Rolling v8/build: 6dd14a4..2101eff
Rolling v8/third_party/aemu-linux-x64: a1yTNBS-h5GEUTwaKTzyZcC4sisB88wYX7_tvAkzSP0C..xP4TXh9wWGTG0qr4y6eFcUO_0HOBmt3vorgtVmpwBJsC
Rolling v8/third_party/depot_tools: b674f8a..982b2a7
Rolling v8/tools/clang: 192a0ed..a37c085
Rolling v8/tools/luci-go: git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb..git_revision:1a022d3a4c50be4207ee93451255d71896416596
Rolling v8/tools/luci-go: git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb..git_revision:1a022d3a4c50be4207ee93451255d71896416596
Rolling v8/tools/luci-go: git_revision:576741d3eed0fa33971fb34cd823650e6f5b47fb..git_revision:1a022d3a4c50be4207ee93451255d71896416596
TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I91f9a8e5079721ca76c34bbd8e309e7567fbcace
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2528755
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#71070}
Bug: v8:11038
Change-Id: Ia8b8c1c438d67ccfe5f27c452852c0f096062f56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2503877
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71069}
Prototype i32x4.extadd_pairwise_i16x8_{s,u} and
i16x8.extadd_pairwise_i8x16{s,u} (names not confirmed) on ARM64 and
interpreter. With a simple test case.
Bug: v8:11086
Change-Id: If1ffc04e179e86ca5cc209bf9ef9d337298e3cc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2513872
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71068}
Introduce some helper functions to implement NEON operations that were
performing unary operations or binary operations lane-wise.
Not everything uses these helpers yet, in particular pairwise
operations, or zip/transpose.
Bug: v8:11074
Change-Id: Ia7e5b13ae79cd166c47535139d92adb7f7a7c1ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516301
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71067}
This change plumbs import assertions from SourceTextModuleDescriptor's
ModuleRequestMap into SourceTextModuleInfo via a new ModuleRequest
type, where previously there had been only the specifier.
SourceTextModuleDescriptor::module_map now deduplicates module requests
using the specifier and the import assertions. Continuing to use the
specifier alone would cause a loss of information in the event that
a module imports from the same specifier multiple times using different
sets of assertions. Failing to deduplicate at all would result in
multiple requests for statements like `import {a,b,c} from "foo.js"`,
which would be a potential performance issue. See design doc at
https://docs.google.com/document/d/1yuXgNHSbTAPubT1Mg0JXp5uTrfirkvO1g5cHHCe-LmY
for more detail on this decision.
v8::internal::ModuleRequest holds the assertions as an array of the form
[key1, value1, position1, key2, value2, assertion2, ...]. However the
parser still needs to use a map, since duplicate assertion keys need to
be detected at parse time. A follow-up change will ensure that
assertions are sorted using a proper lexicographic sort.
Bug: v8:10958
Change-Id: Iff13fb9a37d58fc1622cd3cce78925ad2b7a14bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2493060
Commit-Queue: Dan Clark <daniec@microsoft.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71066}
fctidz saturates the output in case of overflow. This cl
makes the behaviour similar to s390 and sets the output to zero.
Change-Id: Ic043625c46147eb02a65dfdbbcd883a067ba6981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527783
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#71061}
The arm implementation made the assumption that the {lhs} and {dst}
registers are either the same, or there is no overlap. This assumption
does not hold.
ia32 on the other hand has a lot of complicated logic (and unnecessary
code generation) for different cases of overlap.
This CL fixes the arm issue *and* simplifies the ia32 logic by making
the arm assumption hold, and using it to eliminate special handling on
ia32.
R=thibaudm@chromium.org
Bug: chromium:1146861
Change-Id: I8753c2ed70349e735c03293130c899c0c8a3a671
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526388
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71060}
For the fuzzer it's unwise to exit on uncaught exceptions, as this
terminates the whole fuzzing process. Just ignore those exceptions
instead.
Drive-by: Fix a typo.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: Ided1c0f35840c158f157acd8c0bb1c12ecf8a37f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526386
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71059}
The function was using an non-atomic marking state to check the color
of the object. This is incorrect because concurrent marking may be
running while the linear allocation area is freed.
Bug: chromium:1139165
Change-Id: I20ef22908dfd8dcd75858707e884e87658dcb1cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526391
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71057}
Instead of passing two bools to the {TaskRunner} constructor, pass to
enums. This makes the semantics more clear in the caller.
In the fuzzer, we actually *do not* want to catch exceptions. This
semantic fix will be done in a follow-up CL, such that this CL is a pure
refactoring.
R=szuend@chromium.org
Bug: v8:11074
Change-Id: I7f6df3a3f344524deb08db10b9317a6734b7ea42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526385
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71056}
This adds a guard for a forwarding address in the debug mode checks
of FixStaleLeftTrimmedHandlesVisitor::FixHandle.
Bug: chromium:1146601
Change-Id: I6681352a91177c1d138a409d17e5d170bd43f11b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526389
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71055}
Joining the thread from the watchdog is problematic, since e.g.
{pthread_join} (the implementation of {Thread::Join} on POSIX systems)
has undefined behaviour if multiple threads try to join at the same
time. In practice, this leads to deadlocks.
Thus implement termination by just calling {TaskRunner::Terminate}, but
not {TaskRunner::Join}. This fixes the deadlocks in the inspector
fuzzer.
The inspector test binary is fixed simarly, even though there it seems
to not cause problems so far.
In both files, the {Terminate} function is inlined into callers because
it's only a single line now, with one to two users.
Also, replace the single fuzzer test (which is invalid javascript) by
two tests: One called "invalid" explicitly, still with invalid
javascript, and one empty file, which is valid input. That one
reproduced the deadlock.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I8fb98b0cdbf3ceff6af6849397e5da5a4e9acd3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526384
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71054}
As part of an effort to prepare the Recorder interface for general use,
we had to make some changes to the way the existing Wasm Events are
being used. In particular,
- it is more fitting to use a ElapsedTimer than a TimedScope to
measure the durations in src/wasm/module-[decoder|instantiate].cc
- we want to rename the wall_clock_time_in_us field to duration_in_us
for clarity.
Because these Wasm events are already being instantiated in chromium,
renaming the field requires a two-step change. This is the first of
those changes.
Change-Id: If1b2990f7645616a59fc21d07ac10bf00701c0e5
Bug: v8:11109
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2518619
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71053}
Using KeyAccumulator::GetKeys directly enables fast-paths by checking
if the enum-cache is set.
Drive-by-fix:
- Reduce public interface of KeyAccumulator to prevent these
performance issues in the future.
- Fix value-serializer.cc includes
Change-Id: I2cc7b3bf9d1e42e699829427163ecbdee92c9007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520898
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71050}
This is a reland of 26f10ecd95
Change compared to original CL:
The deserializer changes StrongDescriptorArray to DescriptorArray.
Since this CL uses separate BodyDescriptors for the two kinds of
descriptor arrays, this caused a DCHECK failure when the deserializer
changes the map while the object is visited from the concurrent marking
thread. Fix this by disabling the corresponding checks.
Original change's description:
> [torque] allow exported classes with custom C++ class
>
> Introduce a new annotation @customCppClass that can be used for
> non-extern @export classes, that is, generate everything, remove
> boilerplate from all the internal lists and switches, but allow
> a custom C++ class, which in turn also allows overwriting the generated
> print and verify functions.
>
> Port DescriptorArray and StrongDescriptorArray as an example.
>
> Bug: v8:7793
> Change-Id: I744e52fb4102ac49c0097f1c95bb17d301975bf0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2489687
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70989}
Bug: v8:7793
Change-Id: I7505fb111896991d16d7d113704c8c3676669f34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526383
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71048}
When setting optimized code on feedback vector we had a DCHECK that
ensured the optimization tier is kNone or it is kMidTier and we are
installing TurboFan code. While this holds usually, this fails in
few corner cases like:
1. Trigger a TF concurrent compilation
2. Create a new closure with --always-opt, which triggers a TF
concurrent compilation and installs optimized code. We set
OptimizationTier to kTopTier
3. Optimized code gets deoptimized / GC clears the optimized code, but
we haven't healed the optimized code slot / optimization tier yet.
4. Concurrent compilation finishes and tries to install optimized code
but the optimization tier is still set to kTopTier.
This cl fixes the DCHECK by actually checking we are not overwriting
valid optimized code except for tiering up.
Drive by fixes: Also print optimization tier with feedback vector and
print when marking a function for optimization with --always-opt.
Bug: v8:11101, v8:9684
Change-Id: Icad673ea01bb225f8b05e727a56f890af7e86514
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520900
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71047}
This is a major contributor to compilation (call path is
ExecuteCompilationUnits -> TopTierFinished -> SerializeNativeModule).
On Earth, it's ~200ms on my machine. Hence make this pause visible in
traces.
R=ahaas@chromium.org
Change-Id: I26ff97d531647fa7038f14325e8ab8ae3dff24e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520909
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71046}
Asan complains about the alloc-dealloc-mismatch because the startup data
is allocated via "new[]" in snapshot.cc and deallocated via "delete" in
inspector-test.cc.
A more failure-proof fix would be to have {StartupData} manage the
lifetime of the contained char*, but since this is in an API object, the
refactoring might be more involved. Since other users also just dealloc
explicitly via "delete[]", this CL just fixes the issue in
inspector-test.cc.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Change-Id: I84438b2f12ce8eb6b653d4861e899a2f003e1227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523200
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71045}
This is a tentative fix for the linked issue. The CL enables all
int64/uint64 tests for fast API calls on all platforms.
Bug: chromium:1144751
Change-Id: Ie892ad625257d3b0e0bdd9ac24261b3cbeaaba62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520902
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71043}
Replace by explicitly deleting the copy constructor and copy assignment
operator.
R=zhin@chromium.org
Bug: v8:11074
Change-Id: Ie36f75619243728e99dd6c7117a97f655d7c00f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523313
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71041}
The {ToV8Vector} method returns a {i::Vector} pointing to heap-allocated
memory, but that memory was never free'd. Since we already have a
{ToVector} method returning a {std::vector}, this CL switches to that
one instead.
R=szuend@chromium.org
Bug: chromium:1142437, v8:11107
Change-Id: I8ee0177f7dcfe2ecb435e684674b0cda6f613658
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523198
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71040}
If a long branch doesn't use delay slot, then when optimizing it
to a regular branch, the instruction in delay slot should be set
to nop.
Change-Id: Id3015bc0c562725258705a8bc6647c4011d96c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524416
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#71039}
Moves CallStubR to be private and drop the return_count argument from
CallStub and its callchain, and instead use the GetReturnCount on the
call descriptor.
Also removes unused Retain function from code-assembler.
BUG=v8:6949,v8:11074
Change-Id: Ic0ebc72f84c2eab156c545af56237d4c46548c05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523324
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71038}
Extend gen-postmortem-metadata.py with selected register values.
This information is not present in DWARF debuginfo. Exposing it
enables detailed analysis of V8 JS execution by observing binary-level
execution:
https://robert.ocallahan.org/2020/05/omniscient-js-debugging-in-pernosco.html
Bug: v8:11106
Change-Id: I3bde7dd07ac5ba6ff00d4a5fa9b635871507a866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2518957
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71035}
In a few places we incorrectly assumed to know the instance type of the
heap object. In particular, in JSCallReducer::ReduceDataViewAccess,
doing map inference on the receiver and determining that all maps are
JSDataView maps does not guarantee that the receiver is a JSDataView
constant because we might deopt before getting to the data view
operation.
Bug: chromium:1146652
Change-Id: I1611308c3ebe0d33fa6b0cf0938d777b4e6449ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524440
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71034}
There was already a method to clobber/thrash caller-saved registers.
Enhance it to also clobber vfp registers, and call this function after
each runtime call.
Bug: v8:11067
Change-Id: Id867f9a27161102ecdd239c9d52b61b5c0b303d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2522733
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71033}
This reverts commit 3b6f7802e5.
Reason for revert: Build failure https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20full%20debug/14666
Original change's description:
> [cleanup] Replace more uses of Min/Max by std::min/max
>
> Bug: v8:11074
> Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71022}
TBR=neis@chromium.org,zhin@chromium.org,mslekova@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:11074
Change-Id: Id6c50bd9ba4132e83f4eecec9e23c6c15e2d787b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2524412
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71026}
Clean up src/wasm and test/
Bug: v8:11074
Change-Id: I1b3d3475a0fbfafe75bb49acfd851f8bd5af5182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2519183
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71025}
Integer splats (especially for sizes < 32-bits) does not directly
translate to a single instruction on ia32. We can do better for special
values, like 0, which can be lowered to `eor dst dst`. We do this check
in the instruction selector, and emit a special opcode kX64S128Zero.
Also add a unittest to verify this optimization, and necessary
raw-assembler methods for the test.
Bug: v8:11093
Change-Id: Icfebef06a5ecf49619ea54f31a5296094fb53ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2516300
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71024}
Bug: v8:11074
Change-Id: I94d53ea0aac123459ae60fc61748fedf0faac2f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2521147
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71022}
