If --turbo-nci is enabled, use compare op builtins with feedback
collection during generic lowering.
Bug: v8:8888
Change-Id: I886020e2ee280f65388d9987c70958546f99e0f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215821
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68100}
The allocation of heap storage for the vectors shows up in profiles, and
also the destruction of the contained elements.
Since we already have a compilation zone available, we can easily move
the vectors and all contained elements into the zone, where they will be
deallocated together with all other data at once.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I2c3d318f9b19b1b8c2e4e57e7523cd1c79192cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224220
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68099}
Cannot verify whether slots are cleared from a concurrent sweeping task,
the OLD_TO_NEW remembered set is owned by the main thread.
Bug: v8:10562
Change-Id: I0c880f7f96350aa35b44d2966c9621576825374c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215820
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68098}
Unconditionally check for errors (instead of a DCHECK), and print a
better error message (including the file path) if the file cannot be
opened.
R=tebbi@chromium.orgCC=machenbach@chromium.org
Bug: chromium:1087039
Change-Id: Ia5cb76b309e78631ecf9462de6c7cd3eb4bf9e59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224226
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68097}
This adds support for multiple isolates sharing the same module but
setting different breakpoints. This is simulated by having a debugger
test that runs in the "--isolates" variant, i.e. two isolates running
the same test at the same time. Both isolates will set and remove
breakpoints.
The DebugInfo will keep a separate list of breakpoints per isolate, and
when recompiling a function for debugging it will respect all
breakpoints in all isolates.
In order to ensure consistency if multiple isolates are setting or
removing breakpoints simultaneously, we go back to a more coarse-grained
locking scheme, where the DebugInfo lock is held while re-compiling
Liftoff functions.
While recompilation will install the code in the module-global code
table and jump table (and hence all isolates will use it for future
calls), only the stack of the requesting isolate is rewritten to
immediately use new code. This is OK, because other isolates are not
interested in the new breakpoint(s) anyway.
On {SetBreakpoint}, we always need to rewrite the stack of the
requesting isolate though, even if the breakpoint was set before by
another isolate.
Drive-by: Some fixes in SharedFunctionInfo in order to support setting
breakpoints via the Debug mirror.
R=thibaudm@chromium.org
Bug: v8:10359
Change-Id: If659afb273260fc5e8124b4b617fb4322de473c7
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218059
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68096}
Currently, it can be little difficult to understand why a command in
lldb-commands.py stops working. For example, at the moment running the
jlh command results in an empty line:
$ lldb --one-line "command script import ../../tools/lldb_commands.py" \
v8_hello_world
(lldb) br s -f hello-world.cc -l 49
(lldb) jlh script
(lldb)
With this commit this would instead display the following error message:
(lldb) jlh script
Failed to evaluate command
_v8_internal_Print_Object(*(v8::internal::Object**)(*(void*)(script))) :
error: cannot cast from type 'v8::Local<v8::Script>' to pointer type
'void *'
The output is really only two lines but I've wrapped the lines here so
they don't exceed the 72 column width. I'll follow up with a commit to
fix the issue reported.
Change-Id: I634a412b616dad7cadd74dce36418d27c1997777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083477
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68093}
Leading whitespaces are used to indiate control depth,
opcode prefix should be printed after the whitespaces.
Change-Id: I0a22864d1d5a2e643b15a4c10909c0387922f8e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224959
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#68092}
This reverts commit d04b5e4755.
Reason for revert: closed the tree with a simd related test failure:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64/37487?
Original change's description:
> [wasm-simd][liftoff][ia32][x64] Implement bitmask
>
> Implements i8x16 i16x8 i32x4 bitmask.
>
> This was merged into the proposal in
> https://github.com/WebAssembly/simd/pull/201/.
>
> Bug: v8:9909,v8:10308
> Change-Id: I882f0c2697213cdf593e745112e0897cee252009
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222607
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68090}
TBR=clemensb@chromium.org,zhin@chromium.org
Change-Id: I2e090f92d84b8f7d8bbf0725a4f64efaa18f3c65
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9909, v8:10308
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2223829
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68091}
Implement all_true for arm and arm64. Instruction sequence is the same
as TurboFan.
Bug: v8:9909
Change-Id: Ibe57c6ae6f700dfe5bd23a91a243778b6481c5a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2222606
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68089}
Hide the arrow button div for snapping the live range
panel when a new file is loaded.
Bug: v8:7327
Change-Id: I576444f12a0557cc6716eb0214586b54a042a899
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224838
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68087}
- Changes javascript builtins to use explicit parameters rather than
variadic, where possible.
tbr=tebbi@chromium.org
Bug: chromium:1085370
Change-Id: I84f01684729b32a9d27df3d021e72c34cc3a8aaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215225
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68079}
Implement all v8x16 v16x8 v32x4 all_true on ia32 and x64. arm and arm64
bailout for now, will be implemented later.
Bug: v8:9909
Change-Id: Icea38c00e33b387191e000b64100251525d8f8da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220446
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68077}
Implementation for for arm and arm64. For arm64, differ from TurboFan
implementation slightly, we don't need to the lane formats to match up,
V4S will work for all the anytrues, this makes the code slightly simpler
(no need to take the vector format as argument).
Bug: v8:9909
Change-Id: I2f40b56e816200f0f29ca151a8d6652e973350bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216933
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68076}
This CL is an initial attempt to reuse BoundedPageAllocator for cppgc.
The caged 4GB heap is needed for:
- fast implementation of the generational barrier;
- potential pointer compression project for Oilpan.
Bug: chromium:1029379
Change-Id: Idfb0ab92c988e2045d4a0e9746bedf841d66e282
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2215818
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68074}
Unreachable code may consume values from an empty stack as needed, known
as stack polymorphism. After consuming the values, the stack height
should still be 0, which was incorrectly handled by multi-value blocks.
R=ahaas@chromium.org
Bug: chromium:1085507
Change-Id: Ibf5f2d05bec0fbe029cfa66ee2d07540a370934a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218033
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68070}
Adds a --streaming-compile flag to d8 so that we can test the streaming/
background compilation (e.g. for performance testing).
This differs from the --stress-background-compile flag in two main ways:
1) It's not a stress test, so it doesn't run a main-thread compile
for verification, and
2) It uses the "proper" API, and (like Chromium) pumps the message
loop while waiting for compilation to complete, so e.g. GC idle
tasks can run.
Change-Id: I1ea1badf39d25076d95c8d19f173510da277541f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219937
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68069}
We currently try to compile more deterministically in single threaded
mode, which unexpectedly degrades performance due to repeated publishing
of single compilation units. We should only pay this cost in predictable
mode.
R=clemensb@chromium.org
Change-Id: I7eb06a0849d3001b99d057adec9850810a1d6a63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218288
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68067}
This avoids a warning by clang-tidy's modernize-use-nullptr.
Bug: v8:10488
Change-Id: I2820c7e5223101c5e3f7122d2a6a3526d36851e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218063
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68065}
This is a reland of dfdef88547
Original change's description:
> [wasm-simd] Fix extract lane unsigned extend
>
> The interpreter is missing a static cast when extracting lanes smaller
> than int32_t and doing an unsigned extend. The array in Simd128 is
> signed, so a direct cast to uint32_t will be a signed extension. The fix
> is to, in the unsigned case, cast to unsigned (of the appropriate size)
> first, then cast to uint32_t.
>
> Change-Id: Ifabb5b9690f08ad505ac94b84908db0970581818
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216721
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68029}
Change-Id: Ica7974a2f1f2a4f07b54cc68f9abcf5e121a9262
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219414
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68063}
This reverts commit e1b29ce738.
Reason for revert: The blink_web_tests have been failing for a long time, without turning the bots red. Reverting the revert.
Original change's description:
> Revert "[Promise.any] Re-ship Promise.any"
>
> This reverts commit 560a681f34.
>
> Reason for revert: Suspected cause of Blink web_test failures:
> https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Linux/4945
>
> Original change's description:
> > [Promise.any] Re-ship Promise.any
> >
> > The previous attempt failed because it uncovered an unrelated bug
> > (v8:10560). There are no known problems.
> >
> > Bug: v8:9808
> > Change-Id: I360917c45d95ba39c8bea80114ea02bc5e1f83ee
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219936
> > Commit-Queue: Marja Hölttä <marja@chromium.org>
> > Reviewed-by: Shu-yu Guo <syg@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#68048}
>
> TBR=marja@chromium.org,syg@chromium.org
>
> Change-Id: I0c60e1c230932a8d06bbdd193e8de792e5f54055
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:9808
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220325
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68055}
TBR=bbudge@chromium.org,marja@chromium.org,syg@chromium.org
# Not skipping CQ checks because this is a reland.
Bug: v8:9808
Change-Id: I9d60a5476ec9b027038e0935fa26265cf5122573
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2220330
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68062}
Split platform into a process-global initialization part and per-heap
platform objects.
These platform objects still contain allocators and executors. With
per-heap platforms GetForegroundTaskRunner() returns by definition the
correct runner.
In future, when initialized throuhg V8, an adapter can be used to
translate between the different platforms, avoiding the needed for V8
embedders to provide additional information.
Bug: chromium:1056170
Change-Id: I11bdd15e945687cfbdf38cae4137facb02559e0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218030
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68059}
Rolling v8/build: 99ffd3c..8275366
Rolling v8/third_party/aemu-linux-x64: 4xEEbuyLmLA-dGdzewQlaM2km7fPUiGEEdIQJhIK8v4C..FFXalyWh9_tNZ0e_Opz7FT6mJn6JW0S2ULAX3bOp0xIC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ae2ed9f..616e38c
Rolling v8/third_party/depot_tools: 8f6bfe3..4504fd5
Rolling v8/third_party/googletest/src: a09ea70..011959a
Rolling v8/third_party/zlib: 94df8b7..f5eca0d
Rolling v8/tools/clang: e34638c..8b9091f
Rolling v8/tools/swarming_client: 7e86362..90c5e17TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I8f6a76975cb22d68963f5bf2ebbeef9b33a5c959
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2219819
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68058}
This prepares using ochang_js_fuzzer with foozzie. The fuzzer uses
tests from CrashTests in the corpus. This leads to a loop when
used with differential fuzzing, as foozzie dedupes failures based
on the original file path. Foozzie finds a new failure for the
existing failure in CrashTests, for which clusterfuzz creates a new
crash test and so on.
This subsumes all failures from CrashTests under the same key.
Once such a failure is reported, a developer can add it to a
mapping in foozzie.py, after which the global key can be used
again by clusterfuzz to report another failure.
No-Try: true
Bug: chromium:1044942
Change-Id: I801a23faeb0c672d6ad64b4100c463f53e36cbc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214837
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68053}
Allocating a new feedback vector happens in two steps: We create an
empty structure and then initialize the array based on the
FeedbackMetadata.When allocating a new feedback array we could trigger
a GC which might flush the bytecode and associated feedback metadata.
This shouldn't happen in normal cases, because we either allocate
feedback vector after compilation or when we reach the expected budget.
In both cases, the age of the feedback vector should be 0 and hence
bytecode shouldn't be flushed. However, with debugger enabled we may
allocate feedback vectors even when the bytecode array is old
for example: when we enable precise invocation counters. This also
causes issues in tests with --stress-flush-bytecode. In the stress mode
we flush bytecode without considering the age. Holding on to the
feedback metadata prevents crashes in such cases.
Bug: v8:10560
Change-Id: Ie806ff4102cb5fcf257c8683d5ca957853e38c05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2218066
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68052}
