This reverts commit 9eca23e9ed.
Reason for revert: Clusterfuzz correctness issue
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7904
Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
Reviewed-on: https://chromium-review.googlesource.com/1142777
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54544}
ReadOnlyRoots means that some added Isolate parameters are no longer
needed. So, we can remove them.
This patch was generated mostly automatically with a bespoke tool.
Bug: v8:7786
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ia44fd2a66652253f780e3674bf7fb431caef0493
Reviewed-on: https://chromium-review.googlesource.com/1136305
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54526}
Strictly speaking there are some left in api.cc, but they are in
deprecated functions with non-deprecated alternatives.
Apart from changes made using tooling, this also modifies
FieldType::AsClass to return Map* rather than Handle<Map> and converts
its call sites to create the Handle when they need it - currently
several sites immediately dereference the Handle.
Also marks WasmDebugInfo as NeverReadOnlySpaceObject so GetIsolate and
GetHeap remain usable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I7ea5048f97f140c757f651712b8c33a5c7e0ebc1
Reviewed-on: https://chromium-review.googlesource.com/1140302
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54513}
Ran GetIsolate/GetHeap removal script over all the header files included
into objects.cc. Affected classes include: ScriptContextTable
RuntimeCallTimerScope GlobalDictionaryShape Map LookupIterator
PrototypeIterator FixedArrayBuilder
Manually fixed up Map to mark its write operations as safe for
GetIsolate since they modify the object as so can't be done in RO_SPACE.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2fd0960f085d1bcb4cf54b3418899ac0217917ca
Reviewed-on: https://chromium-review.googlesource.com/1138076
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54488}
This CL adds inlining for the Number constructor if new.target is not
present. The lowering is BigInt compatible, i.e. it converts BigInts to
numbers.
Bug: v8:7904
Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
Reviewed-on: https://chromium-review.googlesource.com/1118557
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54454}
With ReadOnlyRoots and GetIsolate on JSReceiver, we can remove almost
every isolate parameter from <Object>::Print. The remaining ones, like
Map, are special-caseable for read-only maps, and as a result we can
remove isolate parameters from <Object>::Print entirely.
This patch also opportunistically cleans up a few places where isolates
were only needed for Object::Print, such as TransitionAccessors and
DescriptorArrays.
TBR=yangguo@chromium.org,mstarzinger@chromium.org
Bug: v8:7786
Change-Id: Id44bd53b9893e679eea5f37b9548257595a1bfd9
Reviewed-on: https://chromium-review.googlesource.com/1133385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54401}
- Move the CompilationDependencies member of OptimizedCompilationInfo
to Turbofan's PipelineData (and thus into the compiler namespace).
- Move compilation-dependencies.{cc,h} to the compiler directory.
Bug: v8:7902
Change-Id: I5471d0923daf83abe975357325db5bc5ad0a8571
Reviewed-on: https://chromium-review.googlesource.com/1127793
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54295}
This CL surfaces AssemblerOptions to CodeAssembler::GenerateCode and
to pipeline methods. To allow forward declaring AssemblerOptions,
AssemblerBase::Options was moved out of the AssemblerBase class.
Bug: v8:6666
Change-Id: If9fc50d3d4767bb5dd39a0c3b6e094021f4cae2b
Reviewed-on: https://chromium-review.googlesource.com/1127039
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54286}
This is a reland of 4b9b9b6845, which
accidentally disabled optimization after dependency changes (instead
of retrying).
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> Reland "[turbofan] Rewrite CompilationDependencies"
>
> This is a reland of 52a10e5081, after
> eliminating an invalid assumption about maps.
>
> TBR=jarin@chromium.org
> TBR=mstarzinger@chromium.org
>
> Original change's description:
> > [turbofan] Rewrite CompilationDependencies
> >
> > Instead of installing code dependencies during graph reduction,
> > install them after code generation.
> >
> > Bug: v8:7902, v8:7790
> > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> > Reviewed-on: https://chromium-review.googlesource.com/1119913
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54170}
>
> Bug: v8:7902, v8:7790
> Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
> Reviewed-on: https://chromium-review.googlesource.com/1126999
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54254}
Bug: v8:7902, v8:7790
Change-Id: I2b7a7d186e03990350e375470569177e3309683c
Reviewed-on: https://chromium-review.googlesource.com/1127579
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54280}
This is a reland of 52a10e5081, after
eliminating an invalid assumption about maps.
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> [turbofan] Rewrite CompilationDependencies
>
> Instead of installing code dependencies during graph reduction,
> install them after code generation.
>
> Bug: v8:7902, v8:7790
> Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> Reviewed-on: https://chromium-review.googlesource.com/1119913
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54170}
Bug: v8:7902, v8:7790
Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
Reviewed-on: https://chromium-review.googlesource.com/1126999
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54254}
Instead of installing code dependencies during graph reduction,
install them after code generation.
Bug: v8:7902, v8:7790
Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
Reviewed-on: https://chromium-review.googlesource.com/1119913
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54170}
Instead of storing both the {NativeModule} and the {WasmModule} in a
{Managed} object, just store the {WasmModule} in the {NativeModule}
directly. This fixes crashes that happen if the {Managed<WasmModule>}
dies before the {Managed<NativeModule>}.
R=mstarzinger@chromium.org
Bug: chromium:854794, v8:7879, v8:7889
Change-Id: I6b11729943fe7a03d225138782655ee5dafd26a6
Reviewed-on: https://chromium-review.googlesource.com/1118171
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54090}
This fixes include violations where normal "foo.h" headers included
inline "bar-inl.h" headers. It also removes two (almost) dead methods.
R=clemensh@chromium.org
BUG=v8:7754
Change-Id: I11c6ce71650db22f3c1d7cf5ca50529c94b94839
Reviewed-on: https://chromium-review.googlesource.com/1117076
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54060}
All Object::Print functions now take an Isolate* parameter. Various
XX::XXPrint functions now take an Isolate if it's needed rather than
calling GetIsolate(). Such method use DECL_PRINTER_WITH_ISOLATE rather
than DECL_PRINTER.
The _v8_internal_Print_ function (intended for use in gdb) now uses
Isolate::Current() to get hold of an Isolate.
Reduces the GetIsolate and GetHeap count by 9 and 5 respectively.
Also removes unneeded gdb/lldb macros (along with their support
functions), jfv, jfm, jda and jta, since job does the same thing.
Bug: v8:7786
Change-Id: Ib93ebca6ca47c4db9c85cc6d9ff8004da5942dec
Reviewed-on: https://chromium-review.googlesource.com/1112001
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54029}
TurboFan returned null handles if compilation did not succeed. This CL
changes that to a MaybeHandle to make it explicit that client code needs
to handle the error.
Bug: v8:7856
Change-Id: I6087e6263faa1150b9788213dd22c398b4a2fc2d
Reviewed-on: https://chromium-review.googlesource.com/1104688
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53824}
Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.
Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.
This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}
The FuzzAssemble* tests rely on two CSA functions which are relatively big. And
with the --enable-slow-asserts flag they get so big that the register
allocator's memory consumption becomes a problem. Let's just override this flag.
Bug: v8:7819, v8:6848, v8:7842
Change-Id: I95db59b9c788aa665d04339892b2e0b5d92d9a89
Reviewed-on: https://chromium-review.googlesource.com/1093315
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#53779}
No longer access the heap directly, as policed by Disallow*
scopes in JSContextSpecialization::Reduce.
Bug: v8:7790
Change-Id: I40f1c500b04b96152421fd5de631747ba386bca1
Reviewed-on: https://chromium-review.googlesource.com/1101322
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53759}
This is a reland of 0909dbe3d6.
Added missing V8_EXPORT_PRIVATE to AndroidLogStream.
TBR=mstarzinger@chromium.org
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
Bug: v8:7820
Change-Id: I8164bad78a401dbe4246c9ffcacd050fe511ed58
Reviewed-on: https://chromium-review.googlesource.com/1100636
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53733}
This reverts commit 0909dbe3d6.
Reason for revert: Blocks roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1099143
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,clemensh@chromium.org,bmeurer@chromium.org
Change-Id: Iadadd9a0df10dca0fad647138a83db50148e864d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7820
Reviewed-on: https://chromium-review.googlesource.com/1100635
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53725}
The often used construct {OFStream(stdout)} does not work on Android.
This CL introduces an {StdoutStream} which behaves exactly like
{OFStream(stdout)} on non-android platforms, and redirects to the
Android log on appropriate systems and configurations.
R=mstarzinger@chromium.org
Bug: v8:7820
Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
Reviewed-on: https://chromium-review.googlesource.com/1088911
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53692}
The isolate is mainly used for accounting purposes. As such, it
doesn't need a field in the WasmCodeManager, and cannot have one
if it is to be made isolate independent. Instead, pass the isolate
explicitly in the appropriate cases.
R=mstarzinger@chromium.org
BUG=v8:7424
Change-Id: I539c2b33692e57605a280530bd704ef25269ad0f
Reviewed-on: https://chromium-review.googlesource.com/1073412
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53676}
This CL inserts NOP instructions a little bit earlier into empty
blocks; this ensures that instructions keep their initial position.
Bug: v8:7327
Change-Id: Idee5269f4fd7fc15c44bda83a2be74e8cff62df8
Reviewed-on: https://chromium-review.googlesource.com/1097078
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53672}
Whenever an Isolate is available on a variable, field, or method
parameter, use that instead of GetIsolate(). Also convert simple
cases of the one-argument handle constructor to either use an
available Isolate, or use GetIsolate() if their first parameter
is a variable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I52805905a9ca8729615ead78859f43d5e8f605f1
Reviewed-on: https://chromium-review.googlesource.com/1092853
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53629}
As a first step towards moving accesses to the broker, this moves
heap accesses from BitsetType::Lub to the broker.
Bug: v8:7790
Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d
Reviewed-on: https://chromium-review.googlesource.com/1088695
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53571}
This also includes the precise reducer name. Currently the information
is available in the node tooltip in turbolizer. The new shortcut 's' in
the graph view selects the nodes the currently selected nodes were created
from.
Bug: v8:7327
Change-Id: I7ca7327d0cfa112972e3567df6e4a223c8eff3c0
Reviewed-on: https://chromium-review.googlesource.com/1064059
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53258}
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
This includes the following changes:
- Limit code space to 128 MB.
- Use direct branches wherever possible.
- Where not possible, continue using load literal followed by an indirect
branch.
- Sort RelocInfo by target_address_address for the serializer, since mixing
load literal instructions and branch instructions messes up that order.
- Ensure we always wipe out targets in the serializer (not just for the
snapshot) in order to be able to distinguish between constant pool entries
and branch instructions.
Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790
Reviewed-on: https://chromium-review.googlesource.com/939175
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52885}
The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.
With that in place, we also remove the array masking approach based
on arithmetic.
Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.
Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.
Bug: chromium:798964
Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}
This removes Type::operator-> which was used to split the change that
removed undefined misuse of Type* to represent integers.
Bug: v8:3770
Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99
Reviewed-on: https://chromium-review.googlesource.com/1033736
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52878}
This is part of the effort to decrease the amount of undefined behavior.
that v8 relies on.
The main change here is to represent types with class Type rather than
with pointer Type*. To make the CL smaller, I used an operator overload
hack to separate the change from `->` to `.`. I am working on a CL that
will remove the operator and change all those arrows to dots.
Bug: v8:3770
Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22
Reviewed-on: https://chromium-review.googlesource.com/1032551
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52872}
Linkage-related methods were declared in wasm-compiler.h and
implemented in wasm-linkage.cc. This required all users of e.g. wasm
call descriptors to include the whole wasm compiler header. Also, some
wasm linkage information is independent of turbofan and also used
outside of the compiler directory.
This CL splits off wasm-linkage.h (with minimal includes) and puts it
in src/wasm. This allows to use that information without including
compiler headers (will clean up several uses in follow-up CLs).
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7570
Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
Reviewed-on: https://chromium-review.googlesource.com/1013701
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52849}
Both macros currently call a function with individual CHECKs, which
makes error messages only show that one part of the equality check (and
not the the actual float values), and hides the actual location of the
check.
This CL refactors this such that the actual value is shown (just as
with other CHECK_EQ macros) and it shows the right file name and line
number.
R=ahaas@chromium.org
Bug: v8:7570
Change-Id: I198e73c053178a09f14330a18069463760693f81
Reviewed-on: https://chromium-review.googlesource.com/1027879
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52832}
I missed one required change which was hidden behind an #if. The fix is in
the diff between Patch 1 and Patch 3.
Original message:
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.
Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.
* I removed the public constructors and replaced them by
ExternalReference::Create(). The reason is to separate external
creation more clearly from internal creation, because externally
created ExternalReferences sometimes need redirection, whereas
internally created ExternalReferences are just stored as they are.
In addition, by removing the isolate from the signature of the
public constructors, they suddenly exactly matched the interal
constructor.
* Replace all uses of the public constructors with
ExternalReference::Create().
* Remove the isolate from all call sites where necessary.
This is a step towards making WebAssembly compilation independent of
the isolate.
R=mstarzinger@chromium.org
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I750c162f5d58ed32e866722b0db920f8b9bd8057
Reviewed-on: https://chromium-review.googlesource.com/1026673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52777}
This reverts commit 44ea425ab1.
Reason for revert: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Arm%20-%20debug%20builder/13575
Original change's description:
> [refactoring] Remove the isolate from signatures of ExternalReferences
>
> In this CL I remove the isolate from signatures of ExternalReference
> accessor functions where the isolate is not used. The uses of the
> isolate were already removed in previous CLs.
>
> Changes:
> * I split the ExternalReference list in external-reference.h into
> those which need the isolate for initialization and those which do not.
>
> * I removed the public constructors and replaced them by
> ExternalReference::Create(). The reason is to separate external
> creation more clearly from internal creation, because externally
> created ExternalReferences sometimes need redirection, whereas
> internally created ExternalReferences are just stored as they are.
> In addition, by removing the isolate from the signature of the
> public constructors, they suddenly exactly matched the interal
> constructor.
>
> * Replace all uses of the public constructors with
> ExternalReference::Create().
>
> * Remove the isolate from all call sites where necessary.
>
>
> This is a step towards making WebAssembly compilation independent of
> the isolate.
>
> Bug: v8:7570
> R=mstarzinger@chromium.org
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
> Reviewed-on: https://chromium-review.googlesource.com/1018982
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52768}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
Change-Id: I7c0d8d420f815cede23d550dee8942ac4d7791cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1026570
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52769}
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.
Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.
* I removed the public constructors and replaced them by
ExternalReference::Create(). The reason is to separate external
creation more clearly from internal creation, because externally
created ExternalReferences sometimes need redirection, whereas
internally created ExternalReferences are just stored as they are.
In addition, by removing the isolate from the signature of the
public constructors, they suddenly exactly matched the interal
constructor.
* Replace all uses of the public constructors with
ExternalReference::Create().
* Remove the isolate from all call sites where necessary.
This is a step towards making WebAssembly compilation independent of
the isolate.
Bug: v8:7570
R=mstarzinger@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
Reviewed-on: https://chromium-review.googlesource.com/1018982
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52768}
Wasm tier-up first compiles the whole module using Liftoff, and then
using Turbofan. The idea is to achieve fast start-up times by first
running Liftoff-compiled code. In the meantime we finish compilation
with Turbofan, and replace the Liftoff-compiled code as soon
as Turbofan finished compilation, thus achieving high performance.
Tier-up is enabled through the flag FLAG_wasm_tier_up.
Bug: v8:6600
Change-Id: I70552969c53d909a591666a1e7ce1ee1419b2f34
Reviewed-on: https://chromium-review.googlesource.com/1010422
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52759}
