Commit Graph

75192 Commits

Author SHA1 Message Date
Joyee Cheung
bb98b38735 [ic] handle access check for private names
Previously the LookupIterator ignores private symbols
(including private names) for the access check. This patch
removes these exceptions so that they are always checked.

Drive-by: removes the unused should_throw parameter in
Runtime::DefineObjectOwnProperty()

Bug: chromium:1321899
Change-Id: I9677b1e377f01d966daa1603eee1ed9535ffab92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623419
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80700}
2022-05-23 18:30:07 +00:00
Manos Koukoutos
78c9466532 [wasm][turbofan] Introduce size limit for loop peeling
Not peeling very large loops gives speedups on some benchmarks.

Change-Id: Ifbdf08ddaee0e9c638238a6bcf4a3a5ea319b817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660243
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80699}
2022-05-23 16:24:07 +00:00
Leszek Swirski
132cee6f66 [maglev] Two Float64 fixes
Fix requesting an Int32 from a tagged value that was already converted
to Float64 (because it was on one side of Number feedback but was itself
a Smi), and DoubleRegister locations in deopts.

Bug: v8:7700
Change-Id: I01615a6c520c9e086f3544c2656aa04bf3fc1eaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660254
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80698}
2022-05-23 16:05:38 +00:00
Seth Brenith
400b2cc2c6 Don't rescue old top-level SharedFunctionInfos
My previous change https://crrev.com/c/3597106 led to some performance
regressions in time spent on parsing and compilation. Those regressions
might be due to increasing the reuse of old top-level
SharedFunctionInfos. If the top-level SFI is old enough that its
bytecode can be flushed, then perhaps other SFIs within the script have
already been flushed. In that case, discarding information from a
background compilation or code cache deserialization could be harmful.

Bug: v8:12808, chromium:1325566, chromium:1325567, chromium:1325601
Change-Id: Ia7651bed86eecdbef8878e6132b894ed10163cdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657472
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80697}
2022-05-23 14:47:47 +00:00
Benedikt Meurer
d4ce844be4 [inspector] Don't trigger window.onerror with side-effects disabled.
This was an oversight in https://crrev.com/c/3557234, which led to a
really weird developer experience: once a `window.onerror` handler was
installed, typing into the Console or other side-effect free debug
evaluations triggered this handler.

Fixed: chromium:1328008
Bug: chromium:1295750
Change-Id: I4029ff19ceb7cfe0a8eb6afff19c3ef9a4a82e25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3660253
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80696}
2022-05-23 13:50:57 +00:00
Marja Hölttä
1957427f1b [rab/gsab] Rename some uses of LoadJSArrayBufferViewByteLength
It sometimes meant just the field and sometimes the computed byte
length. This rename makes it less confusing.

Bug: v8:11111
Change-Id: I64bb8b6b9be2befb57d53ae5456b6ce8f6472456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657429
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80695}
2022-05-23 12:37:57 +00:00
Leszek Swirski
9ec29a4428 [maglev] Implement BranchIfInt32Compare
Add an implementation of BranchIfInt32Compare, which is emitted whenever
a compare op is immediately followed by a branch.

Bug: v8:7700
Change-Id: I2c56d9de199bac8de33b33201f8614aee8e9894e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647693
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80694}
2022-05-23 11:40:57 +00:00
Liu Yu
6a53808833 [loong64][mips] Fix compilation error with gcc
SimulatorBase::ConvertArg should be a protect member so that
CallArgument::CallArgument can access it.

Change-Id: I60b23b45c2247cd28e73808df7b77e604d154932
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3659057
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80693}
2022-05-23 09:53:07 +00:00
Leszek Swirski
86e38682f2 [maglev] Add Int32 compare ops
Add an implementation of compare ops which, like binary ops,
speculatively reads integers (but still returns a tagged true/false
value).

Bug: v8:7700
Change-Id: I38f0ba99f8f7af30c89d0b987e28483c9610463f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657440
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80692}
2022-05-23 09:51:46 +00:00
Leszek Swirski
12f20b0f56 [maglev] Fix latest_checkpoint_state overstaying its welcome
We weren't always clearing latest_checkpoint_state on merge points, so
bottleneck it in a better location.

Bug: v8:7700
Change-Id: Iaac5922d769d97d49b85613d5390196a14ad8059
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657437
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80691}
2022-05-23 09:17:18 +00:00
Leszek Swirski
448af14ae9 [maglev] Fix uninitialised next_use in deopts
Deopt InputLocation next_use fields are not initialised, so if a deopt
is the last use of a node we won't release it. Fix this by initialising
the input location array. Also add a DCHECK to verify that register
assignments match what registers a node thinks it's in.

Bug: v8:7700
Change-Id: I4003a027489cf8eeef7c4e60fa64f72cebd2c4e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657438
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80690}
2022-05-23 08:54:56 +00:00
Nikolaos Papaspyrou
7926e5d2bf cleanup: Fix some typos
Mostly in comments, again, not much to be said...

Bug: v8:12425
Change-Id: If0890132606b5ae8d5e173907bfdc063b9811ac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657428
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80689}
2022-05-23 08:49:07 +00:00
v8-ci-autoroll-builder
698413be29 Update V8 DEPS.
Rolling v8/build: b8694ed..b2f1ec8

Rolling v8/third_party/depot_tools: 2f98847..4e6aa25

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220521.3.1..version:8.20220522.3.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ib008d9d40613b94ba54897d10f1a842683498570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3659712
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80688}
2022-05-23 03:49:48 +00:00
v8-ci-autoroll-builder
581a5ef7be Update V8 DEPS.
Rolling v8/build: 44ff734..b8694ed

Rolling v8/third_party/depot_tools: 0e9a7d2..2f98847

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220520.3.1..version:8.20220521.3.1

Rolling v8/third_party/zlib: 2fe249a..80b28c9

Rolling v8/tools/clang: ec2da2f..6df1876

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I48af985a9d0f037c7ccdc3e7e6c66f0d0e6e7610
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3658142
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80687}
2022-05-22 03:52:36 +00:00
v8-ci-autoroll-builder
becbbc2922 Update V8 DEPS.
Rolling v8/build: 399520d..44ff734

Rolling v8/buildtools/third_party/libc++abi/trunk: 3e4d383..4ad92ec

Rolling v8/buildtools/third_party/libunwind/trunk: c9b2288..d03f56b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8111049..a1cf7a2

Rolling v8/third_party/depot_tools: bd80a1b..0e9a7d2

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220519.0.1..version:8.20220520.3.1

Rolling v8/tools/clang: bec960d..ec2da2f

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I3cfe4f14fa51e977aa3efa79d124aeab74aaad17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3658135
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80686}
2022-05-21 03:51:35 +00:00
Frank Tang
05f3596f80 [Temporal] Add PlainDateTime.prototype.toZonedDateTime
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.tozoneddatetime

Bug: v8:11544
Change-Id: Ic4464e6d4521fb7e006164933df4f38c5d3115b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3554666
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80685}
2022-05-21 01:38:55 +00:00
Frank Tang
a90169d304 [Temporal] Add Instant.prototype.toZonedDateTime(ISO)?
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.tozoneddatetime
https://tc39.es/proposal-temporal/#sec-temporal.instant.prototype.tozoneddatetimeiso

Bug: v8:11544
Change-Id: I452dfbf027e5d58edde9f9691519204ff29d8082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3382058
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80684}
2022-05-21 01:30:26 +00:00
Frank Tang
4cf301722c [Temporal] Add PlainYearMonth.from
Also Add AOs: ToTemporalYearMonth, YearMonthFromFields, ParseTemporalYearMonthString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plainyearmonth.from
https://tc39.es/proposal-temporal/#sec-temporal-totemporalyearmonth
https://tc39.es/proposal-temporal/#sec-temporal-parsetemporalyearmonthstring
https://tc39.es/proposal-temporal/#sec-temporal-yearmonthfromfields

Bug: v8:11544
Change-Id: I04b30a4159142a996c765c542f19e66bee593e4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538666
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80683}
2022-05-21 01:19:45 +00:00
Frank Tang
9473a5e987 [Temporal] Add toJSON to PlainTime
Bug: v8:11544
Change-Id: Iaf440009b2abdf9e90de3ed0e6e02eb35060a65b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437889
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80682}
2022-05-21 01:14:05 +00:00
Frank Tang
db2dc63535 [Temporal] Add ZonedDateTime.prototype.withPlainTime
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.zoneddatetime.prototype.withplaintime

Bug: v8:11544
Change-Id: I1c35c1105c9f2cc051d3b17718f52170fbee2a5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565027
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80681}
2022-05-21 01:04:45 +00:00
Frank Tang
a2f22f4355 [Temporal] Add PlainDate(Time)? toPlain*Month*
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.toplainmonthday
https://tc39.es/proposal-temporal/#sec-temporal.plaindate.prototype.toplainyearmonth
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplainyearmonth
https://tc39.es/proposal-temporal/#sec-temporal.plaindatetime.prototype.toplainmonthday


Bug: v8:11544
Change-Id: Ia97de3b4dde183ae4ee514deb4d13da5d5ff9bae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3534451
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80680}
2022-05-21 00:26:07 +00:00
Shu-yu Guo
1f35a33d2e Have YIELD_PROCESSOR sleep for 1ms under TSAN
TSAN intercepts atomic accesses and uses locking. Since YIELD_PROCESSOR
is used in spinlock loops in conjunction with atomic accesses, such
spinlock loops can exhibit starvation in TSAN. To work around the
problem, have YIELD_PROCESSOR sleep the process for 1ms.

Change-Id: I042368cfc6b55abdba5c897a8f23cc633a70ba13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3651514
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80679}
2022-05-21 00:25:05 +00:00
Frank Tang
71fb98092b [Temporal] Add ZonedDateTime.prototype.* forward to calendar
Implement the following methods of ZonedDateTime
year, month, monthCode, day, dayOfWeek, dayOfYear, weekOfYear,
daysInWeek, daysInMonth, daysInYear, monthsInYear, inLeapYear,
era, eraYear

Also implement corresponding AOs (CalendarXXX).

Spec Text:
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.year
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.month
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.monthcode
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.day
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.dayofweek
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.dayofyear
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.weekofyear
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.daysinweek
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.daysinmonth
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.daysinyear
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.monthsinyear
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.inleapyear
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.era
https://tc39.es/proposal-temporal/#sec-get-temporal.zoneddatetime.prototype.erayear

Bug: v8:11544
Change-Id: I7d7008a719f0109836834d170c5f52b49c3ffb7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565028
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80678}
2022-05-20 23:07:26 +00:00
Frank Tang
74aa5e7d68 [Temporal] Add Temporal.Duration.prototype.toJSON
Also add AO: TemporalDurationToString

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.duration.prototype.tojson
https://tc39.es/proposal-temporal/#sec-temporal-temporaldurationtostring

Bug: v8:11544
Change-Id: I7dfdb5458b88646a4ac7b7713e7c8e63352f7539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3438375
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80677}
2022-05-20 22:38:35 +00:00
Frank Tang
caccea8d09 [Temporal] Add PlainMonthDay.from
Also add AOs: ParseTemporalMonthDayString, MonthDayFromFields,
ToTemporalMonthDay
Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal.plainmonthday.from
https://tc39.es/proposal-temporal/#sec-temporal-totemporalmonthday
https://tc39.es/proposal-temporal/#sec-temporal-parsetemporalmonthdaystring
https://tc39.es/proposal-temporal/#sec-temporal-monthdayfromfields

Bug: v8:11544
Change-Id: I971b5a0f43b9dbeefe38ebe28035f7c9b1a617ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3538664
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80676}
2022-05-20 22:34:05 +00:00
Frank Tang
c68336252d [Temporal] Add Plain(Date|MonthDay|YearMonth).*.to(Locale)?String
Spec Text:
https://tc39.es/proposal-temporal/#sup-temporal.plaindate.prototype.tostring
https://tc39.es/proposal-temporal/#sup-temporal.plaindate.prototype.tolocalestring
https://tc39.es/proposal-temporal/#sup-temporal.plainmonthday.prototype.tostring
https://tc39.es/proposal-temporal/#sup-temporal.plainmonthday.prototype.tolocalestring
https://tc39.es/proposal-temporal/#sup-temporal.plainyearmonth.prototype.tostring
https://tc39.es/proposal-temporal/#sup-temporal.plainyearmonth.prototype.tolocalestring

Implement toString/toLocaleString as non-intl version.

Because toString took options bag in Temporal, we cannot use the
same way how we handle Date.prototype.toLocaleString() for non-intl
build by just forwarding to it's toString implementation.
Change built-ins-defintions.h to always has built-ins for
*.toLocaleString , not just in intl build.
Change src/init/bootstrapper.cc away of the toLocaleString forward
to toString approach.

Implement the non-intl version of ToLocaleString in js-temporal-objects.cc for
Temporal.Plain(Date|YearMonth|MonthDay)


Bug: v8:11544
Change-Id: I202bcf28ef05ed03c337475300cfdfd18b52ffb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656137
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80675}
2022-05-20 20:35:35 +00:00
Andy Wingo
44932c1689 [stringrefs] Parse the string literals section
Bug: v8:12868

Also adds wtf8.cc, wtf8.h to src/wasm, to implement WTF-8 validation and
possibly other utilities.  Also fixes a bug when parsing the string
literals section; I had misunderstood the way the unordered/ordered
sections mechanism worked.

Change-Id: I3c4205e0872379a69575f84ba33e0090a9d8d656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652789
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80674}
2022-05-20 20:04:35 +00:00
Alex Gough
09b7a8b8c4 When cet is disabled, propagate to v8_shell
Before: when cet is disabled v8_shell is marked with the
cetcompat bit, which breaks the chromium build on cet
machines.

With this CL: v8_shell is not marked as cetcompat unless
v8_enable_cet_shadow_stacks is true.

Bug: chromium:1289318
Change-Id: If8a79ac5288a9a3385bf6b692db566508cca248f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656146
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80673}
2022-05-20 16:36:55 +00:00
Marja Hölttä
e819612aaf [web snap] Enable context referring to function
Bug: v8:11525,v8:12820
Change-Id: Ic4cd3172a4d6884b8234ca6b6463dfc405e10ba1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652793
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80672}
2022-05-20 16:10:44 +00:00
Tobias Tebbi
6e1fcf22f3 [test] remove flaky isOptimized check in regress-crbug-1323114.js
Bug: v8:12893
Change-Id: Ibc2068011243b2ec811cd90646f0ec2a0d93cc05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657433
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80671}
2022-05-20 14:50:02 +00:00
Leszek Swirski
47090774a4 [maglev] Add more Int32/Float64 arithmetic nodes
Add Int32/Float64 nodes for:

  * Subtract
  * Multiply
  * Divide

and additionally Int32 nodes for

  * BitwiseOr/And/Xor
  * ShiftLeft/Right/RightLogical

The latter ones don't have Float64 equivalents since they're implicitly
Int32 operations. In the future we'll add support for Number feedback by
adding Float64-to-Int32 conversions and using the Int32 nodes.

The divide node does an Int32 division and deopts if there's a remainder
to the division -- we may want to make it output a Float64 instead if we
think that's more likely in real-world code. There's also no peephole
optimisations for constant operations, which would generate much better
code, especially for shifts.

Bug: v8:7700
Change-Id: Ief1d24b46557cf4d2b7929ed50956df7b0d25992
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652301
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80670}
2022-05-20 14:48:59 +00:00
Tobias Tebbi
c2430b4ff2 Revert "[heap] Disable map space with --future"
This reverts commit 74c68e2a04.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/21353/overview

Original change's description:
> [heap] Disable map space with --future
>
> Original CL got reverted, this time the failing test should be fixed.
>
> Bug: v8:12578
> Change-Id: Id2d8801f07742e8b00884fefec8200e4270f4250
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657434
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80668}

Bug: v8:12578
Change-Id: I2ee20c79ec09ff4f7bece6ddcc1c3a5cd9351223
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647692
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80669}
2022-05-20 14:47:24 +00:00
Dominik Inführ
74c68e2a04 [heap] Disable map space with --future
Original CL got reverted, this time the failing test should be fixed.

Bug: v8:12578
Change-Id: Id2d8801f07742e8b00884fefec8200e4270f4250
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657434
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80668}
2022-05-20 13:22:44 +00:00
Michael Lippautz
6fe9ea3a02 [cppgc-js] Delay reading flags until first GC
Unfortunately heap setup happens before setting up flags in practice.
This means that flags such as `--single-threaded-gc` were not respected
properly for Oilpan. Delay the setup until the GC is actually triggered.

Bug: chromium:1326723
Change-Id: Icabe7ecf27e879bd44bba5e09ca176beb012c58a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657430
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80667}
2022-05-20 13:08:27 +00:00
Marja Hölttä
0d57c9a863 [web snap] Fix context tree serialization
Enforce the parent context has a smaller id, this time more forcefully.

Bug: v8:11525,v8:12820
Change-Id: I05bf675545b81b818eebfcaa40ee6bb93f5bcf9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652792
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80666}
2022-05-20 12:21:50 +00:00
Samuel Groß
67aff19c27 [sandbox] Expose Memory Corruption API on sandbox bots
These bots should run sandbox tests in the future, for which the memory
corruption API will be required.

Bug: v8:12878
Change-Id: Ib64bfb0ae080016db6d1629f375d2a71a20d70b4
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657427
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80665}
2022-05-20 12:20:48 +00:00
Tobias Tebbi
a0fbb0b2cb Revert "[heap] Disable map space with --future"
This reverts commit 4ba3b51542.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/8900/overview

Original change's description:
> [heap] Disable map space with --future
>
> Bug: v8:12578
> Change-Id: If0253a2feb383d6ef313729bf99b489eb9436303
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652794
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80660}

Bug: v8:12578
Change-Id: I9ccfc2641b29539a29258a6517824cdd5a5709d5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657432
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80664}
2022-05-20 12:12:24 +00:00
Andy Wingo
838d32152a [wasm] Simplify table.get, table.set in liftoff compiler
A fixup to https://chromium-review.googlesource.com/c/v8/v8/+/3644961
that I had neglected to address then.  Whoops!

Change-Id: Id0f2721e6cdfb3493b5d11043f6a6a3273e1fc09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652790
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80663}
2022-05-20 11:57:45 +00:00
Igor Sheludko
e23c5aea00 Reland^2 "[rwx][mac] Enable fast W^X on Apple Silicon (M1)"
This is a reland of commit e8cac3776e
The proxy resolver issue is fixed in a separate CL.

Original change's description:
> [rwx][mac] Enable fast W^X on Apple Silicon (M1)
>
> Bug: v8:12797
> Change-Id: I53bb803dd77db5bdd42b1a1b4b568e63857adf31
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3598861
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80396}

Bug: v8:12797
Change-Id: Icd897d3f3ff1f1bcfdb9e874e13f6a654c985fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650925
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80662}
2022-05-20 11:22:17 +00:00
Jakob Kummerow
86be87df9c [bigint] Fix object literal property keys like 0x0n
Fixed: chromium:1327321
Change-Id: I4868e0127b9dd14a0812cafca1681280534faa46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652788
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80661}
2022-05-20 11:21:15 +00:00
Dominik Inführ
4ba3b51542 [heap] Disable map space with --future
Bug: v8:12578
Change-Id: If0253a2feb383d6ef313729bf99b489eb9436303
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652794
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80660}
2022-05-20 11:10:28 +00:00
Samuel Groß
4a12cb1022 [sandbox] Add new Memory Corruption API
When enabled, this API exposes a new global 'Sandbox' object which
contains a number of functions and objects that in effect emulate
typical memory corruption primitives constructed by exploits. In
particular, the 'MemoryView' constructor can construct ArrayBuffers
instances that can corrupt arbitrary memory inside the sandbox. Further,
the getAddressOf(obj) and getSizeInBytesOf(obj) functions can be used
respectively to obtain the address (relative to the base of the sandbox)
and size of any HeapObject that can be accessed from JavaScript.

This API is useful for testing the sandbox, for example to
facilitate developing PoC sandbox escapes or writing regression tests.
In the future, it may also be used by custom V8 sandbox fuzzers.

Bug: v8:12878
Change-Id: I4e420b2ff28bd834b0693f1546942e51c71bfdda
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650718
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80659}
2022-05-20 11:09:25 +00:00
Leszek Swirski
58d19ed76a [compiler-dispatcher] Fix double ShouldYield call
Fixed: v8:12886
Change-Id: I729f6f11be3befa573ac6a201dc91e3d5f2eebc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652791
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80658}
2022-05-20 10:14:58 +00:00
Liu Yu
207f489fc5 [mips][liftoff] Fix atomic ops implementation error
LLd and Scd should be used for StoreType::kI64Store* types.

Change-Id: Ic645c9149c7ade95e0a36acadb48d246ee817469
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3655179
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80657}
2022-05-20 09:33:54 +00:00
Dominik Inführ
407218d60a [heap] Combine write barrier flag checks
Adding the shared heap write barrier caused regressions on some
benchmarks. Presumably this is because the compiler can't merge the
fast paths of the generational and shared heap write barrier.

This CL therefore introduces a CombinedHeapBarrier that manually
unifies the fast path for the marking, generational and shared heap
write barrier. This should make the barrier easier to optimize for
the compiler. In particular it should help to ensure that page flags
don't need to be loaded multiple times in a single full write barrier.

Bug: chromium:1326446, v8:11708
Change-Id: Iacd487f1263491cf4c05f25e004233a52b7c45a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644964
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80656}
2022-05-20 08:54:34 +00:00
Jakob Kummerow
ac3c8f8ff2 [wasm-gc] Bump array.init limit to 10,000
By popular demand.

Bug: v8:7748
Change-Id: I6892d5cb92066ecc56574b5f27a09088c692e071
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650927
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80655}
2022-05-20 08:51:47 +00:00
Andy Wingo
b48262d719 [stringrefs] Add generalized UTF-8 decoder / validator
Bug: v8:12868

A slight modification to the existing DFA-based UTF-8 allocator to allow
decoding surrogates, for use in decoding WTF-8.  We'll need to
additionally constrain the decoder to disallow surrogate pairs.

Change-Id: Ifddbf08d4eeeff8f270df52a68f01769ea790eec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652787
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80654}
2022-05-20 08:05:04 +00:00
Samuel Groß
0440123e30 [sandbox] Enable sandboxed pointers on sanitizer builds
With crrev.com/c/3641564, Chromium now uses PartitionAlloc for
ArrayBuffer allocations even if one of the sanizier tools (e.g. ASan) is
enabled. As such, sanitizer builds are now compatible with the sandbox.

Bug: chromium:1218005
Change-Id: I100bf3ef442c556652fb00dd6c09d06b167e6577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652785
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80653}
2022-05-20 06:18:23 +00:00
v8-ci-autoroll-builder
a0bbd00112 Update ICU
Rolling v8/third_party/icu: 585942f..1c67b4e

CP PR2090 to remove ATOMIC_VAR_INIT (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/1c67b4e

Disable -Wambiguous-reversed-operator in ICU. (Peter Kasting)
https://chromium.googlesource.com/chromium/deps/icu/+/3272ffe

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I1a35eadab7a580b6f447af17fc75981723e89d22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3656643
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80652}
2022-05-20 05:55:26 +00:00
Pan, Tao
54191d0887 [cleanup] Remove abandoned osr_code_cache_state from SFI
All user of osr_code_cache_state had been removed.

Change-Id: I08a4783e47c900617b53ba789d267fb9a0bd1e92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652276
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#80651}
2022-05-20 03:54:06 +00:00