Client isolates need the incremental marking barrier for objects in
the shared heap. The marking barrier for the shared heap can be
enabled either with or without incremental marking in the client
isolate's local heap.
Client isolates get a new marking worklist in the MarkingBarrier
class for marking of shared objects. Shared objects will always be
pushed into that worklist for tracing. MarkingBarrier can be enabled
for shared marking and/or marking of local isolates.
Bug: v8:13267
Change-Id: I0b60134432de9af3c76e24620816555ee49da1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001768
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84202}
The wrapper obects for the debugger displayed e.g. in dev tools
contain a proper `null` value already.
Note: This only affects the printing of wasm tables in the test.
Change-Id: I3c2e9580b0a3983b66b9c3e2e16e5a2b322a9ff7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020261
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84201}
To avoid requiring optimized code to do too extensive checking, this CL
reduces the extent to which we recognise similar values as the same
value for const fields. For smi/tagged/heap-object fields we only
support the exact same object; also if we might have a new reboxed
version of a double. For double fields we only support the exact same
bit patterns.
Change-Id: Ifd136aa442054fe9059d0de47e31455d6e1e25ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020509
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84198}
Shared object constructors' .prototype are null and aren't used for
instance creation. Set them to read-only so as to not trigger code that
tries to invalidate code due to instance prototype changes.
Bug: v8:12547, chromium:1381398
Change-Id: I2b712d1eb60d6d10c76a5f94b12e9f9010cabd5b
Fixed: chromium:1381398
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4018916
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84195}
Use USE(), (void) is void with GCC.
Bug: chromium:1352175
Change-Id: Ic254a5d0ca2bb6d8179dfe5ba74f1d0753d456ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4022027
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84193}
This introduces a barrier that ensures that
`V8InspectorClient::runIfWaitingForDebugger()` is only invoked once all
sessions that requested a paused have invoked runIfWaitingForDebugger.
Downstream change: https://chromium-review.googlesource.com/c/chromium/src/+/3977348
Bug: chromium:1352175
Change-Id: I9049c2de6da8e690ad4312cd6cb799619125bb62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976353
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84191}
Similar to atomics and numerics, also GC instructions can be invalid,
which would violate the encoded assumption.
R=ahaas@chromium.org
Change-Id: I76e236f112cf8bdb389b45890b26f73d1f460af0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020415
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84180}
Similar to https://crrev.com/c/4008538, this fixes the assumption for
numeric opcodes. It previously failed on illegal numeric opcodes.
R=ahaas@chromium.org
Bug: chromium:1382816
Change-Id: I47dc0412c4c32b5fd766a9f9fd96b4b270da86c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020413
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84177}
{ModuleWireBytes} is just a wrapper around {base::Vector<const byte>},
so should be passed by value, just as {base::Vector}.
This CL adds a comment about this and fixes all functions and methods
that receive a {ModuleWireBytes} via const reference.
R=ahaas@chromium.org
Change-Id: Idbdc66c04a9acb92934b450c046ba7fd055448e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013309
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84172}
This removes a few dynamic checks whether a block type immediate is
using the MVP syntax with 0-1 return types, or has a full signature (for
multi-return).
We now always provide a signature, using another field in the
{BlockTypeImmediate} as storage for MVP types.
This makes {BlockTypeImmediate} slightly bigger, which should not be a
problem as there is always only one of them alive, and it's stored on
the stack.
R=jkummerow@chromium.org
Change-Id: Ie36b73f7213826f32cd349c33f23d834c9de0a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3991249
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84168}
When building the Turbofan graph for an inlined function, we should
record dangling exceptions (which will be connected to the callee's
handler) as we go, rather than try to recover them later. Apart from
making the code more maintainable, this fixes a bug where the handler
was not recovered correctly when memory start/size were reloaded.
Bug: v8:12166
Change-Id: Idbb71f0ba9f9d492f00115c516cbe5e61b6cd162
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4016876
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84165}
This reverts commit 39d387bb72.
Reason for revert: causes DCHECKS, timeouts, TSAN failures under stress
Original change's description:
> [heap] Invoke allocation observers before limiting the LAB
>
> Currently whenever we reach a step we get a small LAB the same size as
> the allocated object. This is becuase the remaining step size is smaller
> then the current allocation.
> Invoking observers before limiting the LAB, and thus updating step
> sizes, should eliminate the small LAB we get whenever we reach a step.
>
> Drive-by: remove redundant method arguments.
>
> Bug: v8:12612
> Change-Id: Ied92a947308368d3b289e246fdb4f40ac5e5981f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013683
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84157}
Bug: v8:12612, v8:13465
Change-Id: I74b412dc41bfc86ea7fb190ce3284349a9022057
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4018913
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84162}
Currently whenever we reach a step we get a small LAB the same size as
the allocated object. This is becuase the remaining step size is smaller
then the current allocation.
Invoking observers before limiting the LAB, and thus updating step
sizes, should eliminate the small LAB we get whenever we reach a step.
Drive-by: remove redundant method arguments.
Bug: v8:12612
Change-Id: Ied92a947308368d3b289e246fdb4f40ac5e5981f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013683
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84157}
This is a reland of commit bc777d5fd6
Original change's description:
> [wasm-gc] Allow (ref none) to occur internally
>
> This type is uninhabited by any actual values, but it can show up
> as a "theoretical" value in the type system, e.g. for conditional
> branches that are statically never-taken.
>
> Bug: v8:7748
> Change-Id: Ieb8a5354dbd04fe76e1047766c5bb60f02f6cdd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013859
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84125}
Bug: v8:7748
Change-Id: I9cd3dbd20b0e62959203171d3c7180ef2efeecba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013329
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84155}
This reverts commit 910def9edc.
Reason for revert: Speculative Revert https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/9800/overview
Original change's description:
> [heap] Load MarkingBarrier from thread local on main thread
>
> Each thread has its own MarkingBarrier instance for incremental
> marking. A thread local variable is used to get the current thread's
> instance on background threads.
>
> However on main threads this thread local variable was always
> set to nullptr. The main thread would get to its own instance through
> the heap_ field in the host object's page header. This was solved this
> way because setting current_marking_barrier on the main thread
> seemed quite complex. Multiple isolates may be run on the same thread
> and isolates may even be migrated between threads.
>
> However, with --shared-space loading the heap_ field for a shared
> object would return the main isolate's heap and we end up with
> the wrong MarkingBarrier instance on client isolates. So this
> CL makes main and background threads more uniform by setting the
> thread local field also on the main thread. The field is set by
> the already existing v8::Isolate::Scope API. Some embedders might have
> to add these scopes if they don't use them properly already.
>
> Bug: v8:13267
> Change-Id: Idfdaf35073d04dd5e13ad6065ef42eae3ce6a259
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3998633
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84144}
Bug: v8:13267
Change-Id: Id8493dfac03d789721ca30cd29b0dd4b67006881
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4017192
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84151}
Each thread has its own MarkingBarrier instance for incremental
marking. A thread local variable is used to get the current thread's
instance on background threads.
However on main threads this thread local variable was always
set to nullptr. The main thread would get to its own instance through
the heap_ field in the host object's page header. This was solved this
way because setting current_marking_barrier on the main thread
seemed quite complex. Multiple isolates may be run on the same thread
and isolates may even be migrated between threads.
However, with --shared-space loading the heap_ field for a shared
object would return the main isolate's heap and we end up with
the wrong MarkingBarrier instance on client isolates. So this
CL makes main and background threads more uniform by setting the
thread local field also on the main thread. The field is set by
the already existing v8::Isolate::Scope API. Some embedders might have
to add these scopes if they don't use them properly already.
Bug: v8:13267
Change-Id: Idfdaf35073d04dd5e13ad6065ef42eae3ce6a259
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3998633
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84144}
This CL adds a regression test for sloppy block function hoisting and
debug-evaluate. This was fixed in the past but the test was missing.
Fixed: chromium:1246897
Change-Id: I1d7dcbd4d95ef8e5a09f09615de017b65c3e7087
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4011039
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84141}
If a CDP client requests Debugger.pause during instrumentation pause,
the requests is currently ignored.
With this patch, the debugger will take note of a pause request during
instrumentation pause and enter the pause once the instrumentation pause
resumes.
Bug: chromium:1381967
Change-Id: I4d0337a92fa31d0666ab02b54f95aba4d89592b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008379
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84138}
This introduces a new "caught" case for Debugger.setPauseOnExceptions,
which instructs the V8 Debugger to only break on exceptions that are
predicted as caught. Previously it wasn't possible to express this with
Chrome DevTools Protocol.
Bug: chromium:1324920, chromium:1346231
Change-Id: I507cfb6058148b2e238b8f66e9720ab68cb81575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013330
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84137}
The wrong iteration length is currently used to check if any element in
a sorted worklist is not a Smi.
Bug: chromium:1381656, v8:12764
Change-Id: Ia46bb8ec68849696d452c31eb47b2904bba7fa3d
Fixed: chromium:1381656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4010520
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84133}
This reverts commit bc777d5fd6.
Reason for revert: WasmTyper needs adaptations.
Original change's description:
> [wasm-gc] Allow (ref none) to occur internally
>
> This type is uninhabited by any actual values, but it can show up
> as a "theoretical" value in the type system, e.g. for conditional
> branches that are statically never-taken.
>
> Bug: v8:7748
> Change-Id: Ieb8a5354dbd04fe76e1047766c5bb60f02f6cdd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013859
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84125}
Bug: v8:7748
Change-Id: Ic6fdd5deaabb2bac99dee25ccc65971b8de31e7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013688
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84132}
This reverts commit 24bddb5682.
Reason for revert: Speculative revert for flaky crashes on gpu bots:
https://ci.chromium.org/ui/p/v8/builders/ci/Win%20V8%20FYI%20Release%20(NVIDIA)/17029/overviewhttps://ci.chromium.org/ui/p/v8/builders/ci/Mac%20V8%20FYI%20Release%20(Intel)/19158/overview
More details and dcheck failure:
https://chromium-swarm.appspot.com/task?id=5e70eb442722ba10
Original change's description:
> Merge with cached Script after synchronous deserialization
>
> Currently, if a script is deserialized on a background thread and a
> matching Script object is found in the Isolate compilation cache, the
> new content is merged into the existing Script. This CL implements the
> same merging for the much simpler case of deserializing on the main
> thread. I expect speed changes to be minimal, because merging is only
> needed in a small minority of compilations. When needed, it usually
> takes about 10% as long as the corresponding deserialization.
>
> Bug: v8:12808
> Change-Id: Ie7a92bcb3111edf4cdab0eddeb7567979b35f437
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4010100
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#84123}
Bug: v8:12808
Change-Id: I20c9a17db23a4fefae9782962156bd0807f084b8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013283
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84130}
This type is uninhabited by any actual values, but it can show up
as a "theoretical" value in the type system, e.g. for conditional
branches that are statically never-taken.
Bug: v8:7748
Change-Id: Ieb8a5354dbd04fe76e1047766c5bb60f02f6cdd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013859
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84125}
Currently, if a script is deserialized on a background thread and a
matching Script object is found in the Isolate compilation cache, the
new content is merged into the existing Script. This CL implements the
same merging for the much simpler case of deserializing on the main
thread. I expect speed changes to be minimal, because merging is only
needed in a small minority of compilations. When needed, it usually
takes about 10% as long as the corresponding deserialization.
Bug: v8:12808
Change-Id: Ie7a92bcb3111edf4cdab0eddeb7567979b35f437
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4010100
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#84123}
When introducing heap type decoding we added some module-specific checks
to the constructor of certain immediates. This broke the previous design
where module-specific checks were done in a separate {Validate} method.
This CL restores that state.
R=jkummerow@chromium.org
Change-Id: I1ed887daecc25990272c95a24f4444da2d8b5466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008318
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84118}
Change-Id: Ife69129bc0bf5e565154b7e04bc1d6ad4d106c0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4006746
Auto-Submit: Juan José <soyjuanarbol@gmail.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84113}
Controlled by a command-line flag --wasm-disassembly-max-mb,
set to 1000 MB for now. The intention is to avoid OOM crashes
for huge modules.
Bug: chromium:1362286
Change-Id: Ifc0cdd7e8dda016c7cc65dcd75ff6ed51c785a6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008625
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84111}
When a 32-bit binop operates on the result of a 64-bit shift, for
example the decoding of a BoundedSize, the previous code would attempt
to perform the shift as part of the 32-bit binop, failing a CHECK when
attempting to get the 32-bit shift constant. With this CL, the
instruction selector will now only attempt to perform the shift as part
of another binop if both operations are either 32-bit or 64-bit.
Bug: chromium:1379738
Change-Id: I2e4cf54fe5b0edcd28bf0ffd662e43259cb6bebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990832
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84110}
This CL adds the regression test originally authored for
crbug.com/1085693. It no longer crashes or re-produces but we were
unable to bisect to the CL that fixed the problem since bisecting
seems to be broken.
R=bmeurer@chromium.org
Fixed: chromium:1085693
Change-Id: Iaaf2b557767a02829fc497591ed7f3623965a66c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4012718
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84108}
This CL supports BigInt modulo operations in turbofan and refactors
the code in simplified lowering to avoid boilerplate.
Bug: v8:9407
Change-Id: Id9d80bd82a94a50c6684956d1f8e60f99761c517
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976434
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84100}
The SuppressMicrotaskExecutionScope being pushed was for the isolate's
default queue. It should be for the current queue not the default one.
This wouldn't cause any issues because microtasks are also suppressed
via the is_running_microtasks_ variable as well but is odd to read.
BUG=chromium:961186
Change-Id: Id7a64aac0fb86322014f9755f0abc0330a85556f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004599
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84099}
The BytecodeIterator does not pass a module, so we cannot validate heap
types properly. Thus disable validation completely for the
{BytecodeIterator} and provide a second method (for testing only) which
also validates.
Drive-by: Pass the {WasmFeatures} enum set by value.
R=jkummerow@chromium.org
Change-Id: Ieb231304193c789601a59c3b22a023f10b79a730
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003079
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84097}
We do not need to go through the builtin when the function reference is
already set.
For faster checks, we ensure that
{WasmInstanceObject::wasm_internal_functions} is set at instance
object instantiation time. Therefore it does not need to be optional.
Change-Id: Ie0a6564c171c6a6e3424c3cc0eeae3c83929e616
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4005823
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84095}
We should invoke {LoadContextIntoSsa} just after the {IfException}
node after a call, rather than at the catch/cathcall point.
This way, we ensure that this is done before {BuildNestedLoopExits},
and we create a {LoopExitValue} node for the reloaded memory start/
size. Also, we only need to do so for Call and not Throw nodes.
Bug: chromium:1380646
Change-Id: Ibaa8fd7e39869c38c33cf62b1b6caf9238ced969
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008578
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84094}
This adds a separate test module and output expectation for names in
the custom "name" section in Wasm binaries.
Also fixes a small inconsistency: The index of both data and element
segments is now printed as a comment, in case one prints their name
(as we do for functions, globals, etc.)
Data segment names are currently not printed for consistency with
legacy behavior.
Change-Id: I8900f54b02e031a811dfd9be8326d6f63d26d4a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004717
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Auto-Submit: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84093}
The builtin inlining for FunctionPrototypeCall has to consider the case
where there is no new receiver to the call. It now does this by
considering the new call args to be kNullOrUndefined instead of kAny.
Drive-by cleanup of CallArguments to always consider the register count
and not the argument count, unifying the with/without receiver
correction for the list-of-regs and RegList cases.
Bug: v8:7700
Change-Id: I7e8cb7e9d654fdfcbb8add80e7a0a01a39d36504
Fixed: chromium:1381663, chromium:1381665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008638
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84092}
The assumption in {DecodeAtomicOpcode} (added in
https://crrev.com/c/3990654) is only true for valid opcodes. Since
Atomic opcodes are variable-length encoded, it's possible to create
out-of-bounds atomic opcodes which violate the assumption.
This CL fixes that by checking for such out-of-bounds opcodes early in
the method. This replaces the assumption, which the compiler can now
derive from the if-statement.
R=ahaas@chromium.org
Bug: chromium:1381330
Change-Id: Ifaaceb0c8a765811fe2f934be1920bcb14675f36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008538
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84091}
The {BytecodeIterator} that also read locals declarations had a weird
fallback path to allow decoding of locals to fail, and just assume no
locals, decoding all bytes as code.
This CL removes that, and modifies the test that needs this
functionality to prepend a zero byte for encoding "0 locals".
R=jkummerow@chromium.org
Change-Id: I609e2bf6986eeb6380d65b03bf8512f0b09af764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003078
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84088}
Previously, some float literals were printed with loss of information by
the Wasm disassembler, e.g., `1234567.5` was printed as `1234568`,
which is clearly wrong.
With this fix, the disassembler will always preserve information in its
output, i.e., it will print the correct `1234567.5`.
However, unfortunately, it will now print the binary representation of
`0.1` as `0.100000001`, since 0.1 can actually not be represented
exactly as a binary fraction.
Ideally, we would print the smallest representation of a float that,
when parsed again (e.g., by `wat2wasm`), produces the same float.
Unfortunately, there is currently no easy way to implement this.
There are several options, but they are either incorrect in other ways
or not available here:
- `DoubleToCString`: output will be even longer for decimal fractions
that cannot be represented in binary, since it will just round to the
nearest double instead.
- `printf` + `%g` format specifier: still prints `0.1` as `0.100000001`.
- `std::format`: C++20 only.
- `std::to_char`: C++17, but this particular header is not yet allowed.
- `absl::to_char`: Abseil is not available in V8.
It seems we have to choose either between losing information (such that
the output of the disassembler would not round-trip if assembled to a
binary again), or to have those ugly, long outputs.
Change-Id: Id40044a1724aeb115309688cbf05f71aa4745c6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004957
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84084}
In assertOptimized and assertUnoptimized, we can optionally pass in the
function name. We also used to pass in an optional 'sync' parameter, to
decide whether to wait for background compilations to finish before
checking state.
The sync parameter was removed in favour of explicit intrinsics, so fix
callers of assertOptimized to no longer try to set it. Also, use
function.name as the function name when no name was passed.
Change-Id: I8e98d4d02e2d097d059989ad78bf46b97b57bdca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4000480
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84080}
With this change, ReduceJSCallMathMinMaxWithArrayLike will work on both PACKED_DOUBLE_ELEMENTS and HOLEY_DOUBLE_ELEMETNS kind.
It will also work when the opcode of arguments_list is JSCreateEmptyLiteralArray to deal with following use cases.
var array = [];
array.push(num1); // add elements
array.push(num2);
console.log(Math.min.apply(Math, array));
Change-Id: I39840a17607c31baea2c6b1d33218700f723d760
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4007927
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84079}
Restructure such that we only either shrink or grow the space, and only
at the end of the GC.
Bug: v8:12612
Change-Id: I7671e139b6023cd04f438f48401cf392d4549b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980253
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84076}
