Commit Graph

70458 Commits

Author SHA1 Message Date
Rakhim Khismet
d26babbd6d [fuzzer] Adding struct.new and array.new operations
We add new alternative "new_object" in order to
emit new struct and array types. We check whether
heaptype is struct or array type so we could emit
"NewDefault" or "NewWithRtt". The additional methods
(IsArray/StructType, GetArray/StructType)  was added to WasmModuleBuilder.

Bug: v8:11954
Change-Id: I7a0e73edfbaa49beb1efd60b0f1b9916dc50df22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056459
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#75966}
2021-07-28 16:45:56 +00:00
Milad Fa
603e13e8e6 S390 [liftoff]: Initiate FP binary operations
FP Div, Min and Max are added in this CL.

Opcodes are also reordered in macros to match the
instruction selector.

Change-Id: Idd6909721b0d06d523c93873e5faff39449d937c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058294
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75965}
2021-07-28 16:29:18 +00:00
Junliang Yan
8f62c98d54 ppc: [liftoff] implement count leading/trailing zeros
Change-Id: Ib10b00443fe1d46ccb75bd93ec0c855919bb563d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058295
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75964}
2021-07-28 15:40:37 +00:00
Yang Guo
dc49fe0647 [debug] correctly tier down function for side effect check mode
Previously we do not tier down from baseline to interpreter, which
breaks per-bytecode side effect checks (to check whether e.g. we are
mutating a temporary object, which is not considered a side effect).

R=leszeks@chromium.org

Bug: chromium:1233401
Change-Id: Ie08b5352aa4c124421b4c9abce18326938bbc822
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056981
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75963}
2021-07-28 15:03:26 +00:00
Benedikt Meurer
4ccf0a4c83 [profiler] Use description for Symbols in Heap snapshots.
Previously we'd report all property edges with symbol names as <symbol>,
which was not very useful, especially with private class fields now
seeing more adoption.

Fixed: chromium:1232467
Change-Id: I53cf0811c4b83d016b988b687c6decbddd3c2fdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055309
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75962}
2021-07-28 14:18:36 +00:00
Santiago Aboy Solanes
2dd0dbe9e4 [test] Mark pdfjs as slow for TSAN builds
Bug: v8:11600
Change-Id: I38696d64da4e321d966933179800376b7fdedaca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056987
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75961}
2021-07-28 14:03:46 +00:00
Clemens Backes
b971ab3067 [traphandler] Fix test link errors on some MSan/ASan builds
Found these when compiling the arm64 simulator for MSan (Release) and
ASan (Debug and Release). Depending on the exact configuration (and
compiler), different functions will get inlined and different symbols
need to be available at link time.

1) Since GetRecoveredTrapCount is used in a unittest, it needs to be
   exported.

2) The thread-local g_thread_in_wasm_code cannot be exported on
   Windows, hence it cannot (safely) be used in unit tests. Use the
   {GetThreadInWasmThreadLocalAddress} function instead, which will
   return the address of that thread-local variable.

R=ahaas@chromium.org, mseaborn@chromium.org

Bug: v8:11955
Change-Id: I118f60c1580a8362f8232541576a1c41da7042bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049077
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75960}
2021-07-28 13:34:37 +00:00
Mythri A
3c5705c611 [csa] Fix AllocateFunctionWithMapAndContext
Use write barrier when storing code into JSFunction::Code field.
Earlier, code from SharedFunctionInfo was always a builtin and hence
it was safe to skip write barrier there. With Sparkplug we could
also store baseline code and hence it isn't safe to skip write barrier.

Change-Id: I6a68ac759d619cdbeec8d4a37e9493d46f7aa790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056982
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75959}
2021-07-28 13:15:06 +00:00
Leszek Swirski
6a77c34699 [turbofan] Move OSR entry stack check before exception ranges
The OSR entry stack check is needed as a function entry stack check to
make sure the call isn't overflowing, but emitting it as part of the
loop peeling meant that it would be within any exception handler ranges
that the loop is in.

In particular, this meant that code like this:

    try {
      loop {
          OSR();
      }
    } catch {}

would logically insert the entry stack check inside the try, and thus
stack overflows of the function call would be caught within the
function, and the function could continue runnning in an overflown
state.

Bug: chromium:1232875, chromium:1034322
Change-Id: I846c6f520fd3a897da016132419ad48043859c33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056980
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75958}
2021-07-28 12:11:16 +00:00
Jakob Gruber
c48395d2fc [compiler] Enable concurrent GetPropertyAccessInfo by default
Drive-by: Remove invalid DCHECK(!is_deprecated) since we cannot
guarantee this in a concurrent setting.
Drive-by: Instead, check for deprecation during dependency validation.
Drive-by: Remove addtl. invalid or outdated DCHECKs.

Bug: v8:7790
Change-Id: Ia77a82976b987fe1eaca6178dac6c7b75fbf98fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041666
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75957}
2021-07-28 09:53:26 +00:00
Jakob Kummerow
2d6ad4deb4 [bigint] Fix corner-case bugs in fast .toString
Bug: v8:11515
Change-Id: Ieece676f2f4ae258db8b7e1783c796ff6c0fa6f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055293
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75956}
2021-07-28 09:52:26 +00:00
Liu Yu
5404eaf159 [mips][liftoff] Push the instance as part of frame construction
Port 593fbb69c4

Bug: v8:12017
Change-Id: I0776820d0ab51950028da347d9d7d08acfb30386
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058652
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#75955}
2021-07-28 09:51:46 +00:00
Maya Lekova
472e40b369 [test] Re-enable slow benchmark on TSAN
Bug: v8:11905
Change-Id: I845914a1c9dca760fd160fc2ff15aacc3f323993
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056976
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75954}
2021-07-28 09:48:27 +00:00
Clemens Backes
6b2e9f6407 [ia32][nowasm] Fix compilation
Fix ia32 for v8_enable_webassembly=false.
This is not a configuration that we test on CQ or the waterfall, but
it was working at some point so this CL makes it compile again.

R=zhin@chromium.org

Change-Id: I78dafe08199c89ec24613a62a3085e923a51b43e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056450
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75953}
2021-07-28 08:39:56 +00:00
Santiago Aboy Solanes
bbc6e492c8 [compiler] Enable background serialization for non-concurrent inlining
This means that we are now background serializing
RefSerializationKind::kBackgroundSerialized classes on all configs.

Bug: v8:7790
Change-Id: Iaa54718303e07e37a95d3f54d0c4c173d4174967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056453
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75952}
2021-07-28 08:27:36 +00:00
Jakob Gruber
ffd682409f [compiler] Pass actual type/rep into dependencies
.. instead of recalculating them at the risk of getting different
answers.

In a concurrent setting, repeated type/rep calculations are not
guaranteed to return the same answer. Instead, calculate them once and
pass them into dependency creation methods.

Note with this CL we now get the type/rep off the holder map and not
the field owner map. The results should be identical and behavior
should not change (verified by CHECKs).

Bug: v8:7790
Change-Id: I2b4c3bb8907082c69448ca743d3c8740cd8f71f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055306
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75951}
2021-07-28 07:45:36 +00:00
Liu Yu
5a55f36b91 [mips][liftoff] Add explicit stack check for large frames
Port edc349dbf5

Bug: v8:11235

Change-Id: Ie3cfadf97afcea4048c20bc1a5646f4e3c2a82ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058061
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#75950}
2021-07-28 07:31:10 +00:00
Jakob Gruber
e8fd93689e [compiler] Thread-safe Map::ComputeMinObjectSlack
ComputeMinObjectSlack is called concurrently from background threads
(when --concurrent-inlining) and must therefore be thread-safe.

This CL adds a compiler-specific thread-safe variant
of ComputeMinObjectSlack in addition to the plain old non-thread-safe
one. Thread-safety is achieved through locking: on the bg thread, a
shared lock when traversing transitions, and on the main thread, an
additional exclusive critical section when overwriting prototype
transitions.

Tbr: leszeks@chromium.org
Bug: v8:7790,v8:12010,chromium:1231901
Change-Id: If5af83df1ab896b22477921449fb5ba4c8d3e8a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045342
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75949}
2021-07-28 06:05:36 +00:00
v8-ci-autoroll-builder
89e659a2aa Update V8 DEPS.
Rolling v8/build: e3754f7..96a4da9

Rolling v8/buildtools/third_party/libc++abi/trunk: bfcda91..24e92c2

Rolling v8/buildtools/third_party/libunwind/trunk: 23a5972..e6a0f63

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9042ee9ede0949807a83329e8045811adad06fe2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058290
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75948}
2021-07-28 03:44:06 +00:00
Milad Fa
322c7e475a PPC [simd]: Optimize bitmask on Power10
This cl uses the newly added instructions on power10 for
extracting the sign bits.

Change-Id: I9e4fa3bdd7fa5fc7004695c1d3ac29e3906d5207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056506
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75947}
2021-07-27 19:15:44 +00:00
Marja Hölttä
8c9fc13a4a [rab/gsab] TypedArray.prototype.fill: Support rab / gsab
Bug: v8:11111
Change-Id: I09e918a3f8c50e10691c8ab4718b7c4ae9184000
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055303
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75946}
2021-07-27 17:07:04 +00:00
Milad Fa
d5212940fb PPC/s390: [codegen] Remove PrepareForTailCall
Port ec7171608b

Original Commit Message:

    This is no longer used, tail calls are dealt with inside of
    VisiTailCall.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I44cac6f77ce79d47806b3f504c3bad1d88475a25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055307
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75945}
2021-07-27 16:59:53 +00:00
Ng Zhi An
98ddfe7792 [disassembler] Add more padding for printing instruction bytes
We can emit a 9-byte nop, so leave more padding, otherwise the
disassembled code looks a bit off, e.g.:

0x265ef7799a73   5b3  e902010000     jmp 0x265ef7799b7a  <+0x6ba>
0x265ef7799a78   5b8  0f1f840000000000 nop
0x265ef7799a80   5c0  83c004         addl rax,0x4

Bug: v8:11879
Change-Id: I697e97b45644e28e544705b972c88702f7f27ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054255
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75944}
2021-07-27 16:56:04 +00:00
v8-ci-autoroll-builder
368f27ca88 Update V8 DEPS.
Rolling v8/build: ff4b382..e3754f7

Rolling v8/buildtools/linux64: git_revision:d565aa3e72dd9e81da9595ee8c9d7b24cb45c48b..git_revision:c0a2d23c21e87f27f5af3e5dc2a99f2ef3480b9e

Rolling v8/buildtools/third_party/libc++abi/trunk: e8bf577..bfcda91

Rolling v8/buildtools/third_party/libunwind/trunk: d7b11d7..23a5972

Rolling v8/third_party/aemu-linux-x64: jIoBgZ-iUWXLCCH8YkbLabPLzKXZ54b27lb6trJpzpUC..LiTUyHa0AyC2fE72v094aZIjv1aTdQEZfYm-LIJVQIwC

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/9ac1fdf..10f6e4b

Rolling v8/tools/clang: 131233f..2a8bb1c

Rolling v8/tools/luci-go: git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d..git_revision:75ff299b9adf969190cafebe902255856a346f0b

Rolling v8/tools/luci-go: git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d..git_revision:75ff299b9adf969190cafebe902255856a346f0b

Rolling v8/tools/luci-go: git_revision:9ee8b1d719c0d3c268e0e19282351ca78024af2d..git_revision:75ff299b9adf969190cafebe902255856a346f0b

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ie13b5864c24cc43c5e49ba794af1ca0024fd8e01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056498
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75943}
2021-07-27 15:43:44 +00:00
Milad Fa
24d92be5b4 PPC/s390: [liftoff] Push the instance as part of frame construction
Port 593fbb69c4

Original Commit Message:

    Currently we first construct the frame (via
    {TurboAssembler::EnterFrame}), then we spill the instance to the
    respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
    should already spill the instance as part of frame construction. That
    allows for a more compact instruction to be used ("push" instead of
    "mov" on Intel), and on arm64 even allows to merge pushing into an
    existing instruction (where we currently push the zero register x31
    instead).

    This makes the prologue more similar to what TurboFan generates in
    {TurboAssembler::AssembleConstructFrame} (which does not use
    {TurboAssembler::EnterFrame}).

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I0b87d73776b59ade36faea2f4772c63c89eb740e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056455
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75942}
2021-07-27 15:39:14 +00:00
Jakob Kummerow
8c057f1736 [bigint] Define V8_ADVANCED_BIGINT_ALGORITHMS everywhere
It was previously only passed to compilation units in src/bigint/,
but inconsistencies arise when it's not passed to other compilation
units that #include src/bigint/bigint.h.

Fixed: chromium:1233397
Change-Id: Idb310d8c13bad12766699086574aa2c3869eb56c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056452
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75941}
2021-07-27 15:17:34 +00:00
Vasili Skurydzin
8d3d0dbfd1 [aix] Correction to builtin alignment
This changes builtin definition so that builtins are now located in GL
.text section, to maintain their alignment in the resulting binaries
and make sure the off-heap code is aligned to kCodeAlignment.

Change-Id: I4662ca59273fa2dd11e7ecf63969597b9dd9664b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054431
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Cr-Commit-Position: refs/heads/master@{#75940}
2021-07-27 14:01:20 +00:00
Al Muthanna Athamina
149f1693cb Update V8 DEPS manually
Include changes from https://crrev.com/ff4b382aca5ad5077883bec9e4ac3dc64776902a

Bug: chromium:1233409
Change-Id: I571feec6e3d56ade7ad167f2e0b7bebb5c9ddf8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055300
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75939}
2021-07-27 13:57:33 +00:00
Clemens Backes
593fbb69c4 [liftoff] Push the instance as part of frame construction
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).

This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).

R=ahaas@chromium.org

Bug: v8:12017
Change-Id: Ibb4a38d2049cff66fec9450db4f7f375d006beac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055302
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75938}
2021-07-27 13:37:53 +00:00
Thibaud Michaud
b86db1396a [wasm][eh] Encode values in WebAssembly.Exception
R=jkummerow@chromium.org

Bug: v8:11992
Change-Id: If62f2cdc080364dec796a836321110bf571769ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049075
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75937}
2021-07-27 13:23:07 +00:00
Santiago Aboy Solanes
d938c10891 [compiler] Remove part of DescriptorArrayData serialization
Some of the fields come from MapRef calls and we have to still serialize
them while Map is bg-serialized. An alternative would be to move them to
MapData but that comes with a cost since different maps with the same
descriptor array wouldn't share said data.

Bug: v8:7790
Change-Id: I25d8eaf7b0a8bf7de0f21272cc6f86cc172b8b08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008640
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75936}
2021-07-27 11:27:17 +00:00
Michael Achenbach
fb0a2ea25e Revert "Reland "[build] Add V8-specific dcheck_always_on""
This reverts commit 67960ba110.

Reason for revert:
This has been properly fixed by https://crrev.com/c/3053740.
Now dcheck_always_on already defaults to false for subprojects
like V8 and no other switch is required. The switch didn't fully
work anyways due to https://crbug.com/1231890.

Original change's description:
> Reland "[build] Add V8-specific dcheck_always_on"
>
> This is a reland of cecc666f4d
>
> Depends on:
> https://crrev.com/c/3043611
>
> Original change's description:
> > [build] Add V8-specific dcheck_always_on
> >
> > This makes the V8 dcheck control independent of Chromium's and
> > prepares switching Chromium's default behavior without affecting V8
> > developers or builders.
> >
> > Preparation for: https://crrev.com/c/2893204
> >
> > Bug: chromium:1225701
> > Change-Id: I520b96019b04196f4420716ff3500ebd6c21666f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038528
> > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75827}
>
> Bug: chromium:1225701
> Change-Id: I56568b78592addba01793d2d14f768c9ee10103d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041670
> Reviewed-by: Liviu Rau <liviurau@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75839}

Bug: chromium:1225701, chromium:1231890
Change-Id: I7e27f5774d8e162977f30f685da4b15dadcc1084
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055294
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75935}
2021-07-27 11:14:57 +00:00
Jakob Gruber
7e97b2cffb [regexp] Remove experimental mode modifiers feature
The implementation came in with
https://chromium-review.googlesource.com/758999.

This feature was never enabled by default, is not used anywhere, and
is not on any standardization path.

Bug: v8:10953
Change-Id: Ia2b0a556c1fb504a4cd05bdfa9f0a9c5be608d26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053589
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75934}
2021-07-27 08:43:03 +00:00
Santiago Aboy Solanes
5a352b395b [compiler] Mark FeedbackVector as NeverEverSerialized
Bug: v8:7790
Change-Id: I0d875d4a350d4e101534d82129cd7ef90f342738
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008639
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75933}
2021-07-27 08:32:23 +00:00
Georg Neis
b63a596195 [deoptimizer] Finish concurrent sweeping before overwriting ByteArrays
Bug: chromium:1228036
Change-Id: I5abe7009920d2c8f81f024c9ae7bb6b13607da1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054119
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75932}
2021-07-27 07:34:33 +00:00
Ng Zhi An
ec7171608b [codegen] Remove PrepareForTailCall
This is no longer used, tail calls are dealt with inside of
VisiTailCall.

Bug: v8:11879
Change-Id: I3e5b74c61c959a6697bc3fd05c8f9aa60cce9fa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049570
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75931}
2021-07-26 21:53:53 +00:00
Junliang Yan
64d1947200 ppc: Add CNTTZW/CNTTZD instructions
Change-Id: I99448ed94e8ef0cb2ea9fdf6e629757bda595d54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054472
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75930}
2021-07-26 20:52:07 +00:00
Peter Kasting
28661339c7 Fix an instance of -Wunused-but-set-variable.
Bug: chromium:1203071
Change-Id: I09724552731594ddf18358d29cdc243cb696652d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053617
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75929}
2021-07-26 20:52:03 +00:00
Zhi An Ng
1fc4ad83f3 Revert "Reland^2 "[sparkplug] Enable sparkplug by default on desktop""
This reverts commit 1494106756.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/34588/overview

Original change's description:
> Reland^2 "[sparkplug] Enable sparkplug by default on desktop"
>
> This is a reland of 0f79565bb7
> which is a reland of 85e6c4b643
> GC-stress issue was still flushing, now fixed for real with
> https://crrev.com/c/3054117.
>
> Relanding without changes.
>
> TBR=verwaest@chromium.org
>
> Original change's description:
> > Reland "[sparkplug] Enable sparkplug by default on desktop"
> >
> > This is a reland of 85e6c4b643
> > GC-stress issue was flushing, fixed with https://crrev.com/c/3048172.
> > Relanding without changes.
> >
> > TBR=verwaest@chromium.org
> >
> > Original change's description:
> > > [sparkplug] Enable sparkplug by default on desktop
> > >
> > > Bug: v8:11420
> > > Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418
> > > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#75868}
> >
> > Bug: v8:11420
> > Change-Id: I44ac0e4a5df07db79fa50db3134cdae3af41c88c
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053588
> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75916}
>
> Bug: v8:11420
> Change-Id: I24c7aea81ca58c339fc3bcc904663bdefb93106b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054118
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#75926}

Bug: v8:11420
Change-Id: Id7ad213f9bf463d9d167c8420c85038043d9523c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054436
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75928}
2021-07-26 20:17:19 +00:00
Jakob Kummerow
a8ef7683f2 [bigint] Fix length of '0' sequences in fast .toString()
Bug: v8:11515
Change-Id: I1353726c9e81c3601258202fe56c05ffd16a4a25
Fixed: chromium:1232733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054112
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75927}
2021-07-26 16:46:13 +00:00
Leszek Swirski
1494106756 Reland^2 "[sparkplug] Enable sparkplug by default on desktop"
This is a reland of 0f79565bb7
which is a reland of 85e6c4b643
GC-stress issue was still flushing, now fixed for real with
https://crrev.com/c/3054117.

Relanding without changes.

TBR=verwaest@chromium.org

Original change's description:
> Reland "[sparkplug] Enable sparkplug by default on desktop"
>
> This is a reland of 85e6c4b643
> GC-stress issue was flushing, fixed with https://crrev.com/c/3048172.
> Relanding without changes.
>
> TBR=verwaest@chromium.org
>
> Original change's description:
> > [sparkplug] Enable sparkplug by default on desktop
> >
> > Bug: v8:11420
> > Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418
> > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75868}
>
> Bug: v8:11420
> Change-Id: I44ac0e4a5df07db79fa50db3134cdae3af41c88c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053588
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75916}

Bug: v8:11420
Change-Id: I24c7aea81ca58c339fc3bcc904663bdefb93106b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054118
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75926}
2021-07-26 16:19:15 +00:00
Clemens Backes
9670cff385 [liftoff][arm64] Add explicit stack check for large frames
Handle large frames by doing an explicit check to see if there is enough
remaining stack space before the stack limit.
The bailout which can be removed then is being triggered on more than 1
percent of all functions, so this is expected to improve compile time by
several percent, because we avoid the costly TurboFan compilation for
those >1%.

The code follows the same pattern as on arm, see
https://crrev.com/c/3046180.

R=ahaas@chromium.org

Bug: v8:11235
Change-Id: I0d359ae5fe0126da7ade860f596cfc108e7fd1d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054114
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75925}
2021-07-26 15:55:23 +00:00
Leszek Swirski
4440d7a5be [sparkplug] Fix IsCompiledScope
IsCompiledScope should check for BaselineData before BytecodeArray,
since the former implies the latter.

Bug: v8:11420
Change-Id: I6c659a5f97180b478fb3401f55a095b6d307b80f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054117
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75924}
2021-07-26 15:29:59 +00:00
Milad Fa
5f8cd123f0 PPC: refactor setting cpu features
PPC features on V8 are currently only enabled by checking the cpu
type (i.e if >= powerX then set a feature as available).
This CL bypasses the feature list and simply checks if the cpu
type is >= a specific type required by certain instructions.

Specific feature checks (such as FPU) can always be added back to the
list if needed.

Change-Id: Ic7d1f1375c28da507f96f93f879859ef3dbfe512
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048971
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75923}
2021-07-26 15:01:24 +00:00
Milad Fa
b973e23589 S390 [liftoff]: add to Simd binary operations
Adds Integer and FP Sub and Mull.

Change-Id: Ide2cfdbdc308d18011ba5cc6a61cd326c13c09b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048789
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75922}
2021-07-26 14:33:59 +00:00
Leszek Swirski
9999ac7526 Revert "Reland "[sparkplug] Enable sparkplug by default on desktop""
This reverts commit 0f79565bb7.

Reason for revert: Still breaking gc-stress...
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/34581/overview

Original change's description:
> Reland "[sparkplug] Enable sparkplug by default on desktop"
>
> This is a reland of 85e6c4b643
> GC-stress issue was flushing, fixed with https://crrev.com/c/3048172.
> Relanding without changes.
>
> TBR=verwaest@chromium.org
>
> Original change's description:
> > [sparkplug] Enable sparkplug by default on desktop
> >
> > Bug: v8:11420
> > Change-Id: I07ac7f30b5ffffe40170ac15d5df0d3bf8a53523
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041418
> > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75868}
>
> Bug: v8:11420
> Change-Id: I44ac0e4a5df07db79fa50db3134cdae3af41c88c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053588
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75916}

Bug: v8:11420
Change-Id: I5f96a76392c4ea0d1c9192e697d954de086aa4f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054113
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75921}
2021-07-26 14:06:17 +00:00
Andreas Haas
bbeff193df [fuzzer] Disallow atomic.wait in fuzzers
It is very unlikely that atomic.wait does anything useful in the fuzzer,
and will most likely just timeout the fuzzer. That's why it's better to
just disallow atomic.wait on the fuzzer.

R=thibaudm@chromium.org

Bug: chromium:1229074
Change-Id: I57aaff013964fa4c0e6ab411789e53a9013cabd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053584
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75920}
2021-07-26 13:47:45 +00:00
Lu Yahan
d47a930d71 [riscv64] Fix cross build failed for riscv64.
When buid with "is_component_build=true" will failed.
  Add lib atomic into lib in v8_libplatform.
  Move func body into cc file

Bug: v8:11975
Change-Id: Ifb844a82360310aba444504f7012fa0c543a49e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046980
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#75919}
2021-07-26 13:28:55 +00:00
Leszek Swirski
6f898234b1 Reland "[offthread] Template deserializer on Isolate"
This is a reland of e24fa91327
It fixes the heap verification errors by going back to using MakeThin
instead of manually creating a filler (that then makes the verifier
think that this was array left-trimming).

Original change's description:
> [offthread] Template deserializer on Isolate
>
> Make the deserializer class templated on Isolate/LocalIsolate. This
> allows the ObjectSerializer to be split into a main-thread and offthread
> variant, with the latter taking a LocalIsolate.
>
> Eventually, we probably want to anyway split off the code-cache de/serializer
> to a separate implementation (for various reasons), and this the only one that
> wants off-thread finalization, and at this point the deserializer can revert
> back to being un-templated, used only for bootstrapping. However, this is the
> simplest way, for now, to enable off-thread deserialization.
>
> Bug: chromium:1075999
> Change-Id: I49c0d2c5409f0aa58183673785296756c3714f22
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2562254
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75834}

Bug: chromium:1075999
Change-Id: I1d81fad2550a2a9f04dd0f9d8e66422d28faf378
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043960
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75918}
2021-07-26 13:25:46 +00:00
Georg Neis
bf83100b9d Reland "[compiler] Enable --turbo-optimize-apply by default"
This is a reland of 04ae49049f,
after the discovered bug has been fixed in a separate CL.

Original change's description:
> [compiler] Enable --turbo-optimize-apply by default
>
> Bug: v8:9974
> Change-Id: I801f55687808bb5bd0c1ad19f37cd97264889962
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035087
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75792}

Tbr: mvstanton@chromium.org
Bug: v8:9974
Change-Id: I2130a648008f9424983762447fbd204bdd767d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054110
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75917}
2021-07-26 13:23:56 +00:00