Commit Graph

62134 Commits

Author SHA1 Message Date
Omer Katz
fb9a19fe0d cppgc: Initial marking loop
This CL introduces:
- Worklist
- MarkingHandler to manage gc marking phase
- Integration into CollectGarbage for atomic pause GC
- MarkingVisitor for main thread marking

Still missing from this CL:
- Proper handling for stack scanning
- Handling of previously not fully constructed objects

Bug: chromium:1056170
Change-Id: I70ac8534dfb898777cf3a06e3119cac8072174fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170526
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67642}
2020-05-07 10:54:49 +00:00
Mike Stanton
ee0c1b0e4d [TurboFan] investigate a crash in GenerateDeoptimizationData
We know the array CodeGenerator::deoptimization_literals_ is corrupted
somehow. Additional checks in place to validate.

Bug: chromium:1027130
Change-Id: Ie0146003f096d24e67aeb382372bca8472548c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182636
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67641}
2020-05-07 08:40:29 +00:00
Ng Zhi An
d64bcab369 [clang-tidy] Add override and remove virtual
See
https://clang.llvm.org/extra/clang-tidy/checks/modernize-use-override.html
for more on this warning.

Bug: v8:10488
Change-Id: I6805441fa24c80776cf94d18ff389c4c67bb5abd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2186635
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67640}
2020-05-07 08:28:24 +00:00
Clemens Backes
3c51da6cec [wasm][debug] Clear breakpoints when debugger is disabled
Currently WebAssembly breakpoint information survive disabling and
re-enabling the debugger. This is different from JavaScript, where
they are all removed. The frontend is expected to re-set the
breakpoint then.

Thus this CL remembers all wasm scripts where breakpoints have been set
in the Debug object, and clears them all when the debugger gets
disabled.

R=bmeurer@chromium.org

Bug: v8:10403
Change-Id: I5f8a8f3123727c954921920897ee7bf3b73f0ae8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184969
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67639}
2020-05-07 08:27:19 +00:00
Simon Zünd
a40e093856 Move to slow-path in Array#sort if the array is no longer a FastJSArray
After sorting the work array but before writing the values back into
the actual receiver, we have an accessor check. This accessor check
needs to be stricter, in order to catch Array prototype protector
cell invalidations.

R=jgruber@chromium.org

Bug: chromium:1077508
Change-Id: I3c3bd4711f9019f9d4423701724319eee9d800a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187171
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67638}
2020-05-07 08:08:39 +00:00
Stefano Sanfilippo
74bd2cf083 Rollforward [compiler,api] Pass non-strings to the modifying callback when unconditional codegen is on.
Original change reviewed in https://chromium-review.googlesource.com/c/v8/v8/+/1917147.

Added an expect fail/pass for the tests that caused a revert in https://chromium-review.googlesource.com/c/chromium/src/+/2184229.

This reverts commit dd1b1de11f.

Bug: chromium:1024786
Change-Id: I7db6faa4c17c232a0fafd389fc4a26e8116852c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183910
Auto-Submit: Stefano Sanfilippo <ssanfilippo@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67637}
2020-05-07 07:42:59 +00:00
Marja Hölttä
8bb8a28549 Move helper SFIs from NativeContext to Isolate, part 2
There's no need for them to be in NativeContext.

This CL moves the minimal subset of SFIs related to async iterators.

Bug: v8:10482
Change-Id: I80a34a886387398e6565afe77ab99f389d2ccabd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184233
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67636}
2020-05-07 07:05:19 +00:00
Anton Bikineev
d06f9f0932 cppgc: Return wasted freelist entries creation
Returned LABs can be of size less than sizeof(FreeListEntry).

Bug: chromium:1056170
Change-Id: Ib4094701472ce7cb5ee20b9fe632651570832dc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183051
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67635}
2020-05-07 05:37:19 +00:00
Yang Guo
ef12c74b7f [inspector] fix sourceURL magic comment parsing
R=szuend@chromium.org

Fixed: chromium:1078205
Change-Id: I16f8e19a249692fd16fd53a9a56a8f4cfed8b5c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185134
Auto-Submit: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67634}
2020-05-07 05:04:49 +00:00
v8-ci-autoroll-builder
c3566e9edd Update V8 DEPS.
Rolling v8/build: 3c7540e..4b54ad3

Rolling v8/third_party/aemu-linux-x64: J3cO22hWB2vC_byojuODbkHgkNGvxvrCAEPaKGOx3GwC..u-v5JkP8oS3BCzku9SpOrrUqZvzXDXE3MqO_M0oKrX4C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c5ffb21..ce41a35

Rolling v8/third_party/depot_tools: 4de5413..f7df9c4

Rolling v8/tools/clang: 116e3ee..54f2e0d

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: Ia694918582c7894c5d0c762c88e59f83751ed4ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2187049
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#67633}
2020-05-07 03:58:49 +00:00
Michael Lippautz
7b70fdfb85 cppgc: Avoid recursive GC during sweeping
Destructors are allowed to allocate without triggering recursive
garbage collections.

This changes NoGCScope to provide a soft-bailout for garbage
collections to avoid introducing yet another scope.

Bug: chromium:1056170
Change-Id: I0fe51a21977ae954221b6b64b2f6e938ff6d3264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185131
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67632}
2020-05-06 23:25:01 +00:00
Michael Lippautz
f67e8ab213 cppgc: Add public garbage collection call
Adds a public method that embedders can use to trigger garbage
collections. Such garbage collections are always required to have a
source and reason specifying which components calls it why.

Change-Id: I6ae983f99227febc1b7f0dd15c191d5b1eaaf3f3
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2181332
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67631}
2020-05-06 21:58:11 +00:00
Gus Caplan
767e65f945 [API] Fix microtask message reporting
RunSingleMicrotask calls Runtime::ReportMessage, but the implementation
of ReportMessage would unconditionally discard these exceptions. This
CL removes all of the intermediate logic and directly calls
MessageHandler::ReportMessage, restoring the ability of
RunSingleMicrotask to report exceptions that occur in microtasks.

Bug: v8:8326
Change-Id: I493de74383b2ab191d786611fb9eba9d27e7a243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2162121
Commit-Queue: Gus Caplan <me@gus.host>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67630}
2020-05-06 20:26:42 +00:00
Junliang Yan
e87972b162 [ptr-compr][ppc] Implement pointer compression
Bug: v8:7703
Change-Id: If2d5c2da1d653247f49e5dfb2e50850b97119b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2170798
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67629}
2020-05-06 19:06:32 +00:00
Ross McIlroy
f19c759baf [Tests] Add mjsunit test for issue 1076569.
BUG=chromium:1076569

Change-Id: I178e12e20f48dc4216c3f108352425e0aa91047f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2185130
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67628}
2020-05-06 18:34:28 +00:00
Milad Farazmand
98c242cefb PPC: [wasm-simd] Implement simd FP Splat
This CL introduces VOR and VSRO opcodes which get used
for implementing F64x2Splat, I64x2Splat and F32x4Splat.

Change-Id: I64b4cd340fbe9ecf6a789a91e3219b6ad83ce3f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184830
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67627}
2020-05-06 18:20:07 +00:00
Ng Zhi An
a851275912 [clang-tidy] Use explicit default for constructor
See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: I3d2503b46172bc2fa310b24f04e944ff211ebf51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182310
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67626}
2020-05-06 18:15:17 +00:00
Clemens Backes
29e1b2810c [wasm] Fix compile time regressions in SIMD tests
Avoid templates, just encode all wasm opcodes as 2-byte LEB instead.

R=zhin@chromium.org

Bug: v8:10258
Change-Id: I3bfd5235b235a5d9366e0007e915a2c02a09b0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182638
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67625}
2020-05-06 17:22:47 +00:00
Ng Zhi An
7215211e37 [wasm-simd][fuzzer] Add some i64x2 ops to fuzzer
Bug: v8:10180
Change-Id: Ia7bb052d8f259939f17c7261a5ae3f2475bcf255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2173945
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67624}
2020-05-06 17:02:37 +00:00
Ng Zhi An
d6e94b0352 [wasm-simd] Fix decoding memarg in interpreter
The location of the immediates depend on the opcode length if a
s128.load/store was encoded using multiple bytes.

Bug: v8:10258
Change-Id: I09de8a37d442c0711de96ba4bb1746ae6732d83e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182960
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67623}
2020-05-06 16:58:17 +00:00
Ng Zhi An
edb121ea1e [clang-tidy] Use explicit default for constructor
See https://chromium.googlesource.com/chromium/src/+/HEAD/styleguide/c++/c++-dos-and-donts.md#prefer-to-use.

Bug: v8:10488
Change-Id: Ief62795bbce5f1e531c3f9c245e3c0294d698cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183272
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67622}
2020-05-06 16:57:12 +00:00
Bill Budge
55752da95a [wasm] Torqueify more Wasm builtins
- Rewrites the following builtins in Torque:
  WasmThrow
  WasmRethrow
  WasmStackGuard
  WasmStackOverflow
  WasmTraceMemory
  WasmAllocateJSArray
  ThrowWasmTrap* builtins

- Changes return type of LoadContext* functions to NativeContext,
  so we can more easily construct JS objects.

Change-Id: Id034358f9f15e0acc58fd1f493b15d1cfd177a23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2174830
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67621}
2020-05-06 16:56:08 +00:00
Leszek Swirski
afcd58b23e Reland "[offthread] Serialize new-space objects into old space"
This is a reland of 8c8e6b4117

Timeouts seem unrelated.

Original change's description:
> [offthread] Serialize new-space objects into old space
>
> If an object made it into serialization, it probably deserves to be in
> old space when it is deserialized. This will also make off-thread
> deserialization simpler, as there is no off-thread new space.
>
> Bug: chromium:1075999
> Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67606}

TBR=jgruber@chromium.org,ulan@chromium.org

Bug: chromium:1075999
Change-Id: Iac4e4eebeca1c343250269cdaad17e23645e9e2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184970
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67620}
2020-05-06 16:35:27 +00:00
Leszek Swirski
4d1f17e4d6 [sandbox] Access ExternalString ResourceData via bottlenecks
Bug: v8:10391
Change-Id: I4e86394c53d02eab797c2daad2ccfde6acb83bf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2151350
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67619}
2020-05-06 16:34:07 +00:00
Michael Achenbach
8140856013 [foozzie] Add sanity check for missing natives suppression
This prevents bug flooding based on differences from calling
%GetOptimizationStatus in correctness tests. It is supposed to
be suppressed with --allow-natives-for-differential-fuzzing.
This ensures early bail-out in case the flag is forgotten at
some point. The v8_sanity_checks.js file is executed before
each correctness test case for this purpose.

NOTRY=true

Bug: chromium:1044942
Change-Id: I74a836a82562604b35e94e5e123a2a8bff939423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184294
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67618}
2020-05-06 16:21:47 +00:00
Jakob Kummerow
73a27ef150 [wasm-gc] Create struct maps on instantiation
and avoid runtime calls for struct allocation. We can load the
map from the instance and do the allocation in a CSA builtin.

Bug: v8:7748
Change-Id: I76dfcb6c28800d69046b3d7381d3b8ba774fbf09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169099
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67617}
2020-05-06 15:52:27 +00:00
Andreas Haas
d6a02c02b6 [predictable] Run worker task on the foreground task runner
On the PredictablePlatform, worker tasks were executed immediately
instead of posting them in a task queue first. This approach caused
problems because the execution of the worker task blocked progress of
the posting task, and the worker task was always executed in the
context of the posting task, e.g. with an already open HandleScope.

With this CL, worker tasks get posted into the foreground task queue
of the nullptr isolate instead of executing them immediately.
The tasks of the nullptr isolate are then executed after a task of
some other task queue is executed. As the worker tasks are thereby
executed on the same thread as foreground tasks, the behavior is
deterministic.

A consequence of this approach is that each pumping the message loop
of an Isolate may also execute other Isolate's background tasks.

This approach is needed because we don't have a BackgroundTaskRunner but
merely a CallOnWorkerThread method that doesn't know which Isolate the
task corresponds to.

R=clemensb@chromium.org, mlippautz@chromium.org

Bug: v8:9670
Change-Id: I6847ae042146431bc2376d27280be8829f529b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182453
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67616}
2020-05-06 15:49:07 +00:00
Clemens Backes
8aa7a464da Revert "[offthread] Serialize new-space objects into old space"
This reverts commit 8c8e6b4117.

Reason for revert: Makes Mac64 debug quite flaky: https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20-%20debug/28766

Original change's description:
> [offthread] Serialize new-space objects into old space
> 
> If an object made it into serialization, it probably deserves to be in
> old space when it is deserialized. This will also make off-thread
> deserialization simpler, as there is no off-thread new space.
> 
> Bug: chromium:1075999
> Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67606}

TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org

Change-Id: I0baca3c3b7985fcda6b9055f93111ec99c207d29
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1075999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183925
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67615}
2020-05-06 14:35:32 +00:00
Manos Koukoutos
a3b5825244 [wasm][gc][refactor] Decode gc types with immediates consistently.
Motivation:
There were three versions of type decoding for wasm in the codebase.
Not all of them decoded gc types with immediates (reference types)
correctly.

Changes:
- Refactor the wasm binary decoder for unify type decoding.
- Update BranchTypeImmediate and SelectTypeImmediate to handle
  reference types.

Reference: https://github.com/WebAssembly/gc

R=jkummerow@chromium.org
Bug: v8:7748

Change-Id: I33b38c911d366570ca6ef2723ded5205698e1979
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179003
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67614}
2020-05-06 14:31:29 +00:00
Dan Elphick
2cb1e2efed Reland "[heap] Remove FreeList when sealing RO_SPACE"
This is a reland of afd9493a34

LSAN_IGNORE_OBJECTs for FreeListCategories are now removed.

Original change's description:
> [heap] Remove FreeList when sealing RO_SPACE
>
> This releases the FreeListCategories for each MemoryChunk when sealing
> the ReadOnlySpace and deletes the FreeList.
>
> Additionally this also calls
> ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
> sealing when pointer compression is enabled even if no memory is to be
> shared.
>
> Bug: v8:10454
> Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67598}

Bug: v8:10454
Change-Id: I08fcd122437c65c01af526fa8316d5c9e3ebeb3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184297
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67613}
2020-05-06 14:21:27 +00:00
Igor Sheludko
d914a9af0c [builtins] Fix handling of read-only length in Array.prototype.pop
Bug: v8:10484
Change-Id: I977c5974d33472f5af20d7646ad4cf2c58049632
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182452
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67612}
2020-05-06 14:14:47 +00:00
Jakob Gruber
e4be6d4156 [nci][x64] Add interface descriptors for ic-collecting builtins
These will be used by ic-collecting builtins called from both bytecode
handlers and js-generic-lowering.

For now only x64 is implemented.

Bug: v8:8888
Change-Id: I12a21b40061b7cb6c9b3cbad6134e7457a6cfa44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184237
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67611}
2020-05-06 14:09:07 +00:00
Nico Hartmann
adc2b6432c [turbofan] Fixes undefined in BigInt operations
When the input to a speculative BigInt operation was an undefined
constant, no necessary type check was inserted by the
RepresentationChanger. This CL fixes this.

Bug: chromium:1077804
Change-Id: I3d4e15b1e018803d56e46c7b23b9d4b03832ba8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182455
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67610}
2020-05-06 14:07:07 +00:00
Leszek Swirski
58b12f638d [offthread] Unify compiler.cc finalization logic
This patch unfies the finalization logic between the various unoptimized
compilation paths in compiler.cc, taking the various post-processings and
fixups needed for off-thread finalization and performing them in the same
order for the other finalizations.

It also unifies the general compilation path between streaming script
compilation, main-thread script compilation, and main-thread lazy
compilation, making the main-thread paths both use an iterative execution
and finalization, and making all three use the same job helper methods
and overall finalization helper.

Bug: chromium:1011762
Change-Id: Ibe56f6d2f75a2deffbe9e0b600ded8a02293b722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2172790
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67609}
2020-05-06 13:41:09 +00:00
Leszek Swirski
65d738d432 [parser] Move Compiler::Analyze into Parser
Move rewriting, scope analysis, and internalization, to be unconditional
operations done after parsing rather than a separate compile phase. This
removes some of the complexity about rememberering when to call
Compiler::Analyze, and makes these paths a bit more uniform.

Also, forbid allocating any more AST strings after AstValueFactory
internalization, by nulling out the Zone. Add an InternalizePartial
method which doesn't null out the zone for those cases where we do want
to be able to allocate after internalizing (e.g. internalization before
scope analysis).

Change-Id: Id444246d8362a1d169baf664fc37657d9576fd96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182458
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67608}
2020-05-06 13:35:37 +00:00
Clemens Backes
2c45f607a2 [wasm] Remove interpreter entry frames
Interpreter entry compilation was removed in
https://crrev.com/c/2172962. This CL removes the
{WasmInterpreterEntryFrame} and the corresponding
{WASM_INTERPRETER_ENTRY} code kind.

Some follow-up cleanups are left as TODOs.

R=jkummerow@chromium.org,bmeurer@chromium.org

Bug: v8:10389
Change-Id: I1a43eba1ac1a751e05990c688088d99fc901231f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182456
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67607}
2020-05-06 13:27:27 +00:00
Leszek Swirski
8c8e6b4117 [offthread] Serialize new-space objects into old space
If an object made it into serialization, it probably deserves to be in
old space when it is deserialized. This will also make off-thread
deserialization simpler, as there is no off-thread new space.

Bug: chromium:1075999
Change-Id: Icabf2f0ae0a3e0205a1094dd0ffe675e69bd1d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184291
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67606}
2020-05-06 13:16:41 +00:00
Clemens Backes
8e7c6ec606 [wasm][cleanup] Use vector comparison instead of strncmp
{base::Vector} comparison is easier to read (IMO), and more performant,
since {memcmp} will be used internally instead of {strncmp}.

R=ahaas@chromium.org

Bug: v8:10155
Change-Id: If92361688a85e96aa661d3e05cc9966e5ea2d04a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2164796
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67605}
2020-05-06 13:11:57 +00:00
Jakob Gruber
276eaea2c7 Sort interface descriptor list
Just alpha-sort the list.

Tbr: ishell@chromium.org
Bug: v8:8888
Change-Id: I8b31f4176d5ad623557a3c0d8ab3f6be80072566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184236
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67604}
2020-05-06 13:02:23 +00:00
Nico Hartmann
7e41bd38ac Revert "[heap] Remove FreeList when sealing RO_SPACE"
This reverts commit afd9493a34.

Reason for revert: Speculative revert due to https://ci.chromium.org/p/v8/builders/ci/V8%20Clusterfuzz%20Linux%20ASAN%20arm%20-%20debug%20builder/14978?

Original change's description:
> [heap] Remove FreeList when sealing RO_SPACE
> 
> This releases the FreeListCategories for each MemoryChunk when sealing
> the ReadOnlySpace and deletes the FreeList.
> 
> Additionally this also calls
> ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
> sealing when pointer compression is enabled even if no memory is to be
> shared.
> 
> Bug: v8:10454
> Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67598}

TBR=ulan@chromium.org,delphick@chromium.org

Change-Id: I135c1ebc2340a75a30305b84625710ef14d9cdb3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10454
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183921
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67603}
2020-05-06 12:56:55 +00:00
Leszek Swirski
bc2bc6bf72 [offthread] Make Heap::AlignWithFiller static
Enable the use of Heap::AlignWithFiller off-thread by making the method
static.

Bug: chromium:1075999
Change-Id: I8071ae678f954dd4e960b2cd83f63dd22a948920
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184230
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67602}
2020-05-06 12:38:31 +00:00
Nico Hartmann
c64b52a892 [sandbox] Wire ExternalString resource through bottleneck
Bug: v8:10391
Change-Id: Ic92cdaca38c2181427cc12ec5e572d5964afe704
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2152647
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67601}
2020-05-06 12:35:46 +00:00
Leszek Swirski
b3b824ba91 [offthread] Allow ReadOnlyRoots from OffThreadHeap
Allow ReadOnlyRoots initialization from an OffThreadHeap, by creating
a FromHeap getter on OffThreadIsolate analogous to the one on Isolate.

Bug: chromium:1075999
Change-Id: Ie00e1547160e24d35bd7b0dd36d1b7eead87341e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184289
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67600}
2020-05-06 12:34:41 +00:00
Leszek Swirski
4f7b00c7dd [offthread] Allow cleared references allocation off-thread
Allow cleared references to be created with an OffThreadIsolate.
This includes allowing isolate_root to be accessed from the
OffThreadIsolate, for pointer decompression.

Bug: chromium:1075999
Change-Id: I62e0fe2c1c6166a7b816593ae1ec5ddb1c25d861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183911
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67599}
2020-05-06 12:19:06 +00:00
Dan Elphick
afd9493a34 [heap] Remove FreeList when sealing RO_SPACE
This releases the FreeListCategories for each MemoryChunk when sealing
the ReadOnlySpace and deletes the FreeList.

Additionally this also calls
ReleaseAllocatedMemoryNeededForWritableChunk for each MemoryChunk when
sealing when pointer compression is enabled even if no memory is to be
shared.

Bug: v8:10454
Change-Id: I45aec59f6d4fddedeb713e13095f58974cda279e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184292
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67598}
2020-05-06 12:18:01 +00:00
Clemens Backes
b020933717 [wasm] Add some more DCHECKs for native module caching
When updating the native module cache, the native module must have been
created in the same engine before. Hence replace a conditional by a
DCHECK, and add two more DCHECKs to ensure that all involved modules
belong to the same engine.

R=thibaudm@chromium.org

Bug: v8:6847
Change-Id: Ieb66b6b0bda40cd3c4637d38918762bc01c3a2d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182640
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67597}
2020-05-06 11:33:51 +00:00
Jakob Gruber
6817e07428 [snapshot] Properly deserialize JSGlobalProxy.map references
Upon deserialization, serialized references to the global proxy are
replaced by the actual global proxy object. We must do the same for
the global proxy map.

Drive-by: Updated other outdated test skips.

Bug: v8:10504,v8:10416
Change-Id: Ib47ae2d08bbea2ca916f53152e9d4f75bb0a0e15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2183913
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67596}
2020-05-06 11:05:01 +00:00
Ross McIlroy
66e1c84d77 [TurboProp] Fully remove successors from schedule on unreachable.
Fully remove the successor blocks when effect-control-linearization
reaches an unreachable node and is maintaining the schedule. Previously
we just updated the current_block_'s successor and removed any
unreachable predecessors from end, however if the current_block_ is not
an original block in the schedule, but a new one added due to control
flow from effect control linearization lowering, the removed successor
blocks could still be re-connected to the end block when they were
lowered. Instead, entirely remove these unreachable blocks from the
predecessor / successor chains, and have the effect-control-linearizer
avoid lowering these blocks entirely.

BUG=chromium:1076569,v8:9684

Change-Id: I4b4216019d55aef5363d88255726b85df8e7ada5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2179842
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67595}
2020-05-06 10:55:30 +00:00
Leszek Swirski
366c530854 [offthread] Remove Isolate param from SanityCheck
The Isolate* parameter in the deserializer SanityCheck is unused, and is
blocking the use of the deserializer off-thread.

Bug: chromium:1075999
Change-Id: I0f2acae3c1aff62aafeb2680a2eecb44b1608803
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2184290
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67594}
2020-05-06 10:49:29 +00:00
Tobias Tebbi
467c2062f2 [torque] fix MSVC compile
Change-Id: I4f610400eab6e24fb7eb06465ca9abc63d20fdb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2182474
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67593}
2020-05-06 10:21:09 +00:00