The option to "enable serialization" actually only enables the
roots-relative register addressing. In the spirit of expressing specific
behaviors rather than isolate-wide modes, rename this flag to what
it actually does.
R=bmeurer@chromium.org
Change-Id: Iacbad8064c8f38b364db2a0bdd0e83ef4a265867
Reviewed-on: https://chromium-review.googlesource.com/1113742
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54016}
Unittests may take compilation dependencies without committing them,
because no code object is ever created. This CL ensures that after each
unittest, all uncommitted dependencies are discarded. Without this,
the compilation dependencies leaks pointers to already freed C++ objects
between test-cases, which are then accessed after free if a unittest
invalidates the corresponding compilation dependency.
Bug: v8:851886
Change-Id: I55d989c42d45f5d713613bc1d3f86e00bd1b8d21
Reviewed-on: https://chromium-review.googlesource.com/1113313
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53998}
This changes the WebAssembly pipeline to no longer expect source
position tables for {WasmCode} to be allocated on the GC'ed heap.
R=clemensh@chromium.org
BUG=v8:7721
Change-Id: Ib2c6e3d0840e47b83809f60519c0d1b94af186af
Reviewed-on: https://chromium-review.googlesource.com/1109686
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53961}
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
Since sp is a special register for arm64, we need to add a mechanism to print
its name in RegisterConfiguration.
This is a port of https://chromium-review.googlesource.com/1055568 that made
the same change for arm.
It also ports the tests added in
https://chromium-review.googlesource.com/1099068 to arm and arm64.
Bug: v8:7844
Change-Id: I5adc672ff877b9888ef755e8e60e4eabbc61061b
Reviewed-on: https://chromium-review.googlesource.com/1107810
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#53889}
This test was not adapted for the jump table yet.
R=mstarzinger@chromium.org
Bug: v8:7867
Change-Id: Ifd03899b0757972525dcc54f04949635d03fa493
Reviewed-on: https://chromium-review.googlesource.com/1107624
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53878}
This is a reland of 733b7c8258.
The arm64 bug was fixed in https://crrev.com/c/1105051.
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=titzer@chromium.org,mstarzinger@chromium.org
Bug: v8:7758
Change-Id: I68555230c6db97e70f0b8fef784188f55ee04794
Reviewed-on: https://chromium-review.googlesource.com/1105158
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53829}
This removes several GetIsolate calls from Map:: methods and instead
passes the Isolate in. This is a very noisy change but mostly it is just
adding Isolate to method declarations and forwarding it on.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I159505e50a9462d01066f14da0fcc29762bd5531
Reviewed-on: https://chromium-review.googlesource.com/1075267
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53826}
This reverts commit 733b7c8258.
Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com
Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7758
Reviewed-on: https://chromium-review.googlesource.com/1105157
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53807}
This introduces the concept of a jump table for WebAssembly, which is
used for every direct and indirect call to any WebAssembly function.
For lazy compilation, it will initially contain code to call the
WasmCompileLazy builtin, where it passes the function index to be
called.
For non-lazy-compilation, it will contain a jump to the actual code.
The jump table allows to easily redirect functions for lazy
compilation, tier-up, debugging and (in the future) code aging. After
this CL, we will not need to patch existing code any more for any of
these operations.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7758
Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
Reviewed-on: https://chromium-review.googlesource.com/1097075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53805}
Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.
Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.
This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}
For now we keep params since NewSloppyArguments uses it to figure out how to structure the arguments object. We should be able to only keep params in case we have a special case though. E.g., leaf functions with no duplicate parameters don't need special treatment. Or we simply encode the parameter index for each context slot. (I'm not sure duplicates need special treatment.)
Change-Id: Icfbb844e5331aeb93c50bc07edd58246c8aeb1d7
Reviewed-on: https://chromium-review.googlesource.com/1104420
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53802}
Return the raw Object* when accessing the constant pool of bytecode
with the bytecode array accessor, to avoid needing an isolate there.
If the returned value needs to be a handle, we create the handle
later.
Bug: v8:7786
Change-Id: Ifeac2a06f0383230bf7e9bfc1b751d9750ecfb51
Reviewed-on: https://chromium-review.googlesource.com/1102334
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53784}
The stack check instruction sequence is pattern-matched in
instruction-selector-{ia32,x64}.cc and replaced with its own specialized
opcode, for which we later generate an efficient stack check in a single
instruction.
But this pattern matching has never worked for CSA-generated code. The
matcher expected LoadStackPointer in the right operand and the external
reference load in the left operand. CSA generated exactly vice-versa.
This CL does a few things; it
1. reverts the recent change to load the
limit from smi roots:
Revert "[csa] Load the stack limit from smi roots"
This reverts commit 507c29c940.
2. tweaks the CSA instruction sequence to output what the matcher
expects.
3. refactors stack check matching into a new StackCheckMatcher class.
4. typifies CSA::PerformStackCheck as a drive-by.
Bug: v8:6666,v8:7844
Change-Id: I9bb879ac10bfe7187750c5f9e7834dc4accf28b5
Reviewed-on: https://chromium-review.googlesource.com/1099068
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53737}
This is a reland of 0909dbe3d6.
Added missing V8_EXPORT_PRIVATE to AndroidLogStream.
TBR=mstarzinger@chromium.org
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
Bug: v8:7820
Change-Id: I8164bad78a401dbe4246c9ffcacd050fe511ed58
Reviewed-on: https://chromium-review.googlesource.com/1100636
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53733}
This reverts commit 0909dbe3d6.
Reason for revert: Blocks roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1099143
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,clemensh@chromium.org,bmeurer@chromium.org
Change-Id: Iadadd9a0df10dca0fad647138a83db50148e864d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7820
Reviewed-on: https://chromium-review.googlesource.com/1100635
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53725}
The often used construct {OFStream(stdout)} does not work on Android.
This CL introduces an {StdoutStream} which behaves exactly like
{OFStream(stdout)} on non-android platforms, and redirects to the
Android log on appropriate systems and configurations.
R=mstarzinger@chromium.org
Bug: v8:7820
Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
Reviewed-on: https://chromium-review.googlesource.com/1088911
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53692}
Mutable globals are now included in the wasm v1 spec.
Bug: v8:7625
Change-Id: Ib9b92d8348102f99a3b92820d0057b2c11a1e49a
Reviewed-on: https://chromium-review.googlesource.com/1095650
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53683}
The isolate is mainly used for accounting purposes. As such, it
doesn't need a field in the WasmCodeManager, and cannot have one
if it is to be made isolate independent. Instead, pass the isolate
explicitly in the appropriate cases.
R=mstarzinger@chromium.org
BUG=v8:7424
Change-Id: I539c2b33692e57605a280530bd704ef25269ad0f
Reviewed-on: https://chromium-review.googlesource.com/1073412
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53676}
This CL estimates the sizes of the important managed objects in WASM:
the decoded module {WasmModule}, the native module that contains code
{NativeModule}, and the natively-allocated indirect and import tables
{WasmInstanceNativeAllocations}.
Since Managed<T> updates the isolate's external allocated memory,
it is no longer necessary to do so upon committing or releasing a
native module's memory.
R=mstarzinger@chromium.orgCC=ulan@chromium.org
Bug: v8:7424
Change-Id: Iff4e07d0d328383a925febd654ccbfc95f0930e9
Reviewed-on: https://chromium-review.googlesource.com/1079067
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53675}
This CL inserts NOP instructions a little bit earlier into empty
blocks; this ensures that instructions keep their initial position.
Bug: v8:7327
Change-Id: Idee5269f4fd7fc15c44bda83a2be74e8cff62df8
Reviewed-on: https://chromium-review.googlesource.com/1097078
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53672}
This CL adds a TFS stub for RegExp#test and moves several checks to
the JSCallReducer. In particular, the JSCallReducer checks that
- property {exec} on the regexp is still the original exec
- property {lastIndex} on the regexp is a non-negative smi
The stub does not repeat these checks in release mode.
This effectively means that if the regexp is known, we can perform these
checks at compile time, and get away with a map dependency.
Bug: v8:7779, v8:7200
Change-Id: I0c6d711d4f1d2f6f325a1c02855b0e1b62e014c8
Reviewed-on: https://chromium-review.googlesource.com/1074654
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53630}
Whenever an Isolate is available on a variable, field, or method
parameter, use that instead of GetIsolate(). Also convert simple
cases of the one-argument handle constructor to either use an
available Isolate, or use GetIsolate() if their first parameter
is a variable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I52805905a9ca8729615ead78859f43d5e8f605f1
Reviewed-on: https://chromium-review.googlesource.com/1092853
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53629}
The mock histogram functions cannot be cleared and can be called on
isolate tear down if incremental marking is in progress.
Bug: chromium:850508
Tbr: mlippautz@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I99e52aaa81c863f71e195aeed691b37da9e71da6
Reviewed-on: https://chromium-review.googlesource.com/1093073
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53616}
Since we never extract pools from a {DisjointAllocationPool}, the
{Allocate} method can just return an {AddressRange}, and also {Merge}
just needs to merge a single {AddressRange}.
Drive-by: Make {AddressRange} a proper struct, for DCHECKs and better
accessors.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I19fd02b2c6d8eb5316a5e994835b89be9cfa792b
Reviewed-on: https://chromium-review.googlesource.com/1090723
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53610}
This reverts commit ceb9c8127f.
Reason for revert: Tanks compile time
Original change's description:
> [sfi] Remove SFI function literal id field
>
> SharedFunctionInfos store their original function literal's id. This is
> also their index in the Script's SFI list.
>
> Since the function literal id is only needed for lazy compilation and live
> edit, we can calculate it on-the-fly by linear search in the Script SFI list,
> and save a field on the SFI.
>
> If this regresses compile performance, we could alternatively store the
> function literal id on the preparsed scope data as future work.
>
> Bug: chromium:818642
> Change-Id: I5468cea0e115921f1c864d94e567d749a4349882
> Reviewed-on: https://chromium-review.googlesource.com/1082480
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53523}
TBR=hpayer@chromium.org,leszeks@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:818642
Bug: chromium:850417
Change-Id: If2fd21331b7062532c04004a51e705f7e9d0a151
Reviewed-on: https://chromium-review.googlesource.com/1090494
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53573}
As a first step towards moving accesses to the broker, this moves
heap accesses from BitsetType::Lub to the broker.
Bug: v8:7790
Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d
Reviewed-on: https://chromium-review.googlesource.com/1088695
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53571}
Test ThreadTicks.ThreadNow fails on systems with low resolution
thread timers because the tests detects that no time elapsed
since the beginning of the test.
This CL adds a counting loop that makes sure the thread
timer has progressed by at least one tick.
TEST=unittests/ThreadTicks.ThreadNow
Change-Id: I910309208b3a154798cbc43813d41d3755ab819d
Reviewed-on: https://chromium-review.googlesource.com/1082352
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53548}
SharedFunctionInfos store their original function literal's id. This is
also their index in the Script's SFI list.
Since the function literal id is only needed for lazy compilation and live
edit, we can calculate it on-the-fly by linear search in the Script SFI list,
and save a field on the SFI.
If this regresses compile performance, we could alternatively store the
function literal id on the preparsed scope data as future work.
Bug: chromium:818642
Change-Id: I5468cea0e115921f1c864d94e567d749a4349882
Reviewed-on: https://chromium-review.googlesource.com/1082480
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53523}
After [1], a manual dependency on exe_and_shlib_deps is no longer necessary
since it's automatically added. This CL removes all remaining manual references
to exe_and_shlib_deps.
[1] d7ed1f0a9c
BUG=chromium:845700
R=machenbach
Change-Id: I17da573b7b6509a690caf8be6ae6afc180105f07
Reviewed-on: https://chromium-review.googlesource.com/1082913
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53500}
Modifies several Type:: methods to take an Isolate to pass through to
BitSetType::Lub as well as their call sites.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9ac769c4c658995421fd28b9b1d77d6f84627116
Reviewed-on: https://chromium-review.googlesource.com/1071515
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53362}
Removes use of HeapObject::GetIsolate() from Object::BooleanValue in
preparation for removing the method.
Requires adding Isolate parameter to CommonOperatorReducer constructor.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If735e71df3288bf1eb11576605c2d95a19472181
Reviewed-on: https://chromium-review.googlesource.com/1071653
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53361}
This distinction doesn't matter, they aren't treated any differently to
other strings.
Change-Id: I524a0a1c4089284af97aa507afc5bd5985fe6631
Reviewed-on: https://chromium-review.googlesource.com/1071628
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53329}
Moving them away was a mistake. Fixing this enables getting rid of a bunch of
includes.
BUG=v8:5402
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I5482eab4281c7450350f058fe0a04a6f375ea082
Reviewed-on: https://chromium-review.googlesource.com/1070188
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53328}
Replaces the anchor page circular doubly linked list
with a doubly linked list pointing to nullptr on its ends.
Fixes a memory leak when rewinding pages.
The large pages list will move to the new list implementation
in a follow-up CL.
Change-Id: I2933a5e222d4ca768f4b555c47ed0d7a7027aa73
Reviewed-on: https://chromium-review.googlesource.com/1060973
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53288}
This also includes the precise reducer name. Currently the information
is available in the node tooltip in turbolizer. The new shortcut 's' in
the graph view selects the nodes the currently selected nodes were created
from.
Bug: v8:7327
Change-Id: I7ca7327d0cfa112972e3567df6e4a223c8eff3c0
Reviewed-on: https://chromium-review.googlesource.com/1064059
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53258}
Also fixup some implementations that were lagging behind per the lack of
pure virtual not having enforced everything yet.
Also fixed recently introduced
PredictablePlatform::CallDelayedOnWorkerThread() to ignore delayed tasks
after realizing the intent is to intercept worker tasks instead of
sending them to |platform_|.
Node.js migrated off these APIs @
https://github.com/v8/node/pull/69R=ahaas@chromium.org, yangguo@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I92171f213b5fc64ab1f21e8eec72738f5ce228bd
Reviewed-on: https://chromium-review.googlesource.com/1045310
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53223}
The term memory usually refers to the wasm memory. In the
{NativeModule}, we store pools for allocated and available code space.
This CL changes naming to make clear that this is code space and not
memory.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: I195bf5c9227ad246af302ae1e98f9c839a02adbf
Reviewed-on: https://chromium-review.googlesource.com/1061495
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53208}
This adds a filter option for --trace-turbo, --trace-turbo-graph
and --trace-turbo-scheduled. The filter is a pattern that matches
function names in this way:
"*" all; the default
"-" all but the top-level function
"-name" all but the function "name"
"" only the top-level function
"name" only the function "name"
"name*" only functions starting with "name"
"~" none; the tilde is not an identifier
Bug: v8:7761
Change-Id: I7e8e726023f2c72754b0dd691d790af20b022fd3
Reviewed-on: https://chromium-review.googlesource.com/1059774
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53201}
This CL introduces type narrowing and constant folding reducers
to constant fold code that comes out of inlined destructuring
of arrays. In particular, array iterator introduces code that
contains a phi of a temporary array that blocks escape analysis.
The phi comes from conditional that can be evaluated statically
(i.e., constant folded), so with better constant folding we
allow escape analysis to get rid of the temporary array.
On a quick micro-benchmark below, we see more than 6x improvement.
This is close to the hand-optimized version - if we replace
body of f with 'return b + a', we get 220ms (versus 218ms with
destructuring).
function f(a, b) {
[b, a] = [a, b];
return a + b;
}
function sum(count) {
let s = 0;
for (let i = 0; i < count; i++) {
s += f(1, 2);
}
return s;
}
// Warm up
sum(1e5); sum(1e5);
console.time("destructure array");
sum(1e8);
console.timeEnd("destructure array");
console.timeEnd: destructure array, 213.526000
console.timeEnd: destructure array, 1503.537000
Bug: v8:7728
Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
Reviewed-on: https://chromium-review.googlesource.com/1047672
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53048}
Instead rely on the scope info containing the name as well.
Change-Id: Ie1f96ea023a793b11209510566f6831b1dfd40ab
Reviewed-on: https://chromium-review.googlesource.com/1042567
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52983}
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
This reverts commit 2df5e7a7b6.
Reason for revert: Mystery crashes https://bugs.chromium.org/p/chromium/issues/detail?id=838805
Original change's description:
> [parser] Slice the source string where possible
>
> When internalizing string literals (for quoted strings or property names),
> try to create a sliced string of the source string rather than allocating
> a copy of the bytes.
>
> This will not work for string literals that contain escapes (e.g. unicode
> escapes), and currently does not support two-byte strings.
>
> Bug: chromium:818642
> Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
> Reviewed-on: https://chromium-review.googlesource.com/1010282
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52898}
TBR=marja@chromium.org,yangguo@chromium.org,jarin@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Change-Id: I598b6668c43a3e843e2dd8e60852b2b2f3461954
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1039885
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52919}
When internalizing string literals (for quoted strings or property names),
try to create a sliced string of the source string rather than allocating
a copy of the bytes.
This will not work for string literals that contain escapes (e.g. unicode
escapes), and currently does not support two-byte strings.
Bug: chromium:818642
Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
Reviewed-on: https://chromium-review.googlesource.com/1010282
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52898}
The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.
With that in place, we also remove the array masking approach based
on arithmetic.
Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.
Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.
Bug: chromium:798964
Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}
This removes Type::operator-> which was used to split the change that
removed undefined misuse of Type* to represent integers.
Bug: v8:3770
Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99
Reviewed-on: https://chromium-review.googlesource.com/1033736
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52878}
This is part of the effort to decrease the amount of undefined behavior.
that v8 relies on.
The main change here is to represent types with class Type rather than
with pointer Type*. To make the CL smaller, I used an operator overload
hack to separate the change from `->` to `.`. I am working on a CL that
will remove the operator and change all those arrows to dots.
Bug: v8:3770
Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22
Reviewed-on: https://chromium-review.googlesource.com/1032551
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52872}
Linkage-related methods were declared in wasm-compiler.h and
implemented in wasm-linkage.cc. This required all users of e.g. wasm
call descriptors to include the whole wasm compiler header. Also, some
wasm linkage information is independent of turbofan and also used
outside of the compiler directory.
This CL splits off wasm-linkage.h (with minimal includes) and puts it
in src/wasm. This allows to use that information without including
compiler headers (will clean up several uses in follow-up CLs).
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7570
Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
Reviewed-on: https://chromium-review.googlesource.com/1013701
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52849}
This CL also removes the JSBuiltinReducer, which is no longer needed.
Bug: v8:7340, v8:7250
Change-Id: I28896f6ce0d352047ea1cb7ea6de490818840faf
Reviewed-on: https://chromium-review.googlesource.com/1027853
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52799}
The WasmInstanceObject stores two new arrays:
- imported_mutable_globals_buffers_: a FixedArray of all the imported
globals' array buffers.
- imported_mutable_globals: a calloc'd array of Addresses pointing to
the mutable global in its array buffer.
When accessing the global, the generated code looks up the address in
imported_mutable_globals to find where to load/store.
Bug: v8:7625
Change-Id: I60844c21a788fce28f346455f10f2283d1c152e9
Reviewed-on: https://chromium-review.googlesource.com/1020602
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52794}
This is is a preparatory CL to detach the JSFunction from the Context.
We mainly rewrite the DebugScopeInterator to no longer rely on the a
JSFunction to be around. Additionally the empty_function needs to have
a proper ScopeInfo now.
Drive-by-fix: Improve ScopeInfo debug printing
Bug: v8:7066
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2f2fa0e78914a12e076384e0e1234c2322ad1ee8
Reviewed-on: https://chromium-review.googlesource.com/918721
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52791}
Wasm tier-up first compiles the whole module using Liftoff, and then
using Turbofan. The idea is to achieve fast start-up times by first
running Liftoff-compiled code. In the meantime we finish compilation
with Turbofan, and replace the Liftoff-compiled code as soon
as Turbofan finished compilation, thus achieving high performance.
Tier-up is enabled through the flag FLAG_wasm_tier_up.
Bug: v8:6600
Change-Id: I70552969c53d909a591666a1e7ce1ee1419b2f34
Reviewed-on: https://chromium-review.googlesource.com/1010422
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52759}
This CL splits the definition of ValueType and its helper functions
into its own header file.
R=clemensh@chromium.org
Bug: v8:7570
Change-Id: I3aa776edb45839d7d38836e131df45732c685310
Reviewed-on: https://chromium-review.googlesource.com/1021810
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52758}
Several functions on Array.prototype incorrectly threw a TypeError just
because their receiver was sealed or frozen.
Bug: v8:7677
Change-Id: I4ec38bfbf468f9bd676f1c0b341c8a50cf814f15
Reviewed-on: https://chromium-review.googlesource.com/1021870
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52718}
This reverts commit f52b4b3b81.
Reason for revert: Makes benchmarks time out:
https://crbug.com/834655
Original change's description:
> [compiler] Temporarily turn some DCHECKs into CHECKs.
>
> This turns most DCHECKs in the register allocator code into CHECKs,
> which hopefully will tell us more about the crashes in crbug 831822.
>
> This CL will eventually be reverted again.
>
> Bug: chromium:831822
> Change-Id: I123ed507949ecab50bb0aaaf9e91978c9c2d8d65
> Reviewed-on: https://chromium-review.googlesource.com/1016762
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52673}
TBR=neis@chromium.org,sigurds@chromium.org
Change-Id: Ic2b37a3ce04516c5871b801015153ce84e622e90
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:831822
Reviewed-on: https://chromium-review.googlesource.com/1018860
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52679}
This turns most DCHECKs in the register allocator code into CHECKs,
which hopefully will tell us more about the crashes in crbug 831822.
This CL will eventually be reverted again.
Bug: chromium:831822
Change-Id: I123ed507949ecab50bb0aaaf9e91978c9c2d8d65
Reviewed-on: https://chromium-review.googlesource.com/1016762
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52673}
There are various situations where we explicitly compare a SMI against
another SMI (e.g., BuildIndexedJump). This is also a common pattern for
generated code (e.g., comparing a loop variable with an integer). Instead
of using the generic equality/strict-equality stub for this, which is
expensive, this CL offers a simple comparison stub, repurposing the
TestEqualStrictNoFeedback bytecode to TestReferenceEqual
Bug: v8:5310
Change-Id: Ib2b47cd24d5386cf0d20d3bd794776dc6e3a02a5
Reviewed-on: https://chromium-review.googlesource.com/1007542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Christian O. Andersson <cricke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52655}
Add a new permission kRead to PageAllocator::Permission and
OS::MemoryPermission and implement it in platform-*.
Not used yet, because it needs corresponding changes in chromium.
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9f84251eff593536cbcc1cde04641d696c79d65c
Reviewed-on: https://chromium-review.googlesource.com/1006756
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52636}
Casting from a floating-point type to an integer type is undefined behavior
if the integral part of the float cannot be represented in the range of the
int.
Bug: v8:3770, chromium:831145
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2e85ea8b0f09bbeeb3e0dcc1135fc747fa312f6d
Reviewed-on: https://chromium-review.googlesource.com/1011651
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52631}
First version which can compile a very basic code.
Change-Id: I3b98412a5ca39a28f8fe5b60516b82c6981dd187
Reviewed-on: https://chromium-review.googlesource.com/993232
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52622}
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.
Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.
This saves about 20KB of binary size on x64.
Original review: https://chromium-review.googlesource.com/c/v8/v8/+/959533
Originally landed as r52416 / f9a2e24bbc
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id072cbe6b3ed30afd339c7e502844b99ca12a647
Reviewed-on: https://chromium-review.googlesource.com/1000540
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52492}
Merge the outer_scope_info and feedback_metadata fields on
SharedFunctionInfo. outer_scope_info is only used during parsing,
and feedback_metadata is only available after compilation, so the
two never exist at the same time. Thus, they can share a field slot.
The exception is un-compiling and re-compiling a function, where we
need the outer_scope_info again. Fortunately, the outer_scope_info
can be re-calculated from the SFI's scope_info.
Bug: v8:7606
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6b97fefe859e89df75ad870da4a0bfa4b869772a
Reviewed-on: https://chromium-review.googlesource.com/992432
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52454}
This reverts commit f9a2e24bbc.
Reason for revert: gc stress failures not all fixed by follow up.
Original change's description:
> [cleanup] Refactor the Factory
>
> There is no good reason to have the meat of most objects' initialization
> logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
> this CL changes the protocol between Heap and Factory to be AllocateRaw,
> and all object initialization work after (possibly retried) successful
> raw allocation happens in the Factory.
>
> This saves about 20KB of binary size on x64.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
> Reviewed-on: https://chromium-review.googlesource.com/959533
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52416}
TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/999414
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52420}
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.
This saves about 20KB of binary size on x64.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
Reviewed-on: https://chromium-review.googlesource.com/959533
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52416}
Add support for decoding anyref globals, and some drive-by cleanups.
R=titzer@chromium.org
Bug: v8:7581
Change-Id: I3527f996a3fa1a890918a5924e951fbafa394cf2
Reviewed-on: https://chromium-review.googlesource.com/997655
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52391}
With the Ignition + Turbofan pipeline there is very little overlap between the data
needed for unoptimized compilation and optimized compilation. As a result, it is
cleaner to split up the CompilationInfo into UnoptimizedCompilationInfo and
OptimizedCompilationInfo.
Doing so also necessitate splitting up CompilationJob into UnoptimizedCompilationJob
and OptimizedCompilationJob - again there is not much overlap so this seems cleaner.
Change-Id: I1056ad520937b7f8582e4fc3ca8f4910742de30a
Reviewed-on: https://chromium-review.googlesource.com/995895
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52369}
This CL changes the poisoning in the interpreter to use the
infrastructure used in the JIT.
This does not change the original flag semantics:
--branch-load-poisoning enables JIT mitigations as before.
--untrusted-code-mitigation enables the interpreter mitigations
(now realized using the compiler back-end), but does not enable
the back-end based mitigations for the Javascript JIT. So in effect
--untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
use the same mechanics (including changed register allocation) that
--branch-load-poisoning enables for the JIT.
Bug: chromium:798964
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
Reviewed-on: https://chromium-review.googlesource.com/928881
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52243}
This is done now while embedders have yet to adapt to the new API before
it becomes hard to migrate.
Also renamed variable/methods to use "worker threads" rather than
"background" nomenclature.
Extracted from https://chromium-review.googlesource.com/c/v8/v8/+/978443/7
while resolving the more contentious bits around using task runners.
TBR=rmcilroy@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie3ddf15a708e829c0f718d89bebf3e96d1990c16
Reviewed-on: https://chromium-review.googlesource.com/980953
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52231}
The mutator utilizaton is computed for each mark-compact GC cycle as
mutator_time / total_time, where
- total_time is the time from the end of the previous GC to the end of
the current GC
- mutator_time = total_time - incremental_steps_duration - gc_time.
Bug: chromium:824214
Change-Id: Ie1814f22f0816a3c9c579107f4950f6fc8c8a72d
Reviewed-on: https://chromium-review.googlesource.com/978215
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52221}
This param is no longer used to construct the SFI.
Bug: v8:7503
Change-Id: Ic93c91ce0ad9acf84da7f382c9a170c732db7176
Reviewed-on: https://chromium-review.googlesource.com/977926
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52205}
This CL also cleans up some related naming in typed-optimization.
R=neis@chromium.org
Bug: v8:7531, v8:7570
Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051
Reviewed-on: https://chromium-review.googlesource.com/978066
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52182}
This moves source position tables associated with WasmCode objects to be
located outside the garbage-collected heap. There now is a clear link to
the source position table from code, making the one-to-one relationship
and its lifetime explicit.
R=ahaas@chromium.org
BUG=v8:7424
Change-Id: I9d0b332732508c302ba525059ef02559f45aa2f6
Reviewed-on: https://chromium-review.googlesource.com/975565
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52178}
This is a reland of d8f564eac6TBR=mstarzinger@chromium.org,yangguo@chromium.org,jgruber@chromium.org
Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I5187851b923e9a92f43daf8cb99e662786cbb839
Reviewed-on: https://chromium-review.googlesource.com/975942
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52159}
SuspendGenerator needs the accumulator to be live so that it can return
it.
Bug: chromium:806723
Change-Id: Iaa88fce96c36876e3e4256324ca650d475480c10
Reviewed-on: https://chromium-review.googlesource.com/975404
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52147}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
(Reland of https://chromium-review.googlesource.com/952452)
TBR=mstarzinger@chromium.org
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
Reviewed-on: https://chromium-review.googlesource.com/970649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52136}
