Commit Graph

71269 Commits

Author SHA1 Message Date
Manos Koukoutos
2583028289 [wasm] Add helper function for CheckForNull
Bug: v8:7748
Change-Id: I78a41e593b668f417f1cc18b24bc61a4b6e098c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135577
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76627}
2021-09-01 15:34:23 +00:00
Clemens Backes
dd152c4877 Reland "[wasm] Move write scope out of NativeModule::AddCode"
This is a reland of 6ae18c2d3c, with
{CompileWasmCapiCallWrapper} fixed to also contain a
{CodeSpaceWriteScope}.

Original change's description:
> [wasm] Move write scope out of NativeModule::AddCode
>
> {NativeModule::AddCode} is a central method that should usually be
> called in batches, where the caller holds a {CodeSpaceWriteScope} for a
> longer time (over several compilations).
> This CL moves us closer to that by removing the scope from that central
> method and instead putting it in callers where it becomes more visible.
> There are already TODOs to introduce caching or batching to avoid some
> switching, and one more TODO is added.
>
> Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76344}

Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Change-Id: I6367bbd9dc52c403513eb1a168aa1f6eb4044ca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129703
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76626}
2021-09-01 15:32:26 +00:00
Manos Koukoutos
57cee71e1e [fuzzer] Generate tables before function bodies
This is needed so tables are available for table operations.

Bug: v8:11954
Change-Id: If0cbb07ddf0852d2e2515aca3e1f54168c2e0ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135576
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76625}
2021-09-01 15:31:24 +00:00
Victor Gomes
d6c588af77 Revert "[baseline] Enable SP on the heap on future"
This reverts commit 20dc4dcc13.

Reason for revert: We're killing SP on the heap.

Original change's description:
> [baseline] Enable SP on the heap on future
>
> Bug: v8:11872
> Change-Id: Iaaf3ed68950a6a9fe60f91d73be8a0fbc17e1116
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129424
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76578}

Bug: v8:11872, v8:12158
Change-Id: Ib12912250013cdebeca1597f6c9dcd4f763b7a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135660
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76624}
2021-09-01 15:28:43 +00:00
Jakob Gruber
b1bdde9168 [compiler] Fix the gcc build
Broken by crrev.com/c/3129420

error: ‘CompilationDependency::AsTransition() const’ defined but not used.

Bug: v8:7790
Change-Id: I06839c4d33d3a52909e0e5a276c567eca83e910f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133147
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76623}
2021-09-01 15:06:53 +00:00
Michael Lippautz
4e1baf132b heap: Ignore TSAN when walking the stack conservatively
Other threads may write the stack of a different thread and use a lock
to synchronize such an access. An example for this is interrupt
handling.

Ignore TSAN for the methods performing the stack walk. There's no need
to use relaxed atomic reads as same-thread writes are consistent and
for other-thread writes there's no guarantee on what values to observe.

Bug: chromium:1245409
Change-Id: Ia3d3621590f1f5524d245632a2e8a2db23313f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135573
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76622}
2021-09-01 13:42:13 +00:00
Al Muthanna Athamina
ca5a119497 Skip compiler/inlined-call-polymorphic on numfuzzer
Bug: v8:12013
Change-Id: I382f505914633598865586bc6a1d5dac7c875994
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135581
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76621}
2021-09-01 13:11:33 +00:00
Pierre Langlois
97e7dc3dea [turbofan] Fix tracing with perfetto.
Building with v8_use_perfetto requires that the categories passed to
TRACE_EVENT* be a constexpr.

Change-Id: Iee4b713d8fe0b3f52f6e5cfe5baef0ced87f9855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135575
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#76620}
2021-09-01 12:47:05 +00:00
Jakob Kummerow
11cd2317ac [bigint] Truncate huge error messages
When an attempt to parse a huge string to a BigInt fails, then
including the entire string in it makes the exception's message
unwieldy, so this patch puts only the first 1000 characters of
such invalid strings into the exception message.

Bug: chromium:1245239
Change-Id: I2c62f0d34256653ba67da9666e8c5a1a4bbe0599
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133142
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76619}
2021-09-01 10:09:52 +00:00
Al Muthanna Athamina
eb7e8fb5af Skip compiler/concurrent-inlining-1 on deopt_fuzzer
Bug: v8:12013
Change-Id: I7cee883f22b96b291ac9679fbe05ca2742993dc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135574
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76618}
2021-09-01 09:48:03 +00:00
Hao Xu
7e8270dd4e Reland "[codegen] Align the code start at 64 byte in x64"
This is a reland of commit 40af03b8c3

The original CL failed one test in Windows, and this CL fix this issue.

Original changes's description:
> [codegen] Align the code start at 64 byte in x64
>
> In order to make loop header aligned at 64 byte (relative to memory address), code start should also be aligned at 64 byte.
>
> Bug: chromium:1231471
> Change-Id: I95390babd9cc78492e0beb0f1b03901eb481d5d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094167
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
> Cr-Commit-Position: refs/heads/main@{#76484}

Bug: chromium:1231471
Change-Id: Ia927305c792c7486588bc15e9e87840d6db18478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133957
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#76617}
2021-09-01 08:20:22 +00:00
Camillo Bruni
6f80c9a619 [mjsunit] Prevent module test from accidentally loading common files
- Disable automatic module file extensions for the test
- Use uncommon name suffix to prevent accidental loading of an
  existing file

Change-Id: I26c1092a1e559cbbebce442a8d5ff3fb6dd5aa84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122145
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76616}
2021-09-01 07:35:59 +00:00
Michael Lippautz
64c808784a cppgc: Fix compilation of young generation
Drive-by: Pointer to reference conversions and other smaller cleanups.

Change-Id: I83ed114e4b27d5986a389a9753333716b0e20524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133146
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76615}
2021-09-01 07:24:23 +00:00
Jakob Gruber
28d2b323e6 [compiler] Fine-grained JSFunctionData validation
JSFunctionData has a fairly heavy serialized payload, and likewise
consistency validation validates many fields and thus has many
opportunities to fail. We therefore want to avoid or reduce validation
whenever possible.

This CL adds tracking s.t. we know which fields were actually used,
and we limit validation to used fields.

Drive-by: Make serialized_ debug-only.
Drive-by: Don't create deps for context/native_context/shared.

Bug: v8:7790
Change-Id: Ic32c9919f0c75a76d9c36e4396b6bce383151b62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132962
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76614}
2021-09-01 05:42:14 +00:00
v8-ci-autoroll-builder
0105be26df Update V8 DEPS.
Rolling v8/build: 36b1f71..85ec285

Rolling v8/third_party/aemu-linux-x64: CPOECXfDP5keozFnmr0QOiSuGL3ELWB3zIOKJ0CkoAwC..8RPB9bFL9jMqtkuzgf6G69QDdAGV9Re0Exh-3rzLXvoC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2bbb839..83a41f1

Rolling v8/third_party/depot_tools: d4534cc..9c1a533

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie6227f85af716753d32d51b62099cfc814be4ba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133209
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76613}
2021-09-01 03:47:52 +00:00
Shu-yu Guo
01b06e9967 [compiler] Add TSAN seq cst store support for generated code
This CL does the following for x64:

- Add seq cst TSAN helpers.

- Refactors codegen's handling of TSAN helpers to also support
  seq cst accesses.

- Perform stores only once instead twice under TSAN, since
  duplicating stores is unsound. Previously this was "fine"
  because all duplicated stores were relaxed. SeqCst stores
  are used for synchronization, however, and duplicating them
  breaks the synchronization.

Bug: v8:7790, v8:11600, v8:11995
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: I43071b0ed516cb0917a10f3b2b9861d74edca041
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103308
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76612}
2021-09-01 01:29:13 +00:00
legendecas
3926d6cde4 [builtins] typed array detaching in builtin iterations
%TypedArray.prototype% methods that receive a user callback
fn should not break in the mid-way of the iteration when the
backing array buffer was been detached. Instead, the iteration
should continue with the value set to undefined.

Notably, %TypedArray.prototype%.filter was throwing when the
backing buffer was detached during iteration. This should not
throw now.

Refs: https://github.com/tc39/ecma262/pull/2164
Bug: v8:4895
Change-Id: Ia7fab63264c8148a11f8f123b43c7b3ee0893300
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3066941
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76611}
2021-08-31 21:32:17 +00:00
Milad Fa
9cc414068e S390 [simd]: Implement vector load and zero
This CL takes advantage of the z15 `load byte reverse element`
instruction to optimize Simd Load and Zero opcodes.

On the simulator we only run `load element` as reversing is
not required.

Change-Id: I868bda865249cdc525f804c8ddf4d45df5977a86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132965
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76610}
2021-08-31 16:51:51 +00:00
Camillo Bruni
2e5e2f1530 [execution] Limit noise from differing stack traces with fuzzing
Always return an empty string when formatting stack traces with
--correctness-fuzzer-suppressions. In out-of-stack-space situations
it's easy to get different values depending on whether emergency
formatting is chosen or not.

Bug: chromium:1244626
Change-Id: I2f3d1692deae2533b70b62f28b39875e812b4b0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132968
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76609}
2021-08-31 16:42:02 +00:00
Ng Zhi An
326ab1b15f [wasm] Log Wasm stub code creation
Wasm stubs (C to Wasm and Wasm to JS) aren't logged, so they show up as
??? in GDB backtraces. Emit a CodeCreateEvent in the finalization phase
of the compilation job so that the JitCodeLogger can keep track of it.

With this, a backtrace shows up like (truncated):

-(gdb) bt
-#0  v8::internal::Runtime_WasmArrayCopy
-#1  0x00007fc69d2e155f in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit
-#2  0x00001c368159fcfc in Function:wasm-function[0]-0-turbofan
-#3  0x000000fa00044096 in Stub:c-wasm-entry:i:i
-#4  0x00007fc69dc76b76 in v8::internal::GeneratedCode
-#5  0x00007fc69dc75b25 in v8::internal::Execution::CallWasm
-#6  0x000056506d1a2b6b in v8::internal::wasm::test_gc::WasmGCTester::CallFunctionImpl

Bug: v8:11908
Change-Id: I1223b496091f99a94f2e4e665831462cc9617286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3109050
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76608}
2021-08-31 16:17:01 +00:00
Omer Katz
e691014acd cppgc: Use references instead of pointers for non-null fields
Replace non-null pointer in ObjectAllocator with references.

Bug: chromium:1056170
Change-Id: I55124610490bb903819f88a70b1f8e0fea4e430d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132969
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76607}
2021-08-31 15:45:11 +00:00
Omer Katz
2a7bfabf47 cppgc: Allow allocations in prefinalziers
Prefinalizers have long been forbidden to allocate.
This restriction often proved problematic and has caused several
issues in the past.

This CL adds support for allowing allocations in prefinalizers.
At the start of prefinalizer invocations we clear the linear
allocation buffers, such that all allocations go through the slow
path for allocation. The slow path checks whether prefinalizers
are currently being invoked and marks the newly allocated object
if they are (i.e. black allocation during prefinalizers).

The new behavior is disabled by default and can be enabled by
setting the cppgc_allow_allocations_in_prefinalizers gn arg to true.

Bug: chromium:1056170
Change-Id: Ib86e780dcff88fa7b0f762ac2ab83c42393d33af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097877
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76606}
2021-08-31 15:29:52 +00:00
Martyn Capewell
e6961df23f [wasm][liftoff][arm][arm64] Detect NaNs for fuzzing
Instrument floating-point operations to set a flag if the result is NaN.

Port: e699762e06
Bug: v8:11856
Change-Id: Iae8121dd17ae8acf402ac74e41122cad77387db7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099945
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#76605}
2021-08-31 15:15:51 +00:00
Camillo Bruni
23b9d13be1 [d8] Fix TestVerifySourcePositions with bound Proxy callable
Bug: chromium:1244320
Change-Id: I4472f7ffbc3f6a0ec5ca12f9e8b3501d3f0d3dc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133140
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76604}
2021-08-31 14:14:11 +00:00
Pierre Langlois
d826adf65e [turbofan] Fix tracing when compiling JS.
The PipelineRunScope scope is live on every Run() phase and it isn't
allowed to nest. This means we cannot open a new PipelineRunScope during
TraceScheduleAndVerify() because it can be called in the middle of a
Run(), which we do during effect-control-linearization in the JS
pipeline.

We can fix this by directly using a RuntimeCallTimerScope and a tracing
event, instead of relying on PipelineRunScope to do that.

Change-Id: I3c17b2c0a58ff3cac0d1dcc796f54d29b3444468
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132506
Auto-Submit: Pierre Langlois <pierre.langlois@arm.com>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76603}
2021-08-31 13:58:51 +00:00
Georg Neis
b029ac2111 [compiler] Fix Ref creation in ReadFeedbackForGlobalAccess
Fixed: v8:12154, v8:7790
Change-Id: Ib5f3617f6d992b5916faf623ddced06d6e81bbfd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132960
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76602}
2021-08-31 13:45:03 +00:00
Jakob Gruber
7b38608601 [compiler] Remove unused JSFunctionData::function_data_
Bug: v8:7790,v8:12149
Change-Id: I0c23b2c1126b2a950efe848973618407f64afeb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132268
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76601}
2021-08-31 13:44:01 +00:00
Clemens Backes
494da13b05 [wasm] Simplify logging of js-to-wasm wrappers
Avoid an additional copy of the name, and inline single-use (and small)
functions. Also, use an early exit for the generic wrapper to make the
code simpler.

R=zhin@chromium.org

Bug: v8:11879
Change-Id: Ic66a2c9430f7c3481b9038d2a517c4c76888503b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132267
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76600}
2021-08-31 13:11:21 +00:00
Michael Lippautz
760682da3e cppgc: Fix CTP destruction
Double-checked locking pattern for destruction was missing the acquire
barrier for the initial load.

TSAN complained with a data race where:
T1: ClearAllUsedNodes(), clearing out the node
T2: a. if(GetNodeSafe()) { Lock; ... }
T2: b. operator delete

Since GetNodeSafe() was a relaxed load, operator delete was allowed to
be reordered which raced with ClearAllUsedNodes().

Bug: chromium:1239081, chromium:1242795
Change-Id: I3906555b13cc51538a1a54b7ca481a96d81fd84e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132264
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76599}
2021-08-31 12:13:01 +00:00
Michael Achenbach
0ffc1ba5fc [js-fuzzer] Make db more robust to failing code fragments.
Until now, the cross-over mutator would choke on several expressions
from DB and bail out (just wastes some time). We also have a script,
test_db.js to test on how many expressions it is going to bail out.

With this change, we already omit adding such expressions to the
DB in the first place. As a result, the test_db script now returns
zero failing expressions (while all other expressions remain).

Regression tests that now no longer apply are removed, instead a
test is added that ensures that a failing expression isn't added
to the DB.

No-Try: true
Bug: chromium:1044942
Change-Id: I14a4fe802c99114cf3a8f71188273475a7cb9c13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129340
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76598}
2021-08-31 11:28:21 +00:00
Manos Koukoutos
797e4afefe [wasm] Support reftypes tables in WasmModuleBuilder
WasmModuleBuilder is a class that is used to build Wasm modules in the
asm.js parser, in the fuzzer, as well as some tests. When it comes to
Wasm tables, WasmModuleBuilder currently supports only basic tables
(before the reftypes proposal) using an ad-hoc indirect-function index
vector.
This CL adds proper support for element sections and tables that use
them in the full potential of the reftypes extension. The new
functionality will only be used in the fuzzer and potentially some tests
in the future. Along this, we drop some functionality from
WasmModuleBuilder that was only used in tests and is redundant with the
new architecture.
Additionally, we remove tables other than externref and funcref from the
fuzzer (which were not supported properly or used anyway). We will
reintroduce them at a later time.

Bug: v8:11954
Change-Id: I0a4f6e7b63b6e3d9f7da03b5202fbf14d8678332
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122162
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76597}
2021-08-31 10:02:19 +00:00
Jakob Gruber
099d50f462 [compiler] Refactor compilation dependencies
- Move the compilation-dependency.h header contents into
  compilation-dependencies.cc;
- add macro lists to define type checks and casts;
- add invalidated dependency tracing to
  the --trace-compilation-dependencies flag (renamed from
  --trace-code-dependencies).

Bug: v8:7790
Change-Id: I34b950cd0b79b8d2673b1195599aec763f6b60d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129420
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76596}
2021-08-31 09:56:38 +00:00
Liu Yu
ccece72725 [mips] Do not use SimInstructionBase's implicit copy constructor
Change-Id: I99351dd92dacf4d8d9160b2e33213b830657516e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3131952
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#76595}
2021-08-31 09:39:28 +00:00
Lu Yahan
a9062f882f [riscv64] Optimize RiscvCmpzero emit extra instruction
Bug: v8:12151

Change-Id: I97d15e9089164c05715b3121839d4bd6ba08cb70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3131782
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76594}
2021-08-31 07:07:05 +00:00
Andrew Brown
1c381f9a83 [x64] Implement some common 256-bit assembler instructions
This change implements longer-width SIMD instructions in the x64
assembler by adding 256-bit versions to one of the conversion macros.
This emits mostly floating-point arithmetic and some boolean operations;
see `SSE_UNOP_INSTRUCTION_LIST` and `SSE_BINOP_INSTRUCTION_LIST`.

Design doc: https://docs.google.com/document/d/1VWZbkO5c_DdxlJObmSLN_9zQUZELVgXyudbpzv5WQM0

Change-Id: I36d56ee09d6b71f66734342cb37bfc9d4801d654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123648
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#76593}
2021-08-31 04:09:34 +00:00
v8-ci-autoroll-builder
b76d25ddfa Update V8 DEPS.
Rolling v8/build: 609fda6..36b1f71

Rolling v8/buildtools: 66ed234..ac4ea2d

Rolling v8/buildtools/third_party/libc++abi/trunk: 996cd74..be47d0e

Rolling v8/third_party/aemu-linux-x64: ddSGEd1PA5UG-ur2YFNiaY2SuddaJRHJB8HprZVuD68C..CPOECXfDP5keozFnmr0QOiSuGL3ELWB3zIOKJ0CkoAwC

Rolling v8/third_party/depot_tools: bd0674c..d4534cc

Rolling v8/third_party/instrumented_libraries: 9a8087b..ee10dbd

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I1425b7839fc335143338ae375ebc966c37a39210
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3131926
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76592}
2021-08-31 03:44:36 +00:00
Milad Fa
8377d19a05 [wasm][fuzzer] Fix compilation error on gcc
template specialisations must be defined
outside of class body to prevent the following compilation error:

error: explicit specialization in non-namespace scope

Change-Id: Ic4b74a28cd21d96991ad784fbd3c598668ffc476
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129881
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76591}
2021-08-31 00:23:23 +00:00
Michael Lippautz
fc63738927 cppgc: Add mutex to PageBackend
This guards against concurrent usages of PageBackend::Lookup() from
HeapRegistry which can race with adding/removing pages.

This race only manifests in debug mode.

Change-Id: If34dbc255faeda085e522501ff2995693cd97b2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129702
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76590}
2021-08-30 19:22:53 +00:00
Michael Achenbach
e08e941a95 [js-fuzzer] Fix broken db tester
This was missing in one of the last refactorings.

No-Try: true
Bug: chromium:1044942
Change-Id: I2c6bfc75251fad61f35a75afec3a1b2682175d68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127705
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76589}
2021-08-30 17:37:22 +00:00
Clemens Backes
9c5a434b51 [wasm][fuzzer] Simplify boolean decisions
The wasm-compile fuzzer sometimes needs to generate a boolean flag from
the input bytes. Since the general {DataRange::get} method results in
undefined behaviour if instantiated with the {bool} type, we are getting
an 8-bit value instead and looking at the least significant bit only.
This CL improves this situation by implementing a template
specialization for {bool} which uses the same trick, and uses that
instead of hand-coding the modulo operation at the call sites.

R=manoskouk@chromium.org

Bug: v8:11879
Change-Id: I6f9ce02dd8d9cd0998b83e081e4c6ca773e6cb53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129429
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76588}
2021-08-30 16:55:53 +00:00
Z Nguyen-Huu
db16496552 Fix gm.py on Windows
Bug: v8:12131
Change-Id: Id3800e20b136c9fc16770e8a5d5c95e4674c0069
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119380
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76587}
2021-08-30 16:46:22 +00:00
Seth Brenith
4c4366e748 [cleanup] Use @doNotGenerateCppClass on fewer classes
Most Torque-defined extern classes already use CPP class generation. As
Nico pointed out in [1], it would be nice to convert the remaining
classes and remove this option. This change converts most of those
remaining classes. I know that the future of Torque-defined classes is a
subject of some debate right now, but I think that it's worth doing a
few mechanical changes to reduce the existing variety of options. A
couple of minor fixes in the Torque compiler were required so that it
generates correct code for shapes.

[1] https://docs.google.com/document/d/1q_gZLnXd4bGnCx3IUfbln46K3bSs9UHBGasy9McQtHI/edit#

Bug: v8:8952
Change-Id: I7e6087153a18d6ee80e67926793e8ba8e01d501e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015666
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#76586}
2021-08-30 16:45:18 +00:00
Jakob Gruber
3ac13ef5b0 Add regression test for crrev.com/c/2928509
Bug: chromium:1209444
Change-Id: I4ec16a718061063dc01ec0d7c4a397c220e684c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3127718
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76585}
2021-08-30 16:44:15 +00:00
Georg Neis
2c27154e2d [compiler] Simplify JSTypedArrayRef
... by removing some obsolete code.

Bug: v8:7790
Change-Id: Iad31b60de5905ba05e1c622e81c3234071752e9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124806
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76584}
2021-08-30 16:40:03 +00:00
Michael Lippautz
06ff523bd5 cppgc-js: Fix pending edges crasher
Back references to C++ objects may point to objects that never have
their graph nodes materializes through other C++ edges. We can just
create a graph node in this case, and avoid delaying the merging
completetly.

Bug: chromium:1244522
Change-Id: I0e9cb7a89ee90bfba217bc8475ac40bd7fe92a0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129426
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76583}
2021-08-30 15:49:21 +00:00
Georg Neis
b7364a49ac [compiler] Simplify StringRef
... by removing some obsolete code.

Bug: v8:7790
Change-Id: I3a244ef5fc7fe15321e5bb1c9bb2fe794030ba3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124801
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76582}
2021-08-30 15:23:22 +00:00
Victor Gomes
19d8945634 [baseline] Remove UndoLastAllocationAt
It seems like SP on heap does not produce too much memory fragmentation,
therefore we do not need UndoLastAllocationAt.

Bug: v8:11872
Change-Id: Id2e44405329b52c1dcd6cd81bfc72ffba00035ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129428
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76581}
2021-08-30 15:22:02 +00:00
Georg Neis
ae7aa0ad09 [compiler] Simplify JSGlobalObjectRef
... by removing some obsolete code.

Bug: v8:7790
Change-Id: I722031158d45335f3e086eb335a447fbc5066cac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124798
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76580}
2021-08-30 14:48:42 +00:00
Omer Katz
301baa5584 cppgc: Report cppgc changes to oilpan-reviews@chromium.org
Bug: chromium:1056170
Change-Id: Ie639dd00fa146fa1ea166c282cbdead329604922
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129423
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76579}
2021-08-30 14:28:32 +00:00
Victor Gomes
20dc4dcc13 [baseline] Enable SP on the heap on future
Bug: v8:11872
Change-Id: Iaaf3ed68950a6a9fe60f91d73be8a0fbc17e1116
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129424
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76578}
2021-08-30 14:17:34 +00:00