.. instead of handles and update all uses. Likewise with
ElementAccessInfo. Essentially, this creates the needed refs up-front
and removes useless MakeRef calls from PAI users.
Bug: v8:7790, v8:11671
Change-Id: I175e77dcca27760101606587de615e3497e68c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030701
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75805}
.. and explicitly mark behavior through tags/naming conventions:
// This method is never called when concurrent inlining is enabled.
void SerializeFoo(NotConcurrentInliningTag);
// This method is thread-safe and may be called at any time.
void CacheBar();
It turns out that all our remaining SerializeFoo methods are already
either of the former or latter category and thus do not block removal
of the serialization phase for concurrent inlining.
Bug: v8:7790
Change-Id: If8f3bc2e407bc2824f83bfcd1f520f3b14dc58ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026709
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75804}
GC may change heap state and make this dependency fail. That's okay -
it passed once before, meaning that compilation saw a self-consistent
JSFunctionRef state.
Bug: chromium:1230930
Change-Id: I367b10e4aa88101f1ca83a46f596c5f289f6cab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040838
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75802}
An object got allocated as part of a parameter expression, which may
have caused GC issues.
R=bmeurer@chromium.org
Bug: chromium:1230041
Change-Id: I94537db7d0be5200049fbc6bd3eda0d49b6d7c17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038525
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75801}
This reverts commit 431fff66f5.
Reason for revert: Causes link error in chrome: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Builder/24667/overview
Original change's description:
> [traphandler] Add simulator support
>
> This prepares the trap handler to support being used from simulators.
> Modifications to the arm64 simulator will be done in a follow-up CL. For
> now, the trap handler will be registered but not used in Wasm (we emit
> explicit bounds checks instead, as before).
>
> The implementation uses inline assembly, so it is only available on x64
> POSIX systems for now. This is the main platform we use for testing and
> for fuzzing, so it should give us the test coverage we need. If needed,
> inline assembly for other platforms can be added later.
> The new code will be executed by the existing arm64 simulator bots, e.g.
> "V8 Linux - arm64 - sim".
>
> R=ahaas@chromium.org, mseaborn@chromium.org
>
> Bug: v8:11955
> Change-Id: Idc50291c704d9dea902ae0098e5309f19055816c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011160
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75780}
Bug: v8:11955
Change-Id: I74d2e41864fc515bd9727898f12ec1498b97ee62
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040839
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75798}
Rolling v8/base/trace_event/common: d5bb24e..d41864d
Rolling v8/build: fd86d60..33763d1
Rolling v8/buildtools/linux64: git_revision:b2d77ab1373192d1532af94b68fb8bab727b0e5b..git_revision:61a0153b5e60f11100a04e51393cae15268d1ee3
Rolling v8/buildtools/third_party/libc++abi/trunk: 7d5c92f..e8bf577
Rolling v8/third_party/aemu-linux-x64: eghzU3LI6jsGYPkSzAoCDHeiVyaydZjwxB5kjkPImaMC..XSfC0vpqwj2Qzz0hAfMHYCCe5KDFiXqzb4M3U-cT6i4C
Rolling v8/third_party/logdog/logdog: 88ab863..17ec234
Rolling v8/tools/luci-go: git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876..git_revision:6387586e5b3279aebdf22bdab7ae619dbc156b66
Rolling v8/tools/luci-go: git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876..git_revision:6387586e5b3279aebdf22bdab7ae619dbc156b66
Rolling v8/tools/luci-go: git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876..git_revision:6387586e5b3279aebdf22bdab7ae619dbc156b66
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Icb2300e3fddbb5c8550312216de5daedde164221
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040126
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75797}
I've noticed a few places where class fields as defined in Torque have
different names than the corresponding accessors in the C++ class. I
think they should match. Most of this change is just mechanically
updating the various places that use k##Field##Offset for those fields.
Change-Id: I8ba52aed7f6a1cd6b2d71158f71150b66c2c0da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027263
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75796}
On Aix, thread_cputime and clock_gettime (with CLOCK_THREAD_CPUTIME_ID)
can both be used to get time consumed by a thread. However,
thread_cputime is preferable, as it is has better resolution
(nanoseconds vs 10ms for clock_gettime).
Change-Id: I8a698f85defa011f6ed1eb5f47a6dbd4e21d1f67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036281
Commit-Queue: Vasili Skurydzin <vasili.skurydzin@ibm.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75793}
Bug: v8:7790
Change-Id: I5d9815f479bc009d280595cf0dac75dea17c3738
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024339
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75790}
This wraps up the transition away from kSerialized ref kinds.
Since JSFunctionRef is a complex type, we don't attempt full
consistency on the background thread. Instead, we serialize functions
on the background in a partially-racy manner, in which consistency
between different JSFunction fields is *not* guaranteed. Consistency
is later verified through a new compilation dependency kind during
finalization.
Bug: v8:7790, v8:12004
Change-Id: Ic2b78af9c9fe183c8769d323132bb304b151dc75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968404
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75789}
A stray 0xfeff character was accidentally added in
https://crrev.com/c/2952864, causing compilation problems on some
platforms. This CL removes it.
In case your diff looks empty, this is the change:
-<feff>// Copyright 2012 the V8 project authors. All rights reserved.
+// Copyright 2012 the V8 project authors. All rights reserved.
It was generated via
> git checkout -p 9c904a8f19bb93f32863ecbb1efe10e8cd49a6dc^ src/utils/alloca*.cc
R=leszeks@chromium.org
Bug: v8:11968
Change-Id: Ief3eba7875383c4a4c4238a4af47083304fc9782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038526
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75788}
... for visiting slots containing pointers to Code objects when
external code space mode is enabled.
These slots will require different handling once the code space is
moved out of the V8 heap cage.
This CL also introduces IsValidCodeObject() predicate similar to
IsValidHeapObject() for checking if given HeapObject is a valid Code
object.
Tbr: cbruni@chromium.org
Bug: v8:11880
Change-Id: I430940f4503cebfd2a6d387e44349810991a93e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032085
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75787}
Since {CodeSpaceWriteScope} is now used from cctests (since
https://crrev.com/c/3024150), its constructor and destructor need to be
exported.
R=jkummerow@chromium.org
Change-Id: I30627d632a9f4e4fde51bcb037bad69ceaedf6fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038062
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75786}
This is a reland of 0b091e9bd3
Some blink web tests have been temporarily disabled to allow landing
changes to the JS API in V8.
Original change's description:
> [wasm][eh] Rename Exception to Tag in the JS API
>
> See:
> https://github.com/WebAssembly/exception-handling/issues/159
>
> This change only does the rename where it's observable. This should also
> be renamed throughout the codebase for consistency and will be done
> separately.
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75718}
Bug: v8:8091
Change-Id: Id5375b5287fff81b8e0096377a55ef63e6d9b985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035083
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75785}
The new flags implementation can handle these kinds of implications.
Change-Id: I97cb5adbe00e4c6d92d13b4378582b4035c36475
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030707
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75784}
This is in preparation for baseline code flushing. After a deopt we
choose to execute baseline or bytecode based on whether
SharedFunctionInfo has any baseline code. With baseline code flushing,
it is possible that baseline code is flushed after this point and before
we start executing the unoptimized code (for ex: materializing objects).
To handle such situations this CL updates the BaselineEnterAt* builtins
to check for baseline code and restart either at baseline / bytecode.
Bug: v8:11947
Change-Id: I2084e38196c882f802d1186ff8c9ab881a35b16b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030711
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75783}
We add a struct type and array type to the fuzzed module.
Since the interpreter does not support wasm-gc,
we only do so if liftoff is used as a reference implementation.
Also, adding liftoff parameter to all GenerateModule definitions.
Bug: v8:11954
Change-Id: Ia8d2d7a8e1e12d375605f15d1393dd64f426607d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024160
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#75782}
This prepares the trap handler to support being used from simulators.
Modifications to the arm64 simulator will be done in a follow-up CL. For
now, the trap handler will be registered but not used in Wasm (we emit
explicit bounds checks instead, as before).
The implementation uses inline assembly, so it is only available on x64
POSIX systems for now. This is the main platform we use for testing and
for fuzzing, so it should give us the test coverage we need. If needed,
inline assembly for other platforms can be added later.
The new code will be executed by the existing arm64 simulator bots, e.g.
"V8 Linux - arm64 - sim".
R=ahaas@chromium.org, mseaborn@chromium.org
Bug: v8:11955
Change-Id: Idc50291c704d9dea902ae0098e5309f19055816c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011160
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75780}
An object got allocated as part of a parameter expression, which may
have caused GC issues.
Bug: chromium:1230041
Change-Id: I9a046fe36cd3b84e5df7b1400670b76e201ac026
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035765
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75777}
When run jalr and pc is contained in Builtin code range, sim will print "Call to builtin".
This cl reduces the print of "Call to builtin" which only be printed when call builtin and return to builtin.
Change-Id: Ic84101e892ed661cf41ac4d8d83bfff1ef7b4d5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030382
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75772}
Rolling v8/build: c0b24c3..fd86d60
Rolling v8/buildtools: 2500c1d..37dc929
Rolling v8/buildtools/linux64: git_revision:24e2f7df92641de0351a96096fb2c490b2436bb8..git_revision:6c6885302fd94f41b060013ea94eeb0d886124e2
Rolling v8/buildtools/third_party/libc++abi/trunk: 486cb62..7d5c92f
Rolling v8/buildtools/third_party/libunwind/trunk: 70006b7..d7b11d7
Rolling v8/third_party/aemu-linux-x64: ez3lWv5ncjyheCkRQs_v1WGTCLoiJvIecfY-dKKkXcUC..Gw2KXJAmd7MQfsDtWMYLLl6hvactBx7vjZgGKtL4bv8C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/88e3e03..1ef8e41
Rolling v8/tools/luci-go: git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f..git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876
Rolling v8/tools/luci-go: git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f..git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876
Rolling v8/tools/luci-go: git_revision:91a04914ac71b7b6fe7b95ce8691d45eeb69bf4f..git_revision:d10ff2af1182ccaad573bc5acb84a36f4c280876
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Ie42d026cfb4113995d99ee9678451e4ea4fa4360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036603
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75770}
Shared ops between TurboFan and Liftoff are moved into
the macro-assembler.
Change-Id: I03cd3af10074b6b4666a7d2a13e652629576f76f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035764
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75768}
Turbolizer can fail to open traces that contain 'StoreLine' nodes.
There is a problem in operator<<(std::ostream& os, StoreLaneParameters
params) that prints StoreLaneParameters.laneidx as a char and not as
an integer, and this can cause the insertion of string terminators in
the trace json file.
This CL fixes the issue.
Change-Id: Icf7700660cca2b4068f61dafa0c8f485b1aa497a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035362
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75767}
Avoid callers operating on raw top/limit where possible and provide
verification of the main invariant.
This is actually related to the refactoring suggest in v8:11958 in
that it cleans up the call sites a bit but doesn't go further than
that.
Bug: v8:11958
Change-Id: I35de29a5cd505b375408fc7c5399f637f3e9c755
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3034741
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75766}
This CL addresses two problems:
- the previous implementation of the large-function TF bailout
didn't work for streaming compilation, because it tried to look
at the size of wire bytes that weren't yet available. Moving the
logic so it gets executed later ensures that the function size
is available.
- module serialization currently requires all functions to be
compiled with Turbofan, so the hard limit breaks serialization for
modules containing such huge functions. This CL enables the limit
only for --experimental-wasm-gc, so that non-experimental modules
continue to be serializable as they always have been. In the
future, we will avoid this limitation by making serialization more
flexible.
Fixed: v8:11991
Change-Id: Ibcee6fafec00fb83c2b99ae906836e8598142529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035095
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75765}
Slightly lowers the interrupt budget for Turboprop and increases the
interrupt budget scaling factor for TurboFan. This gives the best
balance between benchmark performance and reducing optimization
overhead.
BUG=v8:9684
Change-Id: I6d555fb27d089bc8a6849612a4e02b2155020d85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026713
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75764}
This CL fixes the behaviour of String.prototype.startsWith when
undefined is passed as the search term. It also implements a small
shorthand when the search term is empty (according to the spec).
Bug: v8:11977
Change-Id: Iec2aa5f4301fcf444f20d5c1a80d3f634624d6f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035089
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75763}
Convert Low I32x4 (S/U) to FP is changed to use
`Round to nearest with ties to even` which is used by ConvertI32x4
as well as the scalar variant ConvertIntToFloat.
Change-Id: Idcb235bdf7fcd43304af785713a4988986db3544
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032262
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75762}
So far this kind was used only when concurrent inlining was enabled.
With this CL we always use it (for the corresponding objects).
This change has probably little effect but is one step towards the
"final" configuration.
Bug: v8:7790
Change-Id: Id56908382b2cd57e2f85246c814fb58aaea6b3c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3030712
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75759}
Use the map for both objects with 0 requested properties and the number
of inobject properties it has (4 currently) to share maptrees.
Change-Id: Ie4859d44bed39effff864d54e7d416b13898c7d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035081
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75757}
