This is a follow-up for 8ed81dd.
The TSAN exception has to be in MarkObject because that is called from
two places in concurrent marking.
Bug: v8:7574
Change-Id: If36b564bce0970c9b44c029055114bb6e2a74059
Reviewed-on: https://chromium-review.googlesource.com/973526
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52157}
This changes ArrayBufferTracker to count array buffer byte length instead of
allocation length. Byte length better approximates actual memory pressure
because it refers to how many bytes are actually committed, whereas for
allocation length, these bytes may be reserved but not committed.
Note that we still need to be careful about address space exhaustion. Most
address space is used by WebAssembly's guard regions. These are now managed by
WasmMemoryTracker to ensure we do not consume too much address space.
As a side effect, this CL fixes v8:7576 because byte_length() does not need to
access the is_wasm_memory field whereas allocation_length() does.
Bug: v8:7576
Change-Id: Ib974e86ec61e170930c835f0f0ad03e89dc02854
Reviewed-on: https://chromium-review.googlesource.com/973884
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52155}
This is a reland of ed2605f040
Original change's description:
> [d8][wasm] Test wasm compilation completion
>
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
>
> R=ahaas@chromium.org
>
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}
Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
Reviewed-on: https://chromium-review.googlesource.com/975242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52154}
For mode = kArrayFunction, we know that we need to call the array
constructor stub, so we don't need to read it out from the construct_stub
field. We also don't need to set it in the construct_stub field anymore,
so just use the builtins constructor stub like other builtins.
Also cleans up PushArgsThenCall by adding a dcheck that we are never in
mode = kArrayFunction, so we don't even try to generate code for this
case, but fail earlier instead.
We don't need to load the array function in ArrayConstructor because this
is set up for us by the builtins construct stub. We do have to check if
new_target is actually set before overwriting it with target, as we are
handling both call and construct cases in ArrayConstructor now.
Bug: v8:7503
Change-Id: I3622bf6127eebed8b55c9c199fa938a8e03b8baa
Reviewed-on: https://chromium-review.googlesource.com/973364
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52152}
SuspendGenerator needs the accumulator to be live so that it can return
it.
Bug: chromium:806723
Change-Id: Iaa88fce96c36876e3e4256324ca650d475480c10
Reviewed-on: https://chromium-review.googlesource.com/975404
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52147}
Delaying the logging until after module creating ensures that the
module has been fully parsed and hence that all names are available.
Also refactors the code to bring all code logging/disassembling into
one place.
Change-Id: I8219d70876d2ccd3a5ffb8250b46fdf60a46fe6c
Reviewed-on: https://chromium-review.googlesource.com/973443
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52146}
Given that we have not seen any regressions yet we're trying a more aggressive
limit.
Bug: chromium:818642, v8:5443
Change-Id: Ic45001ed6c042fc31cbba0d417d5060d2de8fb3a
Reviewed-on: https://chromium-review.googlesource.com/975126
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52145}
https://chromium-review.googlesource.com/971881 triggered jumbo
build failures due to a collision between the FlushICache functions
in module-compiler.cc and the FlushICache enum. If we move the
enum inside the WasmCode class we can disambiguate references to it.
Change-Id: Icd389ba8abf6afefc4a8aa53887779f4d1357dd2
Reviewed-on: https://chromium-review.googlesource.com/974261
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52144}
This is a reland of 9afde91b94
Original change's description:
> [builtins] Load external references from the external-reference-table
>
> Off-heap code cannot embed external references. With this CL, we load
> from the external reference table (reached through the root pointer)
> instead.
>
> In a follow-up, the table could be stored within the isolate itself,
> removing one more level of indirection.
>
> Bug: v8:6666
> Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> Reviewed-on: https://chromium-review.googlesource.com/970468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52073}
TBR=mstarzinger@chromium.org
Bug: v8:6666, v8:7580
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I30639fe17ea345119d38a176a29d521c4b1904cb
Reviewed-on: https://chromium-review.googlesource.com/975241
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52141}
The tagging logic used for serializing and deserializing WasmCode
objects is by now only used in the "wasm-serialization.cc" unit.
R=clemensh@chromium.org
Change-Id: I31bd82e7dbd17f713c5e51073dfd9836f1ddaed7
Reviewed-on: https://chromium-review.googlesource.com/975303
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52140}
See referenced bug: Async compilation can deadlock if a background task
queues the last compilation unit to be finished while the finisher
is already exiting because there was no more work.
This CL fixes this by making the finisher task check for new work after
setting the finisher_is_running_ flag to false.
R=ahaas@chromium.orgCC=kimanh@google.com
Bug: chromium:824681
Change-Id: If1f5700a9fdd5d150b36e37a5d14b692c2b0f3fb
Reviewed-on: https://chromium-review.googlesource.com/975301
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52139}
Mostly cosmetic changes. The biggest change is to encode block result
types using symbolic names instead of hex numbers.
R=ahaas@chromium.org
Change-Id: Ic0e6eccf687338e68508094168ddd70734cef301
Reviewed-on: https://chromium-review.googlesource.com/973527
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52138}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
(Reland of https://chromium-review.googlesource.com/952452)
TBR=mstarzinger@chromium.org
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
Reviewed-on: https://chromium-review.googlesource.com/970649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52136}
Split the OnFinishedUnit method in two, one for the error case
(OnError), one for the non-error case.
OnError now receives a handle to the error instead of the ErrorThrower,
such that the ErrorThrower is cleared independent of the registered
callbacks.
R=ahaas@chromium.orgCC=kimanh@google.com
Change-Id: Ia4ad81e0c12a42dbccc7fc5528438075c4ca9d58
Reviewed-on: https://chromium-review.googlesource.com/975183
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52135}
In Promise.all we used to allocate a fresh closure plus a fresh context
for each individual element, which is quite a lot of overhead, especially
since this could be shared in a single context for all elements. The only
bit of information that is needed for each resolve element closure is the
index under which to store the resulting value. With this change we move
this index to the "identity hash" field of the JSFunction, which doesn't
care about the concrete value anyways, as long as it's not zero (the "no
hash" sentinel), and share the rest of the fields in a single outer
context for all resolve element closures.
This limits the maximum number of elements for Promise.all to 2^21 for
now, but that should be fine. Shall we ever see the need for more than
this, we can add machinery to overflow to separate context for indices
larger than 2^21.
This significantly reduces the overhead due to Promise.all on the
parallel-async-es2017-native test, with execution time dropping from
around 148ms to 133ms, so overall a steady 10% improvement on this
benchmark.
Bug: v8:7253
Change-Id: I1092da771c4919f3db7129d2b0a244fc26a7b144
Reviewed-on: https://chromium-review.googlesource.com/973283
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52134}
The FuzzAssembleSwap test was failing with "--arm-arch=armv6". The reason was
that we were assuming we always had 2 D registers available as scratches, which
isn't the case if VFP32DREGS isn't enabled.
Change-Id: Ie97b48fd36fcbdbc6e137412c148a0bf58b498a6
Reviewed-on: https://chromium-review.googlesource.com/957733
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52132}
... and some more cleanup.
The main change is that NativeModule::CloneCode does not relocate the
new code. Wasm functions can only call other trampolines or stubs, or
other wasm functions. Both of these targets are patched later anyway.
This also fixes a bug on arm architectures, where the new call target
(after RelocInfo::apply) could not be encoded in the instruction
correctly. Now the relocation and the patching happen in one step,
avoiding this problem.
R=mstarzinger@chromium.org
Bug: v8:7578
Change-Id: I99a31f9789e7ac811d9b9c0b09bf02b5953d7108
Reviewed-on: https://chromium-review.googlesource.com/971141
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52131}
Also update some old email addresses in TODO notes.
Bug: v8:7441
Change-Id: I33b88635b3e0bc56cf1679fade1484cfd53ce184
Reviewed-on: https://chromium-review.googlesource.com/974402
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52130}
This CL also deprecates V8::RegisterDefaultSignalHandler. Now instead of
using the old API, clients should call V8::EnableWebAssemblyTrapHandler.
Just setting the --wasm-trap-handler flag will no longer have any
effect.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idd862185af9abcd4a3c845c02f9e916e8b56f114
Reviewed-on: https://chromium-review.googlesource.com/965005
Reviewed-by: Karl Schimpf <kschimpf@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52126}
Using a 256-byte buffer avoids 99% of allocations across v8's top25
benchmark. This also leads to a significant performance increase on
speedometer, with a ~1.2% improvement on jQuery, ~1.3% on VanillaJS
and an overall ~0.4% improvement on the score.
Bug: v8:7555
Change-Id: Icd6fa07341eb989892431cb1e4995557e35c7a67
Reviewed-on: https://chromium-review.googlesource.com/971837
Commit-Queue: Lucas Gadani <lfg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52125}
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64, arm, arm64} to {x64, arm, arm64, mips, mips64}.
Overview of changes:
- new register configuration configuration with one register reserved for
the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
of all successors of branches (and deopts) that are marked as safety
branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
(In this CL, this last step is left as a TODO. You can run with the flag,
though mitigations will just not be effective at this time).
* only integer loads are masked at the moment.
TBR=mstarzinger@chromium.org
Change-Id: Ie6eb8719bf85d49c03b4a28e2f054480195a1471
Reviewed-on: https://chromium-review.googlesource.com/973616
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52123}
The tick-processor expects a certain format for functions in d8's
cpu profile log (--prof). To make wasm functions look like js functions,
this change adds a fake address to the log output that can be used as
key for the wasm function. This enables basic profiling of wasm code
using the --prof flag and the tick-processor.
Change-Id: Iaeed575499b2d58d0f937c109a047b17615a01d1
Reviewed-on: https://chromium-review.googlesource.com/973373
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52122}
This reverts commit f81847388c.
Reason for revert: arm is still unhappy https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20GC%20Stress/builds/6633
Original change's description:
> Reland "[builtins] Load external references from the external-reference-table"
>
> This is a reland of 9afde91b94
>
> Original change's description:
> > [builtins] Load external references from the external-reference-table
> >
> > Off-heap code cannot embed external references. With this CL, we load
> > from the external reference table (reached through the root pointer)
> > instead.
> >
> > In a follow-up, the table could be stored within the isolate itself,
> > removing one more level of indirection.
> >
> > Bug: v8:6666
> > Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> > Reviewed-on: https://chromium-review.googlesource.com/970468
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52073}
>
> TBR=mstarzinger@chromium.org
>
> Bug: v8:6666, v8:7580
> Change-Id: I163cfc15605c1183b79ead77df0e37d71d60b6f7
> Reviewed-on: https://chromium-review.googlesource.com/972821
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52118}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I5bcd1a1c84c6e9a6a24364390c9359d43c77120d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666, v8:7580
Reviewed-on: https://chromium-review.googlesource.com/973782
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52121}
Fix up disassembly triggered by --print-*-code to print to the trace
file specified by --redirect-code-traces-to rather than unconditionally
to stdout.
Change-Id: I80a8772361e8fb0550efcbbab6a7b7d822385303
Reviewed-on: https://chromium-review.googlesource.com/973167
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52119}
This is a reland of 9afde91b94
Original change's description:
> [builtins] Load external references from the external-reference-table
>
> Off-heap code cannot embed external references. With this CL, we load
> from the external reference table (reached through the root pointer)
> instead.
>
> In a follow-up, the table could be stored within the isolate itself,
> removing one more level of indirection.
>
> Bug: v8:6666
> Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> Reviewed-on: https://chromium-review.googlesource.com/970468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52073}
TBR=mstarzinger@chromium.org
Bug: v8:6666, v8:7580
Change-Id: I163cfc15605c1183b79ead77df0e37d71d60b6f7
Reviewed-on: https://chromium-review.googlesource.com/972821
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52118}
On ia32, the upper "half stack slot" must be located above the lower
half stack slot (in absolute address), hence the index is
"2 * index - 1" instead of "2 * index + 1". Note that the index
describes the negative offset from the stack pointer.
R=titzer@chromium.org
Bug: v8:7579
Change-Id: If207af405b126ab30043432d7934273e6e2a5330
Reviewed-on: https://chromium-review.googlesource.com/973301
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52116}
This method always calls the FATAL macro, which is also marked
[[noreturn]]. The documentation already mentioned this, but now it's
actually enforced by the compiler.
R=adamk@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2e331c9826fad6aad9c22929a0d5f890a508d0d9
Reviewed-on: https://chromium-review.googlesource.com/966561
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52115}
This adds 5% testing of 'ignition' vs 'liftoff', which tests Turbofan vs
Liftoff for wasm code, and tests Ignition vs Turbofan for javascript
code.
It also adds 3% testing of 'liftoff' (x64) vs 'liftoff' (ia32), which
does standard x64 vs ia32 testing for javascript code.
R=machenbach@chromium.org
Bug: chromium:824098, v8:6600
Change-Id: I6a6afae0300efc33f3535541a11695a7bb32dcc5
Reviewed-on: https://chromium-review.googlesource.com/973161
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52111}
This CL renames InterpreterPushArgsMode::kJSFunction to kArrayFunction
because we only ever use it for the array function.
We never use PushArgsThenCall with kArrayFunction mode, so remove the
unused helpers that provide the plumbing there.
This is in preparation for changes to PushArgsThenConstruct, where we
will no longer pass the allocation site as undefined for modes other
than kArrayFunction.
Bug: v8:7503
Change-Id: I86e3333e2ebd912fc8f9b0e4248282330af4b9e2
Reviewed-on: https://chromium-review.googlesource.com/972047
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Mythri Alle <mythria@google.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52109}
