The instance_size of a live map can change via ShrinkInstanceSize. This
change was outside of the scope of the MapUpdater. In order to have a
consistent view of the data, the concurrent reader will access the map
updater lock if needed.
Also refactor MapUpdaterMutexDepthScope (now named
`MapUpdaterGuardIfNeeded`) so that A) it's not possible to forget to
lock it, and B) add V8_NODISCARD to the class.
As a second refactor use std::function in TraverseCallback.
Bug: v8:7790
Change-Id: I57dd00699ccb1c9f132a950db93704b07ca115ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862765
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74592}
This reverts commit 445f0f743e.
Reason for revert: TryMakeRef is again ready for this.
Original change's description:
> [compiler] Temporarily change ContextRef back to kSerialized
>
> This can be reverted once TryMakeRef checks the heap predicate.
> I'm not reverting the previous CL because newer changes already depend
> on it.
>
> Tbr: jgruber@chromium.org
> Bug: v8:11765, v8:7790
> Change-Id: Iacc6a78a70fe6f40c9421258889c2175fb400b04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891579
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74531}
Bug: v8:11765
Bug: v8:7790
Change-Id: I0b38791255182f1f8d0a5cf79f18d86568172487
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897101
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74591}
This ends up cleaning up the last of the macros in object-macros which
were using `synchronized_`. There are still a few methods which use
`synchronized_` but those were defined ad-hoc (i.e. w/o macros).
Bug: v8:7790
Change-Id: Ib2d35030fd032293e746c09e10156e526af8d032
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897085
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74589}
This will allow us to refactor those V8 files without being concerned
about potential interference with the security of the trap handler.
This requires the duplication of V8_EXPORT_PRIVATE, the CHECK/DCHECK
macros, and V8_DISABLE_ASAN. The trap-handler specific definitions
are prefixed with "TH_".
R=ahaas@chromium.org
Bug: v8:11755
Change-Id: Iac39b553704ef50e51937375c8db805d57ce2625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880218
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74588}
This is a reland of 5f0ac36cc6
Fixes Ref construction failures in:
- MapRef::instance_descriptors
- NativeContext reads (see also crrev.com/c/2891575)
Original change's description:
> [compiler] Consider IsPendingAllocation in Ref construction
>
> The logic in JSHeapBroker::TryGetOrCreateData assumes that parts
> of the object are safe to read. In particular, the instance type
> must be readable for the chain of `Is##Name()` type checks.
>
> This is guaranteed if
>
> - a global memory fence happened after object initialization and
> prior to the read by the compiler; or
> - the object was published through a release store and read through
> an acquire read.
>
> The former is protected by the new call to ObjectMayBeUninitialized
> (which internally calls IsPendingAllocation) in TryGetOrCreateData.
>
> The latter must be marked explicitly by calling the new
> MakeRefAssumeMemoryFence variant.
>
> Note that support in this CL is expected to be incomplete and will
> have to be extended in the future as more cases show up in which
> MakeRef calls must be converted to MakeRefAssumeMemoryFence or to
> TryMakeRef.
>
> Bug: v8:7790,v8:11711
> Change-Id: Ic2f7d9fc46e4bfc3f6bbe42816f73fc5ec174337
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874663
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74474}
Bug: v8:7790,v8:11711,chromium:1207680,chromium:1207679
Change-Id: Ib3dbf59909e6982a3230dd6a67c9fb7d6ffb9ab4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886861
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74587}
V8 uses "thread_local" since several years now, so we can assume it to
be available on all platforms. This avoids a cumbersome macro
definition.
R=ahaas@chromium.org
Bug: v8:11755
Change-Id: I64826188a15a22238ffbcb3215a5b5d66470d573
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885038
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74585}
This CL fixes a failed DCHECK due to incorrect heap capacity.
Also skips three new tests that create multiple isolates.
Bug: v8:11641
Change-Id: I1061b3370efbe2b272bd490705fc728d6bb26910
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2896644
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74583}
This CL makes a call to CollectCallFeedback from Ignition load the receiver lazily, which may improve the performance of Octane/{Richards, Delta-Blue} with --no-opt for 1-3%.
Bug: chromium:1207349
Change-Id: I5fb09d5c5662ef8714acf71dd7341d3164b44f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2895358
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/master@{#74580}
Rolling v8/build: 00d8280..2123428
Rolling v8/buildtools: b0912f9..20b1d0f
Rolling v8/third_party/aemu-linux-x64: JANUSSL6vlpZwl7eeXT1Jv3TTKfhHXjW18WlDQyun4kC..WNXEl7yxDUmMN9Rkovz3EfBwNd26BEXmanIIz_jO2DgC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/affd272..a532699
Rolling v8/third_party/depot_tools: 5974ca0..cd15203
Rolling v8/third_party/instrumented_libraries: 084aee0..4ae2535
Rolling v8/third_party/zlib: 3e6d345..5ce08a7
Rolling v8/tools/luci-go: git_revision:d7393d163ecb11c44626b3b221f86efdd2861565..git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2
Rolling v8/tools/luci-go: git_revision:d7393d163ecb11c44626b3b221f86efdd2861565..git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2
Rolling v8/tools/luci-go: git_revision:d7393d163ecb11c44626b3b221f86efdd2861565..git_revision:bbac8f199026d706b08e53ca46d1a9560ae580d2
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I4c2ade9ac20eb15d20bd469b888d67a4c3a67430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2898781
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74576}
This option is used for --stress-snapshot when sharing the RO heap. The
RO heap is shared, so deserializing non-startup snapshots need to ensure
they use the same RO object cache mapping as the startup snapshot.
Cq-Include-Trybots: luci.v8.try:v8_linux64_gc_stress_custom_snapshot_dbg_ng
Bug: v8:11750
Change-Id: Ia2baa24d5b7d494ef5b7ff3c9cbcee846881182e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897945
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74574}
wasm-scope-info requires SIMD, since it prints the value of the SIMD
value in scope. We skip it using statusfile when SIMD is not supported.
Change-Id: Id64e130a1c497bae95ec5e794ad05816f8c908e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893568
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74573}
This allows us to eliminate some boilerplate.
Bug: v8:7790
Change-Id: Id3a14f27621435ea4e7cbf8daf68b71da62e3f1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2875209
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74572}
This is to make space for new instructions, such as br_on_non_null.
Change-Id: Id631478a1c0da2c20efe81aabe755d5fda841dba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897086
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74570}
Mimics the kArchStoreWithWriteBarrier store in generated code by having
a relaxed store to the same address, with the same value. This is done
in order for TSAN to see these stores from generated code.
Since it is done only for kArchStoreWithWriteBarrier TSAN will see
tagged stores only.
Bug: v8:7790, v8:11600
Change-Id: I275dd46f5556b3a095c416adc03f2f0ac5bde41c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848470
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74568}
This CL simplifies the approach to HeapNumbers in concurrent
compilation. We'll only create a HeapNumberRef for immutable
HeapNumbers -- this means that we don't need to validate the read
of the value with a compilation dependency check. Mutable
HeapNumbers are handled differently (the value is read for
constant folding, and protected with a constant field dependency).
This CL includes 2 reverts:
Revert "[compiler] Make HeapNumberRef background serialized"
Revert "[compiler] Fix endianness issue when reading HeapNumber"
Bug: v8:7790
Change-Id: I24e65583b787c214b917e96e789d711c2a7c9694
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891576
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74567}
This CL adds support for regular expressions. To serialize a regular
expression, the pattern and flags are extracted and serialized as
strings.
Also, JSRegExp::StringFromFlags() is introduced to allow for
transforming back from JSRegExp::Flags to the corresponding flag string.
To verify that this implementation is on par with
RegExp.prototype.flags, unittests are introduced under
regexp/regexp-unittest.cc and RegExpBuiltinsAssembler::FlagsGetter()
is updated to include a slow path that calls JSRegExp::StringFromFlags()
through a runtime function.
Bug: v8:11525, v8:11706
Change-Id: I9cad4c464129ba1cbf64672130d8410730d7d679
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878751
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74566}
Make sure we have no pending promises if correctness fuzzing is active.
Due to fast-paths we might not create all intermediate promises
that aren't spec visible. However, promise hooks might expose them
and cause different output which in turn breaks correctness fuzzing.
Drive-by-fix:
- Replace IsAnyPromiseHookEnabledOrDebugIsActiveOrHasAsyncEventDelegate
with NeedsAnyPromiseHooks
Bug: v8:1207791
Change-Id: I5b956336c43348e029c3e283993d4140a8897439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886862
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74565}
Calling SharedFunctionInfoRef::GetBytecodeArray is expensive as it
needs to call HeapBroker::GetOrCreateData each time. Instead have
bytecode graph builder save the bytecode_array and use it instead.
BUG=v8:9684,v8:7790
Change-Id: I1e847a8e371142f0108fbfbb1e151edf1c55beb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892667
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74564}
Various WebAssembly APIs that don't have observable side-effects aren't
marked as such, leading to the inability of DevTools front-end to
generate eager evaluation previews in the Console, and also making them
unusable in conditional breakpoints and logpoints.
Bug: chromium:1164241
Change-Id: I8f0675d2ed5b362b34a6f6c756d372a61e9e8564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891571
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74563}
Added a CSA assertion to disallow page access when FLAG_enable_third_party_heap = true.
Also skipped two PageFromAddress callers in CSA that is not necessary when barriers are disabled.
Bug: v8:11641
Change-Id: Ib0e3ff7a7dbacb7c6e7a53a720b95e51cdf2e645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878757
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#74562}
Rolling v8/build: 80d2921..00d8280
Rolling v8/buildtools: 9b15350..b0912f9
Rolling v8/third_party/aemu-linux-x64: KMQBSqcXw7u61OKLUonbaZeROpW1KXX9tM-8Klzxus8C..JANUSSL6vlpZwl7eeXT1Jv3TTKfhHXjW18WlDQyun4kC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/52e67e7..affd272
Rolling v8/third_party/depot_tools: f5c054c..5974ca0
Rolling v8/third_party/zlib: c830e4e..3e6d345
Rolling v8/tools/clang: 06d525c..f6e0cbe
Rolling v8/tools/luci-go: git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92..git_revision:d7393d163ecb11c44626b3b221f86efdd2861565
Rolling v8/tools/luci-go: git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92..git_revision:d7393d163ecb11c44626b3b221f86efdd2861565
Rolling v8/tools/luci-go: git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92..git_revision:d7393d163ecb11c44626b3b221f86efdd2861565
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I9405aae219860c21833081ad67e006d7b1048b71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2895357
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74561}
This reverts commit a61aa4919f.
Reason for revert: Did not fix the original issue with chromium
tests toggling jitless mode after V8 has already been initialized
on Win64.
Original change's description:
> [ptr-cage] Better support sharing CodeRange with re-embedded builtins
>
> If a shared CodeRange is already allocated when creating an Isolate in
> jitless mode, the CodeRange will be used. This is to better support the
> following use pattern:
>
> ```
> FLAG_jitless = false;
> v8::Isolate::New();
> FLAG_jitless = true;
> v8::Isolate::New();
> ```
>
> Note that the other direction of toggling jitless from true to false is
> unsupported and may have undefined behavior.
>
> Bug: v8:11460
> Change-Id: I1c451c53bc160be4122056d8b309323a94d4b8b6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2890591
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74535}
TBR=ishell@chromium.org
Bug: v8:11460
Change-Id: I0acd7d0d444efbf6b9860bcc5e91034319b78601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893827
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74559}
xxbrq includes a constant value of `31` as part the opcode. This CL
includes this constant within constants-ppc instead of adding
it while emitting code.
Change-Id: I897f5f86165c7b006a829dcb2ee2a0c9dc2ef1b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891935
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74558}
vnegw and vnegd are also added to the opcode list as well
as the disassembler and the simulator.
Change-Id: I852fbe4469b2dd3c3872aa846a0b680e35e1dba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892630
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74556}
OutputRegister does not always exist, so we add a TempRegister to store
the comparison result.
Change-Id: I47b2500c28be85a66cab1de669ed62401f878e1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2885475
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#74554}
Rolling v8/build: 4e27ee8..80d2921
Rolling v8/buildtools: e72cd45..9b15350
Rolling v8/third_party/aemu-linux-x64: pwjSs3IapHTvM0wB7z3723g8rjsQnCWikZJhQxtBetsC..KMQBSqcXw7u61OKLUonbaZeROpW1KXX9tM-8Klzxus8C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/302ca09..52e67e7
Rolling v8/third_party/depot_tools: b65bbfe..f5c054c
Rolling v8/third_party/icu: cd9f9a9..f022e29
Rolling v8/third_party/zlib: 618ddec..c830e4e
Rolling v8/tools/clang: 53a9334..06d525c
Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92
Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92
Rolling v8/tools/luci-go: git_revision:37e5f238829f911f85b62d66670d2fbd88354ef1..git_revision:e03dc36a7374fdf2331886695fa8b13457e15b92
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I0fc0fff630915f8fedea52785a54085a9cb7aafd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892384
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74551}
In debug mode, these will currently cause a DCHECK failure or a
segmentation fault.
See also: https://github.com/riscv/v8/issues/490
Change-Id: I2a4b8e0c9b0fb85393b41b1016b2caa2f013bcc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2881505
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74550}
This is a reland of 054ff044bc
Change since revert:
- Remove assignment to FLAG_enable_short_builtins in test since
it's write-once in CFI.
Original change's description:
> Reland^2 "[ptr-cage] Turn on shared pointer cage by default for arm64 and x64"
>
> This is a reland of 1f504c36da
>
> Changes since revert:
>
> - Removed disabling of RO heap sharing when --stress-snapshot is passed;
> was fixed by f4a6c628c9
> - Fixed crashing tests that caused revert separately in
> a61aa4919f
>
> Original change's description:
> > > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> > >
> > > Reviewed-on:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#74422}
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dan Elphick <delphick@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74448}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74546}
TBR=adamk@chromium.org
Bug: v8:11460
Change-Id: Ib7526270d421a562cb00aec9a28b4fc2296e4a86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2893567
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74548}
This is a reland of 1f504c36da
Changes since revert:
- Removed disabling of RO heap sharing when --stress-snapshot is passed;
was fixed by f4a6c628c9
- Fixed crashing tests that caused revert separately in
a61aa4919f
Original change's description:
> > [ptr-cage] Turn on shared pointer cage by default for arm64 and x64
> >
> > Reviewed-on:
> https://chromium-review.googlesource.com/c/v8/v8/+/2873226
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74422}
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878855
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74448}
Bug: v8:11460
Change-Id: I4e491574437f4c832e24b29815de6bdfd8975511
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891460
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74546}
This is a reland of 3356078ae1.
The fix is in PS2:
- fix the DCHECK to be triggered only if dst != src, the dcheck
is meant to prevent rep from being overwritten, which happens only
if dst != src
- fix instruction selector for f64x2.replace_lane, require SameAsFirst
only for non-AVX, which makes dst == src, saving a move
- on x64 we also require all registers, since the macro-assembler
helper only handles registers
Original change's description:
> [wasm-simd][x64][ia32] Factor f64x2.replace_lane into shared code
>
> This pblendw/movlhps combination has lower latency and requires less
> unop than pinsrq (1 v.s. 2).
>
> Bug: v8:11589
> Change-Id: I770b0c20a286774afefbac5ef0adffe463318f21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2828871
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74049}
Bug: v8:11589
Change-Id: I51cba0539d5241242dc4d7d971ede1940b9ac1fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2842264
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74545}