Commit Graph

77976 Commits

Author SHA1 Message Date
Simon Zünd
fe879ebfdc [objects] Make ScopeInfo hashable
This CL implements a `Hash` function for ScopeInfo based on position
information. If no position information is available, we fall back to
the type and number of context variables.

Note that this is far from ideal, especially when no position info is
available. But, the hash is only used to store scope-related debug
information in the `LocalsBlocklistCache` hash table. This table is
only ever filled on debug pauses or debug-evaluates, so we don't
care that much if we produce many hash collisions.

R=jarin@chromium.org, leszeks@chromium.org

Doc: https://bit.ly/chrome-devtools-debug-evaluate-design
Bug: chromium:1363561
Change-Id: I70b7f2702693e2d930ed0080506ed94ac44e9124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925434
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83484}
2022-09-29 07:59:25 +00:00
Shu-yu Guo
9a98f96b6d [symbol-as-weakmap-key] Stage the feature
Bug: v8:12947
Change-Id: I0a151a6b301ee93675cc9f87a4fa24cb1be76462
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3928061
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83483}
2022-09-29 06:56:57 +00:00
v8-ci-autoroll-builder
f223f1b32e Update V8 DEPS (trusted)
Rolling v8/build: 4f7a8d7..9868184

Rolling v8/third_party/depot_tools: 9ef048c..e3ed6a8

Change-Id: I23ee68ab63ef0839278465603b8a82e086dffe4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3923483
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83482}
2022-09-29 03:49:27 +00:00
Shu-yu Guo
e259adc4c7 Ship Array grouping
I2S with 3 LGTMs at
https://groups.google.com/a/chromium.org/g/blink-dev/c/hSnGUOXTXPE/m/IcP21RpVCAAJ

Bug: v8:12499
Change-Id: I495885485297bf8440e653efce45df86a4c8afce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3911376
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83481}
2022-09-28 20:58:40 +00:00
Paolo Severini
9a2dd870e5 [profiler][etw] Dynamically turn on/off ETW tracing
Refactor ETW tracing code to make sure ETW tracing sessions is
correctly started/stopped when a ETW controller (like Windows
Performance Recorder) start/stops a tracing session.

The goal is to enable support for ETW tracing by default making sure
that it does not cause any performance regressions.

Bug: v8:11043
Change-Id: I90085183a1c3f4d35ec7e964dbe4b38243aed0d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905922
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83480}
2022-09-28 16:17:46 +00:00
Dominik Inführ
d32b5ab97c [heap] Fix data race when setting COMPACTION_WAS_ABORTED page flag
When evacuation gets aborted due to OOM we used to set the
COMPACTION_WAS_ABORTED page flag immediately. However other evacuation
threads might check the page flags of that exact page concurrently
while recording slots in migrated objects.

We can delay setting the COMPACTION_WAS_ABORTED page flags until
processing aborted evacuation candidates. At that point there are
no more concurrent evacuation threads running anymore.

In order to not break output of --trace-evacuation we also need a
return value for RawEvacuatePage.

Bug: v8:13336
Change-Id: I29a76af918ee4f2016ab6d7c26c2688ff6a14aae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925974
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83479}
2022-09-28 15:51:06 +00:00
Leszek Swirski
c4772b58aa [d8] Add performance.mark and performance.measure
Add simple implementations of performance.mark/performance.measure --
these aren't fully to spec, and in particular don't have the right base
class or prototype, but they're similar enough for simple use.

Additionally, log trace events for performance.measure, similar to
Chromium -- this allows us to annotate traces collected with d8's
--enable-tracing.

Change-Id: Ib4d7104ba94a261493c57334b2008956e4d89dd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918092
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83478}
2022-09-28 14:58:17 +00:00
Dominik Inführ
65dd2f8e61 [heap] Fix setting up black area in concurrent allocation
The black area needs to be set up after the lab is fully initialized.
Otherwise the black area might not span the whole LAB.

Bug: v8:13267, chromium:1369056
Change-Id: Iee0f29c3b1a9c351df967167b5f7ed050d2a3b52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925794
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83477}
2022-09-28 13:57:46 +00:00
Maya Lekova
dd1db42d49 [test] Remove an exception from a test callback
... as such is already thrown at an earlier point of the call chain.

Change-Id: Iad28438c3b6b0d0fdc178d95701908338500eaa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3921520
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83476}
2022-09-28 13:55:46 +00:00
Matthias Liedtke
e4828a364e [wasm-gc] Add new ref.test taking any reference
The new ref.test (opcode 0xfb40) takes an any reference (vs. data on
the old instruction) and expects a HeapType immediate.
The HeapType can be a concrete or an abstract type.

Bug: v8:7748
Change-Id: Iaa2010af21d3fee76e27a5f4476ae00f5ca837a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913028
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83475}
2022-09-28 13:43:36 +00:00
Omer Katz
bc4ff7caf4 [heap] Split concurrent_minor_mc flag
Use separate flags for marking and sweeping.

Bug: v8:12612
Change-Id: I0841f531b7ea289d892b6f837e4c9ad8dbccd073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918550
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83474}
2022-09-28 12:36:54 +00:00
Dominik Inführ
c095dccfcc [heap] Fix incremental marking issues with the shared space isolate
This CL fixes three separate issues:

* Setting/clearing of right page flags for the shared space during
  marking.
* The marking barrier needs to mark shared objects in the shared
  space isolate.
* The scavenger needs to invoke TransferColor when promoting into
  the shared heap in the shared space isolate.

Bug: v8:13267
Change-Id: Id3abcb73c26933bc7d5e74c9c3f4489aab97d703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3921522
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83473}
2022-09-28 12:31:44 +00:00
pthier
7464985d68 [test] mjsunit: Add function to check for early errors
assertThrows catches both early errors during parse time and exceptions
thrown during runtime.
To be able to test more specificially, add assertEarlyError to check for
syntax errors during parsing and assertThrowsAtRuntime to check that
code throws while executed.

Change-Id: I61ee78c4b2beec266dfbed3999cd4df1786d0c9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925198
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83472}
2022-09-28 12:27:13 +00:00
Leszek Swirski
5bf491cfeb [runtime] Revert template cache work
This reverts the following commits:

  * [runtime] Clean up dead entries in the template cache"
    8436c0059c.
  * [runtime] Don't update template map for existing templates
    e7b9604040.
  * [runtime] Fix hash used in template cache
    caa087bb18.
  * [runtime] Hold cached template objects weakly
    5d19e724d2.
  * [runtime] Key template object cache on Script
    f3a0e8bccf.

There are gerrit UI issues which appear to be template object caching
related.

For dashboard:
This reverts commit 8436c0059c.
This reverts commit e7b9604040.
This reverts commit caa087bb18.
This reverts commit 5d19e724d2.
This reverts commit f3a0e8bccf.

Bug: v8:13190
Bug: chromium:1366900
Change-Id: I9759771441a4dece2a5dbb47e462ce0c0c01b182
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925696
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83471}
2022-09-28 11:38:01 +00:00
Marja Hölttä
ece2746346 [maglev] Omit calling default ctors
I.e., implement the Maglev handler for the FindNonDefaultConstructor
bytecode.

Bug: v8:13091
Change-Id: I6d9905227875fe4efd460434b650fc48d008e7bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925196
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83470}
2022-09-28 11:02:44 +00:00
Benedikt Meurer
d8990fdc76 [debug] Remove statement position from spreads in array literals.
Following up on https://crrev.com/c/3916453, we also remove the
confusing breakable and steppable positions from spreads in array
literals. These positions provide no meaningful advdantage for
developers, but just makes it annoying to step through code that
contains spreads.

Drive-by: Add similar inspector tests to ensure that the positions in
the stack are correctly inferred when stopped in the Symbol.iterator or
the next methods.

Before: https://imgur.com/jVf2JeB.png
After: https://imgur.com/u8SfNhy.png
Fixed: chromium:1368971
Change-Id: Ibf791167936c1ed28ac3240acb7c0846b11ebecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925200
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83469}
2022-09-28 10:51:34 +00:00
Leszek Swirski
55f80c55f7 [maglev] Spill loop-extended lifetime nodes
Stop trying to be clever with reasoning around whether or not loop
lifetime extended nodes are loadable, and just spill them when they're
not.

Bug: v8:7700
Change-Id: I81389445e4479d72ea8f6b5ff7689baa7053d3d4
Fixed: chromium:1367678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925202
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83468}
2022-09-28 10:31:14 +00:00
Adam Klein
36d38d9316 [wasm] Make stack-switching (JSPI) flag imply type reflection flag
Since JSPI doesn't work without type reflection, this ensures that
passing --experimental-wasm-stack-switching alone doesn't leave
developers (or users) in a broken state.

Bug: v8:12191
Change-Id: Idfabc39b7c9352dd20009924fda07504c4e5087b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3919913
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83467}
2022-09-28 09:33:25 +00:00
Igor Sheludko
cd505b3258 Revert "[runtime] Invalidate XxxIteratorLookupChain protectors"
This reverts commit 178148045f.

Reason for revert: regresses JetStream2 a lot.

Original change's description:
> [runtime] Invalidate XxxIteratorLookupChain protectors
>
> ... when "return" property is added to respective iterator or might be
> added somewhere up the prototype chain.
>
> According to the iterator protocol the "return" callback must be
> called when iteration is aborted in the middle.
>
> Bug: chromium:1357318
> Change-Id: I36d81b90cfd40e417136ab97ec53ad7054f4df77
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916630
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83427}

Bug: chromium:1357318, chromium:1368400, v8:13335
Change-Id: I8b14a2c47819a89d9b2c869a7bcb52e2c2457427
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925199
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83466}
2022-09-28 09:20:44 +00:00
jameslahm
031b98b25c [runtime] Clear array join stack when throwing uncatchable
... exception.

Array#join depends array_join_stack to avoid infinite loop
and ensures symmetric pushes/pops through catch blocks to
correctly maintain the elements in the join stack.
However, the stack does not pop the elements and leaves in
an invalid state when throwing the uncatchable termination
exception. And the invalid join stack state will affect
subsequent Array#join calls. Because all the terminate
exception will be handled by Isolate::UnwindAndFindHandler,
we could clear the array join stack when unwinding the terminate
exception.

Bug: v8:13259
Change-Id: I23823e823c5fe0b089528c5cf654864cea78ebeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878451
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#83465}
2022-09-28 07:40:55 +00:00
jameslahm
7f5daed62d [symbol-as-weakmap-key] Add tests to check weak collection size
... after gc.

This CL also adds a runtime test function GetWeakCollectionSize
to get the weak collection size.

Bug: v8:12947
Change-Id: I4aff39165a54b63b3d690bfea71c2a439da01d00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905071
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#83464}
2022-09-28 07:20:24 +00:00
v8-ci-autoroll-builder
320edbee82 Update V8 DEPS (trusted)
Rolling v8/build: d344836..4f7a8d7

Rolling v8/buildtools: 7fca26a..f9d0f84

Rolling v8/buildtools/third_party/libc++/trunk: c23f69f..71619e7

Rolling v8/third_party/zlib: 8f22e90..cbb6b98

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I9db8099c4b5766deb080f93e8af8498f38d7109f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3923757
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83463}
2022-09-28 04:06:35 +00:00
Hao Xu
a8dc9ed235 [compiler] Fix left shift of negative value
Bug: chromium:1367589
Change-Id: I1ea095bdb58c35366188e09afd5f7169b77b0667
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3921058
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#83462}
2022-09-28 01:37:35 +00:00
Milad Fa
c3b18c6fb4 PPC [liftoff]: implement simd add/sub saturate ops
Change-Id: Ie3d70edf787048982f20dce1725fbfe4611b8936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918711
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83461}
2022-09-27 20:54:34 +00:00
Frank Tang
de1d7b33d6 [Temporal] Clean up parser
Remove unused parser function/rule
ParseTemporalTimeZoneString and ParseTemporalCalendarString
were obsoleted by PR 2385 and 2394
in https://chromium-review.googlesource.com/c/v8/v8/+/3893552
https://chromium-review.googlesource.com/c/v8/v8/+/3901196

This cl is purely unused code removal.

Bug: v8:11544
Change-Id: Ib7ff4a3860cffa09afe7c7f6866f8dc526273f34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3917039
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83460}
2022-09-27 20:38:54 +00:00
Timo Teräs
0c1457ea28 Add postmortem metadata to access inlining info
Bug: v8:13306
Change-Id: I7c1ead9b60bae79f38535b982e7c49593d14fd15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902524
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83459}
2022-09-27 19:39:04 +00:00
Pierre Langlois
aee072cbc3 [arm64] Enable CFI by default on Android and Linux.
The `v8_control_flow_integrity` build flag was already on by default in
Chromium on those platforms, by depending on
`arm_control_flow_integrity`. We should also turn it on by default when
building V8 standalone.

Co-authored-by: Richard Townsend <richard.townsend@arm.com>

Bug: v8:10026, v8:12963
Change-Id: I361a6426f44e569c08c763cf84a687ca70b89f08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829068
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#83458}
2022-09-27 16:15:34 +00:00
Matthias Liedtke
e002faf111 [wasm-gc] Function body decoder: Fix dcheck in case of local with invalid heap type
Bug: v8:7748
Change-Id: I9d3e2245db4d98d370291ea86d615b355f2c941a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3921518
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83457}
2022-09-27 15:07:34 +00:00
Dominik Inführ
0582087685 [heap] Request GC using Heap::CollectGarbageShared
This CL moves the code for requesting a GC from a non-main thread from
LocalHeap to Heap into CollectGarbageBackground().

The CL then makes use of this method in CollectGarbageShared() to
request a GC with --shared-space.

Bug: v8:13267
Change-Id: I2946cf5068ef8eb9eb99f9d396ac466d68abc7ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916634
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83456}
2022-09-27 14:58:36 +00:00
Benedikt Meurer
c45a214cb5 [debug] Remove confusing destructuring statement positions.
This change removes the confusing statement positions that were
previously emitted for every binding identifier within both array
and object destructurings. These statement positions were reported as
breakable positions to the debugger front-end, and during stepping, the
debugger would also stop on them. This is confusing and very different
from how other expressions work (we don't emit statement positions
within expressions normally).

Instead we emit expression positions for the binding identifiers, which
are used to construct the source positions for stack traces. As a drive
by we also add the missing position (and test cases) for sub-patterns.

In particular this aligns the stepping and breakpoint behavior around
destructuring expressions with that of Firefox DevTools.

We also remove the original test cases, introduced with
https://codereview.chromium.org/1542813003 and
https://codereview.chromium.org/1533313002, which were written as
debugger tests, with new inspector tests that also ensure that the
call positions are correct.

Fixed: chromium:1368444
Bug: v8:811
Doc: http://go/chrome-devtools:destructuring-breakpoints-design
Change-Id: I4d53ad059b5eede73abd01d9bc9fdf8263c55c9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916453
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83455}
2022-09-27 14:19:24 +00:00
Leszek Swirski
54e5675478 [maglev] Initialise known node aspects with Clone
Fix a bug where merge point known_node_aspects was initialised with
empty aspects instead of a clone of the current state.

Bug: v8:7700
Change-Id: Ibdde32197873b4c04e5884dd55f90ead4c1199e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3921519
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83454}
2022-09-27 14:06:34 +00:00
Dominik Inführ
24a6f3fc4d [heap] Add compaction space for shared space
Compacting pages in the shared space during Full GC requires a
corresponding shared space.

Bug: v8:13267
Change-Id: I1952c6b907847220018e2255956cc405fb88d144
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918271
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83453}
2022-09-27 13:49:53 +00:00
pthier
9211d5fe34 [regexp] v-Flag enables unicode mode in engine
When unicode sets (/v) are enabled, the regular expression is treated as
unicode, similar to /u.

Bug: v8:11935
Change-Id: I07dc617c1fcd9975ad5a3d226cec025c63489fd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918417
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83452}
2022-09-27 13:27:19 +00:00
pthier
afc4838a34 [regexp][cleanup] Remove property-sequences
Implementation of property sequences for regular expressions is unused
(likely since switching to icu).

Bug: v8:11935
Change-Id: Ic4cf6219de8d6eb99464292a20f637e1fd423341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3920135
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83451}
2022-09-27 10:52:43 +00:00
Jakob Linke
83d268a161 [maglev] Add a DebugBreak opcode
.. which can be inserted into the graph for easy int3 placement. Quite
often, this can be done in Foo::GenerateCode instead, but not always
(e.g. when multiple bytecode translate to the same Maglev opcode).

Bug: v8:7700
Change-Id: I6ffdf41f8dc4bd3c06e8323d33e92a5e6460de9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3921394
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83450}
2022-09-27 10:41:23 +00:00
Simon Zünd
a39d7a15ce [debug] Handle null outer ScopeInfo for locals block list cache
This CL changes LocalsBlockListCacheSet/Get to handle the case when we
don't have an outer ScopeInfo. Instead of writing undefined/null into
the tuple we skip using the tuple alltogether and store the block list
directly as the value of the map entry.

The only purpose of stashing the outer ScopeInfo together with the
block list is to keep all the block lists of outer scopes alive as
well.

Doc: https://bit.ly/chrome-devtools-debug-evaluate-design
Bug: chromium:1363561
Change-Id: Ic8039072d62c1a99e23537d4702f1cd21d956121
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3920133
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83449}
2022-09-27 09:46:03 +00:00
Lu Yahan
bdd1e640b9 [riscv] Fix not calling vsetvli to set vtype correctly after branch
Add VectorUnit clear in branch link and block start.

Bug: v8:13305
Change-Id: Ibe6fa03183d7fc21cde78c87db9f2550e8e88562
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3917324
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83448}
2022-09-27 09:24:13 +00:00
Simon Zünd
e5fb9841fe [debug] Add new experimental flag for re-using locals block lists
Besides adding the flag, the CL also changes debug-evaluate to collect
the existing block lists only if the flag is not enabled.

R=jarin@chromium.org

Doc: https://bit.ly/chrome-devtools-debug-evaluate-design
Bug: chromium:1363561
Change-Id: I225913908e97b0b662ae97c0ae7c27c69496805a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918273
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83447}
2022-09-27 09:18:24 +00:00
Leszek Swirski
43218eb92d [turbofan] Port Array#push to GraphAssembler
A clean-up of Array#push which uses GraphAssembler; otherwise no
functional changes.

Change-Id: Ie655c4360ace6def3e3282b4dbfdaa8c7fdc763e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913350
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83446}
2022-09-27 08:44:43 +00:00
Al Muthanna Athamina
8c943bdbd8 [infra] Skip mjsunit/harmony/regress/regress-crbug-1367133 on the interrupt fuzzer as well
Bug: v8:13331
No-Try: true
Change-Id: Ib6869b72c26a7a339e39749024f4f4e7d4105e84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918378
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83445}
2022-09-27 08:00:13 +00:00
Dominik Inführ
0ff080d1f7 [heap] Enable map space compaction and disable map space by default
Bug: v8:12578
Change-Id: If6a2cd9cf950e395bff9f7a36ac8300f9091f27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918496
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83444}
2022-09-27 06:53:48 +00:00
Leszek Swirski
3b289d05d0 [maglev] Warm up NodeInfo with static knowledge
For constants and smi-tagging, we have some static knowledge of the node
type, so warm-up the NodeType of NodeInfo in the Build*Check helpers.
Similarly, don't emit map checks for constant nodes that have a known
stable map.

Bug: v8:7700
Change-Id: I36e4d3000cf2f4dc689e8a9ab612a88dd751cdb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918770
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83443}
2022-09-27 06:20:49 +00:00
v8-ci-autoroll-builder
0688729cbe Update V8 DEPS (trusted)
Rolling v8/build: f87b9ff..d344836

Rolling v8/buildtools: 15fa3e7..7fca26a

Rolling v8/buildtools/third_party/libc++/trunk: 4d2c483..c23f69f

Rolling v8/third_party/depot_tools: 08bb5c4..9ef048c

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4323b9f0ac5ee62084a5c9c56235244a7e169e98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3919972
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83442}
2022-09-27 03:57:17 +00:00
Shu-yu Guo
54c19d7e04 [change-array-by-copy] Support large arrays in toSpliced
Also drive-by adds a test for toSpliced on an empty array.

Bug: chromium:1367651, v8:12764
Change-Id: I59ff19ef73dd6c5ea972dc6f39f1968858099ef8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3919870
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83441}
2022-09-26 20:47:50 +00:00
Shu-yu Guo
6cd16f02cb [change-array-by-copy] Split out slow toReversed test
Bug: v8:13328, v8:12764
Change-Id: Idd079b6eaa7e47b0cbe57840e9cd185c2abfe7dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3913771
Reviewed-by: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83440}
2022-09-26 18:28:38 +00:00
Seth Brenith
890ee74ca7 Allow no-op background merges to complete
It is possible, though unlikely, that V8 will deserialize code cache
data, decide to merge that new data with an existing script from the
Isolate compilation cache, and subsequently do nothing in the background
portion of the merge (make no heap changes, and request no follow-up
changes on the main thread). In this case, the most optimal outcome is
to reuse the script from the Isolate compilation cache, not to use the
newly deserialized script.

CodeSerializer::FinishOffThreadDeserialize uses
BackgroundMergeTask::HasPendingForegroundWork to determine whether it
should complete the merge and use the Script from the compilation cache
or complete the deserialization and use the newly deserialized Script.
This change updates HasPendingForegroundWork so that it will return true
even if the merge was a no-op.

Bug: v8:12808
Change-Id: I08fcb814e797218e5be2b4ce4f45bd4e0637ec80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916270
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83439}
2022-09-26 17:03:28 +00:00
Leszek Swirski
7bf63faf9a [turbofan] Use receiver maps for Array#push reduction
The current Array#push reduction supports some amount of non-redundant
homogeneous from its receiver maps, and unifies polymorphism by
generating a push implementation per unique receiver elements kind,
rather than per receiver map. It does this by dynamically reading off
the receiver's elements kind, and branching on it.

Reading off the receiver's elements kind dynamically is a bit of a waste
though, since we already know the small subset of maps that are possible
at this point, and have probably emitted diamonds for checking those
maps which can't be merged with the dynamic elements kind lookup.

In this patch, this code is changed in two major ways:

  1. We perform comparisons on the receiver map, rather than the
     receiver elements kind, and dispatch to the per-elements kind
     implementation after that check.

  2. We allow the Smi path to fallthrough into the Object elements path,
     once its Smi checks complete, to avoid generating distinct but
     identical grow-and-set code for both PACKED_ELEMENTS and
     PACKED_SMI_ELEMENTS.

Change-Id: Ie7764339a0220cb30aee0592553e0dc98539ac79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3912765
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83438}
2022-09-26 17:01:34 +00:00
Manos Koukoutos
798c51cdc7 [turboshaft] Split out ProtectedLoad and ProtectedStore
Those operators are not eliminable and need different properties than
the rest of loads/stores.

Bug: v8:12783
Change-Id: I7cd478fa827589612ca5d7628c628c09f3f4a3a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3909361
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83437}
2022-09-26 16:18:22 +00:00
Leszek Swirski
3998577340 [printer] Robustify handler printing
Make Load/StoreHandler printing a bit more robust against unexpected
values, which we may have missed in the printing definition (or the
value is corrupt, or the caller of the print is passing the wrong value
in) -- for printing like this it's better to be able to not crash on
invalid state.

Change-Id: Ibf5c2064d6aac3da1ac6c19469fe31d5f761b6dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3918710
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83436}
2022-09-26 16:06:18 +00:00
Matthias Liedtke
3ff531f50d [wasm-gc] Use experimental wasm GC flag for string <-> array conversions
This CL decouples the Wasm GC JS interop from the experimental
string <-> array conversions as the interop is now enabled by
default, still there are some issues discovered with the
conversions.
The functions are fixed via https://chromium-review.googlesource.com/c/v8/v8/+/3916633.

Bug: chromium:1366881
Change-Id: I27730523a51d24a7ea18199e1668e8c76f0bcb4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3916088
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83435}
2022-09-26 15:53:48 +00:00