Add a test to stop at a trap, inspect values, and step from there.
For inspection, we need to spill all registers, which we usually don't
do because the trap never returns, so the values won't be used
afterwards.
R=thibaudm@chromium.org
Bug: v8:10235
Change-Id: Ia1c21aa0faa3ca656e40aae626e8e912eaf2c233
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169890
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67477}
The output generated by --wasm-fuzzer-gen-test did not pass the
presubmit check:
* There was a trailing whitespace after "body";
* There was a trailing newline at the end;
Additionally the signature of addElementSegment changed at some point
and now also takes a table-index parameter.
R=thibaudm@chromium.org
Bug: v8:10155
Change-Id: I77481b0ac810a0e3ff06df24afa3ae22beaebb77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172744
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67476}
With this CL the registers in a register pair get ordered such that the
low word register always has a lower register code than the high word
register. This should allow easier reasoning about the register
allocation, and prevent some register allocation bugs.
Background: for many operations in Liftoff, input registers are reused
as output registers. With register pairs, input register pairs are
reused as output register pairs. Additional reasoning, and sometimes
even additional code is needed when the registers of the output register
pair are swapped, i.e. when the high word register of the input becomes
the low word register of the output. With this CL the additional
reasoning is not necessary anymore, as the high word and low word
registers would get swapped during register allocation.
Additionally this CL fixes the logic of the last_spilled_regs list. This
list stored the last spilled registers, but recorded only one of the two
registers of a register pair. With this CL, both registers get recorded.
This CL does not have a regression test. The regression test was more
than 9000 lines long, and quite slow. I was not able to minimize it
substantially. The test would be fragile by nature, as it has to create
a special register configuration or otherwise does not test anything
meaningful. All in all I think it's better not to add the test.
R=clemensb@chromium.org
Bug: chromium:1074586
Change-Id: I4b2475b0c6537c7ce2e51fee281388cdd85f2953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168875
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67473}
The original motivation of the test case is long outdated, and it
has been repurposed. Making some cosmetic changes to clarify.
R=szuend@chromium.org
Fixed: v8:10455
Change-Id: I02c2e6f83d3475478efd37dbe834fca5d415b829
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172419
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67470}
To reduce the number of deoptimizations in TurboProp use call feedback
only when we know the call target is a builtin. Given that we don't
inline in TurboProp, call feedback isn't really useful and using Generic
lowering doesn't impact performance much. TurboProp still inlines
builtins, so it is important to use this feedback for generating better
optimized code.
BUG: v8:10431
Change-Id: I24d51e43728f9aea3099767deb7800119fea40e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2116033
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67468}
This is a reland of 43b885a842
This fixes another signed overflow in the unit test.
Original change's description:
> Reland "[turbofan][csa] optimize Smi untagging better"
>
> This is a reland of ff22ae80e2
>
> Original change's description:
> > [turbofan][csa] optimize Smi untagging better
> >
> > - Introduce new operator variants for signed right-shifts with the
> > additional information that they always shift out zeros.
> > - Use these new operators for Smi untagging.
> > - Merge left-shifts with a preceding Smi-untagging shift.
> > - Optimize comparisons of Smi-untagging shifts to operate on the
> > unshifted word.
> > - Optimize 64bit comparisons of values expanded from 32bit to use
> > a 32bit comparison instead.
> > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> > right-shift to enable better address computations for Smi indices.
> >
> > Bug: v8:9962
> > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67378}
>
> Bug: v8:9962
> Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67430}
Bug: v8:9962
TBR: neis@chromium.org
Change-Id: I79883db546bf37873b3727b8023ef688507091d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169103
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67464}
This is a reland of 6a0e7224f3
Original change's description:
> [regexp] Limit the size of inlined choice nodes
>
> Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge
> code objects. This effect can be further magnified through inlining,
> leading to exponential code growth in the size of the pattern.
>
> This CL is a (fairly hacky) way to avoid exponential growth. We
> recognize choice nodes with 'many' choices and disable inlining for
> them. In the future we should fix this properly, either by using the
> code size budget correctly, or by improving codegen for property
> escapes.
>
> Bug: v8:10441
> Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67433}
Tbr: yangguo@chromium.org
Bug: v8:10441
Change-Id: I9a16cc9e8248cb46d3d16a4e2d250968cc1b7b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172679
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67462}
The worklist in this CL is a merge of the worklists of Oilpan and V8. This implementation supports both use cases and should serve as the shared worklist once we start merging the codebase.
Bug: chromium:1056170
Change-Id: I4ecdb475f3900c33eced9249efa112a69c1b2707
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170828
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67459}
HeapVisitor is a simple visitor implementing both visitation and accept
interfaces. HeapVisitor is aimed to replace functions that traverse the
heap in Blink: PrepareForSweep, Sweep, FinalizeSweep, MakeConsistentForGC,
ObjectPayloadSize, VerifyObjectStartBitmap, CollectStatistics, etc.
This CL also introduces a Heap::ObjectPayloadSize function.
Bug: chromium:1056170
Change-Id: I85a2b8b572486bea29704fc436b002d8f7405201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165733
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67458}
Creates a new large-spaces.h and large-spaces.cc to contain
LargeObjectSpace and subclasses.
Bug: v8:10473
Change-Id: Ifdb4eac9df5c8213f992d549e04b612b62f6df0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170826
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67456}
Since ES6, optional arguments are treated the same as undefined. This
was recently cleaned up in https://github.com/tc39/ecma262/pull/1411.
The current Torque implementation of %TypedArray%.from incorrectly
interpreted the old (and confusing) language of a parameter being "not
present" as testing using arguments.length instead of testing directly
for undefined.
Bug: v8:10458
Change-Id: I055f1fa3be570a31a4f7369ba5b51b7d6b022f0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168674
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67454}
When creating a filler, we pass through whether we need to clear slots
in the old to new remembered set.
This patch adds a verification check that, when we claim we don't need
to clear slots, checks that no slots are set in the remembered set for
the range of the filler. Effectively, this is a range counterpart to
VerifyClearedSlot.
Change-Id: Id994c56d941988cc282463304bc7307a51943e99
Bug: chromium:1075999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2139572
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67453}
Having no value argument in DataView setters (e.g. setFloat64) caused
wrong behavior in compiled code.
Bug: chromium:1071190
Change-Id: I37ddba8555dafad321f8d4c1352da8a501a98453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170091
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67451}
base::List is only used inside of heap and has some pretty strange
semantics that don't lend themselves to it being a general purpose data
structure so this moves it to heap where it can be safe isolated.
Bug: v8:10454
Change-Id: I7921c22286276432956005c72143b22b0364fc93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170029
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67448}
In AtomicOp64 ClearRegister is called twice to clear the registers r8
and r9. Thereby new registers may get allocated. We forgot to add the
newly allocated registers to pinned after the first call to
ClearRegister, which caused the same registers to be allocated again in
the second ClearRegister, and thereby caused the bug.
R=clemensb@chromium.org
Change-Id: I0d069aea4c9438fe30c30c22406b4075ddf3e95c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170088
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67445}
When RO_SPACE is to be shared, this constructs SharedReadOnlySpace
object (via ReadOnlySpace::DetachPagesAndAddToArtifacts) that contains
the shared artifacts and the original ReadOnlySpace is destroyed. This
is mostly a conceptual change and SharedReadOnlySpace behaves
identically to ReadOnlySpace (and subclasses it).
Also adds ReadOnlyArtifacts that contains the shared artifacts and which
is stored as a std::weak_ptr in a global so it can be destroyed when all
std::shared_ptrs to it are destroyed. Since this allows the ReadOnlyHeap
to be reconstructed when all Isolates are destroyed,
ReadOnlyHeap::ClearSharedHeapForTest is removed along with all uses
since that is now done automatically.
The ReadOnlyArtifacts class now owns all the shared artifacts and is
responsible for deleting them on exit (mostly via unique_ptr).
Bug: v8:10454
Change-Id: I2fe7110a4ab9cf8719dd198bafc1d083bee641b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154204
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67440}
... by making sure we deopt when the buffer is detached.
Bug: chromium:1074736
Change-Id: I86e4e63014767766d7c079c3a3e38d947c76ef10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168874
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67437}
This reverts commit 6a0e7224f3.
Reason for revert: Fails noi18n: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20noi18n%20-%20debug/31513
Original change's description:
> [regexp] Limit the size of inlined choice nodes
>
> Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge
> code objects. This effect can be further magnified through inlining,
> leading to exponential code growth in the size of the pattern.
>
> This CL is a (fairly hacky) way to avoid exponential growth. We
> recognize choice nodes with 'many' choices and disable inlining for
> them. In the future we should fix this properly, either by using the
> code size budget correctly, or by improving codegen for property
> escapes.
>
> Bug: v8:10441
> Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67433}
TBR=yangguo@chromium.org,jgruber@chromium.org
Change-Id: I503b8b2be539468d86e4ec1ac13074cd1c06a5cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10441
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169101
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67436}
Codegen for unicode property escapes (e.g.: /\p{L}/u) can produce huge
code objects. This effect can be further magnified through inlining,
leading to exponential code growth in the size of the pattern.
This CL is a (fairly hacky) way to avoid exponential growth. We
recognize choice nodes with 'many' choices and disable inlining for
them. In the future we should fix this properly, either by using the
code size budget correctly, or by improving codegen for property
escapes.
Bug: v8:10441
Change-Id: I817f145251ec8b1b9906cc735c9e9bdb004c98ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170229
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67433}
This reverts commit 43b885a842.
Reason for revert: Still fails on UBSan: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10873
Original change's description:
> Reland "[turbofan][csa] optimize Smi untagging better"
>
> This is a reland of ff22ae80e2
>
> Original change's description:
> > [turbofan][csa] optimize Smi untagging better
> >
> > - Introduce new operator variants for signed right-shifts with the
> > additional information that they always shift out zeros.
> > - Use these new operators for Smi untagging.
> > - Merge left-shifts with a preceding Smi-untagging shift.
> > - Optimize comparisons of Smi-untagging shifts to operate on the
> > unshifted word.
> > - Optimize 64bit comparisons of values expanded from 32bit to use
> > a 32bit comparison instead.
> > - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> > right-shift to enable better address computations for Smi indices.
> >
> > Bug: v8:9962
> > Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#67378}
>
> Bug: v8:9962
> Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67430}
TBR=neis@chromium.org,tebbi@chromium.org
Change-Id: I49e19811ebcecb846f61291bc0c4a0d8b0bc4cff
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2168876
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67431}
This is a reland of ff22ae80e2
Original change's description:
> [turbofan][csa] optimize Smi untagging better
>
> - Introduce new operator variants for signed right-shifts with the
> additional information that they always shift out zeros.
> - Use these new operators for Smi untagging.
> - Merge left-shifts with a preceding Smi-untagging shift.
> - Optimize comparisons of Smi-untagging shifts to operate on the
> unshifted word.
> - Optimize 64bit comparisons of values expanded from 32bit to use
> a 32bit comparison instead.
> - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> right-shift to enable better address computations for Smi indices.
>
> Bug: v8:9962
> Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67378}
Bug: v8:9962
Change-Id: Ieab0755806c95fb50022eb17596fb0c95f36004c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170001
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67430}
This removes the {RedirectToWasmInterpreter} runtime function and the
respective method from {WasmDebugInfo}.
Some tests test specifically the interaction between compiled code and
the interpreter. They are irrelevant now and are deleted.
R=thibaudm@chromium.org
Bug: v8:10389
Change-Id: I38330fcb523f7c65968fdf03abc60af3392bdcc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164793
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67427}
This is a reland of ad5b005e38
Original change's description:
> [snapshot] Expose the serializer through %SerializeDeserializeNow
>
> ... in order to exercise the snapshot/ component from mjsunit tests
> and fuzzers.
>
> * Since the serializer and deserializer can now be called at any time
> instead of only in a tightly controlled environment, several
> assumptions (such as an empty execution stack, no microtasks, no
> handles) no longer hold and had to be made configurable through
> SerializerFlags.
>
> * Root iteration now skips more root categories which were previously
> guaranteed to be empty (e.g. the stack, microtask queue, handles).
>
> * The %SerializeDeserializeNow runtime function triggers
> serialization, deserialization, and heap verification on the current
> isolate and native context.
>
> Support is not yet complete and will be extended in future work. Once
> all mjsunit tests successfully run, we can add a new test mode to
> stress serialization.
>
> Bug: v8:10416
> Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67423}
Tbr: delphick@chromium.org,ulan@chromium.org
Bug: v8:10416
Change-Id: Ibed04c0f0b72fabcf811d8b18a1479391a11568b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170090
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67426}
This adds the following:
1) Heap object structure classes: RawHeap, BaseArena and BasePage.
- freelist
- linear allocation block
2) ObjectAllocator, a class responsible for object (and page) allocation.
The design doc with UML design: https://bit.ly/2VVTcqc
User defined arenas are followup.
Bug: chromium:1056170
Change-Id: I69a82974bd08e3cf3da90041b1628297cc890891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167392
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67425}
This reverts commit ad5b005e38.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/36070?
Original change's description:
> [snapshot] Expose the serializer through %SerializeDeserializeNow
>
> ... in order to exercise the snapshot/ component from mjsunit tests
> and fuzzers.
>
> * Since the serializer and deserializer can now be called at any time
> instead of only in a tightly controlled environment, several
> assumptions (such as an empty execution stack, no microtasks, no
> handles) no longer hold and had to be made configurable through
> SerializerFlags.
>
> * Root iteration now skips more root categories which were previously
> guaranteed to be empty (e.g. the stack, microtask queue, handles).
>
> * The %SerializeDeserializeNow runtime function triggers
> serialization, deserialization, and heap verification on the current
> isolate and native context.
>
> Support is not yet complete and will be extended in future work. Once
> all mjsunit tests successfully run, we can add a new test mode to
> stress serialization.
>
> Bug: v8:10416
> Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67423}
TBR=ulan@chromium.org,jgruber@chromium.org,delphick@chromium.org
Change-Id: Ie30b94c9ec6e4463bed6cc87dd6525f469fdf84a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170089
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67424}
... in order to exercise the snapshot/ component from mjsunit tests
and fuzzers.
* Since the serializer and deserializer can now be called at any time
instead of only in a tightly controlled environment, several
assumptions (such as an empty execution stack, no microtasks, no
handles) no longer hold and had to be made configurable through
SerializerFlags.
* Root iteration now skips more root categories which were previously
guaranteed to be empty (e.g. the stack, microtask queue, handles).
* The %SerializeDeserializeNow runtime function triggers
serialization, deserialization, and heap verification on the current
isolate and native context.
Support is not yet complete and will be extended in future work. Once
all mjsunit tests successfully run, we can add a new test mode to
stress serialization.
Bug: v8:10416
Change-Id: Ie7ff441a761257dd7f256d0a33e73227850074ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159495
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67423}
For a zero-length BackingStore allocation, it is valid for the
underlying memory to be a null pointer. However, some cleanup
is still necessary, since the BackingStore may hold a reference
to the allocator itself, which needs to be released when destroying
the `BackingStore` instance.
Change-Id: I1f168079d39e4592d2fde31fbe5f705586690e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169646
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67420}
The interpreter will be moved to be test-only, hence
--wasm-interpret-all also needs to be removed.
Since we don't have any non-compiling tier any more, we also remove the
implication from --jitless to --wasm-lazy-compilation. Instead, we add
another CHECK that we can't be in jitless mode if we trigger any wasm
compilation.
All tests that just ran other tests and additionally passed
--wasm-interpret-all become redundant and are deleted. Also all
regression tests that explicitly specify --wasm-interpret-all are not
needed any more.
R=thibaudm@chromium.org
Bug: v8:10389
Change-Id: I5ddf20a842117a6c05e277a5308f5cfe42e6bfa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164792
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67419}
PerformPromiseAll doesn't set iteratorRecord.[[Done]] to true if
Promise.resolve is not callable. This makes Promise.all call
IteratorClose.
BUG=v8:10452
Change-Id: Icbe17416a733f68ef09f1c610d715f544c2a3b8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164789
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67416}
This reverts the changes made in
https://chromium-review.googlesource.com/c/v8/v8/+/1695465https://chromium-review.googlesource.com/c/v8/v8/+/1776078
We originally moved this protector to the native context to avoid
cross-native-context pollution of protector state. Ideally,
invalidating a protector in one NC should not affect any other NC.
But as it turns out, having the protector on the NC causes more
problems than it solves since all affected callers now need to find
the correct native context to check. Sometimes (e.g. in CSA regexp
builtins) it is possible to blindly check the current NC, but the
reasoning behind this optimization is tricky to understand.
Sometimes, fetching the correct NC is not possible due to access
restrictions. These implementation complexities outweigh the (unknown)
potential performance benefits.
In the future we should attempt to move away from the protector
concept for these kinds of checks.
Bug: chromium:1069964,v8:9463
Change-Id: I2cbb2ec7266282165dae5e4a6c8bdbda520c50a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157382
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67415}
Due to lack of testing environment before, there are some bugs in the
implementations of wasm-simd on mips64 platform, this CL fix them
according to the test on Loongson 3A4000.
Change-Id: I59ab6315987fc94a06cf0bf23754f5c593879532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162416
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67413}
This changelist makes the GDB-stub actually execute GDB-remote commands, by
accessing the Wasm engine state. More precisely:
- class GdbServer registers DebugDelegates that receive debug notifications when
a new Wasm module is loaded, when execution suspends at a breakpoint or for an
unhandled exception.
- Since the GDB-remote commands arrive on a separate thread, all
queries from the debugger are transformed into Task objects, that are posted
into a TaskRunner that runs in the Isolate thread.
- class WasmModuleDebug contains the logic to retrieve the value of globals, locals, memory ranges from the
Wasm engine and to add/remove breakpoints.
Build with: v8_enable_wasm_gdb_remote_debugging = true
Run with: --wasm-gdb-remote
Test with: python tools\run-tests.py --outdir=out\debug_x64 debugging -j 1
Bug: chromium:1010467
Change-Id: I9703894620a027d3c920926db92e2ff809d84ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1941139
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#67412}
Extend the flag parameter with a bit that decides if the input should
be converted (-0 to 0, and a string to the array index it represents).
Instruct redundancy elimination to never replace x with CheckBounds(x)
when this CheckBounds is of the converting kind.
Bug: chromium:1070892, chromium:1071743
Change-Id: I3125a6e267d56dae6bf6cb2f5f52d27ef65d7c79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2157365
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67408}
This relands commit 1a38573f9d.
The original change used a sequence of instruction in the test that
could not be scalar lowered properly.
Original change's description:
> [arm] Change fp_fixed registers to be allocatable registers
>
> fp_fixed1 and fp_fixed2 are used by the S8x16Shuffle operation. They
> need to be allocatable, so that they can be correctly marked as fixed
> and spilled as required. The previous value of fp_fixed2, d29, is not in
> the list of allocatable double registers, and not marked as fixed
> appropriately.
>
> One fix could be to extend the list of allocatable double registers, but
> there is a comment there saying that the list is kept even-length to
> make stack alignment easier. So rather than messing with that, we
> instead change what fp_fixed1 and fp_fixed2 is, since S8x16Shuffle is
> the only user, this is a simpler change.
>
> Bug: chromium:1070078
> Change-Id: Id7de9b256bad2cfb11b0f06b66eb80a48ff7827c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2161565
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67372}
Bug: chromium:1070078
Change-Id: I02bb4b3ad03817318cbd0ee706c5ef4f20c845ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165867
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67406}
This patch has the following improvement on v8.browsing_mobile:
- total-main-thread:duration improved by 1.7%
- js:duration improved by 1.3%
Change-Id: I1cdf2c181bfd991b67f31c5c2f32e3c2f909c67e
Bug: v8:9684, v8:10431
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149433
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67405}
This adds a test which I suspected would fail, but luckily it doesn't.
The idea is to catch a proper wasm exception in JS, then construct a new
exception, but set the catched exception as the prototype. My suspicion
was that we would still handle that new exception like a wasm exception,
since the `WasmExceptionGetTag` and `WasmExceptionGetValues` runtime
functions to a standard property lookup, which includes a prototype
walk.
Interestingly, the prototype walk is already skipped automatically when
loading private symbols, so the implementation already supports this
case correctly.
Let's still add this test to have coverage for this case.
R=jkummerow@chromium.orgCC=aheejin@chromium.org
Bug: v8:8091
Change-Id: Idf9944cf47f96cca38e9678e9200bf03a39ea126
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2167438
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67391}
- Add template specialization for DataRange::get<bool> to avoid undefined behavior of the template DataRange::get<T> which uses memcpy to assign the result variable
Change-Id: I129773251c063ea6863c4b2318dbc18574588d99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165728
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67387}
Intl.DisplayNames was shipped in m81 and we now can remove the flag.
https://www.chromestatus.com/features/4965112605573120
Bug: v8:8703
Change-Id: Ib65d787c1871aa1da38a22fdb9e369c680c7d2c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2163820
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67382}
This reverts commit ff22ae80e2.
Reason for revert: new test fails on UBSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10831
Original change's description:
> [turbofan][csa] optimize Smi untagging better
>
> - Introduce new operator variants for signed right-shifts with the
> additional information that they always shift out zeros.
> - Use these new operators for Smi untagging.
> - Merge left-shifts with a preceding Smi-untagging shift.
> - Optimize comparisons of Smi-untagging shifts to operate on the
> unshifted word.
> - Optimize 64bit comparisons of values expanded from 32bit to use
> a 32bit comparison instead.
> - Change CodeStubAssembler::UntagSmi to first sign-extend and then
> right-shift to enable better address computations for Smi indices.
>
> Bug: v8:9962
> Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67378}
TBR=neis@chromium.org,tebbi@chromium.org
Change-Id: I2617d7a44e5ae33fd79322d37c8b722c00162d22
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9962
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2165873
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67380}
- Introduce new operator variants for signed right-shifts with the
additional information that they always shift out zeros.
- Use these new operators for Smi untagging.
- Merge left-shifts with a preceding Smi-untagging shift.
- Optimize comparisons of Smi-untagging shifts to operate on the
unshifted word.
- Optimize 64bit comparisons of values expanded from 32bit to use
a 32bit comparison instead.
- Change CodeStubAssembler::UntagSmi to first sign-extend and then
right-shift to enable better address computations for Smi indices.
Bug: v8:9962
Change-Id: If91300f365e8f01457aebf0bd43bdf88b305c460
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2135734
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67378}
