The split between "Complete" methods and "Validate" methods is subtle
and undocumented. The "Complete" methods are only used in places where
we know that the function is valid anyway: Printing wasm code and
getting stack effects of an instruction (for the interpreter). Both are
also not performance critical.
Hence this CL merges the "Complete" methods in the respective "Validate"
methods and just call the latter instead of the former.
R=jkummerow@chromium.org
Bug: v8:11831
Change-Id: Id9591c73587262c30b8c56770b090f2b0d2d45b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922118
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74882}
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11809
Change-Id: I21e2535c701041d11fa06c176fa683d82db0a3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917612
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74881}
This CL fixes the deserialization of the map for empty objects, so that
the initial empty map is used.
Bug: chromium:1213851, v8:11525, v8:11706
Change-Id: I37de0b147b9c89ead9c96f776e5fbf88da4630cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928192
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74880}
This CL adds a v8_allocation_site_tracking flag to control the allocation and
tracking of memento objects.
Disables FLAG_allocation_site_pretenuring if v8_allocation_site_tracking
is disabled.
v8_enable_single_generation implies !v8_allocation_site by default.
Change-Id: Ib07528bd37d91de6bb6ea0bfea1699be4e17fae9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897326
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74879}
NotifyIncrementalMarkingStart() was using a different timer in the
default configuration to set incremental_marking_start_time_.
Bug: v8:11801
Change-Id: I1551bcc659d025bf8c46c865f5d2bd429934f628
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930158
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74878}
In the Chrome DevTools Protocol, the step actions are named StepOut,
StepOver, and StepInto, but internally we used StepOut, StepNext, and
StepIn instead. This change adjusts the naming to be consistent.
Bug: chromium:901814, chromium:1162229
Change-Id: Id3502a1b0a4aadd94734ec3d1fef73c1782fa220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928510
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74877}
Various behaviour preserving changes that make it easier to switch on
callee-saved registers without having to land refactoring code at the
same time.
- Use MaybeStoreRegisters / MaybeRestoreRegisters
- Use CallRecordWriteStubSaveRegisters everywhere for now. Eventually
this will be replaced by CallRecordWriteStub in places with fixed
registers.
- Use WriteBarrierDescriptor::ComputeSavedRegisters, which for now
returns the same as allocatable_registers
Full x64 implementation: https://crrev.com/c/2922604
Bug: v8:11420
Change-Id: I04e6ac2f6333edc91cb1030a0217f59ad441a1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922250
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74876}
Limit tests to release, linux and macos since they are mostly for
checking whether the tools work correctly rather than JS correctness.
Change-Id: I26e49fbda33a4dac8d774b2e03fa07ae1f2f142a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930156
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74875}
This CL would finish adding TSAN support for the generated tagged
stores.
Bug: v8:7790, v8:11600
Change-Id: Icaadc06ea740089dadf3d9f86da56d84dad1d4b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922113
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74872}
So far, units compiled with TurboFan were published one-by-one as soon
as they were ready, which reduces the latency until the faster code is
available. However, especially when write-protecting code with mprotect,
this yielded a lot of page protection switches, which incurs syscall and
lock contention overhead. Thus, https://crrev.com/c/2922114 already
introduced TurboFan batching when using write-protection.
During experiments, we found this could even be beneficial in the
default configuration, i.e., without write-protection enabled. This CL
changes to always do the publishing in batches. This choice should be
revisited once the tier-up strategy changes, e.g., with lazy compilation
or dynamic tier-up.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Change-Id: I0ba792c969f7e017ac57103d2bbfe9a142cf302d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928186
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74871}
This is a reland of 17915002fc with an
added fix for TurboAssembler::CallTSANRelaxedStoreStub.
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: Ibac3e6f0360d35579ee0b0dc5d698f8cdab93260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922604
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74870}
All our Simd load/store opcodes are using MRR format.
Added DCHECKs will make sure the passed MemOperands are using
2 registers and not an Immediate value.
Change-Id: Ife470d3c80a10853bbb8365f8c00350ebdc98b2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2927208
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74868}
This will be thrown during array allocations if the requested size is
larger than kV8MaxWasmArrayLength.
Additional changes:
- In test-gc.cc, add the possibility to check against the trap message
in CheckHasThrown.
- Small reorganization of WasmGCTester in test-gc.cc.
Bug: v8:7748
Change-Id: I6f74b525bd7087fcc66f43c451ef130df022b0f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922247
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74867}
AllocationSites are strongly rooted in various places.
AllocationMementos, small heap objects immediately behind the
objects which AllocationSites tracks, are purposely left
unrooted. They do however, point to AllocationSites.
This leads to a situation where an AllocationSite may no longer
be seen to have strong roots at gc time, and yet new space is
still repleat with AllocationMementos which point to it.
The GC recognizes this, and marks the AllocationSite as a
"zombie," that is, an object which should be kept alive for
one more GC cycle because of the existence of those mementos
which point to it.
Change-Id: Ifa720c28f216dee2eaf7edd6f489b5c7427d4353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928500
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74866}
Bug: chromium:1212583
Change-Id: I6cce7e419b108a0d30cf4d9d9bb0ba304fb0803e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922249
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74864}
Prior to this patch, regular expression objects with a monkeypatched
`toString` were printed using the `toString` result value, rather than
actually representing the regular expression’s contents.
const re = /./;
re.toString = () => 'whoops!';
console.log(re);
// → logs 'whoops!'
Now that `v8::RegExp::GetSource` properly escapes special characters in
the source pattern [1], just like `RegExp#toString`, there is no longer
any reason to avoid it.
[1]: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Bug: v8:11693
Change-Id: I9a69cdb6813f76b669bdc24e4823c6d261f2ae73
Fixed: v8:11836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928188
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74862}
This adds a first crude version of displaying a flamechart in the
system-analyzer.
- Basic function types are distinguishable by colors.
- Tooltip information is available as well
Bug: v8:11835
Change-Id: I87e092f749d4c16aa5017af39df8d2f7bd7e2edd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928179
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74860}
We must ensure that the sweeper is not running or has already swept
mutable_double_buffer. Otherwise the GC can add it to the free list.
Bug: v8:11837
Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74859}
When this flag is enabled, allocation folding behaviour depends
on the --turbo-allocation-folding runtime flag.
When it's disabled, --turbo-allocation-folding is ignored.
This flag will be used later to control the
CodeStubAssembler::InlineAllocate behaviour.
Change-Id: Iea7bbafd8454571dda7d56349b3dc63d3b54ba99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878754
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#74858}
This CL enhances the interface of the fast C API with constants and
structs necessary for supporting JSArrays, TypedArrays and ArrayBuffers.
It also adds checks for incompatible combinations of argument type/flags.
Bug: chromium:1052746
Change-Id: I032167d0739d33f8151f78574c89d565cb9bd821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74857}
The delegate instruction is executed when an exception is thrown, not
after the last instruction of the block. Handle reachability
accordingly.
R=ahaas@chromium.org
Bug: chromium:1212396
Change-Id: I55e342cd73da44142cfbad7e16ab65ef513e6a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928499
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74855}
Change API RegExp::GetSource to return a string identical to ToString()
and RegExp.prototype.source.
Bug: v8:11693
Change-Id: I3d148883fe6f8a3ff49e552ddd72b1e92f52baf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74854}
This CL refactors mjsunit tests, so that the common core of all tests is
abstracted away.
Bug: v8:11525, v8:11706
Change-Id: I24a1af4298380e21a64e4d17149422c32fbf8a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914882
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74853}
Removing some additional complexity that is not frequently used.
Change-Id: I10195971d872d710ba3a87170fb62c1948e7716e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923502
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74851}
Use Relaxed_Memcpy when making a new TypedArray that copies from a
SharedArrayBuffer.
Bug: chromium:1209639
Change-Id: Iaa1f069552f0aa42a1f423e5ee0a913b3330153c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923274
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74842}
And add s10 to scratch_register_list. Clean up t* register used in macroassembler
Bug: v8:7703
Change-Id: Ib8477cd7528b8c2a2297da3f46659f30af45286e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914246
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74841}
The refactoring makes it explicit that a v8::Array results in a
protocol::ListValue, and a v8::Object in a protocol::DictionaryValue,
which will be useful in a follow-up.
Bug: chromium:1213393
Change-Id: I0d6e5b013a828e12cb3200672d4fd9b14a14a807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919831
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74839}
To support Fast API calls with overloads, implement compile-time
function resolution based on the number of arguments passed to the JS
function.
Bug: v8:11739
Change-Id: I96839dc0b6fc540eff94573ac9e77f678908fc3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901249
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74837}
The counter as size_t can legitimately overflow on 32-bit systems, since
decreasing the counters is performed after all backing stores were
freed on a background thread. Before sweeping is finished a new backing
store could already be allocated which then leads to the overflow.
Bug: v8:11788, chromium:1211437
Change-Id: Id9f3e58b0e84e831fe47109f7deb3a05ae7e489c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922242
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74836}
