Skip to content

V
V8
Switch branch/tag
  1. 19 Oct, 2020 10 commits
  3. 18 Oct, 2020 2 commits
  5. 17 Oct, 2020 3 commits
  7. 16 Oct, 2020 25 commits
    • Ng Zhi An's avatar
      [wasm-simd][scalar-lowering] Implement i32x4_dot_i16x8_s · 13414fb8
      Ng Zhi An authored 
      Bug: v8:10993
Change-Id: I9b3cd1499cc9ebb93690e4940e9d94c5f445e315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477432Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70587}
      13414fb8
    • Ng Zhi An's avatar
      [wasm-simd][x64] Prototype store lane · 208578dc
      Ng Zhi An authored 
      Store lane loads a value from memory and replaces a single lane of a
simd value.

This implements store lane for x64 and interpreter.

Bug: v8:10975
Change-Id: Ida79a03e0fd2bc18f2c06687311936b3cb550ed5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2473383Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70586}
      208578dc
    • Ng Zhi An's avatar
      [wasm-simd][liftoff][arm][arm64] Implement i32x4_dot_i16x8_s · 07b3e980
      Ng Zhi An authored 
      Bug: v8:10993
Change-Id: Id767016fe0ecc3357a5f5c106b82e0c1e52b9209
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477734
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70585}
      07b3e980
    • Ng Zhi An's avatar
      [x64] Separate out three-byte opcode decoding · 8e57ef9f
      Ng Zhi An authored 
      Decoding of three-byte opcodes were within the two-byte decoding
function, separate it out, and fix an incorrect comment about us
no having any three-byte opcodes (that is no longer true).

Also un-nest a large if/else out into parent scope.

Test: out/x64.debug/cctest test-disasm-x64/DisasmX64 --random-seed=1

Bug: v8:10933
Change-Id: I494d67ac75cc4500d5f0045f1087b856e6375f82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477426
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70584}
      8e57ef9f
    • Ng Zhi An's avatar
      [wasm-simd][liftoff][ia32][x64] Implement i32x4_dot_i16x8_s · 2bc52ff7
      Ng Zhi An authored 
      Implement i32x4.dot_i16x8_s for Liftoff on on ia32 and x64.
ARM implementation will come later.

Bug: v8:10993
Change-Id: I33b859a21b91023b40d8cf7b9fee110b0d148a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477497Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70583}
      2bc52ff7
    • Ng Zhi An's avatar
      [wasm] Element segments header flag is a u32v · 104cf106
      Ng Zhi An authored 
      See
https://github.com/WebAssembly/bulk-memory-operations/blob/master/proposals/bulk-memory-operations/Overview.md#element-segments.

Together with the changes in https://crbug.com/v8/10810, we can get
these tests pasing now.

Bug: v8:10810
Change-Id: Ib445e9c57f7f7e5e63c9a3b3c192323062204aa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477493Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70582}
      104cf106
    • Ng Zhi An's avatar
      [wasm-simd][x64] Optimize shifts for AVX · 2bc0b357
      Ng Zhi An authored 
      With AVX, we don't need to force dst to be the same as first operand,
this can eliminate some moves.

(On the js file in linked bug, we can eliminate all movs before shifts,
saving ~20 movs.)

Bug: v8:10116
Change-Id: I7951b5d8e42995098ddee2a326d0fe6f183c0fb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477494
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: 's avatarBill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70581}
      2bc0b357
    • Zhao Jiazhong's avatar
      [mips][wasm-simd] Implement I32x4DotI16x8S · bb09b6ac
      Zhao Jiazhong authored 
      Change-Id: Ie187d6ec848414d725b18b9a20be3c65f94f86ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2477752Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#70580}
      bb09b6ac
    • Milad Fa's avatar
      PPC/s390: [wasm-simd] Move i32x4.dot_i16x8_s out of post-mvp · 3aa1e67f
      Milad Fa authored 
      Port 01b8b3e0

Original Commit Message:

    This is merged into the proposal, move it out of post-mvp flags, and
    remove any ifdefs guarding it.

R=zhin@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N

Change-Id: I366adf8f688edbc0ab39543de576f03d4cd979b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480602Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70579}
      3aa1e67f
    • Clemens Backes's avatar
      [wasm][inspector][test] Print opcode names · b38c1369
      Clemens Backes authored 
      It makes inspector tests a lot more readable if the opcode of the pause
location is being printed. Since we already have a list of all opcodes
available in wasm-module-builder.js, we can just reuse that to build a
reverse lookup map.

This CL implements this for single-byte opcodes only, which is enough
for all tests that we currently have. It will have to be extended for
prefixed opcodes once that is being used.

R=thibaudm@chromium.org, kimanh@chromium.org

Change-Id: I085fea99d2f5f2dc6cc084448e5f7444cce5c78b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474789
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarKim-Anh Tran <kimanh@chromium.org>
Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70578}
      b38c1369
    • Michael Lippautz's avatar
      Reland "cppgc-js: Add snapshot for C++ objects" · 063d56e7
      Michael Lippautz authored 
      This reverts commit fba14bde.

Reland fixes:
- const vector<const string> -> const vector<string>

Original message:
The following implements a snapshotting algorithm for C++ objects that
also filters strongly-connected components (SCCs) of only "hidden"
objects that are not (transitively) referencing any non-hidden
objects.

C++ objects come in two versions.
a. Named objects that have been assigned a name through NameProvider.
b. Unnamed objects, that are potentially hidden if the build
   configuration requires Oilpan to hide such names. Hidden objects have
   their name set to NameProvider::kHiddenName.

The main challenge for the algorithm is to avoid blowing up the final
object graph with hidden nodes that do not carry information. For that
reason, the algorithm filters SCCs of only hidden objects, e.g.:
  ...  -> (object) -> (object) -> (hidden) -> (hidden)
In this case the (hidden) objects are filtered from the graph. The
trickiest part is maintaining visibility state for objects referencing
other objects that are currently being processed.

Main algorithm idea (two passes):
1. First pass marks all non-hidden objects and those that transitively
   reach non-hidden objects as visible. Details:
   - Iterate over all objects.
   - If object is non-hidden mark it as visible and also mark parent
     as visible if needed.
   - If object is hidden, traverse children as DFS to find non-hidden
     objects. Post-order process the objects and mark those objects as
     visible that have child nodes that are visible themselves.
   - Maintain an epoch counter (StateStorage::state_count_) to allow
     deferring the visibility decision to other objects in the same
     SCC. This is similar to the "lowlink" value in Tarjan's algorithm
     for SCC.
   - After the first pass it is guaranteed that all deferred
     visibility decisions can be resolved.
2. Second pass adds nodes and edges for all visible objects.
   - Upon first checking the visibility state of an object, all deferred
     visibility states are resolved.

For practical reasons, the recursion is transformed into an iteration.
We do not use plain Tarjan's algorithm to avoid another pass over
all nodes to create SCCs.

Follow ups:
1. Adding wrapper nodes for cpp objects that are wrappables for V8
   wrappers.
2. Adding detachedness information.

Bug: chromium:1056170
Change-Id: Ib47df5c912c57d644d052f209276e9d926cece0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480362
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70577}
      063d56e7
    • Clemens Backes's avatar
      Revert "[heap] Introduce new state in CollectionBarrier" · f35fef14
      Clemens Backes authored 
      This reverts commit 8358ab49.

Reason for revert: TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/33730

Original change's description:
> [heap] Introduce new state in CollectionBarrier
>
> Introduce new state kCollectionStarted in CollectionBarrier. This state
> is used during Heap::PerformGarbageCollection. It stops threads from
> requesting GC when the GC was already started. This happens because a
> background thread only requests the GC after it parked itself - the GC
> could be started in-between those two events.
>
> Bug: v8:10315
> Change-Id: I59cf3d4ea41c7a2c37ffce89c5b057221a2499e0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474858
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70572}

TBR=ulan@chromium.org,dinfuehr@chromium.org

Change-Id: Ia67b1cbb931ce1b965876c7a1bbb09f48b8c7b43
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2480563Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70576}
      f35fef14
    • Etienne Pierre-doray's avatar
      [Heap]: Young generation marking uses Jobs. · 696eeb39
      Etienne Pierre-doray authored 
      Replaces ItemParallelJob by std::vector to hold marking items.
IndexGenerator is used to iterate over evacuation items.
slots_ is moved from items to YoungGenerationMarkingTask to reduce
synchronisation.

Change-Id: Iac7aba215e8ba545c12a9ab6c810d343234fbbbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440830
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70575}
      696eeb39
    • Etienne Pierre-doray's avatar
      [wasm] Avoid lock in BackgroundCompileToken · e6b2d673
      Etienne Pierre-doray authored 
      Most code protected by compilation_scope_mutex_ is already either thread
safe, or could run in parallel. Removing lock reduces contention.
Note that weak_ptr::lock is atomic and thus still prevents deletion
of NativeModule&CompilationStateImpl for the scope of
BackgroundCompileScope.
Related changes:
- BackgroundCompileToken is deleted and publish_queue is moved to
  CompilationStateImpl.
- Some of the (non thread-safe) logic in publish_results is moved into
  PublishCompilationResults so that it is serialized to 1 thread
  running publisher.
- cancellation is handled by an atomic bool and is no longer
  synchronized. This means that compilation may be cancelled while
  a worker thread is still running. That thread would only
  stop once it reaches a new BackgroundCompileScope.

Change-Id: I9651e924857c583d1a0fe5b9ffa99bfd01a8bda4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442192Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70574}
      e6b2d673
    • Ross McIlroy's avatar
      Reland "[TurboProp] Avoid marking the output of a call live in its catch handler" · 0403beb4
      Ross McIlroy authored 
      This is a reland of cdc8d9a5

Skipped tests on gc_stress and fixed CONSTEXPR_DCHECK for gcc.

Original change's description:
> [TurboProp] Avoid marking the output of a call live in its catch handler
>
> The output of a call won't be live if an exception is thrown while the
> call is on the stack and we unwind to a catch handler.
>
> BUG=chromium:1138075,v8:9684
>
> Change-Id: I95bf535bac388940869eb213e25565d64fe96df1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70562}

Bug: chromium:1138075
Bug: v8:9684
Change-Id: I685c94ee2ffcf06658df07fcef06f58c4f01f54b
Cq-Include-Trybots: luci.v8.try:v8_linux64_gcc_compile_dbg
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479009
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70573}
      0403beb4
    • Dominik Inführ's avatar
      [heap] Introduce new state in CollectionBarrier · 8358ab49
      Dominik Inführ authored 
      Introduce new state kCollectionStarted in CollectionBarrier. This state
is used during Heap::PerformGarbageCollection. It stops threads from
requesting GC when the GC was already started. This happens because a
background thread only requests the GC after it parked itself - the GC
could be started in-between those two events.

Bug: v8:10315
Change-Id: I59cf3d4ea41c7a2c37ffce89c5b057221a2499e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474858
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70572}
      8358ab49
    • Maya Lekova's avatar
      Revert "cppgc-js: Add snapshot for C++ objects" · fba14bde
      Maya Lekova authored 
      This reverts commit 02849fd9.

Reason for revert: Breaks Win64 MSVC bot and closes the tree - https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15416

Original change's description:
> cppgc-js: Add snapshot for C++ objects
>
> The following implements a snapshotting algorithm for C++ objects that
> also filters strongly-connected components (SCCs) of only "hidden"
> objects that are not (transitively) referencing any non-hidden
> objects.
>
> C++ objects come in two versions.
> a. Named objects that have been assigned a name through NameProvider.
> b. Unnamed objects, that are potentially hidden if the build
>    configuration requires Oilpan to hide such names. Hidden objects have
>    their name set to NameProvider::kHiddenName.
>
> The main challenge for the algorithm is to avoid blowing up the final
> object graph with hidden nodes that do not carry information. For that
> reason, the algorithm filters SCCs of only hidden objects, e.g.:
>   ...  -> (object) -> (object) -> (hidden) -> (hidden)
> In this case the (hidden) objects are filtered from the graph. The
> trickiest part is maintaining visibility state for objects referencing
> other objects that are currently being processed.
>
> Main algorithm idea (two passes):
> 1. First pass marks all non-hidden objects and those that transitively
>    reach non-hidden objects as visible. Details:
>    - Iterate over all objects.
>    - If object is non-hidden mark it as visible and also mark parent
>      as visible if needed.
>    - If object is hidden, traverse children as DFS to find non-hidden
>      objects. Post-order process the objects and mark those objects as
>      visible that have child nodes that are visible themselves.
>    - Maintain an epoch counter (StateStorage::state_count_) to allow
>      deferring the visibility decision to other objects in the same
>      SCC. This is similar to the "lowlink" value in Tarjan's algorithm
>      for SCC.
>    - After the first pass it is guaranteed that all deferred
>      visibility decisions can be resolved.
> 2. Second pass adds nodes and edges for all visible objects.
>    - Upon first checking the visibility state of an object, all deferred
>      visibility states are resolved.
>
> For practical reasons, the recursion is transformed into an iteration.
> We do not use plain Tarjan's algorithm to avoid another pass over
> all nodes to create SCCs.
>
> Follow ups:
> 1. Adding wrapper nodes for cpp objects that are wrappables for V8
>    wrappers.
> 2. Adding detachedness information.
>
> Change-Id: I6e127d2c6d65e77defe08e39295a2594f463b962
> Bug: chromium:1056170
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467854
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70567}

TBR=ulan@chromium.org,mlippautz@chromium.org,bikineev@chromium.org,omerkatz@chromium.org

Change-Id: I64a2cf2259bdaed81f6e0f92bdcc7a1f0df4d197
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479471Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70571}
      fba14bde
    • Igor Sheludko's avatar
      [runtime] Fix sorted order of DescriptorArray entries · 518d67ad
      Igor Sheludko authored 
      ... and add respective regression tests.

This CL also adds similar regression tests for TransitionArray but it
doesn't have the same issue as DescriptorArray.

Bug: chromium:1133527
Change-Id: I668a90f126d76af0a39816ce8697cb29bc65d01b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465833Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70570}
      518d67ad
    • Pierre Langlois's avatar
      [heap] Make maximum regular code object size a runtime value. · f4376ec8
      Pierre Langlois authored 
      Executable V8 pages include 3 reserved OS pages: one for the writable
header and two as guards. On systems with 64k OS pages, the amount of
allocatable space left for objects can then be quite smaller than the
page size, only 64k for each 256k page.

This means regular code objects cannot be larger than 64k, while the
maximum regular object size is fixed to 128k, half of the page size. As
a result code object never reach this limit and we can end up filling
regular pages with few large code objects.

To fix this, we change the maximum code object size to be runtime value,
set to half of the allocatable space per page. On systems with 64k OS
pages, the limit will be 32k.

Alternatively, we could increase the V8 page size to 512k on Arm64 linux
so we wouldn't waste code space. However, systems with 4k OS pages are
more common, and those with 64k pages tend to have more memory available
so we should be able to live with it.

Bug: v8:10808
Change-Id: I5d807e7a3df89f1e9c648899e9ba2f8e2648264c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2460809Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#70569}
      f4376ec8
    • Ulan Degenbaev's avatar
      Reland "[heap] Refactor marking weak object worklists" · fed3ab6c
      Ulan Degenbaev authored 
      This is a reland of ff61743f

Original change's description:
> [heap] Refactor marking weak object worklists
>
> This CL extracts weak object worklist related code into separate files
> and uses a macro to specify all weak object worklists in a generic way.
>
> The motivation of the refactoring is twofold:
> 1) We can now enforce that each weak object worklist is updated after
>    Scavenge. (Forgetting to define the update function causes a link
>    time error.)
> 2) The reduced boilerplate will be useful for transitioning to the
>    new ::heap::base::Worklist.
>
> Change-Id: Ic80a7ccca010c09370d6525f43d78de24192f8ea
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442624
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70308}

Change-Id: I8a9f39e53ef4123dd28a1da6f7992cdff341f694
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2461741Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70568}
      fed3ab6c
    • Michael Lippautz's avatar
      cppgc-js: Add snapshot for C++ objects · 02849fd9
      Michael Lippautz authored 
      The following implements a snapshotting algorithm for C++ objects that
also filters strongly-connected components (SCCs) of only "hidden"
objects that are not (transitively) referencing any non-hidden
objects.

C++ objects come in two versions.
a. Named objects that have been assigned a name through NameProvider.
b. Unnamed objects, that are potentially hidden if the build
   configuration requires Oilpan to hide such names. Hidden objects have
   their name set to NameProvider::kHiddenName.

The main challenge for the algorithm is to avoid blowing up the final
object graph with hidden nodes that do not carry information. For that
reason, the algorithm filters SCCs of only hidden objects, e.g.:
  ...  -> (object) -> (object) -> (hidden) -> (hidden)
In this case the (hidden) objects are filtered from the graph. The
trickiest part is maintaining visibility state for objects referencing
other objects that are currently being processed.

Main algorithm idea (two passes):
1. First pass marks all non-hidden objects and those that transitively
   reach non-hidden objects as visible. Details:
   - Iterate over all objects.
   - If object is non-hidden mark it as visible and also mark parent
     as visible if needed.
   - If object is hidden, traverse children as DFS to find non-hidden
     objects. Post-order process the objects and mark those objects as
     visible that have child nodes that are visible themselves.
   - Maintain an epoch counter (StateStorage::state_count_) to allow
     deferring the visibility decision to other objects in the same
     SCC. This is similar to the "lowlink" value in Tarjan's algorithm
     for SCC.
   - After the first pass it is guaranteed that all deferred
     visibility decisions can be resolved.
2. Second pass adds nodes and edges for all visible objects.
   - Upon first checking the visibility state of an object, all deferred
     visibility states are resolved.

For practical reasons, the recursion is transformed into an iteration.
We do not use plain Tarjan's algorithm to avoid another pass over
all nodes to create SCCs.

Follow ups:
1. Adding wrapper nodes for cpp objects that are wrappables for V8
   wrappers.
2. Adding detachedness information.

Change-Id: I6e127d2c6d65e77defe08e39295a2594f463b962
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467854
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarOmer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70567}
      02849fd9
    • Michael Achenbach's avatar
      [fuzzing] Don't expose OS methods when fuzzing · 082ada05
      Michael Achenbach authored 
      Fuzzers might randomly call OS methods to create or remove
directories. This leads to spurious results when doing differential
fuzzing, but it could be potentially harmful to the system during
normal fuzzing.

This drops OS methods in d8 on fuzzers.

Bug: chromium:1138594
Change-Id: Ia3a8c4e3d06c76ccdc50ead1d361338e13ddf1bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474790Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70566}
      082ada05
    • Victor Gomes's avatar
      [cleanup] Remove parameters accessors from CommonFrame · ee17d001
      Victor Gomes authored 
      Change-Id: Ic54046824d4f3c98caa8381d2ece46c9985a2b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2475734Reviewed-by: 's avatarToon Verwaest <verwaest@chromium.org>
Reviewed-by: 's avatarIgor Sheludko <ishell@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70565}
      ee17d001
    • Michael Achenbach's avatar
      Revert "[TurboProp] Avoid marking the output of a call live in its catch handler" · 56b55f3f
      Michael Achenbach authored 
      This reverts commit cdc8d9a5.

Reason for revert: The regression test is too slow:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/30454

Also gcc failures:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug/9528

Original change's description:
> [TurboProp] Avoid marking the output of a call live in its catch handler
>
> The output of a call won't be live if an exception is thrown while the
> call is on the stack and we unwind to a catch handler.
>
> BUG=chromium:1138075,v8:9684
>
> Change-Id: I95bf535bac388940869eb213e25565d64fe96df1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476317
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70562}

TBR=rmcilroy@chromium.org,neis@chromium.org

Change-Id: I0f6b9378d516a70401fc429fb3612bbf962b0fb2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1138075
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479007Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70564}
      56b55f3f
    • Zhao Jiazhong's avatar
      [mips64][builtins] Fix removing all arguments from the stack · 8557840b
      Zhao Jiazhong authored 
      The sp register's value should be modified to drop all the args
from the stack.

Change-Id: I7410d325523427d765eb0640e14acede5589284f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2479222Reviewed-by: 's avatarVictor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70563}
      8557840b