Test that also signal handlers cannot write to code, even if a
{CodeSpaceWriteScope} is open when the signal is triggered.
R=jkummerow@chromium.orgCC=mpdenton@chromium.org
Bug: v8:11974
Change-Id: I1e49e4b31ba196948f7f7adfdf88675816e0a58a
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140607
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76747}
This adds some basic tests for WebAssembly code protection, in four
different configurations:
- no protection
- mprotect-based protection
- PKU-based protection
- PKU with fallback to mprotect
If PKU is not supported by the OS or hardware, then PKU is identical to
no protection, and PKU with fallback is identical to mprotect. We always
execute all four configurations anyway.
If protection is effective, we expect code to be writable within a
{CodeSpaceWriteScope}, and not writable otherwise. When trying to write
to non-writable code, we expect a crash of the process (checked via
{ASSERT_DEATH_IF_SUPPORTED}).
R=jkummerow@chromium.org
CC=mpdenton@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Change-Id: I4ec0ce9426f70ff41a292b9ea25be1e8956a670e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3138210
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76726}
This is a reland of 65515ddd3e
Fix is to use AddWithWraparound for signed additions to avoid UB.
Original change's description:
> [wasm-simd][arm64] Fuse add and extmul
>
> We can select a better instruction for add+extmul, using one of the
> multiply-long-accumulate instruction.
>
> Define a helper struct to pattern match Add(x, OP(y, z)) and
> Add(OP(x, y) z), and ensure that the matched OP is always on the
> LHS, to simplify checking for matches.
>
> Bug: v8:11548
> Change-Id: I7ab488b262aa9f749785f973549ccd9fad72f4c8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826725
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76708}
Bug: v8:11548
Change-Id: I675ab8b78d9c6c30b82a8c96c8e7098a548c6a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144379
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76712}
This reverts commit 65515ddd3e.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/18117/overview
Original change's description:
> [wasm-simd][arm64] Fuse add and extmul
>
> We can select a better instruction for add+extmul, using one of the
> multiply-long-accumulate instruction.
>
> Define a helper struct to pattern match Add(x, OP(y, z)) and
> Add(OP(x, y) z), and ensure that the matched OP is always on the
> LHS, to simplify checking for matches.
>
> Bug: v8:11548
> Change-Id: I7ab488b262aa9f749785f973549ccd9fad72f4c8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826725
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76708}
Bug: v8:11548
Change-Id: Ic1560616e7ee6df917fcedbb6ad139a1a9773d68
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3144377
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76709}
We can select a better instruction for add+extmul, using one of the
multiply-long-accumulate instruction.
Define a helper struct to pattern match Add(x, OP(y, z)) and
Add(OP(x, y) z), and ensure that the matched OP is always on the
LHS, to simplify checking for matches.
Bug: v8:11548
Change-Id: I7ab488b262aa9f749785f973549ccd9fad72f4c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2826725
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76708}
Simply putting all features behind --experimental-wasm-gc.
The intent is to simplify command lines.
Bug: v8:7748
Change-Id: Ibfaa4dc720087a490b177a2b95841620a4d25d89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3141583
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76703}
HeapBase::Terminate must consider newly created CrossThreadPersistent
when evaluating whether to conitnue the loop. This allows for catching
one off creations in destructors but will still crash for
>kMaxTerminationGCs chains.
Bug: chromium:1245519
Change-Id: I264f1b8f0de9f0bfeb66ca6b14c41faf15e4340c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140606
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76659}
Prefinalizers have long been forbidden to allocate.
This restriction often proved problematic and has caused several
issues in the past.
This CL adds support for allowing allocations in prefinalizers.
At the start of prefinalizer invocations we clear the linear
allocation buffers, such that all allocations go through the slow
path for allocation. The slow path checks whether prefinalizers
are currently being invoked and marks the newly allocated object
if they are (i.e. black allocation during prefinalizers).
The new behavior is disabled by default and can be enabled by
setting the cppgc_allow_allocations_in_prefinalizers gn arg to true.
Bug: chromium:1056170
Change-Id: Ib86e780dcff88fa7b0f762ac2ab83c42393d33af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097877
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76606}
Handle all 4 selects that wasm-compiler generates.
Also modify unittest to allow optional operations (select
operations are not supported on all archs).
Bug: v8:12136
Change-Id: Ia54d7a71cffaa1c5cc8203520a1f3d812997bbb1
Fixed: v8:12136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3119991
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76539}
1. Move Abspd, Negpd from MacroAssembler into TurboAssembler so that we
can use it in code-generator
2. Add Absps and Negps (float32 versions of the instructions in 1)
3. Refactor SSE/AVX float32/float64 abs/neg to use these macro-assembler
helpers.
4. Use these helpers in Liftoff too
This has the benefit of not requiring to set up the masks in a temporary
register, and loading the constants via an ExternalReference instead.
It does require (in ins-sel) to have the input be in a Register, since
the ExternalReference is an operand (and the instruction can only have 1
operand input).
Bug: v8:11589
Change-Id: I68fafaf31b19ab05ee391aa3d54c45d547a85b34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123635
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76520}
This introduces a new flag, --experimental-wasm-unsafe-nn-locals, which
allows arbitrary unvalidated local.get operations on non-nullable
locals.
For invalid accesses, this will crash. The intention is to allow module
producers to experiment; if they find these locals particularly useful,
we will add engine-side validation later.
Bug: v8:7748
Change-Id: I9a05747eaff312448ce0acf57a412e76679ff061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3110192
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76489}
In a follow-up CL, the backing stores will, when the sandbox is enabled,
be referenced from V8 objects through offsets rather than raw pointers.
For that to work, all backing stores must be located inside the virtual
memory cage. This CL prepares for that.
Bug: chromium:1218005
Change-Id: Ibb989626ed7094bd4f02ca15464539f4e2bda90f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114136
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76486}
This removes 4 arch opcodes.
Bug: v8:11217
Change-Id: Idff04fb205c7d7d1577ce123cc2160d678dfe39a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114599
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76473}
Sets up custom OOM handling in cppgc and installs a handler that
redirects to V8's handler when running with unified heap.
Bug: chromium:1242180
Change-Id: I68b7038a3736cc0aa92207db2c3d129a9ff68091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3116253
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76467}
This is a reland of d1b27019d3
Fixes include:
Adding missing file to bazel build
Forward-declaring classing before friend-classing them to fix win/gcc
Add missing v8-isolate.h include for vtune builds
Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}
Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit
Bug: v8:11965
Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76460}
This removes 8 arch opcodes.
Bug: v8:11217
Change-Id: I2c7a73b032ba5fa21f9843ebb4325e226a22550a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114590
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76442}
This patchset introduces instrumentation of the memory usage of the
datatructures maintained by the CPU profiler.
It captures:
* The total size of the strings held in StringsStorage for CodeEntries
* Estimated size held by CodeMap's entries.
The target is to surface that metric through telemetry to get better
visibility into the memory profile of CpuProfiler.
For now, STL containers overhead is ignored as it is implementation
specific.
Change-Id: I8c6a0cd4f14348fe8832dec1f24861befc67d700
Bug: chromium:1241491
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3101580
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76438}
We are running out of encoding space for opcodes on arm64. This patch
merges some wasm simd opcodes of different simd types, encoding the lane
size in the instruction code using LaneSizeField instead. This reduces
the total number of opcodes on arm64 by 71.
Bug: v8:12093
Change-Id: Ib4d96d1db1ff9b08fafd665974f3494a507da770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3109676
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/main@{#76434}
This reverts commit d1b27019d3.
Reason for revert: Broke vtune build, tsan build and possibly others
Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}
Bug: v8:11965
Change-Id: Id57313ae992e720c8b19abc975cd69729e1344aa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113627
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76428}
This moves every single class/function out of include/v8.h into a
separate header in include/, which v8.h then includes so that
externally nothing appears to have changed.
Every include of v8.h from inside v8 has been changed to a more
fine-grained include.
Previously inline functions defined at the bottom of v8.h would call
private non-inline functions in the V8 class. Since that class is now
in v8-initialization.h and is rarely included (as that would create
dependency cycles), this is not possible and so those methods have been
moved out of the V8 class into the namespace v8::api_internal.
None of the previous files in include/ now #include v8.h, which means
if embedders were relying on this transitive dependency then it will
give compile failures.
v8-inspector.h does depend on v8-scripts.h for the time being to ensure
that Chrome continue to compile but that change will be reverted once
those transitive #includes in chrome are changed to include it directly.
Full design:
https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
Bug: v8:11965
Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76424}
Whenever we are adding a new AddressRegion to the CodeMap, we first
remove all overlapping regions. The logic to check for overlapping
region is incomplete. For example, if all existing regions are less than
the region to be added, we incorrectly remove all regions, effectively
deleting all JITCodeEntry we have constructed.
We extract this overlapping check into a helper function, so that we can
unittest this without worrying about JITCodeEvent functionality, and also
without dealing with V8 internals (like Isolate and SFI).
The overlapping logic is rather hard to understand, has many special
cases, it will probably be much easier to just loop through all the
entries, rather than using lower_bound. Ideally, we can refactor this to
use some sort of sweep-line algorithm. Hopefully the unittests catch the
most obvious cases.
Bug: v8:11908
Change-Id: Id96975599ac59974185c3dbf64cdfceb17e98d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3105381
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76397}
HAS_PROGRESS_BAR is set after page initialization at which point all
flags are assumed to be immutable while a GC is running.
Separating out the progress bar from flags allows setting it lazily at
allocation time.
Bug: v8:11915
Change-Id: I48a877e0e80d583d7a0fadef2546fc70417806e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085268
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76382}
This reverts commit edcc8ff5b5.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/10806/overview
A prefinalizer is creating a WeakMember from a raw pointer to a dead object for checking whether it is in a set.
Original change's description:
> cppgc: Enable checks for assignments in prefinalizers
>
> Bug: v8:11749
> Change-Id: Ic027f732030fb6a2befeffeca9db2eacfd0830a5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099953
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76370}
Bug: v8:11749
Change-Id: I0c90f232df9ae363f05f8b9ba26c2a7eede8a269
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106646
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#76377}
This is a reland of 2261e05333
This patch can now be relanded as some space was made for more opcodes:
https://bugs.chromium.org/p/v8/issues/detail?id=12093
Original change's description:
> [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)
>
> A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
> used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
> improvement on some compute intensive Wasm benchmarks on Neoverse-N1.
>
> Mla and Adalp optimisations were refactored to match the style of the
> added code.
>
> Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#76280}
Change-Id: Idd166b7d3c960af33049bbce6e7276763c28f286
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097284
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76340}
Adds a heap verification GN arg to gate the marking verifier and live
bytes verification on. The flag may be used in future for other more
expensive checks as well.
Currently, the flag is automatically enabled in dcheck_is_on and debug
builds.
The change enables live bytes verification for the library in regular
debug builds which may flush out issues.
Bug: v8:11785
Change-Id: I0f41bc0d76ebea9f6a8c9315c947598015ee5d68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097868
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76325}
Bug: v8:12008
Change-Id: I2e1d918a1370dae1e15919fbf02d69cbe48f63bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76308}
This is identical to https://crrev.com/c/3094011, but for 16-bit values.
We introduce another instruction to differentiate between 16->32 bit
sign extensions and 16->64 bit sign extensions.
R=ahaas@chromium.org, mslekova@chromium.org
Bug: chromium:1239116
Change-Id: I2742e9d9c2b4a038fc7a0b1715faf8f25fa20b1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094012
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76284}
InstructionSelector::ZeroExtendsWord32ToWord64 assumes that a
Load[kRepWord8|kTypeInt32] generates a zero-extended value. This
assumption makes sense, but was not fulfilled by the instruction
selector which emitted an "ldrsb" instruction which sign-extended to the
full 64-bit register.
This CL fixes that by introducing a separate "LdrsbW" instruction which
is selected if we are sign-extending an 8-bit value to 32-bit.
R=ahaas@chromium.org, mslekova@chromium.orgCC=v8-arm-ports@googlegroups.com
Bug: chromium:1239116
Change-Id: I2da1ad6062805acf5558f3e66b8db9a50e830302
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094011
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76283}
This reverts commit 2261e05333.
Reason for revert: No issues with the CL, but it is taking the
last two available opcodes on arm64 (we use 9 bits to encode it,
so we are limited to 512 opcodes). We need to land a security fix
which includes the addition of two opcodes. Before relanding this,
we need to figure out a strategy to either reduce opcodes, or use
one more bit to encode them.
Original change's description:
> [arm64][wasm] Use NEON S/Usra for Wasm SIMD add(shr(x, imm), y)
>
> A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
> used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
> improvement on some compute intensive Wasm benchmarks on Neoverse-N1.
>
> Mla and Adalp optimisations were refactored to match the style of the
> added code.
>
> Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#76280}
Change-Id: Ifad0625ed8a6b66e7a7a74da11ad7d60941207e5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094014
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76282}
A single AArch64 SIMD signed/unsigned Shift Right and Accumulate can be
used to implement Wasm SIMD add(shr(x, imm), y). This gives a 1-1.5%
improvement on some compute intensive Wasm benchmarks on Neoverse-N1.
Mla and Adalp optimisations were refactored to match the style of the
added code.
Change-Id: Id5959a31ca267e02b7d60e7ff6f942adb029b41e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089157
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#76280}
These are no longer enabled, so remove the code mitigation logic from
the codebase.
BUG=chromium:1003890
Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76256}
When this is enabled, v8 reserves a large region of virtual address
space during initialization, at the start of which it will place its 4GB
pointer compression cage. The remainder of the cage is used to store
ArrayBuffer backing stores and WASM memory buffers. This will later
allow referencing these buffers from inside V8 through offsets from the
cage base rather than through raw pointers.
Bug: chromium:1218005
Change-Id: I300094b07f64985217104b14c320cc019f8438af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010195
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#76234}
nullptr objects are considered alive to allow weakness to be used from
stack while running into a conservative GC. Treating nullptr as dead
would mean that e.g. custom collectins could not be strongified on
stack.
Bug: chromium:1231286
Change-Id: Ibeddef18fcbae366c3f54304bf36b75c47bd74ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085280
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76229}
This is a reland of fffcbaea55
Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}
To consume a code cache off-thread
1. The embedder creates a CachedData object wrapping the data blob.
2. The embedder calls ScriptCompiler::StartConsumingCodeCache with the
CachedData, and receives a ScriptCompiler::CodeCacheConsumeTask
which takes ownership of the CachedData.
3. The embedder calls ScriptCompiler::CodeCacheConsumeTask::Run
on a different thread.
4. Once this completes, the embedded passes the completed task as an
optional argument into Source constructor, and calls Compile as
before.
This is roughly similar to how streaming compilation works, with the
QoL improvement that Source owns the CodeCacheConsumeTask and therefore
we can reuse the same Compile method and do the off-thread finalization
behind the scenes inside Compile.
On the v8::internal side, ScriptCompiler::CodeCacheConsumeTask wraps a
v8::internal::BackgroundDeserializeTask, which has a Run and a Finish
method. The Run creates a LocalIsolate (again, similar to
BackgroundCompileTask), calls some helpers on CodeSerializer, and stores
the pre-finalization result in a OffThreadDeserializeData structure.
This stores Persistent Handles to the off-thread initialized SFI and
a vector of Scripts needing fixing up, and it owns the PersistentHandles
object which owns those Handles. Finally, the Finish method consumes
this OffThreadDeserializeData structure, fixes up Scripts, moves the
SFI Handle into the caller HandleScope, and that's it.
Since we don't yet have the source at off-thread deserialization time,
the various code cache sanity checks are done without the source hash
when deserializing, and the Finish method re-does them now that the
source is available.
Bug: chromium:1075999
Change-Id: If1faf35ba3ef840fa4e735581d0b29c96c1d5fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067322
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76155}
This reverts commit fffcbaea55.
Reason for revert: Breaks in Chromium (e.g. https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29)
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: I954de1afbabf101fb5d4f52eca0d3b80a723385b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077153
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76138}
We would like to use the name CompilerDispatcher for dispatcher base
class to be used by Sparkplug and OptimizingCompileDispatcher.
Bug: v8:12054
Change-Id: Id69955101c1f46fc2f79b6f77b05c92ed8a31edb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077150
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76136}
Bug: v8:7790
Change-Id: Ia5903364a774bd49db1a646b3066b9972deac725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074465
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76119}
This CL fixes a long standing issue where reentering TimedHistograms
scopes would cause spurious measurements. Only the non-nested scopes
yielded correct results.
Due to the changed numbers, the V8.Execute histogram is renamed to
V8.ExecuteMicroSeconds. Note that this histogram is also guarded
behind the --slow-histograms flag due to the additional overhead.
Unlike before, it does no longer include time for external callbacks
and only measures self time. The following example illustrates the
new behaviour:
1. Enter V8: |--+.......+--| self-time: 4 units (reported)
2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
3. Re-enter V8: |---| self-time: 3 units (reported)
This would result in 2 histogram entries with 4 time units for the first
V8 slice and 3 units for the nested part. Note that the callback time
itself is ignored.
This CL attempts to clean up how TimedHistograms work:
- Histogram: the base class
- TimedHistograms: used for time-related histograms that are not nested
- NestedTimeHistograms: Extends TimedHistograms and is used for nested
histograms
This CL changes Histograms to not measure time themselves. Measurements
happen in the *HistogramScopes:
- BaseTimedHistogramScope: Base functionality
- TimedHistogramScope: For non-nested measurements
- NestedTimedHistogramScope: For nested measurements
- PauseNestedTimedHistogramScope: Ignore time during a given scope.
This is used to pause timers during callbacks.
Additional changes:
- ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
and always sets VMState<EXTERNAL>
Bug: v8:11946
Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76111}
The merge values of a block have to be initialized to their
static types, even if the actual values on the stack have
subtypes of the loop's static type.
Drive-by cleanup: drop some unneeded manual {TestModuleBuilder}
instantiations from existing tests. The test fixture provides
one anyway.
Bug: chromium:1234453
Change-Id: I39c7eae4b6a6d5124f29be92da5ee92ff7e20e57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068948
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76087}
Windows.h causes massive namespace pollution with its defining of many
macros, it adds to build times, it disables warnings, and it makes it
easier to write non-portable code.
This change removes windows.h from V8's win32-headers.h. It does this
by replicating the small number of typedefs that are needed and by
defining three "proxy" types that are the same size and layout. The
V8ToWindowsType functions are used to reinterpret_cast between the
types.
Prior to this change there were over 760 v8-related source files that
include windows.h. After this change there are 16.
Bug: chromium:796644
Change-Id: I89efeed47028faae72de2da4f1dae345d8d7746c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3042215
Commit-Queue: Bruce Dawson <brucedawson@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76064}
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159
Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").
R=clemensb@chromium.org,nicohartmann@chromium.org
Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
