Commit Graph

77650 Commits

Author SHA1 Message Date
Omer Katz
e28c7178ee [heap] Fix FillCurrentPage for PagedNewSpace.
FillCurrentPage assumed that everything after top is empty, which
doesn't work with MinorMC and sweeping. Revise FillCurrentPage based
SimulateFullSpace for MinorMC.

I similar implementation is provided both in unittests and cctest.
Migrating affected cctest to unittests is left a future work.

Bug: v8:12612
Change-Id: Ie29be2fc7aaee25e1fd5f66b1c0959c2a45f007f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885888
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83158}
2022-09-13 11:13:17 +00:00
Al Muthanna Athamina
e03af96c3d [infra] Remove old predictable Linux bots
Bug: v8:13052
Change-Id: Ida65f95547006e6fa2542362c59f20c60a63a9af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893852
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83157}
2022-09-13 10:39:37 +00:00
Leszek Swirski
3501fca7e5 Reland "[maglev] Optimize monomorphic keyed loads"
This is a reland of commit 133e7f8362

Reland: Rebase onto v8_multi_arch_build fix.

Original change's description:
> [maglev] Optimize monomorphic keyed loads
>
> Add a fast path for keyed loads that are:
>
>   1. Monomorphic,
>   2. Fast elements accesses,
>   3. Not out-of-bounds (deopt on OOB),
>   4. Not holey
>
> Bug: v8:7700
> Change-Id: I4d46f4d0ce7065c93a9b092833fb16a8c9e9f94e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882974
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83149}

Bug: v8:7700
Change-Id: Ib48bdc8729757527c19d0b24864f8eab0570c3f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890920
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83156}
2022-09-13 10:12:56 +00:00
Samuel Groß
a9327e9394 [sandbox] Schedule GC when EPT utilization reaches certain thresholds
During ExternalPointerTable::Grow, if we cross one of a handful of
predefined utilization thresholds, we now request a (major) GC to free
up entries that are no longer used in the table.

Bug: v8:10391
Change-Id: Id2d262f0f1d4dc37aec1e4978a8be2d223fb2b2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890971
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83155}
2022-09-13 09:38:26 +00:00
Leszek Swirski
277d37e0af [build] Fix build flag deps with v8_multi_arch_build
v8_multi_arch_build toggles v8_enable_pointer_compression, but some
other flags are set depending on v8_enable_pointer_compression.
Previously the v8_multi_arch_build condition was resetting some of these
in its branch, but we can make this simpler by moving the pointer
compression toggle earlier, immediately after the default pointer
compression setting.

Change-Id: Ie5f4e73f947b693d4ba2abe4e1cf30009a2bbb2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890918
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83154}
2022-09-13 09:31:25 +00:00
Hao Xu
e1dbe835d7 [csa][codegen] Optimize IsStrong/IsWeakOrCleared
The way to determine whether a MaybeObject is a strong or weak
reference to the heap object is to check its lowest two bits.
However, if the MaybeObject is known to not be a smi, that is, the
lowest bit is known to be 1, we can check one bit instead. This
allows Turbofan to select better instructions:

x64:

  Before:
    movl r9,r11
    andl r9,0x3
    cmpb r9l,0x1

  After:
    testb r11,0x2

arm64:

  Before:
    and w8, w7, #0x3
    cmp w8, #0x1 (1)
    b.ne #+0x320

  After:
    tbnz w7, #1, #+0x320

Change-Id: I03623183406ad7d920c96a752651e0116a22832e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3861310
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83153}
2022-09-13 09:25:25 +00:00
Jakob Linke
06e8df41d5 [maglev] Conservatively mark nodes with builtins calls as
.. Throw|LazyDeopt. Whether a builtin can Throw|LazyDeopt depends
on the implementation, so to be safe all builtin calls should be
marked as such - UNLESS we know for certain that one or the other
doesn't happen.

Drive-by: For calls with two result registers, properly consider
the second register in a few spots.

Bug: v8:7700
Change-Id: Icbcffb51e9760761a2f4e32d79af33abccb8f1cb
Fixed: chromium:1361245
Fixed: chromium:1360800
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879617
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83152}
2022-09-13 08:59:25 +00:00
Jakob Linke
d4482c07cd [maglev] Add NodeBase::Print() for GDB
.. where we sometimes want to inspect Node contents. With this CL, for
a human-readable print in gdb:

 print node->Print()

Note: Since we use an adhoc-created graph labeller, the output can't
properly identify input nodes and instead prints them as 'unregistered
node'.

Bug: v8:7700
Change-Id: Icba458ac1a5c43a09b815e12582443aca4e19380
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890914
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83151}
2022-09-13 08:28:56 +00:00
Leszek Swirski
933e3d8bdf Revert "[maglev] Optimize monomorphic keyed loads"
This reverts commit 133e7f8362.

Reason for revert: Breaks compilation for non-pointer-compressed x64

Original change's description:
> [maglev] Optimize monomorphic keyed loads
>
> Add a fast path for keyed loads that are:
>
>   1. Monomorphic,
>   2. Fast elements accesses,
>   3. Not out-of-bounds (deopt on OOB),
>   4. Not holey
>
> Bug: v8:7700
> Change-Id: I4d46f4d0ce7065c93a9b092833fb16a8c9e9f94e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882974
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83149}

Bug: v8:7700
Change-Id: I08e7ca3a79b383d19c6baf73a721364b859d6df3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890916
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83150}
2022-09-13 08:20:15 +00:00
Leszek Swirski
133e7f8362 [maglev] Optimize monomorphic keyed loads
Add a fast path for keyed loads that are:

  1. Monomorphic,
  2. Fast elements accesses,
  3. Not out-of-bounds (deopt on OOB),
  4. Not holey

Bug: v8:7700
Change-Id: I4d46f4d0ce7065c93a9b092833fb16a8c9e9f94e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882974
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83149}
2022-09-13 08:07:35 +00:00
Liu Yu
a26ca5ed14 [mips32] Delete mips32 from v8
Bug: v8:13206
Change-Id: Ifb5daeff2a1e91fd098bc5abe9f81339575636bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837160
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Commit-Queue: Liu Yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#83148}
2022-09-13 07:54:54 +00:00
Shu-yu Guo
36559d91ca [rab/gsab] Fix length-tracking handling in TA#subarray
The normative change in
https://github.com/tc39/proposal-resizablearraybuffer/pull/93 changed
the behavior of TypedArray.prototype.subarray(begin, end) such that if
the receiver is a length-tracking TA and end is undefined, the result
TypedArray is also length-tracking.

This change reached consensus in the March 2022 TC39.

Bug: v8:11111
Change-Id: If1a84cc3134f3ce8046196d6cc36683b6996dec0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888382
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83147}
2022-09-13 07:53:34 +00:00
Fabrice de Gans
002ac4168c [code-health] Fix remaining flake8 issue in v8
Bug: v8:8594
Change-Id: I398678bb92105dc99882e4a253d0c6235628952f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892178
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Fabrice de Gans <fdegans@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83146}
2022-09-13 07:04:26 +00:00
Greg Thompson
58f38e5228 [fuchsia] Remove v8.cmx, as it is no longer used
Bug: v8:12589
Change-Id: Idf341625f8fadf4a0145887c0ec6642b5e6bfd88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885882
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83145}
2022-09-13 06:28:54 +00:00
Leszek Swirski
dd6fa2d1c7 [maglev] Fix lifetime extension of generator values
Loop used value lifetimes extension extends the lifetime of anything
used inside of a loop but defined outside of it, to make sure that it is
considered 'live' for the entire body of the loop (this is so that we
don't e.g. clobber their stack slots with stack slot reuse).

The implementation works on the principle that a) basic blocks are
topologically sorted by forward control flow, and b) loops are
irreducible. This means that basic blocks between a loop header and the
jump to that loop header are inside the loop, and nodes whose id
preceeds the loop header's id must be before the loop.

Generator resumes break this irreducibility by jumping into the middle
of loops. This is principally not a problem for the above lifetime
extension, it just means that the loop's used nodes will overapproximate
and include these generator nodes. However, there was an implicit
additional assumption that the node must be loadable by the loop end, to
extend its lifetime. This fails for the generator resume case, because
it's possible that the node didn't make it into any loop merge state,
e.g. because the resume would immediately deopt or return, e.g.

                 Start
                 /   \
                /   GeneratorResume
                |         |
                v         |
           .>Loop header  |
          |     |         |
          |   Branch      |
          |   |    |      |
          |   |  Suspend  |
          |   |           |
          |   |  Resume <-'
          |   |    |
          |   |  Return
          |   v
          `--JumpLoop

Here the Resume will get the accumulator from the generator and the
Return will use it, which will be seen as an out-of-loop use of the
generator, but the generator was never reachable from the "real" loop
body.

At the end of the day, since there are no actual uses of the generator
value in the loop body, the lifetime extension does no harm; all that
fails is a DCHECK that the values loop lifetime extension extends are
actually loadable. So, we can relax this DCHECK for this specific
generator edge case, by checking for whether the JumpLoop is reachable
from the generator resume.

Bug: v8:7700
Change-Id: Iec4db2aee5b8812de61c3afb9004c8be3982baa2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890975
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83144}
2022-09-13 05:26:50 +00:00
Leszek Swirski
9438113d9a [maglev] Add control node class for terminal nodes
Allow distinguishing control nodes that do and don't allow continued
execution.

Bug: v8:7700
Change-Id: Ifa13b64821484584929bd62a0d8585aee160c19e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891255
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83143}
2022-09-13 05:16:25 +00:00
Leszek Swirski
66b788de9f [maglev] Fix catch prediction lookup
Missing predicate updates when implementing TF-compatible exception
handling.

Bug: v8:7700
Change-Id: I6b50f67d15e4a98879d651be196d4032bfc46100
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891258
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83142}
2022-09-13 05:12:45 +00:00
Frank Tang
0381aead84 [Temporal] Sync BalanceISODate to PR 2178
Only change the implementation in BalanceISODate from
https://github.com/tc39/proposal-temporal/pull/2178/files#diff-113bc23f7ddc769c78deac4268f2400a0a8ca75258f4a6a8af8219cf430a0788

Changes of other AOs in that PR is not in this cl.

Note: Split from cl/3864358

Bug: v8:11544
Change-Id: I8c8514642cdb522975b23bcc9c2bb9eb56cb2839
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892177
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83141}
2022-09-13 04:17:34 +00:00
v8-ci-autoroll-builder
e678d10e0c Update V8 DEPS (trusted)
Rolling v8/build: 6180903..7fcb69a

Rolling v8/buildtools: a7f5ad0..4276428

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/861067d..4864449

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220912.0.1..version:9.20220912.3.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I93a73b86e70bcc8c1aa9a4ae61c6aa15ec37cdc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893410
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83140}
2022-09-13 03:48:29 +00:00
Shu-yu Guo
3868e2ceb4 [strings] Use current isolate when externalizing shared strings
v8::String::MakeExternal is currently incorrectly using the shared
isolate of the shared string, which will race when setting VM state. In
general the shared Isolate shouldn't be used for anything, it's an
implementation detail to hold the shared heap space.

Bug: v8:12007, v8:13276
Fixed: v8:13276
Change-Id: I21ec57645ed4740a4c19c51b8fa1e2928a07a0f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888384
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83139}
2022-09-13 01:39:15 +00:00
Frank Tang
29aed83f33 [test262] Roll test262
8dcc0e19..7461973

Bug: v8:7834
Change-Id: I2dc32c22a01f0a6729e326864812f4230ad6ac54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3880731
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83138}
2022-09-12 23:32:25 +00:00
Manos Koukoutos
f550ba8db3 [wasm][test] Add missing unrolling test
Bug: v8:12166
Change-Id: Ib1d9ac90a2b9c03915c496f1d23586ab8a94aef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891209
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83137}
2022-09-12 16:02:27 +00:00
Manos Koukoutos
a3d42f5669 [wasm-gc] Element printing of remaining array types
Bug: v8:7748
Change-Id: Ic8b140c2dbf24171fe75b4feea04101f8c22e4dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890992
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83136}
2022-09-12 16:01:24 +00:00
Camillo Bruni
9f454ee118 [tools] Skip over group entries in RCS input file
callstats.html creates grouped entries on the fly. Thus we can safely
ignore already added group entries from the input file.

Change-Id: I5a17fc895c4d36bfd7b79fcdb6d4644498998f86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890977
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83135}
2022-09-12 15:40:41 +00:00
Leszek Swirski
187fba742d [maglev] Distinguish receiver and lookup_start_object
GetNamedPropertyFromSuper needs both the receiver and the
lookup_start_object (the home object prototype), as it does lookups on
the latter but calls accessors with the former as the receiver.

Bug: v8:7700
Change-Id: Ib8b930d06eb8bed090ad1839a05514f0dffc321f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891253
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83134}
2022-09-12 13:50:11 +00:00
Seth Brenith
c8d1ca8a2c Fix crash in background merging of deserialized scripts
BackgroundMergeTask::CompleteMergeInForeground contained an incorrect
assumption that some SharedFunctionInfos would have bytecode arrays.

Bug: v8:12808, chromium:1360024
Change-Id: I42ca22fc3a4412aea5e5a433e63c685eaf2af242
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888198
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83133}
2022-09-12 12:44:41 +00:00
Michael Achenbach
9c95863d55 [test] Better finish terminating workers
A call to cancel_join_thread() is removed as it is suspected to leave
the done_queue with garbled data on process join.

Bug: v8:13113
Change-Id: I85a736cee98d1c2a315efdd468cde216ad848c99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891251
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83132}
2022-09-12 12:21:22 +00:00
v8-ci-autoroll-builder
053c172d6c Update V8 DEPS (trusted)
Rolling v8/base/trace_event/common: 640fc6d..521ac34

Rolling v8/build: 24bb610..6180903

Rolling v8/buildtools: 46ab4c3..a7f5ad0

Rolling v8/buildtools/linux64: git_revision:00b741b1568d56cf4e117dcb9f70cd42653b4c78..git_revision:b4851eb2062f76a880c07f7fa0d12913beb6d79e

Rolling v8/buildtools/third_party/libc++/trunk: 85a3363..60f9078

Rolling v8/buildtools/third_party/libc++abi/trunk: 6285577..5c3e02e

Rolling v8/buildtools/third_party/libunwind/trunk: 42aa6de..60a480e

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7ee0711..861067d

Rolling v8/third_party/depot_tools: a089281..2d25dbd

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220902.1.1..version:9.20220912.0.1

Rolling v8/third_party/zlib: 9f4113d..05e137d

Rolling v8/tools/clang: 0a22859..2a5ebae

Rolling v8/tools/luci-go: git_revision:3226112a79a7c2de84c3186191e24dd61680a77d..git_revision:c93fd3c5ebdc3999eea86a7623dbd1ed4b40bc78

Rolling v8/tools/luci-go: git_revision:3226112a79a7c2de84c3186191e24dd61680a77d..git_revision:c93fd3c5ebdc3999eea86a7623dbd1ed4b40bc78

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ife89abccaa2696ade97bb5640010c4f5bdc7009c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891191
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83131}
2022-09-12 12:00:42 +00:00
Samuel Groß
0e2dbaac6b Reland "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"
This is a reland of commit 49c5967830

The non-deterministic snapshot issue has been fixed by using the correct
field size for CodeDataContainers in serializer.cc.

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83130}
2022-09-12 11:48:02 +00:00
Leszek Swirski
c1e067e993 [maglev] Clear register state in exception handlers
Exception handlers were allowing register state to leak through, which
had knock-on effects of Phi allocation inserting gap moves in an illegal
location (specifically, at the end of the block, thinking that it's
allocating a control node since it's not allocating a body node).

Fix the register leak by clearing register state, and add some invariant
guards in the areas where the failure appeared.

Bug: v8:7700
Change-Id: I15c1fba1a250e295f0147a4e51a6c8c5481e8c7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890989
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83129}
2022-09-12 11:12:40 +00:00
Matthias Liedtke
1f529f2b92 [heap] Fix v8 DEPS roll by removing semicolon
Fixed: chromium:1362431

Bug: chromium:1362431
Change-Id: Iaef432459dc39aa8f6bef5b74687af172d065574
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890991
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83128}
2022-09-12 10:53:31 +00:00
Leszek Swirski
67d2acf3f6 [maglev] Fix baseline flushing test --no-maglev flag
Make the flush-baseline-code tests use --no-maglev in addition to
--no-turbofan.

Bug: v8:7700
Change-Id: I12145735e7a88f156d30e15621a9fe12e18abecf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890990
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83127}
2022-09-12 10:47:29 +00:00
Dominik Inführ
e41b78bc4e [heap] Use page iterability of page new space pages
During verification all LABs are iterable. For PagedNewSpace we can
therefore use the property that all new space pages are iterable.

Bug: v8:12612
Change-Id: I71ec079fde3c0b719ccf91b431b0b29a8a9c5a2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888019
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83126}
2022-09-12 09:27:51 +00:00
Jakob Linke
d468f6e0c7 [maglev] Move deopt helpers to masm
Bug: v8:7700
Change-Id: I9554ee1a569cea6a04694c7e0a5b84a45196080c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876370
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83125}
2022-09-12 06:16:42 +00:00
Frank Tang
bc0e7c8722 [Temporal] Fix weekOfYear by passing undefined
Not passing null object but passing undefined while calling
ToTemporalDate()

Bug: v8:11544
Change-Id: I9376c32f306b000980d37bf233ffef3e83baf706
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885352
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83124}
2022-09-10 22:43:42 +00:00
Frank Tang
093e68b408 [Temporal] Sync the Parser to the latest spec.
Add TimeHourMinuteBasicFormatNotAmbiguousWithMonthDay
TimeZoneNumericUTCOffsetNotAmbiguousWithDayOfMonth
TimeZoneNumericUTCOffsetNotAmbiguousWithMonth
TimeZoneIdentifier, UnpaddedHour, TimeZoneIANALegacyName productions.

Sync the spec of TemporalInstantString, TemporalTimeString
TimeZone, TimeZoneBracketedAnnotation, TemporalTimeZoneString,
ToTemporalTimeZone, TimeZoneIANAName productions.

Fix bug in ScanCalendarDateTimeTimeRequired, ToTemporalTimeZone

Change name from Handle<String> to Handle<Object> to hold undefined

Update parser tests accordingly.

Spec Text:
https://tc39.es/proposal-temporal/#sec-temporal-iso8601grammar
https://tc39.es/proposal-temporal/#sec-temporal-totemporaltimezone


Related PR changes:
https://github.com/tc39/proposal-temporal/pull/2284
https://github.com/tc39/proposal-temporal/pull/2287
https://github.com/tc39/proposal-temporal/pull/2345


Bug: v8:11544
Change-Id: I6f1a5e5dedba461db9f36abe76fa97119c1f8c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822342
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83123}
2022-09-10 15:34:10 +00:00
Lu Yahan
b1a147705e [riscv] Port [wasm][liftoff] Fix and cleanup tracing of return value
Port commit 6f9e71fa74

Change-Id: Id5226e0892f67573cea289040c2d5aa85f159478
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886478
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83122}
2022-09-10 15:33:06 +00:00
Shu-yu Guo
5ccb7f2e46 Revert "[strings] Fix raw hash lookup for forwarded strings"
This reverts commit 0a1f0e335e.

Reason for revert: JetStream regressions: https://bugs.chromium.org/p/chromium/issues/detail?id=1362212

Original change's description:
> [strings] Fix raw hash lookup for forwarded strings
>
> Raw hashes may need to be looked up via the forwarding table when
> internalized strings are forwarded to external resources. Notably, the
> megamorphic ICs were not correctly fetching the raw hash.
>
> Bug: v8:12007
> Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83115}

Bug: v8:12007
Change-Id: I64853d55ea32b04b3325377c0c1affd0c1a27c6e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887949
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83121}
2022-09-10 15:04:11 +00:00
Lu Yahan
2987a4ea51 [riscv] Port [log][compiler] Enable first-execution logging
Port commit b257641833


Bug: v8:13146
Change-Id: Ie3727e873614f6e3e0749cb8cc10b287cd9643c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885380
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83120}
2022-09-10 01:16:15 +00:00
Marja Hölttä
62635a7270 [rab/gsab] Fix leftover IsTypedArrayElementsKind checks in map transitions
With everything related to map transitions, RAB/GSAB typed array
elements kinds should behave exactly like non-RAB/GSAB typed array
elements kinds.

Bug: chromium:1360736, v8:11111
Change-Id: Ie5cef928a25856f0c476653275066b49dfee6e41
Fixed: chromium:1360736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879497
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83119}
2022-09-09 23:55:45 +00:00
Shu-yu Guo
03b99259ff [shared-struct] Support shared objects in v8::Object::GetConstructorName
Bug: v8:12547
Change-Id: I6e48ac252361b3f3b495d2feaa5ad4e708e78eb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888379
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83118}
2022-09-09 21:39:45 +00:00
Shu-yu Guo
b11bfc21f2 [strings] Accomodate shared strings in externalizeString()
This is a testing function used by d8 to test string externalization.

Bug: v8:12007
Change-Id: Ic19f28a42e1f9681ab08c00106788c569639fe7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888378
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83117}
2022-09-09 20:49:35 +00:00
Leszek Swirski
4ec5bb4f26 [maglev] Fix JumpLoop to the current basic block
Drive-by improve some tracing too.

Bug: v8:7700
Change-Id: I52546a19c15ad1a6bbac1b15cdf8fba33dab1cb7
Fixed: chromium:1361345
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886873
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83116}
2022-09-09 16:05:45 +00:00
Shu-yu Guo
0a1f0e335e [strings] Fix raw hash lookup for forwarded strings
Raw hashes may need to be looked up via the forwarding table when
internalized strings are forwarded to external resources. Notably, the
megamorphic ICs were not correctly fetching the raw hash.

Bug: v8:12007
Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83115}
2022-09-09 15:39:55 +00:00
Al Muthanna Athamina
779da1d066 [NumFuzz] Skip flakey tests on interrupt fuzzer
Bug: v8:13269
Change-Id: Icb8b83b5f4695a9739d10d15936f4fead3b35ad1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886865
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83114}
2022-09-09 14:16:45 +00:00
Marja Hölttä
f85e8c47cc [interpreter,baseline] Make FindNonDefaultConstructor use a RegOutPair
This allows (de)optimizing it in TF.

Bug: v8:13091
Change-Id: Iba64df02379dbf3ac07c96e10facb728e7d10501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886869
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83113}
2022-09-09 14:15:36 +00:00
Milad Fa
415ef63280 PPC/s390: [wasm][liftoff] Fix and cleanup tracing of return value
Port 6f9e71fa74

Original Commit Message:

    - Fix tracing of reference return values. StoreTaggedPointer should not
      use the write barrier since we are writing to the stack.
    - Avoid re-allocating a slot for the return value when it is already
      spilled.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I5b16259b1c6e8c019f6b17e8efb7947776e4ee24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886398
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83112}
2022-09-09 14:07:55 +00:00
Matthias Liedtke
6852c402e7 Revert "[sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX"
This reverts commit 49c5967830.

Reason for revert: The change is suspected to be breaking chromium's determinism test: https://ci.chromium.org/ui/p/chromium/builders/ci/Deterministic%20Linux/35003/overview

Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}

Bug: v8:10391
Change-Id: I515ba771aa21f58b752a3a5b36b4deb2abc5f9c0
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886870
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83111}
2022-09-09 13:55:35 +00:00
Ting Chou
184efc149a [riscv] Fix cctest/test-assembler-riscv*/RISCV_UTEST_FLOAT_WIDENING_vfwadd_vf.
Storing with E64 when SEW=32 has EMUL=2, which copies |n| 64 bit wide
data to the result double array already. Besides, accessing v1 when
EMUL=2 is reserved.

R=yahan@iscas.ac.cn

Change-Id: I0870d53c36b642529cab753409f52016d79219b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878442
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83110}
2022-09-09 13:20:29 +00:00
Ting Chou
d17bc74fc0 [riscv] Fix cctest/test-assembler-riscv64/RISCV_UTEST_swlwu.
32-bit values are held in a sign-extended format in 64-bit registers. Which
the vaule 0x856AF894 becomes 0xFFFFFFFF856AF894 and failed equality comparison
with lwu's result 0x00000000856AF894. XOR the result with 0xFFFFFFFF00000000
before comparison.

R=yahan@iscas.ac.cn

Change-Id: I4d225ff653070022023ac7f10257ad0c30c24e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3881601
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83109}
2022-09-09 13:19:26 +00:00