Commit Graph

75947 Commits

Author SHA1 Message Date
Igor Sheludko
f914df6574 [builtins-pgo] Minor fixes in the profile reader
This CL also makes the PGO-related scripts executable.

Bug: v8:10470
Change-Id: Iedf81464ff591e641aae4f1f0aa37312875f2637
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716482
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81305}
2022-06-22 14:30:28 +00:00
Milad Fa
c0837f2c6f Fix link error on gcc
There seems to be a bug in gcc which causes link errors after
this CL: https://crrev.com/c/3714238

Issue seems to happen when using default template argument
of function type. A related bug report on bugzilla:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105848

A workaround is to explicitly instantiate the template
for type <bool>.

Bug: v8:12991
Change-Id: I74db7d42d7b41e8af5d721b8c10130a7a0f2a999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3718379
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81304}
2022-06-22 13:51:58 +00:00
Patrick Thier
b4bb6cbce4 [string] Add checks for correct hash values in heap verification
- Check that internalized strings always have a computed hash value.
- Check that ThinStrings never have a forwarding index.
- Add a simple test of various property access with
  --always-use-string-forwarding-table to make the CF aware of the flag.

Change-Id: Ie047c9f635d5e0ed999208ec3379ef09c395b3f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717988
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81303}
2022-06-22 13:39:48 +00:00
v8-ci-autoroll-builder
e7c43e512b Update V8 DEPS (trusted-versions)
Rolling v8/buildtools/linux64: git_revision:8883070fe77f9b484818e73e5892c08ca8a0fe7f..git_revision:ae474cc51337c3fe823f936371c5e92891e86b48

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4ea19a6..c083518

Rolling v8/third_party/depot_tools: 39e4055..28190a2

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220614.2.1..version:8.20220622.0.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0654e6e87504c32d8f82c78afabd5d5eeb4b2ead
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717741
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81302}
2022-06-22 13:29:18 +00:00
Marja Hölttä
668a3e0eb5 [rab/gsab] Undo test splitting and make tests faster
Part 1:
Revert "PPC: skip slow tests on the ppc simulator"

This reverts commit 9dfac00a1d.

Part 2:
Make the slow test faster.

Bug: v8:11111
Change-Id: I8f0291098d29917fa65c4b5b28bf03cbdbe7ebc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714229
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81301}
2022-06-22 12:53:18 +00:00
Marja Hölttä
05cf616675 [debugger] Fail silently even harder
If parsing fails in ScopeIterator::TryParseAndRetrieveScopes, the
intention was to fail silently (see the TODO there). However,
closure_scope_ being nullptr caused us to fail less silently.

This alone is not enough for fixing chromium:1316811 but the other
fixes needed are sufficiently unrelated.

Bug: chromium:1316811
Change-Id: I4eb0f5a13fa4da5fd5dd7ff76a1aa1a6a8ee4c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716477
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81300}
2022-06-22 12:30:58 +00:00
jameslahm
0fe567e700 [web snapshot] Support DataView
Bug: v8:11525
Change-Id: I5a29542032692c106bba14d010605e90954097b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706964
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81299}
2022-06-22 12:01:48 +00:00
Mohit Saini
c801d52924 Refactor dynamic name to perfetto::DynamicString
Recently perfetto introduced `perfetto::DynamicString` to allow clients
to wrap dynamic event name strings. So that clients don't have to
manually set event name inside trace lambda.

With that:

TRACE_EVENT("cat", nullptr, [&](EventContext ctx) {
  ctx.event().set_name(dynamic_name_str)
});

is simplified to:

TRACE_EVENT("cat", perfetto::DynamicString{dynamic_name_str});

In this change we are making use of perfetto::DynamicString to pass
dynamic event name string.

Change-Id: Ic6b501df67409d6faa4d60b59095ad0e79ce585e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716473
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Mohit Saini <mohitms@google.com>
Cr-Commit-Position: refs/heads/main@{#81298}
2022-06-22 11:06:08 +00:00
Samuel Groß
9d3a645bec [sandbox] Fix two deserializer issues when sandbox is enabled
When the sandbox is enabled, an empty ArrayBuffer does not have a
nullptr backing store but instead points to a special EmptyBackingStore
pseudo-object inside the sandbox. This then requires special handling
during deserialization. This CL fixes two cases where this was not done
correctly, which caused some crashes when --stress-snapshot is active.

Bug: v8:10391
Change-Id: I412adace229b979b317864a3e8c12ed4c601b850
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716480
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81297}
2022-06-22 10:56:29 +00:00
Andy Wingo
69bb334fda [stringrefs] Renumber stringref types
0x65 is unavailable after
https://github.com/WebAssembly/gc/pull/295/files.

Bug: v8:12868
Change-Id: I8bdffb279c7e7cf72242c1565cf3401e5fa3f4d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717984
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81296}
2022-06-22 10:27:47 +00:00
Nikolaos Papaspyrou
852baabc17 heap: Add flag v8_enable_inner_pointer_resolution_osb
This CL introduces a compile flag v8_enable_inner_pointer_resolution_osb
behind which lies the experimental implementation of the object start
bitmap. It disassociates the object start bitmap from the compile flag
v8_enable_conservative_stack_scanning. At the moment the former flag is
a prerequisite for the latter, as conservative stack scanning requires
some mechanism for inner pointer resolution and the object start bitmap
provides one such mechanism.

Bug: v8:12851
Change-Id: I24c6b389453fbaefc79ae50c34c5ec7a1bf23347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717322
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81295}
2022-06-22 10:12:38 +00:00
Toon Verwaest
62ae188994 [maglev] Drop double merge in AllocateControlNode
This should not be necessary, but something was failing previously
when removed. Now that we have the blocklist just merging once seems
to work.

Bug: v8:7700
Change-Id: I6534506263ae739f28043eef2dee7aba8f28eadf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717983
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81294}
2022-06-22 09:23:18 +00:00
Michael Lippautz
f625ed4e03 [handles] Add temporary sanity check
Check against copying around a TracedReference containing a zap value.

Bug: chromium:1322114
Change-Id: Ie97ecaf18931006516fc70be262829a267d1285c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717323
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81293}
2022-06-22 08:39:38 +00:00
Igor Sheludko
b81af94a3a Revert "[arm64] Increase code alignment to 64"
This reverts commit 319e747a1d.

Reason for revert: it brought unexpected performance regressions.

Original change's description:
> [arm64] Increase code alignment to 64
>
> This should fix unexpected regressions which occur after builtins
> modifications.
>
> This CL affects alignment of embedded builtins on all configurations
> and Code header size only for non-pointer compression configuration.
>
> Bug: v8:11708
> Change-Id: I8058197c5b768a699e7f52446424013e86203b57
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700392
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81113}

Bug: v8:11708
Change-Id: I238e799284d59e80dee244b240fe2a72c33e83b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716485
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81292}
2022-06-22 08:31:48 +00:00
Michael Lippautz
9076fce87b [heap] Fix regression around GC request via stack guard
When a GC was requested via stack guard, we don't restart incremental
marking anymore on finding new objects but rather finish the GC cycle.

This regressed in https://crrev.com/c/3702801

Bug: v8:12985, chromium:1338071, v8:12775
Change-Id: Ie515cea6d5345ad1111a4fb9f042cffc52083453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716486
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81291}
2022-06-22 08:01:28 +00:00
Michael Lippautz
94ebff7b94 Reland "[heap] Sweep code pages on the background thread"
This reverts commit 6ddf042f68.

Revert did not fix the crasher.

Bug: v8:12967, chromium:1336850
Change-Id: I6d474644e3d94c14df17af6efa70747bae6ad652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716487
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81290}
2022-06-22 07:59:18 +00:00
Michael Lippautz
364aacce0e Revert "[heap] Add CHECKs for empty worklists in scavenger"
This reverts commit 3366abb218.

Reason for revert: Speculative revert.

Original change's description:
> [heap] Add CHECKs for empty worklists in scavenger
>
> Shrink life range of worklists and add IsEmpty-CHECKs for them. Also
> move some logic into its own method ProcessChunksWithEmptyBuckets.
>
> Bug: chromium:1336158
> Change-Id: Ia2f34c824f5b1c5d61391a1a1243a46881040de1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704511
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81158}

Bug: chromium:1336158, chromium:1336850
Change-Id: Icb3207238f027d7ecca3292cac06544a243c7183
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716488
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81289}
2022-06-22 07:58:15 +00:00
Adam Klein
31fe9362b4 Allocate calendar before JSTemporalPlainTime to fix heap verification
Bug: v8:12978
Change-Id: Ic8c73eafbd080714915268c8bcb9f2c30614b9b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711712
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81288}
2022-06-22 04:10:57 +00:00
v8-ci-autoroll-builder
4eeca86e3c Update V8 DEPS.
Rolling v8/build: 7eec98d..3a562c9

Rolling v8/buildtools/linux64: git_revision:fcda46cf40422284f2e74b770da8b22f7f5d7006..git_revision:8883070fe77f9b484818e73e5892c08ca8a0fe7f

Rolling v8/buildtools/third_party/libc++abi/trunk: 2dba7d2..92ef8d4

Rolling v8/third_party/depot_tools: 9a3c4bc..39e4055

Rolling v8/tools/clang: f0cfef3..f575df1

Rolling v8/tools/luci-go: git_revision:df39938896c4603fb2a214a2430450a85d9cca81..git_revision:5d9b6ecf87cdfb928e1112d2838d26bc7ede2b48

Rolling v8/tools/luci-go: git_revision:df39938896c4603fb2a214a2430450a85d9cca81..git_revision:5d9b6ecf87cdfb928e1112d2838d26bc7ede2b48

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I53ed1615267c094189506a11ee7cd693fb27a59a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717722
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81287}
2022-06-22 03:49:58 +00:00
Frank Tang
ba6db33e06 Fix unreachable code under --harmony-intl-number-format-v3
ICU 71 added new enum value UNUM_APPROXIMATELY_SIGN_FIELD
need to map to "approximatelySign"

We also discover a spec bug in
https://github.com/tc39/proposal-intl-numberformat-v3/issues/99

All the parts of formatRangeToParts should have a source "shared" for
the case that start and end are the same or very close.

Bug: chromium:1336865
Change-Id: I89142479989d3d2017d8cb89194db737710c38ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717278
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81286}
2022-06-22 02:57:57 +00:00
Luis Fernando Pardo Sixtos
afb26623df [shared-struct] Shared Array Initial prototype
Initial implementation for concurrent shared arrays. Current implementation exposes a `SharedArray` constructor, but its syntax might
change in the future.

Shared arrays can be shared across Isolates, have a fixed size, have no
prototype, have no constructor, and can only store primitives, shared structs and other shared arrays. With this CL shared structs are also allowed to store shared arrays.

The Backing storage for the SharedArrays is a `FixedArrayBase`. This CL introdces a new ElementKind: `SHARED_ARRAY_ELEMENTS`. The new kind should match the overall functionality of the `PACKED_SEALED_ELEMENTS` kind, but having it as standalone kind allows for easier branching in CSA and turbofan code.

Bug: v8:12547
Change-Id: I054a04624d4cf1f37bc26ae4b92b6fe33408538a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585353
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81285}
2022-06-22 02:24:46 +00:00
Frank Tang
0c11a2cfe2 Update ICU
Rolling v8/third_party/icu: 1658259..1da9170

Add "delimiters" resources needed by ulocdata_getDelimiter (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/1da9170

Cherry-Pick PR2085 to fix numbering system resolution in NumberRangeFormatter (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/6fff4cf

Cherry-Pick PR2096 to fix TimeZone name (Frank Tang)
https://chromium.googlesource.com/chromium/deps/icu/+/12de966

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: Iaf6a2c2f1557331efbd17127a75925ebee829ca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714902
Reviewed-by: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81284}
2022-06-21 21:19:58 +00:00
Etienne Pierre-doray
4f9aba5c8f [gc] Delay start of memory reducer.
Creates a feature (flag): transition from Done -> Wait
schedules a timer after 30s instead of 8s.
In local benchmark, this reduces by 50% cpu time spent doing
incremental marking and sweeping.

Bug: chromium:1330940
Change-Id: Iff9121243b88d0ed87d0b921e285ece52a83eaa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3696168
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81283}
2022-06-21 18:59:27 +00:00
Manos Koukoutos
dd7a9e31f3 [wasm] Early exit in ReplaceTypeInCallDescriptorWith
Bug: v8:12986
Change-Id: I5aa8dbc7f387856cc017ac9fd72ff57bc1d44af9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716469
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81282}
2022-06-21 16:57:18 +00:00
Jakob Kummerow
6f3985534c Reland "[wasm] Fix tier-up budget tracking for recursive calls"
This is a reland of commit 15f372afaf

Change since revert: TSan fix for tier-up budget reset.

Original change's description:
> [wasm] Fix tier-up budget tracking for recursive calls
>
> In the previous implementation, functions overwrote any budget
> decrements caused by recursive invocations of themselves, which
> could cause tier-up decisions for certain unlucky functions to
> get delayed unreasonably long.
> This patch avoids this by working with the on-instance value
> directly instead of caching it in a stack slot. That generates
> the same amount of Liftoff code as the status quo, but handles
> recursive functions properly.
> The "barista3" benchmark's peak performance improves by almost 20%.
>
> Bug: v8:12281
> Change-Id: I8b487a88da99c2d22e132f2cc72bdf36aa5f6e63
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693710
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81249}

Bug: v8:12281,v8:12984
Change-Id: Ia6ce776848dc86617546ec514660c9a840484cb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716479
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81281}
2022-06-21 16:31:13 +00:00
Jakob Kummerow
d39d75b5e9 [wasm][cleanup] Merge opcode names into main macros
This merges the separate opcode name definitions from wasm-opcodes-inl.h
into the main opcode-defining macros in wasm-opcodes.h. This is simpler
(avoids a bunch of fairly complex macros) and easier to update when we
add new opcodes in the future.
The tests become obsolete because they would simply repeat the implementation.

Change-Id: Ib6421da5670079e7725659c1f4008251f8ff7aed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714244
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81280}
2022-06-21 14:47:30 +00:00
Jakob Kummerow
d750358a31 [wasm] Fix instance caching after br_table
The tier-up check in any backwards jumps in a br_table list cause the
instance to get cached if it wasn't cached before. When the branch is
not taken, we must not rely on this caching to have happened.
This is a variant of crbug.com/1314184.

Fixed: chromium:1338075
Change-Id: Id511e98f29ec13f0a38b5595ceb4a607c58b92a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716478
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81279}
2022-06-21 14:23:15 +00:00
Camillo
ca9d53e364 [compiler] Make TickCounter::TickAndMaybeEnterSafepoint() inlineable
This is likely just an issue in non-PGO builds, but it might skew
the results locally. JetStream2 seems to profit from this CL.

Change-Id: Id70030074dbabf2669fd42fb5fd9399e8692bed6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716475
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81278}
2022-06-21 13:41:17 +00:00
Samuel Groß
a4d17470ab Reland "[sandbox] Also enable the sandbox outside of Chromium builds"
This is a reland of commit 5b9401dde4

Now also skip tests that require large amounts of virtual address space
if tsan is enabled as tsan may cause V8 to create a smaller sandbox
which is then unable to allocate the required amount of memory.

Original change's description:
> [sandbox] Also enable the sandbox outside of Chromium builds
>
> Drive-by: include the right header in sandboxed-pointer-inl.h and fix
> missing sandbox initialization in generate-bytecode-expectations.cc.
>
> Bug: v8:10391
> Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81216}

Bug: v8:10391
Change-Id: I141080fdf61a77ef48b22e353e3cfbc1ff816e5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716474
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81277}
2022-06-21 13:32:26 +00:00
Toon Verwaest
f260308d28 [maglev] Prefer already block reg as input
When picking an arbitrary register for an input, prefer picking a
register that's already used as input. If there's no such register,
block the newly picked register.

Bug: v8:7700
Change-Id: I5926ae33482aa615060fef3500c1d2d6079090a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716476
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81276}
2022-06-21 13:19:35 +00:00
v8-ci-autoroll-builder
0e0dc80c70 Update V8 DEPS.
Rolling v8/build: 37b3bee..7eec98d

Rolling v8/tools/clang: 9ccf839..f0cfef3

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie2cc0a1d0d801774ff76d377f5caf752ae17ab0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716545
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81275}
2022-06-21 12:48:56 +00:00
Jakob Kummerow
bdb6322cc2 [wasm][simd] Align printed instructions/types with spec
The spec uses "v128" (not "s128") as the vector type name.
Some conversion instructions have more specific names that we used to
print, e.g. "i32x4.trunc_sat_f32x4_s" instead of "...convert...".

Bug: v8:8460
Change-Id: I4e06f452de6ce8b06670a8c5e53142c36d5e6010
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704497
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81274}
2022-06-21 12:21:57 +00:00
Toon Verwaest
8f855e977a [maglev] Block more allocated regs
- block regs that already contained the value
- clear the blocklists (including double) in more places
- check that a ForceAllocated reg isn't blocked yet (when allocated
  at start)

Bug: v8:7700
Change-Id: I17b58ff23e0558f962a5d798a39ebb7d9b0ae634
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716470
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81273}
2022-06-21 11:28:45 +00:00
Nico Hartmann
47a2a5a0c0 Reland "Reland "[turbofan] Support additional operators in SLVerifier""
This is a reland of commit 066d02339d

Original change's description:
> Reland "[turbofan] Support additional operators in SLVerifier"
>
> This is a reland of commit dec4bb0629
>
> Original change's description:
> > [turbofan] Support additional operators in SLVerifier
> >
> > This CL extends SimplifiedLoweringVerifier by a few additional operators.
> >
> > It fixes the missing type on a LoadElement node generated during
> > js-typed-lowering, that was detected by the verifier.
> >
> > Bug: v8:12619
> > Change-Id: I14e3ece15f6a90e6906c140696dcd2e6b74a2527
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557510
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#80014}
>
> Bug: v8:12619
> Change-Id: If3cb6efe2005c41118f37b39b0209195b3e63a38
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702330
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81125}

Bug: v8:12619
Change-Id: I58f88cff4b2eb20130be79a207995b63ff44ac2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714232
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81272}
2022-06-21 11:07:55 +00:00
Samuel Groß
0d94a5144c [sandbox] Implement ReadExternalPointerField in v8-internal.h
Previously it was implemented in api.cc, therefore requiring an additional
function call when accessing external pointer fields from embedder code with
the sandbox enabled. Now ReadExternalPointerField can be inlined.

Bug: v8:10391
Change-Id: Ia8cb2df148ac96f979fd3e22989b0ff6177abcec
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714245
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81271}
2022-06-21 10:51:05 +00:00
Manos Koukoutos
8df4e9be52 [turbofan] Factor out and templatize path conditions
We factor out the path-state part of branch elimination, to reuse it for
wasm path-based type optimizations. The node state becomes a template
parameter for the {ControlPathState} and
{AdvancedReducerWithControlPathState} classes.

Change-Id: I5e9811ced0b71140ec73ba26fae358ac7d56c982
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714238
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81270}
2022-06-21 10:07:55 +00:00
Liu Yu
6f61142428 [loong64][mips64][liftoff] Fix implicit conversion to LiftoffRegList
Port commit b84c7dbd7f

Bug: chromium:1337221
Change-Id: I5f64995df3e0660740ef3915625373e1f147bc70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3715957
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#81269}
2022-06-21 10:03:35 +00:00
Toon Verwaest
be366036ad [maglev] Block occupied registers from allocation
By maintaining a separate list of registers that can't be freed we can
keep track of decisions already made for a node, and avoid creating
conflicts. This can be used to avoid freeing fixed input/temporary
requirements or other assigned registers.

Bug: v8:7700
Change-Id: I3c24e0502e66714cf5f68374811741bc9f5e8b21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714242
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81268}
2022-06-21 09:50:10 +00:00
Michael Achenbach
2864fd0fb3 Revert "[wasm] Fix tier-up budget tracking for recursive calls"
This reverts commit 15f372afaf.

Reason for revert: https://crbug.com/v8/12984

Original change's description:
> [wasm] Fix tier-up budget tracking for recursive calls
>
> In the previous implementation, functions overwrote any budget
> decrements caused by recursive invocations of themselves, which
> could cause tier-up decisions for certain unlucky functions to
> get delayed unreasonably long.
> This patch avoids this by working with the on-instance value
> directly instead of caching it in a stack slot. That generates
> the same amount of Liftoff code as the status quo, but handles
> recursive functions properly.
> The "barista3" benchmark's peak performance improves by almost 20%.
>
> Bug: v8:12281
> Change-Id: I8b487a88da99c2d22e132f2cc72bdf36aa5f6e63
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693710
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81249}

Bug: v8:12281, v8:12984
Change-Id: Ie254236785628c07ac569de16ea82a67ed5bd221
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714247
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81267}
2022-06-21 09:04:20 +00:00
Manos Koukoutos
7c74a9caea [wasm][test] Represent constant expressions with bytes
Maintaining an AST class just for testing constant exressions does not
seem justified. This CL changes constant expressions in mjsunit tests
to be represented with bytes, like regular expressions.

Change-Id: If5ec5f4d863176952442b1a7e2fec8a61e385971
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714237
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81266}
2022-06-21 09:03:18 +00:00
v8-ci-autoroll-builder
01ccfa442b Update V8 DEPS.
Rolling v8/build: ced5024..37b3bee

Rolling v8/buildtools/linux64: git_revision:e62d4e1938a45babc9afb6db543f388cd1802a52..git_revision:fcda46cf40422284f2e74b770da8b22f7f5d7006

Rolling v8/buildtools/third_party/libunwind/trunk: 1644d07..b387062

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/b83d69f..4ea19a6

Rolling v8/tools/clang: f68dc6b..9ccf839

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If9fc5d9bed6d9ad51f726b2395fe88501835154b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714901
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81265}
2022-06-21 09:02:15 +00:00
Danylo Boiko
c0b1bf4c58 [turbolizer] Parsing Turboshaft JSON output
- Added parsing Turboshaft JSON output
- Refactored node.ts, edge.ts, node-label.ts, turbo-visualizer.ts, tabs.ts

P.S.: graph-phase.ts will be moved to graph-phase folder in the next CL

Bug: v8:7327
Change-Id: Ida854307392a2d513c36f86869ea00cadcf3667c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706603
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81264}
2022-06-21 09:01:11 +00:00
v8-ci-autoroll-builder
ba3a28906f Update google_benchmark
Rolling v8/third_party/google_benchmark/src: 2365c4a..b7afda2

Revert "Add possibility to ask for libbenchmark version number (#1004) (#1403)" (#1417) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/b7afda2

Clarify that the cpu frequency is not used for benchmark timings. (#1414) (Dominic Hamon)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/af7de86

Fix DoNotOptimize() GCC copy overhead (#1340) (#1410) (Alexander Popov)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/8545dfb

Add possibility to ask for libbenchmark version number (#1004) (#1403) (Matthias Donaubauer)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/efadf67

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I4bced8816a42abb8cd4d95761c93e51b2611b727
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714903
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81263}
2022-06-21 09:00:06 +00:00
Camillo
83f6035947 [snapshot] Turn alignment DCHECKS into CHECKS
This is a temporary change to get more detailed crash reports for
further investigations.

Bug: chromium:1330861
Change-Id: Ifdd8d61692577dffd54d07fadb65575a5c30dcd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707592
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81262}
2022-06-21 08:59:03 +00:00
Milad Fa
69a77f6558 PPC/S390: Use ByteReverse from utils
This CL removes the the usage of custom byte reversing functions from
the simulator and uses the one provided by V8 utils under:
```
src/utils/utils.h
```

Change-Id: I9a334a10d659b8a3315c34563eb3e6f84644a9e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714898
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81261}
2022-06-21 08:58:01 +00:00
Lu Yahan
308a7e2f58 [riscv64][liftoff] Fix implicit conversion to LiftoffRegList
Port commit b84c7dbd7f

Change-Id: I80ac3498e6cd21fffeb3988fa7341668e59593f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716150
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81260}
2022-06-21 08:56:58 +00:00
jameslahm
1dbe614853 [web snapshot] Implement WriteByte
Bug: v8:11525
Change-Id: I227f0bb852e56551ec0333db52061842664c47c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706963
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81259}
2022-06-21 08:55:55 +00:00
Maya Lekova
1de7e24902 [d8] Handle exceptions on async_hooks.createHook
Before we assumed that no exception can be thrown when specifying a
function to be used as an async hook, but that's not the case when e.g.
the object passed to createHook is a proxy trapping on property access
and the trap throws an exception.

Bug: chromium:1337629
Change-Id: I7bd7893cd274afb6e642ed18aacb9e203f7fdd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714233
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81258}
2022-06-21 08:54:53 +00:00
Lu Yahan
643d69f75b [riscv64] Optmize load float zero
Change-Id: Ia651b26af419a2187217b8b0f2941ff61a17d247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712913
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81257}
2022-06-21 08:53:50 +00:00
Nico Hartmann
c878117fa0 Revert "[sandbox] Also enable the sandbox outside of Chromium builds"
This reverts commit 5b9401dde4.

Reason for revert: A few memory tests flake on tsan (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/20190/overview)

Original change's description:
> [sandbox] Also enable the sandbox outside of Chromium builds
>
> Drive-by: include the right header in sandboxed-pointer-inl.h and fix
> missing sandbox initialization in generate-bytecode-expectations.cc.
>
> Bug: v8:10391
> Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81216}

Bug: v8:10391
Change-Id: I22560a6bdcffbf71651f655bdf7d183d5c832620
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714239
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81256}
2022-06-20 17:04:28 +00:00