Drive-by fix: In ProcessFeedbackForGlobalAccess, we had forgotten to
return the feedback when it already existed.
Bug: v8:7790, v8:9094
Change-Id: Ie4be6cef5755bbdd9d8ed472caaa2e32d243893d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554680
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60705}
The {remaining_uncommitted_code_space} method is only used for testing.
This CL removes it, and replaces all uses by {committed_code_space}.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Icb50471da3564a5cd114b15836c8b346b932a108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559735
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60704}
We currently store the {remaining_uncommitted_code_space_}. This CL
switches this to store {total_committed_code_space_} plus the maximum
allowed (in {max_committed_code_space_}). This counter will be used by
the GC to decide when to trigger a GC.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I5946bbd3ba18e9fcbca4631afb942cd5b82834f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558084
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60702}
This adds support for loading and storing mutable imported globals
having a reference type in the interpreter. It expands existing test
coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-globals-interpreter
BUG=v8:8091,v8:7581
Change-Id: I78e0c5c73664a183e1d92ec91eadf8b9a93e4787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559743
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60701}
Removing the 'native' flag from ParseInfo removed the last use-site
of this flag.
R=jgruber@chromium.org
Bug: v8:9043
Change-Id: I0e28d77c571c25c7925e8e372e631a9630492c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550705
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60700}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in src/snapshot to 'using' declarations.
R=jgruber@chromium.org
Bug: v8:8834
Change-Id: Ie555e9ac7e1ec04c20d411647f8ab70f671c1cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545903
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60699}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in src/debug to 'using' declarations.
R=jgruber@chromium.org
Bug: v8:8834
Change-Id: I205e14a0b230a26119e5b209a2bcec493a8815e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545901
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60698}
When compilation hints are disabled (they are by default) the decoder
failed on custom sections with the name 'compilationHints'. This is
fixed and a test is added.
Bug: v8:9003
Change-Id: I5d25c019a702a722d8baf497d1bcd3a578a2d4bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557150
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60696}
This adds support for handling reference types when loading/storing
globals. Support for imported mutable globals is still missing and will
be done in a follow-up change.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-global-interpreter
BUG=v8:8091,v8:7581
Change-Id: I0d14919b1ce7f49c4a0541e3d6a99ee203cfb311
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558086
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60695}
In mksnapshot, we only need to ensure we generate counter code in
(embedded) builtins, if needed. The counter function does not need to do
anything useful as long as it returns unique pointers for each counter,
and we don't need to dump counters.
Tbr: petermarshall@chromium.org
Change-Id: I94a53ef5193b89365948d0395e1908e6d3c6e396
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549159
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60694}
Just set the flag --use-osr to false by default.
If it's set to true on the command line, then it'll be on.
I'd like to get some performance metrics on various tests spread
throughout our performance bot infrastructure.
Change-Id: I1ebc33264505af080901e531dca625452880f81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558089
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60693}
In RecordVirtualBytecodeArrayDetails() check whether the BytecodeArray
has a source position table before accessing it, otherwise it will just
crash with --enable-lazy-source-positions.
Bug: v8:8510
Change-Id: I1250e89faf836a8d5976ca98c14b6b7314bacb98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559730
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60692}
See the changes in BUILD.gn for an explanation of why a new flag is necessary.
It's likely that current usages of V8_TARGET_OS_* and V8_TARGET_ARCH_* also need
to change, but this is good enough for now to ensure both Win/cross/x86 and
Win/cross/x64 build.
BUG=chromium:945659
R=machenbach,thakis
TBR=jgruber
Change-Id: Ie2765db91a1c0d8c72ccf42c9d7fece792d9b252
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1542500
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60687}
This changes the existing cctest/test-field-type-tracking tests to
use actual Code objects and proper code dependencies to test that the
runtime actually does the right thing (aka deoptimizes the Code objects
correctly). Before it was using the CompilationDependencies, which as
of now no longer check whether the runtime actually deoptimized or not.
This is a prerequisite for changing the way we handle field representation
changes, specifically going from Smi or HeapObject to Tagged.
Bug: v8:8749, v8:8865
Change-Id: I260294217550cee2b42f7ba7e9c92bf0d1db0b8c
Doc: http://bit.ly/v8-in-place-field-representation-changes
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557149
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60686}
This adds preliminary support for references types as argument or return
values to functions that are redirected to the interpreter. The current
interpreter entry stub remains unchanged, using one buffer area that is
hidden from the GC. The corresponding {Runtime_WasmRunInterpreter} now
correctly boxes/un-boxes reference types into handles. This switch to a
handlified representation happens before any method that potentially
triggers a GC is called.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-anyref-interpreter
BUG=v8:8091,v8:7581
Change-Id: I41c766ed5ac877042d5964e72f3fd7df390c4e98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557147
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60684}
This CL contains a bunch of different improvements to the existing
object stats, namely:
- Introduce DEPRECATED_DESCRIPTOR_ARRAY_TYPE virtual instance type to
also estimate the memory overhead of DescriptorArrays for deprecated
Maps.
- Do proper over-allocation computating for inobject fields in JSObjects.
- Introduce OBJECT_PROPERTY_ARRAY_TYPE virtual instance type and properly
compute over-allocation for PropertyArrays
- Compute over-allocation for JSObject/JSArray elements properly.
- Correctly report JSFunction and JSCollection like the other
JSObjects, specifically report over-allocation properly for the
instances itself and for the elements/properties backing stores.
- Implement correct over-allocation computation for hash tables in
ObjectStatsCollectorImpl::RecordHashTableVirtualObjectStats().
Bug: v8:7266
Change-Id: I9cadd703266dc90911a8e7420c3b00dcee82b06d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557139
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60683}
Flag syntax is explained in a comment in flags.h, but we can make d8
easier to learn for new people if we also expose that explanation in the
--help text.
Change-Id: I7fd9ad0e545c2d9110119c0283bb14d665bcf19e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1555061
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60682}
For CheckNonEmptyString we not only need to rule out that the input is
not the empty string, but also make sure that the input is actually a
string, hence we need to do a proper instance type check in the general
case.
Bug: chromium:949996, chromium:947949, v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Icc260d735d19337bba4bb71570a6c6385e47c310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557146
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60681}
The JSInliningHeuristic is now completely heap-access free. JSInliner
still includes Allow* guards and will be brokerized as a follow-up CL.
R=neis@chromium.org
Bug: v8:7790
Change-Id: I6df5d8515bb8bd8d512e8442e4f4dba9ebe9dd2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528437
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60680}
This ensures that ApiObjects in V8 are not dropped if they are
currently used as WeakCollection keys. As proxy to determine key
status we use the presence of the identity hash on the object.
R=ulan@chromium.org
Bug: v8:8557, chromium:949244
Change-Id: Ifa0e24be44431a0200fd6a1d9898cd366b940bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557143
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60675}
We would only increment write barrier counters from the the MacroAssembler's
RecordWrite method which is only used in limited cases. Instead, we should
increment it inside the RecordWrite stub, this way we catch all uses, including
WASM.
Also, we had a static counter aimed at telling us how many barriers exist in
generated code, as opposed to how many are executed. This counter was not
functional since the compiler isn't aware of counters at the moment. Let's just
remove it to avoid confusion.
Change-Id: I6b173ab858c8984ef03ede225afdc999ba82b5c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524483
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#60673}
Remove unused includes and add includes that were indirect.
Remove UnboundQueue which was not used anywhere.
Change-Id: If47faac45fc9c16a27453ecabed927ea00df3045
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557136
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60672}
The test is so slow that it might have caused the test driver to hang after the
normal hard timeout.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:9098
Change-Id: I28ad1551f66fab989494d7a3b015d661c5ab6efb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557142
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60671}
The --trace-gc-verbose flag was mistakenly reporting the generic LO space size
in place of the *code* LO space size.
Change-Id: Iddb83b540b0e0a201aa358649d91ef606721e0be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554693
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60665}
This is a reland of 63608968b6
The previous CL failed on Windows, but it was a general bug. The
dropped_elem_segments was not being set on the instance properly in
cctests, so`table.init` instructions would fail by reading uninitialized
data.
I took this opportunity to also add an implementation of
`elem.drop` in the interpreter, and ported the JS tests for those too.
Original change's description:
> [wasm] Implement table.init for interpreter
>
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
>
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}
Bug: v8:8965
Change-Id: Ia547d9530b7ca67fde5bd94539f49153b796e82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547142
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60664}
As part of one of the stack trace refactorings, this field moved from
StackFrameInfo to the StackTraceFrame class, but was not properly
removed.
R=petermarshall@chromium.org
Bug: v8:8742
Change-Id: I18b9bd7650eed0f5bdb0823da9fdefb6afa3491e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550800
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60659}
This makes sure that the implicit operand stack slot used for passing an
exception from the throw-site to the catch-site is counted against the
maximum stack height.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-rethrow-interpreter
BUG=v8:8091
Change-Id: I7e8f47ba4662eb273792e7508207f67588264a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554683
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60658}