The proposal has changed and we'll start on the new implementation
from scratch.
Bug: v8:11935, v8:7467
Change-Id: I29e39a414027d80fd91764ce02a05d7c032a41f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3178964
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77016}
.. by reusing the regexp stack from potentially multiple nested
irregexp activations.
To do this, we now maintain a stack pointer in RegExpStack. This stack
pointer is synchronized at all boundaries between generated irregexp
code and the outside world, i.e. when entering or returning from
irregexp code, and when calling into C functions such as GrowStack.
Fixed: v8:11382
Change-Id: I5ed27630c1a64ebf3afb9ddf80fb60ea067c0c40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162604
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77013}
The CL provides a way for the embedder to hook in a special malloc-like
allocator that will be used for zone allocations.
An alternative approach would be to use weak functions with branches,
checking whether the functions were available at link-time. Those
branches could be optimized away with LTOs, so they would essentially
be free. However, the weak function approach is not portable (e.g.
there is no easy way to emulate it with msvc). The approach can be
revisited if indirect call turns out to be expensive (e.g. on hardware
with weak branch target predictors).
The CL is a prerequisite for running PCScan in the renderer process.
Bug: chromium:1249550
Change-Id: I221dcb2486c13e8e6e6761839ba391978319bde4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172760
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77012}
Port aa259e30c3
Original Commit Message:
When kDontAdaptArgumentsSentinel is 0 (the receiver is included in the
argument count), we don't need a dedicated check against the sentinel
before comparing the formal parameter count to the actual argument count
when calling a JS function.
R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I055ce6d72da8140aa81acd41f917e1e9a7751f72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3175663
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77011}
Generate arbitrary struct and array types based on
the fuzzer random input stream.
They replace the hard-coded types.
Generated types include nested reference types and recursive types.
Bug: v8:11954
Change-Id: I2e40697f2ace3eb818360213e8a4dd40037e580e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173683
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77010}
i32 comparisons often compare against constants, in order to implement
conditional branches. This CL optimizes such code by not loading the
constant into a register first, but directly emitting the comparison.
The code is shared for implementing {if} and {br_if} (and thereby makes
those two methods more readable).
R=thibaudm@chromium.org
Change-Id: I3f2f071a1c9e4b02c7368a2757bf4aae2920bd69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172765
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77008}
This bailout applies only when young generation is disabled.
Otherwise, getting the caged heap is required and the global load
bailout becomes redundant.
Bug: chromium:1056170, chromium:1239030
Change-Id: I826b355f4356a5c20812d9c8bf6ebc7ea0997b8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173685
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77006}
This fast path check protects the IsRegExp() path (which checks
RegExp.prototype[Symbol.match]) and thus we must use the appropriate
ForMatch check instead of the default check.
Fixed: chromium:1238033
Change-Id: I0b7ce280f1fa9bfacf20381d80c84f9513f45163
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3177222
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77004}
Bug: chromium:1203071
Change-Id: Iab81add0c71c4a37b7aa8d9d6f1272781a6bae3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3152217
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76999}
Long term, ideally, these would be fixed and this flag can be removed.
For now, this is an expedient way to allow enabling -Wshadow in
Chromium.
Bug: chromium:794619
Change-Id: I038e5fc758fbb8284bb28cb4f7f8a4c44da0db66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173891
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76996}
When kDontAdaptArgumentsSentinel is 0 (the receiver is included in the
argument count), we don't need a dedicated check against the sentinel
before comparing the formal parameter count to the actual argument count
when calling a JS function.
Bug: v8:11112
Change-Id: I8c9f64a538984cb3de9e35f16bc6adbd3c92d24f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173671
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76993}
We should cancel tasks before we destroy objects like the string table
from the isolate. So far our concurrent tasks didn't interact with
the isolate much, but we now have tasks that can e.g. access the heap
concurrently. While this is not strictly necessary at the moment, I want
to see whether there might be problems with that approach. In the future
this order will be required e.g. for baseline batch compilation tasks.
Bug: v8:11708
Change-Id: I80d8a9447bb51e9ae84ed9b6c0da6183290dc70b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164338
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76989}
Liftoff is fully supported on all officially supported platforms, thus
remove a TODO to implement it on more platforms.
R=thibaudm@chromium.org
Bug: v8:11879
Change-Id: I00a559286d67e7e377a36b68803ee30e8fa2f34e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168341
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76987}
Add support for heap sandbox on arm64 when building with v8_enable_heap_sandbox=true
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Bug: v8:10391
Change-Id: I3080f5970d2a604ca67827c732cd77761f7611a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3165057
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76986}
As the comment notes, we want to ensure that code space is *not*
writable by the current thread.
R=jkummerow@chromium.orgCC=mpdenton@chromium.org
Bug: v8:11974
Change-Id: I5c3cad32b8edc56013f298405c8e20d8bc9da05f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173675
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76985}
On Mac we handle SIGBUS, not SIGSEGV, so the test should access a valid
but inaccessible pointer to trigger the right signal.
R=jkummerow@chromium.org
Bug: v8:11955, v8:12249
Change-Id: I25b93ce40bccc24ef5e84694a7c03c465eb4c51e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168344
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76984}
Rolling v8/build: 1037128..66bad00
Rolling v8/third_party/aemu-linux-x64: bOp0PE8R9VUQxsHclvuA10P4iOaWjRRpsK8ZQKtAZCAC..UnrNXrNKJtnUOqrH_BbjXgZ_Ns1v0PZ9WNtFgoHrQZwC
Rolling v8/third_party/android_sdk/public: yODElY4RdHopNEfpOnqjRcrpa6JMzbhYYqGD53-DjJwC..AuYa11pULKT8AI14_owabJrkZoRGuovL-nvwmiONlYEC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/8ec776f..25814bb
Rolling v8/third_party/depot_tools: c1fd44b..eff810e
Rolling v8/tools/clang: 7ea32d7..948efd2TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I9bc3a48c310c9364a3cd2e24e1fdc6fcd5e6d934
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172719
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76979}
DISALLOW_COPY_AND_ASSIGN is no longer in our codebase, and the compilers
mentioned in the comments are (probably) no longer supported.
Bug: v8:12244
Change-Id: I432bd56ca3ddd870be140032f11d94ddb60ce1a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171974
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76977}
Add another "#if V8_ENABLE_WEBASSEMBLY" block to fix compilation if wasm
is disabled.
TBR=jkummerow@chromium.org
Bug: v8:11974
Change-Id: If889814e16dfb51d5b78122e6957bb2c41cefe5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172758
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76975}
Drive-by edit to use ASM_CODE_COMMENT for better code comments for
all the more complicated macro-assembler functions.
Also undef macros (AVX_OP et al) since they are not longer used outside
of shared-macro-assembler.
Bug: v8:11589
Change-Id: I424f27b5b742a8efb26ccef87dbffb01eae60335
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173892
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76973}
Previously it generates a mvoq+pinsrq, now it generates a single
punpcklqdq.
punpcklqdq is smaller in code size, and also faster on most arch (latency
1, rthroughput of 1, 1 uop, uses 1 port) than pinsrq (latency 2, 2 uop,
uses 2 port) (from https://uops.info/table.html)
punpcklqdq is mean to work on int domain, and although we can't be
certain what v128.const will be used for, the movq is considered
an integer domain instruction, so we can avoid unnecessary transitions
by using punpcklqdq (instead of movddup, which is similar in perf
and code size).
Bug: v8:11033
Change-Id: Iab81168ffad84488b90ff307d440bed15c9f90a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169322
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76972}
We move some instructions from the test that just disassembles them, to
the test that checks for expected output.
Bug: v8:12207
Change-Id: Ide8954e36c6ad016150bfe45abc1717bed55eb19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171972
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76970}
This CL exposes the size of the virtual memory cage to the embedder
through V8::GetVirtualMemoryCageSizeInBytes(). This will for example be
useful to collect metrics about the cage reservation, such as how
frequently it fails, in the future. While collecting these metrics
directly in V8 would also be possible, it would require access to an
Isolate, which is not yet available when the cage is initialized. As
such, it is easier to enable the embedder to collect these metrics.
Bug: chromium:1218005
Change-Id: Ie9c9ca7d1cd158ec024be6ab2418f50083b06d6e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172762
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76969}
Port 06af754cea
Original Message:
.. for more efficient access to builtins from generated code.
Root-relative accesses tend to be faster and produce more compact
code when the root-relative offset is small. IsolateData contains
a few large tables (roots, external references, builtins), resulting
in very large offsets in general.
This CL starts by splitting the builtin table into tiers: tier 0
is a minimal set of perf-critical builtins that should be cheap to
access. The offset to tier 0 builtins is guaranteed to be small.
The full builtin table also remains in IsolateData for occasions in
which we need to lookup builtins by index.
In future work, we can also split external references and roots into
tiers.
On x64, this reduces deopt exit sizes from 7 to 4 bytes and from 12
to 9 bytes (dynamic map checks / EagerWithResume deopts).
Change-Id: I021d60b20b783da170987ffcf0327b93206f7e5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172917
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76967}
