Commit Graph

80085 Commits

Author SHA1 Message Date
Michael Lippautz
d2c4ae10c9 [heap] Make scope for finishing Minor MC incremental marking optional
Bug: v8:12612
Change-Id: I1b8be498c08f379a65087d1264eb6739e4c83e0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212395
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85593}
2023-02-01 13:59:49 +00:00
Liviu Rau
9b46fb9d7d Support pushing additional files to Android in tests cases
Drive-by refactoring: Make it evident that currently we upload additional files only for Android platform.

Bug: v8:13686
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel
Change-Id: I8081c1185d6a92dfdcef82e697e301f3e7838dc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205916
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#85592}
2023-02-01 13:36:47 +00:00
Michael Lippautz
fb1c8489f6 [heap] Rework external callbacks in PerformGarbageCollection
- Bail out of callbacks bottlenecks if there's no registered callbacks
  without emitting scopes.
- Unify blocks for external callbacks

Change-Id: I30744ef8b2f537ecb84b22babcae6df1442018bf
Bug: v8:12612
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208930
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85591}
2023-02-01 12:49:42 +00:00
Victor Gomes
12ecfa78cd [maglev] Remove BaselineAssembler dep from Maglev
We should not mix Baseline vs Maglev ScratchScope. x14 is considered
an extra-scratch register in arm64 for Baseline, but not for Maglev,
which has a more comprehensive way to allocate extra scratches.

Bug: v8:7700, chromium:1410970
Change-Id: Ia7eb77ff7fffc3c91d572931aa2ea001c90c1ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212388
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85590}
2023-02-01 12:36:52 +00:00
Matthias Liedtke
caa93f9618 [wasm-gc] Allow Js -> Wasm wrapper inlining for externref
Bug: v8:7748
Change-Id: If2045d900e272ae254ef22914a39ded3696f17e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204032
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85589}
2023-02-01 12:16:02 +00:00
Juan José Arboleda
958f02bbc1 [builtins] Update Array.p.toLocaleString to follow ECMA402
In JavaSCript implementations that supports ECMA-402,
`Array.prototype.toLocaleString()` must invoke the `toLocaleString` method of
each non-undefined, non-null elements witch exactly two (2) arguments.
See: https://tc39.es/ecma402/#sup-array.prototype.toLocaleString step 6.c.i.

V8 appears to provide no arguments when locale is undefined and to not provide options when options is undefined.

Bug: v8:13564
Change-Id: I655917210554d20d2eaebe2ac333421dd5d157ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4184564
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Auto-Submit: Juan José <soyjuanarbol@gmail.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85588}
2023-02-01 12:07:02 +00:00
Jakob Linke
8509ab482e [bazel] Support v8_enable_turbofan
.. similar to the way the build works in BUILD.gn:

- When TF is enabled, TF is compiled into both v8_library("v8") and
  v8_binary("mksnapshot").
- When disabled, TF is compiled into mksnapshot, but not
  v8_library("v8").

This required splitting torque-generated files into (object)
definitions and initializers; definitions are always included,
initializers only in mksnapshot.

Bug: v8:13629
Change-Id: I987f02ad809cce3b922e3b0568d9695b16776e26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4196117
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85587}
2023-02-01 11:25:11 +00:00
Tobias Tebbi
993c2b45be [turboshaft] refactor assemblers/reducers to enable IDE autocomplete
Bug: v8:12783
Change-Id: I237f470cea6be265475fec6c4301f3bf60bcb118
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208931
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85586}
2023-02-01 10:45:36 +00:00
Toon Verwaest
7d8ca951ec [maglev] Don't check smi overflow after int32 unary/binop
This means TurboFan might not see what Maglev did, and it might make
different decisions, but if we deopt we'll learn in Ignition anyway and
won't make the same mistake later. At the same time this avoids a lot of
unnecessary operations that impact tight loops.

Bug: v8:7700
Change-Id: I6fada2ed0218b0b97fc8c9d9ba10fb2218cd71d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200631
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85585}
2023-02-01 10:27:33 +00:00
Simon Zünd
3ff97ec329 [cleanup] Simplify logic in Debug::ProcessCompileEvent
Script::IsSubjectToDebugging() returns true for "Normal" and
"WebAssembly" scripts. This is exactly when we want to notify the
debug delegate. We can remove the round-about way this is currently
checked.

R=pfaffe@chromium.org

Bug: None
Change-Id: I1d3b2560043cebffb8eb3db68f58bf0a137abe06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208947
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85584}
2023-02-01 10:11:51 +00:00
Victor Gomes
de7d26908f [maglev] Support constant loads in polymorphic access
Bug: v8:7700
Change-Id: I628b2abbe10578b7ee67dfd2a32a62dd5d7d866a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208929
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85583}
2023-02-01 09:52:20 +00:00
Marja Hölttä
6c84aa8e39 [rab/gsab|turbofan] Fix JSCallReducer::ReduceDataViewAccess for RAB/GSAB
Bug: v8:11111,chromium:1412001
Change-Id: Iff5e6efbb82060a62ed55ba84809b6469da872f9
Fixed: chromium:1412001
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208945
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85582}
2023-02-01 09:47:48 +00:00
Omer Katz
3ed225c851 [heap] Add scope to heap stats dumping at the end of a cycle
Bug: v8:12612
Change-Id: I791dadc925df120ef380960462382a229c9fd55a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208944
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85581}
2023-02-01 09:31:03 +00:00
Jakob Linke
cbbdf48bab [code] Update Code names and remove obsolete functions
- Remove camel-case Code accessors like InstructionStream since
  they only make sense on Code (where we have to distinguish between
  embedded builtins and other Code).
- Remove the prefix from 'raw_'-prefixed accessors since it was
  intended to clearly disambiguate from the camel-case accessors and
  is now no longer needed.
- Remove various dead functions.
- Update comments.

Bug: v8:13654
Change-Id: Ife51e4aef502fc30ab1526c205a49e5620be96f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205925
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85580}
2023-02-01 08:56:56 +00:00
Jakob Linke
ac99619606 [code] Remove the is_off_heap_trampoline bit
.. which no longer makes sense in today's code base. This was originally
introduced to distinguish Code objects containing the actual instruction
stream (= all non-builtin Code objects) from Code objects only
containing a trampoline with a `jmp` to the .text section (= where
instruction streams for embedded builtins are located).

Today, trampoline code no longer exists; rename the predicate to
`has_instruction_stream`, where

 has_instruction_stream == !is_off_heap_trampoline

Bug: v8:13654
Fixed: v8:13698
Change-Id: I78be1cee2e045c1944486b8a54a03eb9d1ce0c27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205921
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85579}
2023-02-01 08:38:29 +00:00
Omer Katz
df83719d4f [heap] Skip external string table cleanup
The cleanup is in practice only needed when heap verification is active.
In all other cases it can be delayed until the next full GC.

Bug: v8:12612
Change-Id: Ic31e1011d6377c2df255554eae56bd9eed40744a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208928
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85578}
2023-02-01 08:32:35 +00:00
Lu Yahan
d2a50664c0 [riscv] Fix atomics
Port commit 76a817e03a
Also, rename the enum variable in FFlagsMask from kOverflow to kFPUOverflow to avoid redefinition due to the commit 949bd4467d.


Change-Id: I83e42d4cb0cf48d678719572adb008ef101b23e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204830
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji.odyssey@gmail.com>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#85577}
2023-02-01 08:21:35 +00:00
Matthias Liedtke
05339e66f3 [maglev] arm64: Fix StringCharCodeAt for cons string
The load of the {second_string} field should only be
4 Byte size. In case of the object being at a page
boundary, the wrong load can trigger a segmentation
fault.
In all other cases, a wrongly loaded value will just
result in a deferred runtime call.

Bug: chromium:1411533
Change-Id: Icd22f6baa4a9625ebfced69f3b7a601adf795a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208936
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85576}
2023-02-01 06:37:58 +00:00
v8-ci-autoroll-builder
dd5afcfffb Update V8 DEPS (trusted)
Rolling v8/build: ddbdf3a..e0df145

Rolling v8/buildtools: 7a0617e..295c6e5

Rolling v8/buildtools/linux64: git_revision:629f6be82956987c7ac10faf2acf0534b1667fa2..git_revision:84c8431f3e03cc6226c59dd49637c15ea31169a1

Rolling v8/buildtools/third_party/libc++/trunk: b93c728..59bae40

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5ba838f..5a468cc

Rolling v8/third_party/depot_tools: 94b0eb1..3d072ab

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230129.3.1..version:11.20230131.1.1

Rolling v8/tools/clang: 527cfbb..44e5e39

Change-Id: I7e12e35e78b1b7528c64560f3a30b407e0296b9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4210695
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85575}
2023-02-01 03:47:33 +00:00
Choongwoo Han
f2305b3beb [v8windbg] Find Isolate by checking g_current_isolate_
After this commit:
ce2cded47e

The Isolate object for the current thread is stored in `g_current_isolate_` using `thread_local` instead of using `isolate_key_`.

Bug: v8:13394
Change-Id: I9ac1054cb7beea49c69a9990147321b68a1b80f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4211050
Commit-Queue: Choongwoo Han <choongwoo.han@microsoft.com>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#85574}
2023-02-01 01:00:25 +00:00
Rezvan Mahdavi Hezaveh
f891b0697d [v8:13321] Add a flag and a builtin for Array.fromAsync.
Added a flag to implemet Array.fromAsync behind it,
and added a builtin in builtin-array.cc for the implementation
of the feature.

Bug: v8:13321
Change-Id: I5498f5bbc4616594efdcf9be8f74dd46afe7a0b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204827
Commit-Queue: Rezvan Mahdavi Hezaveh <rezvan@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85573}
2023-01-31 23:12:59 +00:00
Dominic Farolino
04b766ad80 Console: Fix namespace class string
Per the WebIDL specification, objects that are namespaces must have the
their class string value set to their identifier name [1]. Since per
spec, console is defined as a namespace [2], console's class string must
be "console".

However, since the console object in Chromium/v8 is directly implemented
inside of v8, it doesn't adhere to the WebIDL binding norms. Its
implementation manually had its @@toStringTag set to "Object", which is
incorrect. This CL corrects it to "console" and adjusts test
expectations accordingly.

Unfortunately, this CL will have web-exposed changes to Chromium that
are not tested anywhere, specifically because console's implementation
of namespace did not adhere to the WebIDL spec. Separately,
https://crrev.com/c/4193348 fixes Chromium's web-exposed tests and
stable test expectations, to manually treat console as a namespace
(despite its broken implementation) so that the global interface listing
tests properly enumerate attributes/methods on the console object.
Once this CL lands, those expectations will need to be changed.

The motivation for this change is to ensure that all console attributes
and methods are properly accounted for in the usual Blink webexposed
stable tests that are owned by the Blink API OWNERs. This is because
recently, v8 shipped a new console method (createTask()) that entirely
bypassed the Chromium launch process:
https://www.chromium.org/blink/launching-features/, because no files
needed to be approved by Blink API OWNERs.

[1]: https://webidl.spec.whatwg.org/#ref-for-dfn-class-string%E2%91%A8
[2]: https://console.spec.whatwg.org/#console-namespace

Change-Id: I0bbd05242fc815945cce40c65d74995950d64115
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4193308
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Dominic Farolino <dom@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85572}
2023-01-31 20:35:36 +00:00
Deepti Gandluri
ff748cb6a4 Revert "[heap] Move the likeliest case of GcSafeTryFindCodeForInnerPointer up"
This reverts commit 9901a04144.

Reason for revert: Crashes on the CFI bots https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20cfi/38573/overview

Original change's description:
> [heap] Move the likeliest case of GcSafeTryFindCodeForInnerPointer up
>
> It's much more likely to find the code object in CODE_SPACE than in LO
> space (or the THIRD_PARTY_HEAP). Also, remove an obsolete and misleading
> comment.
>
> Bug: v8:13654
> Change-Id: Ia6c2a28a8eb5b0fb3f5951a9018fac0c0683a96e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205914
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85564}

Bug: v8:13654
Change-Id: Id2941c5b98289fdcc30efb47172d266bfd43de0e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4210628
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85571}
2023-01-31 19:12:59 +00:00
Shu-yu Guo
15cc02b4e8 [shared-struct] Disallow property redefinition
Shared objects have fixed layout (i.e. immutable maps) and start off
sealed. Ordinary JS objects allow writable properties to be redefined to
be non-writable. This violates the fixed layout invariant and needs to
be disallowed.

Also contains a drive-by fix removing
@highestInstanceTypeWithinParentClassRange, which is unneeded.

Bug: chromium:1407595, v8:12547
Change-Id: I0257fa19f59ccfaaf0e07cb42aeedd71e132d21a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4190525
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85570}
2023-01-31 18:42:46 +00:00
Dave Tapuska
d3f27e067e [ios] Enable ability to run V8 in jitless mode on iOS device
Forcibly enable jitless mode since we do not have access to executable
code pages. This will also disables wasm.

Do not enable JSCVT based on the compiler since older iPhones may not
have the JSVCT instruction. This will eventually need to be done
dynamically.

Use the host toolchain when compiling on M1 Macbooks for iOS devices.

Ensure we use 16k alignment for pages.

Bug: chromium:1411704
Change-Id: I0019a2fc7b645b96ae105504d915cd0c3e3eafdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4206250
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85569}
2023-01-31 18:41:43 +00:00
Victor Gomes
5d8afae6d4 [maglev] Remove MaglevOutOfLinePrologue
The flag is currently poorly tested and we are unlikely to
use the OutOfLinePrologue in its current form.

Bug: v8:7700, chromium:1411153
Change-Id: Ifd5867910d79fbdeaebb4c21f7070f806d78052c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4208932
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85568}
2023-01-31 18:40:41 +00:00
Omer Katz
553700180e [heap] Optimize Sweeper::StartSweeperTasks
Optimize Sweeper::StartSWeeperTasks a bit by
1) Skip SnapshotPageSet when possible and only get a lock for shared
   heap.
2) Retain ConcurrentSweepers for the lifecycle of Sweeper.

Bug: v8:12612
Change-Id: Id30f07e346d42c99ae6b0ab1336a95c65ee7cb15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203383
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85567}
2023-01-31 18:39:38 +00:00
Maya Lekova
8ce2c87338 Revert "[turboshaft] Implement structural optimization reducer"
This reverts commit 596e56868d.

Reason for revert: Breaks JetStream2 on perf bots.

Original change's description:
> [turboshaft] Implement structural optimization reducer
>
> This CL adds a new Turboshaft reducer that is suitable for changing the
> graph in a way that doesn't reduce individual operations, rather changes
> the structure of the graph. The first such reduction we support is
> transforming if-else cascades that check if a given value is equal to
> any constant from a given set into a switch with cases corresponding to
> the constants in the set.
>
> Bug: v8:12783
> Change-Id: Iee1e5581a334c3dc255d673d2178f76706e6dae2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4106752
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85561}

Bug: v8:12783
Change-Id: Ic9ded7f4e18258346f547600cb541b2fa094fb8d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4210088
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85566}
2023-01-31 17:11:51 +00:00
Clemens Backes
614f62d8a1 [turbofan] Use movl for reloading 32-bit values
This enables an optimization for JavaScript which is currently only
enabled for WebAssembly. Clusterfuzz found problems on a previous try to
enable this (see https://crbug.com/1356461), but a fix
(https://crrev.com/c/4197349) landed in the meantime which might have
fixed things.
Any resulting crashes or other issues will have to be fixed before the
v11.2 branch cut, otherwise we will have to revert this CL.

R=jkummerow@chromium.org

Bug: v8:13581
Change-Id: I139804e53285803d7f2178893c86b520c96a8eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205923
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85565}
2023-01-31 16:26:49 +00:00
Jakob Linke
9901a04144 [heap] Move the likeliest case of GcSafeTryFindCodeForInnerPointer up
It's much more likely to find the code object in CODE_SPACE than in LO
space (or the THIRD_PARTY_HEAP). Also, remove an obsolete and misleading
comment.

Bug: v8:13654
Change-Id: Ia6c2a28a8eb5b0fb3f5951a9018fac0c0683a96e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205914
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85564}
2023-01-31 16:04:08 +00:00
Omer Katz
20a592c212 [heap] Fix bug in ArrayBufferSweeper
Calling EnsureFinished could sweep array buffers without first making
sure that promoted page iteration is done.

Bug: chromium:1411076
Change-Id: Ic6cb9b13af0851f40c8720f046602a7739aa0efa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205922
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85563}
2023-01-31 15:59:02 +00:00
Jakob Linke
3ebbb651e2 Remove CodeLookupResult
.. and replace it by base::Optional<Code>. It's no longer needed, now
that Code and InstructionStream cases are merged.

This was trickier than it sounds at first, because:

- CodeLookupResult (CLR) was used during the MARK_COMPACT GC phase and
  thus had to observe subtle semantics in the presence of
  forwarding pointers.
- CLR implicitly contained a Code object for off_heap_trampolines
  and an InstructionStream object for everything else. These implicit
  behaviors threaded through elsewhere, e.g. in the
  inner-pointer-to-code cache which relies on the fact that the
  underlying object pointer does not move until GC completes and
  the cache is flushed.
- Semantics of the dual-object {Code,InstructionStream} are generally
  very subtle during GC.

This CL attempts to make all this more explicit by introducing a
GcSafeCode wrapper type which must be used in code that is affected
by semantics described above. The GcSafeCode type exposes only methods
that are safe to call during MARK_COMPACT.

Drive-by:
- Rename the Heap::GcSafeFoo function family s.t. a 'GcSafe' prefix
  means that the function can be used during GC and returns
  GcSafeCode objects; and 'TryFind' vs. 'Find' returns a
  base::Optional<Foo> vs. just Foo.

Bug: v8:13654
Change-Id: I410b5539ea1b584b823bce2dafd8d1328eedc039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203385
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85562}
2023-01-31 15:03:28 +00:00
Maya Lekova
596e56868d [turboshaft] Implement structural optimization reducer
This CL adds a new Turboshaft reducer that is suitable for changing the
graph in a way that doesn't reduce individual operations, rather changes
the structure of the graph. The first such reduction we support is
transforming if-else cascades that check if a given value is equal to
any constant from a given set into a switch with cases corresponding to
the constants in the set.

Bug: v8:12783
Change-Id: Iee1e5581a334c3dc255d673d2178f76706e6dae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4106752
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85561}
2023-01-31 14:27:23 +00:00
Al Muthanna Athamina
961868decf [NumFuzz] Skip test with contradictory flags on NumFuzz
No-Try: true
Change-Id: I0e33555a2d4629d6c04985f3c92d48d8db4e46cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205913
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85560}
2023-01-31 13:07:35 +00:00
Marja Hölttä
1f349da554 [web snapshots] Remove web snapshots
Bug: v8:11525
Change-Id: I0931408eefa4f55b0c9e8c0973787edfb903083a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205917
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85559}
2023-01-31 12:43:03 +00:00
Omer Katz
9bc6586712 [heap] Delay remembered set filtering to next GC marking phase
MinorMC only promotes whole pages, but doesn't move any objects. Thus
there is no need to update specific pointers. The update pointers phase
in practice only filters for objects that were promoted.
Since marking anyway needs to filter the remembered set (because slot
may be overwritten), we can just filter the remembered set once there
instead of doing it twice (i.e. end of evacuation and the following
marking phase).

Updating the external strings table remains as is since it is used by
heap verification as well.

Bug: v8:12612
Change-Id: I7e36e8acb886852087d303eceec4276f5349b272
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205907
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85558}
2023-01-31 11:37:46 +00:00
Omer Katz
cabbfe53d5 [heap] Fix DCHECK in Heap::PerformGarbageCollection
In memory reducing GCs, promoted page iteration is not delayed and thus
pretenuring feedback is available earlier.

Bug: chromium:1411113
Change-Id: I3140b0bbcb9bfa537def5faac9ddd07183668498
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204030
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85557}
2023-01-31 10:30:40 +00:00
pthier
39b0ade26b [regexp] Canonicalize character range before adding case equivalents.
Adding case equivalents requires a canonicalized character range.
With unicode sets we missed to canonicalize ranges before adding case
equivalents in two locations.

Bug: chromium:1410963
Change-Id: I5907062f8c29b6e9d4a4c8166d3af05079298c50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205912
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85556}
2023-01-31 10:26:36 +00:00
Camillo Bruni
1cf624ba03 [tools] Improve run_perf.py
- Mark run_perf.py executable
- Add more user-friendly option --d8-path aliase
- Add --repeat alias that matches the go/crossbench flag
- Handle symlinks for d8-directory using pathlib
- Only print timeout message if the result has timed_out == True
- Add .DS_Store to gitignore

Change-Id: Ia0fb0b926632af4b520d3aaf447e5bd35723816e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205910
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85555}
2023-01-31 10:24:16 +00:00
Jakob Linke
fcce324c4e Remove obsolete DCHECK in TrySetOsrUrgency
Originally this was a condition (not a DCHECK) guarding against OSRing
into self-hosted JS builtins, which no longer exist since 2016. After
various refactors, our assumption was that this could no longer
happen, and we changed the condition into a DCHECK.

However it appears that we still have non-user-JS functions that can
reach TrySetOsrUrgency as part of extensions, e.g.
--expose-externalize-string; but I can't think of a reason not to OSR
these.

Let's try removing the DCHECK.

Bug: chromium:1410985
Change-Id: I2698eac4cecbf5aa33775c0217c2f69a3c96323a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205909
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85554}
2023-01-31 08:57:57 +00:00
v8-ci-autoroll-builder
041fd99875 Update V8 DEPS (trusted)
Rolling v8/build: c6df5bb..ddbdf3a

Rolling v8/buildtools: 3c7e3f1..7a0617e

Rolling v8/buildtools/linux64: git_revision:5e19d2fb166fbd4f6f32147fbb2f497091a54ad8..git_revision:629f6be82956987c7ac10faf2acf0534b1667fa2

Rolling v8/buildtools/third_party/libc++/trunk: 1127c78..b93c728

Rolling v8/buildtools/third_party/libc++abi/trunk: d520d58..b74d771

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/35d0649..5ba838f

Rolling v8/third_party/depot_tools: b7d8efd..94b0eb1

Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230129.1.1..version:11.20230129.3.1

Rolling v8/tools/clang: c272f2c..527cfbb

Rolling v8/tools/luci-go: git_revision:221383f749a2c5b8587449d3d2e4982857daa9e7..git_revision:c41d94e382727fc5276cd2771741990543fce337

Rolling v8/tools/luci-go: git_revision:221383f749a2c5b8587449d3d2e4982857daa9e7..git_revision:c41d94e382727fc5276cd2771741990543fce337

Change-Id: I91cb3fdbcd092a84ff68a2ef261752e1ff0f65c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4205882
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85553}
2023-01-31 03:56:09 +00:00
Milad Fa
35964e2418 PPC/s390: [wasm][memory64] Fix atomics
Port 76a817e03a

Original Commit Message:

    This fixes a TODO about atomics and memory64 and removes the explicit
    CHECK that checks for the unsupported situation.
    Similar to other memory accesses, the memory index is supposed to be a
    64-bit value if memory64 is being used.
    The bounds checking implementation in Liftoff and TurboFan is shared
    with non-atomic memory accesses, so this is already prepared for
    memory64. We only need to fix the expected type in the function body
    decoder, and prepare the assembler for 64-bit values.

R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I61bb3106c9661f7b8aa72b27ed439a8d94890192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204353
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/main@{#85552}
2023-01-31 01:35:39 +00:00
Shu-yu Guo
8131315998 [objects] Pass isolate to integrity-level methods
With shared objects we can't get the isolate from the heap object, so we
need to pass the isolate as an argument.

This CL plumbs the Isolate through the following set of methods on
JS{Object,Receiver}:

- SetIntegrityLevel
- TestIntegrityLevel
- PreventExtensions
- IsExtensible

Notably it does not touch the same methods on JSProxy, because JSProxies
are never shared.

Bug: v8:12547
Change-Id: I24fcf4b7f9f9d72218ff1f386c34577912a93be1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4204828
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85551}
2023-01-30 23:20:15 +00:00
Omer Katz
24b1878832 [heap] Don't start a job for MinorMC evacuation
With concurrent promoted page iteration, the parallel evacuation phase
merely pushes the pages to the sweeper. Therefore, the work is minimal
and there is practically no justification to start a parallel job for
it.

Bug: v8:12612
Change-Id: I585d9e23e07b70fa780239bd26843530c6ca69a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203376
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85550}
2023-01-30 15:59:06 +00:00
Leszek Swirski
cfd4728fb2 [compiler] Consider CheckMaps with migration as side-effecting
CheckMaps with migration can (and is expected to) mutate fields and maps
on migration, which means it cannot be considered to be
non-side-effecting in terms of writes.

This allows us to revert crrev.com/c/3998653, as we should now correctly
insert a dynamic map re-check after a potential map migration.

Bug: chromium:1380063
Change-Id: I28f78f0579529279b4c3810fabbd2edb653a6f1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203379
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85549}
2023-01-30 15:44:28 +00:00
Omer Katz
e6a2efbc1c [heap] Optimize incremental sweeping for MinorMC
1) Eliminate scopes for ContributeToSweepingMain when there is no work
   to do.
2) Get all swept pages in a single lock instead of lock per page.

Bug: v8:12612
Change-Id: I41ee0aa196327f6a61c698164ff3126527c6113b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197353
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85548}
2023-01-30 15:19:45 +00:00
Camillo Bruni
8e8492b1a2 Remove script-ablation code
The script ablation study was never pushed to stable.
The preliminary numbers showed non-monotic behavior for high-level
metrics for initial script delays < 250ms.

Depends on code removal in chrome: https://crrev.com/c/4189106

Bug: chromium:1193459
Change-Id: I96540937768566d243a1bfd94234c3dd1b35a77d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4188389
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85547}
2023-01-30 15:05:14 +00:00
Clemens Backes
7f3574e01c [wasm] Improve LEB decoding slow-path
Returning a pair instead of writing to two output parameters avoids a
number of memory writes in the unrolled LEB-decoding slow path.
Instead of writing to the length and result pointer after each byte, we
now only write once at the very end.

This makes the LEB decoding slow-path ~30% faster locally (but we do not
spend much time in that function overall for most modules).

R=dlehmann@chromium.org

Bug: v8:13565, v8:13673
Change-Id: I02baeb0eb4620c46ba0babbc32bb6ac087887d34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200633
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85546}
2023-01-30 14:36:37 +00:00
Maya Lekova
ef3a00533f [fastcall] Fixed missing representation in GetProjectionType
Bug: chromium:1399490
Change-Id: I01adc3dd8da7ce3e544ca6507172d036b10c0861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4197351
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85545}
2023-01-30 14:14:23 +00:00
Clemens Backes
823433c24b [liftoff][cleanup] Remove source argument to stack merging
Stack merging must always happen from the "current" state. Thus remove
the `source` argument to `MergeFullStackWith`, and implicitly use
`cache_state_`.
Note that `MergeStackWith` already does the same.

R=jkummerow@chromium.org

Change-Id: I501182e764e60edcb4f6ebf33b9863e652bf3875
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4203374
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85544}
2023-01-30 13:35:44 +00:00