For standard test failures, the variant name is enough to deduce the
full command line of the test. This is used to create the flako
command line on the infra side.
Test failures from numfuzz have additional variant_flags, calculated
by the fuzzer, which don't match a variant name. Exposing those in
the test results will enable printing a proper flako command line
on infra side for numfuzz cases.
Bug: v8:8971
Change-Id: Ie47d42a0b34037da458b474f2a9ab38f1a5d238a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554689
Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60656}
This introduces a new PROTOTYPE_DESCRIPTOR_ARRAY_TYPE, which is used to
be able to distinguish DescriptorArrays for prototypes from regular
ones. This is primarily useful for the live objects, since for dead
DescriptorArrays we will likely not be able to figure out whether they
belong to a prototype Map, unless they die together.
Bug: v8:7266
Change-Id: I4b8e0008cc8bae607778151b7c18d30f4efba88d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554687
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60654}
This is a reland of d746be9ceb
Original change's description:
> [wasm] Use work-stealing queues for background compilation
>
> This reduces contention on the mutex protecting the {CompilationState}
> by splitting the compilation unit queues into several queues (one per
> background task). Each task executes its own queue first, and steals
> from other queues once it runs out of work.
> The implementation of the set of work-stealing queues is encapsulated
> in the new {CompilationUnitQueues} class in module-compiler.cc.
>
> R=titzer@chromium.org
>
> Bug: v8:8916
> Change-Id: I5a40314917e7d4a35d7ff9e8ec124ec212beacab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543350
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60572}
Bug: v8:8916
Change-Id: Ic0cbad0ddc31be24715c5490b9ec71a39186fd3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549172
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60653}
Typed arrays with elements cannot be frozen, but this function
previously would have falsely reported that they are after
an `Object.freeze()` call. Since the latter bails out when
the object is already frozen, the effect was that when calling
`Object.freeze()` on a typed array more than once, the first call
would throw and subsequent ones would not.
Change-Id: I75e59f51ebb94797cdf39bac4ec4c25c547e70a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552781
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60652}
This introduces new virtual instance types to further diagnose what's
going on in MapSpace, namely:
- MAP_ABANDONED_PROTOTYPE_TYPE includes all the abandoned (fast-mode)
prototype maps.
- MAP_DEPRECATED_TYPE includes all the deprecated (fast-mode) maps.
- MAP_DICTIONARY_TYPE includes all the dictionary-mode maps.
- MAP_PROTOTYPE_DICTIONARY_TYPE includes all the prototype maps in
dictionary-mode.
- MAP_PROTOTYPE_TYPE includes all the prototype maps in fast-mode.
- MAP_STABLE_TYPE includes all the (fast-mode) stable (leaf) maps.
Those maps who don't fall into any of the buckets above are categorized
as MAP_TYPE (as before).
The naming was chosen like this to make it possible to filter for the
relevant maps in the object stats via 'MAP_.*_TYPE'.
Bug: v8:7266
Change-Id: I233734e96a390ddb391bfff8a34a8fec842d1f7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554685
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60651}
This ensures the lifetime of reference values on the simulated operand
stack of the interpreter is coupled to a lifetime of the {ThreadImpl}.
We no longer directly store reference values on the stack, but maintain
a separate "reference stack" on the GC'ed heap. This will ensure the GC
traces such references properly.
The new {StackValue} safety wrapper makes sure all use-sites that access
the operand stack properly convert to/from handles when dealing with
reference values.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-interpreter
BUG=v8:8091,v8:7581
Change-Id: I8c05f2d945a6def943b89be0cfca538a73df8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552791
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60650}
This expose v8::Context::DetachGlobal() as Realm.detachGlobal() in d8,
so that we can test API behaviors on Blink's detached iframes.
Change-Id: I4de1dd1a20d5862aba709e36d1d6afa9b221df6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554322
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60649}
This is the first step towards full huge typed array support in V8.
Before this change, the JSTypedArray::length and the elements backing
store length (FixedTypedArrayBase::length) were used more or less
interchangeably to determine the number of elements in a JSTypedArray.
With this change we disentangle these two lengths, and instead make
JSTypedArray::length authoritative. For on-heap typed arrays, the
FixedTypedArrayBase::length will remain the number of elements in the
backing store, but for the off-heap typed arrays, this length will be
set to 0 (matching the fact that the FixedTypedArrayBase instance does
not contain any elements itself).
This also unifies the JSTypedArray::set_/length() and length_value()
methods to only have JSTypedArray::set_/length() which returns/takes
size_t values. Currently this still requires the values to be in Smi
range, but later we will extend this to allow arbitrary size_t values
(in the safe integer range).
Bug: v8:4153, v8:7881
Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60648}
Locks for compilation state callbacks and for the native module are
again taken one after the other. As a consequence, publishing compiled
Wasm code again happens in parallel. Compile times are now comparable to
before lazy hints were enabled.
Bug: chromium:949050
Change-Id: I45c52254d046de080938bd131fd3ed8116660bef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552787
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60646}
This reverts commit 1fb26d837f.
Reason for revert: Flushes out TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/25782
Original change's description:
> [regalloc] Enable control flow aware allocation
>
> This is a test to see how much and where we regress. We have seen
> some quirks of our current allocator that do not show up in this
> new approach, so we need to decide whether to stabilize the new
> allocation scheme. Performance numbers are a key indicator for that
> decision.
>
> This patch is intended to be reverted after stability and performance
> numbers are in (i.e. after a few days).
>
> Change-Id: I8df8ff7de8efa82a8abbdfa1d21d7877756f129e
> Bug: v8:9088
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552786
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60643}
TBR=mstarzinger@chromium.org,jarin@chromium.org,sigurds@chromium.org
Change-Id: Ia1934b01b0909479b2bd52ba686cc9b3fb364b4b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554682
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60645}
This is a test to see how much and where we regress. We have seen
some quirks of our current allocator that do not show up in this
new approach, so we need to decide whether to stabilize the new
allocation scheme. Performance numbers are a key indicator for that
decision.
This patch is intended to be reverted after stability and performance
numbers are in (i.e. after a few days).
Change-Id: I8df8ff7de8efa82a8abbdfa1d21d7877756f129e
Bug: v8:9088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552786
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60643}
Some state related to WasmMemories is cached on the JSArrayBuffer
object (is_growable, is_wasm_memory). The problem with this is in
some PostMessage flows, this information can get lost depending on
how JSArrayBuffers are deserialized. In this particular case when
the WasmMemory is postMessaged, it goes through the Blink
DedicatedWorkerMessagingProxy::PostMessageToWorkerGlobalScope flow,
which reconstructs the ArrayBuffer from the backing store, and size,
and loses the is_growable flag, leading to a failure to grow memory.
Moving the is_growable flag so that AllocationData can be the source
of truth for all wasm memory state, and is consistently preserved
across PostMessage.
Change-Id: I775f66ddeff68b8cafc18b75ca5460dfb0343c8b
Bug: v8:9065
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549789
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60641}
Indexed fields in classes can now be initialized using iterators
and a spread syntax, e.g.:
class Foo {
length: Smi;
elements[length]: Object;
}
new Foo{length: 5, elements: ...iter};
where iter implements Torque's iterator protocol. This protocol
requires the definition of a method with the following signature:
Next(): <type> labels NoMore;
Where <type> is the Torque type of the values to be iterated.
In the case of indexed field initialization, the type must be
the field's type or a subtype thereof.
Field initialization with spread is desugared into a loop that
calls the spread iterator's Next method and assigns each
returned value in order to the corresponding indexed field
element.
The general machinery for the spread syntax has been added to
the ast and parser, however, it can currently only be used in
the specific context of indexed field initialization. Spread
operators used in any other context will cause an error.
Bug: v8:7793
Change-Id: If071e61db8166573c28d13318879c88ba96f6d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550407
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60639}
We only use the safe math helpers (CheckedNumeric<T>) in very few
places. The headers are huge though, and complex. They are pulled in to
839 of our object files, increasing compilation time.
I also find the implicit checks more easy to understand than the complex
logic in CheckedNumeric.
Thus, this CL removes the safe_math headers and implements bounds
checks for the five uses explicitly.
R=jkummerow@chromium.org, mlippautz@chromium.org
Bug: v8:8834
Change-Id: I2d60f95799ee61cfa161354428605f67829cd736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547651
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60630}
It's implied by the last clause of the conjunction.
Change-Id: I78a810a259888eda696c77cd6c117b35ef9e861a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549171
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60627}
Context::microtask_context can be null after v8::Context::DetachGlobal
is called, and that should cancel microtasks that are associated to
the detached context.
However, there are several callers left without the null check to the
microtask queue, and that causes crashes.
This CL adds the null check and cancellation as the crash fix.
Bug: chromium:937784
Change-Id: Ie8d107f28f200cee6e75798e3f72c5ed7a2a461c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545139
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60623}
This changes the syntax for constructing structs and classes to explicitly
mention the fieldnames, similar to JavaScript object literals.
The fields still have to be listed in the same order as in the struct/class
declaration.
As in Javascript, {foo: foo} can be abbreviated as {foo}.
Example:
macro NewJSArray(implicit context: Context)(
map: Map, elements: FixedArrayBase): JSArray {
return new JSArray{
map,
properties_or_hash: kEmptyFixedArray,
elements,
length: elements.length
};
}
Drive-by cleanup: Make struct and class constructors follow the same pattern
in the parser and the AST.
Bug: v8:9018 v8:7793
Change-Id: I22ff7f68270e4f406aa80731a709d41ea52f52bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1551999
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60622}
Don't record samples from machines without high-resolution timers,
as that can cause serious reporting issues. See the thread at
http://g/chrome-metrics-team/NwwJEyL8odU/discussion for more details.
Bug: v8:9074
Change-Id: I8f9b588b249f944c4bc95feedf56960b28db9ddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552001
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60621}
This is port for https://crrev.com/c/1524482
Original commit message:
This allows immediates to be encoded directly into instructions, rather than
mov-ing constants to registers first.
This patch only changes emit_{i64,i32}_add, other emit_ functions will be changed once
this approach has been approved.
Bug: v8:9038
Change-Id: I96929f870e54b24403a32428f3db31b42f41087a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545148
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60619}
This reverts commit 42beed975e.
Reason for revert: This commit seems to cause consistent failures in
some ProcessMemoryMetricsEmitterTest tests on Mac and ChromeOS. I'm
not sure what the exact reasoning behind this is. See https://crbug.com/949157.
Original change's description:
> Reland "[ptr-compr][x64] Temporarily enable pointer compression on x64"
>
> This is a reland of 4f051fd5da
>
> Relanding after fixing Chromium issues.
>
> Original change's description:
> > [ptr-compr][x64] Temporarily enable pointer compression on x64
> >
> > ... and make sure that the x64 ptr-compr bots proceed testing V8 without
> > pointer compression in order to keep testing the full pointer mode.
> >
> > Bug: v8:7703
> > Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_tsan_rel
> > Change-Id: Iee725deda813425a6f0722948b54976154f50909
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1497139
> > Reviewed-by: Michael Hablich <hablich@chromium.org>
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60230}
>
> Bug: v8:7703
> Change-Id: Ic2d1c2ae41ec645f34963f5f561c33199c72ef4b
> Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng,v8_linux64_tsan_rel
> Cq-Include-Trybots: luci.chromium.try:fuchsia_x64,linux-rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535819
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60582}
TBR=machenbach@chromium.org,hablich@chromium.org,leszeks@chromium.org,ishell@chromium.org,verwaest@chromium.org
Change-Id: Ib9737081e90dddcfe44af9da1275a610da209323
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550709
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60618}
Just rely on calling toString. This matches other vendor's implementations.
BUG=chromium:948257
R=dgozman@chromium.org
Change-Id: I325a12dd47712263a1ef4deee0bb2de9c4a1c656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545124
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60617}
Making 43K of room for landing ICU64.
Size Change (on x64.release)
D8 before 23,683,192
D8 after 23,639,296
Reduce 43,896 bytes
Bugs: v8:8348
Change-Id: I057f7d59e955a2e5e017873e5b3b5daf5b142ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1478710
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60616}
These tests make sure the ticks are correct when resolving against a
Promise.
Without the optimization, the result is:
"start,tick 1,tick 2,tick 3,tick 4,done,tick 5"
With the optimization, the result is:
"start,tick 1,tick 2,done,tick 3,tick 4,tick 5"
Bug: v8:8267
Change-Id: I6c6499c7c256927531a99bab4ae1c5bd5069ef7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534884
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60615}
This is a part of porting Proxy-related builtins to Torque.
Spec: https://tc39.github.io/ecma262/#sec-proxy.revocable
Bug: v8:6664
Change-Id: I5f53eb4dff8ff9d3156b601652f3f86ede25fc1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529261
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60613}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in interpreter code to 'using' declarations.
R=leszeks@chromium.org
Bug: v8:8834
Change-Id: Ide1e8a35a56a840b36b3ceab1307df1bcab94acd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545900
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60609}
This CL enables adding code to the top-most {WasmCodeRefScope} when
either adding code to the {NativeModule} (we have a nice choke point
for that in {PublishCodeLocked}), or when looking up existing code from
a {NativeModule}.
It also enables the DCHECK that for each such operation, there must be
an enclosing {WasmCodeRefScope}.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: Ie93ca0b31b1577bef074923b3d228a9f214a909c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60608}
