Commit Graph

67202 Commits

Author SHA1 Message Date
Benedikt Meurer
c5cf7db1f2 [api] Deprecate Function::GetDisplayName().
Mark Function::GetDisplayName() as deprecated, scheduled for removal
with M92.

Bug: chromium:1177685, chromium:17356
Change-Id: Iedb905d2d5ab6f8ec95f47bbc982e4f03891fd48
Doc: https://bit.ly/devtools-function-displayName-removal
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690601
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72710}
2021-02-12 16:00:40 +00:00
Leszek Swirski
cd139abbf8 [sparkplug] Change TODO into a comment
The TODO around range checks for LAST_JS_RECEIVER_TYPE is guarded
by a STATIC_ASSERT, so it can be a comment rather than a TODO.

Bug: v8:11429
Change-Id: Id0d7fc9526448319d89cba43d793accf022a949b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692567
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72709}
2021-02-12 15:46:57 +00:00
Santiago Aboy Solanes
88de5b0f4f [objects] Remove RawFastPropertyAtPut
After after double field unboxing deletion, there was no need for this
method.

Bug: v8:11422
Change-Id: I540ffc80ad21c4cfec62fd8c80a343b8b8eed4bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691047
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72708}
2021-02-12 15:44:37 +00:00
Michael Achenbach
bc403dcb97 [test] Temporarily drop no-sse flags from differential fuzzing
No-Try: true
Bug: v8:11442
Change-Id: I13849c9fa90fa5a971c24694db56a07cc1cccc24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692570
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72707}
2021-02-12 15:29:46 +00:00
Michael Achenbach
76ce5bbb1d [test] Temporarily skip no-sse flags on flag fuzzer.
No-Try: true
Bug: v8:11442
Change-Id: I856470d95cf0b70e98e09a0ce4e8d80377e7a92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691052
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72706}
2021-02-12 15:14:48 +00:00
Santiago Aboy Solanes
ee1b6415bb [csa][cleanup] Simplify StoreElementBigIntOrTypedArray
BigInts are considered in the typed array elements kind, there's no need
to special case them.

Bug: v8:6949, v8:11384
Change-Id: I0b231d3ba2ca53236b2005d200b8a208bc57ed0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690595
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72705}
2021-02-12 15:12:39 +00:00
Victor Gomes
94b294b349 [debug] Fix extra arguments when restarting frame
Before the removal of the arguments adaptor frame, we could set {actual arguments count} = {formal parameter count} before restarting a live frame to avoid re-entering in the adaptor frame trampoline.
This does not work anymore, since we now need the correct value of the {actual argument count} to be pushed in the callee frame to be used in its epilogue.

This CL calls InvokeCall with the correct argument count and the kDontAdaptArgumentsSentinel to skip arguments adaptation.

Bug: v8:11431, v8:11441
Change-Id: I3698891f07274e8ab95c82b9dd35f53bd78632d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2675927
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72704}
2021-02-12 15:08:18 +00:00
Santiago Aboy Solanes
b309b9ae7f [csa][cleanup] TNodify LoadElementAndPrepareForStore's return value
Bug: v8:6949, v8:11384
Change-Id: Ief5a14e5c4327adb8fe9c12fd4af72596a1ba20a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692209
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72703}
2021-02-12 15:03:08 +00:00
Mike Stanton
3393378b3b [compiler] Create canonical handles in JSTypedArrayRef::buffer()
Bug: chromium:1177368, chromium:1177369, v8:7790
Change-Id: Ice0b1b3fbc0b15d2b0b80255b7bb4a8c61f855e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692246
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72702}
2021-02-12 14:52:35 +00:00
Clemens Backes
15f3392a7e [wasm][debug] Implement instrumentation breakpoints
This CL adds support for instrumentation breakpoints in wasm. The
request for "break on entry" is set on the script, and we need to keep
it stored there because there might not be any instances of that wasm
module yet. Once instances get created, the flag value is transferred to
all instances. The flag stored there is then checked in the function
prologue in Liftoff debugging code. This ensures that we will stop at
the first valid break position in any function within that module.
Hitting that instrumentation breakpoint will then clear the flag from
the script and from all other live instances (in the same isolate).

A first basic test is contained in this CL. More tests will be added
later.

R=thibaudm@chromium.org, bmeurer@chromium.org

Bug: chromium:1151211
Change-Id: I5442d4044934988269becececc03699b850d51d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690588
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72701}
2021-02-12 14:37:16 +00:00
Thibaud Michaud
827411086b [wasm][interpreter][eh] Implement catch_all
R=clemensb@chromium.org

Bug: v8:8091
Change-Id: I512db4c4a6dce56c06f6d222f75029eebeaa4f66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691046
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72700}
2021-02-12 14:26:38 +00:00
Santiago Aboy Solanes
e7b2d64ef1 [csa][cleanup] TNodify value of one of the two StoreElement methods
Having a separate method seems like the cleanest option. Node* is still
there in the RawPtrT version but that seems to require another solution.

Bug: v8:6949, v8:11384
Change-Id: I581b395aa0d0a8a3b2cfed3c6ffa0a0cfed7272f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690594
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72699}
2021-02-12 14:16:48 +00:00
Leszek Swirski
def5e9c364 [sparkplug] Disable baseline tests under CFI
Add a .status file variable for the "v8_control_flow_integrity" gn arg,
and disable baseline tests for now in that configuration.

No-Tree-Checks: true
No-Try: true
Bug: v8:11439
Change-Id: I7274a168893cfd6619ce98fdd14a692217fd56c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692206
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72698}
2021-02-12 13:57:39 +00:00
Georg Neis
cf7cba8d61 Reland "[compiler] Directly read PropertyCells"
This reverts commit 87df0b7ecc (thus
relands 42cd9eb78d), with fixes for
the discovered issues.

Original change's description:
> Revert "[compiler] Directly read PropertyCells"
>
> This reverts commit 42cd9eb78d.
>
> Reason for revert: Clusterfuzz issues, e.g.
> https://bugs.chromium.org/p/chromium/issues/detail?id=1176318
>
> Original change's description:
> > [compiler] Directly read PropertyCells
> >
> > Main changes:
> >
> > - Introduce a new broker data kind kBackgroundSerialized for objects
> >   that can be serialized in the background (when direct reads are on).
> >   (I'm planning to remove kPossiblyBackgroundSerialized in a followup,
> >   in favor of a dynamic choice of kSerialized or kBackgroundSerialized).
> > - Make PropertyCell use that new kind.
> > - Introduce a bottleneck in runtime code for changes to PropertyCells
> >   and make sure that a certain protocol is followed that allows
> >   concurrent reads from the background thread.
> > - Improve interface of PropertyCell in various ways.
> >
> > Bug: v8:7790
> > Change-Id: If3d7926c3b894808811348b4b2bed153f5c06897
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2661462
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#72586}
>
> TBR=ulan@chromium.org,neis@chromium.org,verwaest@chromium.org,nicohartmann@chromium.org
>
> Change-Id: Id04145760c49fa379bc5a3fc16eba664025a9180
> Bug: v8:7790
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685125
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72619}

Bug: v8:7790, chromium:1176509, chromium:1176318, chromium:1176504
Change-Id: Icaf285912bb948432a4a2d599cd174f6a5aa296e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685166
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72697}
2021-02-12 13:52:40 +00:00
Leszek Swirski
c913ef3a91 [sparkplug] Change Sparkplug to Baseline
Currently we sometimes refer to baseline code or the baseline compiler
by its codename (Sparkplug). The codename is fun, but we should be
consistent and call things by one name or the other. Following the
pattern of Ignition stuff being called "interpreter", we call Sparkplug
"baseline", and leave the codename only in flags and variants.

Bug: v8:11420
Change-Id: I432e5629518be7c7ad38b6acff024c91d4cfd6d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692186
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72696}
2021-02-12 13:51:35 +00:00
Sathya Gunasekaran
9129547bf5 [ic] Optimize CallOptimization
Instead of calling LookupHolderOfExpectedType twice, call it once
and pass the result to IsCompatibleReceiverMap.

Removes unnecessary IsCompatibleReceiver function.

Bug: v8:9805
Change-Id: I1333449d10702e824dddbdbca5c87e639a7d7118
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692187
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72695}
2021-02-12 13:50:31 +00:00
Benedikt Meurer
eed0d27c2f [stack-traces] Simplify and speedup stack trace collection.
Following up on https://crrev.com/c/2689185, this CL significantly
simplifies the whole implementation of the stack trace capturing.

Before this CL, capturing any stack trace (for the purpose of the API or
Error.stack) would roughly work like this:

  1. The CaptureStackTrace() function uses the StackFrameIterator to
     walk the system stack. For each native frame it uses the
     FrameSummary abstraction to get all (including potentially inlined)
     frames. For each of those it appends a record consisting of six
     elements to a FrameArray (this holds pointers to the actual
     closures and receivers).
  2. Afterwards the FrameArray is shrinked to the required size, and a
     new FixedArray is allocated, and initialized with new
     StackTraceFrame objects where each holds a reference to the
     FrameArray, the index of the frame, and an initially uninitialized
     StackFrameInfo reference. This new FixedArray is then returned from
     CaptureStackTrace() and either stored on a message object or
     provided to the API as v8::StackTrace.

The new approach removes a lot of the machinery in between and directly
creates a FixedArray of StackFrameInfo objects in CaptureStackTrace().
These StackFrameInfo objects are directly exposed as v8::StackFrame on
the public API, and they hold the six fields that were previously stored
flat in the FrameArray. This not only avoids a lot of copying around of
data and creation of temporary objects and handles, but most importantly
unifies and simplifies the stack frame function inside StackFrameInfo,
so you no longer need to wonder which function / object might be
responsible for a certain API.

There's still a lot of room for improvement. In particular we currently
don't cache the source position for a given StackFrameInfo (or
globally), but rather recompute it every time. This is still very fast,
significantly faster than the previous approach.

There are some notable (potentially user visible) changes:

  - The CallSite#GetPosition() method now consistently returns the
    Wasm module relative bytecode offset for all Wasm frames (previously
    it'd return the function relative bytecode offset for non-asm.js
    Wasm frames).
  - The column and line numbers returned from StackFrameInfo methods are
    consistently 1-based now, instead of sometimes being 0-based (Wasm)
    and sometimes being 1-based (JS and asm.js Wasm). The only
    potentially noticable difference is that for
    CallSite#GetLineNumber() no longer returns 0 for Wasm frames, but
    that was wrong and useless anyways.
  - CallSite#GetThis() would sometimes return the_hole, another bug
    flushed out by this CL.

The CL also contains some other not noteworthy drive-by-cleanups.

Fixed: chromium:1057211
Bug: chromium:1077657, chromium:1069425, v8:8742
Bug: chromium:1127391, chromium:1098530, chromium:981541
Change-Id: Iff12f6838a4d99080db8dd96bccc14440affc5a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689183
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72694}
2021-02-12 13:49:27 +00:00
Marja Hölttä
06c94c3803 [cleanup] Update comments to match the current spec
Bug: v8:11384
Change-Id: I6c4410530811df62d57b93e8b7e34c29d928bcb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689188
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72693}
2021-02-12 13:48:21 +00:00
Santiago Aboy Solanes
189257447f [heap] Simplify mark-compact after double field unboxing deletion
Bug: v8:11422
Change-Id: I106b2226d531d7a868ac9344cce8c965250316e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690589
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72692}
2021-02-12 12:02:40 +00:00
Nico Hartmann
57ae048bd2 [test] Disable tests failing with new msan roll
Temporarily disable these tests failing on msan builds after latest
roll:
- test262/intl402/DateTimeFormat/timezone-invalid
- intl/regress-364374
- mjsunit/regress/regress-crbug-627935

No-Try: true
No-Tree-Checks: true
Bug: v8:11438
Change-Id: I4a7755f9f65b2e9a12463c9e12fbbe39d3f5efb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2692188
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72691}
2021-02-12 11:53:48 +00:00
Clemens Backes
587e7163cd [test] Fix UBSan failure
UBSan starts complaining about a nullptr destination in memcpy after
https://crrev.com/c/2691828.
This CL fixes the error by not copying if there is nothing to copy.

R=nicohartmann@chromium.org

No-Try: true
No-Tree-Checks: true
Change-Id: I2c941b37d26931d6c2253bc3bb2c0aa659d4cb71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690605
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72690}
2021-02-12 11:24:53 +00:00
v8-ci-autoroll-builder
e5cf754b67 Update V8 DEPS.
Rolling v8/base/trace_event/common: 71cb2ac..7af6071

Rolling v8/build: 6408b07..d1fa78c

Rolling v8/buildtools: fc5af1a..7e85fef

Rolling v8/buildtools/third_party/libc++/trunk: d9040c7..8fa8794

Rolling v8/third_party/aemu-linux-x64: BJKsuvEy1d1R4k1qe_4WGn47cAA9BDUVDaMnfbyiH-cC..zN4Wm-IY1Nd2ZF2IFXt3kLaxI1cDiwANew4sQzpVRSgC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e6e7c93..d2aa569

Rolling v8/third_party/depot_tools: 79f916a..398091b

Rolling v8/tools/clang: 5798a76..35e7868

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ia25c05ee0cda2c20bcf26e1d309894340d2018d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691828
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72689}
2021-02-12 10:26:04 +00:00
Dominik Inführ
27fca37d15 [heap] Fix flaky test for GC epilogues
Ensure that epilogues are added to the LocalHeap before starting the GC.
Adding the epilogue after invoking NotifyStarted() might mean that the
epilogue is only added after the GC is already done and the epilogue
isn't run at all. The test flakily fails because the epilogue didn't
execute then.

Bug: v8:11434
Change-Id: I60723a99cd9224307f48acd0c0e8af3f93dd3eb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690600
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72688}
2021-02-12 10:08:51 +00:00
Ng Zhi An
3e6fe261f9 Bump expected static initializers count from 2 to 3
This should also unblock V8 DEPS roll:
https://chromium-review.googlesource.com/c/v8/v8/+/2689808

Bug: chromium:1177324
Change-Id: Iede2ba9c2257a2996715bcb7821ce14baa9ae9a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689089
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72687}
2021-02-12 09:47:44 +00:00
Leszek Swirski
c053419e8c [sparkplug] Upstream Sparkplug
Sparkplug is a new baseline, non-optimising second-tier compiler,
designed to fit in the compiler trade-off space between Ignition and
TurboProp/TurboFan.

Design doc:
https://docs.google.com/document/d/13c-xXmFOMcpUQNqo66XWQt3u46TsBjXrHrh4c045l-A/edit?usp=sharing

Bug: v8:11420
Change-Id: Ideb7270db3d6548eedd8337a3f596eb6f8fea6b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667514
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72686}
2021-02-12 09:31:06 +00:00
Thibaud Michaud
27b8ad2077 [wasm][eh] Add metrics for exception events
Sample elapsed time between two consecutive exception events of the same
type (throw/rethrow/catch). This will give us an idea of how frequently
exception handling features are used at runtime during the origin trial.

R=ahaas@chromium.org

Bug: v8:8091
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: Ic3095eeeca08d2e079a507a492f10d2efb5ecfd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2684367
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72685}
2021-02-12 09:24:38 +00:00
Andrew Comminos
17a5a3b788 [cpu-profiler] Clear code entries from BytecodeFlushEvents
When the CPU profiler receives a bytecode flush event, ensure that we
clear the appropriate CodeEntry.

Bug: v8:11054
Change-Id: I94e771e42192b75ea6d317738e4f2d5b76533dc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691826
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#72684}
2021-02-12 09:08:29 +00:00
Ng Zhi An
ec6df835f1 [wasm-simd][liftoff][arm] Implement v64x2.alltrue and i64x2.ne
Extract v64x2.alltrue code sequence into macro-assembler for sharing
between TurboFan and Liftoff.

Bug: v8:11347,v8:11348
Change-Id: Ica436178b4f92ea0ed574010cd74f1babf66680f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686013
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72683}
2021-02-12 02:19:01 +00:00
Deepti Gandluri
4454b8fe33 [wasm-simd] Add a decode failure if hardware does not support SIMD
- Add a no-simd-sse flag to skip SIMD tests on bots with no
hardware support.

Change-Id: I4efdbb5ee39c2e10ea8776a1f1e536ac96823efe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2629465
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72682}
2021-02-12 01:28:54 +00:00
Ng Zhi An
db22042e2a [wasm-simd][liftoff][arm64] Implement v64x2.alltrue and i64x2.ne
Extract code sequence for v64x2.alltrue into macro-assembler for sharing
between TurboFan and Liftoff.

Bug: v8:11347,v8:11348
Change-Id: I8119f5425c8cf11ddac77f69ed9e62a408f7049d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686011
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72681}
2021-02-12 01:00:14 +00:00
Ng Zhi An
87763e634f [wasm-simd][liftoff][ia32] Implement v64x2.alltrue and i64x2.ne
Bug: v8:11347,v8:11348
Change-Id: Ib9eb0c8d03af9e0d9171ba668e8720332659e187
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686010
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72680}
2021-02-12 00:07:02 +00:00
Seth Brenith
1dd0988a11 [interpreter] Rename AccumulatorUse so it can be expanded for short star
In https://chromium-review.googlesource.com/c/v8/v8/+/2641180 , we are
discussing renaming AccumulatorUse. To avoid polluting that change with
a large mechanical find&replace, I've created a separate change for the
renaming.

Change-Id: Ibc7e438f9e719571c9237e7e08ba86562a3c679f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2684923
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#72679}
2021-02-11 23:35:29 +00:00
Milad Fa
34ea1904b6 PPC/s390: [wasm-simd][liftoff][x64] Implement v64x2.alltrue and i64x2.ne
Port 1b81ffb1d7

Original Commit Message:

    Other archs will come later.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I7a1194c3270486de326b74b63cefc4aded5faff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2691028
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72678}
2021-02-11 23:16:59 +00:00
Toon Verwaest
c8a6fb4f6f Reland "[interpreter] Speed up the BytecodeArrayAccessor through direct memory access"
This speeds up sparkplug by >20%.

This reland fixes the OffHeapBytecodeArray to also register a GC
callback. Turns out off-heap here doesn't mean that the underlying
bytecode array is off-heap and it can in fact move.

Change-Id: I7c6e82abd2a7be08ead537ab84855e76edc3b290
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2688400
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72677}
2021-02-11 19:09:27 +00:00
Milad Fa
c4afaf7176 PPC/s390: [wasm-simd][liftoff] Implement double precision conversions
Port 66964c519a

Original Commit Message:

    Extract codegen into macro-assembler functions for reuse in Liftoff.

    Some minor tweaks in I32x4TruncSatF64x2SZero and I32x4TruncSatF64x2UZero
    to check dst and src overlap and move to scratch/dst accordingly. In
    TurboFan we can set these restrictions in the instruction-selector, but
    not in Liftoff. This doesn't make TurboFan codegen any worse, since
    those restrictions are still in place.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Iae59472a5e77c1becc5ff880081f2c0c8c149630
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690828
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72676}
2021-02-11 18:31:03 +00:00
Sathya Gunasekaran
1725efdc37 [lookup] Optimize TryLookupCachedProperty
If the accessor pair is available, thread it through to the
TryLookupCachedProperty function rather than looking it up again.

On a simple microbenchmark[0] with --no-opt and --no-use-ic this
provides a 5-10% improvement.

[0]: https://gist.github.com/gsathya/c47da0a15be08062c12cda9b0887de3d

Bug: v8:9805
Change-Id: I5b2d0c5e27c49a1d39a99dc63c3b0809bca4d6a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685178
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72675}
2021-02-11 18:24:20 +00:00
Ng Zhi An
1b81ffb1d7 [wasm-simd][liftoff][x64] Implement v64x2.alltrue and i64x2.ne
Other archs will come later.

Bug: v8:11347,v8:11348
Change-Id: I9ea656b9c7ce03c9dafb631dd67f6e2f7d4346a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686312
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72674}
2021-02-11 17:46:48 +00:00
Junliang Yan
4f76cb297c s390x: [liftoff] implement un-ops and bin-ops
Change-Id: If817a6ed0e20cf71f33bbeec69118adff0ac898e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690548
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72673}
2021-02-11 17:45:40 +00:00
Omer Katz
c6a3190bf8 cppgc: Rename allocated_size to physical_size in statistics
Bug: chromium:1056170
Change-Id: I6fb5278dd1ef14faac13602cd28286d0e0d29054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689198
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72672}
2021-02-11 17:44:35 +00:00
Santiago Aboy Solanes
42409a2e69 [objects] Delete double field unboxing
Reasons:
 * We disabled it more than a year ago for all configs
 * Not easy to re-enable
 * Not compatible with pointer compression as-is
 * Not compatible with concurrent TP/TF as-is
 * No concrete plans to re-enable it

Also remove Map's layout_descriptor since it was only used for double
field unboxing.

Bug: v8:11422
Change-Id: I9260906eac199213b3210712e9903f1ecf1d7979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676637
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72671}
2021-02-11 17:24:15 +00:00
Michael Lippautz
60ba22061e cppgc: Remove explit setter to enable testing features
cppgc/testing.h is already part of a testonly gn target which only can
be included from other test targets. This prevents any production
target to depend on cppgc/testing.h.

Bug: chromium:1056170
Change-Id: I51f6c47ffac2a05c8c63d7b4663c456a64fe75b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689196
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72670}
2021-02-11 17:23:02 +00:00
Benedikt Meurer
bdf74a1700 [inspector] Add wasmvalue to all subtype enums.
The `wasmvalue` was missing from `PropertyPreview` and `ObjectPreview`
subtype enums.

Bug: chromium:1170282
Change-Id: If4f8aa330d81e603c82a16b19f14d037d556a373
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689197
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72669}
2021-02-11 16:53:18 +00:00
Mythri A
a3c8eebb08 [turboprop] Add intrinsics to tier up from Turboprop to TurboFan
Currently %OptimizeFunctionOnNextCall returns if there is the function
is already optimized. This cl changes this function to allow tiering up
till we reach top tier. That allows us to tier up from Turboprop to
Turbofan using intrinsics. This cl also introduces a runtime-test
function to check if turboprop-as-toptier or turboprop-as-midtier is
enabled.

Bug: chromium:1172797, v8:9684
Change-Id: Idbd99b816d4b93e4e619be5d4ccdfe89fc561a9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2682638
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72668}
2021-02-11 16:51:14 +00:00
Clemens Backes
724b2eb416 Revert "[wasm] Send a single scriptParsed event per script"
This reverts commit b471bc9318.

Reason for revert: Seems like we don't reliably deliver scriptParsed events on reload after this CL.

Original change's description:
> [wasm] Send a single scriptParsed event per script
>
> If a script was shared between multiple modules (because they used the
> same wire bytes) it could happen that we still triggered multiple
> "scriptParsed" events via CDP. This was because
> {WasmEngine::GetOrCreateScript} did not communicate back whether it
> used a cached script or whether it created a new one.
>
> This CL moves the call to {Debug::OnAfterCompile} (which triggers the
> "scriptParsed" event) to the {WasmEngine::GetOrCreateScript} method,
> such that we only call it once per script.
> Since the engine only holds a weak reference to the script, we would
> still trigger multiple events if the script is garbage-collected in the
> meantime. In this case there is no way around this, as the new script
> would have a new ID, hence we need to emit a new event to make it
> public to the debugger.
>
> R=​thibaudm@chromium.org
> CC=​bmeurer@chromium.org
>
> Bug: chromium:1151211
> Change-Id: I1a7986514fd708680541a0e5dc24e60f01f42c28
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2687755
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72648}

TBR=clemensb@chromium.org,bmeurer@chromium.org,thibaudm@chromium.org

Change-Id: I6cc299734e4fcff29289355973e7660b60b49a25
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1151211
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689199
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72667}
2021-02-11 16:35:35 +00:00
Ng Zhi An
d80eafadfe [wasm-simd][x64] Implement i64x2.abs
Bug: v8:11416
Change-Id: I68bd6cade55472aed006638ea6d0c1d516d9d2cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686308
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72666}
2021-02-11 16:32:53 +00:00
Ng Zhi An
bae5959ed2 [wasm-simd][arm][liftoff] Implement double precision conversions
Did not factor out the codegen because it is short enough (1 or 2
instructions) and will unlikely be changed (for optimization reasons).

Bug: v8:11265
Change-Id: Ia79c8553ad4b3924d21f77a6064c9003dfcaeb7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689001
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72665}
2021-02-11 16:28:11 +00:00
Ng Zhi An
f1e5663776 [wasm-simd][arm64][liftoff] Implement double precision conversions
Did not factor out the codegen because it is short enough (1 or 2
instructions) and will unlikely be changed (for optimization reasons).

Bug: v8:11265
Change-Id: Ic5e5bc7642e80448bdaa6d130dfe7c12018eb481
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2683209
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72664}
2021-02-11 16:24:35 +00:00
Almothana Athamneh
9d9c7d02c5 Reduce tests on the dictionary tracking builders
Bug: v8:11385
Change-Id: Ia1511cb68b0b38081c28d9f7c036f7589fc4ab7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2689195
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72663}
2021-02-11 16:13:07 +00:00
Seth Brenith
6160a76751 [torque] Generate accessors for struct-typed class fields
Torque generates runtime accessor member functions for most class fields
that are defined in .tq files, but fields with struct types are
currently omitted. This change adds those accessors. As an example, if a
.tq file defines the following:

  struct InternalClassStructElement {
    a: Smi;
    b: Smi;
  }

  class InternalClassWithStructElements extends HeapObject {
    const count: Smi;
    entries[count]: InternalClassStructElement;
  }

Then the following accessors are generated to get and set each struct
field within the 'entries' field:

  inline int entries_a(int i) const;
  inline void set_entries_a(int i, int value);

  inline int entries_b(int i) const;
  inline void set_entries_b(int i, int value);

Bug: v8:7793
Change-Id: Ia40b5918e9d09f53ad8e78bc33f8629b8d6a79fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2676926
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#72662}
2021-02-11 16:05:18 +00:00
Thibaud Michaud
440548267b [wasm][interpreter][eh] Implement catch with immediate
In the latest spec, catch can take an exception index immediate, and
control-flow jumps to the appropriate catch handler depending on the
thrown exception.

Do this by allowing multiple jump targets for the same pc in labels and
in the control transfer map. At runtime, the unwinder will choose the
appropriate control transfer entry based on the exception tag, unpack
the exception and jump to the handler.

Enable the exception cctests that were currently disabled for the
interpreter, fix some issues and add tests for the new behaviors.

R=clemensb@chromium.org

Bug: v8:8091
Change-Id: I30cb8f9459647a7c6f7bfd9785b238a9c9e9fc10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2690587
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72661}
2021-02-11 15:38:56 +00:00