GCMole now comes with the long forgotten use-after-free detection
enabled by default. The CL also improves error logging when test
expectations mismatch with the actual output and updates the hash
of GCMole to be used with the newly built version with enabled UAF
detection.
The CL also contains an ignore for isolate.cc due to inability to
fix a warning there and fixes a couple of UAF warnings.
Bug: v8:9680
Change-Id: I7a009ffd5f67b1b5437567691ca4235ea873de70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257236
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68505}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w tools/testrunner
Bug: v8:9871
Change-Id: Ie23333cbd923197be0bffcad5041056e00990042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252554
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68496}
Get value from type payload, check and show bitset name.
Change-Id: I6d0e0f30fca0b2aaddfd5f18abf948886552f2dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2258815
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#68495}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w tools/testrunner/testpro
Manual fixup to util_unittest to modify import paths and change to
absolute imports.
Bug: v8:9871
Change-Id: I2ac29622aff5daebc9dc42145c1d96dff8258546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252549
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68492}
This modernizes python code without breaking Py2 compat.
Ran with command:
futurize --stage1 -w tools/testrunner
and manual fixup in statusfile_unittest.py to change to update import
path and change to absolute imports (similar to pool_unittest.py)
Bug: v8:9871
Change-Id: I8851e2188ef9285f2bd57cc07e959e22e1b05f6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252548
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68490}
This change enables automatic generation of Cast<> operators for
classes that are defined in Torque.
* Cast<> macros are generated for all classes that are defined in
Torque code that are neither shapes nor marked with a new
@doNotGenerateCast annotation.
* Implicitly generated Cast macros simply call through to an
internally-defined "DownCastForTorqueClass" macro that implements
the cast using one of three strategies for efficiency. If the class
has subclasses (i.e. a range of instance types including subtypes),
the DownCastForTorqueClass checks for inclusion in the instance type
range. If the class has a single instance type (i.e. no subclasses),
then either 1) a map check is used if the class has a globally-
defined map constant or 2) an equality check for the instance type
is used.
* Added new intrinsics to introspect class information, e.g. fetching
instance type ranges for a class, accessing the globally-defined map
for a class.
* Removed a whole pile of existing explicit Cast<> operators that are
no longer needed because of the implicitly generated Cast<> macros.
* Added tests for the new Cast<> implementations.
Bug: v8:7793
Change-Id: I3aadb0c62b720e9de4e7978b9ec4f05075771b8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250239
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68478}
As of May 2020 the Google C++ Style Guide suggests using references
for out paramters. Adjust V8's presubmit checks to allow mutable
reference parameters.
Bug: v8:10624
Change-Id: Idcd027892916a14f91ca3bfcb5eba48757cab523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2252185
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68449}
Extend gm.py to support long flags (starting with --), which are treated
as test runner flags, and passed unchanged. These flags must be as
single word, '--progress=verbose' instead of '--progress verbose', as gm
only does simple one-at-a-time args parsing.
Change-Id: Icfa161ff231715d0b7eb3ba259fca35a65c68964
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250875
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68416}
If mksnapshot fails then all that is printed is
"FAILED: gen/v8/embedded.S snapshot_blob.bin"
and the command line. That complicates the investigation. Printing the
error code in run.py can help. The printing code handles large negative
numbers specially so that special Windows failure codes like 0xC0000005
are recognizable.
This code was tested by adding this early-out to main in mksnapshot.cc.
if (argc < 1000)
return 0xc0000005;
Bug: Chromium:1095767
Change-Id: I5dc81d368beaa339f0c519ce1c01bd13cdb18d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249518
Auto-Submit: Bruce Dawson <brucedawson@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68395}
This fixes a bug when an encoded character appears in the difference
string. Python3 doesn't require any encoding.
TBR=tmrts@chromium.org
No-Try: true
Bug: chromium:1095964
Change-Id: I49c66b5b9c105ad64d3a7839d0eb5df97ff5f404
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2249660
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68384}
The interpreter is only used for testing, and is now instantiated and
invoked directly instead of via the {WasmDebugInfo}, holding the
{InterpreterHandle}.
This CL removes both classes.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: Iede3feea413decae1edc28146b871a819e204768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2237132
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68271}
... collected via --trace-zone-stats flag or v8.zone_stats trace
category.
This is an initial version inspired by heap-stats UI.
Bug: v8:10572
Change-Id: Ib87cf0b4e120bc99683227eef02668a2a5c3d594
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2226855
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68133}
Passing tests that are marked as fail in a status file are not
immediately visible as such.
- Always show "--- FAILED ---" for failing tests
- Show "--- UNEXPECTED PASS ---" for unexpectedly passing tests
Drive-by-fixes:
- Color failures in red with --progress=color
- Color repro command in yellow with --progress=color
Change-Id: Id43ecec348dbfd4ff627ea6aa4ba458a2e5a8445
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2213434
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68131}
Display UsePositions in the intervals
in live ranges in turbolizer.
Uses are shown as vertical red lines.
Bug: v8:7327
Change-Id: Iab8d08989b9113d1b7d393252de5988e8b25b8de
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224215
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68102}
Currently, it can be little difficult to understand why a command in
lldb-commands.py stops working. For example, at the moment running the
jlh command results in an empty line:
$ lldb --one-line "command script import ../../tools/lldb_commands.py" \
v8_hello_world
(lldb) br s -f hello-world.cc -l 49
(lldb) jlh script
(lldb)
With this commit this would instead display the following error message:
(lldb) jlh script
Failed to evaluate command
_v8_internal_Print_Object(*(v8::internal::Object**)(*(void*)(script))) :
error: cannot cast from type 'v8::Local<v8::Script>' to pointer type
'void *'
The output is really only two lines but I've wrapped the lines here so
they don't exceed the 72 column width. I'll follow up with a commit to
fix the issue reported.
Change-Id: I634a412b616dad7cadd74dce36418d27c1997777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2083477
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68093}
Hide the arrow button div for snapping the live range
panel when a new file is loaded.
Bug: v8:7327
Change-Id: I576444f12a0557cc6716eb0214586b54a042a899
Notry: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224838
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68087}
This prepares using ochang_js_fuzzer with foozzie. The fuzzer uses
tests from CrashTests in the corpus. This leads to a loop when
used with differential fuzzing, as foozzie dedupes failures based
on the original file path. Foozzie finds a new failure for the
existing failure in CrashTests, for which clusterfuzz creates a new
crash test and so on.
This subsumes all failures from CrashTests under the same key.
Once such a failure is reported, a developer can add it to a
mapping in foozzie.py, after which the global key can be used
again by clusterfuzz to report another failure.
No-Try: true
Bug: chromium:1044942
Change-Id: I801a23faeb0c672d6ad64b4100c463f53e36cbc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214837
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68053}
Display register allocation live ranges alongside sequences in
turbolizer.
The existing --trace-turbo flag now also outputs the register
allocation data as part of the json file alongside the
instruction sequence data that is already produced before and
after register allocation is performed. This data includes live
range intervals for each virtual and fixed register and the state
of their assignments.
This json data can now be displayed in turbolizer alongside the
instruction sequences. The information is presented as a grid,
with each grid cell representing a LifeTimePosition of a certain
virtual register, determined by the column and row indices
respectively. Each LifeTimePosition is shown to be part of an
instruction id which itself is shown to be part of a block id.
Each interval is shown as a coloured rectangle positioned over
the relevant cells, and displaying text to indicate the state of
their assignment.
The Resizer object has been extended to allow the grid's html
panel to be varied in size in the same manner that the left and
right panels can be. The size of the grid itself must also be
adjusted whenever the div container changes size.
The RangeView class is introduced and is created and held by the
single SequenceView object used to display the
InstructionSequence data before and after register allocation.
A checkbox allows the user to show/hide the range view, this is
disabled when register allocation data is not provided or more
than 249 instructions are in the sequence. The latter being
required due to the css grid-row-col limit of 1000 alond with
helping alleviate performance issues. The SequenceView object
tracks the phase index currently selected as well as whether or
not it is currently being shown. This ensures that the RangeView
is not hidden and shown when switching between before and after
register allocation, allowing for a smoother transition between
the two. The scroll position is also saved and restored for
convenience.
The data about the instruction sequence required for the display
is held by the RangeView object and reset whenever a new
instruction sequence is shown. The grid div must sync its scroll
with the headers and row labels so as to ensure a consistent
view. The register allocation data is extracted from the json,
with each register row showing all intervals within the relevant
ranges. When the view is switched between before and after
register allocation, the relevant intervals are swapped in.
Bug: v8:7327
Notry: true
Change-Id: I183535a2410a7d663382f387199885250fb98691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184232
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68019}
This CL also fixes a small bug in the update-wasm-spec-tests.sh script,
as it was not able to handle proposals without additional core spec
tests. It also disables a lot of tests.
R=jkummerow@chromium.org
bug:v8:10556
Change-Id: Ibd885350478de935dc67edb664715cfa64f1d8e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2210248
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67949}
Currently, if d8 is run with the --turbo-profiling flag, it prints info
about every TurboFan-compiled function. This info includes the number of
times that each basic block in the function was run. It also includes
text representations of the function's schedule and code, so that the
person reading the output can associate counters with blocks of code.
The data about each function is currently stored in a
BasicBlockProfiler::Data instance, which is attached to a list owned by
the singleton BasicBlockProfiler. Each Data contains an
std::vector<uint32_t> which represents how many times each block in the
function has executed. The generated code for each block uses a raw
pointer into the storage of that vector to implement incrementing the
counter.
With this change, if you compile with v8_enable_builtins_profiling and
then run with --turbo-profiling, d8 will print that same info about
builtins too.
In order to generate code that can survive being serialized to a
snapshot and reloaded, this change uses counters in the JS heap instead
of a std::vector outside the JS heap. The steps for instrumentation are
as follows:
1. Between scheduling and instruction selection, add code to increment
the counter for each block. The counters array doesn't yet exist at
this point, and allocation is disallowed, so at this point the code
refers to a special marker value.
2. During finalization of the code, allocate a BasicBlockProfilingData
object on the JS heap containing data equivalent to what is stored in
BasicBlockProfiler::Data. This includes a ByteArray that is big
enough to store the counters for each block.
3. Patch the reference in the BuiltinsConstantsTableBuilder so that
instead of referring to the marker object, it now refers to this
ByteArray. Also add the BasicBlockProfilingData object to a list that
is attached to the heap roots so it can be easily accessed for
printing.
Because these steps include modifying the BuiltinsConstantsTableBuilder,
this procedure is only applicable to builtins. Runtime-generated code
still uses raw pointers into std::vector instances. In order to keep
divergence between these code paths to a minimum, most work is done
referring to instances of BasicBlockProfiler::Data (the C++ class), and
functions are provided to copy back and forth between that type and
BasicBlockProfilingData (the JS heap object).
This change is intended only to make --turbo-profiling work consistently
on more kinds of functions, but with some further work, this data could
form the basis for:
- code coverage info for fuzzers, and/or
- hot-path info for profile-guided optimization.
Bug: v8:10470, v8:9119
Change-Id: Ib556a5bc3abe67cdaa2e3ee62702a2a08b11cb61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2159738
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67944}
We can use existing macros to define this getter/setter rather than hand
writing it -- as a side effect this ends up defining an Isolate overload
of the getter which was otherwise missing.
Bug: v8:10506
Change-Id: I0bc5a3082b5ed0416c8099a94e7d2e32a2bd363f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2199350
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67798}
We can't attach a meaningful stack trace to the AggregateError
Promise.any rejects with, but we can augment the individual errors'
stack traces with Promise.any and the index of the corresponding
Promise in the input.
Bug: v8:9808
Change-Id: I7ba754c9b043594decaac8b3a23be74f05c3dffd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198983
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67778}
The native context independent (NCI) code variant will be used to test
various aspects as the NCI implementation progresses. Examples:
- Test js-generic-lowering with feedback collection.
- Test NCI codegen without caching or tier-up.
- Test NCI codegen and tier-up without caching.
- Test full NCI (codegen, caching, tier-up).
At some point a build-time flag may be required, we'll see when we get
there.
This variant should be removed once work on NCI is complete.
Bug: v8:8888
Change-Id: I8b12c9a5d69bf167e39e002af385f8f523585550
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2198776
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67767}
There's no need for them to be in NativeContext.
This CL moves the only remaining Proxy-related SFI.
Bug: v8:10482
Change-Id: I2f5e2d250c30f552787915d306c1be23b9d033bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196184
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67766}
Some bots turned red. Might be an infra failure. Let's see if this CL
makes it disappear.
Tbr: machenbach@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I269257184cfca5423fb2c52ae8cfc1ad696002e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196352
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67757}
This CL adds 2 new values to the EmbedderStackState enum with more
explicit names. The old values are updated as aliases to the new
values and marked as soon to be deprecated. This CL also moves the
enum to v8-platform.h so that it can be reused by cppgc.
Depracating individual values in an enum is supported by GCC only
since version 6. Thus new macros were needed for the deprecation
(which delegate to the existing macros when supported). GCC versions
older than 6 are still used by the CQ bots.
Bug: chromium:1056170
Change-Id: Id1ea73edfbbae282b0d8a3bb103dbbbf8ebd417e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2188971
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67744}
There's no need for them to be in NativeContext.
This CL moves the rest of the Promise-related SFIs.
Bug: v8:10482
Change-Id: I7eb926be14bf44fb3cd01cb96b4769eff1c2911b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2190752
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67732}
Also, rename the WASM_COMPILED frame type to just WASM.
R=jkummerow@chromium.org
Bug: v8:10389
Change-Id: I71f16f41a69f8b0295ba34bd7d7fad71729546f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67698}
There's no need for them to be in NativeContext.
This CL moves the minimal subset of SFIs related to Promises / finally.
Bug: v8:10482
Change-Id: I06a20dc927f13b7bfc8cea853a11913314ee019d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187271
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67674}
along with WASM_ARRAY_TYPE, a WasmArray class, and a very basic
test.
Bug: v8:7748
Change-Id: I1ad4ff78e428972be52130cc179a91c76fcdbdc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185136
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67671}
There's no need for them to be in NativeContext.
This CL moves the minimal subset of SFIs related to async iterators.
Bug: v8:10482
Change-Id: I80a34a886387398e6565afe77ab99f389d2ccabd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184233
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67636}
