This CL takes advantage of the z15 `load byte reverse element`
instruction to optimize Simd LoadLane opcodes.
On the simulator we only run `load element` as reversing is
not required.
Change-Id: I038535f7e038bed7972844806644f50519d4919c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3138212
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76648}
Fixed issue were using the `arguments` object as a shorthand for a class
field initializer was not producing an early error.
Bug: chromium:1216261
Change-Id: I7d8f5a85c6881f7ca12a0e8450954de15bdd6033
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095017
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#76646}
This reverts commit 1786f8d770.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64/44442/overview
Original change's description:
> [arm64][liftoff] Fix trap handling on load lane
>
> This fixes the registered {protected_load_pc} to (always) point to the
> actual load instruction. If {dst != src} we would emit a register move
> before the load, and the trap handler would then not recognize the PC
> where the signal occurs, leading to a segfault.
>
> R=thibaudm@chromium.org
>
> Bug: chromium:1242300, v8:12018
> Change-Id: I3ed2a8307e353fd85a7ddedf6ecb73e90a112d32
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3136454
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76642}
Bug: chromium:1242300, v8:12018
Change-Id: I7bc9d00a4fba3101e7ee68695961d1b543268c4e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3138202
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76644}
This fixes the registered {protected_load_pc} to (always) point to the
actual load instruction. If {dst != src} we would emit a register move
before the load, and the trap handler would then not recognize the PC
where the signal occurs, leading to a segfault.
R=thibaudm@chromium.org
Bug: chromium:1242300, v8:12018
Change-Id: I3ed2a8307e353fd85a7ddedf6ecb73e90a112d32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3136454
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76642}
Drive-by: simplifications and avoid a repeated concurrent read.
Bug: v8:7790,v8:12157
Change-Id: I460c44853a78bcd9a1427e62a92994ff8602dbed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133148
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76640}
- Replace CodeStubArguments::GetLength() with GetLengthWithReceiver()
and GetLengthWithoutReceiver()
- Introduce and use Torque macros to load the formal parameter count
(with and without receiver).
- Add actual_count to Torque arguments structure for cases where the
argument count is not used, but just forwarded to other builtins.
Bug: v8:11112
Change-Id: I32278efeffa2fb08361989c6df8de56c74add8b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124804
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76637}
Besides, fix an error in set_if_nan, because if src is a NaN, we should
set the i32 instead of i64 at address dst to a non-zero value.
Port e6961df23f
Bug: v8:11856
Change-Id: Icc9afda35d4cca4fd5ae82356ecaec77bf92d009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3139055
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#76636}
Also fix several out of date comments.
Change-Id: I15ee6c718ad50f231cd0a8e5c6416ccb58375140
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3121693
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/main@{#76633}
Removes outdated type-error throwing on TypedArray.prototype.set
when the first argument is a number.
Bug: v8:11294
Change-Id: Ida3a46dec154b645620e2b064ded7a18de238649
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3136773
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76631}
The --turbo-stats and --turbo-stats-wasm flags are useful but they do
not work on Chromium on Android, given we cannot print on exit of the
renderer process.
To cover all scenarios, we can encode the statistics as a string
argument in the trace format. It's also helpful to see those statistics,
as well as the code kind and function name, when clicking on a slice in
chrome://tracing or perfetto.
As a drive-by cleanup, rename ESCAPE to QUOTE in the JSON serialization
code.
Change-Id: I86f03d0e020c9543feb869620164bf1aad3a2432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132966
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#76629}
After manually triggering finalization we should clear a potential
pending InstallCode interrupt request as there's nothing else to do
and keeping the request would defeat the purpose of the intrinsic.
Fixed: v8:12152
Change-Id: I063959c97c31868864a82c0584cabf779750d10d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135578
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76628}
This is a reland of 6ae18c2d3c, with
{CompileWasmCapiCallWrapper} fixed to also contain a
{CodeSpaceWriteScope}.
Original change's description:
> [wasm] Move write scope out of NativeModule::AddCode
>
> {NativeModule::AddCode} is a central method that should usually be
> called in batches, where the caller holds a {CodeSpaceWriteScope} for a
> longer time (over several compilations).
> This CL moves us closer to that by removing the scope from that central
> method and instead putting it in callers where it becomes more visible.
> There are already TODOs to introduce caching or batching to avoid some
> switching, and one more TODO is added.
>
> Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76344}
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Change-Id: I6367bbd9dc52c403513eb1a168aa1f6eb4044ca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3129703
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76626}
This is needed so tables are available for table operations.
Bug: v8:11954
Change-Id: If0cbb07ddf0852d2e2515aca3e1f54168c2e0ab8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135576
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76625}
Broken by crrev.com/c/3129420
error: ‘CompilationDependency::AsTransition() const’ defined but not used.
Bug: v8:7790
Change-Id: I06839c4d33d3a52909e0e5a276c567eca83e910f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133147
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76623}
Other threads may write the stack of a different thread and use a lock
to synchronize such an access. An example for this is interrupt
handling.
Ignore TSAN for the methods performing the stack walk. There's no need
to use relaxed atomic reads as same-thread writes are consistent and
for other-thread writes there's no guarantee on what values to observe.
Bug: chromium:1245409
Change-Id: Ia3d3621590f1f5524d245632a2e8a2db23313f35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135573
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76622}
Building with v8_use_perfetto requires that the categories passed to
TRACE_EVENT* be a constexpr.
Change-Id: Iee4b713d8fe0b3f52f6e5cfe5baef0ced87f9855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3135575
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#76620}
When an attempt to parse a huge string to a BigInt fails, then
including the entire string in it makes the exception's message
unwieldy, so this patch puts only the first 1000 characters of
such invalid strings into the exception message.
Bug: chromium:1245239
Change-Id: I2c62f0d34256653ba67da9666e8c5a1a4bbe0599
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133142
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76619}
This is a reland of commit 40af03b8c3
The original CL failed one test in Windows, and this CL fix this issue.
Original changes's description:
> [codegen] Align the code start at 64 byte in x64
>
> In order to make loop header aligned at 64 byte (relative to memory address), code start should also be aligned at 64 byte.
>
> Bug: chromium:1231471
> Change-Id: I95390babd9cc78492e0beb0f1b03901eb481d5d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094167
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
> Cr-Commit-Position: refs/heads/main@{#76484}
Bug: chromium:1231471
Change-Id: Ia927305c792c7486588bc15e9e87840d6db18478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133957
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#76617}
- Disable automatic module file extensions for the test
- Use uncommon name suffix to prevent accidental loading of an
existing file
Change-Id: I26c1092a1e559cbbebce442a8d5ff3fb6dd5aa84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3122145
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76616}
Drive-by: Pointer to reference conversions and other smaller cleanups.
Change-Id: I83ed114e4b27d5986a389a9753333716b0e20524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133146
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76615}
JSFunctionData has a fairly heavy serialized payload, and likewise
consistency validation validates many fields and thus has many
opportunities to fail. We therefore want to avoid or reduce validation
whenever possible.
This CL adds tracking s.t. we know which fields were actually used,
and we limit validation to used fields.
Drive-by: Make serialized_ debug-only.
Drive-by: Don't create deps for context/native_context/shared.
Bug: v8:7790
Change-Id: Ic32c9919f0c75a76d9c36e4396b6bce383151b62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132962
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76614}
This CL does the following for x64:
- Add seq cst TSAN helpers.
- Refactors codegen's handling of TSAN helpers to also support
seq cst accesses.
- Perform stores only once instead twice under TSAN, since
duplicating stores is unsound. Previously this was "fine"
because all duplicated stores were relaxed. SeqCst stores
are used for synchronization, however, and duplicating them
breaks the synchronization.
Bug: v8:7790, v8:11600, v8:11995
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: I43071b0ed516cb0917a10f3b2b9861d74edca041
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103308
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76612}
%TypedArray.prototype% methods that receive a user callback
fn should not break in the mid-way of the iteration when the
backing array buffer was been detached. Instead, the iteration
should continue with the value set to undefined.
Notably, %TypedArray.prototype%.filter was throwing when the
backing buffer was detached during iteration. This should not
throw now.
Refs: https://github.com/tc39/ecma262/pull/2164
Bug: v8:4895
Change-Id: Ia7fab63264c8148a11f8f123b43c7b3ee0893300
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3066941
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76611}
This CL takes advantage of the z15 `load byte reverse element`
instruction to optimize Simd Load and Zero opcodes.
On the simulator we only run `load element` as reversing is
not required.
Change-Id: I868bda865249cdc525f804c8ddf4d45df5977a86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132965
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76610}
Always return an empty string when formatting stack traces with
--correctness-fuzzer-suppressions. In out-of-stack-space situations
it's easy to get different values depending on whether emergency
formatting is chosen or not.
Bug: chromium:1244626
Change-Id: I2f3d1692deae2533b70b62f28b39875e812b4b0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132968
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76609}
Wasm stubs (C to Wasm and Wasm to JS) aren't logged, so they show up as
??? in GDB backtraces. Emit a CodeCreateEvent in the finalization phase
of the compilation job so that the JitCodeLogger can keep track of it.
With this, a backtrace shows up like (truncated):
-(gdb) bt
-#0 v8::internal::Runtime_WasmArrayCopy
-#1 0x00007fc69d2e155f in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit
-#2 0x00001c368159fcfc in Function:wasm-function[0]-0-turbofan
-#3 0x000000fa00044096 in Stub:c-wasm-entry:i:i
-#4 0x00007fc69dc76b76 in v8::internal::GeneratedCode
-#5 0x00007fc69dc75b25 in v8::internal::Execution::CallWasm
-#6 0x000056506d1a2b6b in v8::internal::wasm::test_gc::WasmGCTester::CallFunctionImpl
Bug: v8:11908
Change-Id: I1223b496091f99a94f2e4e665831462cc9617286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3109050
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76608}
Prefinalizers have long been forbidden to allocate.
This restriction often proved problematic and has caused several
issues in the past.
This CL adds support for allowing allocations in prefinalizers.
At the start of prefinalizer invocations we clear the linear
allocation buffers, such that all allocations go through the slow
path for allocation. The slow path checks whether prefinalizers
are currently being invoked and marks the newly allocated object
if they are (i.e. black allocation during prefinalizers).
The new behavior is disabled by default and can be enabled by
setting the cppgc_allow_allocations_in_prefinalizers gn arg to true.
Bug: chromium:1056170
Change-Id: Ib86e780dcff88fa7b0f762ac2ab83c42393d33af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097877
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76606}
Instrument floating-point operations to set a flag if the result is NaN.
Port: e699762e06
Bug: v8:11856
Change-Id: Iae8121dd17ae8acf402ac74e41122cad77387db7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099945
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#76605}
The PipelineRunScope scope is live on every Run() phase and it isn't
allowed to nest. This means we cannot open a new PipelineRunScope during
TraceScheduleAndVerify() because it can be called in the middle of a
Run(), which we do during effect-control-linearization in the JS
pipeline.
We can fix this by directly using a RuntimeCallTimerScope and a tracing
event, instead of relying on PipelineRunScope to do that.
Change-Id: I3c17b2c0a58ff3cac0d1dcc796f54d29b3444468
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132506
Auto-Submit: Pierre Langlois <pierre.langlois@arm.com>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76603}
Bug: v8:7790,v8:12149
Change-Id: I0c23b2c1126b2a950efe848973618407f64afeb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132268
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76601}
Avoid an additional copy of the name, and inline single-use (and small)
functions. Also, use an early exit for the generic wrapper to make the
code simpler.
R=zhin@chromium.org
Bug: v8:11879
Change-Id: Ic66a2c9430f7c3481b9038d2a517c4c76888503b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132267
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76600}
Double-checked locking pattern for destruction was missing the acquire
barrier for the initial load.
TSAN complained with a data race where:
T1: ClearAllUsedNodes(), clearing out the node
T2: a. if(GetNodeSafe()) { Lock; ... }
T2: b. operator delete
Since GetNodeSafe() was a relaxed load, operator delete was allowed to
be reordered which raced with ClearAllUsedNodes().
Bug: chromium:1239081, chromium:1242795
Change-Id: I3906555b13cc51538a1a54b7ca481a96d81fd84e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132264
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76599}
