Matches were transmitted in a JSArray, although a FixedArray is
enough.
Change-Id: I71145c6b55d57a15e330a3865f00d038e613dde3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171631
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85332}
The RegisterInput (NewTarget) was not correctly visited by the GC.
This:
- Creates a sentinel safepoint to indicate that the stack is not
fully created (we are in the stack guard call).
- Generalises RegisterInputs (we assumed only NewTarget before) and
save them in the graph.
- Pass the register input count via tagged_register_indexes in
this case.
Fixed: chromium:1407606
Bug: v8:7700
Change-Id: I8f599f8c1a992ee6fd886eec1e289454649dfec8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171626
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85331}
Actual worklist segment capacity may vary depending on allocator
internals. Varying capacity can result in different push/pop order
even in single-threaded execution which is incompatible with
--predictable.
As a fix, rely on minimum capacity for --predictable.
Bug: v8:13614
Change-Id: Icbf093b31c32f4eb20476954572b3731f5c8ef88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171641
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85330}
Split tagged and double element loads (LoadTagged/DoubleElement) into
loads of the elements array, and a load from the Fixed[Double]Array.
This will allow us to potentially re-use elements array loads, as well
as use the more generic FixedArray load for other FixedArrays.
Bug: v8:7700
Change-Id: I382132585a709ab1351666fd820156148b35bc42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4168414
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85328}
.. now that it unconditionally refers to CodeDataContainer. All
previous references to 'CodeT' (the type and as part of names) are
now updated to 'CodeDataContainer', including 'codet', 'CODET', etc.
Bug: v8:13654
Change-Id: I7abbba040091eddf3ef09028a891aed460363929
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165619
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85325}
Use the static root pointers to generate better code for C++ builtins.
First, comparisons like `IsUndefined` should only consider the
compressed pointer. The change ensures that comparisons compile to:
```
; IsUndefined
cmp DWORD PTR [rbx+r14*1],0x22e1
```
Further, storing into a tagged field should be just one instruction as
well. To avoid complicating stores we opt for ensuring clang can
optimize `compress(decompress(cage_base, 0x42)) -> 0x42`. To that end
`DecompressTaggedPointer` has to be slightly rewritten, as
using the base as `Address` makes clang ignore the specified alignment
(see https://godbolt.org/z/f1ajneW1P).
With this optimization also stores are compiled to one instruction:
```
; map.set_prototype(roots.null()):
DWORD PTR [rax+0x13],0x22c5
```
Bug: v8:13466
Change-Id: I5355dc21cf7cb459f5dc3718f8facefc1d04e229
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4130075
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85323}
In some cases, a declaration of a function may be covered by
variables with a same name and thus bound to one parameter. This
CL records variables which should not be bound to the parameter,
are skipped when inserting shadowing variable binding initilizers.
Bug: v8:13459
Change-Id: Id7d147392450b177d219bfd04245b47d9e58c20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4130416
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85321}
Use the bottleneck for right-trimming of objects also for BigInts.
Change-Id: I82fcb38143f939fdd3d7763c9c60d2e9003196eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165614
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85319}
V8 uses memcpy and memmove for implementing Heap::CopyRange and
Heap::MoveRange respectively, but only when concurrent marking is off.
When concurrent marking is on, atomic stores are used to avoid data
races.
Since iteration of promoted pages also iterates objects concurrently,
memcpy and memmove should be avoided while it is active as well.
A dedicated bailout for promoted page iteration is added rather than
checking when sweeping is active. Sweeping will likely be active
until the next GC, which means relying on it here would prevent us
from ever using memcpy and memmove.
Bug: chromium:1407041
Change-Id: Idde80b456df843f91ef7ef05c0694c5930711ae4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165084
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85318}
After the latest fix (https://crrev.com/c/4118547), it could happen that
we stop execution even though the stored "max steps" counter did not
reach zero. This was previously not possible because we did always
subtract 1, and only terminated once we reached zero. Not we sometimes
subtract bigger numbers, and terminate if the counter is smaller than
the number we want to subtract.
This CL fixes this by first subtracting, and then checking if the
counter ran negative.
R=thibaudm@chromium.org
Bug: chromium:1405322
Change-Id: I19d7be263b000eb0a6319aaeb8838d11b8c5a3b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165602
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85317}
kScratchRegister is not safe to use in arm64 code.
Bug: v8:7700
Change-Id: Ied242e103d4947cd17770a440ed1475729472d40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165610
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85313}
With https://crrev.com/c/4111524 the jump table of a newly created
NativeModule gets initialized with CompileLazy stubs. This CL optimizes
the initialization by hoisting function-index independent code out of
the iteration over all functions.
R=clemensb@chromium.org
Bug: chromium:1402732
Change-Id: I531335e2a5e36a939a63ec3d2f8822beea4f315b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128098
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85312}
This is a reland of commit 48fee7d232.
We now use the "COMPONENT_BUILD" macro to disable preserve_all, which
covers more uses (like building libbase or libplatform, where we would
otherwise have to check for BUILDING_V8_BASE_SHARED or
BUILDING_V8_PLATFORM_SHARED).
Original change's description:
> Use preserve_most calling conventions for Zone::NewExpand
>
> The zone uses bump allocation in the fast-path, and falls back to
> allocating a new segment if there is not enough space.
> Since this is rarely executed and zone allocations happen a lot, we
> should mark `Zone::NewExpand` as "preserve_most" to make
> `Zone::Allocate` as fast and slim as possible.
>
> R=bikineev@chromium.org, leszeks@chromium.org
>
> Change-Id: I0d592a35440bc3d61ca04425fc2f98c8a8bbbaae
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146436
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85258}
Change-Id: I1413d47d84f384a724850a6f5b60adf75bba84f8
Cq-Include-Trybots: luci.v8.try:v8_win64_dbg
Cq-Include-Trybots: luci.v8.try:v8_win_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162931
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85310}
With --shared-space we weren't marking the main isolate's entry in
the EPT for the WaiterQueueNode.
Bug: v8:13267, chromium:1406729
Change-Id: I833b0a9f93d6b129529dcda71084c3bff5417bad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162927
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85309}
The tests deal with recording OLD_TO_SHARED slots during page promotion
(in MinorMC) on a client heap, and retaining the corresponding shared
objects.
These tests cover issues fixed by crrev.com/c/4152485 and
crrev.com/c/4094755 (in the reland, compared to the previously submitted
version).
Bug: v8:12612
Change-Id: I7ba399d56ad75646092e6955f347a210c3dcac6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156473
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85308}
The callback can be used to enable / disable Wasm GC from Chrome or
other users. For more simplicity and as many users of Wasm GC also use
stringrefs, enabling it via the callback will also stringrefs.
Bug: v8:7748
Change-Id: I474034eabe438f0ce9759c1d34dda12a99aa491e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165090
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85306}
This is a reland of commit b791f4f040
More bugs have been fixed.
Original change's description:
> Reland "[maglev] Test maglev on Mac Arm64 bots"
>
> This is a reland of c6e96cf622
>
> Various bugs have been fixed since the revert and we're ready to try
> again.
>
> Original change's description:
> > [maglev] Test maglev on Mac Arm64 bots
> >
> > Also remove unnecessary maglev runs on x64 FYI bots, since maglev runs
> > on the main waterfall's x64 bots already.
> >
> > Bug: v8:7700
> > Change-Id: I5bb23c3ba7696b48f2fe1af4036a3de8c5b1801a
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4128092
> > Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#85174}
>
> Bug: v8:7700
> Change-Id: I969e6ae7bd01adb12da0f1240e152232cca00f33
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156056
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85275}
Bug: v8:7700
Change-Id: I274d6cac2f39cb4bffcf346649fb9b9676b7d93f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4164681
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85305}
This should give the compiler more flexibility around inlining,
particularly with PGO.
Change-Id: Iee73b0047b91eb29853390a1820ae30e740b33fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162924
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85304}
Chromium now defines its own android_assets() rather than using this
target (assets are about how things are packaged, so make more sense
living in embedders).
Bug: chromium:1402705
Change-Id: I95ff828393cec4e1e388776ed2e6be09c67b1e30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4157274
Auto-Submit: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85298}
This method has a lot of call sites, but is rarely called, so mark it
preserve_most to make caller code slimmer (and faster).
R=dlehmann@chromium.org
Bug: v8:13565
Change-Id: I6c1b1ee78895fbcffbbd0d47d904d97930d5d90f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136715
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85297}
Request from Wasm tools team for testing. This is only available when
not --fuzzing.
Change-Id: I88cde5ecdcae6724b56c2f89c9d81c6f054f68d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4159854
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85295}
SeqStrings have up to kTaggedSize-1 bytes of padding, due to
allocation sizes being rounded up to kObjectAlignment. This CL ensures
that all (non-external) sequential strings on the heap have (and keep)
this padding set to all zeroes.
The approach is to unconditionally zero the last tagged word of the
uninitialized allocation of string objects.
Change-Id: I32ee4a53e25fa470f79562a71b8c648c7205523f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4143019
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85294}
The {read_leb_slowpath} method is not called most of the time, so we
make it preserve most registers. This makes callers slimmer and faster.
Since the "preserve_most" attribute is currently broken for functions
with return values, we need to change two functions to return the result
via output parameter.
R=dlehmann@chromium.org
Bug: v8:13565
Change-Id: I2c41a37e8e8a86bee4e29ec04a2623cc887eb9e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136713
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85293}
Optimizations introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/1776079
are currently defeated since Address is not a pointer type.
Clang does not seem to carry over alignment information as range
information when casting to ints.
Using __builtin_assume we can restore the same effect.
Reland of half of
https://chromium-review.googlesource.com/c/v8/v8/+/4156060
Bug: v8:9353
Change-Id: I35e3afcb1b8e7faa0cb7ab5573f0e475c045e0c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162929
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85292}
Reload the map after the TryMigrateInstance runtime call.
Bug: v8:7700
Change-Id: Ifabbfaec733989002361ca73e50f1a57cbbfb87f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165091
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85291}
We previously did not check for stack overflow when recursively nesting
functions and class declarations, with no statements in between.
Fixed: chromium:1404863
Change-Id: I00ec90ed4ac48ae7996a2d54201732bcaebc9757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162925
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85289}
Port 177b6be920
Original Commit Message:
There is no reason to keep the CodeT dispatch (which switches
between `CodeT = CodeDataContainer` and `CodeT = Code`) around. Using
CodeDataContainer doesn't actually depend on anything from v8_enable_external_code_space, so let's use it unconditionally and
simplify our codebase.
In this first step, update the
`v8_enable_external_code_space = false` configuration to use
`CodeT = CodeDataContainer` as well and remove all support for
`CodeT = Code`.
Upcoming CLs will remove the CodeT alias type, and rename
the Code/CodeDataContainer pair to something more intuitive.
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Id50007e4af51974e3e666e98ffbc7d74e1224c59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162297
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#85288}
The comment about loop phis not needing to extend their inputs'
lifetimes to the end of the outer loop was... wrong. Of course the input
into a inner loop phi needs to be kept alive for subsequent iterations
of the outer loop.
Bug: v8:7700
Change-Id: I4e5de510a7f0188524dd3206f9369b473c128019
Fixed: chromium:1406733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165088
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85287}
This is a reland of commit ec4f19d530
Original change's description:
> [turbofan] Properly perform range check for array access
>
> Turbofan optimized array access returned incorrect values in some cases
> when a negative index was provided. This CL fixes this by changing the
> way those bounds checks are performed in JSNativeContextSpecialization.
>
> Bug: chromium:1320641
> Change-Id: Id1f06680ccf7964994d179f7fb44199a0b1245b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147622
> Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85207}
Bug: chromium:1320641, chromium:1382948
Change-Id: I45e38598b97e2e997fc75d272dba470669e835c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4164680
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85286}
The method to grow the capacity for the value stack is rarely called.
Make it preserve most registers. This makes callers slimmer and faster.
R=dlehmann@chromium.org
Bug: v8:13565
Change-Id: If4bb8cbd7a61852af1d07b83d0881110c5e91528
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4136714
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85285}
kDataViewGetVariableLength has JS linkage, and so it has a strong
requirement to what should be in the stack and in the registers
(including having a JSFunction for kDataViewGetVariableLength).
These were missing before, which would crash when checking the frame.
Fixed: chromium:1406727
Bug: v8:7700
Change-Id: Iad878cbc06d46403e21162dfdfd3bcd1a2a063d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162926
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85284}
