Rolling v8/build: 6da208e..929bcdb
Rolling v8/buildtools: 4be464e..98881a1
Rolling v8/third_party/aemu-linux-x64: KsPqcAfQNpcMneTUR-X2XLHNoNCcTLmqK-CIvqJ9zSMC..q6rFFTDSZ6MexUJ2yo5-IHfI0g1sohftVPqHt-TwJtYC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7874beb..4f6c1bb
Rolling v8/third_party/depot_tools: 6f9b1bf..77cd4b4
Rolling v8/third_party/icu: 715ec35..d3c1cdc
Rolling v8/tools/clang: 7371bff..cf34aa6TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I9ff0f860ce1064a3ae0fee99f46dbdc43cfb70fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2499883
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70778}
This reverts commit dde9376860.
Reason for revert: ubsan failures https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/13518
Original change's description:
> Add int64_t min and max to value helpers for test
>
> And also fix up a truncate float to int test that was using
> int list as input instead of a float list.
>
> Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70774}
TBR=clemensb@chromium.org,zhin@chromium.org
Change-Id: If0faa8be8c55715a529dfe777c0ad9819105fc5b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500925
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70777}
We fixed float->uint conversion checks in https://crrev.com/c/2491382,
and so we can use those checks here.
Bug: v8:10933
Change-Id: Ie2697aaf8fb7761541aca60d5d0a8812a8f39e41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497383
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70776}
The SpecialValue field used in the disassembler covers too wide a range,
this causes some duplication in the disassembler of instructions like
mov, since the SpecialValue includes a bit used for the immediate.
Attempt to refactor and follow the decoding guide given in the
architecture manual [0], F4.1 A32 instruction set encoding, with the
eventual goal for removing the duplicated instruction disassembly.
[0] ARM DDI 0487F.b ARMv8 A32 instruction set
Bug: v8:10933
Change-Id: Iddf4df317f9a5b29be2544ad2f9f93180e9bcdfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497395
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70775}
And also fix up a truncate float to int test that was using
int list as input instead of a float list.
Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70774}
i8x16.extract_lane_u is pextrb, and i16x8.extract_lane_u is pextrw, we
can merge them instead of having separate opcodes.
R=bbudge@chromium.org
Bug: v8:10975
Change-Id: I7793a795905157b6094b1470d3437988c982af91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2481834
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70771}
Most instructions need get_modrm, and it doesn't affect instructions
which don't use it, since get_modrm doesn't mess with any pointers.
Bug: v8:10933
Change-Id: I5b97d138f7e6ab78e6a72dc6fa4f0d5d0784a03f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497296
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70770}
This relands commit 61b56d1650
The fix is to capture variables used in the lambda.
Original change's description:
> [wasm-simd] Add more tests for v128 load zero
>
> Add tests for all valid alignments, and using memarg immediate offset
> instead of i32 index.
>
> Also randomize the memory to help catch cases where we are loading
more
> than we should, and accidentally get correct values with zero-ed
memory.
>
> Bug: v8:10713
> Change-Id: I443c2799ba0d539bf23c63760c08e18c4d36607f
> Reviewed-on:
https://chromium-review.googlesource.com/c/v8/v8/+/2487880
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70693}
Bug: v8:10713
Change-Id: Ib8fa58c6600d85a37fc0b6647ddbdb991f3b1c04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497382
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70769}
max concurrency is inferred from queue size for OLD_SPACE & MAP_SPACE.
Extra Sweeper::TearDown() in MarkCompactCollector::TearDown() is needed
to cancel job.
Change-Id: Iafba7d7d24e8f6e5c5a1d5c0348dea731f0ac224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480783
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70767}
Add support for empty values (i.e. set behaviour) and heterogeneous
lookup (lookup with a different key than the one you'll insert) to
TemplateHashMap, and use it for the string table in AstValueFactory.
Change-Id: I0c1487c9598127aac97059d4b9220e5c3c6283ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494705
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70765}
- The command line tool never fully worked
- All the main features of the map-processor are now available in
the system-analyzer
Bug: v8:10644
Change-Id: Ic55b1d6de561079b079045097856a3b4e5f4bb95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497178
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70764}
GCMole mistakenly thought that GC guards such as DisallowHeapAllocation
covered the whole scope of the function they are declared in. This CL
fixes the false negatives and adds appropriate testing.
Bug: v8:10071
Change-Id: Iffb369977af90ca053a55ca8f451e037a4f460f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497451
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70763}
Make the array elements in msunit/regress/regress-542823 larger, so that
it takes fewer of them to force the joined string to go into large
object space. Also, set the array's size dynamically based on the
maximum non-large object size, rather than having a fixed magic "large
enough" size, and verify that the resulting joined string is indeed in
LO space.
This reduces the runtime of this test under slow_path and gc-stress from
minutes to seconds.
Bug: v8:11060
Change-Id: I51d960b6a3e052199f50c1a6ba6fbce1b6d1ae38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498689
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70762}
This is a reland of bcb0a7c5c5.
Data races detected by TSan are fixed by using (relaxed) atomic
updates.
Original change's description:
> [wasm] Disallow late enabling of trap handlers
>
> It's dangerous if trap handlers are enabled after we already used the
> information whether they are enabled or not.
> This CL checks for such misbehaviour by remembering whether
> {IsTrapHandlerEnabled} was already called, and disallowing
> {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
> multiple times is disallowed now.
>
> The trap handler tests are changed to only enable trap handlers once,
> and to do that before allocating wasm memory or generating code.
>
> R=ahaas@chromium.org
>
> Bug: v8:11017
> Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70750}
Bug: v8:11017
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I24299c433ffa3ce31e2aac12134dc03f30609da2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498683
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70761}
Move CoverageInfo installation to the main-thread part of finalization.
Since this is debug-only, it won't affect non-debug compiles.
This allows us to use off-thread finalization when block coverage is
enabled, removing the last non-flag reason for disabling off-thread
finalization. This means we can remove the per-task "finalize
off-thread" flag on BackgroundCompileTask, and make off-thread
finalization always on when the flag is on.
Bug: chromium:1011762
Change-Id: Ib733d501c4043b493ded9a1951cceb5cfc524eb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497177
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70758}
For deserialized modules the compilation state was not set to
kFinishedTopTierCompilation and co. A consequence was that code that
required top tier compilation to be finished to block indefinitely.
With this CL the compilation state is initialized properly.
I tested this CL locally with the regression test mentioned in the bug
tracker issue. However, this regression test required to run this test
twice in separate processes. It would be possible to write a regression
test for this that runs on the bots, but I considered it not worth it.
R=clemensb@chromium.org
Bug: v8:11024
Change-Id: Ib4e75eae03fab13a3ff013118fc1f33a1278b33f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494930
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70757}
The counter gets created but isn't used anywhere.
R=clemensb@chromium.org
Bug: v8:10933
Change-Id: I480e601f8118475a3ce750ba97fdae6780342d49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497166
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70756}
msunit/regress/regress-542823 is intended to test large object
allocation in Array.prototype.join, but to do so it has a pretty
inefficient way of first building a large array.
Speed-up this test by using Array.prototype.fill, call .join directly,
and make the whole thing an IIFE to avoid global loads.
Bug: v8:11060
Change-Id: I5906bcb6c65b10ec830b026cf1f24acb6d5e1aaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498681
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70755}
The test creates an import error that references the current Script for
reporting the error location back to the embedder.
- This is not supported by the serializer
- We don't expect parse/import errors for serialization
Bug: v8:6513
Change-Id: Idf98e7ae189e8ffeaa478e5118a7b3f2d2c06047
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497171
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70754}
Due to the previous change to that function, we can end up with
set (non-null) fields even when the overall serialized_ field is
unset. This can cause DCHECK failures (I don't think it's otherwise
observable).
Bug: chromium:1142240,v8:7790
Change-Id: I2711fae8a73438277caf7aa539f24d628b03153c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497170
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70753}
This reverts commit bcb0a7c5c5.
Reason for revert: TSAN failure (https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33868)
Original change's description:
> [wasm] Disallow late enabling of trap handlers
>
> It's dangerous if trap handlers are enabled after we already used the
> information whether they are enabled or not.
> This CL checks for such misbehaviour by remembering whether
> {IsTrapHandlerEnabled} was already called, and disallowing
> {EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
> multiple times is disallowed now.
>
> The trap handler tests are changed to only enable trap handlers once,
> and to do that before allocating wasm memory or generating code.
>
> R=ahaas@chromium.org
>
> Bug: v8:11017
> Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70750}
TBR=ahaas@chromium.org,clemensb@chromium.org
Change-Id: I1d93dcb399e2a0b5b0543aa60d34087317c01cb3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497176
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70751}
It's dangerous if trap handlers are enabled after we already used the
information whether they are enabled or not.
This CL checks for such misbehaviour by remembering whether
{IsTrapHandlerEnabled} was already called, and disallowing
{EnableTrapHandler} afterwards. Also, calling {EnableTrapHandler}
multiple times is disallowed now.
The trap handler tests are changed to only enable trap handlers once,
and to do that before allocating wasm memory or generating code.
R=ahaas@chromium.org
Bug: v8:11017
Change-Id: Ib2256bb8435efd914c12769cedd4a0051052aeef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494935
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70750}
Split GlobalObject tagging into collecting pairs of tags, followed by
writing those tags into an unordered_map after entering a safepoint
scope. This ensures that we follow moved global objects if they move
in the GCs between the tagging and the safepoint.
Bug: v8:11050
Change-Id: I333d50d000ec49e6c4218e71f0cc84a49b460ecf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494932
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70749}
This is a reland of b66993bcfb
Nothing changed in the reland, the original CL was not the
culprit for win32 failures. They started earlier, at
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29444
Original change's description:
> [code] Separate instruction and metadata areas
>
> In this CL, Code object layout changes s.t. the instruction
> area is distinct / non-overlapping from the metadata area.
>
> On-heap Code objects now have a variable-size `body` area,
> containing distinct-but-adjacent `instruction` and `metadata`
> areas.
>
> Off-heap code (= embedded builtins) currently have the same,
> but in the future the metadata area will move elsewhere and
> no longer be adjacent to instructions.
>
> To implement this, the main changes are:
>
> - The Code object header now contains instruction and metadata
> sizes, and no longer contains the safepoint table offset
> (it's implicitly the first table of the metadata section).
> - The embedded metadata table contains information about both
> instruction and metadata areas.
>
> I've also added assertions in spots that currently rely on a
> contiguous body area.
>
> Bug: v8:11036
> Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70743}
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Tbr: leszeks@chromium.org, clemensb@chromium.org, dinfuehr@chromium.org
Bug: v8:11036
Change-Id: I238562d7e25cf28cc689856ee8b17f25627aaee7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497162
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70747}
Change-Id: I3d62b93d5a643c06626b34a8d69b09a7d50ec439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491382
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70745}
This reverts commit b66993bcfb.
Reason for revert: Broke v8 win32 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29454?
Original change's description:
> [code] Separate instruction and metadata areas
>
> In this CL, Code object layout changes s.t. the instruction
> area is distinct / non-overlapping from the metadata area.
>
> On-heap Code objects now have a variable-size `body` area,
> containing distinct-but-adjacent `instruction` and `metadata`
> areas.
>
> Off-heap code (= embedded builtins) currently have the same,
> but in the future the metadata area will move elsewhere and
> no longer be adjacent to instructions.
>
> To implement this, the main changes are:
>
> - The Code object header now contains instruction and metadata
> sizes, and no longer contains the safepoint table offset
> (it's implicitly the first table of the metadata section).
> - The embedded metadata table contains information about both
> instruction and metadata areas.
>
> I've also added assertions in spots that currently rely on a
> contiguous body area.
>
> Bug: v8:11036
> Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70743}
TBR=jgruber@chromium.org,leszeks@chromium.org,clemensb@chromium.org,dinfuehr@chromium.org
Change-Id: Ia52ac609a47b8a2038a2511f0af8526ebdfe4719
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:11036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497381
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70744}
In this CL, Code object layout changes s.t. the instruction
area is distinct / non-overlapping from the metadata area.
On-heap Code objects now have a variable-size `body` area,
containing distinct-but-adjacent `instruction` and `metadata`
areas.
Off-heap code (= embedded builtins) currently have the same,
but in the future the metadata area will move elsewhere and
no longer be adjacent to instructions.
To implement this, the main changes are:
- The Code object header now contains instruction and metadata
sizes, and no longer contains the safepoint table offset
(it's implicitly the first table of the metadata section).
- The embedded metadata table contains information about both
instruction and metadata areas.
I've also added assertions in spots that currently rely on a
contiguous body area.
Bug: v8:11036
Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70743}
Rolling v8/build: 27ce505..66f5e37
Rolling v8/third_party/aemu-linux-x64: dfMpR8E7Ie1gS4Mf_DWloGOmZIegnZWNA0kcMr7jPlkC..KsPqcAfQNpcMneTUR-X2XLHNoNCcTLmqK-CIvqJ9zSMC
Rolling v8/third_party/android_platform: fc6c684..ef64306
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/982bf51..7874beb
Rolling v8/third_party/depot_tools: b3a1dba..6f9b1bf
Rolling v8/third_party/markupsafe: f2fb0f2..0944e71
Rolling v8/tools/clang: df55bc4..7371bffTBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I3c46706e042fcfe80aaee5ac6298e93c09dce8e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2496578
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70742}
This is a reland of eb6b4ce1d8
Skip test that serializes Error which references a Script. All errors
created by ThrowAt store the current Script under the
error_script_symbol.
Original change's description:
> [runtime] Use Isolate::ThrowAt with MessageLocation
>
> Fix various missing source positions when reporting parse and compile
> errors. Namely this fixes missing source positions when having invalid
> module imports.
>
> - Use Isolate::ThrowAt with valid MessageLocation objects
> - Change public Isolate::Throw to no longer accept MessageLocation to
> avoid misues
> - Introduce private Isolate::ThrowInternal that accepts MessageLocation
>
> Bug: v8:6513
> Change-Id: I3ee633c9fff8c9d361bddb37f56e28a50c280ec1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467839
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70623}
Bug: v8:6513
Change-Id: Icba74f74178e28fbda0fd0c237eeb7bacbc33570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487123
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70741}
JS now allows string literals as export names, which the current regexp
used to discover module files to push to Android for running tests does
not account for.
Bug: v8:10964
Bug: v8:11049
Change-Id: I6f26f44a98f1d2c91ad69b171faa3f201f8f1e7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492055
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70739}
The dynamic map check builtin loads the feedback vector from the
function's frame, therefore it doesn't work if we inline the
function. We don't do inlining on TurboProp so this is fine, but
it was possible to enable dynamic map checks on TurboFan which does.
This change prevents that, and also makes the dynamic map checks flag
specific to TurboProp and no longer an implication, which also allos
it to be switched on the command line independenly of --turboprop.
BUG=chromium:1141502,v8:9684
Change-Id: I365de461a6373335a45a7a154af7d4cf1c13dc2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494928
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70737}
This is a reland of 90ea9b35cb
Original change's description:
> cppgc: Port backing store compaction.
>
> This CL ports the existing backing store compaction algorithm from
> blink. It does not attempt to improve on the existing algorithm.
>
> Currently only unified heap uses the compaction implementation. It is
> never triggered through standalone GCs.
>
> The compaction implementation resides within an internal "subtle" namespace.
>
> Bug: v8:10990
> Change-Id: I4aa781db1b711e7aafc34234c4fb142de84394d7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2485228
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70714}
Bug: v8:10990
Change-Id: I527c2042a26648d058bfe4d355527cce9a3eeadc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2492331
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70736}
1. Remove {kOneGiB}, use the global {GB} instead.
2. Inline {GetGuardedRegion} into the single caller {GetRegion}, to
remove another "#if V8_TARGET_ARCH_64_BIT".
3. Rename {GetRegion} to {GetReservedRegion}.
R=ahaas@chromium.org
Bug: v8:10933
Change-Id: I3b26ae0036db0d910165ed4d993d27262f2cb5ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491035
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70734}
If trap handlers are disabled, we don't need guard regions around wasm
memories. Hence use the dynamic {trap_handler::IsTrapHandlerEnabled()}
check, instead of always reserving guard regions on all 64-bit
platforms.
This will allow to reserve pretty much arbitrarily many wasm memories if
trap handlers are disabled.
Two tests are added to test the number of memories that can be
allocated: With trap handlers, at least 50 memories should always be
possible. Without trap handlers, 10000 small memories should not be a
problem (each one is taking 64kB, so it's 640MB overall).
Drive-by: Improve tracing.
R=ahaas@chromium.org
Bug: v8:11017
Change-Id: Ic4c620f63dfbef571e64df0b3372b83a1db566ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491034
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70732}
The TryMigrateInstance should be passed the instance object to migrate,
not the map of the object. Also make the runtime function explicitly
check for JSObjects.
BUG=v8:9684
Change-Id: I03605d9f3103b618243c12ad0b63035484ef4134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2487270
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70731}
CppHeap is currently set up to always finalize with no stack.
Finalizing with actual current stack state breaks our unified heap
unittests. This is fixed by having test specify which stack state
to pass CppHeap.
Bug: chromium:1056170
Change-Id: I1a6c3870abbdf56917c20c6a75580b6c516d828c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2494924
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70729}
