This reverts commit 4ed9d48f34.
Reason for revert: UBSan failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/9084
Original change's description:
> [exceptions] Don't re-request interrupt in InvokeWithTryCatch
>
> This CL changes InvokeWithTryCatch to not re-request the terminate
> execution interrupt, but instead schedule the termination exception.
> This ensures that leaving the outermost TryCatch scope will clear
> the exception, and no interrupt remains.
>
> Previously, the interrupt request could remain and prevent further
> JavaScript execution even after the TryCatch scope was left.
>
> Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039
> Bug: chromium:1014415
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65255}
TBR=yangguo@chromium.org,sigurds@chromium.org,verwaest@chromium.org
Change-Id: Iedefe5320d8bdc442a87e03698a20daf6a0ebf4f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1014415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943149
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65256}
This CL changes InvokeWithTryCatch to not re-request the terminate
execution interrupt, but instead schedule the termination exception.
This ensures that leaving the outermost TryCatch scope will clear
the exception, and no interrupt remains.
Previously, the interrupt request could remain and prevent further
JavaScript execution even after the TryCatch scope was left.
Change-Id: I1e603dc822bbcb0def4cf0a898d59cf8d4b9d039
Bug: chromium:1014415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1871910
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65255}
The lane indices of S8x16Shuffle will be printed as null-terminated
character array in Operator1's PrintParameter implementation.This patch
add S8x16ShuffleParameter class, override operater<<, print indices as
integer array.
before fix:
Shuffle[\b\t\n^K\f\r^N^O]
after fix:
Shuffle[8,9,10,11,12,13,14,15,0,0,0,0,0,0,0,0]
Change-Id: I421e639f5229d3a5e348868be33f2d8bbfcfd2d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1922735
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Auto-Submit: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/master@{#65253}
Correctly passing the receiver depends on the Call AST node's type.
Calling a parenthesized optional chain expression is parsed as a Call of
an OptionalChain of a Property. Currently the computation of the type
does not take optional chains of property loads into consideration, so
calls of parenthesized optional chain expressions always get passed an
undefined receiver.
Bug: v8:10024
Change-Id: I904b0eeca2df30160def674fb32adf821403aef9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1938571
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65252}
If source positions are not required when a background compilation task
starts, but then something like profiling is started before the task
finalizes, then logging of the compilation task will crash due to a
missing source position table.
This ensures source positions are collected if source positions are
required during finalization.
R=rmcilroy@chromium.org
Bug: chromium:1022749
Change-Id: Ie83c3d88131a1c1f434274ea9ee52895c6753b49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942611
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65251}
git cl upload failed since I needed to do a git cl format. Missed that
and uploaded https://chromium-review.googlesource.com/c/v8/v8/+/1940153
without the rename.
Bug: v8:7703
Change-Id: I26090433af86968357eaeecf3e906a9e824647a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940260
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65250}
Due to the ordering of the nodes to be changed, we might change the
ChangeTaggedToCompressed's input before the ChangeTaggedToCompressed
node itself changes. Then, we need to check for this possibility too.
Bug: v8:7703
Change-Id: I2b453211dc264b509f2ea7c0cf891be50f404009
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1942607
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65248}
Ensure that all fields of `SyntheticModule` are set before creating
the exports hash table for it, because the latter may trigger
garbage collection, leading to crashes.
This has been causing failures in the Node.js CI over the last weeks,
after making the creating of synthetic modules part of Node’s
startup sequence.
(I am generally not very familiar with this part of the V8
code and there might be a better way, or possibly a way to add a
reliable regression test, that I am not aware of.)
Refs: https://github.com/nodejs/node/issues/30498
Refs: https://github.com/nodejs/node/issues/30648
Change-Id: I32da4b7bd888c6ec1421f34f5bd52e7bad154c1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939752
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65247}
Ports are getting easier now. This one was fairly straightforward.
Bug: v8:9972
Change-Id: I69c0566060523e505e30980cb1d3d9633da976b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940257
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65246}
These node/edge kinds don't fit into the heap object type system; add
wrapper classes for them instead. The wrapper class must be explicitly
created, but is implicitly convertible to Node*.
Bug: v8:9972
Change-Id: Ic6c253a95bb5705fb946ee3f35508ea70c9f0070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65244}
Fix a TODO from Ben to change the macro argument order to match the
actual order in wasm code.
After this fix, we can remove the individual {WASM_CALL_INDIRECT[0-5]}
macros and implement them via a common variadic macro.
Also, rename {WASM_CALL_INDIRECT_TABLE0} to {WASM_CALL_INDIRECT_TABLE}.
The name was confusing, because this macro explictly allows to set a
table index different from 0. Thus, just drop the "0" in the name.
The individual test changes were done via a vim macro, to avoid manual
errors.
R=mstarzinger@chromium.org
Bug: v8:10021
Change-Id: I9f0f31511c5c6e20a0b07524bf75fe9cf1598eba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940265
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65242}
This is an initial (and partial) step towards full typing in graph
assembler. It removes all uses of SloppyTNode, starts to introduce
types in the GraphAssembler base class, and makes lambda function
types (for if- and for-builders) more specific.
Plenty of TODOs remain; e.g. checked casts and complete typing of
GraphAssembler are left to follow-up work.
Bug: v8:9972
Change-Id: I780adf83b53ad76beda4726960d95ab6df13e2ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940476
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65241}
A call to this intrinsic will produce true in the interpreter and false
in optimized code. This is useful for writing tests.
Change-Id: I64d06ed062027e723eca82d6f879202244f21fdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939750
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65240}
CodeStubAssembler::ComputeSeededHash is passing key as Int32 to
ComputeSeededIntegerHash, but ComputeSeededIntegerHash only accepts
Uint32 value.
This could cause problems on s390 and ppc because GCC expects any
value less than 8 bytes sign/zero-extending to 64-bits by the caller,
therefore, the static cast from uint32->uint64 will be treated as
no-op (expecting zero-ext instead), which leads to unexpected
behaviors.
Change-Id: Icd1eecaea1415e36c0c13eef513ff69cc418f247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940209
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65239}
The last use of the predicate in question was to switch builtins that
implement WebAssembly runtime stubs to use hard aborts instead of normal
aborts like other builtins. This is no longer needed since the builtins
in question are embedded and no longer copied into WebAssembly modules.
This also allows to move the {WASM_RUNTIME_STUB_LIST} macro out of the
builtins-defintions.h file and into the wasm-code-manager.h file.
R=clemensb@chromium.org
BUG=v8:10021
Change-Id: Ib42d3731fc92df378cfce39d39e7fbdbbf722937
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940266
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65238}
They have been deprecated in v7.9, hence they can be removed in v8.0.
R=ulan@chromium.org
CC=mstarzinger@chromium.org
Bug: v8:10021
Change-Id: Ic21c5ee5703b548ddcca2ffeba6c583715d3fbd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1864947
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65237}
This makes sure that proper checked casts (i.e. {CAST} instead of the
unsafe {UncheckedCast} before) are used for all WebAssembly runtime
stubs. This is possible because the corresponding builtins are embedded
and hence can use proper assertion mechanisms.
R=clemensb@chromium.org
BUG=v8:10021
Change-Id: I344ae8ba7dd4c5d3f5dc2467f7d58b93517d9af7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940264
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65236}
Port a0b1a9cd10
Original Commit Message:
This adds a few tests that test that the output of Liftoff is
deterministic.
These tests will be extended to test the debug side table in follow-up
CLs.
R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I3e3391afa73f93298d6aff47aecb8ae1e2299bd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940208
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65235}
Use {std::unique_ptr} instead of raw {malloc}ed memory. This increases
readability and memory safety significantly. The only downside is that
we cannot use {realloc} any more (there is no C++ replacement for that),
but that should not be noticeable.
Drive-by: Make fields private.
R=mstarzinger@chromium.org
Bug: v8:10021
Change-Id: Ie99d61fe136fc18a07aa45f38a5a9b6542308504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940261
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65234}
Very similar to the recent ArrayPrototypeForEach port, this moves the
Reduce reduction, which previously operated directly on the graph, to
graph assembler.
Nothing too interesting here, but it's becoming clearer that we will
need more flexible Branch (multiple merge values) and If (a `break`
mechanism) handling in the future.
Bug: v8:9972
Change-Id: Ic48c85305ba721a9a43c67f7ad13c60da310487e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1934329
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65233}
Reverting https://chromium-review.googlesource.com/c/v8/v8/+/1741660
This fixed one bug but caused a lot of others and on balance I think
reverting it is the lesser evil.
This also fixed generator-relocation.js because
(function*(){}).constructor is the function constructor and we try to
set a breakpoint on line 3.
Bug: chromium:109362, chromium:1028689
Fixes: v8:9721
Change-Id: I1bfe6ec57ce77ea7292df91266311f5c0194947e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940259
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65232}
If V8_SHARED_RO_HEAP is set, then GetSharedMemoryStatistics now reports
the size of RO_SPACE. Additionally size values for RO_SPACE are zeroed
in the per-isolate Heap and Space stats.
Bug: v8:7464
Change-Id: I2d6843c001b55974460d1df034f08d1ed5b0d8da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1900459
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65231}
We implement exponential growing of the native allocations by always
growing at least by the old size. This speeds up use cases that grow a
table incrementally (e.g. by 1).
R=mstarzinger@chromium.orgCC=ecmziegler@chromium.org
Bug: v8:10018
Change-Id: I580ecf1ac87f793ff4a34ba45a86ae599eb3e6f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65228}
Even though they don't generate any code, it breaks some pattern
matching when these nodes are present (e.g comparisons with compressed
heap objects).
Bug: v8:7703
Change-Id: I9670c2b4e85b1635061b16d4b125de9ff51fd403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940153
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65227}
This removes the aforementioned untyped method and switches all users to
the typed TNode<> version. Those versions now contain proper checks to
compare the static information against the return count and types stored
in the call descriptor.
R=leszeks@chromium.org
BUG=v8:10021
Change-Id: I393ea6211babc100e007fb1678877d36efa7bbf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939753
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65225}
This CL adds a prototype_chain_enum_cache to cache the enumeration of a
prototype and its entire chain on the PrototypeInfo. It can improve for-in
performance via simply merging the receiver enumeration with this cache.
It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook.
Contributed by tao.pan@intel.com
Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65224}
First this plumbs RuntimeCallStats from the OptimizingCompileDispatcher
down through to PipelineCompilationJob which stashes the
RuntimeCallStats on the PipelineData.
Adds new RCS thread-specific counters: OptimizeAssembleCode and
OptimizeBackgroundAssembleCode which are used in
PipelineImpl::AssembleCode.
Bug: v8:10006
Change-Id: Ieef6d32afddf4b0760e204010b09a85dfec92cf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1926030
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65221}
The serializer was missing the opportunity to process calls later
constructed by JSNativeContextSpecialization::InlinePropertySetterCall
and InlinePropertyGetterCall. Added a test to ensure we're not missing
the data anymore.
This drops the "Missing data" warnings when running ARES-6 from 1044
to only 12.
Bug: v8:7790
Change-Id: Ic4b8a4cb2ac3927371b75f22de011b9957502319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1937147
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65220}
... in line with VirtualContext and VirtualBoundFunction.
Bug: v8:7790
Change-Id: I454048ab4ddc192780a09017b8b47caf60386098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940247
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65217}
This reverts commit 48c9ca4462.
Reason for revert: Possible clusterfuzz issues
Bug: chromium:1028952
Original change's description:
> [names] Fix some test262 name tests to conform with spec changes
>
> In order to reflect web reality, TC39 has made some slight changes to
> name descriptors, see https://github.com/tc39/ecma262/pull/1490 for
> details. V8 was mostly already in compliance with these changes, but
> ThrowTypeError and anonymous classes needed some slight changes.
>
> Bug: v8:9646
> Change-Id: I163238954938f0c005e3adbc61b90498e01436da
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1764622
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Joshua Litt <joshualitt@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63373}
TBR=gsathya@chromium.org,joshualitt@chromium.org
Bug: v8:9646
Change-Id: I06dd5527d30052d9c9dfc45a2862be930274aba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939948
Reviewed-by: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65216}
port edd50adhttps://crrev.com/c/1924355
Original Commit Message:
In both ChangeIntPtrToSmi and ChangeInt32ToSmi we can use bitcasts
instead of change nodes for Smi Tagging, when we are using 31 bit
smis in 64 bit architectures with pointer compression enabled.
In ChangeIntPtrToSmi we can ignore the truncation as well.
Updated DecompressionOptimizer to match the new pattern.
Change-Id: I309e6c7ba671499f721149e1ea1c8e153fe3b2ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939028
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65215}
This removes the marking worklist draining loop from IncrementalMarking
and makes it use the one of MarkCompactCollector.
Bug: chromium:973627
Change-Id: I226b4b45be7d542a82bba20162ad210dfb419c39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1940250
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65212}
In order to implement {dlsym} like functionality, toolchains might
generate code that grows the table by one element at a time (e.g.
Emscripten currently does that). To improve performance in such a case,
we over-allocate the backing store of the {WasmTableObject}. Whenever
the backing store grows, it grows at least by the old size of the table.
This ensures exponentially growth, avoiding too many re-allocations.
R=mstarzinger@chromium.org
CC=ecmziegler@chromium.org
Bug: v8:10018
Change-Id: I502d590a89f7804363938a157b7ed2189283227a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1939051
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65210}
