Take into account that the implicit rethrow at the end of a try block
might unpack the exception values, and reserve enough stack space for
them.
This is normally done for all throwing opcodes before the switch, but
'end' is not considered a throwing opcode, which is why it needs special
handling.
Also clean up by factorizing the rethrow logic.
R=ahaas@chromium.org
Bug: chromium:1186795
Change-Id: I6fde1b88085db95a9cab32c2c8e0ed1d28b64a32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783024
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73627}
It needs to return the ToObject-converted receiver, not the original
receiver.
Bug: v8:11362
Change-Id: I6404122c91402ea58851238d074951f1b7f2a039
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783036
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73626}
toString on JS Proxies are leaking, see this sample code:
undefined[Function.prototype.toString]
undefined[new Proxy(Function.prototype.toString, {})]
This change fixes the behavior.
Patch credits to Yusif <yusif.khudhur@gmail.com>
Change-Id: Id82a0a5c245469973452a3e6609cb91978274b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739980
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73625}
Recently we changed feedback vector allocation to be based on the
bytecode size of the function. The threshold at which the feedback
vectors are allocated was set to 12 * bytecode size of the function.
This caused a couple of regressions on IC:duration and some regressions
on other benchmarks. To avoid these regressions this cl reduces the
scale factor to 8 instead of 12.
Bug: chromium:1187733
Change-Id: I0553d368434499cc52a6e786b5de6d6b954e6546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778295
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73624}
Every page that can be accessed concurrently during marking needs to be
synced to avoid data races with page alloation. TraceTrait for mixins
uses the object start bitmap of a page and thus requires a sync.
Bug: chromium:10561670
Change-Id: Ia26be973019dcd1d9f7650cc139b16369d515df6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783023
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73623}
We are disabling loop unrolling for wasm until we find a solution to
some stability problems.
Bug: v8:11298, chromium:1184929
Change-Id: I21c66d37b1606175a5ed44b6db0269651da1f3c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780298
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73622}
This reverts commit bdcd7d79d3.
Reason for revert:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Future/7996/blamelist
Original change's description:
> [sparkplug][deoptimizer] Deoptimize to baseline.
>
> If we have baseline code, deoptimize to baseline instead of the
> interpreter. The process is similar to deopting to the interpreter.
> We just use different builtins
> (BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
> InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
> patch an interpreter frame to a baseline frame and continue execution in
> baseline code (based on the deopt type, at the current or next
> bytecode).
>
> Bug: v8:11420
> Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73609}
Bug: v8:11420
Change-Id: Ie8b936df343b9194c0a6e50e0c44b67c0d9a012d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783030
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73621}
Rolling v8/build: b43166a..cb055e2
Rolling v8/buildtools/third_party/libc++abi/trunk: 4e07843..731dd85
Rolling v8/third_party/aemu-linux-x64: osbsa1Jjgk8WbE3Ckv8288sgvejWZeAN8DB42wp0YV8C..oZxl99tyPs7o9Eq0hlPel1m4iyPu1Z92wj2Llb6HWwEC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/e46359d..25699ba
Rolling v8/third_party/googletest/src: 07f4869..1a8ecf1
Rolling v8/tools/luci-go: git_revision:edffd3478bb26469c614610d1a1c323b7e798b07..git_revision:689d9817823a3bc34ff2b7a3c45c7e6b41a70ca2
Rolling v8/tools/luci-go: git_revision:edffd3478bb26469c614610d1a1c323b7e798b07..git_revision:689d9817823a3bc34ff2b7a3c45c7e6b41a70ca2
Rolling v8/tools/luci-go: git_revision:edffd3478bb26469c614610d1a1c323b7e798b07..git_revision:689d9817823a3bc34ff2b7a3c45c7e6b41a70ca2
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I099d7793c63d11280691927b559065c96411a697
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782606
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73619}
Port bdcd7d79d3
Original Commit Message:
If we have baseline code, deoptimize to baseline instead of the
interpreter. The process is similar to deopting to the interpreter.
We just use different builtins
(BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
patch an interpreter frame to a baseline frame and continue execution in
baseline code (based on the deopt type, at the current or next
bytecode).
R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I3230f3f3c6506230b2751a3389f10b022dec61a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783022
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73618}
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/2720300.
As compared to the original version, it adds
--no-stress-flush-bytecode to the const-dict-tracking.js test
Original description:
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.
Bug: v8:11248
Change-Id: I896e5dc59821f88abdb7a743e21ca3a700af9db2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782280
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73617}
We can keep the non-atomic accessors for read/write since we set the
prototype on the map at initialization.
Bug: v8:7790, chromium:1150811
Change-Id: Ied7763c87a71c6aa93099dec3405873ab7419643
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773052
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73615}
This reverts commit b1883dc3e1.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20GC%20Stress/17269/overview
Original change's description:
> [dict-proto] TF support for constants in dictionary mode protos, pt. 3
>
> This CL is part of a series that implements Turbofan support for
> property accesses satisfying the following conditions:
> 1. The holder is a dictionary mode object.
> 2. The holder is a prototype.
> 3. The access is a load.
>
> This feature will only be enabled if the build flag
> v8_dict_property_const_tracking is set.
>
> This particular CL implements support for the case that the property
> in question is an accesor, meaning that the given PropertyAccessInfo
> has kind kAccessorDictionaryProtoConstant.
>
> Bug: v8:11248
> Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Frank Emrich <emrich@google.com>
> Cr-Commit-Position: refs/heads/master@{#73607}
Bug: v8:11248
Change-Id: Id753354a5ccddd1a05ecf9aec3267f152ef713c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780299
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73612}
The most common case is still one of the unconditionally supported (MVP)
types. Hence avoid the switch and the flags / CPU features lookup in the
hot function, and offload that to a rarely called function. The fast
path is now just a bit check via an EnumSet.
R=thibaudm@chromium.org
Change-Id: I0cee94640bcc0e5e0fa636e23eb0ba5460d8b8fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778271
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73611}
This is a reland of c4b44d5d48
Original change's description:
> [bigint] Begin src/bigint refactoring
>
> This patch moves a first function, Compare, from src/objects/bigint.cc
> to src/bigint/, to blaze the trail. More to follow!
>
> Bug: v8:11515
> Change-Id: Id7fa0b40ea852dbed1360f7ab439cb32d0c15762
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737295
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73511}
Bug: v8:11515
Change-Id: I50a81593a8acaa91161bb01a445bddbb8e6315c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773804
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73610}
If we have baseline code, deoptimize to baseline instead of the
interpreter. The process is similar to deopting to the interpreter.
We just use different builtins
(BaselineEnterAtBytecode/BaselineEnterAtNextBytecode) instead of
InterpreterEnterBytecodeDispatch/InterpreterEnterBytecodeAdvance, that
patch an interpreter frame to a baseline frame and continue execution in
baseline code (based on the deopt type, at the current or next
bytecode).
Bug: v8:11420
Change-Id: Iabaefb36c05155a435c7b380906a86d9b9d549fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695591
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73609}
This is a reland of ef808d3ba5
Original change's description:
> [torque] Protect against printing Type* pointers
>
> I've noticed a frequent mistake within Torque is to use Type* pointers
> with ostream's operator<<, which causes it to print a hex pointer rather
> than a descriptive string. This can cause confusing error messages for
> users of the Torque compiler. This change is an idea to prevent future
> incidences of that problem by adding a template overload that will cause
> a compilation failure if anybody tries to use Type* in this way. It
> found two incorrect uses of Type*, which I've corrected.
>
> Bug: v8:7793
> Change-Id: I85fafb333a89f8a3fed4346bdd154d70846a63d1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748936
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#73574}
Bug: v8:7793
Change-Id: Id775c88d67c2fb4fbef38ef889c39dff3b6ff6b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778727
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#73608}
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL implements support for the case that the property
in question is an accesor, meaning that the given PropertyAccessInfo
has kind kAccessorDictionaryProtoConstant.
Bug: v8:11248
Change-Id: Id082107edd45fa91a3f1d96aa9df345a60f46917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720300
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73607}
A late optimization step is only needed if Allocate operators get
expanded in MemoryOptimization, which is not the case for Webassembly.
Bug: v8:11510
Change-Id: I0e1af9922704d6a51f1257861ecc1e8a8faccc72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780295
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73606}
`registers` is only used on platforms which support sparkplug.
Bug: v8:11420
Change-Id: Ia08fb1b76194db222703a64618fc2dcb00f58c96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780013
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73605}
This is a workaround for not having escape analysis for wasm
(machine-level) turbofan graphs.
Additional change:
Move IsFreshObject to NodeProperties.
Bug: v8:11510
Change-Id: Ibd63f4352adaa58a25f07e025c9a2c395dc669b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773345
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73604}
This CL is part of a series that implements Turbofan support for
property accesses satisfying the following conditions:
1. The holder is a dictionary mode object.
2. The holder is a prototype.
3. The access is a load.
This feature will only be enabled if the build flag
v8_dict_property_const_tracking is set.
This particular CL implements support for the case that the property
in question is a data property, meaning that the given
PropertyAccessInfo has kind kDataDictionaryProtoConstant.
Support for accessor properties is added in a separated CL.
Bug: v8:11248
Change-Id: I8794127d08c3d3aed6ec2a3eb19c4c82bdf2d1df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718229
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73603}
This CL adds:
a) Helper macros that access the meta table, used in follow-up CLs
b) Infrastructure for building efficient accesses to the meta table
Bug: v8:11330
Change-Id: I5494c3048a4f82f21871437dfe367d6a456c8257
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773004
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73602}
When GetBytecodeOffsetForBaselinePC() is called with a PC that is inside
the baseline prologue, correctly return kFunctionEntryOffset now.
Bug: v8:11420
Change-Id: I39cb96a04e7d92d0ba5dfcbcaeebd23144c9df05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773050
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73601}
Calculate the maximum call size in the bytecode pre-visit, and pass that
(along with the bytecode's frame size) to the prologue to be included in
the stack check. This avoids doing a stack check before each call, and
mirrors a similar optimisation in TurboFan.
Also, use StackGuardWithGap instead of StackGuard, to make sure that
stack overflows in the prologue actually trigger stack overflows in the
runtime.
Bug: v8:11420
Fixed: chromium:1189890
Change-Id: I795c197c20f85611318ab09c7bca78ce40b64924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778278
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73600}
This reverts commit c85b7a449d.
This reland fixes missing serialization of objects stored in
CallHandlerInfo::data by adding necessary handling of these objects
in FunctionTemplateInfoRef::SerializeCallCode when running with
direct heap access.
Drive-by: Remove declaration of CallHandlerInfoRef::Serialize, which
did not have a definition.
Original change's description:
> [TurboFan] Move FunctionTemplateInfo to never serialized
>
> This CL moves FunctionTemplateInfo to the list of never serialized
> objects, allowing direct heap reads. To make this threadsafe, the CL:
> - adds necessary atomic (relaxed/acquire-release) operations to the
> accessors of FunctionTemplateInfo.
> - changes FunctionTemplateInfoRef::LookupHolderOfExpectedType to be
> usable from the background thread (e.g. no handle construction) with
> the caveat of skipping optimization in some cases where necessary
> JSObjects are not serialized.
>
> Drive-by: Add missing serialization of objects possibly reachable
> through CallHandlerInfo::data.
>
> Bug: v8:7790
> Change-Id: I49cf4f328ecfab368dff9076fde8f5783ead3246
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2679687
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73364}
Bug: v8:7790, chromium:1188563
Change-Id: Ib43f1eaf0592d2565292e86dea5acfc41a58f637
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773807
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73599}
If a bound function is passed as argument to
d8.test.verifySourcePositions, unwrap the bound target function.
Bug: chromium:1186491
Change-Id: I619cb27d19166e2dc59f3fda1e2324598640b04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778275
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73598}
Origin trials allow webpages to use experimental features even though
the features are not yet enabled by default. These features will then
get enabled per execution context: it is possible that the feature is
enabled in one execution context but disabled in another execution
context. In V8 we check for origin trials by calling a callback provided
by the embedder that takes the context as a parameter and returns
whether a feature is enabled in this context or not.
This approach fails when a feature changes the context itself, e.g. by
extending the global object. In that case the context is not available
yet to check for the origin trial.
To solve the problem this CL adds a new API function that can be called
by the embedder to notify V8 that context with the origin trial
information is finished. After that V8 can read the origin trial
information from the context and extend e.g. the global object with the
origin trial features.
Additionally to the API this CL also adds code to enable the
WebAssembly.Exception constructor conditionally, depending on whether
it has been enabled by an origin trial or not.
The Blink-side change: https://crrev.com/c/2775573R=ulan@chromium.org, jkummerow@chromium.org
Change-Id: Ic05c4a89eb3e0e31469e49da8767d630c43b2e00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773287
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73597}
This happens flakily on ClusterFuzz. It might not be relevant for users,
but fixing it will allow ClusterFuzz to make more progress.
R=szuend@chromium.org
Bug: chromium:1190898
Change-Id: I7d0b705ff66e80e17ffc322b5d5fd5eb252d5965
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778174
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73596}
The "DumpAsyncTaskStacksStateForTest" method just prints three counts,
which is not helpful for the fuzzer and can create unwanted output
during fuzzing.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I0192b3bf7d431ccf4938e6fc7a70f59ce43047a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778272
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73595}
LoadImmutable represents a load from a position in memory that is known
to be immutable, e.g. an immutable IsolateRoot or an immutable field of
a WasmInstanceObject. Because the returned value cannot change through
the execution of a function, LoadImmutable is a pure operator and does
not have effect or control edges.
This will allow more aggressive optimizations of loads of fields of
the Isolate and Instance that are known to be immutable.
Requires that the memory in question has been initialized at function
start even through inlining.
Note: We may reconsider this approach once we have escape analysis for
wasm, and replace it with immutable load/initialize operators that live
inside the effect chain and are less restriced.
Bug: v8:11510
Change-Id: I5e8e4f27d7008f39f01175ffa95a9c531ba63e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2775568
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73594}
This reverts commit bb2ca41630.
Reason for revert: WrapAround test is timing out on TSAN and closing the tree, please check https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/36014/overview.
Original change's description:
> Reland [dict-proto] C++ implementation of SwissNameDictionary, pt. 10
>
> This is a reland of
> https://chromium-review.googlesource.com/c/v8/v8/+/2744138. It
> shortens the runtime of the Copy and EnumerationOrder tests in
> cctest/test-swiss-name-dictionary-csa for TSAN and CFI builds, as
> compared to the original version.
>
> Original description:
>
> This CL is part of a series that adds the C++ implementation of
> SwissNameDictionary, a deterministic property backing store based on
> Swiss Tables.
>
> This CL adds the actual tests for SwissNameDictionary, defined in
> test-swiss-name-dictionary-shared-tests.h, using the infrastructure
> in test-swiss-name-dictionary-infra.[h|cc].
>
> Bug: v8:11388
> Change-Id: Ia3f83f6e27be80bfdd63c2cb868638dc90d24cbc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778416
> Commit-Queue: Frank Emrich <emrich@google.com>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73589}
Bug: v8:11388
Change-Id: Ib95a7183cf9de35a33ec641bc1ec38915c3711c8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780294
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73593}
Rolling v8/build: 5fcedaa..b43166a
Rolling v8/third_party/aemu-linux-x64: bhg2KKy6t2GgDqorzVeY1StsCo2DnehaEbW3S_o1r7gC..osbsa1Jjgk8WbE3Ckv8288sgvejWZeAN8DB42wp0YV8C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/999f35f..e46359d
Rolling v8/third_party/depot_tools: e58ece5..392c407
Rolling v8/tools/luci-go: git_revision:92739fd8ab1f99ef55abfba4162eedb89fddfb7b..git_revision:edffd3478bb26469c614610d1a1c323b7e798b07
Rolling v8/tools/luci-go: git_revision:92739fd8ab1f99ef55abfba4162eedb89fddfb7b..git_revision:edffd3478bb26469c614610d1a1c323b7e798b07
Rolling v8/tools/luci-go: git_revision:92739fd8ab1f99ef55abfba4162eedb89fddfb7b..git_revision:edffd3478bb26469c614610d1a1c323b7e798b07
TBR=v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I1bf55969af87f822248be7858237f0b45961ff31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2780675
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73592}
We splat two different values and then shuffle them together so that we
can test pairwise addition of two different values.
Bug: v8:11086
Change-Id: Id3bb34e9bfe21b6c5cb1d7eee3745c6c9e262f24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2776513
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73590}
This is a reland of
https://chromium-review.googlesource.com/c/v8/v8/+/2744138. It
shortens the runtime of the Copy and EnumerationOrder tests in
cctest/test-swiss-name-dictionary-csa for TSAN and CFI builds, as
compared to the original version.
Original description:
This CL is part of a series that adds the C++ implementation of
SwissNameDictionary, a deterministic property backing store based on
Swiss Tables.
This CL adds the actual tests for SwissNameDictionary, defined in
test-swiss-name-dictionary-shared-tests.h, using the infrastructure
in test-swiss-name-dictionary-infra.[h|cc].
Bug: v8:11388
Change-Id: Ia3f83f6e27be80bfdd63c2cb868638dc90d24cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778416
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73589}
Zero top lanes to ensure that we convert the low lanes of i32x4.
Bug: v8:11265
Change-Id: Id53b65bada406c967c692b584210d4168e2c9183
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2776511
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73587}
Make it ready to stage with harmony_intl_best_fit_matcher flag
Bug: v8:11584
Change-Id: Ia6b9057b94dabe2a1edbea6855e2c42759ae1d5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773796
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73586}
Propagates CodeDeleteEvents to the CPU profiler based on finalizers
registered in a WeakCodeRegistry, which tracks heap objects for weakly
owned CodeEntries.
Bug: v8:11054
Change-Id: I4c1f7885e982241724ca9f284f864da008ce9d75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2751606
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#73585}
When swizzle is called with a v128.const node, we can check that the
indices are either all in bounds, or if they are out of bounds the top
bit of each byte is set. This will match exactly pshufb behavior, and so
we can omit the paddusb (and getting external reference).
Bug: v8:10992
Change-Id: I5479a9eb92ebcfc12bedff5efd3e72bb4a43ff40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2766222
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73583}
Create a helper wasm-simd-utils to consolidate common helpers shared
between simd and relaxed-simd.
Drive-by cleanup to move RoundingAverageUnsigned out from
overflowing-math (there is nothing overflowing about it).
Bug: v8:11583
Change-Id: I9e24b4c1ee7f0bc00d0a3f85e7553991007a8d5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773784
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73582}
This CL adds
a) swiss-hash-table-helpers.tq, which contains Torque counterparts
for the C++ code in swiss-hash-table-helpers.h.
b) various helpers required for that, including adding several CSA
integer operations to base.tq.
Bug: v8:11330
Change-Id: I6f6faf742334b5d107e84364ed793ad856d1cda1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2757427
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Frank Emrich <emrich@google.com>
Cr-Commit-Position: refs/heads/master@{#73580}
Removing prefetch operations as per the vote in the github issue:
https://github.com/WebAssembly/simd/pull/352
Bug:v8:11168
Change-Id: Ia72684e68ce886f8f26a7d3b5bea601be416dfab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2771758
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73578}