Commit Graph

25937 Commits

Author SHA1 Message Date
Ng Zhi An
c771a480d8 [wasm-simd] Add some more NaNs to test array
There were some +/- infs hidden in that list of NaNs (and those were
repeated too). Add a NaN with top bit of payload unset. This will help
catch cases where we did not canonicalize results properly.

Bug: v8:10862
Change-Id: I05e3e0b2351430abf3eaa859a0d828f43b44cfb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2386483
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69651}
2020-09-01 18:52:19 +00:00
Gus Caplan
d4d0cf3262 [api] add reflection apis for v8::Data
Allows reflection of v8::Data types, such as being able to check if a
value is a v8::Module. This is useful for libraries which wrap the V8
API, such as rusty_v8.

Change-Id: I4841c5f7f60885b20e1504c8562e278844ff7ec3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2382719
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Gus Caplan <snek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69649}
2020-09-01 16:31:59 +00:00
Andreas Haas
10e2311f8a [test] Enable --wasm-tier-up when test does serialization
With a recent change, we require WebAssembly code to be tiered up to
serialize it, see https://crrev.com/c/2349290. In that CL tests were
adjusted to set the --wasm-tier-up flag when serialization was involved.
However, the test adjusted in this CL was missing, because this test
used the kExprRefNull instruction, which caused a bailout to TurboFan
anyways. With recent changes, Liftoff can compile kExprRefNull now,
and therefore causes problems.

R=thibaudm@chromium.org

Bug: v8:10852
Change-Id: I9b89f37c22f17cbf046110f3ee1c98bfea73e009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387574
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69648}
2020-09-01 15:35:09 +00:00
Peter Marshall
ca6675ed95 [cpu-profiler] Add stats to track missing or unnattributed frames
This adds a global counter for the various reasons we might fail to
attribute a tick.

The counters are cleared and printed when Profile::Print() is called,
which we call in our tests, so flaky test output will now contain these
stats along with the printed profile tree.

Drive-by cleanup some print functions and make them const.

Change-Id: Ia3a27405f5b5346adfdbb32afc7e414857969cc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550406
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69647}
2020-09-01 15:14:49 +00:00
evih
42fcb2c25f [wasm] Use generic js-to-wasm wrapper for n int32 param case
The generic wrapper can be used for Wasm functions with int32 parameters
and no return values.

Changed the GC scanning for the generic wrapper.

Added tests for cases when all the parameters of the Wasm function fit
into registers and when some of the parameters are on the top of the
stack.

Change-Id: I511fd04d2a4a2bdc4a6f72d72e2867a03b256f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381459
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69645}
2020-09-01 12:31:09 +00:00
Andreas Haas
024f2c4b80 [wasm][fuzzer] Enable trap handlers only once
The fuzzer function is called multiple times with libfuzzer. Trap
handlers, however, should only be initialized once. With this CL we add
a flag to initialize trap handlers only once.

R=clemensb@chromium.org

Bug: chromium:1122590
Change-Id: Ib51a50cfe9dad5e3133de3085ad147f5a069b1bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384769
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69643}
2020-09-01 12:03:59 +00:00
Peter Marshall
3243506267 Revert "[cpu-profiler] Ensure sampled thread has Isolate lock under Windows"
This reverts commit dfb3f7daa5.

Reason for revert: Breaks LSAN & ASAN flakily: https://bugs.chromium.org/p/v8/issues/detail?id=10861

Original change's description:
> [cpu-profiler] Ensure sampled thread has Isolate lock under Windows
> 
> While the sampler checked if the sampled thread had the Isolate locked
> (if locks are being used) under Linux, the check was not done under
> Windows (or Fuchsia) which meant that in a multi-threading application
> under Windows, thread locking was not checked making it prone to seg
> faults and the like as the profiler would be extracting info from a
> heap in motion. The fix was to move the lock check into CpuSampler
> and Ticker (--prof) so all OSes would do the correct check.
> 
> The basic concept is that on all operating systems a CpuProfiler, and
> so its corresponding CpuCampler, the profiler is tied to a thread.
> This is not based on first principles or anything, it's simply the
> way it works in V8, though it is a useful conceit as it makes
> visualization and interpretation of profile data much easier.
> 
> To collect a sample on a thread associated with a profiler the thread
> must be stopped for obvious reasons -- walking the stack of a running
> thread is a formula for disaster. The mechanism for stopping a thread
> is OS-specific and is done in sample.cc. There are currently three
> basic approaches, one for Linux/Unix variants, one for Windows and one
> for Fuchsia. The approaches vary as to which thread actually collects
> the sample -- under Linux the sample is actually collected on the
> (interrupted) sampled thread whereas under Fuchsia/Windows it's on
> a separate thread.
> 
> However, in a multi-threaded environment (where Locker is used), it's
> not sufficient for the sampled thread to be stopped. Because the stack
> walk involves looking in the Isolate heap, no other thread can be
> messing with the heap while the sample is collected. The only ways to
> ensure this would be to either stop all threads whenever collecting a
> sample, or to ensure that the thread being sampled holds the Isolate
> lock so prevents other threads from messing with the heap. While there
> might be something to be said for the "stop all threads" approach, the
> current approach in V8 is to only stop the sampled thread so, if in a
> multi-threaded environment, the profiler must check if the thread being
> sampled holds the Isolate lock.
> 
> Since this check must be done, independent of which thread the sample
> is being collected on (since it varies from OS to OS), the approach is
> to save the thread id of the thread to be profiled/sampled when the
> CpuSampler is instantiated (on all OSes it is instantiated on the
> sampled thread) and then check that thread id against the Isolate lock
> holder thread id before collecting a sample. If it matches, we know
> sample.cc has stop the sampled thread, one way or another, and we know
> that no other thread can mess with the heap (since the stopped thread
> holds the Isolate lock) so it's safe to walk the stack and collect data
> from the heap so the sample can be taken. It it doesn't match, we can't
> safely collect the sample so we don't.
> 
> Bug: v8:10850
> Change-Id: Iab2493130b9328430d7e5f5d3cf90ad6d10b1892
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377108
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69623}

TBR=akodat@rocketsoftware.com,petermarshall@chromium.org,petermarshall@google.com

Change-Id: Ib6b6dc4ce109d5aa4e504fa7c9769f5cd95ddd0c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10850
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2387570
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69638}
2020-09-01 10:21:41 +00:00
Santiago Aboy Solanes
5d471ee6df [unwinder] Clean up existing tests
Mostly a cleanup for x64.

Also enable two tests for Arm and Arm64 since they do not make use of
JSEntry frames.

Bug: v8:10833
Change-Id: Id6adadf582bdca0076460842ffe4ec856ca99393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381455
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69634}
2020-09-01 09:46:29 +00:00
Omer Katz
aa923b1c85 cppgc: Update heap growing heuristics for incremental gc
Heap growing estimates when to start  incremental gc such that it
will finish when we are expecting to finalize (i.e. when an atomic
gc would be triggered).
There is also a minimum ratio between limit for atomic gc and limit
for incremental gc, to guarantee that incremental gc get's some time to
run even with the application rarely allocates.

This is a continuation of:
https://chromium-review.googlesource.com/c/v8/v8/+/2377691

Bug: chromium:1056170
Change-Id: I8c87e98d60b6f8b5748558771a236f15385f7858
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381454
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69630}
2020-08-31 21:56:03 +00:00
Milad Farazmand
db837d580f PPC/s390: [wasm-simd][mips] Skip test on arch without SIMD
Port 524fa743da

Original Commit Message:

    This regression test does not work on MIPS without SIMD since the scalar
    lowering is not complete yet. Skip it for now.

R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: I0338593de3160dc0864c066e607b6030956e3efa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2386141
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69629}
2020-08-31 20:28:15 +00:00
bcoe
6be2f6e26e [coverage] IncBlockCounter should not be side-effect
Incrementing coverage counter was triggering EvalError for
evaluateOnCallFrame when throwOnSideEffect is true.

R=jgruber@chromium.org, sigurds@chromium.org, yangguo@chromium.org

Bug: v8:10856
Change-Id: I0552e19a3a14ff61a9cb626494fb4a21979d535e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384011
Commit-Queue: Benjamin Coe <bencoe@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69628}
2020-08-31 19:27:55 +00:00
Ng Zhi An
524fa743da [wasm-simd][mips] Skip test on MIPS without SIMD
This regression test does not work on MIPS without SIMD since the scalar
lowering is not complete yet. Skip it for now.

Bug: v8:10831
Change-Id: Icc407488a96d4c965c1cf956f7a74abde078d421
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2385855
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69626}
2020-08-31 18:14:45 +00:00
Arthur Eubanks
8959494191 Add -Wno-string-concatenation to test/cctest:cctest_sources
v8/test/cctest/interpreter/test-bytecode-generator.cc contains lots of string arrays with intentional concatenation.

Bug: chromium:1114873
Change-Id: Ie9d35c3849b5b0a6d1d01b6ce21fb80a320d8736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366829
Commit-Queue: Arthur Eubanks <aeubanks@google.com>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69625}
2020-08-31 16:57:23 +00:00
Tianping Yang
a96715b0dc [test] Add a test case to the snaphot with all function code
By eager compile all functions in the startup snapshot, the startup
snapshot can contain all function codes without warm-up.

BUG=v8:4836
R=yangguo@chromium.org

Change-Id: I07e86b6940c2fe75816df8ae429d110272216d0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379535
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69624}
2020-08-31 15:31:53 +00:00
Alex Kodat
dfb3f7daa5 [cpu-profiler] Ensure sampled thread has Isolate lock under Windows
While the sampler checked if the sampled thread had the Isolate locked
(if locks are being used) under Linux, the check was not done under
Windows (or Fuchsia) which meant that in a multi-threading application
under Windows, thread locking was not checked making it prone to seg
faults and the like as the profiler would be extracting info from a
heap in motion. The fix was to move the lock check into CpuSampler
and Ticker (--prof) so all OSes would do the correct check.

The basic concept is that on all operating systems a CpuProfiler, and
so its corresponding CpuCampler, the profiler is tied to a thread.
This is not based on first principles or anything, it's simply the
way it works in V8, though it is a useful conceit as it makes
visualization and interpretation of profile data much easier.

To collect a sample on a thread associated with a profiler the thread
must be stopped for obvious reasons -- walking the stack of a running
thread is a formula for disaster. The mechanism for stopping a thread
is OS-specific and is done in sample.cc. There are currently three
basic approaches, one for Linux/Unix variants, one for Windows and one
for Fuchsia. The approaches vary as to which thread actually collects
the sample -- under Linux the sample is actually collected on the
(interrupted) sampled thread whereas under Fuchsia/Windows it's on
a separate thread.

However, in a multi-threaded environment (where Locker is used), it's
not sufficient for the sampled thread to be stopped. Because the stack
walk involves looking in the Isolate heap, no other thread can be
messing with the heap while the sample is collected. The only ways to
ensure this would be to either stop all threads whenever collecting a
sample, or to ensure that the thread being sampled holds the Isolate
lock so prevents other threads from messing with the heap. While there
might be something to be said for the "stop all threads" approach, the
current approach in V8 is to only stop the sampled thread so, if in a
multi-threaded environment, the profiler must check if the thread being
sampled holds the Isolate lock.

Since this check must be done, independent of which thread the sample
is being collected on (since it varies from OS to OS), the approach is
to save the thread id of the thread to be profiled/sampled when the
CpuSampler is instantiated (on all OSes it is instantiated on the
sampled thread) and then check that thread id against the Isolate lock
holder thread id before collecting a sample. If it matches, we know
sample.cc has stop the sampled thread, one way or another, and we know
that no other thread can mess with the heap (since the stopped thread
holds the Isolate lock) so it's safe to walk the stack and collect data
from the heap so the sample can be taken. It it doesn't match, we can't
safely collect the sample so we don't.

Bug: v8:10850
Change-Id: Iab2493130b9328430d7e5f5d3cf90ad6d10b1892
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377108
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69623}
2020-08-31 15:18:05 +00:00
Martin Bidlingmaier
136670652c [regexp] Support some non-trivial EXPERIMENTAL patterns
This CL adds support for disjunctions and some quantification in
EXPERIMENTAL regexp patterns. It is implemented using a new bytecode
format and an NFA-based breadth-first interpreter.

R=jgruber@chromium.org

Bug: v8:10765
Change-Id: Idd49a3bbc9a9fcc2be80d822c9d84a638e53e777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370634
Commit-Queue: Martin Bidlingmaier <mbid@google.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69621}
2020-08-31 11:09:43 +00:00
Jakob Gruber
f8061c6c66 [compiler] Revisit graph end after a gasm reduction in call reducer
The graph assembler calls MergeControlToEnd as part of Unreachable
node creation; this causes issues when used inside the GraphReducer
framework, since the reducer is not notified by gasm that the end node
should be revisited.

The (hacky) fix in this CL is to always mark the end node for
revisitation after a gasm reduction has taken place.

Bug: v8:8888,chromium:1123379
Change-Id: I350bb7144add04a0c3fd7f3d88c07fcfe1cd42e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384772
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69619}
2020-08-31 10:40:03 +00:00
Marja Hölttä
925effd045 [super property speed] Invert benchmark graphs
The goal is to have one graph per test case, and inside the graph,
4 different lines:
- baseline
- baseline noopt
- super-ic
- super-ic noopt

Bug: v8:9237
Change-Id: I511b5555487a3d96698a3fb648abf76a13f76858
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384770
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69618}
2020-08-31 09:24:46 +00:00
Jakob Kummerow
b5a33ebafe [test] Make a few tests robust to GC stress
A recent unrelated change caused these tests to get unlucky in
GC stress mode. Their "assertOptimized" expectations rely on
certain type feedback data not getting flushed at the wrong time.

Bug: v8:10846
Change-Id: I86d0b0c049539e4a69aa764cc6ec92465ca12beb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2381458
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69617}
2020-08-31 08:37:16 +00:00
Jake Hughes
5f6aa2e5bf [heap] Add object start bitmap for conservative stack scanning
With conservative stack scanning enabled, a snapshot of the call stack
upon entry to GC will be used to determine part of the root-set. When
the collector walks the stack, it looks at each value and determines
whether it could be a potential on-heap object pointer. However, unlike
with Handles, these on-stack pointers aren't guaranteed to point to the
start of the object: the compiler may decide hide these pointers, and
create interior pointers in C++ frames which the GC doesn't know about.

The solution to this is to include an object start bitmap in the header
of each page. Each bit in the bitmap represents a word in the page
payload which is set when an object is allocated. This means that when
the collector finds an arbitrary potential pointer into the page, it can
walk backwards through the bitmap until it finds the relevant object's
base pointer. To prevent the bitmap becoming stale after compaction, it
is rebuilt during object sweeping.

This is experimental, and currently only works with inline allocation
disabled, and single generational collection.

Bug: v8:10614
Change-Id: I28ebd9562f58f335f8b3c2d1189cdf39feaa1f52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375195
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69615}
2020-08-31 07:10:36 +00:00
Ng Zhi An
ab23ff3c0e [ia32][wasm-simd] Fix aligned moves in codegen
For SIMD instructions that use aligned moves (like movaps or movapd), we
don't have correct memory alignment for SIMD moves yet. Switch to to
movupd.

Bug: v8:9198
Bug: v8:10831
Change-Id: Ic60fba5d08dda9676f6091ce505ac7be54957d00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2380240
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69613}
2020-08-28 22:59:56 +00:00
Clemens Backes
dbb13d615b [wasm] Allow specifying larger code space limits
Even though we provide a --wasm-max-code-space flag (defaulting to
{kMaxWasmCodeMB}, we still had checks in place that the actual committed
code space is not bigger than that constant.
This CL fixes that by always comparing against the value of the flag.
This will allow us to specify a code space limit which is larger than
the default. This is useful when debugging larger Wasm apps which exceed
the limit, but are not meant to be shipped that way.

Drive-by: Remove a dead use of the {kMaxWasmCodeMemory} constant.

R=ecmziegler@chromium.org

Bug: chromium:1117033, chromium:1114093, chromium:1107649, chromium:1111266
Change-Id: I2684446230a8a6f0a27ad963dd6f36e5764b25e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376810
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69611}
2020-08-28 16:25:36 +00:00
Clemens Backes
1512f89328 [asm] Fix globals initialized by '-0'
Those globals must have type float instead of int to preserve the sign
bit.

R=ahaas@chromium.org

Bug: chromium:1069173
Change-Id: I9769f47f087aaba94a6172118be44f70adeded0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379861
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69609}
2020-08-28 15:19:16 +00:00
Marja Hölttä
5339e5467e [super property speed] Add a byte code for super property access
This is the first step in a series of CLs. The goal is to make
super property access faster.

Design doc: https://docs.google.com/document/d/1b_wgtExmJDLb8206jpJol-g4vJAxPs1XjEx95hwRboI/edit?usp=sharing

This CL:
- Add bytecode LdaNamedPropertyFromSuper
- IGNITION_HANDLER just calls Runtime::LoadFromSuper
- JSGenericLowering::LowerJSLoadNamedFromSuper just replaces the node
with a runtime call to Runtime::LoadFromSuper


Bug: v8:9237
Change-Id: Id28e935294c5068dd6c54e6b860a77d61517fff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327912
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69604}
2020-08-28 11:02:26 +00:00
Anton Bikineev
c316d0ede4 cppgc: Nullify source Members on move
Explicit nullification aims to simplify migration to Oilpan, in the
case when unique_ptrs are converted to Member and user code relies on
source pointers to be in "empty" state.

Change-Id: Ia54137d53ca03f93932b3c1f2eaba439a416a06e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379857
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69603}
2020-08-28 10:38:36 +00:00
Omer Katz
f13c55d7b2 cppgc: Port incremental marking schedule
Schedule is simpler compared to the schedule in blink since it now
returns deadlines based on marked bytes instead of time.

If marking is ahead of schedule, return the minimum step size.
Otherwise, set step size to catch up to schedule (ignoring the time
passed while performing the step).
No more default initial step size (needed in blink since marking speed
was unknown).
If estimated schedule is exceeded (marking takes longer than 500ms), the
steps will try to mark all remaining objects but would still be capped
by the maximum step duration of 2ms.

Bug: chromium:1056170
Change-Id: I09857db161c621a12d064f9c8c21b646c34f9d71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375200
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69602}
2020-08-28 10:27:16 +00:00
Omer Katz
18ff56600c cppgc: Eliminate marking boilerplate
Starting marking required Creating a Marker and calling StartMarking.
StartMarking should always have been called immediately after creating
the marker.
Since markers are not persisted between GC (a marker exists only while
marking is in progress), it makes sense to start marking implicitly when
a marker is created.

Calling StartMarking in MarkerBase ctor is inadvisable since subclasses
might still to initialize fields.
Using MarkerFactory instead guarantees that StartMarking is always
called immediately after creating a Marker.

Bug: chromium:1056170
Change-Id: Icbf11afd848e1618c204ca6bf951600b3ae9fef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375199
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69601}
2020-08-28 09:41:06 +00:00
Piotr Bialecki
2a49c90346 Revert "[heap] Add concurrent typed slot recording"
This reverts commit 9eb090d261.

Reason for revert: breaks trybot android-pie-arm64-dbg, repro steps: build cctest with target_cpu="arm64" in the args.

See thread: 
https://chromium.slack.com/archives/CGJ5WKRUH/p1598563610118900

Original change's description:
> [heap] Add concurrent typed slot recording
> 
> Since the typed slot set is not thread-safe, each concurrent marking
> barrier collects typed slots locally and publishes them to the main
> typed slot set in safepoints.
> Bug: v8:10315
> 
> Change-Id: If1f5c5df786df88aac7bc27088afe91a4173c826
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370302
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69576}

TBR=ulan@chromium.org,dinfuehr@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:10315
Change-Id: Iade0443e5eccef06e3ea77913e18fd1f563995f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2380613
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69597}
2020-08-28 06:41:06 +00:00
Frank Tang
c8f6d9ddab Roll test262
e73054f7..24c6732

Bug: v8:7834
Change-Id: I1410cc5efa66860e31b27a25dc0d5de3c20fe5bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379868
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69595}
2020-08-27 23:35:05 +00:00
Victor Gomes
a695cb403c [test] Add short copyright to regress-1120905.js
Change-Id: I49dbd52b9019b1da94dfa91c73116e827ce74ca4
Bug: chromium:1120905, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377689
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69592}
2020-08-27 20:58:05 +00:00
Frank Tang
1f17cfaeaa Change the order of the DateTimeFormat resolved
Move fractionalSecondsDigits between second and timeZoneName
Change order of reading options.
To sync with the July 20 PR change in
ba085a9111
Latest ECMA402 PR https://github.com/tc39/ecma402/pull/347

Bug: v8:10836
Change-Id: Ia414e0c7cc18502ccabaf02abd19861410b87cae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378460
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69591}
2020-08-27 20:39:05 +00:00
Arnaud Robin
6ad8193be2 [wasm] Add priorities for function compilation
In order to improve our tiering strategy, it is a good idea to start
by tiering up functions that will be used the most, as this is done in
most JavaScript engines.

To decide which function requires tiering, we use as a basic strategy
to define its compilation priority to 'func_size * number_of_calls',
this roughly approximates the time we spend in the function.

To handle prioritization, it seemed that using  a concurrent
priority queue similar to BigUnits was causing concurrencies issues.
I then decided to use different priority queues for each worker thread.

R=clemensb@chromium.org
CC=thibaudm@chromium.org

Bug: v8:10728
Change-Id: I6f314468549000b2a9b51d3d470f04a0cb997879
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367859
Commit-Queue: Arnaud Robin <arobin@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69585}
2020-08-27 13:42:55 +00:00
Santiago Aboy Solanes
ab4ae86060 [arm] Update unwinder for JSEntry frames for arm32
Reading the proper pc, fp and sp in a JSEntry frame is in a different
offset than in the regular frames.

Bug: v8:10779, v8:10833
Fixes: v8:10779
Change-Id: I9aec44276fba0aab95b761ab17a16ec3767f4eb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369173
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69582}
2020-08-27 09:46:54 +00:00
Ng Zhi An
6da647f501 [wasm-simd] Move bitmask into SIMD MVP
Now that 86 has branched, we can move bitmask into the SIMD MVP, it will
not affect the current OT. (We want any OT extension to include
bitmask.)

Bitmask was accepted into the proposal in
https://github.com/WebAssembly/simd/pull/201.

Bug: v8:10308
Change-Id: Ib61190fcea2bfc0ce7bf733086e1a81388216a59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2378290
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69577}
2020-08-26 21:35:20 +00:00
Ulan Degenbaev
9eb090d261 [heap] Add concurrent typed slot recording
Since the typed slot set is not thread-safe, each concurrent marking
barrier collects typed slots locally and publishes them to the main
typed slot set in safepoints.
Bug: v8:10315

Change-Id: If1f5c5df786df88aac7bc27088afe91a4173c826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2370302
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69576}
2020-08-26 20:46:00 +00:00
Frank Tang
db1115e267 [Intl] Fix Heap-use-after-free
Fix Heap-use-after-free READ 2 in Intl.Segmenter
when the segments got free during the iteration
We need to keep a copy of the string in the iterator instead
of depending on the one referenced from the segments.

Bug: chromium:1121156, v8:6891
Change-Id: I26ef5baccaa470dc1bd8cc229c737f556d27160e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2376173
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69575}
2020-08-26 20:27:10 +00:00
Clemens Backes
2d78b3a72a [wasm][fuzzer] Fix BigInt parameters
The fuzzers were calling the compiled function without passing explicit
arguments. Thus all arguments were converted from the "undefined" value,
which typically results in a zero value, as expected.
For BigInt though, it's not allowed to pass "undefined". We have to pass
a proper BigInt.
This CL implements this by passing explicit parameter values for all
parameters.

This effectively unlocks testing BigInt parameters in all fuzzers, thus
may increase coverage and find new bugs.

R=ahaas@chromium.org

Bug: chromium:1120355
Change-Id: I4e451d2418eb73d460fa937d1cf95a1ab6c99cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377945
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69570}
2020-08-26 14:22:19 +00:00
Santiago Aboy Solanes
1ffb60089f [unwinder] Remove the old unwinder tests from cctest.status
I forgot to remove them when I removed the old API in
https://chromium-review.googlesource.com/c/v8/v8/+/2369174.

Bug: v8:8116
Change-Id: I74a9670f56d09b7907187d5abcf15d707c8100a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377688
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69569}
2020-08-26 13:47:49 +00:00
Victor Gomes
d721dc8f14 [deoptimizer] Reverse arguments in DoComputeArgumentsAdaptorFrame
Change-Id: I31e205b696627913584016bb9197e1e719ca0237
Bug: chromium:1120905, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375191
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69565}
2020-08-26 07:43:58 +00:00
Ng Zhi An
ddf30bea13 [wasm-simd][x64] Check for register when emitting shuffles
Some shuffles take have either register or memory operand for second
input, but the codegen incorrectly assumes that it is always a register.

Bug: v8:10824
Change-Id: Ia2df233dad4ed451e52e57e35cce5c80db0905db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2373586
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69562}
2020-08-25 17:52:16 +00:00
Clemens Backes
8860c5f1c5 Reland "[wasm] Move kMaxWasmCodeSpaceSize to wasm directory"
This is a reland of c2ea20473d

Original change's description:
> [wasm] Move kMaxWasmCodeSpaceSize to wasm directory
> 
> This limit is wasm-internal, and does not need to be exposed via
> src/common/globals.h.
> This CL moves it into the {WasmCodeAllocator}.
> 
> Drive-by: Minor simplification in jump table stress test.
> 
> R=ecmziegler@chromium.org
> 
> Change-Id: Iff8c4657697ae98123d840a022c5b21c4948fcdf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375189
> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69558}

Change-Id: I6e0432d14d23978dea599233e620e84d8255caf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375388
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69560}
2020-08-25 17:14:56 +00:00
Clemens Backes
dc3f30ef2e Revert "[wasm] Move kMaxWasmCodeSpaceSize to wasm directory"
This reverts commit c2ea20473d.

Reason for revert: Link failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20cfi/26209

Original change's description:
> [wasm] Move kMaxWasmCodeSpaceSize to wasm directory
> 
> This limit is wasm-internal, and does not need to be exposed via
> src/common/globals.h.
> This CL moves it into the {WasmCodeAllocator}.
> 
> Drive-by: Minor simplification in jump table stress test.
> 
> R=​ecmziegler@chromium.org
> 
> Change-Id: Iff8c4657697ae98123d840a022c5b21c4948fcdf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375189
> Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69558}

TBR=clemensb@chromium.org,ecmziegler@chromium.org

Change-Id: Ic3466eb17f2b3dfa4a0864002b0590fa0f571bb5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375387
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69559}
2020-08-25 15:42:18 +00:00
Clemens Backes
c2ea20473d [wasm] Move kMaxWasmCodeSpaceSize to wasm directory
This limit is wasm-internal, and does not need to be exposed via
src/common/globals.h.
This CL moves it into the {WasmCodeAllocator}.

Drive-by: Minor simplification in jump table stress test.

R=ecmziegler@chromium.org

Change-Id: Iff8c4657697ae98123d840a022c5b21c4948fcdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375189
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69558}
2020-08-25 15:34:46 +00:00
Dominik Inführ
2c879c68c5 [handles] Check FLAG_local_heaps in IsDereferenceAllowed()
While LocalHeap allow to dereference handles on background threads, this
is only possible when FLAG_local_heaps is enabled.

Bug: v8:10315
Change-Id: Ia27582cda7e4b4faf4d2c76959de418415e1ae68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2372147
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69557}
2020-08-25 14:25:03 +00:00
Andreas Haas
289c15eb6d [wasm][liftoff] Allow reftype results, and implement ref.null
This CL is the start to implement reference types support in Liftoff.
As a first step this CL implements the ref.null instruction, and allows
reference types as return values. This allows register allocation to be
extended to support reference types, and also adds an easy way to get a
reference type value for tests. Additionally with ref.null we don't have
to worry about garbage collection because 'null' is an immovable object
and therefore does not have to be scanned by the GC.

R=thibaudm@chromium.org

Bug: v8:7581
Change-Id: I5785dcf522c0d9881e1386f2d8b5d8560a16225c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352784
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69556}
2020-08-25 14:15:53 +00:00
Jakob Gruber
b9b25d1289 [nci] Skip regress-1112155 in nci test modes
NCI code deopts differently than TF code.

Tbr: mythria@chromium.org
Bug: v8:8888
Change-Id: Ica1352ed5aba648c95a8a26fd6c2dd703b0f335c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2375186
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69555}
2020-08-25 14:09:33 +00:00
Etienne Pierre-doray
d77e12bcb9 [Jobs API]: Implement missing Jobs pieces in the various v8 implementations.
- JobHandle::IsCompleted()
- JobDelegate::GetTaskId()
- worker_count passed as argument to GetMaxConcurrency().
  Jobs implementation must call the new GetMaxConcurrency(), but Jobs
  users aren't migrated yet.

Bug: chromium:1114823
Change-Id: I0f4295ccaf9eba866dd771f30e2e49aa3eae9551
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352484
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69553}
2020-08-25 13:38:03 +00:00
Pierre Langlois
243b7f63e1 [cctest][heap] Fix remaining memory calculation to simulate full pages.
The cctests need to simulate full pages, however the calculation of the
remainging available space is wrong causing an assertion when we change
the V8 page size to 512K:

    $ cctest test-array-buffer-tracker/ArrayBuffer_PagePromotion

    #
    # Fatal error in ../../test/cctest/heap/heap-utils.cc, line 94
    # Check failed: padding_size <= overall_free_memory || overall_free_memory == 0.

The reason is:

  - On startup, we register a scavenger observer on the new space. The
    observer is set to trigger when the new space capacity is at 80% by
    default.

  - On linux, the initial capacity of the new space is 512K, so the
    scavenger observer will be placed at 80% of 512K, which will either
    be in the second page of the space if the page size is 256K, or in
    the first page if the page size is 512K.

  - When placing the observer, if the observer hits the first page, we
    lower the allocation limit (see `ComputeLimit()`). This makes sure
    the observer isn't skipped by allocations inlined in generated code.

However, when we simulate filling the current page, we compute the space
left in the current page by comparing the top with the `page_high()`
rather than `limit()`. This was done so the tests would also work when
inlined allocations are disabled. If we don't look at the `limit()`, we
don't take the observer into account and fill more space than is
available, triggering the assertion.

This can also be reproduced by reducing the % at which the scavenger is
triggered so that it hits the first page instead of the second when the
page size is 256K, for example passing --scavenge-task-trigger=10.

Bug v8:10808, v8:9906

Change-Id: Iad50bb68995de5ee017dcbe069d1fb229c9f5985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2372545
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69550}
2020-08-25 10:39:43 +00:00
Marja Hölttä
32e1871030 [super property speed] js-perf-test: minor formatting fix
Bug: v8:9237
Change-Id: Iaa1e3485eaecdd5af654177f207a990a2e63396b
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2374545
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69546}
2020-08-25 08:00:13 +00:00
Marja Hölttä
a6b38d817c [super property speed] Add js-perf-tests for super property access
Bug: v8:9237
No-Try: True
Change-Id: Ic1bba1e0f5584350217c3971dfcc769c86beb1fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366694
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69538}
2020-08-24 12:20:49 +00:00
Santiago Aboy Solanes
9c5eed71c7 [unwinder] Delete the old unwinder API
The new one was created in
https://chromium-review.googlesource.com/c/v8/v8/+/1969900, and the old
API was deprecated in
https://chromium-review.googlesource.com/c/v8/v8/+/2110015, so now we
can remove it.

Bug: v8:8116
Change-Id: Ia839279609b412c36f1f17368acef23fe07e7c61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369174
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69536}
2020-08-24 10:36:59 +00:00
Frank Tang
e8a5793abc Skip tests on Andriod dep on Chinese dict.
Bug: v8:10819
Change-Id: I91cf658d9fdcbaf58d6b2e5734c59d7248b8393e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2369461
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69524}
2020-08-21 20:57:47 +00:00
Mythri A
3551cac6da [turboprop] For double data fields check loaded value is HeapNumber
With in-place representation changes we can transition from a double
field to a Tagged field without changing the map. So it is not always
safe to assume the loaded value would be a HeapNumber. TurboFan takes a
dependency on the field representation to ensure the code is deoptimized
on any changes. With dynamic map checks, it is not possible to take such
a dependency. Hence check the loaded value is a HeapNumber and
deoptimize otherwise.

Bug: chromium:1112155,v8:10582
Change-Id: I910ac1c0781ac8842fdbf272f9173b55b02923ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354810
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69521}
2020-08-21 17:00:47 +00:00
Thibaud Michaud
1c8c657908 [wasm] Stage tail calls
R=ahaas@chromium.org
CC=ecmziegler@chromium.org

Bug: v8:7431
Change-Id: Ia6303984be4b4f23051fe39a80cdff3143811bb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367867
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69518}
2020-08-21 13:59:07 +00:00
Ulan Degenbaev
e0ad32cec8 Reland "[heap] Add concurrent marking write barrier"
This is a reland of 1dd7f3a953

Original change's description:
> [heap] Add concurrent marking write barrier
> 
> A LocalHeap creates and owns an instance of MarkingBarrier. A pointer to
> the marking barrier is set to a thread_local variable for a quick access.
> 
> WriteBarrier::MarkingSlow fetches the thread_local variable and invokes
> the write barrier if it is set. Otherwise, it invokes the main thread
> heap()->marking_barrier().
> 
> Each marking barrier has its own local marking worklist that is
> published during scavenge (for updating pointers) and at finalization
> of incremental marking.
> 
> Typed-slot recording does not work yet because it is not thread-safe.
> It will be fixed in a subsequent CL.
> 
> Bug: v8:10315
> Change-Id: I221a906436cd91e7405a253ce0eb06cf68046f2c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354809
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69448}

Bug: v8:10315
Change-Id: I155bb0aadd53a5333672fb085b33d8da86f3f336
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364509
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69517}
2020-08-21 11:24:16 +00:00
Dominik Inführ
480128efbf [heap] Lock Mutex in ForceEvacuationCandidate
Lock the mutex of PagedSpace before invoking FreeLinearAllocationArea().

Bug: v8:10315
Change-Id: If96b9b8b72932590daf3d548be41c20796ed524f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2367857
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69515}
2020-08-21 08:38:46 +00:00
Andreas Haas
ab1e4eacbc [wasm] Update spec tests
Some tests are failing now and have been marked as failing to
investigate them.

R=jkummerow@chromium.org

Change-Id: I1242ccf3bdc8f4d2ff55bc016c43fa51c556376e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366696
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69513}
2020-08-20 17:52:55 +00:00
Maya Lekova
59076a3baa Revert "[wasm][ukm] Add tests for Wasm events"
This reverts commit d7b20edcb3.

Reason for revert: Introduces data races - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32898

Original change's description:
> [wasm][ukm] Add tests for Wasm events
> 
> Ensure that events are triggered when a module is decoded, compiled,
> instantiated and tiered-up.
> 
> R=​clemensb@chromium.org
> 
> Bug: chromium:1092417
> 
> Change-Id: I9dc87957fc03023c5ab1c4f49e865957c8324e1a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351676
> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69508}

TBR=clemensb@chromium.org,ecmziegler@chromium.org

Change-Id: I9bcfeda1048939a8142f5003b03feab399f9de96
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1092417
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366785
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69509}
2020-08-20 15:23:33 +00:00
Emanuel Ziegler
d7b20edcb3 [wasm][ukm] Add tests for Wasm events
Ensure that events are triggered when a module is decoded, compiled,
instantiated and tiered-up.

R=clemensb@chromium.org

Bug: chromium:1092417

Change-Id: I9dc87957fc03023c5ab1c4f49e865957c8324e1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351676
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69508}
2020-08-20 14:13:40 +00:00
Omer Katz
808a775f97 cppgc: Add marked bytes deadline
This CL adds a bytes based deadline to draining of worklist.
The time based deadline is also kept because:
1) Unified heap can't transition to bytes-based deadlines yet.
2) Unified heap with concurrent marking needs to flush v8 references
   which don't count as marked_bytes and can cause very long incremental
   pauses.

Bug: chromium:1056170
Change-Id: I5ab57754e7ff0b5821f3acb76e1e6f59fc9d68b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2299374
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69506}
2020-08-20 13:57:00 +00:00
Jakob Gruber
faed29869f [nci] Change testing mode to --turbo-nci-as-midtier
To properly test tier-up in the V8 test suite, change the test variant
previously called --turbo-nci-as-highest-tier to
--turbo-nci-as-midtier.  As a midtier (between ignition and turbofan),
all major parts of the NCI pipeline (codegen, caching inside the same
native context, tier-up) are exercised by test suite.

Bug: v8:8888
Change-Id: Ic8ee2f3e3d72768c3869f5e0b25800dd0a5f25b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361462
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69501}
2020-08-20 12:54:40 +00:00
Andreas Haas
1e6d2cb319 [wasm][fuzzer] Enable trap handlers
On x64, trap handlers are enabled as part of the default configuration.
However, each embedder has to enable trap handlers explicitly, and in
the wasm fuzzers, trap handlers were not enabled. This CL enables trap
handlers now in all wasm fuzzers.

Drive-by change: enable all staged wasm features in the wasm-async
fuzzer.

R=clemensb@chromium.org

Change-Id: Ib7c2addb092551b5554a2b74830e5b67db077909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362957
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69500}
2020-08-20 12:24:40 +00:00
Clemens Backes
10a434f37e Revert "[test] Disable asm-wasm regression test"
This reverts commit f0bade979d.

Reason for revert: Culprit CL reverted: https://crrev.com/c/2364504

Original change's description:
> [test] Disable asm-wasm regression test
> 
> Bug: v8:10813
> Change-Id: Ib7b3949147706552a6d569ad5fcd22f2f63d7977
> No-Try: True
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364496
> Auto-Submit: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69479}

TBR=clemensb@chromium.org,mslekova@chromium.org

Change-Id: I8047db66eba1e2221654d7018c661551950f2194
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2366712
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69494}
2020-08-20 06:27:42 +00:00
Ng Zhi An
a85b5a63f6 [wasm-simd] Fix bounds check for load extends
Load extends always load 8 bytes, so the access size does not depend on
MachineType of the load. The MachineType is used for classifying the
lane shape of the 8-byte load.

Also add cctest to load splats and load extends to test OOB. (Note that
load splats access size depends on MachineType).

Add regression test from clusterfuzz, minimized by ahaas@. Remove the
`--no-wasm-trap-handler` flag since we have a no_wasm_traps variant that
should test this flag.

Bug: chromium:1116019
Change-Id: I27ba051d0536ca0f6fd75dd641ca9b78132dafed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2363291
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69489}
2020-08-19 18:26:17 +00:00
Omer Katz
132727fd46 cppgc: Initial incremental marking implementation.
This CL adds a basic implementation of incremental marking for standalone GC.
Followup CLs include:
* Use bytes instead of time as deadline
* Port incremental marking schedule from blink
* Mark on allocation
* Guarantees for progres/termination for standalone GC
* etc...

Calling StartIncrementalGarbageCollection triggers StartMarking which
schedules incremental marking as non-nestable tasks.
For unified heap, marking will continue running until it runs out of
work but it won't finalize independently.
For standalone, when incremental runs out of work it will schedule a new
task in which it will finalize marking and trigger the rest of the GC.
Users of standalone can also force finalization before incremental
marking as finished using FinalizeIncrementalGarbageCollectionIfRunning.
Calling CollectGarbage would also finalize an on-going incremental GC
if one exists. Otherwise it will trigger an atomic GC.

See the following doc for explanation of the various methods:
https://docs.google.com/document/d/1ZhJY2fOoD8sH53ZxMh2927Zl8sXqA7azJgcQTWx-YKs/edit?usp=sharing

Bug: chromium:1056170
Change-Id: I75ead414eb9da9f8b7f71c4638b9830fce7708ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2298009
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69480}
2020-08-19 13:50:16 +00:00
Maya Lekova
f0bade979d [test] Disable asm-wasm regression test
Bug: v8:10813
Change-Id: Ib7b3949147706552a6d569ad5fcd22f2f63d7977
No-Try: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2364496
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69479}
2020-08-19 13:49:11 +00:00
Salome Thirot
929dd3748e [arm64] Implement list of allowed return addresses in the deoptimizer
When CFI is enabled this adds a check against this list whenever a new
return address must be set in a deoptimized frame, as a mitigation for
ROP attacks.
The list is known at linking time so that its content and the pointer
to it can be stored in a read-only memory section.
The check is performed in the signing function, which is no longer
generic, as well as when setting the current pc of the frame.
Since the pc is now only signed when setting the caller's pc, there
is no need for ReplaceContext anymore.

Bug: v8:10026
Change-Id: I5e85a62b94722051716fdeba476db383c702a318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287490
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Rodolph Perfetta <rodolph.perfetta@arm.com>
Cr-Commit-Position: refs/heads/master@{#69478}
2020-08-19 13:32:46 +00:00
Jakob Gruber
25596e8086 Define a constant for the return address stack slot count
... to avoid the repeated pattern of calculating it.

Bug: v8:8888
Change-Id: I4af5264aae6cfb8b6232b5aaf9ceb2cb568c29d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362692
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69469}
2020-08-19 07:12:38 +00:00
Andreas Haas
74b907aeff [wasm] Add some simd opcodes to the wasm-module-builder
The V8 wasm fuzzer can create regression tests for failing fuzzer cases.
These regression tests use the wasm-module-builder.js. With the addition
of simd to the wasm-compile-fuzzer, the fuzzer can now create test cases
that use simd instructions, but the wasm-module-builder.js did not know
yet about the new instructions. This CL adds some instructions to
wasm-module-builder.js.

R=zhin@chromium.org

Bug: chromium:1116019
Change-Id: I198e4f11c2225a65d6b438f95e351fc14ee66218
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362694
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69467}
2020-08-18 21:02:43 +00:00
Shu-yu Guo
985a9ddaa1 Fix "name" property of %ThrowTypeError% to be spec-conformant
This is a normative PR that reached consensus at the June 2019 TC39:
https://github.com/tc39/test262/pull/2299

Bug: v8:9646
Change-Id: Idbeea703fe264da43825729e7b37a08a1bb10001
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2360907
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69466}
2020-08-18 19:36:53 +00:00
Milad Farazmand
65dde24353 PPC/s390: [wasm] Fix tier down after deserialization
Port 2547e1cece

Original Commit Message:

    Since the compilation progress was never initialized on deserialization,
    tier down was always skipped on such modules.
    By initializing to the expected state after deserialization (i.e. all
    code as TurboFan code), we make sure that later recompilation works as
    expected.

R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: Iab66ca0d1bfb36cfee56ccd85720d4c5552eb9c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2363270
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#69465}
2020-08-18 19:27:14 +00:00
Z Nguyen-Huu
e3bbf2bf24 [turbofan] Reduce consecutive machine multiplication with constants
There exists such optimization for additions but not for multiplication.

This adds optimizations that apply the reductions
  (x * Int32Constant(a)) * Int32Constant(b)) => x * Int32Constant(a * b)
  (x * Int64Constant(a)) * Int64Constant(b)) => x * Int64Constant(a * b)
to the TurboFan graph.

Bug: v8:10305
Change-Id: I28f72c2b7d8ff0f758a0a08b69fb3763557a6241
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2360327
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69462}
2020-08-18 17:44:13 +00:00
Shu-yu Guo
048761aa0f Install "name" property on anonymous classes
This is a normative PR that reached consensus at the June 2019 TC39:
https://github.com/tc39/test262/pull/2299

Bug: v8:9646
Change-Id: I8cb927b9e9231dfb71ebf47171205a096350e38b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2360905
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69460}
2020-08-18 16:41:23 +00:00
Thibaud Michaud
65d28a7fe4 [wasm][mv] Enable wasm multi-value
R=ahaas@chromium.org

Bug: chromium:1097717
Change-Id: I6c5a0a32191c9a06fd894c8fe7d9367e9403de8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362956
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69459}
2020-08-18 16:21:43 +00:00
Clemens Backes
2547e1cece [wasm] Fix tier down after deserialization
Since the compilation progress was never initialized on deserialization,
tier down was always skipped on such modules.
By initializing to the expected state after deserialization (i.e. all
code as TurboFan code), we make sure that later recompilation works as
expected.

Drive-by: Fix an unnecessary copy of a {shared_ptr} in deserialization.

R=thibaudm@chromium.org

Bug: chromium:1110258
Change-Id: Ia12af888e4b11aabfb8cd4e1201e9fa3cd2ceb47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2323355
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69458}
2020-08-18 15:15:53 +00:00
Maya Lekova
2f45e41aef Revert "[heap] Add concurrent marking write barrier"
This reverts commit 1dd7f3a953.

Reason for revert: Breaks TSAN - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/32846?

Original change's description:
> [heap] Add concurrent marking write barrier
> 
> A LocalHeap creates and owns an instance of MarkingBarrier. A pointer to
> the marking barrier is set to a thread_local variable for a quick access.
> 
> WriteBarrier::MarkingSlow fetches the thread_local variable and invokes
> the write barrier if it is set. Otherwise, it invokes the main thread
> heap()->marking_barrier().
> 
> Each marking barrier has its own local marking worklist that is
> published during scavenge (for updating pointers) and at finalization
> of incremental marking.
> 
> Typed-slot recording does not work yet because it is not thread-safe.
> It will be fixed in a subsequent CL.
> 
> Bug: v8:10315
> Change-Id: I221a906436cd91e7405a253ce0eb06cf68046f2c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354809
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69448}

TBR=ulan@chromium.org,dinfuehr@chromium.org

Change-Id: I9719d565aaa313cd23f5e759dcef1246f475eb46
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2362689
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69451}
2020-08-18 10:59:26 +00:00
Ulan Degenbaev
1dd7f3a953 [heap] Add concurrent marking write barrier
A LocalHeap creates and owns an instance of MarkingBarrier. A pointer to
the marking barrier is set to a thread_local variable for a quick access.

WriteBarrier::MarkingSlow fetches the thread_local variable and invokes
the write barrier if it is set. Otherwise, it invokes the main thread
heap()->marking_barrier().

Each marking barrier has its own local marking worklist that is
published during scavenge (for updating pointers) and at finalization
of incremental marking.

Typed-slot recording does not work yet because it is not thread-safe.
It will be fixed in a subsequent CL.

Bug: v8:10315
Change-Id: I221a906436cd91e7405a253ce0eb06cf68046f2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354809
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69448}
2020-08-18 09:45:34 +00:00
evih
ddc3672d91 [wasm] Add GC support to generic js-to-wasm wrapper
GC support works for the current 0 and 1 param version
of the wrapper.

Bug: v8:10701
Change-Id: I9e3822b1481223c44050d23ddee7293936f1e6d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351673
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Eva Herencsárová <evih@google.com>
Cr-Commit-Position: refs/heads/master@{#69447}
2020-08-18 09:28:34 +00:00
Clemens Backes
f7d169c600 Reland "[wasm][fuzzer] Fix exception detection"
This is a reland of 899cb34868.
The new fuzzer regression test is skipped in jitless.

Original change's description:
> [wasm][fuzzer] Fix exception detection
>
> Exceptions were detected by checking for a pending exception on the
> isolate, but {CallWasmFunctionForTesting} was clearing any pending
> exception before returning.
> This CL fixes that by explicitly passing back a boolean which is set if
> an exception occurred during execution.
>
> R=ahaas@chromium.org
>
> Bug: chromium:1115280
> Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69404}

Bug: chromium:1115280
Change-Id: I9bb7300d423c53214e51e61233b0a6b09a21fd97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2361464
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69446}
2020-08-18 09:00:05 +00:00
Ulan Degenbaev
d1070e417f [inspector] Make collectGarbage of HeapProfiler precise
Instead of forcing GC right away, the function now post a task and
performance GC from the task with an empty stack to avoid false positive
pointers in conservative stack scanning.

Bug: chromium:1098187
Change-Id: I88864845a1e395056c5d5f6e867ad774b87dbb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2307217
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69444}
2020-08-18 07:24:14 +00:00
Martin Bidlingmaier
46bf70a567 [regexp] Prototype new linear time EXPERIMENTAL regexp engine
This adds the new JsRegExp::Type EXPERIMENTAL, which should eventually
be implemented with the algorithm based on automata. Currently the new
engine deals with plain search strings only, i.e. regexps that do not
contain operators or escape sequences.

R=jgruber@chromium.org

Bug: v8:10765
Change-Id: I6a10d9cdf4605d219dbe7cc1989df3bfa7349ff8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339094
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69442}
2020-08-18 05:51:24 +00:00
Dominik Inführ
491f979424 [heap] Start StressConcurrentAllocatorTask through AllocationObserver
Starting the task right on NotifyDeserializationComplete() turned out
to be too early for some tests. So let an AllocationObserver start
the stress allocation after deserialization is finished.

Bug: v8:10315
Change-Id: I00a4294add5ec87074f9e775c602b3031cc16d58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358735
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69441}
2020-08-18 05:33:24 +00:00
Ng Zhi An
360c9294a8 [wasm-simd] Support returning Simd128 on caller's stack
In Liftoff, we were missing kS128 cases to load to/from stack.

For the x64 and ARM64 instruction selector, the calculation of
reverse_slot is incorrect for 128-bit values:

- reverse_slot += 2 (size of 128-bit values, 2 pointers)
- this copies from slot -2 into register
- but the value starts at slot -1, it occupies slots -1 and -2
- we end up copying slot -2 (most significant half) of the register, and
also slot -3, which is where rsi was store (Wasm instance addr)
- the test ends up with a different result every time

The calculation of reverse_slot is changed to follow how ia32 and ARM
does it, which is to start with

- reverse_slot = 0
- in the code-generator, add 1 to the slot
- then after emitting Peek operation, reverse_slot += 2

The fixes for x64 and ARM64 are in both instruction-selector and
code-generator.

ia32 and ARM didn't support writing kSimd128 values yet, it was only a
missing check in code-generator, so add that in.

For ARM, the codegen is more involved, vld1 does not support addressing
with an offset, so we have to do the addition into a scratch register.

Also adding a test for returning multiple v128. V128 is not exposed to
JavaScript, so we use a Wasm function call, and then an involved chain
of extract lanes, returning 6 i32 which we verify the values of. It
extracts the first and last lane of the i32x4 value in order to catch
bugs where we write or read to a wrong stack slot (off by 1).

The simd-scalar-lowering for kCall was only handling single s128 return,
we adopt the way i64-lowering handles kCall, so that is can now handle
any kinds of calls with s128 in the descriptor.

Bug: v8:10794
Bug: chromium:1115230
Change-Id: I2ccdd55f6292bc5794be78053b27e14da8cce70e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2355189
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69439}
2020-08-17 20:59:54 +00:00
Francis McCabe
a575608555 Revert "Reland^3 "[flags] warn about contradictory flags""
This reverts commit dc18b82221.

Reason for revert: still causing failures: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31566

Original change's description:
> Reland^3 "[flags] warn about contradictory flags"
> 
> This is a reland of 0ba115e6a9
> Changes:
> - Also allow second parameter influenced by --cache to be reassigned.
> - Fix --stress-opt to only --always-opt in the last iteration as before.
> 
> Original change's description:
> > Reland^2 "[flags] warn about contradictory flags"
> >
> > This is a reland of d8f8a7e210
> > Change compared to last reland:
> > - Do not check for d8 flag contradictions in the presence of --fuzzing
> > - Allow identical re-declaration of --cache=*
> >
> > Original change's description:
> > > Reland "[flags] warn about contradictory flags"
> > >
> > > This is a reland of b8f9166664
> > > Difference to previous CL: Additional functionality to specify
> > > incompatible flags based on GN variables and extra-flags, used
> > > to fix the issues that came up on the waterfall.
> > >
> > > This also changes the rules regarding repeated flags: While
> > > explicitly repeated flags are allowed for boolean values as long
> > > as they are identical, repeated flags or explicit flags in the
> > > presence of an active implication are disallowed for non-boolean
> > > flags. The latter simplifies specifying conflict rules in
> > > variants.py. Otherwise a rule like
> > >
> > > INCOMPATIBLE_FLAGS_PER_EXTRA_FLAG = {
> > >   "--gc-interval=*": ["--gc-interval=*"],
> > > }
> > >
> > > wouldn't work because specifying the same GC interval twice
> > > wouldn't actually count as a conflict. This was an issue with
> > > test/mjsunit/wasm/gc-buffer.js, which specifies
> > > --gc-interval=500 exactly like the extra flag by the stress bot.
> > >
> > > Also, this now expands contradictory flags checking to d8 flags
> > > for consistency.
> > >
> > > Original change's description:
> > > > [flags] warn about contradictory flags
> > > >
> > > > Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> > > >
> > > > Bug: v8:10577
> > > > Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> > > > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > > > Reviewed-by: Georg Neis <neis@chromium.org>
> > > > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#68168}
> > >
> > > Bug: v8:10577
> > > Change-Id: I268e590ee18a535b13dee14eeb15ddd0a9ee8341
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235115
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > > Reviewed-by: Georg Neis <neis@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#68989}
> >
> > Bug: v8:10577
> > Change-Id: I31d2794d4f9ff630f3444210100c64d67d881276
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339464
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#69339}
> 
> Bug: v8:10577
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
> Change-Id: I4a69dc57a102782cb453144323e3752ac8278624
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352770
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69433}

TBR=machenbach@chromium.org,neis@chromium.org,clemensb@chromium.org,tebbi@chromium.org,tmrts@chromium.org

Change-Id: I4ccdd7b931d0ddccbcec1d6cfae8d4874ee49cfc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10577
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2360414
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69438}
2020-08-17 19:34:18 +00:00
Tobias Tebbi
dc18b82221 Reland^3 "[flags] warn about contradictory flags"
This is a reland of 0ba115e6a9
Changes:
- Also allow second parameter influenced by --cache to be reassigned.
- Fix --stress-opt to only --always-opt in the last iteration as before.

Original change's description:
> Reland^2 "[flags] warn about contradictory flags"
>
> This is a reland of d8f8a7e210
> Change compared to last reland:
> - Do not check for d8 flag contradictions in the presence of --fuzzing
> - Allow identical re-declaration of --cache=*
>
> Original change's description:
> > Reland "[flags] warn about contradictory flags"
> >
> > This is a reland of b8f9166664
> > Difference to previous CL: Additional functionality to specify
> > incompatible flags based on GN variables and extra-flags, used
> > to fix the issues that came up on the waterfall.
> >
> > This also changes the rules regarding repeated flags: While
> > explicitly repeated flags are allowed for boolean values as long
> > as they are identical, repeated flags or explicit flags in the
> > presence of an active implication are disallowed for non-boolean
> > flags. The latter simplifies specifying conflict rules in
> > variants.py. Otherwise a rule like
> >
> > INCOMPATIBLE_FLAGS_PER_EXTRA_FLAG = {
> >   "--gc-interval=*": ["--gc-interval=*"],
> > }
> >
> > wouldn't work because specifying the same GC interval twice
> > wouldn't actually count as a conflict. This was an issue with
> > test/mjsunit/wasm/gc-buffer.js, which specifies
> > --gc-interval=500 exactly like the extra flag by the stress bot.
> >
> > Also, this now expands contradictory flags checking to d8 flags
> > for consistency.
> >
> > Original change's description:
> > > [flags] warn about contradictory flags
> > >
> > > Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> > >
> > > Bug: v8:10577
> > > Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> > > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > > Reviewed-by: Georg Neis <neis@chromium.org>
> > > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#68168}
> >
> > Bug: v8:10577
> > Change-Id: I268e590ee18a535b13dee14eeb15ddd0a9ee8341
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235115
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#68989}
>
> Bug: v8:10577
> Change-Id: I31d2794d4f9ff630f3444210100c64d67d881276
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339464
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69339}

Bug: v8:10577
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I4a69dc57a102782cb453144323e3752ac8278624
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352770
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69433}
2020-08-17 15:59:43 +00:00
Marja Hölttä
97846e0357 [Atomics.waitAsync] Add regression test
Bug: v8:10239, chromium:1115354
Change-Id: I64b028b383dcff1e4224c945ee1f982d1979eb9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354813
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69430}
2020-08-17 15:36:53 +00:00
Emanuel Ziegler
4c153339e5 [ukm][wasm] Add event WasmModuleDecoded
Add an event for recording metrics related to decoding Wasm modules.

R=clemensb@chromium.org

Bug: chromium:1092417
Change-Id: Id60560d8eb8c14edb5b863857b18c1c82f48e7e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351672
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69425}
2020-08-17 12:44:33 +00:00
Dominik Inführ
d75753f8f7 [heap] Support removing of observers during Step()
Allow AllocationObserver::Step to remove allocation observers as well.
They could already add new observers (to start incremental marking),
removing will be used when starting StressConcurrentAllocator from
an allocation observer.

Bug: v8:10315
Change-Id: I823ded2f9a408b3fa5269ee8416060d0cabb3162
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2357690
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69420}
2020-08-17 10:42:32 +00:00
Thibaud Michaud
20728eeb09 [wasm] Disable multi-value
Temporarily disable multi-value until the launch is approved.

R=ahaas@chromium.org

Bug: chromium:1097717
Change-Id: Ifb2370d87ec5e531257852bc5fc5259386a022d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2358675
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69419}
2020-08-17 10:33:42 +00:00
Bill Budge
a2268e6e2a Revert "[wasm][fuzzer] Fix exception detection"
This reverts commit 899cb34868.

Reason for revert: Added regression test fails on Arm Sim:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/11584

Original change's description:
> [wasm][fuzzer] Fix exception detection
> 
> Exceptions were detected by checking for a pending exception on the
> isolate, but {CallWasmFunctionForTesting} was clearing any pending
> exception before returning.
> This CL fixes that by explicitly passing back a boolean which is set if
> an exception occurred during execution.
> 
> R=​ahaas@chromium.org
> 
> Bug: chromium:1115280
> Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69404}

TBR=ahaas@chromium.org,clemensb@chromium.org

Change-Id: I1d3c0e57df7ec25b09f2037c31c9b30eb0866548
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1115280
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2357189
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69405}
2020-08-14 18:31:28 +00:00
Clemens Backes
899cb34868 [wasm][fuzzer] Fix exception detection
Exceptions were detected by checking for a pending exception on the
isolate, but {CallWasmFunctionForTesting} was clearing any pending
exception before returning.
This CL fixes that by explicitly passing back a boolean which is set if
an exception occurred during execution.

R=ahaas@chromium.org

Bug: chromium:1115280
Change-Id: Ife71ceef0751d18e0870335b9520c2bf77e351cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352787
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69404}
2020-08-14 18:15:47 +00:00
Manos Koukoutos
dd152527d6 [wasm-gc] Implement call_ref, return_call_ref, add some basic tests
Drive-by: Add flag implications for wasm experimental features:
  gc -> typed_funcref, typed_funcref -> reftypes.

Bug: v8:9495
Change-Id: Ia6054886935d68e79b8f463289aa9e1e9d6484f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352777
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69403}
2020-08-14 17:58:27 +00:00
Ulan Degenbaev
8e8f4c8314 Reland "[inspector] Ensure progress of default task runners in inspector tests"
This is a reland of a7eff8cbbf

Sheriffs: This CL effectively enables GC for inspector tests. It may
uncover bugs in the existing inspector tests. If that happens please
disable the failing test in test/inspector/inspector.status instead of
reverting this CL. See https://crbug.com/v8/10748.

Original change's description:
> [inspector] Ensure progress of default task runners in inspector tests
>
> Bug: v8:10747, chromium:1098187
> Change-Id: I0215d2d85db4dd1d7fa376a0982cda5658f1683d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315982
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69387}

Bug: v8:10747
Bug: chromium:1098187
Change-Id: Iab8f10b0535b0f35948fb507537f2bf65af5f33a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354815
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69398}
2020-08-14 12:26:28 +00:00
Leszek Swirski
f1589bbe11 [offthread] Change OffThreadIsolate to LocalIsolate
This patch introduces a new LocalIsolate and LocalFactory, which use
LocalHeap and replace OffThreadIsolate and OffThreadFactory. This allows
us to remove those classes, as well as the related OffThreadSpace,
OffThreadLargeObjectSpace, OffThreadHeap, and OffThreadTransferHandle.
OffThreadLogger becomes LocalLogger.

LocalHeap behaves more like Heap than OffThreadHeap did, so this allows
us to additionally remove the concept of "Finish" and "Publish" that the
OffThreadIsolate had, and allows us to internalize strings directly with
the newly-concurrent string table (where the implementation can now move
to FactoryBase).

This patch also removes the off-thread support from the deserializer
entirely, as well as removing the LocalIsolateWrapper which allowed
run-time distinction between Isolate and OffThreadIsolate. LocalHeap
doesn't support the reservation model used by the deserializer, and we
will likely move the deserializer to use LocalIsolate unconditionally
once we figure out the details of how to do this.

Bug: chromium:1011762

Change-Id: I1a1a0a72952b19a8a4c167c11a863c153a1252fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315990
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69397}
2020-08-14 10:57:27 +00:00
Dominik Inführ
97884f3564 [heap] SimulateFullSpace needs to run in safepoint
Run SimulateFullSpace in safepoint. Needed for FreeLinearAllocationArea
which would race with concurrent allocation.

Bug: v8:10315
Change-Id: If0c3c4e20edea1b05cc1a3e1a3e37fc29254a196
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354812
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69395}
2020-08-14 07:45:27 +00:00
Shu-yu Guo
6962221295 [atomics] Relax Atomics methods to work on ArrayBuffers
This reached consensus in the March 2020 TC39.
https://github.com/tc39/ecma262/pull/1908

This aligns JS with wasm, which allows atomics operations on non-shared
linear memory.

Bug: v8:10687, v8:9921
Change-Id: I7b60473b271cee6bccb342e97a4fd3781aedddb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330802
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69392}
2020-08-13 22:10:07 +00:00
Jakob Kummerow
c5722641da [wasm] Improve error handling in global init decoder
This fixes a case where we hit a DCHECK in Debug mode, or silently
discarded bogus data in Release mode without rejecting the module.

Fixed: chromium:1108815
Change-Id: I928ff244a54b016cd8470be1ec4b5faf2c7e3994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349768
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69391}
2020-08-13 20:39:16 +00:00
Bill Budge
8876db497a Revert "[inspector] Ensure progress of default task runners in inspector tests"
This reverts commit a7eff8cbbf.

Reason for revert: adds tests which fail:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20concurrent%20marking/14266

Original change's description:
> [inspector] Ensure progress of default task runners in inspector tests
> 
> Bug: v8:10747, chromium:1098187
> Change-Id: I0215d2d85db4dd1d7fa376a0982cda5658f1683d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315982
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69387}

TBR=ulan@chromium.org,petermarshall@chromium.org

Change-Id: I2088dc8c13416c882212316c0b7137ea28beb563
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10747
Bug: chromium:1098187
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2354421
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69390}
2020-08-13 20:00:58 +00:00
Ulan Degenbaev
a7eff8cbbf [inspector] Ensure progress of default task runners in inspector tests
Bug: v8:10747, chromium:1098187
Change-Id: I0215d2d85db4dd1d7fa376a0982cda5658f1683d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315982
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69387}
2020-08-13 18:28:36 +00:00
Dominik Inführ
4f941eb475 [heap] Disable --stress-concurrent-allocation for some tests
Two tests already test concurrent allocation. Another one measures
memory, so non-deterministic allocation would lead to higher memory
usage than anticipated.

Bug: v8:10315
Change-Id: If994233c87ea04076b850ffdf024f7783653e9db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352781
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69383}
2020-08-13 14:10:54 +00:00
Kim-Anh Tran
4828af8245 [debug] Add support for skipping locations on stepping into
This extends the skip list feature from step over to step into.
On a step into we can pass a skipList, which contains locations
that we do not want to stop at.

Bug: chromium:1105765
Change-Id: I70a4ded3f6a7eada14f54ae9c2f994c155c7305b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345224
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69376}
2020-08-13 10:43:14 +00:00
Clemens Backes
833662c74a [wasm][fuzzer] Fix return value of interpreter
Bring the return value of {InterpretWasmModule} in sync with
{CallWasmFunctionForTesting}, because the fuzzers now compare the two.

R=ahaas@chromium.org

Bug: chromium:1115431
Change-Id: I0abf79c4418a4e6cc7365a78148e5e71cf32231b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351678
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69374}
2020-08-13 10:08:53 +00:00
Dominik Inführ
3a16caa5c3 [heap] GcAndSweep needs safepoint for EnsureSweepingCompleted()
Bug: v8:10315
Change-Id: Id7d5600e07cd0dfbce409925acf6047e019f501c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352769
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69370}
2020-08-13 08:59:13 +00:00
Clemens Backes
df32131b3e [wasm] Speed up multiple-code-spaces test
TurboFan generates significantly less code than Liftoff for this test,
and depending on timing it can happen that we need to generate thousands
of functions, which takes some time and occasionally runs into timeouts.
Thus disable tier-up for this test, such that we stick with the much
longer Liftoff code, and reach the four separate code spaces quicker.

R=ahaas@chromium.org

Change-Id: I8e9a0cb466c1bdfef29aceeb5dd31aa96d05b70b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2352490
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69369}
2020-08-13 08:51:03 +00:00
Santiago Aboy Solanes
5e82bb633a [compiler] Remove persistent handles as a broker parameter
Since it will be patched in later in the cases where it will be used,
there is no need to have it as a parameter.

Bug: v8:7790
Change-Id: I93b27f3baf8c3841a60f5ac5ed09993d1caf19bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2351667
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69366}
2020-08-13 08:13:33 +00:00
Frank Tang
ebaf3feed4 Improve test cases for Intl.Segmenter
Fix containing() w/ n point to surrogate tail.

Bug: v8:6891
Change-Id: I4d7e4083ba409eecaefaf2ec5c67b7226bd7c97c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2348208
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69363}
2020-08-12 18:53:07 +00:00
Santiago Aboy Solanes
64828a549f [compiler] Have one unique PersistentHandles container
The (now unique)PersistentHandles container follows this path:
  1) PersistentHandles created via PersistentHandlesScope inside of
     CompilationHandleScope
  2) Owned by OptimizedCompilationInfo
  3) Owned by JSHeapBroker
  4) Owned by the broker's LocalHeap
  5) Back to the broker for a brief moment (after tearing down the
    LocalHeap as part of exiting LocalHeapScope)
  6) Back to OptimizedCompilationInfo when exiting the LocalHeapScope.

There is a special case in GenerateCodeForTesting where the JSHeapBroker
will not be retired in that same method. In this case, we need to
re-attach the PersistentHandles container to the JSHeapBroker.

The identity map of the persistent & canonical handles also gets passed
around like the persistent handles. The only difference is that is
created in the CanonicalHandleScope (i.e step 1) is different).

Bug: v8:7790
Change-Id: I2da77a7e08f3fd360a46b606c5fbda08c0af27df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332811
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69360}
2020-08-12 15:35:37 +00:00
Dominik Inführ
2e37bfc5b9 [heap] Move external memory counters back into Heap
Move external memory counters out of IsolateData back into Heap.
The class ExternalMemoryAccounting now stores all counters and is
responsible for updates. This change will allow turning counters into
atomic variables.

Bug: v8:10315
Change-Id: I2abeda298d3cfcc630fd04ca78a3d6d703e3b419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346647
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69356}
2020-08-12 12:27:17 +00:00
Clemens Backes
c32a3106b4 [wasm][fuzzer] Second instantiation cannot fail
A minor fix to the {InterpretAndExecuteModule} function: We instantiate
the module twice. If the first instantiation worked, then also the
second instantiation must succeed.
Plus minor drive-by cleanup.

R=ahaas@chromium.org

Bug: chromium:1113681
Change-Id: Ib897cb1907152cdd9b0ed2b513a6c8217a3f400c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349288
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69352}
2020-08-12 09:03:47 +00:00
Dominik Inführ
3c0fb324fa [heap] Remove ArrayBufferTracker
ArrayBufferTracker was superseded by ArrayBufferList and
ArrayBufferSweeper. Now that ArrayBufferSweeper is used in production,
we can remove the unused ArrayBufferTracker mechanism.

Bug: v8:10064
Change-Id: I479169c76b6c5c634672024f77e689bb64a36504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339105
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69351}
2020-08-12 09:00:07 +00:00
Ng Zhi An
9b9c6b0ed9 Reland "[wasm-simd][arm] Use vmov to move all ones to register"
This is a reland of 57242a051e

no-sse4.1 builds were failing due to missing simd-scalar-lowering
for s128.const, this reland adds that implementation.

Original change's description:
> [wasm-simd][arm] Use vmov to move all ones to register
>
> vceq(dst, dst, dst) does not seem to always set the register to all
> ones. The right way should be be to use vmov (immediate) anyway. This
> was not supported in the assembler yet, so we need changes to the
> assembler, diassembler, and simulator.
>
> There is an unfortunate fork in logic in the simulator, due to the way
> the switches are set up, vmov (imm) logic is duplicated across two
> different cases, because the switch looks at the top bit of the
> immediate. Refactoring this will be a bigger change that is irrelevant
> for this bug, so I'm putting that off for now. Instead we extract the
> core of vmov (imm) into helpers and call it in the two cases.
>
> Bug: chromium:1112124
> Change-Id: I283dbcd86cb0572e5ee720835f897b51fae96701
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2337503
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69315}

Bug: chromium:1112124
Change-Id: Id450e5cea41f7a569e49be8386a7788ca8f00658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346937
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69346}
2020-08-11 19:47:06 +00:00
Bill Budge
7e9322335e Revert "Reland^2 "[flags] warn about contradictory flags""
This reverts commit 0ba115e6a9.

Reason for revert: Breaks test on TSAN - block-conflicts
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20concurrent%20marking/14230

Original change's description:
> Reland^2 "[flags] warn about contradictory flags"
> 
> This is a reland of d8f8a7e210
> Change compared to last reland:
> - Do not check for d8 flag contradictions in the presence of --fuzzing
> - Allow identical re-declaration of --cache=*
> 
> Original change's description:
> > Reland "[flags] warn about contradictory flags"
> >
> > This is a reland of b8f9166664
> > Difference to previous CL: Additional functionality to specify
> > incompatible flags based on GN variables and extra-flags, used
> > to fix the issues that came up on the waterfall.
> >
> > This also changes the rules regarding repeated flags: While
> > explicitly repeated flags are allowed for boolean values as long
> > as they are identical, repeated flags or explicit flags in the
> > presence of an active implication are disallowed for non-boolean
> > flags. The latter simplifies specifying conflict rules in
> > variants.py. Otherwise a rule like
> >
> > INCOMPATIBLE_FLAGS_PER_EXTRA_FLAG = {
> >   "--gc-interval=*": ["--gc-interval=*"],
> > }
> >
> > wouldn't work because specifying the same GC interval twice
> > wouldn't actually count as a conflict. This was an issue with
> > test/mjsunit/wasm/gc-buffer.js, which specifies
> > --gc-interval=500 exactly like the extra flag by the stress bot.
> >
> > Also, this now expands contradictory flags checking to d8 flags
> > for consistency.
> >
> > Original change's description:
> > > [flags] warn about contradictory flags
> > >
> > > Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> > >
> > > Bug: v8:10577
> > > Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> > > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > > Reviewed-by: Georg Neis <neis@chromium.org>
> > > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#68168}
> >
> > Bug: v8:10577
> > Change-Id: I268e590ee18a535b13dee14eeb15ddd0a9ee8341
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235115
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#68989}
> 
> Bug: v8:10577
> Change-Id: I31d2794d4f9ff630f3444210100c64d67d881276
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339464
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69339}

TBR=machenbach@chromium.org,neis@chromium.org,clemensb@chromium.org,tebbi@chromium.org,tmrts@chromium.org

Change-Id: I1454a05e357ddd704db7fb79e51be65d45a9a16e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2348365
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69341}
2020-08-11 17:12:07 +00:00
Tobias Tebbi
0ba115e6a9 Reland^2 "[flags] warn about contradictory flags"
This is a reland of d8f8a7e210
Change compared to last reland:
- Do not check for d8 flag contradictions in the presence of --fuzzing
- Allow identical re-declaration of --cache=*

Original change's description:
> Reland "[flags] warn about contradictory flags"
>
> This is a reland of b8f9166664
> Difference to previous CL: Additional functionality to specify
> incompatible flags based on GN variables and extra-flags, used
> to fix the issues that came up on the waterfall.
>
> This also changes the rules regarding repeated flags: While
> explicitly repeated flags are allowed for boolean values as long
> as they are identical, repeated flags or explicit flags in the
> presence of an active implication are disallowed for non-boolean
> flags. The latter simplifies specifying conflict rules in
> variants.py. Otherwise a rule like
>
> INCOMPATIBLE_FLAGS_PER_EXTRA_FLAG = {
>   "--gc-interval=*": ["--gc-interval=*"],
> }
>
> wouldn't work because specifying the same GC interval twice
> wouldn't actually count as a conflict. This was an issue with
> test/mjsunit/wasm/gc-buffer.js, which specifies
> --gc-interval=500 exactly like the extra flag by the stress bot.
>
> Also, this now expands contradictory flags checking to d8 flags
> for consistency.
>
> Original change's description:
> > [flags] warn about contradictory flags
> >
> > Design Doc: https://docs.google.com/document/d/1lkvu8crkK7Ei39qjkPCFijpNyxWXsOktG9GB-7K34jM/
> >
> > Bug: v8:10577
> > Change-Id: Ib9cfdffa401c48c895bf31caed5ee03545beddab
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2154792
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Tamer Tas <tmrts@chromium.org>
> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#68168}
>
> Bug: v8:10577
> Change-Id: I268e590ee18a535b13dee14eeb15ddd0a9ee8341
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235115
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68989}

Bug: v8:10577
Change-Id: I31d2794d4f9ff630f3444210100c64d67d881276
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339464
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69339}
2020-08-11 15:58:44 +00:00
Mythri A
d88df03a97 [turboprop] Don't use weak pointers across TryMigrateInstance calls
We shouldn't spill weak pointers onto the stack when calling functions
that can trigger GC. DynamicMapChecks operator was using feedback loaded
from the feedback vector across the TryMigrateInstance function call.
The feedback can be a weak pointer to receiver map for monomorphic cases
and TryMigrateInstance can trigger a GC. This cl fixes it by holding
a holding a strong reference to the feedback.

Bug: v8:10774,v8:10582,v8:9684
Change-Id: Ia36f4d8ad46421ae570f41439bc1f0875081deee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336804
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69338}
2020-08-11 15:54:54 +00:00
Dominik Inführ
44c6e9f61c [heap] EnsureSweepingCompleted needs to be run in safepoint
SimulateIncrementalMarking needs to invoke EnsureSweepingCompleted in
a safepoint. Otherwise RefillFreeList in this method races with
concurrent allocation.

Bug: v8:10315
Change-Id: I9aa11d225a1c1844648788f956fd72988fe269fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349299
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69336}
2020-08-11 14:51:14 +00:00
Clemens Backes
cdd984ef48 Reland "[wasm] Ensure that only TurboFan code is serialized"
This is a reland of 60ee70bb40.
The wasm c-api flakes were fixed in https://crrev.com/c/2349293.

Original change's description:
> [wasm] Ensure that only TurboFan code is serialized
>
> We have the implicit assumption that Liftoff code will never be
> serialized, and we start relying on that when implementing new features
> (debugging, dynamic tiering).
>
> This CL makes the serializer fail if the module contains any Liftoff
> code. Existing tests are changed to ensure that we fully tiered up
> before serializing a module (similar to the logic in Chromium).
> The "wasm-clone-module" test needs to serialize the module before
> enabling the debugger.
>
> Note that chrome currently only serializes a module after it fully
> tiered up, so that should be fine. If other embedders need the ability
> to serialize a module in an arbitrary state, we will have to fix this
> later. With this CL we will be on the safe side though and (gracefully)
> fail serialization instead of accidentally serializing Liftoff code.
>
> R=ahaas@chromium.org
>
> Bug: v8:10777
> Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69276}

Bug: v8:10777
Change-Id: I2a7c1429812ca46d88a2902b8e0a7b7e3d638b56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349290
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69335}
2020-08-11 14:43:58 +00:00
Clemens Backes
8d3ababba4 [wasm] Wait until top tier finished before serializing
We only want to serialize TurboFan code, because Liftoff code could
contain breakpoints, and we start thinking about embedding other
non-relocatable constants.
Thus, wait until top-tier compilation finished before triggering
serialization.

A follow-up CL will make serialization fail if any Liftoff code is
encountered.

R=ahaas@chromium.org

Bug: v8:10777
Change-Id: I73d6c2d868545fcd4069a8cf9850ca7fca375ecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2349293
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69332}
2020-08-11 13:29:44 +00:00
Clemens Backes
5ec483c38e [wasm][fuzzer] Reuse more logic across fuzzers
This removes the {InterpretWasmModuleForTesting} function in favor of
{InterpretWasmModule}, and uses that in {InterpretAndExecuteModule}.
The latter again is reused in {WasmExecutionFuzzer::FuzzWasmModule},
such that all fuzzers execute the same checks now.

R=ahaas@chromium.org

Bug: chromium:1112099, chromium:1113681
Change-Id: Ia8818b93e9274266a81573edd6852e4e4734b150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346283
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69331}
2020-08-11 13:25:34 +00:00
Ulan Degenbaev
28133adcbe [heap] Split marking worklist into global worklist and local worklists
This is the first step in refactoring Worklist to allow arbitrary
number of local worklists with private segments:
- Introduce MarkingWorklistImpl<> which will eventually replace
  (and will be renamed to) Worklist.
- MarkingWorklistImpl<> owns the global pool of segments but does not
  keep track of private segments.
- MarkingWorklistImpl<>::Local owns private segments and can be
  constructed dynamically on background threads.
- Rename the existing MarkingWorklistsHolder to MarkingWorklists.
- Rename the existing MarkingWorklists to MarkingWorklists::Local.
- Rename the existing marking_workists_holder to marking_worklists.
- Rename the existing marking_worklists to local_marking_worklists.

Design doc: https://bit.ly/2XMtjLi
Bug: v8:10315

Change-Id: I9da34883ad34f4572fccd40c51e51eaf50c617bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343330
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69330}
2020-08-11 13:15:54 +00:00
Kim-Anh Tran
459283200c [debug] Add support for skipping locations on stepping over
This change adds support for skipping locations that are in a skipList
on step over. This feature is useful for when we are debugging
C++ applications that have DWARF information we only want to stop on
every breakable location in C++, not non every breakable location
on wasm level.

Bug: chromium:1105765
Change-Id: Ie835b011a00cf31e0c5b2df1ac96ebd89f53d23a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339458
Reviewed-by: Eric Leese <leese@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69329}
2020-08-11 13:14:48 +00:00
Clemens Backes
14e55ad40f [wasm][fuzzer] Merge redundant functions
Remove the {ErrorThrower} parameter to {CallWasmFunctionForTesting} (it
was only populated in a subset of failures anyway), and merge it with
{RunWasmModuleForTesting}.

R=ahaas@chromium.org

Bug: chromium:1113681
Change-Id: I5391e2f911928641a907bc5dad5a54677c90acb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346279
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69327}
2020-08-11 12:30:53 +00:00
Jakob Gruber
b3a6b58630 [js-function] Remove deprecated predicates
Updated:

IsOptimized -> HasAttachedOptimizedCode
HasOptimizedCode -> HasAvailableOptimizedCode
IsInterpreted -> ActiveTierIsIgnition

Bug: v8:8888
Change-Id: I96363622b67b53371a974f1c17cef387093f053c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346404
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69326}
2020-08-11 11:53:00 +00:00
Clemens Backes
388a317ceb [wasm][fuzzer] Check for nondeterminism in all fuzzers
The "wasm fuzzer" and "wasm async fuzzer" use the
{InterpretAndExecuteModule} function, which did not check for possible
nondeterminism in the interpreter yet. This can lead to wrong reports
of mismatches, or in endless loops being executed in compiled code which
was not executed in the interpreter.

This CL adds the check for nondeterminism in that function, and adds a
TODO to merge the two very similar methods.

R=ahaas@chromium.org

Bug: chromium:1112099, chromium:1113681
Change-Id: I80b01d4c53d04f0632807fa852147dc9fb8075ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346280
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69324}
2020-08-11 10:51:00 +00:00
Clemens Backes
64dfb0b4ad [wasm][interpreter] Print float in hex representation
The interpreter is used for testing (including fuzzing) only, and in
these cases it's often important to see the exact value of a float. Both
decimal and scientific notation does not show the full value though, and
decimal representation can also be really long for large values, making
it hard to compare values.
This CL switches this debug output to hexadecimal float values, which
always shows the float value in full precision and is also much shorter
than decimal notation in many cases.

R=ahaas@chromium.org

Bug: chromium:1112099
Change-Id: Ia84824227fcd2f1e763ab89280a202ed44930a71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2346646
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69323}
2020-08-11 10:12:20 +00:00
Shu-yu Guo
a36f40cb3f [atomics] Remove the deprecated Atomics.wake
The Intent to Deprecate and Remove was sent in March 2019:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/_zPuM7ETNSE

Current use of Atomics.wake is at <0.0002% of page loads:
https://chromestatus.com/metrics/feature/timeline/popularity/2556

Bug: v8:7883
Change-Id: I4534df6cb88e0afbeae655254d6ce48ad7b462e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2333349
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69317}
2020-08-10 23:02:17 +00:00
Bill Budge
ff503fd433 Revert "[wasm-simd][arm] Use vmov to move all ones to register"
This reverts commit 57242a051e.

Reason for revert: regression tests fails:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31477

Original change's description:
> [wasm-simd][arm] Use vmov to move all ones to register
> 
> vceq(dst, dst, dst) does not seem to always set the register to all
> ones. The right way should be be to use vmov (immediate) anyway. This
> was not supported in the assembler yet, so we need changes to the
> assembler, diassembler, and simulator.
> 
> There is an unfortunate fork in logic in the simulator, due to the way
> the switches are set up, vmov (imm) logic is duplicated across two
> different cases, because the switch looks at the top bit of the
> immediate. Refactoring this will be a bigger change that is irrelevant
> for this bug, so I'm putting that off for now. Instead we extract the
> core of vmov (imm) into helpers and call it in the two cases.
> 
> Bug: chromium:1112124
> Change-Id: I283dbcd86cb0572e5ee720835f897b51fae96701
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2337503
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69315}

TBR=bbudge@chromium.org,jkummerow@chromium.org,v8-arm-ports@googlegroups.com,zhin@chromium.org

Change-Id: I5d9d1dcb81771f71001d959ec5a03a43a11c4233
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1112124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2347211
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69316}
2020-08-10 21:10:08 +00:00
Ng Zhi An
57242a051e [wasm-simd][arm] Use vmov to move all ones to register
vceq(dst, dst, dst) does not seem to always set the register to all
ones. The right way should be be to use vmov (immediate) anyway. This
was not supported in the assembler yet, so we need changes to the
assembler, diassembler, and simulator.

There is an unfortunate fork in logic in the simulator, due to the way
the switches are set up, vmov (imm) logic is duplicated across two
different cases, because the switch looks at the top bit of the
immediate. Refactoring this will be a bigger change that is irrelevant
for this bug, so I'm putting that off for now. Instead we extract the
core of vmov (imm) into helpers and call it in the two cases.

Bug: chromium:1112124
Change-Id: I283dbcd86cb0572e5ee720835f897b51fae96701
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2337503
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69315}
2020-08-10 20:41:46 +00:00
Frank Tang
3f2dba848a Roll test262
0f5a274aad..e73054f7

Bug: v8:7834
Change-Id: I1063b3e25ea957681a2f52c8d5b27970514d96d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342290
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69314}
2020-08-10 17:52:06 +00:00
Andreas Haas
c392760843 [api] Add API function Isolate::HasPendingBackgroundTasks
This CL adds an API function that tells the embedder if there is ongoing
background work that will eventually post foreground tasks.

Design doc: https://docs.google.com/document/d/18vaABH1mR35PQr8XPHZySuQYgSjJbWFyAW63LW2m8-w

R=adamk@chromium.org

Bug: v8:10787
Change-Id: I9060c5cdc9dbafeb7ea7c5c26d09c2dc744800bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342847
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69312}
2020-08-10 17:10:36 +00:00
Ng Zhi An
2fe9406998 [x64] Check negative displacement of min int32_t
With a displacement of int32_t min (-2^31), and a displacement mode of
kNegativeDisplacement, we will try to negate this constant, but the
result will not fit in an int32_t, leading to a runtime crash.

Check for this special case in CanBeImmediate, and return false.

Bug: chromium:1091892
Change-Id: I7f18153d13805f2836dd5c8e1bc098f1e9600566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341095
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69311}
2020-08-10 16:56:26 +00:00
Clemens Backes
242df3a2ed [wasm][fuzzer] Check result of compiled code vs interpreter
The plain "wasm fuzzer" (which takes the fuzzer input as the wasm wire
bytes) was already running both the interpreter and compiled code, but
it did not compare the results of both.
This CL fixes this by reusing some logic that was already present in the
fuzzers based on the {WasmCompileFuzzer} class.

R=ahaas@chromium.org

Bug: chromium:1113681, chromium:1112099
Change-Id: I9d407f66dfcba0eec90f050630b028edd5fae1d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339624
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69310}
2020-08-10 14:59:46 +00:00
Thibaud Michaud
d16f404cba [wasm][debug] Fix OSR at stack check
Add missing source position for stack check, used by OSR to find the
correct return address.

R=clemensb@chromium.org

Bug: v8:10235
Change-Id: Ie26dd3b2079168e846f84b3a4ffe18b838649be7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339625
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69309}
2020-08-10 14:58:16 +00:00
Clemens Backes
4b7521ea06 [wasm][fuzzer] Remove unused argument
The {name} parameter was unused, we always picked the exported "main"
function.

R=ahaas@chromium.org

Bug: chromium:1113681
Change-Id: Iee4b8f72e1137a7e366c3c31b4fa4e4ef81863b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345964
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69307}
2020-08-10 11:53:35 +00:00
Jakob Kummerow
d3fab076a9 [wasm-gc] Implement {array,struct}.new_default_with_rtt
Bug: v8:7748
Change-Id: If876c9499373f091067299fe333e7b59d6cefb41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343077
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69305}
2020-08-10 10:50:26 +00:00
Mythri Alle
68043a0948 Revert "[tuboprop] Disable dynamic map checks for TurboProp"
This reverts commit 07815e876d.

Reason for revert: Dynamic map checks for Turboprop was temporarily disabled to measure impact. Enabling it again.

Original change's description:
> [tuboprop] Disable dynamic map checks for TurboProp
> 
> Temporarily turnoff dynamic map checks for TurboProp to measure the
> impact after changing OSR heuristics.
> 
> Bug: v8:10582, v8:9684
> Change-Id: Ia458be139bf7c281bda40cbcd76e7a0c3fa5d60b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343070
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69294}

TBR=rmcilroy@chromium.org,mythria@chromium.org,gsathya@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: v8:10582
Bug: v8:9684
Change-Id: If985b6ff2641f33d0f53cbff6cc668d8c77d2bda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345965
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69303}
2020-08-10 09:50:25 +00:00
evih
389272acb0 [wasm] Use generic js-to-wasm wrapper for 0 and 1 param cases
A new field for signature type was added to WasmExportedFunctionData.
It is set to 0 or 1 depending on the parameter count.
(It's set and being used only in 0 and 1 parameter cases.)

Added new JS tests for 1 parameter wasm functions.

Bug: v8:10701
Change-Id: I349d881a2860f1a50b91e08d0126ca71c5f6483b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339622
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69302}
2020-08-10 09:44:05 +00:00
Sathya Gunasekaran
8a9e3f64ee [ast] Store correct source position on ThisExpression
Previously, all ThisExpression's had kNoSourcePositions leading to
incorrect error messages like this:

  ➜ d8 -e "function t() { for (const x of this) {} } t();"
  unnamed:1: TypeError: undefined is not a function
  function t() { for (const x of this) {} } t();
            ^
  TypeError: undefined is not a function
      at t (unnamed:1:11)
      at unnamed:1:43


This patch allows creation of a ThisExpression with a source position,
leading to a better error message:

  ➜ d8  -e "function t() { for (const x of this) {} } t();"
  unnamed:1: TypeError: this is not iterable
  function t() { for (const x of this) {} } t();
                                 ^
  TypeError: this is not iterable
      at t (unnamed:1:32)
      at unnamed:1:43


This patch does not remove the existing cached version of
ThisExpression and instead creates a new one when required.

Bug: v8:6513
Change-Id: Idee4fe8946a9b821d06ff4a5e7eaefe54874ec59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2345226
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69300}
2020-08-10 09:07:35 +00:00
Mythri A
07815e876d [tuboprop] Disable dynamic map checks for TurboProp
Temporarily turnoff dynamic map checks for TurboProp to measure the
impact after changing OSR heuristics.

Bug: v8:10582, v8:9684
Change-Id: Ia458be139bf7c281bda40cbcd76e7a0c3fa5d60b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2343070
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69294}
2020-08-07 15:14:57 +00:00
Michael Achenbach
7ca7080c2e [test] Make test work with deopt fuzzer
Bug: v8:10788
Change-Id: Iebc3f8dd892fd0f8123feaf11333eae6832589dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342852
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69292}
2020-08-07 12:54:16 +00:00
Andreas Haas
8cf00222d2 [wasm] Check size of table imports at instantiation time
Up until now. we only checked the size of tables defined in a module
at instantiation time. For imported tables we only checked if the
imported table matched the declared import in size. This causes a
problem because we allocate function tables also for imported tabled
before we actually look at the imported table.

With this CL we first check the size of all tables, and only then start
to initialize and load them.

R=jkummerow@chromium.org

Bug: chromium:1114006
Change-Id: Iaf194ed21fb83304fe3a7f0f7ba7b282396e3954
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339473
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69291}
2020-08-07 12:27:56 +00:00
Andreas Haas
13d252af08 [wasm] Fix sign error in ImportTable
The cast from uint32_t to int caused an integer overflow that let a
bounds check succeed that should have failed.

R=jkummerow@chromium.org

Bug: chromium:1114005
Change-Id: Iea1af70af300be54c2a33d7dd10b3faa34d56eaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339472
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69289}
2020-08-07 11:40:55 +00:00
Marja Hölttä
761f59acdc [Atomics.waitAsync] Tentatively enable GC fuzzer tests
The test have been rewritten to be more robust -> maybe they're
robust enough for the GC fuzzer (DelayedTasksPlatform)?

Bug: v8:10239
Change-Id: I743cc2f804357aaef888bff7985dfb68a7feec5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342848
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69287}
2020-08-07 10:09:57 +00:00
Leszek Swirski
cf325b5ab1 Revert "[wasm] Ensure that only TurboFan code is serialized"
This reverts commit 60ee70bb40.

Reason for revert: wasm-api-tests/WasmCapiTest.Serialize starts flaking: https://crbug.com/v8/10784

Original change's description:
> [wasm] Ensure that only TurboFan code is serialized
> 
> We have the implicit assumption that Liftoff code will never be
> serialized, and we start relying on that when implementing new features
> (debugging, dynamic tiering).
> 
> This CL makes the serializer fail if the module contains any Liftoff
> code. Existing tests are changed to ensure that we fully tiered up
> before serializing a module (similar to the logic in Chromium).
> The "wasm-clone-module" test needs to serialize the module before
> enabling the debugger.
> 
> Note that chrome currently only serializes a module after it fully
> tiered up, so that should be fine. If other embedders need the ability
> to serialize a module in an arbitrary state, we will have to fix this
> later. With this CL we will be on the safe side though and (gracefully)
> fail serialization instead of accidentally serializing Liftoff code.
> 
> R=​ahaas@chromium.org
> 
> Bug: v8:10777
> Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69276}

TBR=ahaas@chromium.org,clemensb@chromium.org

Change-Id: Ic1349375bd562bb0a2724c39c27ef3247461c97b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2342845
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69284}
2020-08-07 07:38:41 +00:00
Georg Neis
4b84b33a63 [turbofan] Fix a test
The test relies on certain maps not dying but didn't ensure that.

Bug: v8:10783
Change-Id: I708f7fc027ee0bf5656be9bb4f29130f5b924597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340912
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69282}
2020-08-06 18:03:16 +00:00
Santiago Aboy Solanes
d855a6aa03 [heap] Remove DeferredHandles instrumentation
Now that we are using PersistentHandles, we don't need it anymore.

Bug: v8:7790
Change-Id: Id0b9d555191c00fb08dc2bb9099746076c5ad1b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332161
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69278}
2020-08-06 15:57:48 +00:00
Thibaud Michaud
ce45f687dc [wasm][debug] Fix frame inspection at stack checks
Spill registers before stack checks so that we can inspect them, similar
to traps.

OSR during a stack check is still unsupported and will be fixed in a
follow-up CL.

R=clemensb@chromium.org

Bug: v8:10235
Change-Id: I22c2da6b3f79b30c3838c568f9680204afc85d36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339467
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69277}
2020-08-06 15:44:58 +00:00
Clemens Backes
60ee70bb40 [wasm] Ensure that only TurboFan code is serialized
We have the implicit assumption that Liftoff code will never be
serialized, and we start relying on that when implementing new features
(debugging, dynamic tiering).

This CL makes the serializer fail if the module contains any Liftoff
code. Existing tests are changed to ensure that we fully tiered up
before serializing a module (similar to the logic in Chromium).
The "wasm-clone-module" test needs to serialize the module before
enabling the debugger.

Note that chrome currently only serializes a module after it fully
tiered up, so that should be fine. If other embedders need the ability
to serialize a module in an arbitrary state, we will have to fix this
later. With this CL we will be on the safe side though and (gracefully)
fail serialization instead of accidentally serializing Liftoff code.

R=ahaas@chromium.org

Bug: v8:10777
Change-Id: I1245e5f7fda3447a544c1e3525e1239cde759174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336799
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69276}
2020-08-06 15:00:08 +00:00
Marja Hölttä
d8221df3f9 Reland "[Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits"
This is a reland of 28ead05405

The failure is a test that is sensitive to adding a function
in a FunctionTemplate in d8: https://bugs.chromium.org/p/v8/issues/detail?id=10783

Original change's description:
> [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits
>
> RemoveNode already nullifies the next_ pointer of FutexWaitListNode,
> and DeleteAsyncNode was trying to retrieve it.
>
> Bug: v8:10239
> Change-Id: I595885de87f433d263eeacfc825a689efd467f5e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69259}

Bug: v8:10239
Tbr: leszeks@chromium.org
Change-Id: Icec590354886433a0b41c8f9b7af7101b54b7690
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339469
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69275}
2020-08-06 14:42:48 +00:00
Maya Lekova
4eb1505997 [turbofan] Add tests for uint64 for fast API calls
TBR=cbruni@chromium.org

Bug: chromium:1052746
Change-Id: Ib61b06bcc4cd7cf9cfa741899322739e807605b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339619
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69274}
2020-08-06 14:11:10 +00:00
Marja Hölttä
c813817d55 [compiler] Mark a test which is sensitive to unrelated conditions as [PASS, FAIL]
Bug: v8:10783
No-Try: true
Change-Id: I605813842af639158909bce13e162869b3cfc6db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339621
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69273}
2020-08-06 13:47:48 +00:00
Leszek Swirski
93c10b26d3 Revert "[Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits"
This reverts commit 28ead05405.

Reason for revert: mjsunit/compiler/serializer-transition-propagation
failure seems to bisect to this (despite looking unrelated):
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/32532

Original change's description:
> [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits
> 
> RemoveNode already nullifies the next_ pointer of FutexWaitListNode,
> and DeleteAsyncNode was trying to retrieve it.
> 
> Bug: v8:10239
> Change-Id: I595885de87f433d263eeacfc825a689efd467f5e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69259}

TBR=ulan@chromium.org,marja@chromium.org,syg@chromium.org

Change-Id: I5db179aec5a04f59770903b17d059a7150c7efbd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10239
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339466
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69271}
2020-08-06 12:54:30 +00:00
Leszek Swirski
1546be9cf8 [runtime] Move string table off-heap
Changes the isolate's string table into an off-heap structure. This
allows the string table to be resized without allocating on the V8 heap,
and potentially triggering a GC. This allows existing strings to be
inserted into the string table without requiring allocation.

This has two important benefits:

  1) It allows the deserializer to insert strings directly into the
     string table, rather than having to defer string insertion until
     deserialization completes.

  2) It simplifies the concurrent string table lookup to allow resizing
     the table inside the write lock, therefore eliminating the race
     where two concurrent lookups could both resize the table.

The off-heap string table has the following properties:

  1) The general hashmap behaviour matches the HashTable, i.e. open
     addressing, power-of-two sized, quadratic probing. This could, of
     course, now be changed.

  2) The empty and deleted sentinels are changed to Smi 0 and 1,
     respectively, to make those comparisons a bit cheaper and not
     require roots access.

  3) When the HashTable is resized, the old elements array is kept
     alive in a linked list of previous arrays, so that concurrent
     lookups don't lose the data they're accessing. This linked list
     is cleared by the GC, as then we know that all threads are in
     a safepoint.

  4) The GC treats the hash table entries as weak roots, and only walks
     them for non-live reference clearing and for evacuation.

  5) Since there is no longer a FixedArray to serialize for the startup
     snapshot, there is now a custom serialization of the string table,
     and the string table root is considered unserializable during weak
     root iteration. As a bonus, the custom serialization is more
     efficient, as it skips non-string entries.

As a drive-by, rename LookupStringExists_NoAllocate to
TryStringToIndexOrLookupExisting, to make it clearer that it returns
a non-string for the case when the string is an array index. As another
drive-by, extract StringSet into a separate header.

Bug: v8:10729
Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69270}
2020-08-06 12:27:18 +00:00
Omer Katz
e072615cc2 cppgc: Establish marking invariants
This is a revival of https://chromium-review.googlesource.com/c/v8/v8/+/2228332

The CL establishes the following:
*) Objects are marked before being pushed to the worklists.
*) Live bytes are always accounted after tracing an object (i.e. move
   from Gray to Black below).
*) Previously not fully constructed objects are traced immediately
   instead of pushed to the marking worklist.

This establishes the following invariants for all marking worklists:
1) White = !object.is_marked() && !worklist.contains(object)
2) Gray = object.is_marked() && worklist.contains(object)
3) Black = object.is_marked() && !worklist.contains(object)

Bug: chromium:1056170
Change-Id: I821573b3fbc057e6ffb836154271ff986ecb4d2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336797
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69268}
2020-08-06 11:51:48 +00:00
Andreas Haas
4743426571 [wasm] Check size of tables dynamically
We used to check the size of tables at compile time, and threw a
CompilationError if a given size exceeded the implementation-defined
limit. However, the spec defines that an error should only be thrown
when the implementation-defined limit is reached, which is either at
instantiation time of during runtime at a table.grow.

With this CL the V8 implementation becomes spec compliant in this
regard.

R=jkummerow@chromium.org

Bug: v8:10556
Change-Id: I7d0e688b385a65e4060a569e5ab1dec68947ceea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326331
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69267}
2020-08-06 11:50:43 +00:00
Tobias Tebbi
6647f2927c Reland "[torque] typed context slot access"
This is a reland of 408e7240d7
Change: Allow CSA load elimination accross code comments

Original change's description:
> [torque] typed context slot access
>
> This introduces a new type Slot<ContextType, SlotType> that is used
> for enum values used to access context slots.
> Together with new types for the various custom contexts used in
> Torque, this results in fairly type-safe access to context slots,
> including the NativeContext's slots.
>
> Drive-by changes:
> - Introduce a new header file to specify headers needed for
>   generated CSA headers, to reduce the amount of includes specified
>   in implementation-visitor.cc
> - Port AllocateSyntheticFunctionContext to Torque.
>
> Bug: v8:7793
> Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#69249}

Bug: v8:7793
Change-Id: I1fe100d8d62e8220524eddb8ecc4faa85219748d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339462
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69264}
2020-08-06 11:32:38 +00:00
Clemens Backes
0c918bd841 [wasm] Remove ExecutionTier::kInterpreter
The interpreter is not an execution tier in production any more. It's
only used in tests.
Thus, remove {ExecutionTier::kInterpreter} and instead add a
{TestExecutionTier} that still has {kInterpreter}.

If needed (in {TestingModuleBuilder::execution_tier()}), we translate
back from {TestExecutionTier} to {ExecutionTier} (for {kLiftoff} and
{kTurboFan} only).

The {TraceMemoryOperation} method, which is shared between interpreter
and production code, now receives a {base::Optional<ExecutionTier>}, and
we will just pass en empty optional if called from the interpreter.

R=thibaudm@chromium.org

Bug: v8:10389
Change-Id: Ibe133b91e8dca6d6edbfaee5ffa0d7fe72ed6d64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335186
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69260}
2020-08-06 09:31:18 +00:00
Marja Hölttä
28ead05405 [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits
RemoveNode already nullifies the next_ pointer of FutexWaitListNode,
and DeleteAsyncNode was trying to retrieve it.

Bug: v8:10239
Change-Id: I595885de87f433d263eeacfc825a689efd467f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69259}
2020-08-06 09:24:47 +00:00
Anna Henningsen
e06ace6b5c [api] Fix empty Maybe crash in GetRealNamedPropertyAttributes
`Object::GetRealNamedPropertyAttributes()` can crash if an empty
`Maybe` is returned by `JSReceiver::GetPropertyAttributes()` because
it was not checking for that. Fix that.

Refs: https://github.com/nodejs/node/issues/34606
Change-Id: Ic83f904ba7134786bcd8f786eb2ce98adb4fea1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335057
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69258}
2020-08-06 09:14:48 +00:00
Jakob Gruber
a55a2447fb Revert "[torque] typed context slot access"
This reverts commit 408e7240d7.

Reason for revert: debug builds fail

is_component_build = true
is_debug = true
use_goma = true
v8_enable_backtrace = true
v8_enable_debugging_features = true
v8_enable_fast_mksnapshot = true
v8_enable_slow_dchecks = true
v8_enable_snapshot_code_comments = true
v8_enable_verify_csa = true
v8_optimized_debug = false
v8_use_multi_snapshots = false

# Fatal error in ../../src/compiler/backend/instruction-selector.cc, line 3088
# Expected Turbofan static assert to hold, but got non-true input:
  static_assert(nativeContext == LoadNativeContext(context)) at src/builtins/promise-resolve.tq:45:5


Original change's description:
> [torque] typed context slot access
> 
> This introduces a new type Slot<ContextType, SlotType> that is used
> for enum values used to access context slots.
> Together with new types for the various custom contexts used in
> Torque, this results in fairly type-safe access to context slots,
> including the NativeContext's slots.
> 
> Drive-by changes:
> - Introduce a new header file to specify headers needed for
>   generated CSA headers, to reduce the amount of includes specified
>   in implementation-visitor.cc
> - Port AllocateSyntheticFunctionContext to Torque.
> 
> Bug: v8:7793
> Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#69249}

TBR=tebbi@chromium.org,seth.brenith@microsoft.com

Change-Id: I90c014022a808449aca4a9b9b3c3b8e036beb28e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340903
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69256}
2020-08-06 07:56:49 +00:00
Tobias Tebbi
f08bd2ce17 [torque][csa] fix word8 phi MachineRepresentation
Make sure that Torque/CSA generated phi's get kRepWord32 instead
of kRepWord8 or kRepWord16, since that's how we handle small
integer values in Turbofan.

Bug: v8:7793
Change-Id: I992b43287552b6117e90fbd0e11576470bc91509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339096
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69253}
2020-08-05 15:25:46 +00:00
Jakob Gruber
82fc74c91b [nci] Check the isolate cache from within compiler.cc
Just like the optimized code cache, the compiler should check the
isolate cache for NCI code objects and return them if they exist.

Drive-by: Skip additional tests to fix the nci_as_highest_tier test
variant. These are related to interactions with deoptimization, which
NCI code doesn't fully support yet.

Bug: v8:8888
Change-Id: I6253811f96993796cfc38fff0da7ffb4f1a5eb24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339095
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69251}
2020-08-05 15:12:36 +00:00
Manos Koukoutos
a61aaed9b3 [wasm-gc] Allow reference types to function signatures
Changes:
- Remove restriction that function types cannot be used as ref types.
- Introduce WasmModule::has_type().
- Remove deferred signature checks in module-decoder. Instead, check if
  type indices are out of bounds in consume_value_type (was bugged
  before).
- Remove obsolete GetCanonicalRttIndex.
- Refine type of ref.func.
- Statically check immediate type against table type for call_indirect.
- Dynamic check for call_indirect should only happen when for funcref
  (currently the only function supertype).
- Allocate a different map per function signature (with Map::Copy).
- Introduce function type equivalence and (trivial) subtyping.
- Add a few elementary tests.

Bug: v8:7748
Change-Id: If57d0bfd856c9eb3784191f3de423f53dfd26ef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335190
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69250}
2020-08-05 14:38:56 +00:00
Tobias Tebbi
408e7240d7 [torque] typed context slot access
This introduces a new type Slot<ContextType, SlotType> that is used
for enum values used to access context slots.
Together with new types for the various custom contexts used in
Torque, this results in fairly type-safe access to context slots,
including the NativeContext's slots.

Drive-by changes:
- Introduce a new header file to specify headers needed for
  generated CSA headers, to reduce the amount of includes specified
  in implementation-visitor.cc
- Port AllocateSyntheticFunctionContext to Torque.

Bug: v8:7793
Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#69249}
2020-08-05 14:28:16 +00:00
Clemens Backes
ab76be3f4c [wasm] Remove "CloneWasmModule" runtime function
This function was only used in a single test, and it tests a scenario
which cannot happen any more with the module cache: Having two copies of
the same NativeModule in an isolate.

Hence remove the respective runtime function and the test.

R=ahaas@chromium.org

Change-Id: Id7cdffbdf1bdf95a7eb31fdeb7d75b8e326bb90e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339100
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69246}
2020-08-05 13:29:36 +00:00
Dominik Inführ
ab8368dfdb [heap] Remove PagedSpace::SizeOfObjects
PagedSpace::SizeOfObjects() then returns exactly the same value as
PagedSpace::Size(). SizeOfObjects() used to deduct the current LAB,
however this is now more difficult with local heaps. Accessing the
main thread LAB from concurrent threads causes a data race. Also
LocalHeaps have their own LAB, which should be deducted as well to be
uniform with the main thread. However this would be tricky and expensive.
The simpler solution is to do not deduct the main thread LAB anymore.

Bug: v8:10315
Change-Id: I3c47e1a65caca9395737251aa694b295e78c7fb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336090
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69245}
2020-08-05 13:24:42 +00:00
Jakob Gruber
c51041f454 [nci] Replace CompilationTarget with a new Code::Kind value
With the new Turbofan variants (NCI and Turboprop), we need a way to
distinguish between them both during and after compilation. We
initially introduced CompilationTarget to track the variant during
compilation, but decided to reuse the code kind as the canonical spot to
store this information instead.

Why? Because it is an established mechanism, already available in most
of the necessary spots (inside the pipeline, on Code objects, in
profiling traces).

This CL removes CompilationTarget and adds a new
NATIVE_CONTEXT_INDEPENDENT kind, plus helper functions to determine
various things about a given code kind (e.g.: does this code kind
deopt?).

As a (very large) drive-by, refactor both Code::Kind and
AbstractCode::Kind into a new CodeKind enum class.

Bug: v8:8888
Change-Id: Ie858b9a53311b0731630be35cf5cd108dee95b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336793
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69244}
2020-08-05 12:27:22 +00:00
Dominik Inführ
c365959fc7 [handles] Make DetachPersistent insert into ordered_blocks_
DetachPersistent() sets up PersistentHandles, but didn't properly set
up ordered_blocks_. So PersistentHandles::Contains failed for handles
that were detached from the main thread into PersistentHandles.

Bug: v8:10315
Change-Id: I5374ad64743cd519a9c5e92900c1fa401c4d93ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336801
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69243}
2020-08-05 12:03:52 +00:00
Maya Lekova
ce4a5f4c41 [turbofan] Add tests for int64 in fast API calls
Bug: chromium:1052746
Change-Id: I5c60625b25279866816a2f928e84d728b3f04d51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332157
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69240}
2020-08-05 10:51:12 +00:00
Clemens Backes
0c837e8342 [wasm] Switch compilation to Jobs API
Use the new jobs API for WebAssembly compilation. This avoids having to
schedule as many background tasks as there are worker threads. Instead
the one job specifies the maximum concurrency, which changes dynamically
as new compile jobs become available.
This also avoids the artificial deadline we used to ensure that other
tasks get some share of the CPU resources if needed.

Even though this CL moves actual wasm function completely over to the
Jobs API, other similar tasks (like wrapper compilation) are still using
the Task API and need to be ported in a follow-up CL.
Also, we are still using the same priority for baseline compilation and
tier up. We should split this in a follow-up CL to have two jobs with
different priorities. This will also allow us to only block on baseline
compilation where we currently block on both.

R=ahaas@chromium.org
CC=gab@chromium.org

Bug: chromium:1101340
Change-Id: I5656697753346e5fdb15d578425cdb949ac6e364
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Cq-Include-Trybots: luci.chromium.try:linux-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280100
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69239}
2020-08-05 08:30:11 +00:00
Tamer Tas
6ac90d5595 [test] don't filter out the fuzzer tests
fuzzer testsuite tests are not run due to a missing subclass method '_should_filter_by_name' in fuzzer/testcfg.py

This CL fixes the filtering for the 'fuzzer' testsuite

R=machenbach@chromium.org

Bug: v8:10770
Change-Id: I9a4b0e0c6c79f4b525ee284df343acccc965f732
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336802
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69235}
2020-08-04 19:50:28 +00:00
Ng Zhi An
e3caf3f524 [wasm-simd] Add regression test for i64x2.shr_s bug
This test uses a i64x2.shr_s to shift a v128 with all bits set by 1,
resulting in v128 with all bits set (no change). This value is then
dropped, and param[2] (3), is returned.

Without the fix, -1 is returned, since i64x2.shr_s overwrites the
register for param[2] with 0xffffffff.

Bug: v8:10752
Bug: chromium:1111522
Change-Id: I0310bf6039be780a6738689069cdbcfa3a24bbdb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335779
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69233}
2020-08-04 17:51:45 +00:00
Ng Zhi An
732dba60fb [wasm-simd][liftoff][x64] Optimize shuffles (swizzles)
Swizzles are shuffles that only use values from 1 operand, e.g.
v8x16.shuffle 0 1 2 3 0 0 0 0 4 5 6 7 0 0 0 0 (all the values are < 16).

Match such patterns and emit an optimized codegen that uses less
registers and instructions. Only implemented for x64 for now, the other
backends will come in follow-up patches.

Bug: v8:10696
Change-Id: Iffa694b04c97313eab7d138e4bdad7c0c85cda89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335419
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69231}
2020-08-04 17:03:05 +00:00
Mythri A
1a033ae82f [test] Reduce iteration count in elements-kind test
Change-Id: I0117b0c2b646cb1005b63e9648d604b26581d977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335187
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69229}
2020-08-04 15:58:04 +00:00
Dan Elphick
967773dca4 [heap] Reenable UnmapOnTeardown test
Test now passes even if RO_SPACE sharing is enabled.

Bug: v8:10454
Change-Id: Ic7377c3367199383bb6a96a9beedcc52bbc3362f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335184
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69221}
2020-08-04 10:38:34 +00:00
Manos Koukoutos
65530e72e1 [wasm-gc] Test improvements/additions.
Changes:
- Fix error message typo in function-body-decoder.
- Generalize wasm test macros related to reference types.
- Change wasm-gc test API to return bytes.
- Add unittests for ref.test/cast.

Bug: v8:7748
Change-Id: I361987e0b6ac90c4e89a49a8abc125757a5fc8d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2317319
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69220}
2020-08-04 09:51:24 +00:00
Dominik Inführ
9fff9a73bb Reland "[heap] Refactor allocation observer in AllocationCounter"
This is a reland of b354e344fd

This CL adds 3 fixes:

* Unprotect code object before creating filler
* Allows AllocationObserver::Step to add more AllocationObservers
* Update limit in NewSpace::UpdateLinearAllocationArea

Original change's description:
> [heap] Refactor allocation observer in AllocationCounter
>
> Moves accounting of allocation observers into the AllocationCounter
> class. This CL removes top_on_previous_step_ for counters that are
> increased regularly in the slow path of the allocation functions.
>
> AdvanceAllocationObservers() informs the AllocationCounter about
> allocated bytes, InvokeAllocationObservers() needs to be invoked when
> an allocation step is reached. NextBytes() returns the number of bytes
> until the next AllocationObserver::Step needs to run.
>
> Bug: v8:10315
> Change-Id: I8b6eb8719ab032d44ee0614d2a0f2645bfce9df6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320650
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69170}

Bug: v8:10315
Change-Id: I89ab4d5069a234a293471f613dab16b47d8fff89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332805
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69216}
2020-08-04 09:20:02 +00:00
Michael Achenbach
9d5a1fff27 [test] Skip slow tests
No-Try: true
Change-Id: If5ed824ad3ea1a2815a0a48ed2668281733ac533
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332603
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69209}
2020-08-03 19:57:54 +00:00
Jakob Kummerow
799421d55b [wasm-gc] Temporary exposure of Wasm objects to JS
This is a stop-gap solution (while we wait for a proper spec)
that lets managed WasmGC objects perform round-trips through
JavaScript. On the JavaScript side, they appear as empty/opaque.

Bug: v8:7748
Change-Id: I0dd368bc14d622f3ef41871484228267359e9b5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316306
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69207}
2020-08-03 19:21:24 +00:00
Shu-yu Guo
c19e57ee82 Disallow \8 and \9 in strict mode and template literals
This reached consensus in the July 2020 TC39:
https://github.com/tc39/ecma262/pull/2054

Bug: v8:10769
Change-Id: Iecea1d9d9c9be5c2fbfb820aed2285719c4e6382
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2333350
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69206}
2020-08-03 18:05:14 +00:00
Tobias Tebbi
efa3793290 [turbofan] enable constant folding for 64bit comparisons
Change-Id: Id545ca00106fb54ee08078177ad7f24842752afe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332799
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69196}
2020-08-03 12:17:02 +00:00
Dominik Inführ
a731b86ec9 [heap] Enable concurrent allocation of old space large objects
Allow the allocation of large old space objects through
LocalHeap::AllocateRaw. OldLargeObjectSpace::AllocateRawBackground will
allocate a large object on the background thread.

Bug: v8:10315
Change-Id: I9212f0c6770855dbe33490516aae7056987e192d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332804
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69195}
2020-08-03 11:38:42 +00:00
Dominik Inführ
3cb519617d [heap] Introduce LocalHeap::AllocateRaw method
LocalHeap::AllocateRaw will be similar to Heap::AllocateRaw and
handle all allocations. LocalHeap::AllocateRawOrFail will perform a GC
and afterwards retry the allocation in a loop.

Bug: v8:10315
Change-Id: I68468962cf9102697aa547b2aa05c7ec6bafd19e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332801
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69193}
2020-08-03 09:12:42 +00:00
Ulan Degenbaev
260ec99599 [ukm] Rename v8::Context::Token to v8::metrics::Recorder::ContextId
Chrome is currently adding a 128-bit V8ContextToken to keep track of
V8 contexts across multiple isolates and processes. Having per-isolate
token exposed by V8 leads to confusion of these two tokens.

This moves v8::Context::Token to v8::metrics::Recorder and changes
the corresponding functions:
- v8::Context::GetToken => v8::metrics::Recorder::GetContextId
- v8::Context::GetByToken => v8::metrics::Recorder::GetContext

This CL is purely mechanical and does not change the behaviour.

Bug: chromium:1101749
Tbr: clemensb@chromium.org
Change-Id: I31bbfa02ebab1c0d91b00f0d08c1b236392d14d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330023
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69188}
2020-08-01 14:16:11 +00:00
Dominik Inführ
ef603a9e0e Revert "[heap] Refactor allocation observer in AllocationCounter"
This reverts commit b354e344fd.

Reason for revert: Clusterfuzz found issues with this CL.

Original change's description:
> [heap] Refactor allocation observer in AllocationCounter
> 
> Moves accounting of allocation observers into the AllocationCounter
> class. This CL removes top_on_previous_step_ for counters that are
> increased regularly in the slow path of the allocation functions.
> 
> AdvanceAllocationObservers() informs the AllocationCounter about
> allocated bytes, InvokeAllocationObservers() needs to be invoked when
> an allocation step is reached. NextBytes() returns the number of bytes
> until the next AllocationObserver::Step needs to run.
> 
> Bug: v8:10315
> Change-Id: I8b6eb8719ab032d44ee0614d2a0f2645bfce9df6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320650
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69170}

TBR=ulan@chromium.org,dinfuehr@chromium.org

Change-Id: Icd713207bfb2085421fd82009be24a0211ae86da
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332667
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69187}
2020-08-01 07:33:44 +00:00
Frank Tang
439c868ffa [Intl] Define @@toStringTag for Intl namespace
Implement https://github.com/tc39/ecma402/pull/487
Also improve test/intl/toStringTag.js

see also: https://github.com/tc39/test262/pull/2712

Bug: v8:10744
Change-Id: I678876aa21f169a8dfcec8e3ce974978a8847fe0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2315455
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69185}
2020-08-01 02:21:20 +00:00
Ng Zhi An
6243a86a54 [wasm-simd] Move more helper functions into simd-shuffle
Also add some simple unittests for these functions.

Bug: v8:10696
Change-Id: Ic7607780b4eaf275b20d0937bf214846bf51d539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330806
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69183}
2020-07-31 22:17:20 +00:00
Mythri A
9b9ba19e3c [turboprop] Migrate deprecated maps in dynamic map check operator
If incoming map is deprecated, generate code to migrate the map. Since
this involves generating additional code and a call to runtime, we only
do this if one of the receiver maps was a migration target when
optimizing this function. If not, we deoptimize and discard the
optimized code if we see a deprecated map. This is to avoid bailout
loops when we see deprecated maps.

This change does the following:
// We generated code to migrate deprecated maps only if one of the maps
// in feedback vector is a migration target.
if ( there are migration targets in feedback)
{
  if (checkMaps fails) {
     if (incoming map is deprecated) {
        migrate the map
        checkMaps with the new map
     } else {
       bailout
     }
  }
} else {
  if (checkMaps fails)
    bailout;
}

Bug: v8:10582, v8:9684
Change-Id: I8a04c77ed209dd2fb0300a783d844f2335a678c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2292231
Reviewed-by: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69179}
2020-07-31 16:06:10 +00:00
Tobias Tebbi
50d5c2bb07 [torque] use implicit parameters for template parameter inference
This allows templates to preserve the type of implicit parameters to
select a better ovleroad, without generally extending overload
resolution to implicit parameters, which could be confusing.

Bug: v8:7793
Change-Id: Ie57090a295b0b46d03789829b975fc16e2a9c5b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2329630
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#69177}
2020-07-31 15:11:09 +00:00
Dan Elphick
c7d22c4991 [heap] Share RO_SPACE pages with pointer compression
This allows the configuration v8_enable_shared_ro_heap and
v8_enable_pointer_compression on Linux and Android, although it still
defaults to off.

When pointer compression and read-only heap sharing are enabled, sharing
is achieved by allocating ReadOnlyPages in shared memory that are
retained in the shared ReadOnlyArtifacts object. These ReadOnlyPages are
then remapped into the address space of the Isolate ultimately using
mremap.

To simplify the creation process the ReadOnlySpace memory for the first
Isolate is created as before without any sharing. It is only when the
ReadOnlySpace memory has been finalized that the shared memory is
allocated and has its contents copied into it. The original memory is
then released (with PC this means it's just released back to the
BoundedPageAllocator) and immediately re-allocated as a shared mapping.

Because we would like to make v8_enable_shared_ro_heap default to true
at some point but can't make this conditional on the value returned by
a method in the code we are yet to compile, the code required for
sharing has been mostly changed to use ifs with
ReadOnlyHeap::IsReadOnlySpaceShared() instead of #ifdefs except where
a compile error would result due to the absence of a class members
without sharing. IsReadOnlySpaceShared() will evaluate
CanAllocateSharedPages in the platform PageAllocator (with pointer
compression and sharing enabled) once and cache that value so sharing
cannot be toggled during the lifetime of the process.

Bug: v8:10454
Change-Id: I0236d752047ecce71bd64c159430517a712bc1e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2267300
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69174}
2020-07-31 13:34:59 +00:00
Dominik Inführ
b354e344fd [heap] Refactor allocation observer in AllocationCounter
Moves accounting of allocation observers into the AllocationCounter
class. This CL removes top_on_previous_step_ for counters that are
increased regularly in the slow path of the allocation functions.

AdvanceAllocationObservers() informs the AllocationCounter about
allocated bytes, InvokeAllocationObservers() needs to be invoked when
an allocation step is reached. NextBytes() returns the number of bytes
until the next AllocationObserver::Step needs to run.

Bug: v8:10315
Change-Id: I8b6eb8719ab032d44ee0614d2a0f2645bfce9df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320650
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69170}
2020-07-31 12:33:59 +00:00
Dominik Inführ
9f94090a91 [heap] Attach PersistentHandles with EnsurePersistentHandles
PersistentHandles were attached to the LocalHeap when passed in through
the constructor but not when created inside LocalHeap using
EnsurePersistentHandles.

Bug: v8:10315
Change-Id: Id24d36c935776cb0b643521c465763da7fbffd06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326630
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69167}
2020-07-31 12:06:39 +00:00
Igor Sheludko
8b57bdba59 Reland "[zone-compr] Introduce ZoneTypeTraits and ZoneCompression"
This is a reland of 13141c8a65

... with a fix for an UB issue of passing null pointers to memcpy()
when size is zero.

TBR=leszeks@chromium.org

Original change's description:
> [zone-compr] Introduce ZoneTypeTraits and ZoneCompression
>
> Also move zone compression flags to src/common/globals.h.
>
> Bug: v8:9923
> Change-Id: Id0a77720e735e2669a1e5eef48e1b4866ad99480
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324255
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69160}

Bug: v8:9923
Change-Id: I2245b81516c39ccea262c282c659ef601af57abf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332165
Commit-Queue: Igor Sheludko (OOO Aug 3-17) <ishell@chromium.org>
Reviewed-by: Igor Sheludko (OOO Aug 3-17) <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69166}
2020-07-31 11:43:08 +00:00
Tobias Tebbi
8a002278d8 [torque] allow type annotations on enum cases
If an enum case has a type annotation, the corresponding enum constant
has this type. This is useful for typing context slots.

Bug: v8:7793
Change-Id: I8b91c3bd3686048f98cce3c034eec4e36f925e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2329631
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69165}
2020-07-31 11:36:29 +00:00
Dan Elphick
8130e54dfb [base] Don't allow excluded regions to be freed
Excluded regions are no longer available to the RegionAllocator, so
should not be freeable so actually enforce that and aAdd a test.

Bug: v8:10454
Change-Id: I51c41cf0bf3d2eeb699b10b1fa02f5465d93b6aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330026
Reviewed-by: Igor Sheludko (OOO Aug 3-17) <ishell@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69163}
2020-07-31 11:22:38 +00:00
Nico Hartmann
941efcf47d Revert "[zone-compr] Introduce ZoneTypeTraits and ZoneCompression"
This reverts commit 13141c8a65.

Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/12253?

Original change's description:
> [zone-compr] Introduce ZoneTypeTraits and ZoneCompression
> 
> Also move zone compression flags to src/common/globals.h.
> 
> Bug: v8:9923
> Change-Id: Id0a77720e735e2669a1e5eef48e1b4866ad99480
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324255
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69160}

TBR=leszeks@chromium.org,ishell@chromium.org

Change-Id: I01fc05b33d01c19f9a9432d4b2dd73cf8b38b972
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332163
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69162}
2020-07-31 10:13:11 +00:00
Clemens Backes
9555464fb2 [d8] Fix worker creation near stack limit
If we are near the stack limit, calling the proxy method might not work
any more. Instead of crashing because of an empty MaybeLocal, handle
this gracefully.

Drive-by: Minor refactoring in TryGetValue.

R=tebbi@chromium.org

Bug: chromium:1110001
Change-Id: I07e7773768166b3dbea2e6b75a3ab8b24bfeee53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332156
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69161}
2020-07-31 09:37:59 +00:00
Igor Sheludko
13141c8a65 [zone-compr] Introduce ZoneTypeTraits and ZoneCompression
Also move zone compression flags to src/common/globals.h.

Bug: v8:9923
Change-Id: Id0a77720e735e2669a1e5eef48e1b4866ad99480
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2324255
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69160}
2020-07-31 09:18:19 +00:00
Thibaud Michaud
3d9506f93c [wasm] Mark tail calls as unconditional jumps
R=clemensb@chromium.org

Bug: chromium:1111015
Change-Id: Ia56e38e1aa1b7de69b2203fe2b028f24cba16861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330024
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69159}
2020-07-31 09:06:09 +00:00
Igor Sheludko
151501a270 [zone-compr] Fix WasmCapiTest, pt.2
The shutdown process should destroy AccountingAllocator instance before
the V8 platform.

Bug: v8:9923
Change-Id: Iff76b64d16c42c711ce4ee0c3533acd5ba5aaaa5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330020
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69158}
2020-07-31 08:05:18 +00:00
Shu-yu Guo
e0d382a2f4 Install Reflect[@@toStringTag]
This normative PR reached consensus in the July 2020 TC39:
https://github.com/tc39/ecma262/pull/2057

Bug: v8:10768
Change-Id: Ibe2affea0447b923435f77de5d3c0233deeb9877
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2327753
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69156}
2020-07-30 19:56:52 +00:00