[pull] main from v8:main #625
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
This pr fixes remaining "zero-extend" asserts/failures for tests in debug mode. Change-Id: Iae1ba2b41300d2817a0dc0d224b85e68faa4d2ab Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5899038 Reviewed-by: Ji Qiu <[email protected]> Commit-Queue: Yahan Lu <[email protected]> Reviewed-by: Yahan Lu <[email protected]> Cr-Commit-Position: refs/heads/main@{#96496}
Rolling build: https://chromium.googlesource.com/chromium/src/build/+log/9061d30..6d08a23 Rolling buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/0a905dc..7548034 Rolling third_party/abseil-cpp: https://chromium.googlesource.com/chromium/src/third_party/abseil-cpp/+log/0058663..db7cdfa Rolling third_party/boringssl/src: https://boringssl.googlesource.com/boringssl/+log/d0a1756..905c390 Rolling third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/cd2f5c4..9109ae4 Rolling third_party/libc++/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/f114473..283f1aa Rolling tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/7566fe8..c6e85a7 Roll created at https://cr-buildbucket.appspot.com/build/8734495702353047825 Change-Id: Ic52acc066983d80848392782e484b504dc978ef3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921307 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96497}
Rolling third_party/fuzztest: https://chromium.googlesource.com/chromium/src/third_party/fuzztest/+log/3803fe5..f9f9e5f ssci: canonicalize / backfill dependencies managed by DEPS (Jiewei Qian) https://chromium.googlesource.com/chromium/src/third_party/fuzztest/+/f9f9e5f Roll created at https://cr-buildbucket.appspot.com/build/8734491925434906017 Cq-Include-Trybots: luci.v8.try:v8_linux64_asan_centipede_compile_dbg Change-Id: I6e9a0bbf6661673556eec4f91871a85be6dcd78d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5919654 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96498}
We might be setting an element in a TypedArray which is not the lookup start object but somewhere up the prototype chain. In this case, we should only redo the bounds check (not the full lookup) after the value conversion. Bug: v8:11111, 371239173 Change-Id: Ib8155a1e55ccc7c7d604f9592d37e0891b7665c5 Fixed: 371239173 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5904381 Reviewed-by: Shu-yu Guo <[email protected]> Commit-Queue: Marja Hölttä <[email protected]> Cr-Commit-Position: refs/heads/main@{#96499}
The 'assert' syntax has been deprecated for 3 milestones with a warning message saying it will removed in 12.6. This CL: - Removes the --harmony-import-assertions flag and support for the assert keyword - Rewords error messages to refer to attributes - Deprecates v8::ModuleRequest::GetImportAssertions() See https://groups.google.com/a/chromium.org/g/blink-dev/c/ZHvzLaJZRvo/m/FgNDBjrtBQAJ Bug: 40643756 Change-Id: I75832917867278e12e717053f4a43c14229529fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5507047 Commit-Queue: Shu-yu Guo <[email protected]> Reviewed-by: Marja Hölttä <[email protected]> Cr-Commit-Position: refs/heads/main@{#96500}
- Enable pointer compression - Enable short builtin calls - Enable external code space These features have been supported by loong64 port for a long time, and now enable them can provide about 10% gain on JetStream 2.1. Besides enable these features can provide better compatibility and security on loong64 port. Change-Id: Id1f4ffaf4f1a7335d8df8c7f3e12af7883060e8d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5922615 Reviewed-by: Michael Lippautz <[email protected]> Commit-Queue: Michael Lippautz <[email protected]> Auto-Submit: Zhao Jiazhong <[email protected]> Cr-Commit-Position: refs/heads/main@{#96501}
Context: https://chromium-review.googlesource.com/c/v8/v8/+/5904063 The StackFrameIterator can now implicitly use handles, disable it explicitly in one more place that was missed in the original CL. [email protected] Fixed: 372298921 Change-Id: I663d0a4850a4b9c66f164d63843b932ce7c6b0f9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921733 Commit-Queue: Thibaud Michaud <[email protected]> Reviewed-by: Dominik Inführ <[email protected]> Cr-Commit-Position: refs/heads/main@{#96502}
`test/test262/tools/v8_exporter.py` and `v8_importer.py` should do the sync job. Change-Id: If070fef0656d48dda6f5284fd4133965f5a2e1bf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5904048 Reviewed-by: Shu-yu Guo <[email protected]> Commit-Queue: Chengzhong Wu (legendecas) <[email protected]> Cr-Commit-Position: refs/heads/main@{#96503}
PrintHeapObjectHeaderWithoutMap() is used on strings which can be allocated in the shared space. Bug: 336738728, 372510372 Change-Id: Ieebb0111394c0ff9e3bf4acc1dd16a28da2eed1e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920201 Auto-Submit: Dominik Inführ <[email protected]> Commit-Queue: Michael Lippautz <[email protected]> Reviewed-by: Michael Lippautz <[email protected]> Cr-Commit-Position: refs/heads/main@{#96504}
Make sure we validate all supertype indices before following any supertype chains. Fixed: 372067240 Change-Id: I55f66996bcb3d72e06e0f12a2e8743446a1577f2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921157 Auto-Submit: Jakob Kummerow <[email protected]> Reviewed-by: Matthias Liedtke <[email protected]> Commit-Queue: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/heads/main@{#96505}
This patch applies the Canonical-* refactoring to most of the internals of the TypeCanonicalizer, which requires introducing canonicalized versions of StructType, ArrayType, and FunctionSig. Changes to surrounding code are kept minimal; more to follow. Bug: 366180605 Change-Id: I754aef78c4806e7fc12d85209c8f2dc46663b6e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920916 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/heads/main@{#96506}
Bug: 363975785 Change-Id: I6bf04df3d3238662f0ebccc51edac0eaa4dcbdca Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5904097 Commit-Queue: Stephen Röttger <[email protected]> Reviewed-by: Daniel Lehmann <[email protected]> Cr-Commit-Position: refs/heads/main@{#96507}
If, before Phi untagging, we have something like:
17: LoadHoleyFixedDoubleArrayElement [n12:(x), n13:(x)]
20: HoleyFloat64ToTagged [n17:(x)]
...
21: φᵀ r0 (n20, n31)
...
40: CheckedNumberOrOddballToFloat64(Number) [n21:(x)]
41: StoreDoubleField(0xc) [n37:(x), n40:(x)]
Then, after Phi untagging, before this CL, we would get:
17: LoadHoleyFixedDoubleArrayElement [n12:(x), n13:(x)]
...
21: φʰᶠ r0 (n17, n44)
...
40: HoleyFloat64ToMaybeNanFloat64
41: StoreDoubleField(0xc) [n37:(x), n40:(x)]
Before Phi untagging, if 17 loaded a hole, then 40 would
deopt. However, after Phi untagging, 40 happily silences the NaN hole,
and we thus end up storing NaN instead of the hole.
This CL fixes this cases by using CheckedHoleyFloat64ToFloat64 instead
of HoleyFloat64ToMaybeNanFloat64 when updating a
CheckedNumberOrOddballToFloat64 that did not allow Oddballs.
Bug: v8:7700
Change-Id: I6b8ad255e14bbbd34d0969d54dc770d18111e06f
Fixed: chromium:367814188
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920617
Commit-Queue: Olivier Flückiger <[email protected]>
Reviewed-by: Olivier Flückiger <[email protected]>
Auto-Submit: Darius Mercadier <[email protected]>
Cr-Commit-Position: refs/heads/main@{#96508}
This reverts commit ddeb193. Reason for revert: string-unpack-code-SP/Startup regresses by 6%. See https://chromeperf.appspot.com/group_report?rev=96381 Original change's description: > [regexp] Reduce space/gc overhead for caches > > Instead of eager-allocation and clearing all FixedArray slots in the > MarkCompactPrologue, lazy-allocate and clear only the root array slot. > > Drive-by: shrink the caches from length 256 to 64. > Change-Id: If0cb116e0a3c0fb2446dac9a3a187b8605ffe647 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5892733 > Reviewed-by: Dominik Inführ <[email protected]> > Commit-Queue: Jakob Linke <[email protected]> > Auto-Submit: Jakob Linke <[email protected]> > Cr-Commit-Position: refs/heads/main@{#96381} Change-Id: Ia4dc87ab19c4771f5e9fc869a32f8bfc9ff77129 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5923493 Auto-Submit: Jakob Linke <[email protected]> Commit-Queue: Dominik Inführ <[email protected]> Bot-Commit: Rubber Stamper <[email protected]> Reviewed-by: Dominik Inführ <[email protected]> Cr-Commit-Position: refs/heads/main@{#96509}
Change-Id: Ie81f6b487b84c10cbdb428cd8519e40f3d72098d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921045 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Milad Farazmand <[email protected]> Cr-Commit-Position: refs/heads/main@{#96510}
- DisableScope now actually emites a "disabled-by-default-foo" scope that can be enabled. - Add more scopes to sweeper to allow profiling which sweeping phases consume time. Bug: 372512096 Change-Id: I3a55b596544fc344ead90e2bd68f56b7aba09079 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920239 Commit-Queue: Michael Lippautz <[email protected]> Reviewed-by: Omer Katz <[email protected]> Cr-Commit-Position: refs/heads/main@{#96511}
We want to change the JS calling convention so that the caller passes the dispatch handle to the callee. This will for example allow the callee to determine the total number of arguments (which depends on the formal parameter count of the invoked function). This CL is a first step in that direction: we define a new kJavaScriptCallDispatchHandleRegister which the caller must set to the dispatch handle of the called function. Bug: 40931165 Change-Id: I6534143e9c4d5042ed84c869f1a0812e7cc5d765 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5857400 Reviewed-by: Igor Sheludko <[email protected]> Commit-Queue: Samuel Groß <[email protected]> Cr-Commit-Position: refs/heads/main@{#96512}
The wasm-to-js wrapper tierup currently does not handle signatures with indexed types correctly if the WebAssembly instance from which the JavaScript function is called is different than the WebAssembly instance that imported the JavaScript function initially. With this CL the wrapper tierup gets disabled in that case until tierup gets fixed eventually. [email protected] Bug: 371565065 Change-Id: I75ddeced30defea332cbeb1636d0f249e8ef3083 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921410 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Andreas Haas <[email protected]> Cr-Commit-Position: refs/heads/main@{#96513}
Adds a new WasmCodePtr type that resolves to Uint32 or UintPtr based on if the WasmCodePointerTable is enabled and adds it to the CallTarget union. Bug: 363975785 Change-Id: Iefa21fdd21b8e1833068be37f13c82e6f0129e10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5904116 Reviewed-by: Nico Hartmann <[email protected]> Reviewed-by: Daniel Lehmann <[email protected]> Commit-Queue: Stephen Röttger <[email protected]> Cr-Commit-Position: refs/heads/main@{#96514}
Use the zone allocator to keep track on unresolved branches, via a new `ZoneAbslBTreeMap` wrapper for `absl::btree_map`. To do this, we need assembler users to pass down a zone. If a zone is available, it should be passed down to the macro-assembler or assembler. Otherwise, assemblers need at least an `AccountingAllocator` to create a local zone. To do this, we introduce a `MaybeAssemblerZone zone` parameter to all assemblers, which is created implicitly from either a `Zone*` or `AccountingAllocator*`. Then only the arm64 assembler uses it, and optionally creates a local zone if only an accounting allocator is present. For compatibility, given the Zone is only used on Arm64, we keep the old constructors around for non-Arm64 architecture-specific code. Bug: 347266976 Change-Id: I6484ee96275ff5a7e675baa25ed7704edcf11cdd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5713169 Reviewed-by: Leszek Swirski <[email protected]> Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Pierre Langlois <[email protected]> Cr-Commit-Position: refs/heads/main@{#96515}
The previous version of the flag-contradiction resolution for fuzzing only handled flags that are off by default, e.g. cycles like: A->C && B->!C. There are a few cases with cycles resulting from one flag on by default like !A->!C && B->C. There are currently no cases with two contradictory flags on by default. This change simplifies the contradiction resolution by checking if the listed flags deviate from their default values. This doesn't alter the behavior for pairs of off-by-default flags, but handles the few cases with one on-by-default flag. The currently configured contradictions are all auto-generated by a script that checks all possible boolean flag combinations, which now also includes the --no- version of each flag. Manually added contradictions are listed separately. Bug: 371233028 Change-Id: Ibbadd6f97db449129e80e5666a5d494a3bc46bc3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5923494 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/heads/main@{#96516}
This extends the update-wasm-spec-tests script quite a bit to - consider all subdirectories for spec tests, not just "simd", and - put the tests in the respective subdirectory in V8, instead of having all tests on the top level. This requires listing each file separately and running the "run.py" script separately, because "run.py" will place the output JS files all in the same directory independent of the source directory. [email protected] Change-Id: I40bd6384edfa7ba771094b653116e846467572d8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921412 Commit-Queue: Clemens Backes <[email protected]> Reviewed-by: Thibaud Michaud <[email protected]> Cr-Commit-Position: refs/heads/main@{#96517}
Instead of only checking if a test file is identical to the version in the spec repo, do also check if there was any change in the proposal repo since it branched from the spec repo. This skips tests which have been updated in the spec repo, but not in the proposal repo. The version in the proposal repo then often fails until the proposal is rebased. [email protected] Change-Id: I6aa82a87822533bf1cd81c6d36f834092e746ba2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920423 Commit-Queue: Clemens Backes <[email protected]> Reviewed-by: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/heads/main@{#96518}
Rolling third_party/boringssl/src: https://boringssl.googlesource.com/boringssl/+log/905c390..0f55aa8 Rolling third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/9109ae4..0ab5223 Rolling third_party/libunwind/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/71735e8..87f1910 Rolling tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/c6e85a7..c8b0e5b Rolling tools/luci-go: git_revision:78b3b3ca47e64b3280a5dd5b83c23ce89f04d328..git_revision:ff7417442432e6669b74c02c63d61834f865aa77 Rolling tools/luci-go: git_revision:78b3b3ca47e64b3280a5dd5b83c23ce89f04d328..git_revision:ff7417442432e6669b74c02c63d61834f865aa77 Roll created at https://cr-buildbucket.appspot.com/build/8734450404591523185 Change-Id: Idbe2b0bcd8618ed5f4a25f986bca3aa086fb1408 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920010 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96519}
Introduce macros that choose the right TLS mode depending on the build mode similar to renderer/platform/heap/thread_local.h in Blink. This CL also then uses these macros on g_current_isolate_ and g_current_local_heap_. Bug: 336738728 Change-Id: Ia97cf965dc76c2cb3af59f945036f2a7b105fc3a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920088 Reviewed-by: Michael Lippautz <[email protected]> Commit-Queue: Dominik Inführ <[email protected]> Cr-Commit-Position: refs/heads/main@{#96520}
This change supports emitting source and method events to ETW on demand, specifically when the isenabled flag of the ETW callback method is 2. Relevant documentation is here: https://learn.microsoft.com/en-us/windows/win32/api/evntprov/nc-evntprov-penablecallback Since the events are produced from the isolate thread, the callback now blocks during an isenabled==2 callback until the isolates have written the events or a timeout expires. Bug: 340621497 Change-Id: I8defee52928bfd8b1f8032c61034bf81f170a0ee Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5918068 Auto-Submit: Bo Cupp <[email protected]> Reviewed-by: Seth Brenith <[email protected]> Commit-Queue: Seth Brenith <[email protected]> Reviewed-by: Camillo Bruni <[email protected]> Cr-Commit-Position: refs/heads/main@{#96521}
This reverts commit 9baf91c. Reason for revert: Potentially causes chromeos release bot roll failures: https://ci.chromium.org/ui/p/chromium/builders/try/linux-chromeos-rel/2154649/overview Original change's description: > [common] Introduce macros for faster TLS usage > > Introduce macros that choose the right TLS mode depending on the > build mode similar to renderer/platform/heap/thread_local.h in Blink. > > This CL also then uses these macros on g_current_isolate_ and > g_current_local_heap_. > > Bug: 336738728 > Change-Id: Ia97cf965dc76c2cb3af59f945036f2a7b105fc3a > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920088 > Reviewed-by: Michael Lippautz <[email protected]> > Commit-Queue: Dominik Inführ <[email protected]> > Cr-Commit-Position: refs/heads/main@{#96520} Bug: 336738728 Change-Id: I74173e4dcbc49061fa06f069741fefd7cbc6e6fb No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5923488 Commit-Queue: Rubber Stamper <[email protected]> Bot-Commit: Rubber Stamper <[email protected]> Auto-Submit: Deepti Gandluri <[email protected]> Cr-Commit-Position: refs/heads/main@{#96522}
Change-Id: Idb95536615d7338836561d851369ac5cc35fbac8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5923492 Reviewed-by: Ji Qiu <[email protected]> Commit-Queue: Ji Qiu <[email protected]> Cr-Commit-Position: refs/heads/main@{#96523}
…S calls Port commit f26f638 Bug: 40931165, 42204201, 342297062 Change-Id: I700fe00d0f81314cd0a945839a70c0c5e54db2c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5912873 Reviewed-by: Ji Qiu <[email protected]> Commit-Queue: Ji Qiu <[email protected]> Auto-Submit: Yahan Lu <[email protected]> Cr-Commit-Position: refs/heads/main@{#96524}
Rolling build: https://chromium.googlesource.com/chromium/src/build/+log/6d08a23..99d8d6f Rolling buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/7548034..9807e11 Rolling third_party/boringssl/src: https://boringssl.googlesource.com/boringssl/+log/0f55aa8..4bc2b66 Rolling third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/0ab5223..a31b552 Rolling third_party/libc++/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/283f1aa..6e4ed19 Rolling third_party/libc++abi/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/975ef56..406418b Roll created at https://cr-buildbucket.appspot.com/build/8734405104935126017 Change-Id: Id7e6de5faf1f99336e13c09ebbfb0f4e1e4fab91 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5924145 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96525}
Fixed: chromium:359266991 Bug: chomium:42204525 Change-Id: I26dc66ef208b0134cc885cd3f82821dc139218ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5909627 Reviewed-by: Nico Hartmann <[email protected]> Auto-Submit: Darius Mercadier <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/heads/main@{#96526}
The invariant that loops should have a single incoming forward edge
still stands.
However, now, when multiple Gotos are emitted and are going to the
same loop header, the Assembler takes care of introducing a new
"single_loop_predecessor" block that acts as the single forward
predecessor for the loop, and where all predecessors are routed to.
This is needed in particular when we have a graph like this:
| |-------------------------|
| | |
| | |
+-- loop 1 ----+ |
| ... | |
| Goto | |
+--------------+ |
| |
| |
+----------------+ |
| Call | |
| CheckException | |
+----------------+ |
/ \ |
/ \ |
/ \ |
+-----------------+ +------------------+ |
| DidntThrow | | CatchBlockBegin | |
| .... | | ... | |
| Goto | | Goto | |
+-----------------+ +------------------+ |
| | |
| | |
| |---------| | backedge |
| | | |---------------|
| | |
+-- loop 2 -------+ |
| ... | |
| Goto | |
+-----------------+ |
| |
| |
| backedge |
|---------------|
Here, as far as Turboshaft is concerned, loop 1 doesn't have any inner
loops, because loop 2 is an infinite loop that never goes back to the
header of loop 1 (actually, it doesn't even have to be an infinite
loop: it could also just contain a return). So, Turboshaft can unroll
loop 1.
The other thing that come into play is how CheckException / DidntThrow
/ CatchBlockBegin are processed by CopyingPhase. In
AssemblerOutputGraphCheckException, the CopyingPhase emits the
CheckException, then Binds the DidntThrow block and inlines the old
DidntThrow block in it (cf
https://source.chromium.org/chromium/chromium/src/+/main:v8/src/compiler/turboshaft/copying-phase.h;l=908-910;drc=618cea5a4ba57d7442880d20000628389da34e55).
So, when unrolling loop 1 in the drawing above, we end up duplicating
the DidntThrow block n times (where n is the number of time we unroll
the loop), and all of them produce a Goto going to the loop header of
loop 2.
So far, because of how graphs are built, it seems that this problem
only affects graphs built from Maglev. However, I wouldn't be
surprised if Wasm graphs or JS graphs coming from Turbofan end up
at some point being subject to this bug.
Fixed: chromium:358461173
Bug: chomium:42204525
Change-Id: I93afef0c0642c83ede142446037f27da73990f40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5912940
Reviewed-by: Matthias Liedtke <[email protected]>
Auto-Submit: Darius Mercadier <[email protected]>
Reviewed-by: Nico Hartmann <[email protected]>
Commit-Queue: Darius Mercadier <[email protected]>
Cr-Commit-Position: refs/heads/main@{#96527}
In particular, when the generator context variable is a Phi of the current block, it shouldn't be used directly as an input to another Phi in the same block. Bug: chomium:42204525 Change-Id: I6b5719dcd939ba803d45b7b6a3ef100744b80529 Fixed: chromium:358957666 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5913526 Reviewed-by: Nico Hartmann <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/heads/main@{#96528}
This came up as an issue because there is currently a missmatch between Maglev (which has too conservative effects for CreateFunctionContext) and Turboshaft (which has more precise effects), which lead to DCHECK failures. Bug: chomium:42204525 Change-Id: I9f89229b603dc7696d9c46875be41ec3a4e5f8ec Fixed: chromium:361124378 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5913313 Reviewed-by: Victor Gomes <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/heads/main@{#96529}
Continuing the refactoring work towards using explicit C++ types for canonicalized Wasm types. To keep the CL size manageable, this uses some fairly ugly casts at the boundary between areas it touches and areas it leaves for follow-up CLs. Due to the way C++ subtyping works, we don't get silent automatic upcasting between CanonicalSig and FunctionSig. Bug: 366180605 Change-Id: I05d278a04a691d2de82ec5382aefaa6b53d3de32 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920917 Reviewed-by: Clemens Backes <[email protected]> Auto-Submit: Jakob Kummerow <[email protected]> Reviewed-by: Matthias Liedtke <[email protected]> Commit-Queue: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/heads/main@{#96530}
- The default nullexternref should be null instead of undefined - The default exnref/nullexnref should be null instead of wasm_null [email protected] Fixed: 372285204,372269618 Change-Id: Id5addce2b196f7ba81aac3c2dd9447a91ed2ce2b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5922878 Commit-Queue: Thibaud Michaud <[email protected]> Reviewed-by: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/heads/main@{#96531}
A MinorGCJob could trigger a minor GC during incremental marking and result in premature finalization of a major GC. Bug: 365694581 Change-Id: Icca5b651645d681d4bf246a61543a78fd19229aa Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5923781 Commit-Queue: Omer Katz <[email protected]> Reviewed-by: Michael Lippautz <[email protected]> Cr-Commit-Position: refs/heads/main@{#96532}
This adds some documentation and renames variables to make it more clear what the WasmImportData's call_origin is and what we use it for. It also splits the two involved `WasmTrustedInstanceData` in `Runtime_TierUpWasmToJSWrapper`. [email protected] Change-Id: Ief73af327e9219a5617f9f6151bc8c66403b007c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920407 Commit-Queue: Clemens Backes <[email protected]> Reviewed-by: Andreas Haas <[email protected]> Cr-Commit-Position: refs/heads/main@{#96533}
When a background deserialize task receives the source text, it looks up that source in the isolate cache and prepares a background merge with the matching in-memory cached script. However, we might have a source mismatch between the source text and the serialized data; in this case, the background merge will end up trying to merge incompatible scripts and crashing. Since we only start the background merge when the source text is available, we can also at this moment sanity check the source hash. This is a weak hash, so it won't prevent all issues, but it does at least make this code more robust. Change-Id: I3a5792755747e3d22cf1d75aa650c97a7f429de1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920444 Auto-Submit: Leszek Swirski <[email protected]> Reviewed-by: Toon Verwaest <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#96534}
The code clobbers XMM6/XMM7, which are callee saved registers on Windows. Disable this code path until it's fixed properly. Bug: 369880653 Change-Id: I49d7ba39e4de761fcf1153ea36261ed1e8ee9945 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5924355 Commit-Queue: Michael Lippautz <[email protected]> Auto-Submit: Hans Wennborg <[email protected]> Reviewed-by: Igor Sheludko <[email protected]> Reviewed-by: Michael Lippautz <[email protected]> Cr-Commit-Position: refs/heads/main@{#96535}
IntToCString never needs 100 chars for the output. 12 is enough. Change-Id: I93dca4a02025fb1ca6d730085157a3ee28cb6414 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921604 Reviewed-by: Michael Lippautz <[email protected]> Commit-Queue: Michael Lippautz <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Auto-Submit: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#96536}
... an experimental Api for checking whether there is an exception pending in V8 or in topmost v8::TryCatch handler. Bug: 328104148 Change-Id: I4f8502924c40a26346962eb3896988ef0dd5b272 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921469 Commit-Queue: Igor Sheludko <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Reviewed-by: Toon Verwaest <[email protected]> Auto-Submit: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/heads/main@{#96537}
... and use it when detecting a signature mismatch during JS calls. Bug: 40931165 Change-Id: I54c2c3048de79dc5165edb953dfaa4a6c83207f6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5925256 Commit-Queue: Samuel Groß <[email protected]> Reviewed-by: Igor Sheludko <[email protected]> Cr-Commit-Position: refs/heads/main@{#96538}
Certain GN configurations seem to need an explicit template
instantiation for {CreateMachineSignature}.
Change-Id: I2fc4233c1d45d58bf183452459f9f323be7dc6c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921160
Auto-Submit: Jakob Kummerow <[email protected]>
Commit-Queue: Jakob Kummerow <[email protected]>
Reviewed-by: Clemens Backes <[email protected]>
Commit-Queue: Clemens Backes <[email protected]>
Cr-Commit-Position: refs/heads/main@{#96539}
We don't need to walk all native contexts anymore since we can quickly get the right native context from the metamap. Change-Id: Ib0d2694fe334eac5a9de4c07c36bd1554e8388e5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920621 Reviewed-by: Igor Sheludko <[email protected]> Commit-Queue: Toon Verwaest <[email protected]> Auto-Submit: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#96540}
Change-Id: I6e0ff62769cd428b06e4019b49a2522e35612f45 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5903717 Commit-Queue: Liviu Rau <[email protected]> Auto-Submit: Jiewei Qian <[email protected]> Reviewed-by: Liviu Rau <[email protected]> Reviewed-by: Toon Verwaest <[email protected]> Cr-Commit-Position: refs/heads/main@{#96541}
So far, `x >>> 0` was optimized during the translation to `x`, but this means that we couldn't track both the representation of `x` and `x >>> 0` (which are different when `x` is Int32 because `x >>> 0` is always Uint32). Bug: chomium:42204525 Change-Id: Ife33d6487f9972c0874d7027d2d42742194ac691 Fixed: chromium:360207713 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921411 Reviewed-by: Nico Hartmann <[email protected]> Commit-Queue: Darius Mercadier <[email protected]> Cr-Commit-Position: refs/heads/main@{#96542}
... since it leads to NaN hole constants being replaced by non-hole NaNs. Bug: chomium:42204525 Change-Id: I21233e0bc21a8879784a1928752dda01ad686feb Fixed: chromium:368725681 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920618 Commit-Queue: Darius Mercadier <[email protected]> Reviewed-by: Nico Hartmann <[email protected]> Cr-Commit-Position: refs/heads/main@{#96543}
The fix for 356196918 caused a dramatic slowdown when compiling certain very large functions. This is because each call to ZeroExtendsWord32ToWord64 did work proportional to the size of the function, and the number of calls could also be proportional to the size of the function. In this updated fix, rather than zeroing the entire phi_states_ array, we correct the incorrect values in that array and leave them for subsequent calls to ZeroExtendsWord32ToWord64. This change also lazily allocates the phi_states_ array and adds a regression test for 356196918. Bug: 369883716, 356196918 Change-Id: I184e789d20d12863cd84e4474f857c56a22ce71f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5906045 Commit-Queue: Seth Brenith <[email protected]> Reviewed-by: Nico Hartmann <[email protected]> Reviewed-by: Stephen Röttger <[email protected]> Cr-Commit-Position: refs/heads/main@{#96544}
Bug: 372269618 Change-Id: I49dd09a4b0fbe5bbd8d39e0fd21addc8537f45a4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5925262 Reviewed-by: Thibaud Michaud <[email protected]> Commit-Queue: Matthias Liedtke <[email protected]> Cr-Commit-Position: refs/heads/main@{#96545}
Rolling third_party/abseil-cpp: https://chromium.googlesource.com/chromium/src/third_party/abseil-cpp/+log/db7cdfa..dc257ad Rolling third_party/boringssl/src: https://boringssl.googlesource.com/boringssl/+log/4bc2b66..be88fd4 Rolling third_party/libunwind/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind/+log/87f1910..efc3baa Roll created at https://cr-buildbucket.appspot.com/build/8734359806549483377 Change-Id: Idd7b4c87fdb77a710d5369c092cfcc943346fc01 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5925117 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96546}
This reverts commit bc0b4db. Reason for revert: Hits a dcheck: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/25981/overview Original change's description: > [runtime] Use CreationContext to find known prototypes > > We don't need to walk all native contexts anymore since we can quickly > get the right native context from the metamap. > > Change-Id: Ib0d2694fe334eac5a9de4c07c36bd1554e8388e5 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920621 > Reviewed-by: Igor Sheludko <[email protected]> > Commit-Queue: Toon Verwaest <[email protected]> > Auto-Submit: Toon Verwaest <[email protected]> > Cr-Commit-Position: refs/heads/main@{#96540} Change-Id: I3e274e987e4c6b97d7996ddbda50ace0698ba2e4 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5921163 Bot-Commit: Rubber Stamper <[email protected]> Auto-Submit: Michael Achenbach <[email protected]> Commit-Queue: Michael Achenbach <[email protected]> Owners-Override: Michael Achenbach <[email protected]> Cr-Commit-Position: refs/heads/main@{#96547}
After a previous patch migrated compiler internals to CanonicalSig, this patch does the same for code handling objects. That removes some of the temporary casts, and should (mostly?) conclude the transition from FunctionSig to CanonicalSig where applicable. Bug: 366180605 Change-Id: I0ea292b66e6c4571546eff178e3f4c22ba454a75 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920449 Reviewed-by: Clemens Backes <[email protected]> Commit-Queue: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/heads/main@{#96548}
crrev.com/c/5889825 added a DCHECK to verify that the new WasmDetectedFeatures system catches all cases; this check sometimes fails, so disable it to avoid disruption until we've fixed it properly. Aside from the check failure itself, there is no impact on observable behavior. Bug: 372840600 Change-Id: I7ed0fc32d64c30a9cf21036c62cd7af239c4c08f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5926069 Commit-Queue: Jakob Kummerow <[email protected]> Commit-Queue: Eva Herencsárová <[email protected]> Reviewed-by: Eva Herencsárová <[email protected]> Auto-Submit: Jakob Kummerow <[email protected]> Cr-Commit-Position: refs/heads/main@{#96549}
Rolling third_party/boringssl/src: https://boringssl.googlesource.com/boringssl/+log/be88fd4..7152433 Rolling third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/a31b552..1e559a2 Rolling tools/luci-go: git_revision:ff7417442432e6669b74c02c63d61834f865aa77..git_revision:7dd39503276dfa4a920102ca77a2f409f2f67655 Rolling tools/luci-go: git_revision:ff7417442432e6669b74c02c63d61834f865aa77..git_revision:7dd39503276dfa4a920102ca77a2f409f2f67655 Roll created at https://cr-buildbucket.appspot.com/build/8734341542427133409 Change-Id: I0fe2d9b8e89a6d3faa3e0c1b123796684002c74a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5925125 Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96550}
Rolling build: https://chromium.googlesource.com/chromium/src/build/+log/99d8d6f..6196650 Rolling buildtools: https://chromium.googlesource.com/chromium/src/buildtools/+log/9807e11..1c99f93 Rolling third_party/boringssl/src: https://boringssl.googlesource.com/boringssl/+log/7152433..c8fafe8 Rolling third_party/libc++/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx/+log/6e4ed19..b6b3d2a Rolling third_party/libc++abi/src: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi/+log/406418b..af20f24 Roll created at https://cr-buildbucket.appspot.com/build/8734314508332281073 Change-Id: I3edf4a1706771628aa5a9236ed8e94bea410f0e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5920990 Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#96551}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )