451f67b9ddcc0303b8ca209f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2937564
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74992}
A spec test (wasm-js/global/value-get-set) requires
WebAssembly.Global.value.set to throw an exception if it is called with
0 arguments. The implementation in V8, however, just checked if the
first parameter is `undefined`. This implementation indeed threw an
exception if 0 arguments were provided, but it also threw an exception
when `undefined` is provided as a parameter. This, however, violates
the spec, because globals can be reset to `undefined`.
With this CL we replace the checking for `undefined` by checking the
length of the arguments that get provided.
R=ecmziegler@chromium.org
Bug: chromium:1211342
Change-Id: Ic87a0b369dea3e49eddb8f71f2c29dc6a8f5f558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940901
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74982}
When growing a memory without a maximum, we should still check against
the spec'ed limit, to avoid an overflow when computing the new number of
pages.
R=ahaas@chromium.org
Bug: chromium:1215808
Change-Id: I476b954268277e7dce1106a9b8c3c713b0d1a560
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944433
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74980}
The tests are not compatible with the --stress-background-compile flag.
Bug: v8:11821
Change-Id: Iecef6a2838109fddc9f0ecc145a9f8971bc9bc3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918214
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74959}
Tbr: nicohartmann@chromium.org
Bug: chromium:1198705, chromium:1199345, chromium:1200490
Change-Id: I4a486df636e084279423e6cd3b867137bfe3fd6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2939984
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74945}
This CL fixes WebSnapshotDeserializer::DeserializeFunctions(), so that
the new Script is created after both the SharedFunctionInfoTable and
SharedFunctionInfo are allocated.
Also, this CL re-enables mjsunit tests for web snapshots (disabled in
https://chromium-review.googlesource.com/c/v8/v8/+/2931806).
Bug: v8:11842, v8:11525, v8:11706
Change-Id: I13503eab3fa70b128ba1faae75eed62b6c5bb636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933145
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74923}
This instruction is a non-standard V8-only experiment for now,
hidden behind the --experimental-wasm-gc-experiments flag.
The motivation is to provide a way to set up non-canonicalized
RTT hierarchies, to enable expressing the type system of Java-like
languages in terms of WasmGC constructs.
Bug: v8:7748
Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74920}
Instead of compiling a function with baseline immediately when the
interrupt budget is hit, we compile functions in batches to save some
memory protection flips on code pages.
This CL introduces batch compilation behind --baseline-batch-compilation
(enabled on future) and adds a flag
--baseline-batch-compilation-threshold to control the size of batches.
Bug: v8:11790
Change-Id: I3efc360424a14e4b07c6570e48860509ae59e591
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891656
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74913}
os.system seems to be flaky on certain bots. Disabling this until we
have a proper fix.
Change-Id: I075542772ba8eb968c96942923f76b87a2f18d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2931809
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74910}
This is a reland of ed7e4554db:
- fixing platform names for tickprocessor
- UnixCppEntriesProvider => LinuxCppEntriesProvider
- MacCppEntriesProvider => MacOSCppEntriesProvider
Original change's description:
> [mjsunit][tools][d8] Full roundtrip tickprocessor test
>
> - Add os.d8Path property
> - Add os.name property
> - Change tickprocssor test to use command line arguments for testing
> various configurations
> - Change tickprocessor test to create a temporary v8.log and read it
> back in on linux only
> - Rearrange code in tickprocessor.mjs to allow instantiating the
> CppEntriesProvider directly
> - Drop complete symbol-list for tickprocessor-test-large.log for better
> code searching in V8
>
> Change-Id: Ib56dd0a1ba5377282c84c4de6f17e2fd69ee8123
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929120
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74892}
Change-Id: I5e121ba11f407af50108a2712d27c32867a22eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929382
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74902}
These tests are too slow and we get enough coverage by running in
other configurations.
Change-Id: Ib07136b01ae1e5c57589ca97114c283258a958f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929385
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74898}
This reverts commit ed7e4554db.
Reason for revert: new test fails on Mac: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/40407/overview
Original change's description:
> [mjsunit][tools][d8] Full roundtrip tickprocessor test
>
> - Add os.d8Path property
> - Add os.name property
> - Change tickprocssor test to use command line arguments for testing
> various configurations
> - Change tickprocessor test to create a temporary v8.log and read it
> back in on linux only
> - Rearrange code in tickprocessor.mjs to allow instantiating the
> CppEntriesProvider directly
> - Drop complete symbol-list for tickprocessor-test-large.log for better
> code searching in V8
>
> Change-Id: Ib56dd0a1ba5377282c84c4de6f17e2fd69ee8123
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929120
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74892}
Change-Id: I7d7506b370f96365552a21fa767b1c5c608ebb1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929380
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74894}
- Add os.d8Path property
- Add os.name property
- Change tickprocssor test to use command line arguments for testing
various configurations
- Change tickprocessor test to create a temporary v8.log and read it
back in on linux only
- Rearrange code in tickprocessor.mjs to allow instantiating the
CppEntriesProvider directly
- Drop complete symbol-list for tickprocessor-test-large.log for better
code searching in V8
Change-Id: Ib56dd0a1ba5377282c84c4de6f17e2fd69ee8123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929120
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74892}
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11809
Change-Id: I21e2535c701041d11fa06c176fa683d82db0a3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917612
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74881}
