The shipping version was incorrect in the original CL.
R=ecmziegler@chromium.org
Bug: v8:7581
Change-Id: Ib382cdacb8f6aa80718e6917b535c026b83d88cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172766
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76966}
The function index encoded into the serialized module is already offset
by num_imported_functions. For lazy compilation, however, we added the
number of imported functions another time, which was incorrect.
R=clemensb@chromium.org
Change-Id: I56380e21e74b4d1935ebdbab6ef8cc388de49f2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172761
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76965}
Conditions are usually used in binary comparisons, and are named for
that purpose. When used in a unary comparison, {kEqual} means "equal to
zero" and {kUnequal} means "not equal to zero". This is noted in several
comments in {LiftoffCompiler}.
This CL introduces the alternative names {kEqualZero} and
{kNotEqualZero} to avoid the repeated comments and increase readability.
R=thibaudm@chromium.org
Bug: v8:12244
Change-Id: I720a3d91ea95a26a38a48c68161f1b0552937cd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172763
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76964}
Most call signatures are small enough to keep them on the stack. This CL
adds a little optimization to avoid two Zone allocations for such small
signatures (and one in the general case).
R=thibaudm@chromium.org
Change-Id: I20ea7b77bfe8f1c86f8aa66450baa3561d564de1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168279
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76958}
The fix is released now, so we can add the tests to the public repo.
R=ahaas@chromium.org
Bug: chromium:1239116
Change-Id: Ie1489f6bcd934f84222b4631921475c389f778dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172752
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76957}
Use <iosfwd> where possible, in particular in public headers
(include/v8-*.h).
R=cbruni@chromium.org
Bug: v8:11879
Change-Id: I9d6095e6385229763d667f5064a794d67952b2b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160517
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76956}
This CL sets the prototype for the other WebAssembly API objects,
Module, Instance, Table, and Memory.
For Instance, the WebAssemblyInstanceImpl function got inlined, as
there was only one caller, and it made setting the prototype
complicated.
R=jkummerow@chromium.org
Bug: v8:12227
Change-Id: I93b459d69b917b099b27f957fb0e04b7e021bd59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168282
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76954}
This adds a few DCHECKs to ensure that the process-wide memory
protection key is not writable (per thread) in a few strategic places:
- Before switching it to writable (which implicitly checks the initial
state),
- when entering compiled code, and
- in the explicit unit test.
R=jkummerow@chromium.orgCC=mpdenton@chromium.org
Bug: v8:11974
Change-Id: I6037f599afe9009d5e48794eb382eb1979f3ce9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3165060
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76953}
It didn't take the recently added
--stress-concurrent-inlining-attach-code feature into account.
Bug: chromium:1250547
Change-Id: I657b030308158353b72b9b38db7909a1e4190b6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171153
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76952}
Rolling v8/build: ae8cb5d..1037128
Rolling v8/third_party/abseil-cpp: 6569bfc..48418f3
Rolling v8/third_party/android_sdk/public: ZT3JmI6GMG4YVcZ1OtECRVMOLLJAWAdPbi-OclubJLMC..yODElY4RdHopNEfpOnqjRcrpa6JMzbhYYqGD53-DjJwC
Rolling v8/third_party/android_sdk/public: qi_k82nm6j9nz4dQosOoqXew4_TFAy8rcGOHDLptx1sC..g7n_-r6yJd_SGRklujGB1wEt8iyr77FZTUJVS9w6O34C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/fa2350f..fb69904
Rolling v8/third_party/depot_tools: cf9d643..6550ec9
Rolling v8/tools/clang: 6f44cf5..7ea32d7TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Id62cd6c728dcc4bfc422632afdf47cef3db2bee1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171717
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76949}
At least for the initial rollout, we will gracefully handle cage
reservation failures by shrinking the size of the cage until the
reservation succeeds or the size drops below the mimimum cage size. This
will allow collecting statistics on how often cage reservation failures
occur in practice for different cage sizes, which will in turn influence
the decision on how to handle them in the future.
Bug: chromium:1218005
Change-Id: Ica58951ba51ac01bc2c387b34dfc8d9051ed4d75
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168347
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76948}
.. for more efficient access to builtins from generated code.
Root-relative accesses tend to be faster and produce more compact
code when the root-relative offset is small. IsolateData contains
a few large tables (roots, external references, builtins), resulting
in very large offsets in general.
This CL starts by splitting the builtin table into tiers: tier 0
is a minimal set of perf-critical builtins that should be cheap to
access. The offset to tier 0 builtins is guaranteed to be small.
The full builtin table also remains in IsolateData for occasions in
which we need to lookup builtins by index.
In future work, we can also split external references and roots into
tiers.
On x64, this reduces deopt exit sizes from 7 to 4 bytes and from 12
to 9 bytes (dynamic map checks / EagerWithResume deopts).
Bug: v8:12203,v8:8661
Change-Id: I5a9ed22b0e00682aca1abcf15892ae1458dbdd70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162142
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76947}
This is a reland of 5dde281c87,
after also fixing the ic-migrated-... test, in which an object died
too early.
Original change's description:
> [compiler] Fix a few test flakes and reenable the tests
>
> Bug: v8:12173
> Change-Id: I2983be9133f8ff4d1740e8eba05a3c29d603dfc3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168270
> Auto-Submit: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76939}
Bug: v8:12173
Change-Id: If385e5c826b8470ef67f12705c5171f330f6cd57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171353
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76946}
When dst != lhs, we moved lhs to dst, but dst can be == rhs, so we would
overwrite rhs, and end up comparing lhs with itself, always returning
false. We handle the different aliasing cases in the macro-assembler
function I64x2GtS, to simplify the checks in Liftoff a little bit.
TurboFan does not need to change as it will require dst == lhs when AVX
is not supported.
Bug: v8:12237
Change-Id: Icefa6eb79083c003e93dbbd11ccc419aae4b15d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169312
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76945}
We move some instructions from the test that just disassembles them, to
the test that checks for expected output.
Bug: v8:12207
Change-Id: I913237427d795ed44539c7294ebbe69330c41dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163278
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76944}
This is similar to x64, these SSE operations take 2 operands, and their
AVX version also takes 2 operands.
Bug: v8:11879
Change-Id: I98885a7b69f3b61ee89e713b5d7cf2f4fd2406db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169315
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76943}
See the issue for details.
Bug: chromium:1237821
Change-Id: I847229c3d0a5435f956c97a621991915aafdd4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171156
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76937}
Make GetValueType to generate only function signatures
to avoid default values in new_object.
Bug: v8:11954
Change-Id: Ia6ebdde0a9c10c56afef29d6db3b3266816210e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3158222
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/main@{#76934}
When loading the code object entry, we can do a little bit of strength
reduction to avoid a sign extend, `tst` and `lsl` instruction,
especially given Code::IsOffHeapTrampoline::kMask is a single-bit mask
we can use `tbz`.
Change-Id: I89fcd64cb517bf1ba8b43c05e9a784a9237889d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168274
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#76933}
... and move methods that use XXX::cast() there.
This will untangle the include cycle that'll happen in a follow-up CLs.
Bug: v8:11880
Change-Id: Iba46bc9b0e0df9530197f57d0469456eb9006e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164456
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76932}
We add support for array.get, array.set and array.len operation to the fuzzed module.
Bug: v8:11954
Change-Id: Ic8fd89ec7f7f31e70a40bad831567e50ae49f668
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168624
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#76931}
This is a reland of b73557685b
Issue was fixed with https://crrev.com/c/3165058
Original change's description:
> [x64][ia32] Activate Argument Count Consistency
>
> Activate argument count consistency (receiver is always included in
> JS argument count) for x64 and ia32.
>
> Bug: v8:11112
> Change-Id: If60000b6566846c84f1042473d25d79bf5c86a9d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160198
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76838}
Bug: v8:11112
Change-Id: I7968525dce2d36f94b7c8d066b0729969c55c6fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3171151
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76929}
This means we don't need to copy over properties, and accessors stay in
place similar to when we deserialize a custom snapshot.
This slightly changes the semantics of Context::New, so let's see
whether someone depends on this behaviour. We may need to revert if so
(hopefully until we can update the embedder).
Bug: v8:12113
Change-Id: I8325480a00bab5b2bb6ea42274e295b0d4dfc85c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162143
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76928}
This is a reland of db95e20b98
Changes compared to original:
Only invoke std::memcpy if source is not null.
Original change's description:
> [wasm] Introduce CallInfo in WasmGraphBuildingInterface
>
> The DoCall and DoReturnCall functions implement function calls in
> WasmGraphBuilderInterface. These functions need different arguments
> based on if the call is direct, indirect or call_ref. Right now, these
> arguments are misnamed in some cases, and callers have to pass default
> values for unused arguments.
> This CL tidies up the arguments of these functions by introducing a
> CallInfo class which provides different constructors based on the type
> of the call, where only the required arguments need to be passed.
>
> Change-Id: Ie03de6d3cf253a9baa0369f569589bb91d0b1866
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3162606
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76910}
Change-Id: I85cb5479f013e6625adce421d011c0b2ae073260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168626
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76926}
Bug: v8:11589
Change-Id: Id1c068edb2bf0849ad99ecdcd42ce97bcba013d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3163281
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76921}
The recent change in the delegate semantics was incorrectly implemented
in the interpreter. It only checked that the first opcode of the target
block is a 'try': we also need to skip try blocks when we are already in
their 'catch' or 'catch_all' sub-block.
Use the exception_stack instead, since it already only contains indices
of try blocks that haven't reached their handlers yet.
R=clemensb@chromium.org
Bug: chromium:1249306
Change-Id: I15746b4bfabf3dcf04cfe0f2ad438c573cce65e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168622
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76919}
SIMD is now shipped, so we don't need to pass the experimental wasm simd
flag.
Change-Id: I54090cec575da5eecfd2bf9a455ac5d0ef3f146e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3169313
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76918}
When the input to F64x2PromoteLowF32x4 is a S128Load64Zero, we can skip
the load + promote, and promote directly with a memory operand. The
tricky bit here is that on systems that rely on OOB trap handling, the
load is not eliminatable, so we always visit the S128Load64Zero, even
though after instruction-selector pattern-matching, it is unused. We
mark it as defined to skip visiting it, only if we matched it.
Bug: v8:12189
Change-Id: I0a805a3fce65c56ec52082b3625e1712ea1ee7cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3154347
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76917}
