1. 02 Oct, 2020 19 commits
    • Thibaud Michaud's avatar
      [wasm][fuzzer] Add missing signature check in interpreter runner · 1ff33c41
      Thibaud Michaud authored
      R=zhin@chromium.org
      
      Bug: chromium:1134324
      Change-Id: Ica1f8c290ba496c7c24d8ec46f963f389ad9e8fa
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445875Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
      Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70291}
      1ff33c41
    • Dan Elphick's avatar
      [heap] Re-allow RO_SPACE sharing with pointer compression · c104c4b4
      Dan Elphick authored
      Remove a spurious assert probably introduced by a bad merge that
      disallowed RO_SPACE sharing when pointer compression is enabled.
      
      Change-Id: I8a59a242667252dcbb098e5be405ac67a4e01a3d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445877
      Auto-Submit: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70290}
      c104c4b4
    • Dan Elphick's avatar
      [builtins] Remove UntypedParameter from TF_BUILTIN · 924b52f4
      Dan Elphick authored
      The TF_BUILTIN version of UntypedParameter is not used anywhere. There's
      still CodeAssembler::UntypedParameter which is still in use if a untyped
      parameter is required.
      
      Change-Id: I3580e73b781d750878d7bb1b38298d5b82d15f4c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445876
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
      Auto-Submit: Dan Elphick <delphick@chromium.org>
      Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70289}
      924b52f4
    • Leszek Swirski's avatar
      Reland^3 "[serializer] Allocate during deserialization" · 3f4e9bbe
      Leszek Swirski authored
      This is a reland of c4a062a9
      which was a reland of 28a30c57
      which was a reland of 5d7a29c9
      
      Fixes TSAN errors from non-atomic writes in the deserializer. Now all
      writes are (relaxed) atomic.
      
      Original change's description:
      > Reland^2 "[serializer] Allocate during deserialization"
      >
      > This is a reland of 28a30c57
      > which was a reland of 5d7a29c9
      >
      > The crashes were from calling RegisterDeserializerFinished on a null
      > Isolate pointer, for a deserializer that was never initialised
      > (specifically, ReadOnlyDeserializer when ROHeap is shared).
      >
      > Original change's description:
      > > Reland "[serializer] Allocate during deserialization"
      > >
      > > This is a reland of 5d7a29c9
      > >
      > > This reland shuffles around the order of checks in Heap::AllocateRawWith
      > > to not check the new space addresses until it's known that this is a new
      > > space allocation. This fixes an UBSan failure during read-only space
      > > deserialization, which happens before the new space is initialized.
      > >
      > > It also fixes some issues discovered by --stress-snapshot, around
      > > serializing ThinStrings (which are now elided as part of serialization),
      > > handle counts (I bumped the maximum handle count in that check), and
      > > clearing map transitions (the map backpointer field needed a Smi
      > > uninitialized value check).
      > >
      > > Original change's description:
      > > > [serializer] Allocate during deserialization
      > > >
      > > > This patch removes the concept of reservations and a specialized
      > > > deserializer allocator, and instead makes the deserializer allocate
      > > > directly with the Heap's Allocate method.
      > > >
      > > > The major consequence of this is that the GC can now run during
      > > > deserialization, which means that:
      > > >
      > > >   a) Deserialized objects are visible to the GC, and
      > > >   b) Objects that the deserializer/deserialized objects point to can
      > > >      move.
      > > >
      > > > Point a) is mostly not a problem due to previous work in making
      > > > deserialized objects "GC valid", i.e. making sure that they have a valid
      > > > size before any subsequent allocation/safepoint. We now additionally
      > > > have to initialize the allocated space with a valid tagged value -- this
      > > > is a magic Smi value to keep "uninitialized" checks simple.
      > > >
      > > > Point b) is solved by Handlifying the deserializer. This involves
      > > > changing any vectors of objects into vectors of Handles, and any object
      > > > keyed map into an IdentityMap (we can't use Handles as keys because
      > > > the object's address is no longer a stable hash).
      > > >
      > > > Back-references can no longer be direct chunk offsets, so instead the
      > > > deserializer stores a Handle to each deserialized object, and the
      > > > backreference is an index into this handle array. This encoding could
      > > > be optimized in the future with e.g. a second pass over the serialized
      > > > array which emits a different bytecode for objects that are and aren't
      > > > back-referenced.
      > > >
      > > > Additionally, the slot-walk over objects to initialize them can no
      > > > longer use absolute slot offsets, as again an object may move and its
      > > > slot address would become invalid. Now, slots are walked as relative
      > > > offsets to a Handle to the object, or as absolute slots for the case of
      > > > root pointers. A concept of "slot accessor" is introduced to share the
      > > > code between these two modes, and writing the slot (including write
      > > > barriers) is abstracted into this accessor.
      > > >
      > > > Finally, the Code body walk is modified to deserialize all objects
      > > > referred to by RelocInfos before doing the RelocInfo walk itself. This
      > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate
      > > > during a RelocInfo walk.
      > > >
      > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      > > > size rather than byte size -- the size is expected to be tagged-aligned
      > > > anyway, so now we get an extra few bits in the size encoding.
      > > >
      > > > Bug: chromium:1075999
      > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#70229}
      > >
      > > Bug: chromium:1075999
      > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
      > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#70267}
      >
      > Tbr: jgruber@chromium.org,ulan@chromium.org
      > Bug: chromium:1075999
      > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70279}
      
      Tbr: jgruber@chromium.org,ulan@chromium.org
      Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng,v8_linux64_tsan_no_cm_rel_ng,v8_linux64_tsan_isolates_rel_ng
      Bug: chromium:1075999
      Change-Id: I0b9b11644aebc4cc8b07c62a0f765b24e4d73d89
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445872
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70288}
      3f4e9bbe
    • Omer Katz's avatar
      cppgc: Various marking data races · 69d507ca
      Omer Katz authored
      This resolves several races identified by concurrent marking tests.
      These include:
      (*) Several instances of not using atomic accesses.
      (*) Synchronizing page on page creation.
      
      Bug: chromium:1056170
      Change-Id: I4a32a44b93a6995a11e3cc75c9446fb8860ae780
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2423717
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70287}
      69d507ca
    • Toon Verwaest's avatar
      [char-predicates] Use OneByte flag table and add line terminator support · dae25c02
      Toon Verwaest authored
      Using a OneByte table allows branches to be removed if the function is inlined
      in a place where we statically know the character is onebyte.
      
      This adds support for line terminators. To support 2byte line terminators as
      well this adds a entries for the lower byte into the table so we can often take
      a faster path in that case as well.
      
      Change-Id: Ibd08d540e0e13047d6c1f675c187f14fda4336c5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445471Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Commit-Queue: Toon Verwaest <verwaest@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70286}
      dae25c02
    • Jakob Kummerow's avatar
      [cleanup] Drop Runtime_IsValidSmi · 896627db
      Jakob Kummerow authored
      It only had one callsite, and that callsite was useless:
      %IsValidSmi(two_31) has never returned {true} on any
      configuration we have ever shipped.
      
      Bug: v8:10933
      Change-Id: I09cdfd7bbd7960d1ec460ad4bd9f0d21e47f7393
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2434746
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70285}
      896627db
    • Milad Fa's avatar
      [BUILD] Disable warning for using enum constant in boolean context · f3861a87
      Milad Fa authored
      Change-Id: I5e976ba8cbecaff04a0975a3de00627cabb00f3f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442432Reviewed-by: 's avatarMilad Fa <mfarazma@redhat.com>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Milad Fa <mfarazma@redhat.com>
      Cr-Commit-Position: refs/heads/master@{#70284}
      f3861a87
    • Omer Katz's avatar
      cppgc: Clear object memory on sweep · 8b1a3a73
      Omer Katz authored
      We clear during sweep so that we are guaranteed the in-construction bit
      of newly allocated objects is always 0. The lock sweeping uses for
      synchronization assures no data races between clearing and concurrent
      marking.
      
      The only exception to that is debug builds that zap on sweep and clear
      on allocation. This makes it so that dangling references will most
      likely crash in debug builds.
      
      Bug: chromium:1056170
      Change-Id: I12597ef76629ec50c6bfc39dc21b68243c4160ae
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438530
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70283}
      8b1a3a73
    • Omer Katz's avatar
      cppgc: Mark in construction objects externally · cebd8b65
      Omer Katz authored
      In construction objects don't have anything to sync with on the
      allocation side since they weren't marked as fully constructed yet.
      This could mean the initialization of the marking bit on the mutator
      thread and setting the mark bit on a concurrent thread could race
      (potentially resulting in losing the mark bit when the gc info index
      overwrites it).
      
      This CL fixes this issue by using a set of in construction objects.
      In construction objects are no longer marked. Instead they are pushed
      to the set and the heap object header is marked when they are popped
      from the worklist. Since the set avoids duplicates, this allows us to
      both avoid worklist explosion (due to pushing the same in construction
       object multiple times) and avoid the data race on the mark bit.
      
      This CL uses an unordered_set to record objects. Synchronization uses
      a lock, which could be costly but is not expected to be obtained often.
      
      Bug: chromium:1056170
      Change-Id: I366b59f476c166ff06e15b280df9e846034cc6cf
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2437388
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70282}
      cebd8b65
    • Clemens Backes's avatar
      [wasm] Remove an unneeded lambda · e226632a
      Clemens Backes authored
      The lambda used to do more work, now it's just a single function call.
      Thus remove the lambda by inlining it into all callers.
      Also, get rid of an unneeded parameter on {OnCompilationStopped}.
      
      R=thibaudm@chromium.org
      
      Bug: v8:10933
      Change-Id: I2c5bc8dfab7abe47a69c1c3eeb5ec8dd02f503c1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440524Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70281}
      e226632a
    • Clemens Backes's avatar
      Revert "Reland^2 "[serializer] Allocate during deserialization"" · a81da102
      Clemens Backes authored
      This reverts commit c4a062a9.
      
      Reason for revert: TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33504
      
      Original change's description:
      > Reland^2 "[serializer] Allocate during deserialization"
      >
      > This is a reland of 28a30c57
      > which was a reland of 5d7a29c9
      >
      > The crashes were from calling RegisterDeserializerFinished on a null
      > Isolate pointer, for a deserializer that was never initialised
      > (specifically, ReadOnlyDeserializer when ROHeap is shared).
      >
      > Original change's description:
      > > Reland "[serializer] Allocate during deserialization"
      > >
      > > This is a reland of 5d7a29c9
      > >
      > > This reland shuffles around the order of checks in Heap::AllocateRawWith
      > > to not check the new space addresses until it's known that this is a new
      > > space allocation. This fixes an UBSan failure during read-only space
      > > deserialization, which happens before the new space is initialized.
      > >
      > > It also fixes some issues discovered by --stress-snapshot, around
      > > serializing ThinStrings (which are now elided as part of serialization),
      > > handle counts (I bumped the maximum handle count in that check), and
      > > clearing map transitions (the map backpointer field needed a Smi
      > > uninitialized value check).
      > >
      > > Original change's description:
      > > > [serializer] Allocate during deserialization
      > > >
      > > > This patch removes the concept of reservations and a specialized
      > > > deserializer allocator, and instead makes the deserializer allocate
      > > > directly with the Heap's Allocate method.
      > > >
      > > > The major consequence of this is that the GC can now run during
      > > > deserialization, which means that:
      > > >
      > > >   a) Deserialized objects are visible to the GC, and
      > > >   b) Objects that the deserializer/deserialized objects point to can
      > > >      move.
      > > >
      > > > Point a) is mostly not a problem due to previous work in making
      > > > deserialized objects "GC valid", i.e. making sure that they have a valid
      > > > size before any subsequent allocation/safepoint. We now additionally
      > > > have to initialize the allocated space with a valid tagged value -- this
      > > > is a magic Smi value to keep "uninitialized" checks simple.
      > > >
      > > > Point b) is solved by Handlifying the deserializer. This involves
      > > > changing any vectors of objects into vectors of Handles, and any object
      > > > keyed map into an IdentityMap (we can't use Handles as keys because
      > > > the object's address is no longer a stable hash).
      > > >
      > > > Back-references can no longer be direct chunk offsets, so instead the
      > > > deserializer stores a Handle to each deserialized object, and the
      > > > backreference is an index into this handle array. This encoding could
      > > > be optimized in the future with e.g. a second pass over the serialized
      > > > array which emits a different bytecode for objects that are and aren't
      > > > back-referenced.
      > > >
      > > > Additionally, the slot-walk over objects to initialize them can no
      > > > longer use absolute slot offsets, as again an object may move and its
      > > > slot address would become invalid. Now, slots are walked as relative
      > > > offsets to a Handle to the object, or as absolute slots for the case of
      > > > root pointers. A concept of "slot accessor" is introduced to share the
      > > > code between these two modes, and writing the slot (including write
      > > > barriers) is abstracted into this accessor.
      > > >
      > > > Finally, the Code body walk is modified to deserialize all objects
      > > > referred to by RelocInfos before doing the RelocInfo walk itself. This
      > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate
      > > > during a RelocInfo walk.
      > > >
      > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      > > > size rather than byte size -- the size is expected to be tagged-aligned
      > > > anyway, so now we get an extra few bits in the size encoding.
      > > >
      > > > Bug: chromium:1075999
      > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > > Cr-Commit-Position: refs/heads/master@{#70229}
      > >
      > > Bug: chromium:1075999
      > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
      > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#70267}
      >
      > Tbr: jgruber@chromium.org,ulan@chromium.org
      > Bug: chromium:1075999
      > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70279}
      
      TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org
      
      Change-Id: Ib2f01db4cd9b55639d6a4af971bda865edb45e84
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:1075999
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445250Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70280}
      a81da102
    • Leszek Swirski's avatar
      Reland^2 "[serializer] Allocate during deserialization" · c4a062a9
      Leszek Swirski authored
      This is a reland of 28a30c57
      which was a reland of 5d7a29c9
      
      The crashes were from calling RegisterDeserializerFinished on a null
      Isolate pointer, for a deserializer that was never initialised
      (specifically, ReadOnlyDeserializer when ROHeap is shared).
      
      Original change's description:
      > Reland "[serializer] Allocate during deserialization"
      >
      > This is a reland of 5d7a29c9
      >
      > This reland shuffles around the order of checks in Heap::AllocateRawWith
      > to not check the new space addresses until it's known that this is a new
      > space allocation. This fixes an UBSan failure during read-only space
      > deserialization, which happens before the new space is initialized.
      >
      > It also fixes some issues discovered by --stress-snapshot, around
      > serializing ThinStrings (which are now elided as part of serialization),
      > handle counts (I bumped the maximum handle count in that check), and
      > clearing map transitions (the map backpointer field needed a Smi
      > uninitialized value check).
      >
      > Original change's description:
      > > [serializer] Allocate during deserialization
      > >
      > > This patch removes the concept of reservations and a specialized
      > > deserializer allocator, and instead makes the deserializer allocate
      > > directly with the Heap's Allocate method.
      > >
      > > The major consequence of this is that the GC can now run during
      > > deserialization, which means that:
      > >
      > >   a) Deserialized objects are visible to the GC, and
      > >   b) Objects that the deserializer/deserialized objects point to can
      > >      move.
      > >
      > > Point a) is mostly not a problem due to previous work in making
      > > deserialized objects "GC valid", i.e. making sure that they have a valid
      > > size before any subsequent allocation/safepoint. We now additionally
      > > have to initialize the allocated space with a valid tagged value -- this
      > > is a magic Smi value to keep "uninitialized" checks simple.
      > >
      > > Point b) is solved by Handlifying the deserializer. This involves
      > > changing any vectors of objects into vectors of Handles, and any object
      > > keyed map into an IdentityMap (we can't use Handles as keys because
      > > the object's address is no longer a stable hash).
      > >
      > > Back-references can no longer be direct chunk offsets, so instead the
      > > deserializer stores a Handle to each deserialized object, and the
      > > backreference is an index into this handle array. This encoding could
      > > be optimized in the future with e.g. a second pass over the serialized
      > > array which emits a different bytecode for objects that are and aren't
      > > back-referenced.
      > >
      > > Additionally, the slot-walk over objects to initialize them can no
      > > longer use absolute slot offsets, as again an object may move and its
      > > slot address would become invalid. Now, slots are walked as relative
      > > offsets to a Handle to the object, or as absolute slots for the case of
      > > root pointers. A concept of "slot accessor" is introduced to share the
      > > code between these two modes, and writing the slot (including write
      > > barriers) is abstracted into this accessor.
      > >
      > > Finally, the Code body walk is modified to deserialize all objects
      > > referred to by RelocInfos before doing the RelocInfo walk itself. This
      > > is because RelocInfoIterator uses raw pointers, so we cannot allocate
      > > during a RelocInfo walk.
      > >
      > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      > > size rather than byte size -- the size is expected to be tagged-aligned
      > > anyway, so now we get an extra few bits in the size encoding.
      > >
      > > Bug: chromium:1075999
      > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#70229}
      >
      > Bug: chromium:1075999
      > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70267}
      
      Tbr: jgruber@chromium.org,ulan@chromium.org
      Bug: chromium:1075999
      Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70279}
      c4a062a9
    • Michael Lippautz's avatar
      Disable GCStackTest.IteratePointersFindsParameterNesting8 for MSVC · aaf8d462
      Michael Lippautz authored
      The test gets miscompiled on MSVC >=19.25, see bug.
      
      Bug: v8:10658
      Change-Id: I3b75fe45916fa9e59ec78b852b7bdf707f11a2cc
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443731
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Commit-Queue: Anton Bikineev <bikineev@chromium.org>
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70278}
      aaf8d462
    • Maya Lekova's avatar
      [turbofan] Add float/double support for fast API calls · fe947abf
      Maya Lekova authored
      This CL implements passing float parameters to fast API calls by
      using the existing representation conversions for double parameters
      and then truncating the double to a float.
      
      It also adds float/double tests for fast API calls.
      
      Bug: chromium:1052746
      Change-Id: Ibb3ccd173b3807a515adbf38cebaa1cf8e2784b6
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436333Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70277}
      fe947abf
    • Marja Hölttä's avatar
      [turbofan] BytecodeGraphBuilder: Use less-manual node creation · c9d1c005
      Marja Hölttä authored
      BytecodeGraphBuilder::NewNode already wires up effect and control, so we
      don't need to do it manually.
      
      Bug: v8:10933
      Change-Id: I454609b10a5748abd13e668780814a4eb6d7cdfa
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442625Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Marja Hölttä <marja@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70276}
      c9d1c005
    • v8-ci-autoroll-builder's avatar
      Update V8 DEPS. · 8ba56863
      v8-ci-autoroll-builder authored
      Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/3ede101..9cc0704
      
      Rolling v8/third_party/aemu-linux-x64: oJeWXQJJ1lVY6P7l39pBV-mrbeWlw0swPZQuNmcix5AC..UABC8VAzZj56bPNLe3ou7AIlBjwHbiXOu6R9f5RbZWcC
      
      Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0f6ed71..8c88c75
      
      Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/991ead1..69e30b2
      
      Rolling v8/third_party/fuchsia-sdk: https://chromium.googlesource.com/chromium/src/third_party/fuchsia-sdk/+log/6a38b0e..f8df9ff
      
      Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/bd8e096..921f371
      
      TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
      
      Change-Id: I67490c905909fcdcfad45b25f8d5341ec743e7e6
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443592Reviewed-by: 's avatarv8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
      Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
      Cr-Commit-Position: refs/heads/master@{#70275}
      8ba56863
    • Ng Zhi An's avatar
      [x64] Convert pinsrb family of instructions to take uint8_t immediate · 1d85b5f7
      Ng Zhi An authored
      It was slightly inconsistent, the sse versions took int8_t, the avx
      versions took uint8_t. Consolidate into uint8_t, that allows us to
      remove the DCHECK inside of the assembler, and also convert callers to
      use uint8_t.
      
      Bug: v8:10933
      Change-Id: I125f0d54533b6fde1362e63e96f50fcf2467cac5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443494Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70274}
      1d85b5f7
    • Frank Tang's avatar
      Reland "[intl] Impl ECMA402 PR 471 rounding behavior" · 940d11ec
      Frank Tang authored
      This is a reland of 40af6aee
      
      Change from the rollbacked version
      - removes the passed test fixed by this PR in test/test262/test262.status
      
      TBR=jkummerow@chromium.org
      
      Original change's description:
      > [intl] Impl ECMA402 PR 471 rounding behavior
      >
      > Fix awkward rounding behavior
      > Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding
      > behavior in NumberFormat when formatting a currency with
      > "maximumFractionDigits" set to a value less than 2.
      >
      > Bug: v8:10844
      > Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5
      > Refs: https://github.com/tc39/ecma402/pull/471
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Commit-Queue: Frank Tang <ftang@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70270}
      
      Bug: v8:10844
      Change-Id: Icfe7363f63d402abccc038e2b8bd78b38d0d9c49
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444210
      Commit-Queue: Frank Tang <ftang@chromium.org>
      Reviewed-by: 's avatarFrank Tang <ftang@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70273}
      940d11ec
  2. 01 Oct, 2020 21 commits
    • Ng Zhi An's avatar
      [wasm-simd][scalar-lowering] Fix lowering of narrowing · 894bf6df
      Ng Zhi An authored
      Narrowing operations need to sign extend the result.
      
      E.g. for narrowing uint16 to uint8, we compare uint16 to uint8 max,
      0xff. The final result should be 0xffffffff (sign extended) since we
      try to keep nodes in their sign extended form, to work well with
      the rest of the lowering operations.
      
      With this, we pass the last spec test (that is not ignored),
      simd_conversions.
      
      Bug: v8:10507
      Change-Id: I8914fd69db9378b8244cba5dcacff98d36893649
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436613Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70272}
      894bf6df
    • Zhi An Ng's avatar
      Revert "[intl] Impl ECMA402 PR 471 rounding behavior" · c5f960a8
      Zhi An Ng authored
      This reverts commit 40af6aee.
      
      Reason for revert: Test262 failures, see https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/2509?
      
      Original change's description:
      > [intl] Impl ECMA402 PR 471 rounding behavior
      >
      > Fix awkward rounding behavior
      > Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding
      > behavior in NumberFormat when formatting a currency with
      > "maximumFractionDigits" set to a value less than 2.
      >
      > Bug: v8:10844
      > Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5
      > Refs: https://github.com/tc39/ecma402/pull/471
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191
      > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
      > Commit-Queue: Frank Tang <ftang@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70270}
      
      TBR=jkummerow@chromium.org,ftang@chromium.org,syg@chromium.org
      
      Change-Id: I1cfc05e0e2015ad18c037003c9a9a414e2151e06
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:10844
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441549Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70271}
      c5f960a8
    • Frank Tang's avatar
      [intl] Impl ECMA402 PR 471 rounding behavior · 40af6aee
      Frank Tang authored
      Fix awkward rounding behavior
      Change Intl::SetNumberFormatDigitOptions to fix the awkward rounding
      behavior in NumberFormat when formatting a currency with
      "maximumFractionDigits" set to a value less than 2.
      
      Bug: v8:10844
      Change-Id: I2ff4afa9f747cd79cb9964fe4c77a0dd2b8977b5
      Refs: https://github.com/tc39/ecma402/pull/471
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442191Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Frank Tang <ftang@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70270}
      40af6aee
    • Frank Tang's avatar
      Roll test262 · 82061a66
      Frank Tang authored
      https://chromium.googlesource.com/external/github.com/tc39/test262/+log/639760203..ad8a5e9940
      
      Bug: v8:7834
      Change-Id: Ifb5c6601b8c0b8fb2fc60144c8f77abf0a12782d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440722Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
      Commit-Queue: Frank Tang <ftang@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70269}
      82061a66
    • Zhi An Ng's avatar
      Revert "Reland "[serializer] Allocate during deserialization"" · c7c0e790
      Zhi An Ng authored
      This reverts commit 28a30c57.
      
      Reason for revert: Broke Test262 https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/38638?
      
      Original change's description:
      > Reland "[serializer] Allocate during deserialization"
      >
      > This is a reland of 5d7a29c9
      >
      > This reland shuffles around the order of checks in Heap::AllocateRawWith
      > to not check the new space addresses until it's known that this is a new
      > space allocation. This fixes an UBSan failure during read-only space
      > deserialization, which happens before the new space is initialized.
      >
      > It also fixes some issues discovered by --stress-snapshot, around
      > serializing ThinStrings (which are now elided as part of serialization),
      > handle counts (I bumped the maximum handle count in that check), and
      > clearing map transitions (the map backpointer field needed a Smi
      > uninitialized value check).
      >
      > Original change's description:
      > > [serializer] Allocate during deserialization
      > >
      > > This patch removes the concept of reservations and a specialized
      > > deserializer allocator, and instead makes the deserializer allocate
      > > directly with the Heap's Allocate method.
      > >
      > > The major consequence of this is that the GC can now run during
      > > deserialization, which means that:
      > >
      > >   a) Deserialized objects are visible to the GC, and
      > >   b) Objects that the deserializer/deserialized objects point to can
      > >      move.
      > >
      > > Point a) is mostly not a problem due to previous work in making
      > > deserialized objects "GC valid", i.e. making sure that they have a valid
      > > size before any subsequent allocation/safepoint. We now additionally
      > > have to initialize the allocated space with a valid tagged value -- this
      > > is a magic Smi value to keep "uninitialized" checks simple.
      > >
      > > Point b) is solved by Handlifying the deserializer. This involves
      > > changing any vectors of objects into vectors of Handles, and any object
      > > keyed map into an IdentityMap (we can't use Handles as keys because
      > > the object's address is no longer a stable hash).
      > >
      > > Back-references can no longer be direct chunk offsets, so instead the
      > > deserializer stores a Handle to each deserialized object, and the
      > > backreference is an index into this handle array. This encoding could
      > > be optimized in the future with e.g. a second pass over the serialized
      > > array which emits a different bytecode for objects that are and aren't
      > > back-referenced.
      > >
      > > Additionally, the slot-walk over objects to initialize them can no
      > > longer use absolute slot offsets, as again an object may move and its
      > > slot address would become invalid. Now, slots are walked as relative
      > > offsets to a Handle to the object, or as absolute slots for the case of
      > > root pointers. A concept of "slot accessor" is introduced to share the
      > > code between these two modes, and writing the slot (including write
      > > barriers) is abstracted into this accessor.
      > >
      > > Finally, the Code body walk is modified to deserialize all objects
      > > referred to by RelocInfos before doing the RelocInfo walk itself. This
      > > is because RelocInfoIterator uses raw pointers, so we cannot allocate
      > > during a RelocInfo walk.
      > >
      > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      > > size rather than byte size -- the size is expected to be tagged-aligned
      > > anyway, so now we get an extra few bits in the size encoding.
      > >
      > > Bug: chromium:1075999
      > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > > Cr-Commit-Position: refs/heads/master@{#70229}
      >
      > Bug: chromium:1075999
      > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70267}
      
      TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org
      
      Change-Id: Ieed68332ef6a7ad36db061e3f48be0f28673d7a2
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: chromium:1075999
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2441608Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70268}
      c7c0e790
    • Leszek Swirski's avatar
      Reland "[serializer] Allocate during deserialization" · 28a30c57
      Leszek Swirski authored
      This is a reland of 5d7a29c9
      
      This reland shuffles around the order of checks in Heap::AllocateRawWith
      to not check the new space addresses until it's known that this is a new
      space allocation. This fixes an UBSan failure during read-only space
      deserialization, which happens before the new space is initialized.
      
      It also fixes some issues discovered by --stress-snapshot, around
      serializing ThinStrings (which are now elided as part of serialization),
      handle counts (I bumped the maximum handle count in that check), and
      clearing map transitions (the map backpointer field needed a Smi
      uninitialized value check).
      
      Original change's description:
      > [serializer] Allocate during deserialization
      >
      > This patch removes the concept of reservations and a specialized
      > deserializer allocator, and instead makes the deserializer allocate
      > directly with the Heap's Allocate method.
      >
      > The major consequence of this is that the GC can now run during
      > deserialization, which means that:
      >
      >   a) Deserialized objects are visible to the GC, and
      >   b) Objects that the deserializer/deserialized objects point to can
      >      move.
      >
      > Point a) is mostly not a problem due to previous work in making
      > deserialized objects "GC valid", i.e. making sure that they have a valid
      > size before any subsequent allocation/safepoint. We now additionally
      > have to initialize the allocated space with a valid tagged value -- this
      > is a magic Smi value to keep "uninitialized" checks simple.
      >
      > Point b) is solved by Handlifying the deserializer. This involves
      > changing any vectors of objects into vectors of Handles, and any object
      > keyed map into an IdentityMap (we can't use Handles as keys because
      > the object's address is no longer a stable hash).
      >
      > Back-references can no longer be direct chunk offsets, so instead the
      > deserializer stores a Handle to each deserialized object, and the
      > backreference is an index into this handle array. This encoding could
      > be optimized in the future with e.g. a second pass over the serialized
      > array which emits a different bytecode for objects that are and aren't
      > back-referenced.
      >
      > Additionally, the slot-walk over objects to initialize them can no
      > longer use absolute slot offsets, as again an object may move and its
      > slot address would become invalid. Now, slots are walked as relative
      > offsets to a Handle to the object, or as absolute slots for the case of
      > root pointers. A concept of "slot accessor" is introduced to share the
      > code between these two modes, and writing the slot (including write
      > barriers) is abstracted into this accessor.
      >
      > Finally, the Code body walk is modified to deserialize all objects
      > referred to by RelocInfos before doing the RelocInfo walk itself. This
      > is because RelocInfoIterator uses raw pointers, so we cannot allocate
      > during a RelocInfo walk.
      >
      > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
      > size rather than byte size -- the size is expected to be tagged-aligned
      > anyway, so now we get an extra few bits in the size encoding.
      >
      > Bug: chromium:1075999
      > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
      > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70229}
      
      Bug: chromium:1075999
      Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Auto-Submit: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70267}
      28a30c57
    • Andrey Kosyakov's avatar
      DevTools: add support for injecting bindings by context name · abacd4c1
      Andrey Kosyakov authored
      This adds support for injecting binding into contexts other than
      main based on the context name (AKA isolated world name in Blink
      terms). This would simplify a common use case for addBinding in
      Puppeteer and other automation tools that use addBinding to expose
      a back-channel for extension code running in an isolated world by
      making bindings available to such code at an early stage and in a
      race-free manner (currently, we can only inject a binding into
      specific context after the creation of the context has been reported
      to the client, which typically introduces a race with other evals
      the client may be running in the context).
      
      Change-Id: I66454954491a47a0c9aa4864f0aace4da2e67d3a
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440984Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarPavel Feldman <pfeldman@chromium.org>
      Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70266}
      abacd4c1
    • Clemens Backes's avatar
      [wasm] Refactor generation of atomic instructions · 179f7f43
      Clemens Backes authored
      This refactors the logic for generating atomic instructions in TurboFan.
      Instead of duplicating code via macros, we look up all information we
      need from a table (via switch), and generate the respective graph from
      that information.
      This will allow to factor in changes for memory64 more easily.
      
      R=ahaas@chromium.org
      
      Bug: v8:10949
      Change-Id: Ic2c78588f8ce555667f7e0220b1cc50c7074ded4
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440831
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70265}
      179f7f43
    • Dan Elphick's avatar
      [CSA] Tnodify CodeAssembler::Parameter · 74a9b9c4
      Dan Elphick authored
      CodeAssembler::Parameter now takes a Type template parameter and
      performs a checked cast to it. There is also UncheckedParameter which
      returns a TNode but doesn't check the cast. The original Parameter
      method is still there as UntypedParameter.
      
      Parameter<T>(x) in many cases replaces CAST(Parameter(x)), where the
      cast is performed inside Parameter. Since Parameter is not a macro,
      this means it cannot see the original expression or its file name and
      line number. So the error messages are vaguely useful, Parameter<T>()
      takes a SourceLocation parameter which with a default value of
      SourceLocation::Current(), which at least gives us the file name and
      line number for the error message.
      
      Bug: v8:6949, v8:10933
      Change-Id: I27157bec7dc7462210c1eb9c430c0180217d25c1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435106Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70264}
      74a9b9c4
    • Etienne Pierre-doray's avatar
      [Heap]: PointersUpdating uses Jobs · 95ca946c
      Etienne Pierre-doray authored
      Replaces ItemParallelJob by std::vector to hold work items.
      IndexGenerator is used to iterate over evacuation items.
      
      Change-Id: Id687f6696e74998c9d23ee2a2ee97c7687d13815
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438631
      Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70263}
      95ca946c
    • Leszek Swirski's avatar
      [ptr-cmpr] Remove runtime Isolate allocation flag · 6ca8453c
      Leszek Swirski authored
      Remove the runtime functionality allowing the Isolate to be allocated
      4GB aligned in non-pointer-compressed builds. This was barely used in
      tests, so we can remove it to give slightly stronger compile-time
      guarantees about pointer-compression-only methods being used only under
      pointer-compression.
      
      Change-Id: I8eb990faa8f8499ecdcb70ca104ffad4be1437b2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442790Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70262}
      6ca8453c
    • Andrey Kosyakov's avatar
      DevTools: ensure binding is only exposed into the specified context · a65c5fb7
      Andrey Kosyakov authored
      ... when addBinding is called with contextId. Previously, due to
      a subtle type, we exposed bidings added with executionContextId to
      all contexts created after the binding was added.
      
      Also, do not persist context-specific bindings to agent state,
      as context ids don't make sense across the process.
      
      This also adds a test instrastructure to create additional context in
      given context group.
      
      Change-Id: I1b3e96cb65b756424bc7872d200bbbf41e4c30b8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440982Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70261}
      a65c5fb7
    • Clemens Backes's avatar
      [wasm] Only store PCs for full validation · 54f852d1
      Clemens Backes authored
      The PC stored in each entry on the value stack and control stack is only
      needed for error reporting, hence avoid storing it for the
      {kNoValidation} and {kBooleanValidation} modes.
      
      R=thibaudm@chromium.org
      
      Bug: v8:10969
      Change-Id: I14c6a6b1857545099e4a90d77d13107013f01565
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436540
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70260}
      54f852d1
    • Michael Lippautz's avatar
      cppgc: Move ProcessWeakness into FinishMarking · 20e1ba28
      Michael Lippautz authored
      For cross-thread handling we require the atomic marking pause to
      provide an atomically consistent view of markbits and weak references.
      This is ensured by locking the whole atomic pause from entering to
      weak processing.
      
      This CL move ProcessWeakness() into FinishMarking() which allows to
      nicely scope the upcomming lock from EnterAtomicPause() to
      LeaveAtomicPause(). The alternative is requiring the caller to ensure
      proper locking which is harder than ensuring that the Marker is
      consistent.
      
      Bug: chromium:1056170
      Change-Id: Ib6028a0d76fcf9422c4a0d422fec3d568f106bf2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442620
      Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
      Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70259}
      20e1ba28
    • Michael Hablich's avatar
      Update V8 version after branch cut · 4e7621fc
      Michael Hablich authored
      TBR=machenbach@chromium.org
      
      Change-Id: I3ea2bb7431ee9c5834e9ca58cf88511fb719a0cf
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442623Reviewed-by: 's avatarMichael Hablich <hablich@chromium.org>
      Commit-Queue: Michael Hablich <hablich@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70258}
      4e7621fc
    • Richard Townsend's avatar
      fix: correct calling convention for Windows on Arm · 7b3a27b7
      Richard Townsend authored
      Corrects a "Check failed: kFPParamRegisterCount == kParamRegisterCount"
      message when compiling v8_snapshot for Windows on Arm.
      
      Unlike x64, Windows on Arm's calling convention does not alternate
      between integer and float registers.
      
      Bug: chromium:1052746
      Change-Id: I4c9cdafcd6e43742b94613f85b2983761cc0891a
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440717
      Commit-Queue: Maya Lekova <mslekova@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70257}
      7b3a27b7
    • Dominik Inführ's avatar
      [heap] Use regular FreeList for MapSpace · 487d512e
      Dominik Inführ authored
      MapSpace was using a separate FreeList implementation since all maps
      have the save exact same size. Remove FreeListMap and use the regular
      free list which is also used for the old space. This will allow to use
      LABs in the map space.
      
      Bug: v8:10315
      Change-Id: I00cfcb260edb20f044ad74a24772f810e1f93afd
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442789Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70256}
      487d512e
    • Kong, Fanchen's avatar
      [turbofan] Enable complex memory operands for floating-point binop on x64 · abcd1835
      Kong, Fanchen authored
      With this change, a load from memory into a register can be replaced by a memory operand for floating point binops if possible.
      
      This eliminates one instruction for following pattern:
      	vmovss xmm0, m32
      	vmulss xmm1, xmm1, xmm0
      ===>
      	vmulss xmm1, xmm1, m32
      
      Change-Id: I6944287fae3b7756621fb6b3d0b3db9e0beaf080
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2411696
      Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
      Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
      Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70255}
      abcd1835
    • Yang Guo's avatar
      [debug] consider Object.keys free of side effects · 371b1a61
      Yang Guo authored
      R=szuend@chromium.org
      
      Fixed: v8:10910
      Change-Id: I8706026db5dfa815ae5c1580a6ebbeb11adeb23e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442615
      Commit-Queue: Yang Guo <yangguo@chromium.org>
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Auto-Submit: Yang Guo <yangguo@chromium.org>
      Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70254}
      371b1a61
    • Frank Tang's avatar
      Fix "japanese" and "chinese" calendar · be3550bf
      Frank Tang authored
      Roll the icu to include the fix. The roll include previously
      mistakenly filter out required resources.
      Fix "japanese" under "ja" and calendar: "chinese" under "zh"
      Depends on https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2433166
      
      This CL prepare for such landing:
      1. Add test to show the correct result.
      2. Wrap the number format static cast to DecimalFormat only if
         the concrete class is DecimalFormat. This is needed after the landing
         because the new resource enable other subclass of NumberFormat.
      3. Change test to allow the additional numberingSystems.
      
      Roll the the DEPS of chromium in
      https://chromium-review.googlesource.com/c/chromium/src/+/2437820
      
      Bug: v8:10960
      Change-Id: Ib10b11862a093d1d487070f79556505bfc10bcc5
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432801Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Frank Tang <ftang@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70253}
      be3550bf
    • Dominik Inführ's avatar
      [heap] Update path of xml file in chromium for GarbageCollectionReason · 0e127b12
      Dominik Inführ authored
      Change-Id: Ib9956fb8ad6a129bf0df0775bc1e691a059cbd27
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442614
      Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70252}
      0e127b12