Commit Graph

66951 Commits

Author SHA1 Message Date
Michael Lippautz
35dcecf607 cppgc: Add HeapState API
The API allows for querying
- IsAllocationAllowed: Certain GC phases prohibit allocation which can
  be queried; Should be mostly used for debugging checks.
- IsMarking: Allows for querying whether the garbage collector is
  currently marking.

Bug: chromium:1056170
Change-Id: I20ba5fb5be9de6694e8418fa885920eb04bd75ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649257
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72359}
2021-01-27 10:58:36 +00:00
Manos Koukoutos
4b03f02467 [wasm-gc] ref.cast forwards null input
According to the new wasm-gc spec, ref.cast should forward a null input
without trapping.

Bug: v8:7748
Change-Id: Ifee17f02a572e7028c14482bc94f0e1c7fc82a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647261
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72358}
2021-01-27 10:21:46 +00:00
Clemens Backes
2919e54341 Revert "[wasm][debug] Garbage-collect stepping code"
This reverts commit 0938188f85.

Reason for revert: new test times out on tsan: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/35152/overview

Original change's description:
> [wasm][debug] Garbage-collect stepping code
>
> All wasm code has an initial ref count of 1, in the expectation that it
> will be added to the code table. When the code is removed from that
> table, the ref count will be decremented.
> Stepping code (and also other code under special circumstances) will not
> be added to the code table though. Hence the ref count will never be
> decremented below 1, and the code will never be garbage-collected.
>
> This CL fixes this, by decrementing the ref count if the code is not
> added to the code table.
> Note that the code will only be collected if no isolate is currently
> using it, so it won't be collected while still in use for stepping.
>
> R=​thibaudm@chromium.org
>
> Bug: chromium:1168564
> Change-Id: I3047753591cbc52689ca019e9548ec58c237b835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649040
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72354}

TBR=clemensb@chromium.org,thibaudm@chromium.org

Change-Id: I84f84324d2c4a3cae2ae6b97f469e3f22b0e3b3f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1168564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2652485
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72357}
2021-01-27 10:16:39 +00:00
Mike Stanton
08bb94e971 Revert "[turbofan] refactor MachineOperatorBuilder to use less macros"
This change was made in one file as a prototype to see if we should
do it elsewhere. Backing the change out as we aren't planning to
continue the work into the other builders.

Change-Id: I10f24a897d86b86d3c53288006cf41fb3255f1b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642376
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72356}
2021-01-27 09:42:36 +00:00
Manos Koukoutos
d3b41d07a9 Reland "[wasm-gc] Remove abstract rtts"
This is a reland of b77deeca4b

Changes compared to original: Add explicit narrowing casts in tests
for MSVC.

Original change's description:
> [wasm-gc] Remove abstract rtts
>
> In the latest wasm-gc spec, rtts of abstract types are no longer
> allowed. Consequently, canonical rtts of concrete types always have
> a depth of 0.
>
> Changes:
> - Change the immediate argument of rtts to a type index over a heap
>   type. Abstract it with TypeIndexImmediate in function body decoding.
>   This affects:
>   value_type.h, read_value_type(), decoding of relevant opcodes,
>   wasm subtyping, WasmInitExpr, consume_init_expr(), and
>   wasm-module-builder.cc.
> - In function-body-decoder-impl.h, update rtt.canon to always produce
>   an rtt of depth 0.
> - Pass a unit32_t type index over a HeapType to all rtt-related
>   utilities.
> - Remove infrastructure for abstract-type rtts from the wasm compilers,
>   setup-heap-internal.cc, roots.h, and module-instantiate.cc.
> - Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
>   from ref.test, ref.cast and br_on_cast implementations in the wasm
>   compilers.
> - Remove unused 'parent' field from WasmTypeInfo.
> - Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
>   and CreateArrayMap.
> - Use more convenient arguments in IsHeapSubtypeOf.
> - Update tests.
>
> Bug: v8:7748
> Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72321}

Bug: v8:7748
Change-Id: I22b204b486fd185077cd6c7f15d492f5143f48fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650207
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72355}
2021-01-27 09:29:06 +00:00
Clemens Backes
0938188f85 [wasm][debug] Garbage-collect stepping code
All wasm code has an initial ref count of 1, in the expectation that it
will be added to the code table. When the code is removed from that
table, the ref count will be decremented.
Stepping code (and also other code under special circumstances) will not
be added to the code table though. Hence the ref count will never be
decremented below 1, and the code will never be garbage-collected.

This CL fixes this, by decrementing the ref count if the code is not
added to the code table.
Note that the code will only be collected if no isolate is currently
using it, so it won't be collected while still in use for stepping.

R=thibaudm@chromium.org

Bug: chromium:1168564
Change-Id: I3047753591cbc52689ca019e9548ec58c237b835
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649040
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72354}
2021-01-27 09:19:26 +00:00
Clemens Backes
21a0a5f128 [wasm][serialization] Look up jump tables only once
... per code space. This avoids redudant work, including potentially
locking the NativeModule.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I34d5aa9aaff5a487042889613676d2a8d96497e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644948
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72353}
2021-01-27 08:14:25 +00:00
Jakob Gruber
e75d8dbcb8 [compiler] Add more StartNode helpers
Start nodes for JS functions have the following Parameter node value
outputs:

 closure, ...args_including_receiver, new_target, argc, context

This CL adds helper functions for these. There's two interesting
gotcha's:

- Each Parameter node is associated with an index, starting at -1.
Value output indices obviously start at 0, so there's an off-by-one
between the value output of the Parameter node, and the Parameter
node's associated index.
- CSA/Torque graphs use different Start node layouts, yet these are
not reflected in compiler logic. There's potential for confusion here.
The two layouts should be unified or made explicit.

Finally, tests create Start nodes with arbitrary layouts. This blocks
removal of methods marked _MaybeNonStandardLayout.

In an ideal world, the parameter index would equal the start node
output index, and the layout of all Start nodes would be equal. Future
work..

Change-Id: I908909880817979062d459b7a80ed4fede40e2ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649035
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72352}
2021-01-27 07:58:45 +00:00
LiuYu
5f28b637cb [mips][wasm-simd][liftoff] Prototype load lane and store lane
Port: 9db3cb75ba

Port: 22e06c7b85

Change-Id: Ib42f9729220365f1803cfbc634e3f37f5209e142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650045
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#72351}
2021-01-27 04:27:54 +00:00
v8-ci-autoroll-builder
b93cd782ab Update V8 DEPS.
Rolling v8/build: 32fd3b2..fcaf1b1

Rolling v8/buildtools: 450b6b6..71044df

Rolling v8/buildtools/linux64: git_revision:d62642c920e6a0d1756316d225a90fd6faa9e21e..git_revision:55ad154c961d8326315b1c8147f4e504cd95e9e6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/957dfea..f8d79d2

Rolling v8/third_party/depot_tools: 1076f38..6d0c0ff

Rolling v8/tools/clang: 94a96af..eb5ab41

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Ic3d42a67d8590ee5f1d0c7cc7d6df3848372b337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2651163
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#72350}
2021-01-27 03:56:14 +00:00
Milad Fa
cbf710514e S390: Push the full simd register before lazy compile
If a lazy compilation happens in between 2 Wasm calls, we need to save
the full Simd register, since we can have live v128 values.

Port: 3b302d5cfe

Bug: chromium:1161555
Change-Id: Id79c609cc01e896f48aff39fdcbf4aa76ae6996e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649260
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72349}
2021-01-27 01:51:44 +00:00
Ng Zhi An
03482bb35c [wasm-simd][x64] Optimize extended pairwise add
Use external references to hold splat values.

Bug: v8:11349,v8:11086
Change-Id: I829d136ae7c7f8e28de991d06f6a321551402ae1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2648972
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72348}
2021-01-27 00:59:09 +00:00
Ng Zhi An
bc67a3b592 [wasm-simd][fuzzer] Add i64x2.eq to fuzzer
Bug: v8:11215
Change-Id: I311729509f40ff6e03fc93ef4abdf3b3ce3a65e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650766
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72347}
2021-01-27 00:58:04 +00:00
Michael Lippautz
791d521438 cppgc: Add WeakMember handler to LivenessBroker
WeakMember references are used in ephemerons which uses the ordinary
LivenessBroker for determining whether an object is dead or not.

Bug: chromium:1056170
Change-Id: I7f25da22637fba24603bccb76e266357b0371525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649042
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72346}
2021-01-27 00:33:09 +00:00
Michael Lippautz
a2cf158ad4 cppgc-js: Report C++ memory to V8's heap growing
Add reporting of C++ memory to V8's heap growing strategy via
existing EmbedderHeapTracer interface.

In addition, introduce API-level NoGarbageCollectionScope which
allows to temporarily avoid scheduling GC finalizations. Replace
internal NoGCScope with NoGarbageCollectionScope and remove
NoGCScope.

Bug: chromium:1056170
Change-Id: I0ad3dfd67eb81f09f48e2ab87f9bbece7491ed71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650210
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72345}
2021-01-27 00:32:05 +00:00
Adam Klein
cb1a2c98e7 Revert "[cpu-profiler] Implement weak phantom finalizers for CodeMap entries"
This reverts commit 3a405b01ba.

Reason for revert: thread-sanitizer failures on Linux64 TSAN bot:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/35141/overview

Original change's description:
> [cpu-profiler] Implement weak phantom finalizers for CodeMap entries
>
> Listen to code deletion events by registering finalizers on code
> objects, a first stab at non-leaky long-lived code entries.
>
> Bug: v8:11054
> Change-Id: Ieaaa5b63508263bd261e8385f5bf5dd3baedf9c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2628587
> Commit-Queue: Andrew Comminos <acomminos@fb.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72342}

TBR=ulan@chromium.org,petermarshall@chromium.org,acomminos@fb.com

Change-Id: If22a893af469c9d4d3e00fb124c42cdc52b9a19b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11054
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649156
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72344}
2021-01-26 23:50:18 +00:00
Michael Lippautz
29b4d2a1b4 cppgc: Random style fixes and comment updates
Bug: chromium:1056170
Change-Id: I00511c69e9681a80993bcb8ddb370030fc3d208c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649030
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72343}
2021-01-26 22:43:44 +00:00
Andrew Comminos
3a405b01ba [cpu-profiler] Implement weak phantom finalizers for CodeMap entries
Listen to code deletion events by registering finalizers on code
objects, a first stab at non-leaky long-lived code entries.

Bug: v8:11054
Change-Id: Ieaaa5b63508263bd261e8385f5bf5dd3baedf9c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2628587
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72342}
2021-01-26 22:39:34 +00:00
Milad Fa
2e2fe5c6c0 PPC: [wasm-simd] Move i64x2.eq out of post mvp
Port 906b964462

Original Commit Message:

    This is merged into the proposal:
    https://github.com/WebAssembly/simd/issues/419#issuecomment-765675472.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I801c4337e2ea4671ef82cb1244b8da251d56fc2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650242
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72341}
2021-01-26 21:57:36 +00:00
Milad Fa
f111e0c572 [wasm-simd] Fix byte order when setting mask values
Multi byte values get stored on native host order when
arrays are being constructed, however as Wasm is LE enforced,
they get reversed on BE machines during simd load. This causes
incorrect values loaded into vector registers.

This CL will force mask elements to be saved in byte sizes
to eliminate endianness issues.

Change-Id: I7f2e5017664234e01fc8b51a95cdd852a418b651
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645586
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72340}
2021-01-26 21:40:24 +00:00
Ng Zhi An
4abba6d596 [wasm-simd][arm][liftoff] Implement store lane
Bug: v8:10975
Change-Id: I40b0c2c36553b44a510f8519b53195ab97f6f5a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645474
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72339}
2021-01-26 21:38:14 +00:00
Ng Zhi An
307f6dc976 [wasm-simd][arm64][liftoff] Implement store lane
Bug: v8:10975
Change-Id: I7d69b533fda8be369afe949699eea5abddda9a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645469
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72338}
2021-01-26 19:47:10 +00:00
Junliang Yan
d70c8f4530 s390x: [liftoff] implement store op
Change-Id: I96abe7c2b2a2c988867dda3cf823f11c00ddec87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650234
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#72337}
2021-01-26 19:12:40 +00:00
Ng Zhi An
173d660849 [wasm-simd][x64] Optimize i8x16.popcnt with aligned moves
movups is slower on older hardware (core2) than movaps, even if the
operand is aligned. (Not an issue on modern hardware).

Also move i8x16.splat(0x0F) to an external reference so we can load the
mask directly.

Bug: v8:11002
Change-Id: I0b01c27a142024d50b9faaa9e7bd6a1fe169e141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643242
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72336}
2021-01-26 19:03:10 +00:00
Ng Zhi An
a6eefe14db Add regression test case for WasmCompileLazy bug
Bug: chromium:1161555
Change-Id: I449c10984a55bb43b7221d66b195552835af21a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650352
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72335}
2021-01-26 18:43:55 +00:00
Ng Zhi An
2f7505b746 [wasm-simd][ia32][liftoff] Implement store lane
Factor out the v128.load32_lane code sequence into macro-assembler functions
to be reused by Liftoff.

Bug: v8:10975
Change-Id: I9f53b5d98dfd610c4feafb087f00e6fc6dfca8d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2645467
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72334}
2021-01-26 18:42:50 +00:00
Ng Zhi An
906b964462 [wasm-simd] Move i64x2.eq out of post mvp
This is merged into the proposal:
https://github.com/WebAssembly/simd/issues/419#issuecomment-765675472.

Bug: v8:11215
Change-Id: Ibe37c4f8a977ab9af1cc2dd083f1ebb88b27acfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647986
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72333}
2021-01-26 17:53:21 +00:00
Clemens Backes
1fa2b9ee63 [wasm][serialization] Publish all available units
Since publishing is sequential anyway, we can as well publish all
available units in one go. This avoids repeated locking in both the
queue and the NativeModule.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: Ie4b8914caaafd8d1e3330cb30f427aee6e571e9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644947
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72332}
2021-01-26 17:50:10 +00:00
Paolo Severini
4e9f651317 [test][turbofan] Add %ObserveNode intrinsic for node-specific tests
(Initially copied from nicohartmann@ CL
https://chromium-review.googlesource.com/c/v8/v8/+/2135631)

This CL adds a new intrinsic %ObserveNode(expr) which has noop semantics
but triggers the new NodeObserver set on the OptimizedCompilationInfo
when the node generated for expr is created or changed in any phase
(until EffectControlLinearization).

This provides the infrastructure to write reasonable unit tests that
check for the construction of or lowering to specific nodes (e.g.
depending on feedback).

When %ObserveNode(expr) is used an object of class ObserveNodeManager is
registered to every Reducer/GraphReducer and is notified by the Reducer
with all node changes. The same logic is added to classes
SimplifiedLowering/RepresentationSelector, which do not inherit from
class Reducer.

Observed Node modifications currently are:
 * The Node Operator
 * The Node type
 * Node replacements

A first use case (cctest/test-sloppy-equality.cc) is included in this CL.

Change-Id: Idc5a5e38af8b1d9a2ec5021bf821c4e4e1406220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2555219
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72331}
2021-01-26 17:38:00 +00:00
Ng Zhi An
80b975620a Reland "[wasm-simd][x64] Prototype i32x4.widen_i8x16_{s,u}"
This is a reland of 5a0938e593

The fix is in instruction-selector-x64.cc, the OpParameter is a
uint8_t, I typo-ed a int8_t.

Drive-by fix to maro-assembler-x64.cc to use movaps instead of movapd.

Original change's description:
> [wasm-simd][x64] Prototype i32x4.widen_i8x16_{s,u}
>
> This prototypes i32x4.widen_i8x16_s and i32x4.widen_i8x16_u for x64. It
> uses some masks and pshufb for the widening.  These masks (3 for each
> instruction) are stored as external references.
>
> Bug: v8:11297
> Change-Id: I6c8f55426bbb44b16ed552f393762c34c2524b55
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2617389
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72301}

Bug: v8:11297
Change-Id: Ie1df32bd4ef3c71532cab6f82a515f619b6a2b67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2648967
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72330}
2021-01-26 17:13:00 +00:00
Clemens Backes
c5c5d1447f [wasm] Fix tier down on streaming with error
Recompilation for tier down should not be triggered if the module had a
compile error. This CL ensures that by moving the recompilation a bit
later in the async compilation, to a place where a compile error would
have been detected already. An added DCHECK would catch similar bugs
earlier (crashing instead of timing out).

R=ahaas@chromium.org

Bug: chromium:1160031
Change-Id: I7eb3d2921db0f28bb39e9ec6150fd98fd4b99089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649028
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72329}
2021-01-26 17:00:53 +00:00
Dominik Inführ
4512066b33 [heap] Stop counting old-to-new slots in MinorMC
The number of old-to-new slots was used as a heuristic in
GetMaxConcurrency() to control the number of background jobs. The
calculation already caused a bug that was fixed in
https://crrev.com/c/2593247 and isn't used in a major mark-compact.
Reduce complexity by removing that heuristic.

Change-Id: I88989974a94230b7d6f59846f5b0cce14b4118ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649039
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72328}
2021-01-26 15:42:50 +00:00
Dan Elphick
1370b29e75 [build] Enable external flag header with defines
Due to some unusual build failures on some trybots,
v8_generate_external_defines_header was reverted to false. This turns it
back on but changes the behaviour so that defines are added to the
command line as well as to the header. Because the generated header
checks that flags that should be unset are actually unset and flags that
should be set are either unset or set to 1, this will cause build
failures on many types of mismatches, although it will not detect where a
flag is not set on the command line when it is set by the header.

If no further failures show up with this, the hybrid part can be removed
and the v8-gn.h header can stand on its own.

Bug: v8:11292, v8:11341
Change-Id: I1deeeebec58f79607e68a28f808649e884810923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649041
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72327}
2021-01-26 15:13:30 +00:00
Clemens Backes
bce455a3f0 [wasm][serialization] Skip redundant information
Writing out the number of functions in the module is unnecessary. That
number is only used for validation when reading back the value, but only
validating that number is pretty arbitrary and does not protect against
bugs or attacks. Hence skip these two header fields.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I083075e2c8959f99690fd1478d0950a25eb7311f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644946
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72326}
2021-01-26 15:07:20 +00:00
Clemens Backes
698508e1ea [wasm] Improve performance of WasmCodeRefScope
Holding an unordered set is surprisingly inefficient for large sets.
Switching to just a vector makes e.g. deserialization of large modules
30% faster. We pay in terms of memory usage though, so if there is ever
a use case where we are storing the same code objects multiple times, we
might want do add a deduplication algorithm which cleans up the vector
every now and then.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: I3983ee7f6f04ea7678b8da49fb5cec369693dbc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647260
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72325}
2021-01-26 15:04:20 +00:00
Andreas Haas
e4a9a790cc [wasm][liftoff][x64] Align frame size
The GC requires all slots in a stack frame that store a reference to be
aligned. This alignment was not provided for spill slots in OOL code.

R=thibaudm@chromium.org

Change-Id: I17492362318623aecc4c54635407d0c8badf3d36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649025
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72324}
2021-01-26 14:53:40 +00:00
Benedikt Meurer
7e2f11082b [inspector] Fix crash due to misuse of embedder fields.
The contract between V8 and Blink is that embedder fields belong to
Blink, at least when the object has two or more of them. Now we had 2-3
embedder fields used by the debug proxies and that was confusing Blink,
since it expects the first slot to hold an aligned pointer in that case
and we had a HeapObject reference stored there.

This is a quickfix, which avoids internal fields completely for the
context extension proxy (using interceptors on the prototype instead)
and changes the named proxies to store the name table under a private
symbol instead of using a second internal field.

A proper but way more involved fix is to introduce a proper instance
type here and use space in the header instead of misusing embedder
fields.

Fixed: chromium:1170283
Bug: chromium:1159402
Change-Id: I6c4bbe2fe88fef29a6b9946708588245efbbe72b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649033
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72323}
2021-01-26 14:52:30 +00:00
Clemens Backes
f30c268173 Revert "[wasm-gc] Remove abstract rtts"
This reverts commit b77deeca4b.

Reason for revert: MSVC compile fails: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/16535/overview

Original change's description:
> [wasm-gc] Remove abstract rtts
>
> In the latest wasm-gc spec, rtts of abstract types are no longer
> allowed. Consequently, canonical rtts of concrete types always have
> a depth of 0.
>
> Changes:
> - Change the immediate argument of rtts to a type index over a heap
>   type. Abstract it with TypeIndexImmediate in function body decoding.
>   This affects:
>   value_type.h, read_value_type(), decoding of relevant opcodes,
>   wasm subtyping, WasmInitExpr, consume_init_expr(), and
>   wasm-module-builder.cc.
> - In function-body-decoder-impl.h, update rtt.canon to always produce
>   an rtt of depth 0.
> - Pass a unit32_t type index over a HeapType to all rtt-related
>   utilities.
> - Remove infrastructure for abstract-type rtts from the wasm compilers,
>   setup-heap-internal.cc, roots.h, and module-instantiate.cc.
> - Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
>   from ref.test, ref.cast and br_on_cast implementations in the wasm
>   compilers.
> - Remove unused 'parent' field from WasmTypeInfo.
> - Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
>   and CreateArrayMap.
> - Use more convenient arguments in IsHeapSubtypeOf.
> - Update tests.
>
> Bug: v8:7748
> Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72321}

TBR=ulan@chromium.org,jkummerow@chromium.org,manoskouk@chromium.org

Change-Id: I2f0d97f1a34f7c81c5a97d7c37925cb84c66eea3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2650206
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72322}
2021-01-26 14:46:34 +00:00
Manos Koukoutos
b77deeca4b [wasm-gc] Remove abstract rtts
In the latest wasm-gc spec, rtts of abstract types are no longer
allowed. Consequently, canonical rtts of concrete types always have
a depth of 0.

Changes:
- Change the immediate argument of rtts to a type index over a heap
  type. Abstract it with TypeIndexImmediate in function body decoding.
  This affects:
  value_type.h, read_value_type(), decoding of relevant opcodes,
  wasm subtyping, WasmInitExpr, consume_init_expr(), and
  wasm-module-builder.cc.
- In function-body-decoder-impl.h, update rtt.canon to always produce
  an rtt of depth 0.
- Pass a unit32_t type index over a HeapType to all rtt-related
  utilities.
- Remove infrastructure for abstract-type rtts from the wasm compilers,
  setup-heap-internal.cc, roots.h, and module-instantiate.cc.
- Remove ObjectReferenceKnowledge::rtt_is_i31. Remove related branches
  from ref.test, ref.cast and br_on_cast implementations in the wasm
  compilers.
- Remove unused 'parent' field from WasmTypeInfo.
- Make the parent argument optional in NewWasmTypeInfo, CreateStructMap,
  and CreateArrayMap.
- Use more convenient arguments in IsHeapSubtypeOf.
- Update tests.

Bug: v8:7748
Change-Id: Ib45efe0741e6558c9b291fc8b4a75ae303146bdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2642248
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72321}
2021-01-26 13:54:09 +00:00
Pierre Langlois
4adf55a004 Reland "[diagnostics] Enable logging for --perf-prof and --ll-prof."
This is a reland of fcf28e8301

Original change's description:
> [diagnostics] Enable logging for --perf-prof and --ll-prof.
>
> Change-Id: I09722d0ce372a825dfe454583da433b38cf4de60
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647109
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
> Cr-Commit-Position: refs/heads/master@{#72311}

Change-Id: Ib304c42eb16000a67ecb0264e7714339e7a2bbd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649037
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#72320}
2021-01-26 13:20:59 +00:00
Pierre Langlois
28572ad078 [mac] Enable support for JSCVT in builtins.
When cross-compiling builtins, hardcode the fact that targeting MACOSX
enables JSCVT. This is useful when cross-compiling from a x86 Mac where
the compiler itself does not define __ARM_FEATURE_JSCVT for the
mksnapshot binary.

Change-Id: I2817f18de42b18f6236e5d5f26d574a0955a7557
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2637228
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72319}
2021-01-26 13:18:19 +00:00
Dan Elphick
02f17a8c24 [clang-tidy] Reserve space in vectors before pushing
This reserves space in a newly several newly created vectors before
pushing a known number of elements.

Change-Id: If3ba016395e7b509ced549b57279a049125c5d7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649034
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72318}
2021-01-26 13:06:09 +00:00
Clemens Backes
e284517ba8 [wasm][serialization] Allocate code in large chunks
On most platforms, we can do a single allocation for all code. On
platforms where this is not possible (e.g. ARM64 has a 128MB code space
limit), we will at least allocate big chunks instead of one chunk per
function. This reduces overhead in {WasmCodeAllocator} for maintaining
sets of used and available code space, and reduces locking during
deserialization.

In order to know how much code space to pre-allocate, the serializer
writes out the total code space size. This is then used during
deserialization to know how much code to expect.

R=thibaudm@chromium.org

Bug: v8:11164
Change-Id: If3846292544c7b6832b7a0b56357b74310f6fb23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2644942
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72317}
2021-01-26 12:55:00 +00:00
Michael Achenbach
2145c6c7b3 Revert "[diagnostics] Enable logging for --perf-prof and --ll-prof."
This reverts commit fcf28e8301.

Reason for revert: Speculative revert since all gpu bots are failing:
https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/13141

Original change's description:
> [diagnostics] Enable logging for --perf-prof and --ll-prof.
>
> Change-Id: I09722d0ce372a825dfe454583da433b38cf4de60
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647109
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
> Cr-Commit-Position: refs/heads/master@{#72311}

TBR=cbruni@chromium.org,jgruber@chromium.org,pierre.langlois@arm.com

Change-Id: I4f0fd218b707fd8eef9e1a5319d30012e76c88fd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649036
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72316}
2021-01-26 12:11:31 +00:00
Marja Hölttä
73d401b9d1 [test] Make worker related tests more fuzzable
Details: https://docs.google.com/document/d/1-Gi37Ks7rXMVVRkC_HkwGxenP7T1huQUOMrYOtkUCFk/edit?usp=sharing

Bug: v8:11340
Change-Id: Ia1d75270373a7ef2307e7ee0fd24da9ecfa27d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643381
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72315}
2021-01-26 12:09:59 +00:00
Georg Neis
ca5da5b9e5 [cleanup] Remove unused root empty_property_cell
Change-Id: I702f8c021490f0538a98cad9a61b1dbae60fb881
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649027
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72314}
2021-01-26 10:58:59 +00:00
Jakob Gruber
dda341e64e [compiler] Remove old hack for arguments adaptor frames
.. which applied to the AssemblePopArgumentsAdaptorFrame
function that no longer exists.

Drive-by: Remove unused functions in mips, mips64.

Bug: v8:11306
Change-Id: Ia47c4287a452afe0aea2be0902cb3adce15f02bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2649029
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72313}
2021-01-26 10:40:59 +00:00
Thibaud Michaud
e862ced330 [codegen] Use separate fields for access mode and lane size
The same bit field (MiscField) is currently used to encode either a SIMD
lane size or a memory access mode depending on the instruction.

For now this does not conflict, but in order to support protected loads
and stores on arm64, we will need to add a protected access mode to some
SIMD instructions that already encode a lane size (kArm64LoadSplat,
kArm64LoadLane, kArm64StoreLane).

To prepare for this, use non-overlapping bits of the Misc field to
encode the two properties.

R=zhin@chromium.org
CC=ahaas@chromium.org

Bug: v8:11098
Change-Id: I2320b2be74d023429f8b8c78a5736b13f53c0399
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2643390
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72312}
2021-01-26 09:47:20 +00:00
Pierre Langlois
fcf28e8301 [diagnostics] Enable logging for --perf-prof and --ll-prof.
Change-Id: I09722d0ce372a825dfe454583da433b38cf4de60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647109
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#72311}
2021-01-26 09:04:50 +00:00
Georg Neis
b7d26bda8b Revert "[test] Disable cctest/test-loop-analysis/LaEdgeMatrix2_0 on ODROID"
This reverts commit ec7e9a8dbc.

Reason for revert: failure was due to a clang bug that is fixed in
latest rolled clang.

Original change's description:
> [test] Disable cctest/test-loop-analysis/LaEdgeMatrix2_0 on ODROID
>
> Bug: chromium:1163847
> Change-Id: Iabb152cd1a5c04e2032cb1254d8b27ea081cbb27
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614427
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71952}

TBR=machenbach@chromium.org,leszeks@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug: chromium:1163847
Change-Id: Iba18918e8ceab166e7d5e9751e857f13142ed583
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2647153
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72310}
2021-01-26 07:09:30 +00:00