Only apply this optimization to the conditions that have multiple
branch uses.
Bug: v8:12484
Change-Id: Ieb74b8e879e62aa96344f2903f1fea6a1b769549
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902559
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#83347}
Fixing an issue in WasmInstanceObject::GetGlobalBufferAndIndex.
Bug: v8:13309
Change-Id: I52e65c109e43ce0300513604e71e587e1949f70a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3907666
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83345}
1. Correct the return type of RoundTowardsZero to fix issue with
double value > 2^64
2. In TemporalDurationToString:
a. Use std::fmod instead of % to get the remainder
b. Use extra xx_add variables to hold additional value which may
overflow the double during computation.
c. Use BigInt for days if the value is too large for double
to ensure the precision.
3. Add tests with Number.MAX_SAFE_INTEGER
and Number.MAX_VALUE in values for Duration toJSON in mjsunit
Bug: v8:11544
Change-Id: Icac4f669ed1c591e947b51c82dd48bdef7a6db6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900813
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83344}
As part of moving export wrappers to the isolate, it was tried to
compile them lazily on the main thread. This resulted in large
slowdowns in some cases, therefore we restore the eager parallel
compilation.
Bug: chromium:1365726
Change-Id: I9cc8d5728f3a5c71099f0e0fdcc605b37d4d6618
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905193
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83339}
On x64.release for linux this didn't affect binary size at all but
should improve readability of usages.
Bug: v8:7748
Change-Id: I46ecc9c2b4814244f6b5114f9ea199cd4d0220cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904602
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83337}
DCHECK that input registers that are clobbered (e.g. because they are
also an output register) are not used as register inputs into eager
deopts.
This is already the case because we're only allowed to mutate input
registers that alias the result register, and eager deopt input
allocation happens after result register allocation, but this DCHECK
makes this assumption explicit and will break if we ever change the
regalloc.
Bug: v8:7700
Change-Id: I4e00a8be88e0984044d8fc5b661eaf7bea801b17
Fixed: v8:13278
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905189
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83330}
This change allows to put Wasm structs / arrays into prototype
chains. While this isn't particularly useful (as any access lookup
on the wasm object will throw a TypeError), there isn't any reason
not to allow it.
Bug: v8:7748
Change-Id: I81cf709d2e8403b545bbba9ad9c538c1e9748c74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901979
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83329}
If a shift right is performed with a negative value <= -32,
it may not be reduced to a 32 bit shift.
The reduction optimization was introduced by commit
2298b35f7c.
Fixed: v8:13290
Change-Id: Ifb16ed85560ab54d211ebb407690abe2c156e3a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905143
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83324}
Array.prototype.group and Array.prototype.groupToMap have an optional
thisArg, which is currently not passed.
Bug: v8:13301, v8:12499
Change-Id: Ib927638401d39ed0cbcc0595ab41fde328ef43cc
Fixed: v8:13301
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905934
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83323}
This is a reland of commit d7fcbba80e
The LSan support logic of the ExternalPointerTable has been optimized to
avoid timeouts on sanitizer bots
Original change's description:
> [sandbox] Increase ExternalPointerTable maximum capacity to 512MB
>
> Bug: v8:10391
> Change-Id: I383e11bdccf6fcaf13f29d25e1404545067d313e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891249
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83203}
Bug: v8:10391
Change-Id: If50156d6fecff7ca8ece5c350e7b08936f50daa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905141
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83322}
This CL fixes isolate deserialization such that the first test for
concurrent allocation in the shared spaces already succeeds.
* Allows dereferences for the shared heap and not just for the shared
isolate.
* Updates shared_heap_object_cache() for --shared-space.
* Sets IN_SHARED_HEAP flag on all shared space pages.
Bug: v8:13267
Change-Id: I912630da34f93e15d2ddef77a45a5e875bdceff0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902523
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83320}
This CL adds a test that checks the block list for outer functions is
also correctly calculated when pausing in inner functions.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: I2d7c1671475759b977e4e41c7e09856b3b2e7daf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904308
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83319}
This CL introduces a new root that is conceptually a
WeakMap<ScopeInfo, Tuple2<ScopeInfo, StringSet>>
Instead of storing the "locals block list" for debug-evaluate on the
`ScopeInfo` object directly, we will store it instead in a global
WeakMap. This enables us to re-use the "locals block lists" across
multiple debug-evaluate invocations without having to modify the
`ScopeInfo` of `SharedFunctionInfo`s.
R=bmeurer@chromium.org
Doc: https://bit.ly/chrome-devtools-debug-evaluate-design
Bug: chromium:1363561
Change-Id: Ib52f9abd97cf1c8fa3053ff3c61a6062c4b814be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902041
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83318}
Since we have the NodeInfo map in known_node_aspects now anyway, use it
for representation changes instead of the current interpreter frame
value swapping mechanism.
We originally didn't want a map for representations, but if we have one
anyway for node types, it makes sense to merge the two mechanisms.
This also allows us to get rid of the "register same as accumulator"
hack for binops, which was trying to avoid redundant representation
changes, since the redundancy is removed by the node aspects mechanism
automatically. It's kept for CheckedInternalizedString, since that isn't
a representation change within our framework (maybe it should be?).
Bug: v8:7700
Change-Id: I92491307f83d3b63fc7a210f6b8754e45d3531a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905182
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83317}
This is a reland of commit defa678e8b
Original change's description:
> cppgc: Be more conservative in Seeper::FinishIfOutOfWork
>
> Finalizing sweeping can be beneficial to truly end a GC cylce. We
> should only finalize in `FinishIfOutOfWork()` though if that would not
> introduce any jank. Limit the amount of executing finalizers in that
> scenario.
>
> Bug: v8:13294
> Change-Id: I0237f6b6017d444c457923d83e85147c58586445
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902222
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83279}
Bug: v8:13294
Change-Id: I426a54785d1a0f569c2200156dcf41a5d5c7876f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902583
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83316}
We currently use 1 test case per file for tests that check that
debug-evaluate correctly blocks the lookup of stack-allocated
variables.
This CL adapts a similar approach to `debug-scopes.js`, making it
easier to add new test cases in the future.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: I8ff8cfe7d59f0b9808dc02c5579e058f490553eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904544
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83315}
Slots in free memory need to be removed. After a GC the JS application can create additional free memory by either left- or right-trimming
of heap objects. The sweeper might discover memory that was freed
because of such operations.
In case the sweeper discovers free memory, there can't be any
recorded slots in it. Otherwise subsequent allocations might store
untagged values in those slots and the next deref would most
likely crash.
Remove OLD_TO_SHARED slots in freed memory when left-trimming, right-
trimming and for DeleteObjectPropertyFast.
Also full GC was right-trimming objects which now needs to remove
slots in OLD_TO_SHARED.
Bug: v8:11708
Change-Id: I5761336e103704929fbd455d74bdbb499ae23f61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905144
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83314}
Allow non-registered symbols as keys in weakmap and weakset.
Allow non-registered symbols as target and unregisterToken in
WeakRef and FinalizationRegistry.
Bug: v8:12947
Change-Id: Ieb63bda66e3cc378879ac651e23300b71caed627
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865056
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83313}
The hoursInDay could be fractional number on the date of changng
daylight saving time for time zone in half hours or some historical time
zone.
Ex: Australia/Lord_Howe on Sunday, April 3, 2022, 2:00:00 am clocks were
turned backward 0:30 hours to Sunday, April 3, 2022, 1:30:00 am local
standard time instead. so that day will have 24.5 hours.
On Sunday, October 2, 2022, 2:00:00 am clocks are turned forward 0:30
hours to Sunday, October 2, 2022, 2:30:00 am local daylight time
instead. So the hoursInDay for that day is only 23.5 hours.
Historically, Singapore from 1933 to 1941 moved clocks forward 20 minutes for daylight savings, resulting the day in 24.33333 and
23.66667 hours.
Test covered in https://github.com/tc39/test262/blob/main/test/staging/Temporal/ZonedDateTime/old/dst-properties.js
Change the return type from MaybeHandle<Smi> to MaybeHandle<Object> so
we can return non integer value. Also change the method of division by
first convert the value to second in BigInt, then divid 3600 (number of
seconds in a hour) in double.
Bug: v8:11544
Change-Id: Ia69d2606cd832e51f415a00440fb9cbc236883e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901619
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83311}
Refactor the interface between intl and Temporal and pass
the nanosecond in BigInt to intl. Approximate the nanoseconds
to the correct close by millisecond depending on the usage
before calling ICU API and convert the result millisecond into
BigInt in nanosecond before return from intl.
Remove Maybe for function always complete.
Bug: v8:11544
Change-Id: Icc471b80312c513c9415b690804aa624df4a387d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3897165
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83310}
Test was using concurrent sweeper which could lead to the concurrent
sweeper holding onto memory until the allocation succeeded in rare
cases.
Bug: v8:13308
Change-Id: I0f9f93cc503cdc17d6962b3c31bc4ea698b4cb42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905183
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83309}
This method will be used in the marking visitors to stop marking into
the shared heap from e.g. worker or client heaps.
Bug: v8:13267
Change-Id: I7a099a3f816fa5d867d6a99558838389914e3048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904606
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83308}
Make sure both the fast and slow version return the same value in case
of wrong follow-bit values in the input.
Bug: chromium:1359230, chromium:1360735
Change-Id: Ic65f81109e5bbc288fa41a5540ec7e6cece10ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890998
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83307}
For the 'finish compilation' event for all tiers (SP, ML, TF),
consistently use the 'completed compiling' message prefix.
For deoptimization, print the Code object in addition to the JSFunction
(now that deopts may happen in both ML and TF).
Bug: v8:7700
Change-Id: I3375db91413195c92007db9b1b202af9bd6ac05a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904601
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83303}
... which will contain all compression scheme related functions.
This will allow introducing custom compression schemes for certain
cases and use the compression scheme class as a template argument for
TaggedField or OffHeapCompressedObjectSlot implementations.
Bug: v8:7703, v8:11880
Change-Id: Ic78d36b7021110d6a4797a3150547a224d942b32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899262
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83302}
ArrayBuffers of length 0 may not have a BackingStore, so guard for that
case in ArrayBuffer.prototype.transfer.
Bug: v8:11111, chromium:1364738
Change-Id: I058d00f0f60183f9137c60682ad93973c7a6dcbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902517
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83301}
