This is a reland of f645d0b857
The issue was that converting an i64 to an i32 didn't clear the upper
bits on arm64. This was not necessary before because we did the zero
extension as part of the load operand, but this is required now that
we use the full register.
Original change's description:
> [liftoff][arm64] Use 64 bit offset reg in mem op
>
> Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
> which is fine if we check bounds first, but not if we rely on the
> trap handler to catch the OOB.
>
> R=clemensb@chromium.org
>
> Bug: v8:11587
> Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73829}
Bug: v8:11587
Change-Id: Ibc182475745c6f697a0ba6d75c260b74ddf8fe52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810846
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73853}
This is part of moving towards MapUpdater as the bottleneck for map
updates.
Drive-by: Move helpers.
Drive-by: Use a plain std::queue instead of a ZoneQueue in
UpdateFieldType.
Bug: v8:7790
Change-Id: Iff80a6e9bf3390a010305f7998d6f6dad2bce09f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807602
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73851}
This CL fixes a segfault when Wasm tried to generate a builtin call
from background compilation job when the Isolate was already teared
down by the main thread.
Drive-by: Use CallBuiltin in RegExpMacroAssemblerARM64.
Bug: v8:11527, chromium:1195552
Change-Id: I8048ffcb212bda4d19d07b5ec6b487d6fb16b30d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811739
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73850}
Lookarounds rewind the position after matching, and thus don't play
well with eats_at_least (EAL). This CL disables EAL propagation from
lookarounds.
In the future we could be a bit smarter by skipping over lookarounds
instead of resetting to 0.
Bug: v8:11290
Change-Id: I935400a7f9cda96d9c5a80e412ba7d04de70a84f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808944
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73849}
The eats_at_least (EAL) value is applied in forward-directions only.
Two reasons for that which are relevant to this CL:
- EAL's of neighboring nodes are combined additively, irrespective of
their read_backward value.
- EatsAtLeastPropagator::VisitText uses the successor's
eats_at_least_from_not_start value, which doesn't work properly for
read_backwards successors (which may end at the start).
A symptom of this bug was that we applied an incorrect EAL of 255
starting at the initial 'x' of /x(?<=^x{4})/); for subject strings
shorter than 255 chars, this would result in an incorrect failure
result.
Bug: v8:11616
Change-Id: I4b2b1b78f0cea8f59e4beb1037ee46035d83c927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807596
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73848}
Rolling v8/build: 52bfb9d..77edba1
Rolling v8/buildtools/third_party/libc++abi/trunk: a136a3b..d0f3388
Rolling v8/third_party/aemu-linux-x64: RQd3qSR12Rp6wgHjC31u-jwbITCfk3M-ZJyL6s1ju4sC..SeLS6a0f6IL-PCOUKbMTN5LYgjjJbDSnb3DGf5q9pwsC
Rolling v8/third_party/depot_tools: 3f562c0..98a52e2
Rolling v8/third_party/icu: d879aac..81d6568
Rolling v8/third_party/instrumented_libraries: 6900bf4..084aee0TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I6c9e9ef51ca70bdab1bf6cd0b5d1c178177fb137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2811464
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73847}
If SSE4.2 is enabled, all the previous extensions should also be
enabled. In particular, you cannot have --enable-sse4_1 and
--no-enable-sse3.
Bug: chromium:1195579
Change-Id: Id3e10db24cee2aee14449a77c9e7cff82e97edff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808621
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73840}
This CL completes Jobs cleanup for deprecated and pure virtual functions in
v8 platform.
Bug: chromium:1196703
Change-Id: I823ab06b56077181e92eee5a6468096a355634fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810155
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73839}
Now that all users are migrated to Jobs API.
Bug: chromium:1196703
Change-Id: Ic48cce441c1793b1b33f0fc3d6a60847f2eefb2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810156
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73838}
From PPC ABI:
>The condition code register fields CR0, CR1, CR5, CR6,
and CR7 are volatile. The condition code register fields
CR2, CR3, and CR4 are nonvolatile.
We can safely clear Cr field 6 without the need to save its
content first. Clearing the entire CR register will cause
crashes if it's not restored properly.
Change-Id: I854f5631294f56f542b1a6f4e23dd7dbcf000d7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810802
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73837}
The inspector has some magic to add a special __proto__ property to
object value mirrors as long as the object itself has a [[Prototype]].
However it doesn't check whether the object already has a regular
property named __proto__ and thus confuses the front-end by sending two
properties with the same name.
Fixed: chromium:1193250
Change-Id: I75a1cd78ba94aeda4afedcc0f1e69b8dadb6673f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810784
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73836}
This reverts commit f645d0b857.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/3544
Original change's description:
> [liftoff][arm64] Use 64 bit offset reg in mem op
>
> Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
> which is fine if we check bounds first, but not if we rely on the
> trap handler to catch the OOB.
>
> R=clemensb@chromium.org
>
> Bug: v8:11587
> Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73829}
Bug: v8:11587
Change-Id: If7396981d43833f32ebc525c20abdbe78020e717
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810785
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73835}
Add a flag similar to the tiering mask to choose between regular
baseline code or debug code in Liftoff.
R=clemensb@chromium.org
Bug: chromium:1183774
Change-Id: I0e87154e2e1cd57679ce0c57bb1e075a97691248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807603
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73833}
If bounds checks are completely disabled (for performance testing) we
would still emit protected instructions which generate landing pads for
trap handlers in code generation. This CL fixes that by implicitly
disabling trap handling if stack checks are disabled.
R=ahaas@chromium.org
Bug: v8:10949
Change-Id: I1172087fb14ab56e9117c6eee388f71099568a13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808946
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73832}
This CL fixes the behaviour of the d8.test.fast_c_api constructor when
the global object has been modified by not allowing calls to it without
the `new` keyword.
Bug: chromium:1196597
Change-Id: I49b4a412d501f5c9adaa72b63beec1483ab4c449
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808943
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73831}
Accessing the Wasm memory with a 64 bit offset was truncated to 32 bit,
which is fine if we check bounds first, but not if we rely on the
trap handler to catch the OOB.
R=clemensb@chromium.org
Bug: v8:11587
Change-Id: I82a3a2906e55d9d640c30e770a5c93532e3a442c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808942
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73829}
ARM is often defined as a macro so this changes it to kArm and fixes
other cases in the same file.
Bug: v8:11384
Change-Id: Iab0149be03b3b0139e3335b91a25cb4bbb2f56e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808939
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73826}
Until now we've only exposed trace output for the parse- and assembly
stages of regexp codegen. Debug tracing of the graph was missing. The
new --trace-regexp-graph flag fills that hole.
Available regexp codegen tracing flags are now:
--trace-regexp-parser
--trace-regexp-graph
--trace-regexp-assembler
The output of --trace-regexp-graph can be formatted with `dot`, for
example:
$ d8 --trace-regexp-graph [...] | dot -Tjpg -o regexp-graph.jpg
Change-Id: Ice593c34f7818c94e42d98e98a31533178bb538b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808945
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73825}
Since wrappers do not get optimized,
https://chromium-review.googlesource.com/c/v8/v8/+/2739976 introduced
some performance regression by not caching nodes in the
WasmGraphBuilder. Therefore, we reintroduce caching of the instance
node. We do it in Start() to ensure the effect chain is correct.
Additional changes:
- Change signature of Start() to void.
- Initialize effect and control in Start().
- Rename BuildLoadInstance() -> GetInstance().
Bug: chromium:1189100
Change-Id: I9147f738e67b4f4b822c845e7d33d9fd4ceb65fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2804679
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73824}
This CL disables exposing the d8.test.fast_c_api constructor when
we're doing correctness fuzzing to prevent TypeError when the object
is not defined (which happens when --turbo-fast-api-calls is not
passed).
Bug: chromium:1196569
Change-Id: I39069c736d11326419b7562189931afc69a485b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808940
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73822}
This CL skips the fast-api-calls mjsunit test, as it relies
on particular optimization/deoptimization patterns.
Bug: v8:11620
Change-Id: I4c2fd3b1db8aff73935dd6525fd0ad3edc307dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2808935
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73819}
Somehow we have no-NO-NY locale data in ICU and cause problem.
Bug: v8:11595
Change-Id: I68ba4c4c219bb3fbc88976f901a86219c44ea265
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782602
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73818}
Rolling v8/base/trace_event/common: 7af6071..cab90cb
Rolling v8/build: f95480f..52bfb9d
Rolling v8/buildtools/linux64: git_revision:a95c8a3ccc7de65eb740aa68a0d021cdc8550205..git_revision:dba01723a441c358d843a575cb7720d54ddcdf92
Rolling v8/third_party/aemu-linux-x64: RDM8t3fsvkJHrC_GtCTB1D0dnK1Xv1ZqnZI2DXJ6_4wC..RQd3qSR12Rp6wgHjC31u-jwbITCfk3M-ZJyL6s1ju4sC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/13c4bd1..41a5e5e
Rolling v8/third_party/depot_tools: da76875..3f562c0
Rolling v8/tools/clang: db62979..a387faaTBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I887fb192791aac410a5311afc6e707d60347c203
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2809940
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73817}
With this, you can add `target_os = ['win']` to your .gclient file,
re-run runhooks, and then:
$ cat out/gnwin/args.gn
target_os = "win"
use_goma = true
$ gn gen out/gnwin
Done. Made 234 targets from 103 files in 311ms
$ ninja -C out/gnwin d8 -j1000
ninja: Entering directory `out/gnwin'
[1051/1051] LINK d8.exe d8.exe.pdb
$ file out/gnwin/d8.exe
out/gnwin/d8.exe: PE32+ executable (console) x86-64, for MS Windows
cbruni asked for this in
https://bugs.chromium.org/p/chromium/issues/detail?id=1196278#c6
I thought I'd give it a try and went to my v8 standalone checkout, only
to find that that already had a local diff for this. So I guess someone
else must've asked for this a while ago, so might as well check this in :)
Bug: chromium:1196278
Change-Id: I14909cc79912c0260f8d9db44f511dd7754aa172
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2805934
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73813}
Explicitly check for JSFunction or JSBoundFunction and throw if any other
JS type is passed to d8.test.verifySourcePositions.
Bug: chromium:1195717
Change-Id: Id65875526d5d6b3f720850d41d0a8192ec407035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807607
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73811}
This factors out the duplicated logic for calling builtins in Liftoff.
Recording a source position is optional, but many call sites so far
missed it even though it would be helpful for debugging e.g. in case of
OOM errors. Thus this CL adds source positions for most builtin calls.
R=ahaas@chromium.org
Change-Id: Id4e3e2d0177dbb5dded533ed3ec294bdbec95e9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807604
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73808}
Port 064ca18ca2
Original Commit Message:
This is a reland of b9c521d0ea.
Fixes crashes by calling kInstallBaselineCode from BaselineEntry if
needed, i.e. when there is no feedback vector (required a bit of
register rejiggling).
This can happen with cross-realm calls. The OSR arming is stored as
part of the BytecodeArray and therefore shared across realms.
Original change's description:
> [sparkplug] OSR Ignition -> Sparkplug
>
> Add support for OSR to baseline code.
> We compile baseline and perform OSR immediately when the bytecode budget
> interrupt hits.
>
> Drive-by: Clean-up deoptimizer special handling of JumpLoop by using
> the newly introduced GetBaselinePCForNextExecutedBytecode instead of
> GetBaselineEndPCForBytecodeOffset.
>
> Bug: v8:11420
> Change-Id: Ifbea264d4a83a127dd2a11e28626bf2a5e8aca59
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2784687
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73677}
R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I724e8f7a3a2064daae282d892c0e0d6dbd8b691a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807854
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73807}
This is a reland of f187d0a13f
The cctest breakage got fixed in the meantime.
Original change's description:
> [test] Extend testing on Mac on arm64
>
> Ensure more testing of --future for different test types on Mac.
>
> No-Try: true
> Bug: v8:11527
> Change-Id: Iac499dc48dde3342ad2057f86ef1ad5fa43b4eac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2772981
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73514}
No-Try: true
Bug: v8:11527
Change-Id: Ie82c69e652f84a7ac43436d28806e70f27aa3e72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807601
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73806}
These are used by v8_wrapper/heap_test_utilities.* in Blink.
See crrev.com/c/2787126 for usage.
Bug: chromium:1056170
Change-Id: I329b1823f2ac21181a3536577ed72bee3d591347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786842
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73805}
.. and inline them into callsites. These were thin wrappers around
MapUpdater methods.
This is part of moving towards MapUpdater as the bottleneck for map
updates.
Bug: v8:7790
Change-Id: Ie79ee063b83892d3c233581832361295aeb8e90f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2807600
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73804}
