This is a reland of c7c47c68f2.
This makes TSAN happy in addition to:
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Tbr: ulan@chromium.org, neis@chromium.org, ishell@chromium.org
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: I4d0ab4cbbb23a9ae616407f17ef8f35a0b68ddb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864654
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64360}
Change-Id: I1c20a5c756394528af1e9f2bb720393d3045e926
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1865719
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64359}
The DecompressionOptimizer aims to avoid adding the root in AnyTagged
or TaggedPointer loads. For the TaggedSigned case, we already solve it
in instruction selection.
The new phase will run only when pointer compression is enabled. For
the moment, it's also requires FLAG_turbo_decompression_elimination to
be false. This latter flag is only temporary to test out the
implementation.
The phase needs to be run when Machine are present in the graph, i.e
at the very end of the pipeline. Also, since this phase may change
the load's MachineRepresentation from Tagged to Compressed, it's best
to run it as late as possible in order to keep the phases that know
about Compressed MachineRepresentation to a minimum.
As an example, if we Load a Tagged value only to Store it back again
(i.e Load -> Store nodes, with the Load being the Store's value) we
don't need to fully decompress it since the Store will ignore the
top bits.
Bug: v8:7703
Change-Id: I6b4aec203ab8cbb540b2513cabb1e2a5691ce938
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859615
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64358}
The current behavior for generating match indices simply stashes a
pointer to the match info and then constructs the indices lazily.
However, it turns out the match info object used to create the result
object is the regexp_last_match_info living on native context, and thus
it can change between the creation of the result object and the generation
of indices. This cl clones the match info which will be safer.
Bug: v8:9548
Change-Id: Ia6f26f88fbc22fd09671bf4c579d39a1510b552d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864585
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64356}
Previously ScrapeNativeContext was written quite defensively which could result
in false positives and crashes.
This CL makes the function always bail out when we're running on non-ia32/x64
since only those 2 properly verify whether the program is setting up a frame.
If we are setting up a frame, the context will be garbage.
This CL also disables profiler tests when TSAN is running since TSAN makes
ScrapeNativeContext unsafe: it considers SIGPROF asynchronous and will run the
handler after the program has already run further than the context that's
passed into the handler.
Bug: v8:9860, v8:9869
Change-Id: I5a08374feba2e0e77ddd59e02dc2d7e9c90c2e04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866469
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64354}
The serializer doesn't correctly propagate environment information
from try blocks into their catch handlers, and this impedes
optimizations that fire when we compile concurrently.
function bar(x) {
try {
boom(); // throws
} catch(_) {
return x.a;
}
}
function foo() { return bar({a: 42}); }
When foo is optimized, we can normally return the constant 42
directly. This CL makes that work for concurrent inlining.
Bug: v8:7790
Change-Id: Id1c5fd06d51ec6fe69ab10fbd65afd6fa7e76820
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863193
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64352}
Add FLAG_always_promote_young_mc that always promotes young objects
during a Full GC when enabled. This flag guarantees that the young gen
and the sweeping remembered set are empty after a full GC.
This CL also makes use of the fact that the sweeping remembered set is
empty and only invalidates an object when there were old-to-new slots
recorded on its page.
Bug: chromium:1014943
Change-Id: Idfb13dfbe76bad5ec8b485a60bebc30531aec649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863201
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64348}
"alternates" should be "alternatives".
Drive-by: Rename "generate_fn" to "GenerateFn".
R=ahaas@chromium.org
Change-Id: I09de4678dddcc4a8949dd9589e4dddd0c1c0661c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1866509
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64344}
This introduces 2 new machine operators that are variants of I64x2Splat
and I64x2ReplaceLane that takes two int32 operands instead of one i64
operand.
Bug: v8:9728
Change-Id: I6675f991e6c56821c84d183dacfda96961c1a708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1841242
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64337}
This change extends v8_debug_helper to export a new method that returns
a list of all known heap object types.
Why? We can substantially improve the user experience in our work-in-
progress WinDbg extension if we register handlers not only for
v8::internal::Object but for every specific HeapObject type. This has
two benefits:
- You save a click: if you're expanding a local variable of a more
specific type than Object, you can see properties immediately rather
than first needing to expand a sub-item that casts the variable to
Object.
- You retain the type hint: GetObjectProperties accepts a type hint
string, and it's super important to pass it when working in a crash
dump because the object's Map is probably inaccessible. If we have to
cast to Object first, we lose this data.
Bug: v8:9376
Change-Id: I4d635a1826574a3d08ac657e848e1fe7b83849fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822859
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64331}
This extends existing table support to be able to store 'exnref' in
addition to 'anyref' types. Tools can use this to maintain data
structures for exception packages.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-anyref
BUG=v8:8091
Change-Id: Iccbcfdc328db81a366921bcdd98c2256f66e7fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781046
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64323}
With the recent removal of the --wasm-shared-code flag, it became
effectively impossible to turn off this flag. Hence its functionality
became mandatory and the ability to turn off sharing of {WasmEngine}
process-wide has to be removed as well.
R=clemensb@chromium.org
Change-Id: I7c25e909e49134a226d6a9fe9c42f0ecd9d02a69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864935
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64322}
It turns out that because we are *subtracting* from fp, we need to
*subtract less* to get a higher address. Who knew.
R=jkummerow@chromium.org
Bug: v8:9830, chromium:1014798
Change-Id: I5b9782dd0be27f4c3efbd306ec6c3450b249cb55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864933
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64321}
Updates CSA::TryToIntptr to handle array indices that are less than
INT_MAX which allows to handle string keys in the ICs.
Updates ICs to go monomorphic for string keys that are array indices.
Updates Turbofan to handle array indices when lowering element access.
Change-Id: Ibdde20130e075d0d645ab4a8266a968335eaad84
Bug: v8:9449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813018
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64320}
for "entries", i.e. indices into the backing store (as opposed to
"public indices" going into the hash function).
This improves consistency and compiler-enforced type safety; no change
in behavior is intended.
Change-Id: I25e57e3ddcf18a406e2dfbd66786b6980c4e9615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852768
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64317}
This reverts commit c7c47c68f2.
Reason for revert: breaks TSAN
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/28738
Original change's description:
> Reland "[runtime] Move Context::native_context to the map"
>
> This is a reland of f05bae1e0d
>
> Previously I presumed that the context read from a frame in the profiler was
> a valid context. Turns out that on non-intel we're not guaranteed that the
> frame is properly set up. In the case we looked at, the profiler took a
> sample right before writing the frame marker indicating a builtin frame,
> causing the "context" pointer from that frame to be a bytecode array. Since
> we'll read random garbage on the stack as a possible context pointer, I made
> the code reading the native context from it a little more defensive.
>
> Bug: v8:9860
>
> Original change's description:
> > [runtime] Move Context::native_context to the map
> >
> > Remove the native context slot from contexts by making context maps
> > native-context-specific. Now we require 2 loads to go from a context to the
> > native context, but we have 1 field fewer to store when creating contexts.
> >
> > Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> > Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> > Reviewed-by: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#64296}
>
> Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64314}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: I4f9edc62ea6f9f5857619ff0ad1a63cab4b33cc3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864937
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64316}
This is a reland of f05bae1e0d
Previously I presumed that the context read from a frame in the profiler was
a valid context. Turns out that on non-intel we're not guaranteed that the
frame is properly set up. In the case we looked at, the profiler took a
sample right before writing the frame marker indicating a builtin frame,
causing the "context" pointer from that frame to be a bytecode array. Since
we'll read random garbage on the stack as a possible context pointer, I made
the code reading the native context from it a little more defensive.
Bug: v8:9860
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
Change-Id: If9461e9b21d35a260d71c79d7f95e518cc429e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864930
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64314}
This prevents the branch table iterator's has_next() method to trigger a
DCHECK when the decoder fails before the end of table decoding.
R=clemensb@chromium.org
Change-Id: I2258886501b77cd4c8fe98bc8a4ed0b66fb23066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864931
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64312}
This fixes a bug where coverage for the inline script
<script>function foo() {}<script>
started to get deterministically reported as covered
after crrev.com/c/1771776, while before it, we most of
the time reported it as uncovered (depending on heap
order of SFIs). The correct result is to report `foo`
as uncovered as it is never called.
The problem arose from the fact that v8:9212 needed to
handle extra-wrappers around scripts correctly. Those
wrappers have the same source range as the wrapped
script and a call count of zero even if the wrapped
script is executed. To filter them out, we previously
determined nesting for identical source ranges by
ascending call count. However, in the script case above,
the script has call count one, while `foo` (which has
the same source range) has call count zero. In this
case, nesting is decreasing order of call counts.
This CL is a minimal change that sorts SFIs which are
top-level to the front, only then considers call counts
in descending order. This preserves the behavior that
node's extra wrappers are sorted to the front (and
then filtered out by existing logic), but also ensures
that for the example above, we report the script's
coverage before the coverage for `foo`.
Bug: v8:9857, v9:9212
Change-Id: Id224b0d8f12028b1f586ee5039e126bb5b8d8d36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863197
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64307}
Named capture properties on the groups object should be ordered by the
capture index (and not alpha-sorted). This was accidentally broken in
https://crrev.com/c/1687413.
Bug: v8:9822,v8:9423
Change-Id: Iac6f866f077a1b7ce557ba47e8ba5d7e7014b3ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864829
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64306}
This is a reland of 1c56974f2a
This is a plain reland of the original CL. The original CL was speculatively
reverted, but ended up not being the cause for bot failures.
Original change's description:
> Unconditionally enable snapshot builds and remove 'v8_use_snapshot'
>
> This CL removes 'v8_use_snapshot' and the usages of the implied
> V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
> "asan" variant instead of the now obsolete "no_snap" variant.
>
> Related chromium CL: https://crrev.com/c/1796325.
>
> Bug: v8:8531
> Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Nico Weber <thakis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64290}
TBR=thakis@chromium.org,machenbach@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tmrts@chromium.org,szuend@chromium.org
Bug: v8:8531
Change-Id: Id75a802279238138f7aefec62e0b6425a5acc08d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864649
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64305}
This reverts commit f05bae1e0d.
Reason for revert: broke arm sim debug
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20debug/17714https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8899519852984476944/+/steps/Check_-_trusted/0/logs/FunctionDetailsInlining/0
Original change's description:
> [runtime] Move Context::native_context to the map
>
> Remove the native context slot from contexts by making context maps
> native-context-specific. Now we require 2 loads to go from a context to the
> native context, but we have 1 field fewer to store when creating contexts.
>
> Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64296}
TBR=ulan@chromium.org,neis@chromium.org,petermarshall@chromium.org,ishell@chromium.org,verwaest@chromium.org,mslekova@chromium.org,victorgomes@google.com
Change-Id: Ie7b4086c3a9ab2627ecac599da36b20cf8d1f948
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1863200
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64299}
Remove the native context slot from contexts by making context maps
native-context-specific. Now we require 2 loads to go from a context to the
native context, but we have 1 field fewer to store when creating contexts.
Change-Id: I3c0d7c50c94060c4129db684f46a567de6f30e8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859629
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64296}
This reverts commit 1c56974f2a.
Reason for revert: Causes several bots to timeout, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/27945
Original change's description:
> Unconditionally enable snapshot builds and remove 'v8_use_snapshot'
>
> This CL removes 'v8_use_snapshot' and the usages of the implied
> V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
> "asan" variant instead of the now obsolete "no_snap" variant.
>
> Related chromium CL: https://crrev.com/c/1796325.
>
> Bug: v8:8531
> Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Nico Weber <thakis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64290}
TBR=thakis@chromium.org,machenbach@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org,tmrts@chromium.org,szuend@chromium.org
Change-Id: I4024d818877e534b9f7908a2d14f33dca35b5924
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8531
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862572
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64293}
AsmJs does not support SharedArrayBuffers. This CL adds a check in
instantiation and reports a proper error.
Bug: chromium:1013920
Change-Id: Id7159f23ddcc2bde139c4c97bdb67ef3dc7f0e22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862563
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64291}
This CL removes 'v8_use_snapshot' and the usages of the implied
V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
"asan" variant instead of the now obsolete "no_snap" variant.
Related chromium CL: https://crrev.com/c/1796325.
Bug: v8:8531
Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64290}
Fix uses of cached descriptors arrays used in loops that map-check
to ensure validity of the cache to also reload the descriptor in
case there are missed in-place representation updates.
As a drive-by, introduce inner HandleScopes for these loops.
Bug: chromium:1012301
Change-Id: I17273caf629a181b846d3c09777b5c08fd8cbb0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859621
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64287}
Use v8::Data as basetype for managed objects that can integrate with
v8::EmbedderHeapTracer.
Bug: v8:9841
Change-Id: Id3e06701207a23870cea89e1d7d334c48fcd3006
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856002
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64283}
WebAssembly locals are specified to be zero on function entry. Liftoff
implements this by just storing the constant 0 in the virtual stack for
integer types, and using one floating point register initialized to
zero for all floating point types.
For big counts of locals this leads to problems (manifesting as huge
blocks of code being generated) once we hit a merge point: All those
constants (for int) and all duplicate register uses (for floats) need to
be fixed up, by using separate registers for the locals or spilling to
the stack if no more registers are available. All this spilling
generates a lot of code, and can even happen multiple times within a
function.
This CL optimizes for such cases by spilling all locals to the stack
initially. All merges within the function body get much smaller then.
The spilled values rarely have to be loaded anyway, because the initial
zero value is usually overwritten before the first use.
To optimize the code size for initializing big numbers of locals on the
stack, this CL also introduces the platform-specific
{FillStackSlotsWithZero} method which uses a loop for bigger local
counts.
This often saves dozens of kilobytes for very big functions, and shows
an overall code size reduction of 4-5 percent for big modules.
R=jkummerow@chromium.org
Bug: v8:9830
Change-Id: I23fa4145847827420f09e043a11e0e7b606e94cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856004
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64282}
With exception handling enabled new call paths open up, which will
perform environment merging while a "call" or "call_indirect" is
currently being emitted. This will lead to double-use of the buffer
returned by calls to {Buffer} or {Realloc}. In general we should
transition away from this optimization to safer constructs such as
{base::SmallVector} to avoid such bugs.
R=clemensb@chromium.org
TEST=mjsunit/regress/regress-9832
BUG=v8:9832
Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64271}
Design doc:
https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit
Changes from the design doc:
- Changed to use 'class' declarations rather than 'type' declarations
for things that need instance types but whose layout is not known to
Torque. These declarations end with a semicolon rather than having a
full set of methods and fields surrounded by {}. If the class's name
should not be treated as a class name in generated output (because
it's actually a template, or doesn't exist at all), we use the
standard 'generates' clause to declare the most appropriate C++ class.
- Removed @instanceTypeName.
- @highestInstanceType became @highestInstanceTypeWithinParentClassRange
to indicate a semantic change: it no longer denotes the highest
instance type globally, but only within the range of values for its
immediate parent class. This lets us use it for Oddball, which is
expected to be the highest primitive type.
- Added new abstract classes JSCustomElementsObject and JSSpecialObject
to help with some range checks.
- Added @lowestInstanceTypeWithinParentClassRange so we can move the new
classes JSCustomElementsObject and JSSpecialObject to the beginning of
the JSObject range. This seems like the least-brittle way to establish
ranges that also include JSProxy (and these ranges are verified with
static assertions in instance-type.h).
- Renamed @instanceTypeValue to @apiExposedInstanceTypeValue.
- Renamed @instanceTypeFlags to @reserveBitsInInstanceType.
This change introduces the new annotations and adds the ability for
Torque to assign instance types that satisfy those annotations. Torque
now emits two new macros:
- TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the
InstanceType enumeration
- TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String
parts of INSTANCE_TYPE_LIST
The design document mentions a couple of other macro lists that could
easily be replaced, but I'd like to defer those to a subsequent checkin
because this one is already pretty large.
Bug: v8:7793
Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64258}
Increase the embedded vector size to 91 as that is the max size needed to print
a s128 as a 32x4.
- max value of uint32_t has 10 digits in decimal, 1 for a potential sign,
3 spaces in between 4 of them -> 3 + 4 * 11 = 47
- max value of uint32_t has 8 digits in hex, 3 spaces in between -> 3 + 4 * 8 = 35
- the prefix "v128:" -> 5
- " / " to separate the decimal and hex representation -> 3
- null byte
47 + 35 + 5 + 3 + 1 = 91
Bug: v8:9754
Change-Id: I153c30738fa8862b44fb5103cbe62ea0bcea9718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814885
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64256}
setUnicodeKeywordValue doesn't remove unrelated keyword/value pairs
when the locale is too long, which causes NumberFormat to fail when
calling createInstance. Fix this by using LocaleBuilder to add keyword/value
into a new locale instead of removing the keyword.
Also see https://unicode-org.atlassian.net/browse/ICU-20862
Bug: chromium:1012579
Change-Id: I0f664f60dad8fe786443c8ca8b21ea43323cbf49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855586
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64253}
The pointer to the first page of code space is not consistent and
therefore shouldn't be included in the mkgrokdump output.
No-Tree-Checks: true
Bug: v8:9844
Change-Id: I697c34e30e9b67b44e603e92d4bd3c7b81c1af3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856511
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64250}
This is for consistency and compiler-enforced type safety. No change
in behavior intended.
Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64244}
The root was moved to the beginning of a 4Gb reservation, which
imapacts codegen https://chromium-review.googlesource.com/c/v8/v8/+/1835548
Since the tests are now passing, removed the SKIP on cctests.
Bug: v8:9820, v8:9706
Change-Id: Icb45e5b078c405aee880bd7f1c333d28acb7c271
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849527
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64242}
This makes allocation of backing stores more robust by perfoming GCs
on allocation failure. The GCs help if there are existing large backing
stores that are retained by dead JSArrayBuffer objects.
Bug: chromium:1008938, v8:9380
Change-Id: Ic80b29214b8843427dfcdd141df71363821afe71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855998
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64241}
The backing store is now propagated to the constructors directly,
instead of being attached after the construction. This ensures that
the backing store is allocated before the array buffer so that we can
trigger GCs on backing store allocation (if allocation fails).
The only exception is builtin where we have to allocate the array buffer
before the backing store to comply with the spec.
Bug: v8:9380
Tbr: verwaest@chromium.org
Change-Id: Ib37db65853f3673dd769368cc3e8b6538ad07ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1853444
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64240}
Code from ARES-6 Basic:
ldur w11, [x5, #15]
asr w11, w11, #1
sxtw x11, w11
With this CL:
ldur w11, [x5, #15]
sbfx x11, x11, #1, #31
This increases performance of Ares6 Basic by ~2% on Cortex-A53.
Also reduces the snapshot by ~2000 instructions.
Change-Id: Ie9801da730f832337306422d2a9c63461d9e5690
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849530
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#64235}
When aborting evacuation of a page, the GC also needs to take care
of invalidated objects and recorded slots on the page. Add a test
to ensure that future changes do not break this behavior.
Bug: chromium:1012081
Change-Id: I110db67157e4b8c7fdb4d1061e9df6955b532a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855758
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64234}
The vst1 and vld1 instruction does a post-increment access. What we
intend is the usual access at (base+offset). This change adds a helper
function that is called for load and stores of s128, which emits the add
instruction to do base+offset, and then change the addressing mode of
the load/store to Operand2_R, which generates the variant of vld1/vst1
without the offset register. This is similar to how kSimd128 values are
loaded/stored in VisitUnalignedLoad and VisitUnalignedStore.
We also remove kSimd128 cases from UnalignedLoad and UnalignedStore,
since it is supported (see A3.2.1 Unaligned Data Access, ARM DDI
0406C.d)
Bug: v8:9746
Bug: v8:9748
Change-Id: I60b987ac58a5eaacd498a940625163484a3dc2db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834771
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64229}
This patch implements https://github.com/tc39/proposal-class-fields/pull/269
and makes sure we always throw TypeError when there is invalid private
name access in computed property keys.
Before this patch, private name variables of private fields and methods
are initialized together with computed property keys in the order they
are declared. Accessing undefined private names in the computed property
keys thus fail silently.
After this patch, we initialize the private name variables of private
fields before we initialize the computed property keys, so that invalid
access to private fields in the computed keys can be checked in the IC.
We now also initialize the brand early, so that invalid access to private
methods or accessors in the computed keys throw TypeError during brand
checks - and since these accesses are guarded by brand checks, we can
create the private methods and accessors after the class is
defined, and merge the home object setting with the creation
of the closures.
Bug: v8:8330, v8:9611
Change-Id: I01363f7befac6cf9dd28ec229b99a99102bcf012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846571
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64225}
While removing dead code, v8 currently removes jump targets, but leaves
suspend points, resulting in bytecode analysis issues. This cl simply
removes the suspend point if the remainder of the block is dead.
Bug: v8:9825
Change-Id: Ib147ca01cf64c695c0316017852d61f52fd10cf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849197
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64223}
This patch refactors the declaration and allocation of the class variable, and
implements static private methods:
- The class variable is declared in the class scope with an explicit
reference through class_scope->class_variable(). Anonymous classes
whose class variable may be accessed transitively through static
private method access use the dot string as the class name. Whether
the class variable is allocated depending on whether it is used.
Other references of the class variable in the ClassLiteral AST node
and the ClassInfo structure are removed in favor of the reference
through the class scope.
- Previously the class variable was always (stack- or context-)
allocated if the class is named. Now if the class variable is only
referenced by name, it's stack allocated. If it's used transitively
by access to static private methods, or may be used through eval,
it's context allocated. Therefore we now use 1 less context slots
in the class context if it's a named class without anyone referencing
it by name in inner scopes.
- Explicit access to static private methods or potential access to
static private methods through eval results in forced context
allocation of the class variables. In those cases, we save its index
in context locals in the ScopeInfo and deserialize it later, so that
we can check that the receiver of static private methods is the class
constructor at run time. This flag is recorded as
HasSavedClassVariableIndexField in the scope info.
- Classes that need the class variable to be saved due to
access to static private methods now save a
ShouldSaveClassVariableIndexField in the preparse data so that the
bits on the variables can be updated during a reparse. In the case
of anonymous classes that need the class variables to be saved,
we also re-declare the class variable after the reparse since
the inner functions are skipped and we need to rely on the preparse
data flags to remember declaring it.
Design doc: https://docs.google.com/document/d/1rgGRw5RdzaRrM-GrIMhsn-DLULtADV2dmIdh_iIZxlc/edit
Bug: v8:8330
Change-Id: Idd07803f47614e97ad202de3b7faa9f71105eac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781011
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64219}
This moves the list of {BreakPointInfo} objects from {WasmModuleObject}
to the corresponding {Script} object. Breakpoints are expected to affect
all modules/instances for a given script, hence the new placement of the
list is a preparation to fully support per-script breakpoints.
R=clemensb@chromium.org
BUG=v8:6847,chromium:893069
Change-Id: Id97058be5ed79cfdba2cecac5733ba161a6021d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852127
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64213}
The flag is enabled since M-70, and we do not use the previous
behaviour anywhere. Hence, remove the flag and clean up some API code.
In particular, the concept of {TransferrableModule} is not needed any
more, we can just use {CompiledWasmModule}.
R=mstarzinger@chromium.org, adamk@chromium.org
Bug: v8:9810
Change-Id: I9b3aa4972277a9262b58da70b141e90d1de31f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847366
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64209}
In preparation for allowing Torque to generate the list of instance
types, I'd like to make the rules a bit more consistent for how instance
types are spelled. This CL is my proposal for a system where every
non-String instance type name is exactly equal to calling
CapifyStringWithUnderscores on the corresponding class name and
appending "_TYPE".
This change is almost all find&replace; the only manual changes are in:
- src/objects/instance-type.h
- src/torque/utils.cc
- tools/gen-postmortem-metadata.py
This change is in response to the review comment
https://chromium-review.googlesource.com/c/v8/v8/+/1757094/25/src/builtins/base.tq#132
Change-Id: Ife3857292669f54931708e934398b2684e60bea5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814888
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64199}
Trivial changes to the parser to allow parsing for-await. Unfortunately,
these tests uncovered a stress bug related to using await in for
loops(see v8:9825).
Bug: v8:9817, v8:9825
Change-Id: Ie699c85389e94b834a22dc1fb2f9970fc37fcdd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848434
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64193}
The plan is to eliminate the DecompressionElimination reducer
as well as the Compressed representation. We are adding a flag to
easily swap between the old system and the new one.
Bug: v8:7703, v8:9206
Change-Id: I083fc7a835962eddfd60e9c403131587489f4632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815134
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64185}
CheckedInt32ToTaggedSigned -> ChangeTaggedSignedToCompressedSigned was
being simplified to CheckedInt32ToCompressedSigned. However, sometimes
the effect chain is not propagated correctly. Since we have plans to
remove the Compressed MachineRepresentation, we can remove this
optimization now.
Bug: v8:7703, chromium:1011980
Change-Id: I9198c73666848f89db96928259af68400d442229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847363
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64178}
This CL implements i8x16.extract_lane_u, i16x8.extract_lane_u operations by
changing the default narrow extract operations to be unsigned. The
sign-extended extracts are implemented on top of the unsigned extracts
with an additional extend compiler node.
For IA32/X64, the codegen effectively remains the same -
0x389332bc32a3 63 660f3a14c900 pextrb rcx,xmm1,0
0x389332bc32a9 69 0fbec9 movsxbl rcx,rcx
0x389332bc32a3 63 660f3a14c900 pextrb rcx,xmm1,0
0x389332bc32a9 69 0fbec9 movsxbl rcx,rcx
On ARM, this adds an additional sxt instruction for the signed extracts.
Bug: v8:8460
Change-Id: I67f14b2b860ff8cc86ffbb2f65c7ef7de32da83f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1846711
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64172}
This is useful for the upcoming "huge TypedArrays" support, to be able
to quickly decide in stubs/generated code whether a string used as the
key for a property load/store can possibly be an exotic integer index.
Bug: v8:4153
Change-Id: I50ce655d2f78fb36e5615fd580f22c9290216c84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1821460
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64165}
This brings our constants back in line with the changed spec text. We
already use kExprTableGet and kExprTableSet, but for locals and globals
we still use the old wording.
This renaming is mostly mechanical.
PS1 was created using:
ag -l 'kExpr(Get|Set)Global' src test | \
xargs -L1 sed -E 's/kExpr(Get|Set)Global\b/kExprGlobal\1/g' -i
PS2 contains manual fixes.
R=mstarzinger@chromium.org
Bug: v8:9810
Change-Id: I064a6448cd95bc24d31a5931b5b4ef2464ea88b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847355
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64163}
This is the first piece of the wasm debugging prototype. This change
adds support for removing breakpoints in WasmModuleObject. This change
does not introduce any ways of exposing this feature.
Code mostly pulled from Paolo Severini's prototype.
Bug: chromium:1010467
Change-Id: Ia2821c59e89aa7f234398bf41e145b907085b382
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826902
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Eric Leese <leese@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64162}
This brings our constants back in line with the changed spec text. We
already use kExprTableGet and kExprTableSet, but for locals and globals
we still use the old wording.
This renaming is mostly mechanical.
PS1 was created using:
ag -l 'kExpr(Get|Set|Tee)Local' src test | \
xargs -L1 sed -E 's/kExpr(Get|Set|Tee)Local\b/kExprLocal\1/g' -i
PS2 contains manual fixes.
R=mstarzinger@chromium.org
Bug: v8:9810
Change-Id: I1617f1b2a100685a3bf56218e76845a9481959c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847354
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64161}
The particular combination of (1) having callee-saved registers in
the stub per the C++ calling convention, (2) passing arguments to
the callee on the stack, and (3) that callee throwing an exception,
caused the saved registers to be restored to bogus values.
To fix this, the stack unwinder needs to compute the stub's frame
size correctly (i.e. without stack parameters).
Bug: chromium:1007608
Change-Id: Iadd99f10764f49f9e3c620c05723e09172c73cf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1847352
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64160}
Empty slow element dictionary had the sticky bit set. This bit was
used to indicate that the dictionary cannot go to the fast mode either
because the dictionary had elements with attributed or elements at large
indices. There is no reason for the empty dictionary to have this bit set.
This causes bugs in some corner cases.
Bug: chromium:1003732
Change-Id: Ib29e1cda784869b9deb9361d8e6b5539f7154a38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833686
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64158}
Unfortunately, codebase contains lots of places that use one of the two
formats as an internal representation for Wasm locations:
1) {line: 0, column: byte offset within entire module}
2) {line: function index, column: byte offset within function}
These places choose these formats interchangeably and convert from one
to another depending on the presence of source map URL in Wasm.
This is not very convenient and makes it hard to add support for DWARF
which should behave just like Wasm with source maps - that is, report a
raw Wasm script instead of fake scripts per each disassembled function,
and use representation (1) instead of (2) internally.
I tried to refactor these locations and avoid checking for source map
URLs in the previous CL - https://crrev.com/c/v8/v8/+/1833688. However,
it quickly got out of hand, and updating code in one place just kept
revealing yet another that gets broken by the changes, so I made a
decision to abandon it and leave to someone who knows the codebase
better.
Instead, this CL is based on https://crrev.com/c/v8/v8/+/1809375, but,
rather than trying to integrate DWARF separately and only for supported
agents, it pretends that encountering DWARF section is the same as
encountering a `sourceMappingURL` section with fake URL "wasm://dwarf".
This ensures that Wasm with DWARF behaves exactly in the same way as
Wasm with source maps, just like we want, with minimal changes to the
codebase. The only downside is that frontends without DWARF support
won't get even a disassembled version of Wasm that contains DWARF info.
This is unfortunate, but, as per previous discussions, should be fine
given current state of Wasm debugging.
Change-Id: Ia7256075e4bfd2f407d001d02b96883d7267436e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834341
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64157}
The test creates 10000 modules, which runs in less then one second in
release builds, but can take much longer with stress flags and on
special bots.
It timed out on the tsan isolates bot in a variant passing
--stress-wasm-code-gc.
Since the test should only verify that we support more than 1000
modules in a single isolate, we do not need to run it in that variant.
Thus just skip it.
R=fgm@chromium.org
Bug: v8:9814
Change-Id: Ie3a4f62a053b1f7cff2c2206f39ddd71a533ae3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1845229
Reviewed-by: Francis McCabe <fgm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64153}
TracedGlobalTrait was unable to override v8::TracedGlobal<v8::Object> for
avoiding the destructor because it is needed on the API surface itself and C++
ODR which prohibits specialization after template instantiation.
Avoid this problem by providing a separate type TracedReference
that, similar to TracedGlobal, is purely traced but avoids the destructor
completely. This only works for embedders that have their memory management
tied to V8 as it is prone to accessing already reclaimed objects otherwise.
Bug: chromium:995684
Change-Id: Iab4332ed417b26c58638a8f9389174cc355a305b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1840972
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64150}
Remove test expectations whose behavior is not specified or contradicts
the Stage 3 PR https://github.com/tc39/ecma402/pull/349 which we plan
to land soon.
The Chinese calendar (and other calendars) now need to choose
different patterns for non-default calendars to support the correct
behavior.
Bug: v8:9320
Change-Id: Ia84e0eb1f7244b0d2d252071cf985d97f2acec58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1838437
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64149}
For this, all Torque stub-linkage builtins use TFC instead of TFS,
with a custom descriptor added to interface-descriptors.h
To avoid having complex logic in the generated code, the new class
TorqueInterfaceDescriptor contains the logic to create a
CallInterfaceDescriptor from a signature consisting of TNode types.
As an example and test, this CL ports StringCharAt to Torque.
Bug: v8:7793
Change-Id: I8339d2ad6e4f908ebdc3b8d30244e4bcbd974f21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798427
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64148}
With the smi-corrupting decompression approach we don't have to sign
extend Smis anymore and therefore we can switch to zero extending
approach by moving the isolate root to the beginning of the reserved
4Gb region.
Bug: v8:9706
Change-Id: Icd6008fa87d0924519b574fdec445976f742e306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835548
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64144}
Disable because it's not yet supported on BE
Bug: v8:9330
Change-Id: Ia850801d410d3eeaccf9933dd2669f6077e2919c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834904
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#64141}
Found while testing with asan.
Change-Id: I82529422770653535aae148a4acc6089c5a4fee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844786
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#64136}
... and make sure that the arm64 ptr-compr bots proceed testing V8 without
pointer compression in order to keep testing the other config.
Bug: v8:7703
Change-Id: I0017345273d5328d95a338064dd80b44974c1c53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1844780
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64132}
Removes CodeStubAssembler::GotoIfDebugExecutionModeChecksSideEffects and
associated test as well as the PerformSideEffectCheckForObject runtime
function.
Bug: v8:9396
Change-Id: Id7748be8fbf1d633f759fef8751ddca13a21748c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824937
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64130}
Placing these tests in anonymous namespaces, is the suggested fix
according to the GCC documentation.
The GCC documentation states: "If a type A depends on a type B with no or
internal linkage, defining it in multiple translation units would be an
ODR violation because the meaning of B is different in each translation unit.
If A only appears in a single translation unit, the best way to silence the
warning is to give it internal linkage by putting it in an anonymous namespace as well."
Change-Id: I69a1e9b5f1789e9a7a62c762cd499809a72e0ea5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1836255
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64128}
This CL removes the StoreBuffer and inserts slots into the
RememberedSet directly from within the RecordWrite builtin. Only calls
into C code when either the SlotSet-array or the bucket is not
allocated. This avoids filling the store buffer up with duplicates or
due to a write-heavy workload and then blocking the main thread on
store buffer processing.
The first CL (https://crrev.com/c/1815241) got reverted, because
mksnapshot was using a different size for SlotSet than the final
binary on ARM. This is fixed now, SlotSet has a standard layout.
Bug: v8:9454
Change-Id: I881641f4ee08a8b42c36fdca8733138b908096bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1842452
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64126}
We reuse PACKED_OP_LIST to generate *pd instructions. Introduce a new pd
base method, similar to ps and vps.
Bug: v8:9396
Change-Id: Id9d81c22c9110935484fd929ef7bf5cc20e9ae7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1834767
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64117}
Now that sweeping uses its own RememberedSet, pre-freeing of empty
buckets is not necessary anymore. Mutator inserts into a different
remembered set, than the sweeper removes slots from.
Bug: v8:9454
Change-Id: I65d046926aa82aeb9eca7694e6a7eff1331d7e01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835547
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64114}
This deletes unresolved VariableProxy objects created for labels in the
preparser which prevents shadowed variables in enclosing scopes from
being context-allocated.
Previously this was only done in the full parser, which leads to
bytecode mismatches with lazy source positions.
Bug: chromium:1009728, v8:8510
Change-Id: If2d0c345346116a7f5aacbcd0cf3638e9f7e04cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1836258
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64104}
Do not store page_start_ in SlotSet anymore, when needed this address
can be calculated cheaply and be passed in from the caller.
Bug: v8:9454
Change-Id: I4cdb010e4126680d8df500e40ae3d0bc884cf501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1838731
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64103}
If script is not disassembled, still use the same script URL format for
consistency.
In particular, use an absolute `wasm://wasm/` prefix, like disassembled fake
scripts do, instead of just a script name which appears to be a
relative URL to devtools.
Change-Id: Ib7632f9f3587ca4961eb4f0b884482b3a1a6e1f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833685
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Cr-Commit-Position: refs/heads/master@{#64086}
Premonomorphic state was only used for store globals to handle contextual
store on a global object [1]. We now handle these differently and we
move to fast handlers even without going through premonomorphic state
after this cl: https://chromium-review.googlesource.com/c/v8/v8/+/1807356.
Also, with lazy feedback this would be a relatively uncommon case anyway.
So, we no longer need premonomorphic state. This cl removes this state
entirely.
[1]: https://bugs.chromium.org/p/v8/issues/detail?id=8712
Bug: v8:8394
Change-Id: I71fb918b82b0c321a9705e32c8fc44e9ec223b38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1833690
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64085}
The creator of the allocator retains ownership and is responsible
for its eventual destruction.
Change-Id: Iaf1b24bee7153b3b1a75df99974adff42c6a197f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835545
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64084}
Fix corner case where we would try to read a property when having a
pending or scheduled exception.
Re-add tests.
Bug: chromium:1006640
Change-Id: I2fc84ee0f6145db2d200a8b9abf57fdc4b12a5a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1835531
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64083}
This is a reland of 9efe315ee2 after marking
box2d slow.
Original change's description:
> Mark functions for optimization only on bytecode budget interrupts
>
> We used to mark functions for optimization on any interrupt. This sometimes
> causes functions to OSR when not needed. The implementation was such because
> we didn't have a different runtime function to distinguish bytecode budget
> interrupts from other interrupts. For lazy feedback allocation we added a
> new runtime function for bytecode budget interrupts so it makes it easier
> to actually mark functions only when needed.
>
> This also includes a fix to reduce the stack limits for interrupts when
> entering a scope that allows interrupts from a postponed interrupt scope.
>
> Bug: chromium:993061
> Change-Id: Iaf7b4dccb7a503e5b6bfcbb993bc7482aa593955
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829218
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64048}
Bug: chromium:993061
Change-Id: I24dae03357d6c368e4173db3f071e8ab09e9d6dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832173
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64082}
The natives blob is deprecated and will be removed in the next
release.
This commit does two things, 1. it disables the v8_extra_library_files
gn argument which will make building natives_blob.bin through gn
impossible; 2. it marks API functions associated with the natives blob
as V8_DEPRECATE_SOON.
Embedders should remove any uses of SetNativesDataBlob and replace all
calls to
InitializeExternalStartupData(const char*, const char*)
with the new function
InitializeExternalStartupDataFromFile(const char*)
Step 2 is to mark API functions as V8_DEPRECATED.
Step 3, in the next V8 release, is to remove these functions and all
other natives support in V8.
Bug: v8:7624
Change-Id: I745e96c60204a9b94d9240be65dd59bb9bdd0699
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824944
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64080}
* Throws RangeError only when the calendar and numberingSystem is
ill-formed.
* Set the calendar and numberingSystem to the locale only if
the values are valid.
* Fix the order of GetOption of "localeMatcher".
* Add more unit tests.
See https://github.com/tc39/ecma402/pull/175 for details.
Bug: v8:9786, v8:9787, v8:9788
Change-Id: Ic0f918ad7d9afb0b7c8df39caa0f44ef07ca10c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1830345
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64070}
This is a reland of 6612943010
Fixed: Unaligned reads, unspecified evaluation order.
Original change's description:
> [regexp] Bytecode peephole optimization
>
> Bytecodes used by the regular expression interpreter often occur in
> specific sequences. The number of dispatches in the interpreter can be
> reduced if those sequences are combined into a single bytecode.
>
> This CL adds a peephole optimization pass for regexp bytecodes.
> This pass checks the generated bytecode for pre-defined sequences that
> can be merged into a single bytecode.
>
> With the currently implemented bytecode sequences a speedup of 1.12x on
> regex-dna and octane-regexp is achieved.
>
> Bug: v8:9330
> Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63992}
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux_gcc_rel
Bug: v8:9330,chromium:1008502,chromium:1008631
Change-Id: Ib9fc395b6809aa1debdb54d9fba5b7f09a235e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828917
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64064}
This is a reland of cfb60d430b
Original change's description:
> [regexp] Eagerly tier-up for very long strings
>
> For very long subject strings, the regexp interpreter is currently much slower
> than the native machine code execution. This CL implements eager tier-up to the
> compiler to avoid the performance penalty for subject strings of length greater
> than 1000.
>
> Change-Id: I244ccbd60255e0f3bedc493b1cc3d25cdd42133e
> Bug: v8:9566
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829273
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Ana Pesko <anapesko@google.com>
> Cr-Commit-Position: refs/heads/master@{#64046}
Bug: v8:9566
Change-Id: I81a10728c64ce3b35258c31eb8178e458d3de205
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832167
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#64063}
Since slow handler was previously not a Smi. The DCHECK assumed any
Smi Handler on this path should be a proxy handler. Now it Checks for
both, and should continue if the current handler is a slow handler.
Bug: chromium:1008632
Change-Id: I079960894d7320d8d658d0990e8c32db51703206
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1828480
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#64052}
This reverts commit cfb60d430b.
Reason for revert: Several bots timing out, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/24717
Original change's description:
> [regexp] Eagerly tier-up for very long strings
>
> For very long subject strings, the regexp interpreter is currently much slower
> than the native machine code execution. This CL implements eager tier-up to the
> compiler to avoid the performance penalty for subject strings of length greater
> than 1000.
>
> Change-Id: I244ccbd60255e0f3bedc493b1cc3d25cdd42133e
> Bug: v8:9566
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829273
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Ana Pesko <anapesko@google.com>
> Cr-Commit-Position: refs/heads/master@{#64046}
TBR=yangguo@chromium.org,petermarshall@chromium.org,anapesko@google.com
TBR=yangguo@chromium.org
Change-Id: Id8dd362617988c8c5efa87ae157ee91c96cb1fdf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1832163
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#64047}
For very long subject strings, the regexp interpreter is currently much slower
than the native machine code execution. This CL implements eager tier-up to the
compiler to avoid the performance penalty for subject strings of length greater
than 1000.
Change-Id: I244ccbd60255e0f3bedc493b1cc3d25cdd42133e
Bug: v8:9566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829273
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ana Pesko <anapesko@google.com>
Cr-Commit-Position: refs/heads/master@{#64046}
This reverts commit 70e07cdb6e.
Reason for revert: Clusterfuzz found issue in chromium:1009019
Original change's description:
> [heap] Insert directly into RememberedSet and remove StoreBuffer
>
> This CL removes the StoreBuffer and inserts slots into the
> RememberedSet directly from within the RecordWrite builtin. Only calls
> into C code when either the SlotSet-array or the bucket is not
> allocated. This avoids filling the store buffer up with duplicates or
> due to a write-heavy workload and then blocking the main thread on
> store buffer processing.
>
> Change-Id: I05b0b0938d822cdf0e8ef086ad4527d3229c05b2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815241
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64002}
TBR=ulan@chromium.org,jkummerow@chromium.org,dinfuehr@chromium.org
Change-Id: I6f4cc1641965c83b05f3b3830b0f526b362beb49
Bug: chromium:1009019, chromium:1009196
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829259
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64043}
This is a short-term fix to prevent any merging of feedback slots for
dynamic globals, while we work on a longer term solution to make it
consistent between eager and lazy compilation.
Bug: chromium:1008414, v8:8510
Change-Id: I4a5977046f53454d6f8a6ea2f41046abdf73418f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1829270
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64041}
This fixes a bug in the optimization concerning detached
or re-attached global proxies.
Bug: v8:7790
Change-Id: Ifd30b88361914430bb373d4b64a76e33ccde37e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809361
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64035}
Address special case condiction for U+017F.
Bug: v8:9356
Change-Id: Id24e5e2c999b198bf0f696aea8c98f223508c051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1827683
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64028}
This is a reland of cfb100282e
with a fix for failures in lite mode.
Original change's description:
> [compiler] Cache OSR optimized code
>
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
>
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}
Bug: chromium:987523
Change-Id: I9c782242b07b24d15247533ab4ee044334b429ff
TBR: rmcilroy@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826898
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64023}
The current version of SmiTag and SmiUntag was checking if the
registers were the same, copying them if not and then untagging.
We can avoid a branch and a check by having two versions of
SmiTag and SmiUntag.
Change-Id: Id89213e073cefc9f8e46fcf0e79d0c1d349342ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826730
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64021}
This new optional parameter controls whether "Runtime.evaluate" ignores
break points and previous "Debugger.pause" calls while evaluating the
expression. This will be used for live expressions, which should never
interfere with debugging.
Bug: chromium:1001216
Change-Id: Ie37f6616a4a1cae40399b79255ab92fb254d91b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826664
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64018}
This reverts commit cfb100282e.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/6483
Original change's description:
> [compiler] Cache OSR optimized code
>
> With lazy feedback allocation, for functions that get OSRed we may
> not have feedback for the initial part of the functions since feedback
> vectors might be allocated after the function started executing. Hence
> we would not be able to optimize the function on the next call. This
> means we may have to OSR twice before we actually optimize function.
> This cl introduces OSR cache, so we could reuse the optimized code. One
> side effect of this cl is that the OSRed code won't be function context
> specialized anymore.
>
> Bug: chromium:987523
> Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64014}
TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org
Change-Id: Ib3692e7570bed5d3e88ca8a0247b185d70497a04
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:987523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826668
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64015}
With lazy feedback allocation, for functions that get OSRed we may
not have feedback for the initial part of the functions since feedback
vectors might be allocated after the function started executing. Hence
we would not be able to optimize the function on the next call. This
means we may have to OSR twice before we actually optimize function.
This cl introduces OSR cache, so we could reuse the optimized code. One
side effect of this cl is that the OSRed code won't be function context
specialized anymore.
Bug: chromium:987523
Change-Id: Ic1e2abca85ccfa0a66a0fa83f7247392cc1e7cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1796329
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64014}
Make it clearer when the broker is missing information about
a potential inlinee.
Bug: v8:7790
Change-Id: I73d6066e75049e15a3fd821ac685476812482142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825241
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64007}
This is a reland of c70de45c6a
Original change's description:
> [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
>
> Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
> nodes. This allows TurboProp to avoid the LateOptimizationPhase and
> MemoryOptimizationPhase phases while still lowering all simplified nodes to
> machine nodes before instruction selection.
>
> BUG=v8:9684
>
> Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63981}
TBR=neis@chromium.org
Bug: v8:9684
Change-Id: I9cf3d087b81bb81a09a725168da9dc19238da91f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826726
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64003}
This CL removes the StoreBuffer and inserts slots into the
RememberedSet directly from within the RecordWrite builtin. Only calls
into C code when either the SlotSet-array or the bucket is not
allocated. This avoids filling the store buffer up with duplicates or
due to a write-heavy workload and then blocking the main thread on
store buffer processing.
Change-Id: I05b0b0938d822cdf0e8ef086ad4527d3229c05b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815241
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64002}
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits.
Bug: v8:9706
Change-Id: I04d2708f331a65e1c73302e8c36653f9cb40706e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824946
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64001}
This reverts commit 6612943010.
Reason for revert: Fails on gcc: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20gcc/3394
Original change's description:
> [regexp] Bytecode peephole optimization
>
> Bytecodes used by the regular expression interpreter often occur in
> specific sequences. The number of dispatches in the interpreter can be
> reduced if those sequences are combined into a single bytecode.
>
> This CL adds a peephole optimization pass for regexp bytecodes.
> This pass checks the generated bytecode for pre-defined sequences that
> can be merged into a single bytecode.
>
> With the currently implemented bytecode sequences a speedup of 1.12x on
> regex-dna and octane-regexp is achieved.
>
> Bug: v8:9330
> Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
> Commit-Queue: Patrick Thier <pthier@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63992}
TBR=jgruber@chromium.org,petermarshall@chromium.org,pthier@google.com
Change-Id: Ie526fe3691f6abdd16b51979000fdafb7afce8ef
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9330
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826727
Reviewed-by: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Commit-Queue: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63998}
The current implementation only supports arrays and proxies as
multi-return values in Wasm to JS calls. This adds support for any
iterable including generators, as specified by the multi-value proposal
(https://github.com/WebAssembly/multi-value/).
R=mstarzinger@chromium.org
Bug: v8:9492
Change-Id: I2c9be1f7e03824b1aabba525244e5b7f76a98f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824938
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63996}
This CL fixes comparison operations that take into account full-word
value instead of the lower 32 bits and tweaks some CSA helper functions
for smi-corrupting decompression.
Bug: v8:9706
Change-Id: I50e38a9f34b911ec0b8dd4e21298417bf23160aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1824943
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63995}
Bytecodes used by the regular expression interpreter often occur in
specific sequences. The number of dispatches in the interpreter can be
reduced if those sequences are combined into a single bytecode.
This CL adds a peephole optimization pass for regexp bytecodes.
This pass checks the generated bytecode for pre-defined sequences that
can be merged into a single bytecode.
With the currently implemented bytecode sequences a speedup of 1.12x on
regex-dna and octane-regexp is achieved.
Bug: v8:9330
Change-Id: I827f93273a5848e5963c7e3329daeb898995d151
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1813743
Commit-Queue: Patrick Thier <pthier@google.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63992}
This reverts commit c70de45c6a.
Reason for revert: speculative revert
Original change's description:
> [TurboProp] Add MidTierMachineLoweringPhase to avoid Late/MemoryOptimizationPhases
>
> Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
> nodes. This allows TurboProp to avoid the LateOptimizationPhase and
> MemoryOptimizationPhase phases while still lowering all simplified nodes to
> machine nodes before instruction selection.
>
> BUG=v8:9684
>
> Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63981}
TBR=rmcilroy@chromium.org,neis@chromium.org
Change-Id: I99cddb2c435ad6347bdc9b61b95d48dca94294c7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1826720
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63984}
Adds a MidTierMachineLoweringPhase which does select and memory lowering to machine
nodes. This allows TurboProp to avoid the LateOptimizationPhase and
MemoryOptimizationPhase phases while still lowering all simplified nodes to
machine nodes before instruction selection.
BUG=v8:9684
Change-Id: I60533db93152ff044a2fa8c1c31adedeb3747856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815130
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63981}
R=adamk@chromium.org
No-Try: true
Change-Id: Idedb3d80382c876f09c545cf0f1cc7387b9ad805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1825242
Auto-Submit: Clemens Backes [né Hammacher] <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63979}
FMA operations is always supported on arm64, so in the test, we expect
fused results on arm64 whenever we run on TurboFan.
Bug: v8:9415
Change-Id: Ia2016533b9b76ee14b8c8da1c0d4ff7753276714
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1819723
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63973}
It is controlled by flag harmony_intl_other_calendars.
But this is also pretty intern-dependent with
harmony_intl_add_calendar_numbering_system and should be launched
all together to be meaningful.
https://github.com/tc39/ecma402/pull/349/#349 Normative: Allow calendar to determine choice of pattern
https://github.com/tc39/ecma402/pull/351#351 Normative: Permit relatedYear and yearName in output
Bug: v8:9155
Change-Id: I67cd6bba6276bbb995186a9fe6202429d724ba61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1588401
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63972}
Since https://crrev.com/c/1771783 the mutator owns the old-to-new
remembered set, while the sweeper modifies the sweeping-slot-set.
This allows us to update the old-to-new remembered set non-atomically.
In this CL the mutator now inserts non-atomically into the remembered
set. The AccessMode is now explicit for Insert-operations as well.
Bug: v8:9454
Change-Id: I94730345f7dd34fe309839969330687c94b3080b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803652
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63971}
This addition will allow to experiment with parsing DWARF information from
WebAssembly on the frontend side for improved debugging.
The frontend must explicitly opt-in to this experiment by setting
`supportsWasmDwarf: true` in `Debugger.enable` params.
When this option is present, and Wasm appears to contain DWARF information
(heuristic: `.debug_info` custom section is present), V8 will not try to
disassemble and report each WebAssembly function as a separate fake script, but
instead will report Wasm module as a whole.
Note that V8 already does this when Wasm is associated with a source map.
Additionally, this CL adds a dedicated `Debugger.getWasmBytecode` command that
accepts scriptId and returns raw wire bytes of the chosen WebAssembly module.
Change-Id: I7a6e80daf8d91ffaaba04fa15688f2ba9552870f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809375
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63969}
Allows JS functions returning array-like objects to be imported as
multi-return functions in WebAssembly modules. Importing a generator
does not work as required by the specification yet.
R=mstarzinger@chromium.org
Bug: v8:9492
Change-Id: Iaf61a0f718eb50676913aa1486fb39cebecfc090
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815246
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63965}
In preparation for Code objects that aren't executable and can be in
RO_SPACE, pass an Isolate into Code::Disassemble.
Bug: v8:7464
Change-Id: I99f5faf23dd4709a48925e1ae44d1ce595ea6f5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822043
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63962}
With the far jump table, we need to distinguish the maximum size of a
single code space from the maximum total code size per module. On
arm64, they differ, because we now support 1GB of code space, but each
code space is still limited to 128MB.
Bug: v8:9477
R=mstarzinger@chromium.org
Change-Id: I7b9aaec56a1d9d1f70573b6b895216d5b3f38346
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815253
Commit-Queue: Clemens Backes [né Hammacher] <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63961}
Moves the following functions from CodeStubAssembler to
BuiltinsStringAssembler:
SubString
CopyStringCharacters
AllocAndCopyStringCharacters
Bug: v8:9396
Change-Id: Ieb534b7fa7e72db9b05cdc2a34bd88b7a52ee985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1822040
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63959}
Always unmark arrowhead parameters as assigned directly after their
initialization as the parser doesn't know when it first sees the
"assignment" that it may be in an arrowhead.
Bug: chromium:1003403, v8:8510
Change-Id: Iad5a4136d5ec06331fc43b81a809fd72cee2dd65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815131
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63947}
Adds support for parsing top level await to V8, as well as
many tests.
This is the final cl in the series to add support for top level
await to v8.
Spec is here:
https://tc39.es/proposal-top-level-await/#sec-execute-async-module
Bug: v8:9344
Change-Id: Ie8f17ad8c7c60d1f6996d134ae154416cc1f31e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1703878
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63946}
This introduces a limit for the interpreter's BacktrackStack to match
the limit used by generated code (RegExpStack::kMaximumStackSize).
Bug: chromium:1006670
Change-Id: I0b7613698e61257aecca89535ad9109c7e454692
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1821458
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63945}
This reduces the number of label indices accepted by {br_table} from the
full function body size to specifically 65520 labels. Note that TurboFan
already had a similar limitation on switches, but caused a crash during
compilation up until now. This change just makes the limit explicit and
avoids the crash during compilation.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-9759
BUG=v8:9759
Change-Id: I3a9a4406b19a7f98fc36707b3b946be846170a15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1821457
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes [né Hammacher] <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63944}
In the {Fixed} variant, the {WasmCodeManagerTest} always reserves
1GB of memory. This makes the test run OOM on many 32-bit platforms.
Instead of skipping it selectively, this CL just removes the whole
test. It caused a lot of trouble in the past, and needs two test-only
methods in the WasmCodeManager. Also, the {Fixed} variant will not be
needed any more with the wasm far jump table, since modules can always
grow then.
Drive-by: Clean up the unittests status file a bit.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: I5b6f8ed9f800863575c69d49d5df82f21fd23030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815251
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes [né Hammacher] <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63942}
If a BackingStore is marked as !free_on_destruct, then we don't have to
guarantee that there is only one such BackingStore pointing to the
underlying buffer. So we can skip costly registration in process-global
table of backing stores.
Bug: v8:9380,chromium:1002693
Change-Id: Iad1ec5c4811d6c52a9a9d78dd700acf69170db60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815136
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63941}
This is a reland of 12a9ee3a5b
Fixed arm64 disasm test.
Original change's description:
> [ptr-compr] Switch to 31 bit Smis on 64-bit architectures
>
> 32 bit Smis are incompatible with pointer compression so we land disable
> them before enabling pointer compression in order to separate memory and
> performance regressions caused by 31 bit Smis from pointer compression
> change.
>
> Bug: v8:9767
> Change-Id: I3d4a675df4208f808b1ba6e7816be545eae0dc24
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815249
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63934}
Bug: v8:9767
Change-Id: Ife46a4240141dd89d841eac152032ad6ca471810
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1820939
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63940}
This moves the initialization to JSArrayBuffer::SetupEmpty, which is the
proper bottleneck for all paths constructing array buffers.
Bug: chromium:1006600,v8:9380
Change-Id: I1887cb867627d69ade20654e5bc372b1ba1ac4e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815132
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63939}
This fixes how arguments of a call to {fround} are being parsed. It now
accepts a single "AssignmentExpression" only instead of an "Expression"
which could potentially be a whole comma-separated list of expressions.
R=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-1006592
BUG=chromium:1006592
Change-Id: Ifaf0c2b048e4ec18429cc6039c0e7dcdecc1d0bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815255
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63926}
This loads the call builtin from the Isolate root instead of embedding
it into the instruction stream. This can be more efficient, but more
importantly it fixes an issue with tracing and eventually allows for
background compilation of these wrappers.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-crbug-1006631
BUG=chromium:1006631
Change-Id: Ife1bc513340d233a3c01789c7b56126fe3b87f6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815245
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63924}
This reverts commit ad83fa921b.
Reason for revert: Crashes odroid: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/11234
Original change's description:
> [wasm] Fix TODO and skip test on win32
>
> In the {Fixed} variant, the {GrowingVsFixedModule} test first reserves
> 1GB of memory, then allocates another 1GB to add it to the module as
> code. This uses too much memory on win32, making the test fail.
> Before this CL, the {NativeModule} only reserved 128kB upfront (in
> contrast to the actual expectation of the test).
>
> Since all other aspects of this test are already covered by other
> tests, we just skip this test on win32.
> This allows us to resolve the TODO.
>
> Drive-by: Clean up the unittests status file a bit.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9477
> Change-Id: I575dd1a3f486e1805e0256e8ee6071246f2c24c4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816505
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63921}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: Ia9d9b9e311ff8b7524938aeb02543bf2c01bdd27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1815250
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63923}
In the {Fixed} variant, the {GrowingVsFixedModule} test first reserves
1GB of memory, then allocates another 1GB to add it to the module as
code. This uses too much memory on win32, making the test fail.
Before this CL, the {NativeModule} only reserved 128kB upfront (in
contrast to the actual expectation of the test).
Since all other aspects of this test are already covered by other
tests, we just skip this test on win32.
This allows us to resolve the TODO.
Drive-by: Clean up the unittests status file a bit.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: I575dd1a3f486e1805e0256e8ee6071246f2c24c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816505
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63921}
Change Parser::AllowsLazyParsingWithoutUnresolvedVariables to return
false if it may be parsing an arrow function.
Bug: v8:9758, v8:8510
Change-Id: Ic5d213d4358ff954a169c03e449197c3f050880c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816510
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63920}
Add a new test SimdLoadStoreLoadMemargOffset to test this, without this fix
this test would have failed.
Bug: v8:9753
Change-Id: I119adda8e3c6c7adb0ad4023298bbce9c0c64a01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811457
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63914}
This cl adds support for top level await to d8, but still
does not allow top level await through parsing.
Unfortunately, due to that restriction this cl has no automated
tests, but I added a 'top-level-await' variant and manually
confirmed it passes locally.
Bug: v8:9344
Change-Id: I3528442768107f5ad1ed1e9e947cfceae91c0cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808483
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63909}
If we can read an object's Map pointer but not any data from the Map
itself, we may still be able to accurately describe the object's type if
the Map pointer matches one of the known Maps from the snapshot.
GetObjectProperties uses that data in one of two ways:
- If it is sure that the Map pointer matches a known Map, then it uses
the type from that Map and continues as if it read the type normally.
- If the Map pointer is at the right offset within a heap page to match
a known Map, but the caller didn't provide the addresses of the first
pages in Map space or read-only space, then the type of that Map is
just a guess and gets returned in a separate array. This gives the
caller the opportunity to present guessed types to the user, and
perhaps call again using the guessed type as the type hint.
Bug: v8:9376
Change-Id: I187f67b77e76699863a14534a9d635b79f654124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1787986
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63908}
The predictable platform can make tasks deadlock if the spawning task
is holding a lock that the spawn task also wants to take. This is
because the spawned task is just executed immediately within the
"context" of the spawning task.
The wasm async compile tests deadlock because the
{BackgroundCompileTask}s hold the shared {BackgroundCompileToken}
(reader lock) while spawning new tasks via {OnBackgroundTaskStopped} ->
{RestartBackgroundTasks}. The new tasks might want to cancel
compilation via {BackgroundCompileToken::Cancel}, which takes the
writer lock and hence deadlocks.
This can not happen on any other platform, since tasks are not nested
that way.
R=ahaas@chromium.org
Bug: v8:9760
No-Try: true
Change-Id: I9fc34d5de386aa5c6fdd64a1570fddcff872ec95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1816502
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63904}
With --wasm-far-jump-table, it will be possible to create 10k (and
more) modules in one process. So far, we hit the virtual address space
limit around 1k modules, because each module makes a reservation of
{kMaxWasmCodeMemory} upfront. After this change, each module will only
reserve the estimated needed code size (if --wasm-far-jump-table is
set).
The test is carefully optimized to not execute too much code in the
loop, so it can still run in simulators in reasonable time. Note that
the time for actually compiling the module is spent in C++, which is
fast in simulator builds.
R=mstarzinger@chromium.org
Bug: v8:9477, v8:9651
Change-Id: If74a825d272a65b82ca5433cb648b6a2271872e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1811038
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63903}
This adds an additional V8 API to get the backing store of an array
buffer. Unlike the existing API, the backing store comes wrapped
in a std::shared_ptr, making lifetime management with the embedder
explicit. This obviates the need for the old GetContents() and
Externalize() APIs, which will be deprecated in a future CL.
Contributed by titzer@chromium.org
Bug: v8:9380
Change-Id: I8a87f5dc141dab684693fe536b636e33f6e45173
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807354
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63883}
The promise file is too big so I am splitting it in several CLs.
TNodified:
* AllocatePromiseReaction
* AllocatePromiseReactionJobTask
* AllocatePromiseResolveThenableJobTask
* CreatePromiseResolvingFunctions
* CreatePromiseResolvingFunctionsContext
* CreatePromiseContext
This CL introduces some CASTs that will be deleted once the file is
TNodified in full.
Bug: v8:6949
Change-Id: Ia3006faa5e9fd0e6fa3c58511772857910326532
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809360
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63882}
Added tests for the scenario when the fillers would be evacuated within the
new space and when they would be promoted into the old space.
The fix is to treat the deferred handles the same as the local ones:
call FixStaleLeftTrimmedHandlesVisitor for them.
Bug: v8:9739
Change-Id: Idac233716295f53793657164561bb81f8f729065
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809815
Commit-Queue: Irina Yatsenko <irinayat@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63880}
Quasi Fused Multiply-Add and Quasi Fused Multiply-Subtract performs, on floats, a + b * c and a - b * c respectively.
When there is only a single rounding, it is a fused operation. Quasi in this case means that the result can either be fused or not fused (two roundings), depending on hardware support.
It is tricky to write the test because we need to calculate the expected value, and there is no easy way to express fused or unfused operation in C++, i.e.
we cannot confirm that float expected = a + b * c will perform a fused or unfused operation (unless we use intrinsics).
Thus in the test we have a list of simple checks, plus interesting values that we know will produce different results depending on whether it was fused or not.
The difference between 32x4 and 64x2 qfma/qfms is the type, and also the values of b and c that will cause an overflow, and thus the intermediate rounding will affect the final result.
The same array can be copy pasted for both types, but with a bit of templating we can avoid that duplication.
Change-Id: I0973a3d28468d25f310b593c72f21bff54d809a7
Bug: v8:9415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1779325
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63878}
Disabling the RegExp compilation cache comes with performance implications,
and it doesn't seem to be necessary for debugging.
Bug: chromium:992277
Change-Id: I24841f4814bcacb18a3968c37490f201c0c1ccac
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg,v8_linux64_gc_stress_custom_snapshot_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805637
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63876}
Separate creating Wasm translations from reporting them to an agent.
This is done in order to support multiple connected sessions.
Previously connecting more than one agent would fail assertion in debug
mode and overwrite translation objects over and over
(and potentially do something worse) in release mode.
Bug: v8:9725
Change-Id: I13fde5ebf6e64e7268eb6870f9c21ac9a5bed81e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807273
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ingvar Stepanyan <rreverser@google.com>
Cr-Commit-Position: refs/heads/master@{#63867}
This introduces {DisassembleWasmFunction} to replace the above method,
since disassembling a function is independent of the concrete module
object and hence can be done for shared decoded modules.
R=clemensh@chromium.org
BUG=v8:6847
Change-Id: I5abea2a1381a9b8d3717a55d0b2b937dfbbafefd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1809359
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63860}
ArrayBuffer tracking has landed, turning on GrowMemory for Shared
WebAssembly.memory on by default. Enable all variants of tests based
on the new implementation.
Bug: v8:8564, v8:9221, v8:8832
Change-Id: I0ff8688636303896450b788b2ff5a7268d386050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1808106
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63855}
Fix m(ax|in)imumFractionDigits of Intl.NumberFormat
resolvedOptions are set to 0. For example, currency
instance for CPY or KRW.
Bug: chromium:1003748
Change-Id: Ia1963d8d070b066bd5afa61f8c4716a21450af05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807742
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63850}
The promise file is too big so I am splitting it in several CLs.
This is the first one.
TNodified:
* AllocateAndInitJSPromise (three versions)
* PerformPromiseThen
* AllocateJSPromise
Bug: v8:6949
Change-Id: I57ae8de3f929c00a9127ea4be51ffe7703b44959
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807370
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63849}
Port 1dd791fca2
Original Commit Message:
Uses templates to dispath the allocation flag statically.
Change-Id: I1d6a0f2c6ca04ac0f03afe392584e9f1e8dcfb9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806680
Auto-Submit: Mu Tao <pamilty@gmail.com>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63842}
The element segment encoding in the bulk memory proposal changed
recently. With this CL the V8 implementation gets up to date again.
R=thibaudm@chromium.org
Bug: v8:9658
Change-Id: I4f45d04369400356a6f3aaed9570c7870f5f97bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1778022
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63836}
Adding a %SimulateNewspaceFull runtime function speeds up this test
from 7m21s to 0.3s (on arm.optdebug with --jitless).
Bonus content:
- speed up mjsunit/md5 by 23x (5m25s -> 7.5s)
- speed up mjsunit/string-replace-gc by 8x (1m37s -> 12s)
Bug: v8:9700, v8:9396
Change-Id: Id00d0b83b51192edf1d5493b49b79b5d76e78087
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1807355
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63829}
- There was no use of DisallowDeferredHandleDereference, so remove the
corresponding assertion scope and related code.
- Make DeferredHandleScope::Detach return a unique_ptr rather than a
raw pointer for clarity.
- Store DeferredHandles in compilation info as unique_ptr rather than
shared_ptr, as it's never shared.
- Remove some unused methods.
Change-Id: I8327399fd291eba782820dd7a62c3bbdffedac4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1805645
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63828}
We used to have two special cases for named accesses on the global
proxy, one based on seeing the global proxy constant in the graph and
on based on seeing the global proxy map either in the feedback or in
the graph. A change I made a while ago accidentally disabled the second
one. This CL restores that.
Moreover, given how things are set up now (this might have been
different before), the first optimization is subsumed by the second
one, so this CL also removes the first one.
Finally, this CL records an accumulator hint in the case of a load,
which improves precision of the serializer for concurrent inlining.
Tbr: tebbi@chromium.org
Bug: v8:7790
Change-Id: I255afc6c79e5c5c900b3ccfcd8459d836d21e42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801954
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63806}
The first land did not correctly handle exceptions for already evaluated
modules.
Original description:
Implements AsyncModules in SourceTextModule. However, there is no
support in the parser or D8 for actually creating / resolving
AsyncModules. Also adds a flag '--top-level-await,' but the only
external facing change with the flag enabled is that Module::Evaluate
returns a promise.
Bug: v8:9344
Change-Id: I24725816ee4a6c3616c3c8b08a75a60ca9f27727
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1797658
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63803}
This randomizes new memory allocations and reservations. It's currently
used to test far jump tables in wasm better, but might be helpful
generally for testing arbitrary virtual memory layouts.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: Ie60b7c6dd3c4cd0f3b9eb8e2172912e0851c357d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803340
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63802}
This is a reland of 2869d9de0d
Original change's description:
> [turbofan,arm64] Add float loads poisoning.
>
> Also extend load poisoning testing for arm and arm64.
>
> This is a port of I1ef202296744a39054366f2bc424d6952c3bbe9d,
> originally introduced for arm.
>
> Change-Id: I7d317bba6be633dd1e563daa7231d3c5e930f8e4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1691032
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63519}
Change-Id: I8155456f6ad571897f6274a86e58fec6cd66ee7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1800583
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#63800}
This CL adds a flag to reduce the initial code space reservation size
(--wasm-max-initial-code-space-reservation), and adds a test which creates at
least four separate code spaces and calls between them.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: I1b4c430266962eb94dbe4b381f46b03c2ec07fc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1782999
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63797}
Changes the Array(Includes|IndexOf)(Holey|Packed)Doubles builtins to
first check the input array is not empty before attempting to cast it to
a FixedDoubleArray as an empty array of doubles can be backed by a
FixedArray.
Bug: chromium:1004061
Change-Id: I12f302afa9596fb8a5581849662cd67fcc06f92b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806676
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63794}
Disable a flaky test.
This is a reland of cbf028e8b8
Bug: v8:9714
Change-Id: Ifc136ad80bd7f2a0ae67a15e688a3d08ceed3c44
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1806915
Auto-Submit: Victor Gomes <victorgomes@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@google.com>
Cr-Commit-Position: refs/heads/master@{#63793}
The current JSObject type is too specific as it can also be passed proxy
objects.
BUG=chromium:1003919,v8:6949
Change-Id: I2766868543827fc5ee6f99f3b120c7ffe9cfed39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803651
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63787}
This reimplements the "--time" option of run-tests.py to print the
20 slowest tests, on top of json_test_results infrastructure just
like the bots do it.
Additionally this CL speeds up a bunch of slow tests.
Bug: v8:9396
Change-Id: I40797d2c8c3bfdd310b72f15cd1a035844b7c6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803635
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63786}
Install intrinsic default prototypes for Intl.ListFormat,
Intl.PluralRules, Intl.RelativeTimeFormat, and Intl.Segmenter.
Observable when attempting to construct cross-realm via a
new.target with a non-Object .prototype property.
Bug: v8:9712
Change-Id: I77ae75e5ea1ee8e9a01cf5788b664a5945aa1f7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801252
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63774}
By rolling icu to faee8bc which contains the upstream CLDR fix.
Bug: v8:992694
Change-Id: I073d15396fa0e7c5054aa4e0806e5842228955f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799424
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63768}
After https://crrev.com/c/1800575 and https://crrev.com/c/1803343,
which tried to fix this on occuring compile errors, this CL
systematically adds the <memory> include to each header that uses
{std::unique_ptr}.
R=sigurds@chromium.orgTBR=mlippautz@chromium.org,alph@chromium.org,rmcilroy@chromium.org,verwaest@chromium.org
Bug: v8:9396
Change-Id: If7f9c3140842f9543135dddd7344c0f357999da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1803349
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63767}
If the jump is too large for a near jump, we patch the far jump table
instead, and patch the (near) jump table to jump to the far jump table
slot.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: Ic9a929b405492c1cfe744738e0807ad4357c53ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1799543
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63754}
Make TryEmitCbzOrTbz a template, so it can be used for Word64 as well as Word32.
0.09% reduction of embedded builtins size with a arm64 ptr-compr build.
Some of the unittests weren't ported to Word64 as they don't pass, this is due to
VisitWordCompare missing a loop to remove Word64Equal comparisons against 0. This
can be added in a different CL if needed.
Change-Id: I927129d934083b71abe5b77991c39286470a228d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792908
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63751}
The {JumpTableAssembler} should not include {wasm-code-manager.h}. It
only depends on assembler headers in {src/codegen}.
This removes the {flush_i_cache} parameter which is always set anyway,
removes the last include from {src/wasm} and updates the DEPS file to
forbid such includes for the future.
R=mstarzinger@chromium.org
Bug: v8:9396, v8:9477
Change-Id: Id57b35c93155c3eac7c4c9b6a41d3a1c98c0dddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801846
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63749}
This reverts commit 9ce6792630.
Reason for revert: This was never intended to stay.
Original change's description:
> [turbofan] temporarily disable const-based load elimination
>
> This is a safe to merge hot-fix to tackle https://crbug.com/983764.
> To be reverted after merging to M77.
>
> Bug: chromium:983764
> Change-Id: I3cd27481f224b352ef6bcf9dde21a8f77616acff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1786285
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63570}
TBR=tebbi@chromium.org,mslekova@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:983764
Change-Id: I9c07eab384818aaeecab0224cec0f6b5310e9e09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1801839
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63743}
Currently, debugger pauses on async call schedule and then waits for Debugger.pauseOnAsyncCall
with parentStackTraceId to actually schedule the pause.
This CL combines these two steps:
- For local async tasks, it just stores m_taskWithScheduledBreak at the time of schedule,
to be able to pause once this task is run.
- For external async tasks, it plumbs "should_pause" boolean in V8StackTraceId from
the point of schedule to the point of execution, and schedules a pause once
externalAsyncTaskStarted is called with "should_pause" set to true.
This approach greatly simplifies the implementation, and reduced frontend to a single
"breakOnAsyncCall: true" parameter in Debugger.stepInto.
Drive-by: introduce hasScheduledBreakOnNextFunctionCall() to make
SetBreakOnNextFunctionCall management more robust.
Note: artificial pauses at async call schedule time are gone from test expectations -
we now only pause when user actually wants to pause, which makes protocol much simpler.
See also design doc linked in the bug.
BUG=chromium:1000475
Change-Id: I2d16f79c599fe196b2aaeca8223c63437a2954a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1783724
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63737}
Drive by fix of type of expected value in a test
Bug: v8:9626
Change-Id: I1bb44082b873383ea75e7089828bc68c9d4e0df0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757503
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63727}
The point of this test is to check for OOB access traps, the read/write
of the entire backing buffer is not useful to this test, and causes the
test to be really slow, especially on arm simulator. This change cuts
the runtime of the test from ~7.5min to ~1.5min.
Bug: v8:7783
Bug: v8:9396
Change-Id: Id57648e920b7631d8c481d2a43ded1c16cd2d1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1793905
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63726}
TNodified:
* EmitCreateShallowArrayLiteral
* EmitCreateShallowObjectLiteral
Also propagated the TNodification of AllocationSite. Previously it was
used a lot with nullptr, and that changed to {}.
Bug: v8:6949, v8:9396
Change-Id: I8ed04d2d346f5960bba23a233c3dd244ad7f122a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795346
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63725}
This enables using TNode types without including code-assembler.h,
which is useful when generating CallInterfaceDescriptors.
As a drive-by, this moves TNode from v8::internal::compiler to
v8::internal. It's only used outside of the compiler anyway.
Change-Id: I3d938c22366a3570315041683094f77b0d1096a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798425
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63721}
Case statements have a list of statements associated with them, but are
not blocks, and were hence not fixed-up correctly for code coverage.
This CL also applies the fix-up to the "body" of case statements,
in this way removing ranges reported as uncovered between the final
break/return in a case and the next case (or end of function).
Drive-by: Add optional pretty printing to code coverage test results.
Change-Id: I5f4002d4e17b7253ed516d99f7c389ab2264be10
Bug: v8:9705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1798426
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63719}
This fixes the case where a table entry contains a function constructed
via {WebAssembly.Function} and is then read out via a runtime function
from the table.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-crbug-1002388
BUG=chromium:1002388
Change-Id: Ic0a9a544baaf37e68cd22eb91f2ef0bdf5fa5842
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1795352
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63709}
