Commit Graph

75929 Commits

Author SHA1 Message Date
Andy Wingo
cf8fc47445 [stringrefs] Add wtf8_policy immediate to string.new_wtf8
Following change in https://github.com/WebAssembly/stringref/pull/22.
This adds two new parsing modes: a strict UTF-8 parsing mode, and a
sloppy mode that should replace invalid subsequences with U+FFFD.

Bug: v8:12868
Change-Id: I03bd8d2a3408c399ce68f7b150d7650908804113
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719919
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81337}
2022-06-23 18:45:02 +00:00
Ilya Rezvov
118dff9dcd [wasm-atomics] Use traps for atomic Load and Store OOB handling
Bug: v8:12946
Change-Id: I3d9037a6dd940fe25f737efca49835b098d55081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691129
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81336}
2022-06-23 18:43:56 +00:00
Shu-yu Guo
54c69fc584 [heap] Verify the shared heap before tearing down a client heap
In the case of bugs creating shared->local edges, this lets us catch
dangling pointers via CHECKs before they happen.

Also removed some redundant checks in the shared struct verifier.
Existing heap verification already checks that all of a Heap's pointers
are contained within it.

Bug: v8:12547
Change-Id: Ic7a007b3b6559e3dfd0286fbf869586023c6f801
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704911
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81335}
2022-06-23 14:56:23 +00:00
Shu-yu Guo
358ff9bc41 [strings] Serialize SeqString padding as 0s without mutation
SeqStrings have their padding bytes serialized as 0s for deterministic
snapshot contents. Currently this is done by mutating the SeqStrings and
memsetting their padding bytes to 0 when serializing. This mutation is
not threadsafe in the presence of shared strings. This CL removes the
mutation by serializing the data and padding payloads separately for
SeqStrings.

Bug: v8:12939
Change-Id: I58c3ada767ce41e0a874a2d6e6392a86142fa1e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3715715
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81334}
2022-06-23 14:55:19 +00:00
Andy Wingo
b80a03bcdf [string] Refactor UTF-8 and WTF-8 decoders to share code
This will allow us to more easily add a strict UTF-8 decoder, for use in
stringrefs.

Bug: v8:12868
Change-Id: I6835dca619417f4d2994d8283728cf8ebe599bd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714660
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81333}
2022-06-23 14:38:29 +00:00
Jakob Kummerow
5b12e62b64 [tools] grokdump: Fix objdump detection for Python3
Follow-up to 032dfb827a.

No-Try: true
Change-Id: Ia12343a7ce9e1b865da4fbf562bdd9169892932c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721816
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81332}
2022-06-23 14:28:54 +00:00
Nico Hartmann
da12b9ac0b Revert "cppgc: Minor fix in cppgc efficiency calculation"
This reverts commit 543acf345a.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/10365/overview

Original change's description:
> cppgc: Minor fix in cppgc efficiency calculation
>
> Efficiency calculation (freed bytes over GC duration) assumes that the
> duration of the GC is non zero. However, if the clock resolution is
> not small enough and the entire GC is very short, the timed value
> appears to be zero. This leads to NaN values showing in metrics and
> CHECKs failing. This CL fixes the issue.
>
> Bug: chromium:1338256
> Change-Id: I1dbc52072fcde3411aa38fa0c11da25afd107ca8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714356
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81329}

Bug: chromium:1338256
Change-Id: Ie9a23651494fc28a11bb59485a9812ee1a7cff48
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721697
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81331}
2022-06-23 14:27:49 +00:00
snek
4c81827c8d optimize Set#has
Code for map methods was added a really long time ago but no one ever
brought that to set. Adds new common lowering for both collections and
updates the SetPrototypeHas builtin. My initial testing shows this to
be as much as 50x faster in some cases.

Change-Id: Ifea5be01c9e51013d57ac00bd817759ceace6669
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709246
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81330}
2022-06-23 13:42:17 +00:00
Nikolaos Papaspyrou
543acf345a cppgc: Minor fix in cppgc efficiency calculation
Efficiency calculation (freed bytes over GC duration) assumes that the
duration of the GC is non zero. However, if the clock resolution is
not small enough and the entire GC is very short, the timed value
appears to be zero. This leads to NaN values showing in metrics and
CHECKs failing. This CL fixes the issue.

Bug: chromium:1338256
Change-Id: I1dbc52072fcde3411aa38fa0c11da25afd107ca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714356
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81329}
2022-06-23 13:40:20 +00:00
Milad Fa
ccb45d8cc0 PPC/s390: [wasm][stack-switching] Support rejected promises
Port e35039e773

Original Commit Message:

    If the returned promise rejects, we switch to the suspender's stack and
    throw the value.
    Re-purpose the WasmOnFulfilled data to also represent the rejecting
    case and rename it to WasmResumeData.

R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: Ic9e5b959df90f1041353662dc054a849fea9874e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721416
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81328}
2022-06-23 13:33:39 +00:00
Sunny Sachanandani
d1f2b2d885 Revert "[snapshot] Turn alignment DCHECKS into CHECKS"
This reverts commit 83f6035947.

Reason for revert: RB-Dev crash - crbug.com/1338687

Original change's description:
> [snapshot] Turn alignment DCHECKS into CHECKS
>
> This is a temporary change to get more detailed crash reports for
> further investigations.
>
> Bug: chromium:1330861
> Change-Id: Ifdd8d61692577dffd54d07fadb65575a5c30dcd3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707592
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81262}

Bug: chromium:1330861, chromium:1338687
Change-Id: I845aee5cfe02dee399851484d1a72f73dc56f1f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3718943
Auto-Submit: Sunny Sachanandani <sunnyps@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81327}
2022-06-23 13:10:59 +00:00
Thibaud Michaud
2071ce3b6b [wasm][stack-switching] Throw on re-entrant suspender
Throw a wasm trap when trying to re-enter a suspender that is active or
suspended.

R=ahaas@chromium.org

Bug: v8:12191
Change-Id: Ic448a15db29de14fb8d6bb8408af8fbaae82a2b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716481
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81326}
2022-06-23 12:52:19 +00:00
Thibaud Michaud
e35039e773 [wasm][stack-switching] Support rejected promises
If the returned promise rejects, we switch to the suspender's stack and
throw the value.
Re-purpose the WasmOnFulfilled data to also represent the rejecting
case and rename it to WasmResumeData.

R=ahaas@chromium.org
CC=fgm@chromium.org

Bug: v8:12191
Change-Id: I91a301c3c6d9d243efbfabe7263555e11f0d9277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706606
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81325}
2022-06-23 11:56:30 +00:00
Patrick Thier
6b4850484f [sandbox] Add shared external pointer table for strings
To be able to share external strings, we need to share the external
pointer table in sandbox builds.
To avoid branches at runtime all pointers for external strings are
stored in the shared external pointer table.

Bug: v8:12957
Change-Id: Iaa6be7839a2f5e50f80fd58c5b33fb9c6af61057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695263
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81324}
2022-06-23 11:30:39 +00:00
Leon Bettscheider
809f10e872 [heap] Do not group MinorMC events under GCScavenger trace event name
MinorMC events were incorrectly grouped under the V8.GCScavenger trace event name.

This CL introduces the trace event name V8.GCMinorMC and uses it when MinorMC is used instead of Scavenger.

Change-Id: Ide22526adfa9cc6dec91d3c34186b1c2ea6eb862
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717989
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81323}
2022-06-23 11:21:30 +00:00
Marja Hölttä
bcf8529626 [rab/gsab] A.p.fill: Support RAB / GSAB
Bug: v8:11111
Change-Id: I2984b3ed6ac6b769f9b4ce758fdf4bfc3b6f6d49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714661
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81322}
2022-06-23 10:18:49 +00:00
Hao Xu
c94192362a [ic] Avoid Smi check when loading receiver's map in LoadSuperIC
Change-Id: I171a2562517f589e20950b8d6df14bfa488885ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719686
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81321}
2022-06-23 09:58:38 +00:00
v8-ci-autoroll-builder
e28f0f268b Update V8 DEPS (trusted-origins)
Rolling v8/build: 3a562c9..5753f4e

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ia87b7dd33a1b7c943a2582f82040f54ca219f9e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3719050
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81320}
2022-06-23 04:56:09 +00:00
Lu Yahan
f099ba84cf [riscv64]Fix about nan error
Change-Id: Ib606da34b76b28fd55811225de47e407a1ebd8ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717551
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81319}
2022-06-23 02:00:28 +00:00
Manos Koukoutos
384e764a78 [wasm][turbofan] Add effect output to trap conditionals
TrapIf and TrapUnless had an effect input, but not an effect output.
This is not canonical for Turbofan graphs. This CL puts them properly
into the effect chain.

Drive-by:
- Remove premature optimization in WasmGraphBuilder::TrapIfEq{32,64}.
- Change LoadFromObject to Load when loading from a stack slot.

Change-Id: I3fc43e693fa0507406dc31208e487026b0e5156b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714240
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81318}
2022-06-22 22:30:18 +00:00
Liviu Rau
49d15209d2 White space to trigger Skia branch rollers
Bug: skia:10306
Change-Id: Ibcddc8c724130e315471413c2835687fe0571475
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3718660
Auto-Submit: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81317}
2022-06-22 20:57:48 +00:00
Shu-yu Guo
60515ab624 Fix bazel build
Bug: v8:12547
Change-Id: I13ef21d5246fb1115cf75fb1f6b4bcde33f84dd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3715379
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81316}
2022-06-22 19:42:28 +00:00
snek
d7bd292628 [fastcall] combine wasm and js fast call builder
A lot of logic is missing from the Wasm entry for fast api calls.
The majority of the lowering is shared between wasm and js, and uses
the same graph operators, so this adds a common fast api call builder
which can be called from the wasm compiler and the js compiler.

Bug: chromium:1052746
Change-Id: I9dbd82548951b2b155a7b2459714239d0b251d71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708842
Commit-Queue: snek <snek@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81315}
2022-06-22 18:58:23 +00:00
Shu-yu Guo
5fd9913381 [d8] Fixing thread parking in d8
Add ParkedScopes in d8 where it blocks.

Change-Id: I369fbdb361b4e357ff6ceef53fbf52f543979438
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704903
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81314}
2022-06-22 18:56:58 +00:00
Milad Fa
c441e75617 S390 [simd][liftoff] Implement relaxed lane select
Changes for TF instruction selector will be pasted
in the CL comments and will get applied once all
relaxed opcodes have been implemented in codegen/liftoff.

Change-Id: I231aa6fcc702a19704b7707331eba549c44232d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3718393
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81313}
2022-06-22 18:43:28 +00:00
Shu-yu Guo
e4167a688e Revert "Refactor dynamic name to perfetto::DynamicString"
This reverts commit c801d52924.

Reason for revert: Broke perfetto builder:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20debug%20-%20perfetto%20-%20builder/19620/overview

Original change's description:
> Refactor dynamic name to perfetto::DynamicString
>
> Recently perfetto introduced `perfetto::DynamicString` to allow clients
> to wrap dynamic event name strings. So that clients don't have to
> manually set event name inside trace lambda.
>
> With that:
>
> TRACE_EVENT("cat", nullptr, [&](EventContext ctx) {
>   ctx.event().set_name(dynamic_name_str)
> });
>
> is simplified to:
>
> TRACE_EVENT("cat", perfetto::DynamicString{dynamic_name_str});
>
> In this change we are making use of perfetto::DynamicString to pass
> dynamic event name string.
>
> Change-Id: Ic6b501df67409d6faa4d60b59095ad0e79ce585e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716473
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Commit-Queue: Mohit Saini <mohitms@google.com>
> Cr-Commit-Position: refs/heads/main@{#81298}

Change-Id: I06d1d6baa4413e53acfd7ac1e3163c5a6a15597c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3718436
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81312}
2022-06-22 18:31:15 +00:00
Andreas Haas
f8362a9515 [wasm] Resolve promise in separate task
With recent changes, we resolve the promise of e.g. WebAssembly.compile
with the external API, and not the V8-internal API. The external API,
however, also handles microtasks, and depending on the MicrotasksPolicy,
may also execute microtasks immediately. This means the then-handler of
WebAssembly.compile may get executed within all the scopes that were
open when the external API was called. One of the open scopes is the
CancelableTask that finishes WebAssembly compilation.

The deadlock seen in the issue arises now when {quit()} gets called in
the then-handler of WebAssembly compilation.  The reason is that
{quit()} terminates the isolate, and during isolate termination, we wait
for all running CancelableTasks to finish. This, however, means a
deadlock, because the task that terminates the isolate is waiting for
itself to finish.

R=jkummerow@chrommium.org

Bug: chromium:1338150
Change-Id: I89243daffc76a456293519e24bfaad88277bb99a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717990
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81311}
2022-06-22 18:11:20 +00:00
Shu-yu Guo
9fa64cf074 [heap] Clean up NewInternalizedStringImpl
Also remove the unused AllocateTwoByteInternalizedString method.

Change-Id: I28e2c39a0196c48e56942efc263009aa3676cdec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714988
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81310}
2022-06-22 17:19:48 +00:00
Danylo Boiko
f423e485de [turbolizer] Graph layout caching
- "Remember graph layout" button
- Graph layout caching (almost 10x speed up)
- Camera position and zoom saving
- Refactored graph.ts, graph-layout.ts and graphmultiview.ts

Bug: v8:7327
Change-Id: I6a9db1ddbbaf506bff0b9d1c1e015f245c7c3974
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714248
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81309}
2022-06-22 17:18:30 +00:00
Andy Wingo
c3f60e8c26 [stringrefs] Add wtf8_policy immediate to string.measure_wtf8
Following change in https://github.com/WebAssembly/stringref/pull/22.

Bug: v8:12868
Change-Id: Ic7728bff5d03ab547cb26ff41d6966f95bfb6b62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717986
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81308}
2022-06-22 16:21:58 +00:00
legendecas
22698d2676 [module] Fix aborts in terminated async module evaluation
SourceTextModule::ExecuteAsyncModule asserts the execution of
the module's async function to succeed without exception. However,
the problem is that TerminateExecution initiated by embedders is
breaking that assumption. The execution can be terminated with an
exception and the exception is not catchable by JavaScript.

The uncatchable exceptions during the async module evaluation need
to be raised to the embedder and not crash the process if possible.

Refs: https://github.com/nodejs/node/issues/43182

Change-Id: Ifc152428b95945b6b49a2f70ba35018cfc0ce40b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3696493
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#81307}
2022-06-22 16:20:28 +00:00
Igor Sheludko
96e939d059 [shared-struct] Remove descriptor count check for JSSharedArrayMap
... which might fail during map configuration.

Bug: v8:12993, v8:12547
Change-Id: Ia57fe60abf4164d81a1352966f9d07016e882be9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717993
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81306}
2022-06-22 14:47:58 +00:00
Igor Sheludko
f914df6574 [builtins-pgo] Minor fixes in the profile reader
This CL also makes the PGO-related scripts executable.

Bug: v8:10470
Change-Id: Iedf81464ff591e641aae4f1f0aa37312875f2637
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716482
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81305}
2022-06-22 14:30:28 +00:00
Milad Fa
c0837f2c6f Fix link error on gcc
There seems to be a bug in gcc which causes link errors after
this CL: https://crrev.com/c/3714238

Issue seems to happen when using default template argument
of function type. A related bug report on bugzilla:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105848

A workaround is to explicitly instantiate the template
for type <bool>.

Bug: v8:12991
Change-Id: I74db7d42d7b41e8af5d721b8c10130a7a0f2a999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3718379
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81304}
2022-06-22 13:51:58 +00:00
Patrick Thier
b4bb6cbce4 [string] Add checks for correct hash values in heap verification
- Check that internalized strings always have a computed hash value.
- Check that ThinStrings never have a forwarding index.
- Add a simple test of various property access with
  --always-use-string-forwarding-table to make the CF aware of the flag.

Change-Id: Ie047c9f635d5e0ed999208ec3379ef09c395b3f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717988
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81303}
2022-06-22 13:39:48 +00:00
v8-ci-autoroll-builder
e7c43e512b Update V8 DEPS (trusted-versions)
Rolling v8/buildtools/linux64: git_revision:8883070fe77f9b484818e73e5892c08ca8a0fe7f..git_revision:ae474cc51337c3fe823f936371c5e92891e86b48

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/4ea19a6..c083518

Rolling v8/third_party/depot_tools: 39e4055..28190a2

Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220614.2.1..version:8.20220622.0.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0654e6e87504c32d8f82c78afabd5d5eeb4b2ead
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717741
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81302}
2022-06-22 13:29:18 +00:00
Marja Hölttä
668a3e0eb5 [rab/gsab] Undo test splitting and make tests faster
Part 1:
Revert "PPC: skip slow tests on the ppc simulator"

This reverts commit 9dfac00a1d.

Part 2:
Make the slow test faster.

Bug: v8:11111
Change-Id: I8f0291098d29917fa65c4b5b28bf03cbdbe7ebc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714229
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81301}
2022-06-22 12:53:18 +00:00
Marja Hölttä
05cf616675 [debugger] Fail silently even harder
If parsing fails in ScopeIterator::TryParseAndRetrieveScopes, the
intention was to fail silently (see the TODO there). However,
closure_scope_ being nullptr caused us to fail less silently.

This alone is not enough for fixing chromium:1316811 but the other
fixes needed are sufficiently unrelated.

Bug: chromium:1316811
Change-Id: I4eb0f5a13fa4da5fd5dd7ff76a1aa1a6a8ee4c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716477
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81300}
2022-06-22 12:30:58 +00:00
jameslahm
0fe567e700 [web snapshot] Support DataView
Bug: v8:11525
Change-Id: I5a29542032692c106bba14d010605e90954097b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706964
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81299}
2022-06-22 12:01:48 +00:00
Mohit Saini
c801d52924 Refactor dynamic name to perfetto::DynamicString
Recently perfetto introduced `perfetto::DynamicString` to allow clients
to wrap dynamic event name strings. So that clients don't have to
manually set event name inside trace lambda.

With that:

TRACE_EVENT("cat", nullptr, [&](EventContext ctx) {
  ctx.event().set_name(dynamic_name_str)
});

is simplified to:

TRACE_EVENT("cat", perfetto::DynamicString{dynamic_name_str});

In this change we are making use of perfetto::DynamicString to pass
dynamic event name string.

Change-Id: Ic6b501df67409d6faa4d60b59095ad0e79ce585e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716473
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Mohit Saini <mohitms@google.com>
Cr-Commit-Position: refs/heads/main@{#81298}
2022-06-22 11:06:08 +00:00
Samuel Groß
9d3a645bec [sandbox] Fix two deserializer issues when sandbox is enabled
When the sandbox is enabled, an empty ArrayBuffer does not have a
nullptr backing store but instead points to a special EmptyBackingStore
pseudo-object inside the sandbox. This then requires special handling
during deserialization. This CL fixes two cases where this was not done
correctly, which caused some crashes when --stress-snapshot is active.

Bug: v8:10391
Change-Id: I412adace229b979b317864a3e8c12ed4c601b850
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716480
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81297}
2022-06-22 10:56:29 +00:00
Andy Wingo
69bb334fda [stringrefs] Renumber stringref types
0x65 is unavailable after
https://github.com/WebAssembly/gc/pull/295/files.

Bug: v8:12868
Change-Id: I8bdffb279c7e7cf72242c1565cf3401e5fa3f4d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717984
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81296}
2022-06-22 10:27:47 +00:00
Nikolaos Papaspyrou
852baabc17 heap: Add flag v8_enable_inner_pointer_resolution_osb
This CL introduces a compile flag v8_enable_inner_pointer_resolution_osb
behind which lies the experimental implementation of the object start
bitmap. It disassociates the object start bitmap from the compile flag
v8_enable_conservative_stack_scanning. At the moment the former flag is
a prerequisite for the latter, as conservative stack scanning requires
some mechanism for inner pointer resolution and the object start bitmap
provides one such mechanism.

Bug: v8:12851
Change-Id: I24c6b389453fbaefc79ae50c34c5ec7a1bf23347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717322
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81295}
2022-06-22 10:12:38 +00:00
Toon Verwaest
62ae188994 [maglev] Drop double merge in AllocateControlNode
This should not be necessary, but something was failing previously
when removed. Now that we have the blocklist just merging once seems
to work.

Bug: v8:7700
Change-Id: I6534506263ae739f28043eef2dee7aba8f28eadf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717983
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81294}
2022-06-22 09:23:18 +00:00
Michael Lippautz
f625ed4e03 [handles] Add temporary sanity check
Check against copying around a TracedReference containing a zap value.

Bug: chromium:1322114
Change-Id: Ie97ecaf18931006516fc70be262829a267d1285c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717323
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81293}
2022-06-22 08:39:38 +00:00
Igor Sheludko
b81af94a3a Revert "[arm64] Increase code alignment to 64"
This reverts commit 319e747a1d.

Reason for revert: it brought unexpected performance regressions.

Original change's description:
> [arm64] Increase code alignment to 64
>
> This should fix unexpected regressions which occur after builtins
> modifications.
>
> This CL affects alignment of embedded builtins on all configurations
> and Code header size only for non-pointer compression configuration.
>
> Bug: v8:11708
> Change-Id: I8058197c5b768a699e7f52446424013e86203b57
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700392
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81113}

Bug: v8:11708
Change-Id: I238e799284d59e80dee244b240fe2a72c33e83b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716485
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81292}
2022-06-22 08:31:48 +00:00
Michael Lippautz
9076fce87b [heap] Fix regression around GC request via stack guard
When a GC was requested via stack guard, we don't restart incremental
marking anymore on finding new objects but rather finish the GC cycle.

This regressed in https://crrev.com/c/3702801

Bug: v8:12985, chromium:1338071, v8:12775
Change-Id: Ie515cea6d5345ad1111a4fb9f042cffc52083453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716486
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81291}
2022-06-22 08:01:28 +00:00
Michael Lippautz
94ebff7b94 Reland "[heap] Sweep code pages on the background thread"
This reverts commit 6ddf042f68.

Revert did not fix the crasher.

Bug: v8:12967, chromium:1336850
Change-Id: I6d474644e3d94c14df17af6efa70747bae6ad652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716487
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81290}
2022-06-22 07:59:18 +00:00
Michael Lippautz
364aacce0e Revert "[heap] Add CHECKs for empty worklists in scavenger"
This reverts commit 3366abb218.

Reason for revert: Speculative revert.

Original change's description:
> [heap] Add CHECKs for empty worklists in scavenger
>
> Shrink life range of worklists and add IsEmpty-CHECKs for them. Also
> move some logic into its own method ProcessChunksWithEmptyBuckets.
>
> Bug: chromium:1336158
> Change-Id: Ia2f34c824f5b1c5d61391a1a1243a46881040de1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704511
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81158}

Bug: chromium:1336158, chromium:1336850
Change-Id: Icb3207238f027d7ecca3292cac06544a243c7183
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3716488
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81289}
2022-06-22 07:58:15 +00:00
Adam Klein
31fe9362b4 Allocate calendar before JSTemporalPlainTime to fix heap verification
Bug: v8:12978
Change-Id: Ic8c73eafbd080714915268c8bcb9f2c30614b9b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711712
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81288}
2022-06-22 04:10:57 +00:00