Define a macro in code-generator-x64 to help identify cases when the
shift value is an immediate/constant. In those cases we can directly
emit the shifts without any masking, since the instruction selector
would have modulo-ed the shift value. We also don't need any temporaries
in this case.
This is only x64 codegen, optimizations for other archs will come in
future patches (and will probably look very similar to this).
The current test case passes the shifts as an immediate, so we add a new
path that loads the shift value from memory, thereby exercising the
slower path of non-immediate shift value.
Bug: v8:10115
Change-Id: Iaf13d81595714882a8f5418734e031b8bc654af3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2026067
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66074}
This relands commit e8832647b6.
The flaky test failures seems to be related to tiering, Liftoff
generating different call descriptors from TurboFan when Simd128
is unsupported (since TurboFan will lower the graph, but Liftoff
can continue running simd-call.js just fine).
We temporarily disable tiering for this test, until we get a proper fix,
like https://crrev.com/c/2029427/, but that fix requires this change
since more tests will fail without the lowering fixed.
Bug: v8:10169
Bug: v8:10154
Original change's description:
> [wasm-simd] Fix scalar lowering of kParameter
>
> Lowers the call descriptor of a wasm function if it contains simd.
>
> Also fixes a couple of issues with the lowering of kParameter:
> - the old_index == new_index check is incorrect, it would only work if
> the s128 parameter is the first parameter
> - the old_index was also not adjusted to account for Parameter[0] being
> the wasm instance object
> - new_index needs to be adjusted to account for the instance object too
>
> These fixes make it more similar to the lowering of kParameter in
> int64-lowering.c.
>
> Also add a new mjsunit test to exercise this logic.
>
> Bug: v8:10154
> Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66032}
Change-Id: I1e27825025aefc5a42aeeb87d0447d6594388fa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029147
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66072}
We will use this state in devtools via the inspector to indicate
whether a thread is currently stuck polling in atomics.wait.
VMState already distinguishes the important states we care about which
are idle vs. running JS. We also want to know the state for
atomics.wait(), which is commonly used in WebWorkers to poll the main
page for work to do.
This CL just adds and maintains the state and adds assertions in
atomics tests. Another CL will emit inspector notifications when the
VMState changes in a way that the inspector cares about.
Re-flow comments as a drive-by cleanup.
Bug: chromium:1025490
Change-Id: I961051bfb846aa20454a56214310370ea8e47d1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2033168
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66071}
The flag is unused.
Bug: chromium:1044630
Change-Id: Ib499cdd559451c9f23c3c98b187755ef6748bffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030743
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66070}
This adds two flags for whitelisting natives on fuzzers:
--allow-natives-for-fuzzing:
Enables a small subset of runtime functions and replaces others with
undefined.
--allow-natives-for-differential-fuzzing
Restricts the allowed runtime functions even further, excluding the
ones that break differential fuzzing.
Bug: chromium:1044942
Change-Id: I890bd4a6ff7c2e483dd74155290a7ace06f85239
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020773
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66068}
Factory::NewFunction now requires names passed into it to be flat.
Make sure to flatten Wasm function names when creating new Wasm JS
functions.
Fixes: chromium:1047368
Change-Id: I7bd2d8bc83ae8fab901ab469872bce0f703fc3ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030738
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66064}
This shipped in v7.9, which is stable since six weeks. We do not test
the previous configuration any more and don't plan to move back, hence
remove the flag and clean up the code.
R=ahaas@chromium.org
Bug: v8:10155
Change-Id: I6b981f4be686473a911f041952cb684749d9fe7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030732
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66063}
As discussed offline, the current implementation implement each
situation separately. I think we can simplify the code a lot by sharing
code between the different paths.
This CL does that by
1) implementing the kI64Store case separately, because it does not have
all the register contraints that the others have, and
2) moving all logic to ensure that the {src} register is usable before
the switch, such that it's shared by all the compare-exchange cases.
As a side produce, this also fixes issue 1045225, because for i64 stores
which actually only use the lower half of {src}, only that half will be
pinned.
R=ahaas@chromium.org
Bug: chromium:1045225, v8:10108
Change-Id: I0be025b9706d563835ae6337d45b88e0233eacad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029414
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66062}
On backends that do not have s128 support in Liftoff, tests will bail
out to TurboFan, so tests will continue running and passing.
Bug: v8:9909
Change-Id: I3b596a73b6cb2e8645a99c65a935026f9e1a8d55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2029332
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66056}
This reverts commit 410ca4c50e.
Reason for revert: This was causing Chrome to hang when debugging large wasm binaries.
Clean revert except for modification to test/debugger/debugger.status
Bug: chromium:1047210, v8:9654
Original change's description:
> [wasm] Tierdown wasm module upon "Debugger.enable"
>
> Put a logic in Wasm Engine to tier down all existing modules per isolate
> when debugger is enabled. This CL does not handle new module added after
> debugger is enabled yet.
>
> Bug: v8:9654
> Change-Id: I87060f5c416506543fcaf231bff9999d06ba4c0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013692
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Simon Zünd <szuend@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66017}
TBR=clemensb@chromium.org,bmeurer@chromium.org,duongn@microsoft.com,szuend@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9654
Change-Id: Id49e8c69f8212e95e698d7e7267056fb2eb7e60a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030737
Auto-Submit: Eric Leese <leese@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66054}
There was a bug in the function body decoder where
type checking of brtable only happened if the brtable
instruction is reachable. However, type checking is
required in all cases where brtable "not unreachable".
The difference between reachable and "not unreachable"
is a state called spec-reachable where a clever
compiler can already infer that the code will be
unreachable (e.g. a memory access is out of bounds
just by the offset and therefore unconditionally
traps), but the spec can not. If an instruction is
only spec-reachable, it still has to be type checked.
R=clemensb@chromium.org
FIX=chromium:1046472
Change-Id: I7e9f1108597871615c0d443a0e94de35a0207b5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027990
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66049}
This is a reland of 015f379aa1
Original change's description:
> [wasm] Cache streaming compilation result
>
> Before compiling the code section, check whether the
> bytes received so far match a cached module. If they do, delay
> compilation until we receive the full bytes, since we are likely to find
> a cache entry for them.
>
> R=clemensb@chromium.org
>
> Bug: v8:6847
> Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66000}
Bug: v8:6847
Change-Id: I0b5acffa01aeb7dade3dc966392814383d900015
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022951
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66047}
This patch adds a new BackingStore::Reallocate function that internally
uses a new ArrayBuffer::Allocator::Reallocate provided by the embedder.
The default implementation of the function simply copies the backing
store. The embedder can override the function and provide a more
efficient implementation e.g. using realloc.
Bug: v8:9908, v8:9380
Change-Id: I2179c80ba199c045b6900c620a813916150e7098
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007274
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66044}
... by using random seed provided via --gtest_random_seed= flag.
Bug: chromium:1043117
Change-Id: I6114e9c71f3196a386a8457a6ec6f9e1fc80f6ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027991
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66043}
Remove AstConsString "internalization", and instead make the conversion
to heap String be on-demand with an Allocate method. We never actually
need the heapified cons string more than once, so there's no need to do
the internalization walk or do the next/string union dance in the
AstConsString class.
This also allows us to specify how we want to allocate the String at the
call site. In particular, it allows us to allocate a flat SeqString rather
rather than a ConsString. This allows us to avoid allocating ConsStrings
which will just be passed to a flatten call, and especially avoid
allocating dead ConsStrings in the off-thread old space.
Bug: chromium:1011762
Bug: chromium:1043168
Change-Id: Id851f2f7529d92ad7e5388eb22823fd6d1959cd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020953
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66042}
When the file begins with a hashbang, the scanner is in a failed state
when SkipHashbang() is called. This is usually not an issue but when
the parser encounters an ILLEGAL token, it will reset the SyntaxError
location because of it.
Bug: v8:10110
Change-Id: I1c7344bf5ad20079cff80130c991f3bff4d7e9a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995312
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66038}
This reverts commit e8832647b6.
Reason for revert: Causes flaky fails on the tree, reverting as this test should be deterministic pass/fail.
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8889903130443940000/+/steps/Check_-_nosse3__flakes_/0/logs/simd-call/0
Original change's description:
> [wasm-simd] Fix scalar lowering of kParameter
>
> Lowers the call descriptor of a wasm function if it contains simd.
>
> Also fixes a couple of issues with the lowering of kParameter:
> - the old_index == new_index check is incorrect, it would only work if
> the s128 parameter is the first parameter
> - the old_index was also not adjusted to account for Parameter[0] being
> the wasm instance object
> - new_index needs to be adjusted to account for the instance object too
>
> These fixes make it more similar to the lowering of kParameter in
> int64-lowering.c.
>
> Also add a new mjsunit test to exercise this logic.
>
> Bug: v8:10154
> Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66032}
TBR=gdeepti@chromium.org,ahaas@chromium.org,zhin@chromium.org
Change-Id: I69589e2331c857c0f197ac53b8fb8a241376c632
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028830
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66034}
Lowers the call descriptor of a wasm function if it contains simd.
Also fixes a couple of issues with the lowering of kParameter:
- the old_index == new_index check is incorrect, it would only work if
the s128 parameter is the first parameter
- the old_index was also not adjusted to account for Parameter[0] being
the wasm instance object
- new_index needs to be adjusted to account for the instance object too
These fixes make it more similar to the lowering of kParameter in
int64-lowering.c.
Also add a new mjsunit test to exercise this logic.
Bug: v8:10154
Change-Id: Ia767a464c26a6a78fd931eab9e6897890a0904e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020521
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66032}
Tests need to be disable until liftoff is fully implemented.
Change-Id: Ib906b7d4ef2abae1359fbfb1a61031eeb5d5e70c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2028289
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66028}
Copying one object's named properties is always fine, even if one of
the names could be a large index on a TypedArray. Mark the LookupIterator
as OWN_SKIP_INTERCEPTOR to avoid the DCHECK.
Bug: chromium:1044909
Change-Id: I6918186a4b50df7865de3572cb674fd7d6eadb78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023558
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66027}
... which didn't check writability of array length on appending
a new element to an array.
Bug: chromium:1041251
Change-Id: I6935e505a4844e5b22abe9d4a42786619499daa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023551
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66023}
This reverts commit 7d1f95d6e4.
Reason for revert: Speculative revert for https://crbug.com/1046678
Original change's description:
> [regexp] Correctly escape a backslash-newline sequence
>
> When printing the source string, a backslash-newline sequence ('\\\n',
> '\\\r', '\\\u2028', '\\\u2029') should be formatted as '\n', '\r',
> '\u2028', '\u2029', respectively. Prior to this CL it was formatted as
> a backslash followed by the literal newline character.
>
> Bug: v8:8615
> Change-Id: Iac90195c56ea1707ea8469066b0cc967ea87fc73
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016583
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65986}
TBR=neis@chromium.org,jgruber@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8615,chromium:1046678
Change-Id: If28626a1c6868ed848310c0d30cf61a73326f2c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027452
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66022}
The compiler assumes (for loads) that the property cell of a
non-configurable global property never gets invalidated.
Bug: chromium:1044919
Change-Id: I27f6ce30fb9a21e2c1e5310f25e9bb973ebbc266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023562
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66021}
Converting an object to an array length can freeze the array whose
length is being set, but SetLength for the frozen elements accessor
is supposedly unreachable. This fix extends the existing special
handling for suddenly-readonly lengths to cover this case as well.
Prior art: https://codereview.chromium.org/2543553002
Bug: chromium:1044911
Change-Id: I85d2e79446a8d9c1d22cd86ddf828328bf51a1a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023555
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66020}
Put a logic in Wasm Engine to tier down all existing modules per isolate
when debugger is enabled. This CL does not handle new module added after
debugger is enabled yet.
Bug: v8:9654
Change-Id: I87060f5c416506543fcaf231bff9999d06ba4c0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013692
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66017}
These conversion instructions were removed from the proposal in
https://github.com/WebAssembly/simd/pull/178.
Change-Id: I212ca2f923362bf08e178f6d28cc2338cf6f5927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016006
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66015}
This CL fixes a parser crash in REPL mode. Some SyntaxErrors can cause
the AST to contain NULL nodes, resulting in a crash when we want to
rewrite the AST after parsing.
Instead of re-writing a broken AST we bail early.
R=leszeks@chromium.org
Bug: chromium:1040034, chromium:1045758
Change-Id: I9c559f6de5969c8db17833ccbdb1608627b46311
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2023547
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66008}
The current implementation takes forwarding reference arguments, which
is fine when you call it with rvalues, like
make_iterator_range(V.begin(), V.end()). If you call it with lvalues
though, it doesn't do what you'd expect. ForwardIterator becomes a
reference:
Foo I = V.begin();
make_iterator_range(I, I); //ForwardIterator is deduced as Foo&
Since iterator are supposed to be small, no harm in passing them by
value.
Change-Id: I151c87304949d810c72c42f60e9d1a7151f61f83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2020780
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66007}
This reverts commit 015f379aa1.
Reason for revert: Msan is unhappy: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/30702
Original change's description:
> [wasm] Cache streaming compilation result
>
> Before compiling the code section, check whether the
> bytes received so far match a cached module. If they do, delay
> compilation until we receive the full bytes, since we are likely to find
> a cache entry for them.
>
> R=clemensb@chromium.org
>
> Bug: v8:6847
> Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66000}
TBR=clemensb@chromium.org,thibaudm@chromium.org
Change-Id: Idfa5b3f354816eb600ae7aab7857063d5d0d27ca
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022949
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66001}
Before compiling the code section, check whether the
bytes received so far match a cached module. If they do, delay
compilation until we receive the full bytes, since we are likely to find
a cache entry for them.
R=clemensb@chromium.org
Bug: v8:6847
Change-Id: Ie5170d1274da3da6d52ff1b408abc7cb441bbe3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002823
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66000}
Fix the string representation of functions exported from asm.js modules
in the presence of imported functions.
R=jkummerow@chromium.org
Bug: chromium:1045767, chromium:667678
Change-Id: I55714252036511598eeec7fe7b81985213f7e4f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2022142
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65993}
Add a test that does the same thing the devtools-frontend does when
evaluating console inputs.
1) Declare a const variable with throwOnSideEffect=true. This should
throw.
2) Declare the same const variable with throwOnSideEffect=false.
This should successfully declare the variable.
Previously it could be the case that even though we threw in 1), the
variable would fail to be initialized in 2) with a re-declaration
error.
Bug: chromium:1043151
Change-Id: I1a6126b518f7bb3788c39b9f8e3adb8850aa962a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016587
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65991}
This CL introduces the negb and negw instructions (8-bit and 16-bit
versions of neg) in the x64 assembler. These instructions are needed to
implement I32AtomicSub8U and similar WebAssembly instructions
efficiently.
The existing implementation was embedded in a generic macro, and it was
difficult to change it without introducing also the 8-bit and 16-bit
versions of many other instructions. This would have introduced a lot
of dead code. Instead this CL extracted the neg instructions from the
macro and implements them directly. This should be fine because the
assembler does not change much, and approachability of the code is
improved.
R=clemensb@chromium.org
Bug: v8:10108
Change-Id: I46099bbebd47f864311a67da3ba8ddc4fe4cd35d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2019165
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65989}
When printing the source string, a backslash-newline sequence ('\\\n',
'\\\r', '\\\u2028', '\\\u2029') should be formatted as '\n', '\r',
'\u2028', '\u2029', respectively. Prior to this CL it was formatted as
a backslash followed by the literal newline character.
Bug: v8:8615
Change-Id: Iac90195c56ea1707ea8469066b0cc967ea87fc73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016583
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65986}
When ArrayBufferExtensions are enabled, sweep the extensions outside of
the GC pause concurrently to the application. The following GC will make
sure that the previous concurrent sweep operation is finished.
This CL introduces Heap::array_buffer_sweeper() that is both
responsible for tracking all extensions but also for sweeping.
Bug: v8:10064
Change-Id: I113cd625445a7d59ffb7a9de8b25a15a72b02b99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010107
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65984}
Remove the execution tier check for simd tests. On archs without
Liftoff, those tests that are configured to run on Liftoff will fail
with this check, since they bail out to TF.
We remove this check for now, but will think of a way to enforce this in
a more platform specific way.
Bug: v8:9909
Change-Id: Id56f841fe6e342434af3dbcdaef0a8a284614994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2019924
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65983}
We currently print asm.js functions converted to wasm as
"function foo() { [native code] }", even though without asm to wasm
translation we get the proper source code. This is an observable
difference that should not be, and also foozzie finds this frequently in
different variations.
This CL makes us remember the start position (position of the "function"
token) and end position (right behind the closing "}") of each function
we transform to wasm. These offsets, together with the Script that
contained the function, allows us to reconstruct the source code of the
function for the {toString()} method.
R=jkummerow@chromium.org
Bug: chromium:667678
Change-Id: If22471cad4cefdfc67f6d1b8fda85aa0eeb411bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016582
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65972}
This relands commit 009993adb4.
The fix is in liftoff-assembler-ia32.h, the codegen was incorrect.
Original change's description:
> Implement f32x4.splat and enable handling this in Liftoff.
>
> We add a new macro for defining test cases to run on TurboFan, Liftoff,
> interpreter, and scalar lowering.
>
> Also add an assertion that the execution tier used is what we expected
> it to be. This is useful for Liftoff, because by default it falls back
> to TurboFan when it encounters an unimplemented opcode.
>
> Bug: v8:9909
Bug: v8:9909
Change-Id: I7daacbe8b195d9212367190c515b0babbc457a88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2018043
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65963}
This change adds support for the postmortem inspection library to show
the content of cached external strings if that content is available. It
also fixes a minor annoyance where strings with unavailable data would
show up as "...". Now, if fetching the very first character fails, we
omit the literal value from the output.
Bug: v8:9376
Change-Id: Id694a774c231ab3467fb59b1c149284729acfb20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987922
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65961}
This reverts commit 5cfe053e45.
Reason for revert: "liftoff-simd-params" also fails on no-sse :/
Original change's description:
> [wasm-simd][liftoff] Add S128 case for stack movements
>
> The two cases we are fixing here are Construct and
> LoadCallerFrameSlot, which are closely related.
>
> Construct is called during PrepareCall, where we build up
> LiftoffStackSlots when we need to move an arg from caller's stack frame
> into callee's stack frame. LoadCallerFrameSlot is the parallel to
> this, called in ProcessParameter during decoding of the callee's
> function body.
>
> In most cases, Construct needs a new case to handle kWasmS128, and calls
> the relevant assembler to push a s128 onto the stack.
>
> ARM64 requires 16-byte alignment of sp, so we need to Claim the right
> number of kXRegSize slots first, which requires
> us traversing the list of slots to figure out how many s128 values there
> are. This is a straightforward way to fix this, if efficiency is a
> problem, we can change LiftOffStackSlots::Add to sum up the slot sizes.
>
> On IA32, pushing s128 values will require 4 calls to push. Instead, we
> use a sub and two movdqu, which will generate less code in most cases.
>
> On x64, there is no 128-bit push, so we call push twice.
>
> Bug: v8:9909
> Change-Id: I3af35b8462ea9c3b9b2d90800c37d11b5e95be59
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2015945
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65956}
TBR=clemensb@chromium.org,zhin@chromium.org,joey.gouly@arm.com
Change-Id: Ib3c5a088e2d85baf1d8b143272844fb5ebb33c57
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2017724
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65960}
This reverts commit 009993adb4.
Reason for revert: New test fails, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/35534 and https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/23778
Original change's description:
> [liftoff][wasm-simd] Implement f32x4.splat
>
> Implement f32x4.splat and enable handling this in Liftoff.
>
> We add a new macro for defining test cases to run on TurboFan, Liftoff,
> interpreter, and scalar lowering.
>
> Also add an assertion that the execution tier used is what we expected
> it to be. This is useful for Liftoff, because by default it falls back
> to TurboFan when it encounters an unimplemented opcode.
>
> Bug: v8:9909
> Change-Id: I594955fce778173191fc44c38c4f956a05e77839
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2014753
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65954}
TBR=clemensb@chromium.org,zhin@chromium.org
Change-Id: Ie6970a8c29baab149150dd734a95f89be5fd89ff
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2017722
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65958}
The following instructions are affected: memory.init, data.drop,
table.init, table.drop. A segment index should be decoded as an unsigned
number, but these instructions were decoding as signed. This works
properly up to 63, but fails at 64 (which is decoded as -64 =
4294967232).
Bug: v8:10151
Change-Id: I742b74cf0bcadf2ff2f606beb65b7bae3e816530
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2015960
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65957}
The two cases we are fixing here are Construct and
LoadCallerFrameSlot, which are closely related.
Construct is called during PrepareCall, where we build up
LiftoffStackSlots when we need to move an arg from caller's stack frame
into callee's stack frame. LoadCallerFrameSlot is the parallel to
this, called in ProcessParameter during decoding of the callee's
function body.
In most cases, Construct needs a new case to handle kWasmS128, and calls
the relevant assembler to push a s128 onto the stack.
ARM64 requires 16-byte alignment of sp, so we need to Claim the right
number of kXRegSize slots first, which requires
us traversing the list of slots to figure out how many s128 values there
are. This is a straightforward way to fix this, if efficiency is a
problem, we can change LiftOffStackSlots::Add to sum up the slot sizes.
On IA32, pushing s128 values will require 4 calls to push. Instead, we
use a sub and two movdqu, which will generate less code in most cases.
On x64, there is no 128-bit push, so we call push twice.
Bug: v8:9909
Change-Id: I3af35b8462ea9c3b9b2d90800c37d11b5e95be59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2015945
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65956}
Implement f32x4.splat and enable handling this in Liftoff.
We add a new macro for defining test cases to run on TurboFan, Liftoff,
interpreter, and scalar lowering.
Also add an assertion that the execution tier used is what we expected
it to be. This is useful for Liftoff, because by default it falls back
to TurboFan when it encounters an unimplemented opcode.
Bug: v8:9909
Change-Id: I594955fce778173191fc44c38c4f956a05e77839
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2014753
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65954}
Port 7b79a02d2b
Original Commit Message:
This CL adds a --debug-in-liftoff flag, which takes another path in
{WasmScript::SetBreakPointForFunction}, and sets the breakpoint via
{wasm::DebugInfo} (Liftoff-related) instead of {WasmDebugInfo} (C++
interpreter related).
Actual breakpoint support is not there yet, so the new test which sets
this flag does not currently break anywhere. This will change with a
future CL.
R=clemensb@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I632e4c945c88f58d8caba8688356f66406bc04aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016915
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65953}
The NativeModule that was serialized in another isolate might be
temporarily kept alive by background threads. By keeping a weak pointer
to the module, we can wait for it to really die.
This happens very rarely, and the module will die pretty quickly, so
busy-waiting is fine in this case.
R=thibaudm@chromium.org
Bug: v8:10148
Change-Id: I8c4645acfccd04a820ef3f694cad3eb15e75acb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2016585
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65942}
The instruction selector assumed for Word32AtomicPairBinop nodes that if
there exists a Projection(1) user, then there also exists a
Projection(0) user. This, however, is not the case, because TurboFan
eliminates unreachable nodes. The missing projection node lead to a
failed DCHECK in the register allocator.
With this CL we allocate the right registers for the existing
projections, and allocate the other needed registers as temp registers.
R=gdeepti@chromium.org
Bug: v8:10140
Change-Id: I22331cae58f933e89dac6993fe3b21ff6502838a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011829
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65941}
This CL implements load_extend with 2 lanes and all load_splat
operations on IA32. The necessary assemblers together with their
corresponding disassemblers and tests are also added in this CL.
The newly added opcodes include: S8x16LoadSplat, S16x8LoadSplat,
S32x4LoadSplat, S64x2LoadSplat, I64x2Load32x2S, I64x2Load32x2U.
Bug: v8:9886
Change-Id: I0a5dae0a683985c14c433ba9d85acbd1cee6705f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1982989
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#65937}
This flag was used for IndexedDB support. Last uses in chrome were
removed in https://crrev.com/c/2013046, hence the API method can be
deprecated.
Also remove deserializer tests that were disabled by default or just
test that random bytes (from the deserializer's perspective) fail
to decode.
R=adamk@chromium.org
Bug: v8:10146
Change-Id: I8596849c3b51ab1c60272a49ff3fdaa0946452bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013104
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65931}
Both the API wrapper as well as the internal object are named
"WasmModuleObject". This CL renames the object type check from
"IsWebAssemblyCompiledModule" to "IsWasmModuleObject" to be consistent.
R=adamk@chromium.org
Bug: v8:10021
Change-Id: I6d5814421f38bc5f5bd73a492ff4a36f552ff763
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013109
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65930}
This is a reland of faccc95b77
Since 1c9bb77de5, async jobs use existing
entry in native module cache and skip recompilation so we need to fix
the test.
Original change's description:
> Reland "[wasm] Perform NativeModule tier down in parallel."
>
> This is a reland of 3352fcc900
>
> Disable stress-opt for test and check recompilation before clearing
> callbacks.
>
> Original change's description:
> > [wasm] Perform NativeModule tier down in parallel.
> >
> > Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> > initialize parallel compile jobs, then wait for them to finish while
> > taking part in this compilation.
> >
> > Bug: v8:9654
> > Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65763}
>
> Bug: v8:9654
> Change-Id: I8e8830f05e189596207365b7332a2cc25e493e47
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002945
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65901}
Bug: v8:9654
Change-Id: Ia63b86d4275088d93202046bc9823e6202b7991a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012986
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65929}
The actual allocatable size still depends on the allocator;
in particular Blink's ArrayBufferAllocator is currently limited
to 2GB.
WebAssembly memories are not affected by this change (i.e. still
capped at 2GB as well).
For 32-bit platforms, the limit remains at 2**30-1 (=max smi) elements.
Bug: v8:4153
Change-Id: If0d6047dd4061028688d85a3dc0a2684dcca8693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007495
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65924}
Serialization of WasmModuleObject was our first implementation for
postMessage, and was used for IndexedDB. IndexedDB support is removed
since a long time, and postMessage works by just messaging an identifier
and reusing the underlying NativeModule when receiving this.
Thus the logic to serialize the actual code is unused, and thus should
be removed together with all tests.
R=ahaas@chromium.org
Bug: v8:10146
Change-Id: I599296736dabd486c45ced2b6e5996e490fa40c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013110
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65922}
This CL adds a --debug-in-liftoff flag, which takes another path in
{WasmScript::SetBreakPointForFunction}, and sets the breakpoint via
{wasm::DebugInfo} (Liftoff-related) instead of {WasmDebugInfo} (C++
interpreter related).
Actual breakpoint support is not there yet, so the new test which sets
this flag does not currently break anywhere. This will change with a
future CL.
R=thibaudm@chromium.org
Bug: v8:10147
Change-Id: I95a905e666b8f502366d2c7273c8f25a267ee184
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012920
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65921}
Changing script context handling from bytecode based to metadata on the
function. This fixes the debugger to explicitly check the code rather
than implicitly relying on a NewScriptContext bytecode causing side
effects.
Bug: chromium:1043151
Tbr: ulan@chromium.org
Change-Id: I38c5c04d7c76155e0a055ae6efd57f25986bdb7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013117
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65920}
This is a reland of 3b7535636f
Original change's description:
> Reland "[runtime] Cache prototype chain enumerable keys in PrototypeInfo"
>
> This is a reland of 5253d7bf15
>
> Original change's description:
> > [runtime] Cache prototype chain enumerable keys in PrototypeInfo
> >
> > This CL adds a prototype_chain_enum_cache to cache the enumeration of a
> > prototype and its entire chain on the PrototypeInfo. It can improve for-in
> > performance via simply merging the receiver enumeration with this cache.
> >
> > It improves the score of JetStream2-tagcloud-SP case by ~9% on IA Chromebook.
> >
> > Contributed by tao.pan@intel.com
> >
> > Change-Id: Ib40bfe41e772672337155584672f06fa1ba1e70d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1870844
> > Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65224}
>
> Change-Id: I93b74727c46abbaab163324c50fbd977fcc9bb36
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1955232
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
> Cr-Commit-Position: refs/heads/master@{#65377}
Change-Id: If4b4631e1b8a3d2df748b6be8500f838836a3291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008253
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65919}
... and consult it there from the various reducers. The flag makes no
sense without the broker and the reducers already have access to the
broker, so we can avoid an additional flag per reducer.
Bug: v8:7790
Change-Id: I448050a55951b94d5313c1a79a502be906b98b25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013108
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65918}
Add a test that const declarations are recognized as having side-
effects in REPL mode.
Bug: chromium:1043151
Change-Id: I6f8038ab4a5ee446d23904ed46637223157db5c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2013114
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65916}
In the debugger, wasm scripts currently do not contain meaningful column
informations. Fix that by keeping track of the offset and size of the
wasm code section inthe module and reporting that to the debugger.
Bug: chromium:1042636
Change-Id: Ie2b5d3a50952a467d256f815c16e459cb0ae600e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011083
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65913}
The instruction selector assumed for Word32AtomicPairLoad node that if
there exists a Projection(1) user, then there also exists a
Projection(0) user. This, however, is not the case, because TurboFan
eliminates unreachable nodes. The missing projection node lead to a
failed DCHECK in the register allocator.
To fix the problem I use now the Word32AtomicPairLoad node directly to
allocate the register. On ia32 I stop additionally to allocate unneeded
temp registers.
R=gdeepti@chromium.orgCC=zhin@chromium.org
Bug: chromium:1042379
Change-Id: I79bd9f3f4672e147246a71c32b7c9b4dbd79b17f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002547
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65912}
This API was used for IndexedDB support and for transferring modules by
serializing and deserializing (before we were sharing code between
isolates). Last uses were removed in https://crrev.com/c/1847366, thus
this whole API is unused by now.
This CL deprecates the API and refactors tests to use the internal APIs
instead.
R=adamk@chromium.org
Bug: v8:10146
Change-Id: I838039b4be7ea4eebe6769f31f48e51e7bcd4645
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006090
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65908}
Add a case for kWasmS128 in Spill. We encounter this in the
wasm-trace-memory-liftoff test, but that test was skipped on ARM and
ARM64 due to insufficient implementation of Liftoff on those archs. But
with recent changes, they are now capable of running this particular
test, so we enable it.
Drive-by fix for incorrect size used in vld1 for filling S128 values.
Bug: v8:9909
Change-Id: I8addd06ba3c9a40364e432180cd5dbc48debca23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007901
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65904}
This reverts commit faccc95b77.
Reason for revert: Causing some failures, e.g. https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20verify%20csa/15741 and https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64/35635 and https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64/32736
Original change's description:
> Reland "[wasm] Perform NativeModule tier down in parallel."
>
> This is a reland of 3352fcc900
>
> Disable stress-opt for test and check recompilation before clearing
> callbacks.
>
> Original change's description:
> > [wasm] Perform NativeModule tier down in parallel.
> >
> > Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> > initialize parallel compile jobs, then wait for them to finish while
> > taking part in this compilation.
> >
> > Bug: v8:9654
> > Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> > Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> > Reviewed-by: Clemens Backes <clemensb@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#65763}
>
> Bug: v8:9654
> Change-Id: I8e8830f05e189596207365b7332a2cc25e493e47
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002945
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65901}
TBR=clemensb@chromium.org,duongn@microsoft.com
Change-Id: I99f5a5455a022d0cbff3da54610cedfe6380a094
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2012985
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65903}
This is a reland of 3352fcc900
Disable stress-opt for test and check recompilation before clearing
callbacks.
Original change's description:
> [wasm] Perform NativeModule tier down in parallel.
>
> Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> initialize parallel compile jobs, then wait for them to finish while
> taking part in this compilation.
>
> Bug: v8:9654
> Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65763}
Bug: v8:9654
Change-Id: I8e8830f05e189596207365b7332a2cc25e493e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002945
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65901}
The test was supposed to manipulate the serialized bytes to make them
invalid, but the value at the manipulated position was already 0, hence
the bytes stayed valid. This went unnoticed before
https://crrev.com/c/2010786, since there was a fallback anyway to
re-compile the module if deserialization fails.
This CL fixes this by using the right offset, and checking that the
value there is not already zero.
R=thibaudm@chromium.org
Change-Id: Ie0eaf2c8ee9e8c4c477f717f3d8aed8564b3adbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007493
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65898}
Lite mode implies jitless, hence we also need to skip in lite mode.
TBR=thibaudm@chromium.org
Bug: v8:6847
Change-Id: I0147b2604180e3801d5e939619ea00a87220f7ec
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011830
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65890}
This fixes a few issues:
1) It avoids using the {DeserializeOrCompile} API method, which is not
used in chrome any more and will be deprecated soon.
2) It switches to the {DeserializeNativeModule} internal method, which
really checks deserialization in isolation and does not fall back to
compiling the wire bytes if the serialized bytes are incorrect.
3) It disables a test which tried to invalidate the number of functions,
but the respective bytes were already zero, so nothing was
invalidated. This still needs to be fixed in a follow-up CL.
4) It serializes the modules in a separate isolate, which then gets
disposed to free references to the NativeModule and remove it from
the modules cache. Otherwise we will just never deserialize, but use
the cached module instead.
R=thibaudm@chromium.org
Bug: v8:6847, v8:10146
Change-Id: I37ef524a9c96c32fec2e7466488d67395fa5ccea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010786
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65888}
Force source position collection when using --print-break-location.
Bug: v8:10132
Change-Id: I4706d9f1e09c52ca7bfb2410485bc3ef26c2128a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011821
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65885}
Compilation is failing on certain versions of gcc with:
'sort' is not a member of 'std'
'adjacent_find' is not a member of 'std'
'count' is not a member of 'std' and
Bug: v8:10145
Change-Id: I0672636987c515485318d29d251c3b49a22ff374
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2008307
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65884}
This CL introduces the xadd instruction to the x64 assembler so it can
be used to implement WebAssembly's AtomicAdd. This is done in a
separate CL though.
R=clemensb@chromium.org
Bug: v8:10108
Change-Id: I36dcb900ed4c39b23c4996328774780afd8b816a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011105
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65879}
The interpreted-frames-native-stack flag has been broken since pointer
compression was enabled. This fixes the load of the field.
Bug: v8:10138
Change-Id: I746407a7a5680c5d3e9a3b190371af00818282b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011206
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65878}
This fixes the DevTools console preview when using REPL mode.
AsyncFunction* intriniscs are side-effect free and marking them as such
is correct.
Bug: chromium:1043151
Change-Id: Ie0c36507b98b0c12f3d627c34102c04c27358ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010106
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65876}
Most V8 unit tests are multi-threaded, so configure GTest to use the
thread-safe GTest implementation by default.
This can be overridden on a per-test basis by setting:
testing::FLAGS_gtest_death_test_style = "fast";
during the test's SetUp() (see the GTest documentation for details).
Bug: v8:10143
Change-Id: I7414c5d8ae22eb8d9b8c4813f958ca571e1d0310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2011085
Commit-Queue: Wez <wez@chromium.org>
Auto-Submit: Wez <wez@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65873}
The SequentialUnmapperTest replaces the process-global PageAllocator
with a wrapper which tracks allocations. The suite was deleting the
tracking allocator without first restoring the original PageAllocator,
causing any subsequent tests which tried to use it to use-after-free.
Bug: chromium:934932
Change-Id: I0f69b6a07542a3f381724afdbfb2e9b67a9f39de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010113
Commit-Queue: Wez <wez@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Wez <wez@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65872}
The verifier tried to assert that the context input of Create*Context
nodes has type OtherInternal (all Context constants have that type).
This didn't quite work because of OSR values so actually it checked
something much weaker. And what it checked still doesn't work because
of dead code, in which the context input might statically be known to
be the undefined value. I'm removing the assertion entirely now.
I suspect that there are other assertions in the verifier that don't
hold in the OSR code or in dead code. We are discussing a more general
solution such as inserting TypeGuards in the relevant cases.
Bug: chromium:1037771
Change-Id: I6fb59c60e7120d5984ea0fe140269f2df6de8708
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010792
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65871}
I hit this issue in an unrelated CL and it took me a while to figure out
what's happening.
This CL will allow the creation of constant OwnedVectors via
{OwnedVector<const T>::Of(collection)}.
R=tebbi@chromium.org
Change-Id: I337077a6c3960a2a2a8d857bec7450f664b87a3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2010109
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65868}
In the case of having:
* NodeA(...)
* NodeB(NodeA, NodeA), with this being the only use of NodeA.
this CL gives A's ownership to B.
Before, we used to say that B didn't have ownership of A due to A having
two uses.
This brings it in line with OwnedBy with two owners check:
abd1a0fc04:src/compiler/node.cc;l=291
Change-Id: I15fdf373136a21bf423e6dffd9588054fd720d72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007502
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65867}
This adjusts parsing of negative numbers in UnaryExpression and
MultiplicativeExpression to return double if the token is -0.
R=clemensb@chromium.org
TEST=mjsunit/regress/regress-6838-4
BUG=v8:6838
Change-Id: I6c2113b520c3831f4a5101f0a963f49c1eb9d7d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007272
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65862}
This adds a new API function that can be customized by the embedder
by providing a delegate that defines contexts to be measured and
reports the results to JS.
A memory measurement request is carried out as follows:
1) MeasureMemory(delegate) invocation enqueues a new request in
MemoryMeasurement::received_ and schedules a delayed GC task.
2) At the start of the next GC (that is triggered either by the
GC schedule or by the delayed task) each request in received_
moves to processing_. Per-context marking worklists are created
for each native context that was selected by the delegates
(using the ShouldMeasure predicate).
3) At the end of the GC the sizes of the native contexts are
recorded for each request in processing_. The requests move
to the done_ list and result reporting task is scheduled.
4) When the result reporting task runs it invokes the
MeasurementComplete function of each delegate in done_.
Bug: chromium:973627
Change-Id: I0254cae693c5b8fab7c85a9eca0a3a128210b6c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981493
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65856}
Add a cctest to verify correct treatment of functions which return SIMD.
This exercises the MoveToReturnRegisters logic, where we need to add a
new case for fp pairs. FinishCall also needs to handle fp pairs.
Small cleanup to rename needs_reg_pair to needs_gp_reg_pair to be clear,
and add a new helper needs_fp_reg_pair.
Drive-by fix for cctest to assert that the tests are compiled with
Liftoff.
Bug: v8:9909
Change-Id: I0cd7a1a90e97372ea85e7668f2298d4fa2d76f4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006021
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65848}
Split the linked list of array buffer extensions into two lists for
young and old JSArrayBuffers. Process young extensions during the
minor GC pause. When promoting JSArrayBuffers into the old gen, move
the extension into the old linked list as well.
Bug: v8:10064
Change-Id: I07275ffe7ba918c9b2d6d0648a6d1b59e4fa4891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997438
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65842}
Similar to TracedReference, support TracedGlobal on stack as well.
Bug: chromium:1040038
Change-Id: If3400a2df8b4a11410032bd5ad1b7bed64063b93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2005071
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65841}
This was written before lazy feedback vectors and expects that the
feedback vector is always present. Instead just return undefined and
do nothing if there is no feedback vector.
Change-Id: I1ffddd672576cb794eda2d5922b574a8be65d579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2007492
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65840}
Previously these would silently fail unless the caller checked the
.error property of the return value. There are no tests that check
iteractions with non-existent methods so this should always be an
error at the test runner level, rather than relying on clients to
check the error.
1. Fix the tests that accidentally call methods that don't exist.
2. Change the test runner so that it prints an error and ends the test.
3. Add a test that the test runner does #2.
Bug: v8:10134
Change-Id: Idd619950a057290c565d58fba6db3ddbcaf2c5eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2006093
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65835}
This was used for debugging only. The DevTools frontend now receives the
raw wasm bytes, and disassembles the functions it needed. The inspector
change was done in https://crrev.com/c/1991481.
This CL removes all code which is now dead in v8.
R=ahaas@chromium.org, bmeurer@chromium.org
Change-Id: I2d433613f1270a1ddac9af0bae8d990ef190712a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2005072
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65831}
Add a cctest that contains a function with a SIMD parameter, and calls
that function. This will exercise two cases in Liftoff which involves
preparing to call the function, and processing the SIMD parameters of
the function. The tricky case here is ARM, which requires an FP pair.
Most of the logic added is to check the RegClass/type and construct the
right type of LiftoffRegister to use.
As a drive-by, added SIMD case to the various backends' Move
implementation. This is not exercised by the test case, requires more
complicated function setup.
Bug: v8:9909
Change-Id: I1d01e8c3bee0cf336d1a8ff537317c77aedfdac0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004369
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65829}
Re-use set breakpoint logic for wasm script to set breakpoint to first
breakable position of given wasm function.
Bug: v8:9724
Change-Id: Ibd6b59d5b93c6895f71f0114291bf78db03aee0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001564
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65827}
Add 64-bit data size support to SHL and SHR, add simulator logic to
support new data size, and fix disasm.
For the disasm fix, casting size / 16 to NeonSize no longer works when
given a size of 64, it is 4, but should be 3.
Change-Id: I5bd1ce254cd3ff4b86159837087f22b2ed06703e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1994180
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65825}
Previously, V8 was just relinking nodes which broke when a move involves
an on-stack reference as such nodes have different semantics.
The solution is to create new internal nodes when necessary.
Bug: chromium:1040038
Change-Id: Ia5b3866ae68d014beb30972c4266aa5bae6559fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002546
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65823}
This makes Liftoff inspection (scope reporting) also use the decoded
names of locals, which are now stored in a C++ data structure (see
https://crrev.com/c/2002541).
The call to {SetOwnPropertyIgnoreAttributes} had to be replaced by a
proper lookup first, to handle integer names and duplicate names
correctly. The test already covered these cases.
The test was extended by another unnamed local to also test the
generation of default names in case no name is provided.
R=thibaudm@chromium.org
Bug: v8:10019
Change-Id: I475bb4db9a32c39203180e9c8d3f8181c3882138
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002544
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65821}
Add support for internalizing an AstValueFactory using the off-thread
factory. Includes adding ConsString support to OffThreadFactory.
This introduces a Handle union wrapper, which is used in locations that
can store a Handle or an OffThreadHandle. This is used in this patch for
the internalized "string" field of AST strings, and will be able to be
used for other similar fields in other classes (e.g. the ScopeInfo
handle in Scope, object boilerplate descriptor handles, the inferred
name handle on FunctionLiterals, etc.). It has a Factory-templated
getter which returns the appropriate handle for the factory, and a
debug-only tag to make sure the right getter is used at runtime. This
union wrapper currently decomposes implicitly to a Handle if the getter
is not called, to minimise code changes, but this implicit conversion
will likely be removed for clarity.
Bug: chromium:1011762
Change-Id: I5dd3a7bbdc483b66f5ff687e0079c545b636dc13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993971
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65816}
Function calls can push arguments onto the stack. The consumed stack
slots are not considered by the function-entry stack check, since
initial frame setup only reserves space for local slots, not call
arguments. This CL adds such logic by tracking the maximum pushed
argument count during instruction selection, and adding these slots to
the (existing) stack check offset logic in code generation.
Bug: chromium:1030167
Change-Id: I26a9407cf38009839b1dda2ff0c8ec297c15ed8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002540
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65814}
This reverts commits
- 63dc55568b
Add a debug v8 API SetDetachedWindowReason
- 9645810552
Introduce and emit "function calls in detached window" use counters.
- db18e49556
PPC/s390: Add a debug v8 API SetDetachedWindowReason
Note, macro-assembler-x64.cc isn't reverted b/c DCHECK_NE
is currently in a better place.
Reason for revert: No longer needed. It was intended for only 1 milestone.
Bug: chromium:1018156,chromium:1023293
Change-Id: Ic1c19e6e12bb4ac967cf8e687a77c58edc405833
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2004133
Auto-Submit: Bartek Nowierski <bartekn@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65811}
This way we don't need to generate bytecodes to push the context.
This drops the stack trace for redeclaration SyntaxErrors but keeps the
message location. This is in line with what we do for other
SyntaxErrors.
Change-Id: Id8e3cc348b4d56a8196753baf51cfd810f07512b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997439
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65810}
The advance-by parameter can contain negative numbers, but until this
CL was treated as unsigned.
Bug: v8:10072,v8:9330
Change-Id: Ib9a9c2d47ba71fa819e89502d14871af6dfc9693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002543
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65809}
Add missing disasm tests for vroundss and vpalignr.
Fix disasm for vinsertps and vpinsrq.
Change-Id: I0f3907761b998d27ec00435a569084724af54ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1990140
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65799}
Most of the implementation work has been done as part of previous
patches, this finishes it by adding a new case for LoadType, and also
adding a test. The arm and arm64 implementation is new, and wasn't
required, since the Liftoff tests (in nooptimization variants) are
skipped on arm and arm64, and hence did not fail.
Bug: v8:9909
Change-Id: I01bd86d2e46de852bc067f44c802f66ac9e9b029
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001561
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65798}
This reverts commit 3352fcc900.
Reason for revert: Causing wasm/tier-down-to-liftoff.js to be flaky, https://crbug.com/v8/10086
Original change's description:
> [wasm] Perform NativeModule tier down in parallel.
>
> Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> initialize parallel compile jobs, then wait for them to finish while
> taking part in this compilation.
>
> Bug: v8:9654
> Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65763}
TBR=rmcilroy@chromium.org,clemensb@chromium.org,duongn@microsoft.com
Change-Id: Ie3a0a3b2315879b6c19ef25f435fdc83c297b23b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002692
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65797}
Port ba14c2f354
Original Commit Message:
Add kWasmS128 to the list of supported types, and implement Fill for all
the architectures so that LocalGet works.
Add a new test file to contain tests that run only on Liftoff, and
assert that the code is indeed compiled by Liftoff.
We cannot rely on the nooptimization variant for testing
because by default, if Liftoff compilation fails, it will fall back to
Turbofan, and we accidentally get a test passing.
We skip these tests on mips architecture that don't support SIMD, since
there is no way to implement these, and we don't have a "lowering" phase
for Liftoff.
As we implement more of SIMD in Liftoff, we can add more
tests to this file and ensure correctness. Future patches will introduce
support for globals and params.
R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I776b3d93dd4dc53641650ac30b26661e52142287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002688
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65792}
This extends the debug side table to track stack offsets of locals and
operand stack slots, and uses this to read spilled value from the
physical stack frame when inspecting Liftoff frames.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: Ida7ab5256fcc1e9d408201f4eafe26919f1432a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000739
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65789}
Add decoding of ref.null as a valid argument for references in
TurboFan, LiftOff and the interpreter.
R=ahaas@chromium.orgR=jkummerow@chromium.org
Bug: chromium:10063
Change-Id: I1e2d9c76f616dacb3aa06f8b535543bdcdcf0783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991485
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65788}
Introduce OffThreadFactory with initial string construction support.
The OffThreadFactory shares with Factory a new CRTP base class, called
FactoryBase. Methods in FactoryBase return a FactoryHandle<Factory, T>
alias, which is Handle<T> for normal Factory and a new OffThreadHandle<T>
for OffThreadFactory. OffThreadHandle<T> behaves like Handle<T>, except
it stores the object in-line rather than needing external storage.
Any shared factory methods are moved into FactoryBase, which uses CRTP
to call the sub-class's AllocateRaw method (plus a few more customization
points which need Isolate access on the main thread).
Methods that used to take an Isolate or Factory, and are needed off the
main thread, are now expected to be templated on the factory type and
to use the appropriate handle.
Once an OffThreadFactory has finished being used (e.g. off-thread
compilation completed) its pages are "Published" into the main-thread
Heap. To deal with string internalization without creating a bunch of
ThinStrings, this is done in two stages:
1. 'FinishOffThread': The off-thread pages are walked to
collect all slots pointing to "internalized" strings. After this is
called it is invalid to allocate any more objects with the factory.
2. 'Publish': On the main thread, we transform these slots into
<Handle to holder, offset> pairs, then for each saved slot
re-internalize its string and update the slot to point to the
internalized string.
Bug: chromium:1011762
Change-Id: I008a694da3c357de34362bd86fe7e1f46b535d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992434
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65787}
When reserving the requested virtual memory fails (due to address space
exhaustion), simply return nullptr to indicate allocation failure, which
callers must be prepared to handle anyway. That way, ClusterFuzz will
correctly classify OOM situations.
Bonus change: skip demo test on simulators to save time.
Drive-by cleanup: add a 'simulator_run' section to mjsunit.status
Bug: chromium:1042151,chromium:1042173
Change-Id: I8569f3c0d2a681fbf6f91b665dcb88a4ac3b901e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002391
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65785}
With --stress-opt, the second run will share the NativeModule with the
first run, hence it's in a nondeterministic state and the test
expectations fail.
TBR=ahaas@chromium.org
CC=duongn@microsoft.com
No-Try: true
Bug: v8:10086, v8:9654
Change-Id: I74cf5e841ae2330b3b846ee742cc022305ec9636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000750
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65773}
blendvpd should not be defined in the macro list, since the AVX version
has 4 operands, not 3.
Change-Id: Id020b460fa1a3510a91490f3b2286024cc6c5994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1990139
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65771}
Add kWasmS128 to the list of supported types, and implement Fill for all
the architectures so that LocalGet works.
Add a new test file to contain tests that run only on Liftoff, and
assert that the code is indeed compiled by Liftoff.
We cannot rely on the nooptimization variant for testing
because by default, if Liftoff compilation fails, it will fall back to
Turbofan, and we accidentally get a test passing.
We skip these tests on mips architecture that don't support SIMD, since
there is no way to implement these, and we don't have a "lowering" phase
for Liftoff.
As we implement more of SIMD in Liftoff, we can add more
tests to this file and ensure correctness. Future patches will introduce
support for globals and params.
Bug: v8:9909
Change-Id: I7fc911f2d588d60c709ddb258b2efc1f22805fab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999470
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65768}
I also fixed one issue in the wasm interpreter.
R=clemensb@chromium.org
Bug: v8:10180
Change-Id: Ie30e908ad051a27fa611e8d36134b67aaf4c830c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000741
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65764}
Reuse logic in {CompileNativeModule} function in module-compiler.cc:
initialize parallel compile jobs, then wait for them to finish while
taking part in this compilation.
Bug: v8:9654
Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65763}
This just removes the flag if it is not supported anyway. This avoids
fuzzers trapping over this.
The same was done for the --perf-prof flag in
https://crrev.com/c/1993969.
R=ahaas@chromium.org
Bug: chromium:1035233
Change-Id: I7b4b8fdd141df717cc62d795534f30435f7b38c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1998083
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65760}
Tests which set the --perf-prof flag leave behind a file in the current
working directory every time they execute.
In order to avoid this, this CL introduces a --perf-prof-delete-file
flag, which removes this file right after creating it. This still allows
the process to write to it via the open handle, but the file will be
gone afterwards, even if the process crashes or gets killed while
executing.
R=ahaas@chromium.org
Bug: v8:10121
Change-Id: I99b159bb6d94255f77095ac78d98ba55106e94fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000738
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65759}
- Introduces a API to set top of the stack through
EmbedderHeapTracer::SetStackTop.
- Introduces a new API to inform V8 about an empty embedder stack.
- Switch internal representation of TracedReference
for on-stack handles to a proper stack that considers all
contained handles as roots.
- Handle garbage is avoided by cleaning up on handle creation or
GC.
Design doc: https://bit.ly/on-stack-traced-reference
Bug: chromium:1040038
Change-Id: I927ef0abb268fdb5853c9e17b1bc96e2491cf101
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993973
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65757}
The fix in https://crrev.com/c/1997135 didn't properly recurse the cache
scope after a with scope, passing the current scope rather than the
original cache scope up the recursion. Now the "use external cache" check
is done in LookupWith (and, analogously, LookupSloppyEval) while passing
the given cache scope through the Lookup recursion.
Fixed: chromium:1041210
Fixed: chromium:1041616
Change-Id: I5ac9ddc6c16d63b59aa034721fccec2f7781c4f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000133
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65754}
This fixes local names that are the string representation of a valid
element index.
Even though both the Liftoff and the interpreter-based test are changed,
only the latter needs to be fixed right now since Liftoff does not use
the names currently. Modifying the test just ensures that we implement
this correctly once we use the name.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: Ib7f7d6e244a344a85ab540b6c2c67f98b1f3078e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1998079
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65751}
TSan complains in "isolates" tests otherwise. Also further reduce
virtual memory requirements of the sample test to address flaky
allocation failures on 32-bit platforms.
Change-Id: I26c9a59965009d7083876b4ff4836ee879d33350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000138
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65750}
It was missing the name field.
Bug: chromium:1036641
Change-Id: I686a46adfccfd656422cddef340ded58b7a9c9b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000135
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65748}
This reverts commit 304e97d334.
Reason for revert: Last roll is failing - https://ci.chromium.org/p/chromium/builders/try/linux-rel/282356
Original change's description:
> [parser] Fix caching dynamic vars on wrong scope
>
> When looking up a variable in a deserialized WITH scope, we were
> unconditionally passing in the cache scope to the lookup, even if the
> with was inside the cache scope. This would lead to and outer scope of
> the with holding the generated dynamic variable. If the cache scope was
> the SCRIPT scope, the dynamic variable would be interpreted as a global
> object property.
>
> Now, we only store the WITH scope dynamic variables in the cache scope
> if it is an inner scope of the WITH scope, same as we do for 'normal'
> scope lookups.
>
> Fixed: chromium:1041210
> Change-Id: I4e8eb25bbb8ea58311355d13a9c7c97bf2fa3ec7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997135
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65732}
TBR=leszeks@chromium.org,verwaest@chromium.org
Change-Id: I7b6d77d03b603152a9a47541db466934f46b1176
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000140
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65747}
This CL fixes a negative capacity check up the call-chain to fix an
issue found a clusterfuzz. This is temporary since mid-term we want to
change the interface of allocation functions to take an unsigned C++
type, so implicit conversion errors like this one, can't happen.
Fixed: chromium:1041240
Change-Id: Ib344e5738d2648fbf9a2951ca943ff566ddd5f09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000134
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65746}
The UpdateSharedWasmMemoryObjects function only creates a new
JSArrayBuffer when the the legths of old/new ArrayBuffer objects
are unequal, but the CHECK in the Grow() funciton assumes that a new
object is always created. Fix so that a new ArrayBuffer is always
allocated.
Bug: v8:10044, chromium:1040325
Change-Id: I66912bdc091e65a57e5b50f4ed63b0da5492dcc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999603
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65742}
Rather than explicitly requesting MAP_HUGETLB mappings, which requires
kernel configuration, we should rely on the "Transparent Hugepages"
feature, where eligible allocation requests are automatically fulfilled
with huge page mappings.
Bug: chromium:1041232
Change-Id: I5263da7a23290316aa7b99e63881ca88e65b4e34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997442
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65741}
Note the tricky part in instruction-selector-x64, where we flip the
inputs given to the code generator. This is because the semantics we
want is: v128.andnot a b = a & !b, but the x64 instruction performs
andnps a b = !a & b. Therefore we flip the inputs, and combined with
g.DefineSameAsFirst, the output register will be the same as b, and we
can use andnps without any modifications in both SSE and AVX cases.
Bug: v8:10082
Change-Id: Iff98dc1dd944fbc642875f6306c6633d5d646615
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980894
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65738}
This adds inference for general JSObjects to NativeContextInferrer in
the case when the object is going to be attributed to the shard context.
Bug: chromium:973627
Change-Id: I393e8dd16a1f8b615fb2f8dceb52f543bae33554
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997133
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65736}
When looking up a variable in a deserialized WITH scope, we were
unconditionally passing in the cache scope to the lookup, even if the
with was inside the cache scope. This would lead to and outer scope of
the with holding the generated dynamic variable. If the cache scope was
the SCRIPT scope, the dynamic variable would be interpreted as a global
object property.
Now, we only store the WITH scope dynamic variables in the cache scope
if it is an inner scope of the WITH scope, same as we do for 'normal'
scope lookups.
Fixed: chromium:1041210
Change-Id: I4e8eb25bbb8ea58311355d13a9c7c97bf2fa3ec7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997135
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65732}
Due to the changes introduced int this CL:
https://chromium-review.googlesource.com/c/v8/v8/+/1991498
wasm-scope-info-liftoff needs to be skipped until
lifoff is enabled. Details can be found in the comment
section of the above link.
Change-Id: I1f61d1685a6ec2e81dab84b003f984a706d45737
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993906
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65726}
This makes the code a little more specific to what's happening: There is only 1
global scope, and if there is one, we know its declarations are
info->scope()->declarations(). That means we don't need multiple
GlobalDeclarationsBuilders, and we don't need to cache partially serialized
versions of the declarations. One builder is enough, and we can simply walk
those declarations if there are any.
Additionally this CL drops unnecessary information passed into DeclareGlobals:
- Global functions always have the name on the shared function info, so we can
drop the name.
- Due to lazy feedback vectors there's no point in trying to preinitialize
global loads. Also this was only preinitializing global loads at the script
level, not sub functions; without even checking whether the global load was
used. It may actually have caused us to do more work and allocate more global
load feedback slots than neccessary.
Change-Id: Ibbdd029abe5a39ba27f7fc9be84670c5d444d98d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997123
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65725}
This CL adds the ArrayBufferExtension class, which is used to track
JSArrayBuffers in a linked list. The ArrayBufferExtension is going to
replace the ArrayBufferTracker in the future but is currently behind
the v8_enable_array_buffer_extension feature flag.
When enabled, each JSArrayBuffer has a corresponding native-heap
allocated ArrayBufferExtension object. All extensions are currently
tracked in a single linked list. During marking the GC not only
marks the JSArrayBuffer but also its extension object. At the end of
mark-compact the GC iterates all extensions and removes unmarked ones.
Change-Id: I88298be255944d5ae1327c91b0d7f0fdbcd486d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969791
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65724}
This brings the test back in sync with the wasm-scope-info-liftoff test
after the comments on https://crrev.com/c/1975754.
R=jkummerow@chromium.org
Bug: v8:10021
Change-Id: I8e3751fdb11fb32a0112c0706559a6d26e2e7594
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977860
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65723}
This patch contains real changes affecting the following tests:
- regress-1119: Bogus test, was failing justifiedly. Dropped.
- regress-crbug-9161: Was accidentally disabled everywhere. Re-enabled
for ASan (as the comment promised).
- regress-crbug-160010: Throws "invalid string length" on all platforms.
Was disabled everywhere. Dropped.
- regress-crbug-514081: Test was previously changed to use 2MB instead
of 2GB. Re-enabled variants.
Additionally, it reorders a bunch of definitions:
- Introduced separate sections for "mode == debug" and "no_i18n" to make
the "ALWAYS" section cleaner.
- Sorted various "slow tests", "open bugs", and "no_variants" definitions
into groups.
- Simplified long "arch == x or arch == y" sequences to "arch in (x, y)".
Bug: v8:10021
Change-Id: Ibe404ae400011196473cf082a4706ddbef7c8349
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995390
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65718}
The regression test for crbug.com/976627 was:
(1) silently failing on all platforms,
(2) very brittle, baking in several internal limits,
(3) highly specific for one particular place in the code,
(4) when fixed, very slow: 6 seconds on x64.release.
For all these reasons, it is herewith dropped.
Bug: v8:10021
Change-Id: Ic144f6bfcca0c301f3aca7840edbdc43f34a77fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993975
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65715}
Many binary operations defiend in CodeAssembler check for constants
in the inputs and apply simplification if applicable. This is now
performed by the MachineOperatorReducer in a uniform way. To avoid
code duplication, the premature optimizations in CodeAssembler have
been removed in this CL.
Bug: v8:10021
Change-Id: I9b99f05e4f9ab31ff933f22d62674ee80efee8ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995277
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65707}
When comparing objects which get printed to very long strings (e.g.
collections like vectors), it's much more readable if they get printed
to individual lines. Differences are much easier to spot then.
This CL refactors the CHECK/DCHECK macros to print the left hand side
and right-hand side in individual lines if any of them is longer than 50
characters.
To that end, the {PrintCheckOperand} method (only used from
{MakeCheckOpString}) is changed to return the string directly instead of
printing to an output stream.
R=mlippautz@chromium.org
Change-Id: I6e24a5cbfeb1af53fa0aca2828e23f642b15569c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991866
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65705}
Related ones are TryGetOwnProperty and CallGetterIfAccessor.
Bug: v8:10021
Change-Id: I1b65c4260ab48b4431fa2b84a8be5789f24fa800
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993960
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65704}
This CL adds timestamps to coverage updates. This is useful for clients,
because between requesting a coverage update and collecting coverage data
significant time may pass. This change allows precise attribution at what
time a coverage update was taken.
Change-Id: I65a9cccb0171e892b7dbe35d105d3ca246ba08d0
Bug: chromium:1022031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992435
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65696}
The fuzzers picked up this flag, and are now complaining that they run
into UNREACHABLE/FATAL too often because the {PerfJitLogger} is not
implemented on non-linux platforms.
This CL removes the flag if it's not supported, so users get a warning
about the unknown flag, but otherwise it's ignored. This should unblock
the fuzzers, and slightly reduces binary size on non-linux.
R=ahaas@chromium.org
Bug: chromium:1035233
Change-Id: I6b9282318bc82ff23173bc83ae31cb2d8cbdcdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993969
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65695}
This provides local scope information for Liftoff frames. Note that two
things remain to be fixed:
1) We still need to refactor decoding of locals names such that it's
available also for Liftoff frames.
2) We need to load spilled values from the stack frame.
This will be added in a follow-up CL.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: I2af1287d2989ab7b88c4293aac099bca95282063
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991498
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65686}
When Heap::TearDown is called, parts of the Isolate are already gone
(specifically: Managed<> objects, which includes Wasm NativeModules).
Since heap verification can depend on these parts (e.g. to find Code
objects belonging to current activations on the stack), we should do
it before tearing down things. Heap::StartTearDown is a suitable way
to achieve that.
Bug: v8:9209
Change-Id: I44094b19e16a4f372eb14ab363d8b4a65182f38a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993968
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65684}
The test passes, I guess it was fixed some time ago.
R=thibaudm@chromium.org
Bug: v8:10021
Change-Id: Id07344b2df24ae0ebff139f78eb4027d868b27c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993967
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65682}
This patch maintains the previous default value of the flag controlling
the max size of Wasm memories, but allows the limit to be raised on the
command line.
Bonus content: improve the multi-mapped mock allocator by falling back
to regular allocation for small requests.
More bonus content: make debug-mode Wasm tests faster.
Bug: v8:6306
Change-Id: Idabae5734794b06e65d45b3a6165dbd488847f3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981157
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65681}
This CL factors out the decision-making logic whether a property key should
be treated as a "property" or "element" into LookupIterator::Key, which can
be constructed on its own, allowing use sites to take this distinction into
account before constructing a LookupIterator from the Key, without needing
to duplicate the logic.
This also makes the assortment of LookupIterator constructors more uniform.
Bug: chromium:1031175
Change-Id: I81d7b11ab7e4915f5c05668138e6e0c51ae11821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962272
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65672}
Store the types of locals in the {DebugSideTable}, and the type of all
stack values on each entry.
Especially the stack value types would be difficult to reconstruct later
on.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: I9b945b4e0a51166460420099908442703d3d486a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1975759
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65670}
In the WebAssembly.Global constructor we continued to execute even after
the JavaScript code in the descriptor.mutable getter threw an exception.
This caused a problem when the descriptor.value getter was executed even
though there was a scheduled exception.
R=jkummerow@chromium.org
Bug: chromium:1033948
Change-Id: Idac554175fe45ec677447b793db069eb6de543b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993283
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65669}
This is a cleanup to remove unneeded flags after these changes (in
https://crrev.com/c/1988548):
* --future does not imply --wasm-tier-up any more, and
* --wasm-tier-up does not imply --liftoff any more.
Instead, now
* --wasm-tier-up is enabled by default,
* --wasm-tier-up has no effect if --liftoff is not set, and
* --future implies --liftoff.
R=ahaas@chromium.org
Bug: chromium:1040061
Change-Id: I5d04ee1f1d84ddcd0654df0e0a4c6298f80aee9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993280
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65666}
This changes the marking worklist draining for the main thread
marker and the concurrent marker to use the following algorithm in
per-context mode:
1) Pop an object from the marking worklist.
2) Try to infer the native context that owns the objects.
This is done using a new NativeContextInferrer class.
3) If the inference is successful, then change the active marking
worklist to the worklist of the inferred native context.
4) Otherwise, keep the current active marking worklist.
5) Visit the object. Newly discovered objects will be pushed
onto the active marking worklist.
6) Account the object size for the native context corresponding
to the active marking worklist.
This is done using a new NativeContextStats class.
The main property of the algorithm is that each object for which
we couldn't infer the native context is either attributed to
the native context retaining it or is not attributed to any native
context.
Bug: chromium:973627
Change-Id: Ide4ab992275d115279f971d89ace657f4c05e176
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981491
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65663}
This tnodifies:
TaggedToNumeric
TaggedToNumericWithFeedback
ThrowIfNotInstanceType (also made void since its return value was never
used).
IsSharedFunctionInfo
ComputeUnseededHash (and moves it to builtins-collections-gen.cc)
ComputeSeededHash
TrapAllocationMemento
BranchIfAccessorPair
GotoIfNumberGreaterThanOrEqual
CodeStubArguments::PopAndReturn
Also removes CodeStubArguments::GetArguments which was never called.
Bug: v8:10021
Change-Id: Iaa434f933f0d37ff999ba41601e982b62cfab048
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989828
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65661}
Inspector will no longer report per-function wasm scripts or
provide wasm disassembly. Locations in wasm are now consistently
reported through the inspector API as lineNumber=0
columnNumber=byte offset in module.
Bug: chromium:1013527, chromium:1003022
Change-Id: Ide85bbaa85ad75f29248ff82a3e7f3e40688d377
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991481
Commit-Queue: Eric Leese <leese@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65660}
When FLAG_noconcurrent_recompilation is turned on we always run on main
thread. So it is safe to derefernce handles when printing the turbofan
graph. We should only add a DCHECK when dereferencing read-only heap
objects when optimizing concurrently.
Bug: chromium:1040444,chromium:1040403
Change-Id: I6bde966690458b1d122611b02e713c581c87f534
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992433
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65659}
When parsing an arrowhead, it's possible for temporary variables to be
created with a different index depending on whether the parsing is lazy
or eager. This then results in bytecode mismatches as the index is used
to determine which register to use.
To make the ordering stable, this changes variable allocation in arrow
functions to always allocate the non-temporaries first and then the
temporaries.
Bug: chromium:1020162
Change-Id: Ia47c4c2916d63f12d20d663e4e3842bfd68f6d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977865
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65657}
We were missing some possible load compressions due to not having these
bitcasts as cases.
Bug: v8:7703
Change-Id: I866196c4fd09d313d3a461cb7f8f80bc92278e13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989830
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65647}
For I16x8Splat and I8x16Splat, the arguments takes I32, which can hold a
value larger than what should be splatted. We add tests to check that
the splatted values is the truncated I32 value (top bits masked off).
See https://github.com/WebAssembly/simd/pull/151 for the updated to
proposal text.
Change-Id: Ib32770872e70c7cde2028130d2b44b416594610e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986200
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65642}
So far creating scripts always grew the script_list without ever
reusing cleared slots or shrinking. While this is probably not a
problem with script_list in practice, this is still a memory leak.
Fix this leak by using WeakArrayList::Append instead of AddToEnd.
Append adds to the end of the array, but potentially compacts and
shrinks the list as well. Other WeakArrayLists can use this method as
well, as long as they are not using indices into this array.
Bug: v8:10031
Change-Id: If743c4cc3f8d67ab735522f0ded038b2fb43e437
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1967385
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65640}
Clean up isolate inference and non-allocating/allocating parts of
SharedFunctionInfo::InitFromFunctionLiteral, so that it can more easily
be refactored for off-thread allocation in the future. Also, make
SharedFunctionInfo::SetScript a member function, to acknowledge that it
is non-allocating.
Bug: chromium:1011762
Change-Id: I26624fceb642dfdf257ec3d96aab31ea90e48870
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991482
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65639}
Add jkummerow, thibaudm, zhin; drop titzer.
Also make src/wasm/OWNERS the source of truth and let test-specific
OWNERS files refer to that.
No-Try: true
Change-Id: I9862ae452970e20b7842269721ad6a7953f275fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1989827
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65636}
The only one remaining was the one in CSA. Once that was removed, we can
simplify the pipeline.
In order to remove it, we have to update the machine graph verifer so
that Word32Equal can accept Tagged values as well.
Bug: v8:7703
Change-Id: Ia3c4d872babc2005be1b402b4614a6039c59dbf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987254
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65634}
It has been deprecated in v7.9, but needed to be changed
again for v8.0 by providing a default implementation. This
allowed embedders to remove all overrides. We can now
remove the definitions in v8.1.
R=ulan@chromium.org
CC=ahaas@chromium.org
Bug: v8:9810
Change-Id: I9d303bf8a01d863bce3522abccdd3ded5e551818
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1868620
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65633}
The optimized code for String.charCodeAt(BigInt.asUintN(64, 10n)) did
not throw a TypeError due to how lowering of CheckBounds triggers
RepresentationChanger.
Bug: chromium:1038573
Change-Id: Ie0f9ca95de5af5fd3701841ab169e11ccc77216c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986003
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65632}
Remove the explicit script handle from ParseInfo, and make it either
a Handle that is passed around where needed, or one inferred from the
SharedFunctionInfo.
This will be useful for compilation finalization using the off-thread
factory, which will not generate real Handles since it has no access
to the Isolate.
Bug: chromium:1011762
Change-Id: I5d9564009ec83bb9fc74191b4aa69735d132c2f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977861
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65629}
This is reland of 6ce3046e2b
Skip the test in multi-isolates config.
Bug: v8:9654
Change-Id: I035c867c99219bbf8d4fa25b58c734306e25fa63
Original change's description:
> [wasm] Add support to tier down/up Wasm NativeModule
>
> This is the first part of switching between Liftoff and Turbofan in
> debugging Wasm. In this CL, we implemented the logic to tier down/up all
> functions in module.
>
> Bug: v8:9654
> Change-Id: Ia25103ca29963afa103c124ff5f159f197c2b2b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1970470
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65529}
Change-Id: I035c867c99219bbf8d4fa25b58c734306e25fa63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1985032
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65614}
This change updates GetObjectProperties to list all of the bitfields
within a class field, if that class field's type is a bitfield struct.
The representation of bitfields in the GetObjectProperties response is
very similar to the representation of struct fields, but with two extra
bytes of data specifying the shift and size of the bitfield.
Bug: v8:9376
Change-Id: I40a22169f3d01652a7f2db8cface43c2a1e30cfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960835
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#65610}
Makes the Node* versions private so they can still be called from the
inlined TNode versions.
Also changes to LoadFromParentFrame to return TNode<Object> since its
uses don't require anything looser.
Bug: v8:10021
Change-Id: I84e3831d444a7787e0b03ff2f9e665181a9caa06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980578
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65604}
LogWriteDebugInfo can allocate when calculating line ends for source
positions, so make its called, LogRecordedBuffer, take Handles rather
than raw Objects. This also improves its API, as we can change the
maybe-null SharedFunctionInfo argument into a MaybeHandle.
Bug: chromium:1037872
Change-Id: Ifa3e2d9be7aa7de3b05e5c1e107406004b8963c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1985995
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65603}
During conflict detection, we want to early exit the scope loop when we
find a non-conflict, but continue looking at the other declarations in
the scope.
Bug: chromium:1038588
Change-Id: Ia2a19b02222fbd13cec70d3a60d2f5bae4ce245b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1985991
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65602}
When "await" is referenced in a part of an async arrow function head, we will walk up the active ambiguous expression stack and mark the ambiguous arrow head scope. However the class member initializer is always non-ambiguous so we should reset the stack and stop walking up.
Bug: v8:10094
Change-Id: Iac35889158ef46c851888993b6081f8ff8610c43
Fixed: v8:10094
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1987620
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65600}
This CL improves whitespace precision of coverage around try blocks;
previously a small portion of whitespace could be reported as uncovered
between try blocks and catch and/or finally blocks.
Change-Id: I763ae3d15106c88f2278cf8893c12b0869a62528
Fixed: v8:10030
Bug: v8:10030
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962265
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65593}
The AVX version should only take one argument, so these instructions have
to be split from the main list of SSE4 instructions, whose AVX version
have two arguments.
Bug: v8:9886
Change-Id: Ie37e060711babd7760547e2aa01c9c0fb0c728b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1986215
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65588}
The native context can differ from the current isolates
raw_native_context, so this DCHECK was never valid.
Bug: chromium:1033966
Change-Id: Iecbbdf33a8645ffd6e8768f4ba0eb0292eca269f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1982582
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65577}
This improves runtime and guarantees a number of samples, reducing
the chance of flakes and simplfying the code as well.
Change-Id: Ife559475240670e40e194285ba73853d18672e97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981506
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65575}
This test tried to get enough samples by varying the amount of work
done based on simulator vs. non-simulator builds. This didn't take
into account other things like release vs. debug, and some bots took
a very long time to run this test.
This CL uses the existing ProfilerHelper and sets a minimum number of
samples so that we can actually run the minimum amount of work for
any platform without manual tweaking.
This decreases runtime on x64.optdebug from 18.5 to 1.08s, and from
10+ min on x64.debug to 1.8s. arm.debug is ~4s now.
Bug: v8:10013
Change-Id: Ibdbdec00a300683554e3c67013e56d27dc7e6257
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981504
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65574}
This reverts commit 6ce3046e2b.
Reason for revert: Flaky test failures, see flako run: https://ci.chromium.org/p/v8/builders/try.triggered/v8_flako/b8893085619399726256
Original change's description:
> [wasm] Add support to tier down/up Wasm NativeModule
>
> This is the first part of switching between Liftoff and Turbofan in
> debugging Wasm. In this CL, we implemented the logic to tier down/up all
> functions in module.
>
> Bug: v8:9654
> Change-Id: Ia25103ca29963afa103c124ff5f159f197c2b2b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1970470
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65529}
TBR=clemensb@chromium.org,bmeurer@chromium.org,duongn@microsoft.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9654, v8:10086
Change-Id: I44a4c2bde87ba5e4e83859e3e3c96103249b585f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981501
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65573}
Also mark a slow test for better throughput.
No-Try: true
Change-Id: Ib8520ba3d00328cc27f330aff594b57d33ebe88d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1981502
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65572}
Just a cleanup, should not change behavior, although we will allocate
more handles in some cases.
Also re-orders some of the implementations of the interface to try
and keep things consistent.
Included cleanup: Change CodeEventDispatcher so that it now implements
CodeEventListener, given that it had that exact interface already.
Also remove the macro dispatch to try and make things a bit easier to
read.
Bug: chromium:1033407
Change-Id: Id943b10c49f102d9783d8f4cf3a8c43e04364c77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1976390
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65571}
This adds a {wasm::DebugInfo} struct which will hold the
{wasm::DebugSideTable}s for individual Liftoff functions, and will use
them to construct local scope information.
R=jkummerow@chromium.org, bmeurer@chromium.org
Bug: v8:10019
Change-Id: I7869cec5000e9b126c891a242fcccfc53c67662e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1975758
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65563}
When opening DevTools, make sure that Wasm modules properly show up,
aka are reported via "Debugger.scriptParsed" events. Previously these
scripts corresponding to Wasm modules had been filtered out explicitly
(accidentally).
Bug: chromium:1032042
Tbr: clemensb@chromium.org
Change-Id: Id5e49616a4959c9ca611dbae6f1a4e9a47413ea6
Doc: https://bit.ly/wasm-dbg-stories-2019#bookmark=id.drrsobk5mo0p
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980588
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65560}
Fixes a potential overflow when using the runtime's StringCompareSequence
by checking the string length first.
Bug: chromium:1032906
Change-Id: I7cb94473ae8331dd2ecf1fa98034829bebf8a9ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1973936
Commit-Queue: Joshua Litt <joshualitt@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65558}
3682ddd7..31f1bb5a
31f1bb5 Remove date related types for Intl.DisplayNames (#2448) by Frank Yung-Fong Tang · 61 minutes ago
502cc20 fix delete test, add error tests, fix lint (#2453) by Gus Caplan · 2 days ago
19fd4be Improve Object.prototype.isPrototypeOf coverage (#2446) by Alexey Shvayka · 5 days ago
0ea69c7 feat: regression tests for optional call (#2429) by Benjamin E. Coe · 5 days ago
a3370bf FinalizationGroup: Improve tests for cleanupSome/unregister interactions (#2440) by Mathieu Hofman · 5 days ago
0ddce19 Adding tests for Array.prototype.copyWithin (#2443) by Natalie Silvanovich · 5 days ago
cadd47a Add test for for-in order (#2432) by Kevin Gibbons · 5 days ago
f7ad295 Update tests now that FinalizationGroup.prototype.cleanupSome throws if cleanup is currently in progress. (#2434) by Jon Coppeard · 5 days ago
09380a4 Add test verifying that optional call preserves `this`. (#2436) by Ross Kirsling · 3 weeks ago
5c41447 Remove incorrect tests for AggregateError#toString (#2435) by Leo Balter · 3 weeks ago
65e996b Check the step 29 of InitializeDateTimeFormat (#2427) by Frank Yung-Fong Tang · 3 weeks ago
22978d3 add test for typeof proxy (#2438) by Gus Caplan · 3 weeks ago
8ef20fb Merge pull request #2439 from devsnek/engine262 by Leo Balter · 3 weeks ago
df8aa61 add engine262 runner by Gus Caplan · 3 weeks ago
2213d13 Merge pull request #2425 from bcoe/optional-chaining-iteration by Leo Balter · 5 weeks ago
5babea2 chore: added a few more examples based on code review by bcoe · 5 weeks ago
3d0c203 feat(optional-chaining): add tests for IterationStatement by bcoe · 5 weeks ago
Bug: v8:7834
Change-Id: Id2eac590b65d2070bbd3da905ce71d30fa5197c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1980907
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65554}
These worklists are needed for accounting of objects retained by
native contexts for the new memory measurement API.
Bug: chromium:973627
Change-Id: I354c5ebbbac11da4d01800164e15b94a93aa654c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1943158
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65542}
This reverts commit 91e3243d60.
Reason for revert: This deopts to the wrong point.
Original change's description:
> Extend GetIterator bytecode to perform JSReceiver check on object[Symbol.iterator]()
>
> Current GetIterator bytecode loads and calls @@iterator property on a
> given object. This change extends the bytecode functionality to check
> whether the value returned after calling @@iterator property is a valid
> JSReceiver. The bytecode throws SymbolIteratorInvalid exception if the
> returned value is not a valid JSReceiver. This change absorbs the
> functionality of additional two bytecodes - JumpIfJSReceiver and
> CallRuntime, that are part of the iterator protocol in the GetIterator
> bytecode.
>
> Bug: v8:9489
> Change-Id: I9e84cfe85eeb9a1b8a97ca0595375ac26ba1bbfd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1792905
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Swapnil Gaikwad <swapnilgaikwad@google.com>
> Cr-Commit-Position: refs/heads/master@{#63704}
TBR=rmcilroy@chromium.org,leszeks@chromium.org,tebbi@chromium.org,swapnilgaikwad@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9489
Change-Id: I9324b5b01ead29912ad793a1e7b4d009643d7901
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1960288
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65541}
This adds a respective test, even though Liftoff frames currently do not
show scope information. The output will change with future CLs.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: I015863768c02678e97404f2edb538e3b4320d134
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1975754
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65540}
This allows the definition of classes with several arrays and ports
SmallOrderedHashTable subclasses to Torque as an example, including
the existing CSA allocation functions for them.
Overview of changes:
- Introduce ResidueClass to encapsulate the modulo-arithmetic
necessary to do alignment checks.
- Add MachineOperatorReducer to the CSA pipeline to address now
missing CSA ad-hoc constant folding that got blocked by a
temporary phi.
- Allow assignments to references to structs. This is needed to
initialize the data_table part of SmallOrderedHashMap.
- Make the NumberLiteralExpression AST-node store a double instead
of a string. This is necessary to detect arrays with constant size
used for padding.
- Turn offsets into base::Optional<size_t> to ensure we don't use
an invalid or statically unknown offset.
- Remove CreateFieldReferenceInstruction since it doesn't work for
complex offset computations and the logic can be expressed better
in ImplementationVisitor.
- Validate alignment of structs embedded in classes.
Bug: v8:10004 v8:7793
Change-Id: Ifa414b42278e572a0c577bf9da3d37f80771a258
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65538}
Change unregister tokens to be held weakly instead of strongly. This
enables the use case for an object to be used as its own unregister
token.
To avoid using an ephemeron table, FinalizationGroup's key_map is
changed to key off unregister tokens' identity hashes. Because hashes
may collide, a single key list may rarely contain multiple tokens. When
a FinalizationGroup WeakCell's token becomes unreachable, during GC, it
is removed from the the doubly linked key list and removed from the key
map if it had a unique key.
Bug: v8:8179
Change-Id: If88fd2ab196e3f9a287990ae345117a0abb2f04d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1970493
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65532}
This change includes templatization of the test helper to allow the
same function to be reused for both signed and unsigned data types.
We implement a new function RoundingAverageUnsigned in overflowing-math,
rather than in base/utils, since the addition could overflow.
SIMD scalar lowering and implementation for other backends will follow
in future patches.
Bug: v8:10039
Change-Id: I70735f7b6536f197869ef1afbccaf5649e7e8448
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1958007
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65531}
This is the first part of switching between Liftoff and Turbofan in
debugging Wasm. In this CL, we implemented the logic to tier down/up all
functions in module.
Bug: v8:9654
Change-Id: Ia25103ca29963afa103c124ff5f159f197c2b2b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1970470
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65529}
This new API uses the code pages rather than code ranges approach.
It's supported on arm32, as well as the previous two supported
platforms, x64 and arm64.
Deprecate the old API which only works on x64 and arm64 to reduce the
maintenance overhead of keeping both. Users of the old API should
migrate to the new one as it can be used all on supported platforms.
We keep the tests for the old API by ignoring deprecation warnings so
that we don't accidentally break it while it is still in the codebase.
Design doc:
https://docs.google.com/document/d/1VGwUult5AHLRk658VetwEHMOmDDxA2eDQs9lDFMZTE0
Bug: v8:8116
Change-Id: I1de8246a48fc1b4991603501ea6087db6b43fdd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1969900
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65521}
The spec was normatively changed to simplify var scopes for parameter
expressions. Previously there was a per-parameter var scope in sloppy
mode so direct evals could introduce vars that did not escape the
parameter position. That semantics is complex both for the programmer
and implementation and has resulted in bugs in the past. Furthermore, it
has never been fully interoperable (with Safari in particular). The spec
was instead changed to be simpler: to have a single var scope for
sloppy evals in parameters that encloses the parameter scope and body
scope.
This simplification lets us remove expression-scope-reparenter.
Drive-by removal of stale reference to PatternRewriter.
Bug: v8:7532
Change-Id: Iade5594abe0009f7f3f6a1adad18628b17e1e779
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1962471
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65517}
In setting breakpoint in wasm, we can find wasm script from location but
in removing a breakpoint, only breakpoint id is provided. For wasm, we
have a list of all BreakPointInfo objects attached to the Script. From
breakpoint id, we iterates all scripts to find the targeted breakpoint
and remove it.
Bug: chromium:837572
Change-Id: Ia5d0fb7d804fb98270b2103232bc10eb5d4f93a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1959749
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65505}
