With bounds checks, null checks, and a test case.
Bug: v8:7748
Change-Id: I9e7d68ecd883bd0279f22d11c1dc73cc8716a4cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192659
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67714}
It will now return true for 32-bit constants as well.
When enabling this, two errors popped up: one in dissassembler where
we might have null hosts, and one in remembered set where we should be
compressing the address before storing.
As a drive-by: make ppc use full objects until their pointer compression
implementation is fully done.
Bug: v8:7703
Change-Id: I70f05f952d4e1305fe1fe030755f01f74ea5e5dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187622
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67711}
Need to use relaxed store for initializing bit_field. The concurrent marker accesses the has_prototype_slot bit in Map::bit_field to calculate header size.
Bug: v8:10315
Change-Id: I1eebd4a6f42b9263de7e424957b32884f7b910ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193712
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67710}
Scripts aren't callable functions. Even though internally they were for a
while, they aren't anymore. We shouldn't return them to users as if they were.
We already remove strict-mode functions from CallSites, so we now do the same
for internal functions that are created for scripts.
Bug: v8:10508
Change-Id: I270c714524439fba9ad90dd29826bed4811ba2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2193716
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67709}
Passing an isolate to {RecompileNativeModule} feels wrong, since
compilation and the generated code are totally isolate-independent. In
fact, the isolate is only used for updating counters.
Instead of passing the counters instead, this CL just refactors the code
to support a nullptr for the counters everywhere (some code paths
already supported that). The few recompilation would not make a
significant difference in the histograms anyway, and even have the risk
of skewing the data.
Drive-by 1: Rename {TierUp} to {StartTierUp} and update comments.
Drive-by 2: Remove non-actionable TODO.
R=thibaudm@chromium.org
Bug: v8:10359
Change-Id: Ic027f939bbc55398b90784922130fe1fe5573b0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187638
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67708}
Loads target but with relaxed load. Concurrent marking needs to load
field with relaxed load, since the main thread could change this field when unregistering.
Change-Id: I809b1d4db1dd58c92bdb998601c2f709073104af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192661
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67707}
We are currently porting Chromium over to use the Perfetto client
library for tracing[1]. When this mode is enabled, V8 should also use
the Perfetto library built by Chromium instead of building an
indepedendent copy. This patch enables that behavior, gated by the
|use_perfetto_client_library| flag set by Chromium.
We also roll Perfetto to the latest version, add a couple of missing
dependencies on v8_tracing and add a missing tracing category group.
[1] https://docs.google.com/document/d/1f7tt4cb-JcA5bQFR1oXk60ncJPpkL02_Hi_Bc6MfTQk/
(Internal) Bug: 155075662
Change-Id: I76d9626b1c83cb7a278dc3281b3a1db653ab8733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182637
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67706}
Implement the instruction ref.as_non_null, as per the wasm gc extension.
Changes:
- Add the respective wasm opcode, move some asmjs opcodes around.
- Add a new type of wasm trap, IllegalCast.
- Modify wasm decoding and compilation pipeline.
- Add a minimal test.
- In wasm-compiler, generalize Unreachable to Trap.
- Optimize struct.get and struct.set for non-null types.
Bug: v8:7748
Change-Id: If2f794306c7cbfabc06e4f64988132346085d6dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187616
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67705}
This replaces VisitMode with a set of option flags that allow skipping
specific roots like unserializable, weak, global handles, etc.
The advantage is that it is no longer coupled with the callers and does
not know about different types of GCs and their phases.
The CL is pure refactoring without behavior changes except for the
heap verification where more roots are verified that before.
Change-Id: I350b2ed14826e0efb75770111c6b28bb8d4d9845
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190420
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67704}
Collecting feedback for {Call,InstanceOf,Construct} is similar
but distressingly different. In preparation for adding a
CollectConstructFeedback helper, this CL ports {Call,InstanceOf}
feedback collection to Torque.
Bug: v8:8888
Change-Id: Iaacc137ef46a77a4fe2857ec41c5cc30614dfdf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187497
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67703}
In the existing code we used a register of the UseScratchRegisterScope
for the destination address. However, this register is needed for the
ParallelRegisterMove as well. With this CL we use fixed registers for
the destination address and the offset as well. The CL also changes the
implementation of CalculateActualAddress to allow to set an explicit
register for the result.
R=clemensb@chromium.org
Bug: v8:10108, chromium:1079449
Change-Id: I39c11b9ffa5f3e937ce4820b9991482ad711b4b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192652
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67702}
Use same mangling as for x64 MacOS.
Bug: v8:10517
Change-Id: I26d7c4ab950d86e9010e76a0a6d71ea266639d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192653
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67701}
This reverts commit 7f29c48ef6.
Reason for revert: Causing TSAN failures on test bots.
Original change's description:
> [heap] Remove sweeping state in incremental marking
>
> Remove the SWEEPING state from incremental marking. Sweeping is now
> always completed when starting incremental marking. Before this change
> there needed to be a safepoint each for starting marking and completing
> sweeping. Now both happens within a single safepoint.
>
> Bug: v8:10315
> Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67678}
TBR=ulan@chromium.org,dinfuehr@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:10315
Change-Id: I5e76990155cf7aeee3ecefe5e37f9028cb188a00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192658
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67699}
Also, rename the WASM_COMPILED frame type to just WASM.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I71f16f41a69f8b0295ba34bd7d7fad71729546f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67698}
This reverts commit 8374feed55.
Reason for revert: Breaking mjsunit/global-hash under the stress_snapshot variant, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20fyi/12560
Original change's description:
> [snapshot] rehash JSMap and JSSet during deserialization
>
> To rehash JSMap and JSSet, we simply replace the backing store
> with a new one created with the new hash.
>
> Bug: v8:9187
> Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67663}
TBR=cbruni@chromium.org,jgruber@chromium.org,verwaest@chromium.org,joyee@igalia.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9187
Change-Id: I4a89768c031cd3971eefd9f88528ddd52e1284c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2192657
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67696}
- Reworks it to use a builtin to GetProperty, after making sure it's
an "own" property. This reduces the size of the builtin by 2/3 (from
1476 to 596 bytes on x64).
Change-Id: I41c1642369f73e5322790f3091b8cea9a650a529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181642
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67693}
This CL adds use counters, as well as the callbacks needed to
register usage during the SIMD origin trial.
Change-Id: I35b7f48277b519b72136f86cf03508adbaa069b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2189334
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67690}
All wasm code is compiled now. Hence merge the
{WasmCompiledFrameSummary} into {WasmFrameSummary} and remove the
dispatch. Also, rename {IsWasmCompiled} to {IsWasm} and {AsWasmCompiled}
to {AsWasm}.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I33e413c7d0fa622249563091925b29631472b40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187170
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67689}
This patch implements f32x4.pmin, f32x4.pmax, f64x2.pmin, and f64x2.pmax
for x64 and interpreter.
Pseudo-min and Pseudo-max instructions were proposed in
https://github.com/WebAssembly/simd/pull/122. These instructions
exactly match std::min and std::max in C++ STL, and thus have different
semantics from the existing min and max.
The instruction-selector for x64 switches the operands around, because
it allows for defining the dst to be same as first (really the second
input node), allowing better codegen.
For example, b = f32x4.pmin(a, b) directly maps to vminps(b, b, a) or
minps(b, a), as long as we can define dst == b, and switching the
instruction operands around allows us to do that.
Bug: v8:10501
Change-Id: I06f983fc1764caf673e600ac91d9c0ac5166e17e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2186630
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67688}
The visitor was removing pages while at the same time iterating them on
NormalPagedSpace.
Removing all pages at once is safe and should also be faster.
Bug: chromium:1056170
Change-Id: I56eedf6f09498f126cb09238e01962b48e75b657
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190427
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67687}
This started as fixing a clang-tidy warning to use a
explicitly defaulted destructor, see
https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.
But we can clean it up a bit more to omit the destructor, since
the all its members are trivially destructible.
With this change, ByteData is now is_trivially_destructible.
Bug: v8:10488
Change-Id: If6698ce181dc8bca2a6623987039f3116a375dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182309
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67686}
This changes the existing implementation that creates an unresolved reference for those cases to look at exactly what scopes are relevant so it can correctly handle catch scopes and avoid re-resolving later.
Variable through with aren't marked as assigning since this information isn't relevant for the with itself; and if the with is passed through, there's no need to mark the outer variable as assigned since it's either initialized or it isn't.
The catch variable is assigned since it is relevant for the catch variable.
The CL uses LookupLocal which wouldn't work for deserialized scopes, but this isn't relevant because 1) eval scopes are declaration scopes, and 2) eval causes all outer variables to be maybe_assigned anyway.
Bug: chromium:1074737
Change-Id: I3febca479ddd1f3c62eae299190b06c0b4cd3746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187272
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67683}
... via a comment in the API and a CHECK in
Isolate::RunHostInitializeImportMetaObjectCallback.
Also restructure things a little bit such that
this function really just runs the callback and
doesn't deal with module internals. Memoization
now happens in the SourceTextModule class.
Bug: v8:7044
Change-Id: I5b850ae629c3638c4b30dfdeaa996642a33d14dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190413
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67682}
It looks like the usages of these were removed in Commit
8a1bafaf1a ("Reland "[platform] Implement
TaskRunners in the DefaultPlatform").
Change-Id: I61865548020b6dc0ee7d658080ad148c7ffd6e42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187500
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67680}
Remove the SWEEPING state from incremental marking. Sweeping is now
always completed when starting incremental marking. Before this change
there needed to be a safepoint each for starting marking and completing
sweeping. Now both happens within a single safepoint.
Bug: v8:10315
Change-Id: Iad2835554865f2de24376372affe9a98992d1fa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190419
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67678}
Background threads can now start incremental marking when necessary. In
contrast to the main thread they always need to schedule a job and can't
start incremental marking right away. Background threads also use a
simpler heuristic for deciding whether to start incremental marking.
Bug: v8:10315
Change-Id: I2b94e8273c8be860157fe9670797048ed1c5c3da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184149
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67675}
There's no need for them to be in NativeContext.
This CL moves the minimal subset of SFIs related to Promises / finally.
Bug: v8:10482
Change-Id: I06a20dc927f13b7bfc8cea853a11913314ee019d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187271
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67674}
This reverts commit 6204768bab.
Reason for revert: A number of Clusterfuzz reports (e.g. https://bugs.chromium.org/p/chromium/issues/detail?id=1079474)
Original change's description:
> [turbofan] Improve equality on NumberOrOddball
>
> This CL cleans up CompareOperationFeedback by replacing it with a
> composable set of flags. The interpreter is changed to collect
> more specific feedback for abstract equality, especially if oddballs
> are involved.
>
> TurboFan is changed to construct SpeculativeNumberEqual operator
> instead of the generic JSEqual in many more cases. This change has
> shown a local speedup of a factor of 3-10, because the specific
> operator is way faster than calling into the generic builtin, but
> it also enables additional optimizations, further improving
> runtime performance.
>
> Bug: v8:5660
> Change-Id: I856752caa707e9a4f742c6e7a9c75552fb431d28
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162854
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67645}
TBR=rmcilroy@chromium.org,neis@chromium.org,mythria@chromium.org,nicohartmann@chromium.org
Change-Id: I3410310ed2b1ff2eaee70c1b91c3151d35866108
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5660
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190414
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67673}
along with WASM_ARRAY_TYPE, a WasmArray class, and a very basic
test.
Bug: v8:7748
Change-Id: I1ad4ff78e428972be52130cc179a91c76fcdbdc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185136
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67671}
This patch provides infrastructure to pin object types to specific
spaces. This allows embedders to create mutual exclusive arenas for
certain (base) types. In future, this will also be used to provide
sliding-window compaction on certain custom spaces.
We mainly preserve the existing infrastructure with the difference
that spaces are now slightly more dynamic than in Blink as they are
kept in a vector instead of a fixed-size array.
The mechanism differs from Blink in that it does not allow the user
object to call allocation methods directly but instead provides a
trait that can be overridden to specify a custom space.
The patch preserves templatization for objects that do not go into
custom spaces to safe a branch in the allocation hot path.
Change-Id: I08aa6932348e2d6258e19c4a32d189865f459f02
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187611
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67666}
When pick state from predecessor, we should consider live ranges that were split out by the backwards spilling heurisitics and already end before the predecessor does.
Bug: chromium:1066869
Change-Id: I9ff85e73059a7c07f1e212fdc041450c79a4d70c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174337
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Cr-Commit-Position: refs/heads/master@{#67665}
