The (currently four, soon five) RelocIterator constructors contain
basically identical logic. Refactor that into a basic version that all
other constructors call.
Bug: v8:6666
Change-Id: Ice7b4891d5e539ff6fe63337fc52d480d85dc270
Reviewed-on: https://chromium-review.googlesource.com/1059109
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53189}
In particular:
* number of pointer fields
* number embedder fields
* number boxed fields
* number of unboxed double field
* number of raw data fields
Bug: v8:7703
Change-Id: I22a310d941317a0f34f67536e55fbfab5f5354cd
Reviewed-on: https://chromium-review.googlesource.com/1056532
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53188}
{ImportedFunctionEntry} offers two {set} methods: One takes a
{JSReceiver*}, the other one a {WasmInstanceObject*}. Since
{WasmInstanceObject} inherits from {JSReceiver}, it's quite easy to
confuse the two if the instance is hold as e.g. {JSObject}.
Hence, rename the methods to remove this ambiguity.
R=titzer@chromium.org
Bug: v8:7758
Change-Id: I06617a565faa561d3afc70085e0df3b528c715bb
Reviewed-on: https://chromium-review.googlesource.com/1059147
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53185}
The interpreter entry was sometimes referred to as "interpreter stub"
or "interpreter wrapper". Use the term "interpreter entry" consistently.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: Ia06449c91300fca454c6afd5c82a789749d6b7d0
Reviewed-on: https://chromium-review.googlesource.com/1058794
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53184}
For generating the WasmCompileLazy builtin, we need to know the list of
parameter registers in wasm. Instead of duplicating this, just use the
existing array from wasm-linkage.h.
R=titzer@chromium.org
Change-Id: Ib552af7b6a3defbc9c8b48390244bf943306a4b7
Reviewed-on: https://chromium-review.googlesource.com/1057310
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53182}
Since `at` register is used a lot in macro-assembler-mips, change
usage of this register with `kScratchReg` and `kScratchReg2`.
Also, remove TODO comments for unaligned memory access, since there
is nothing that can be done about it.
Change-Id: Ibf55c04a1f53521f34dfb483294de3010a0120c6
Reviewed-on: https://chromium-review.googlesource.com/1059347
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53181}
Moving asserts from helpers to the call sites, so the failure messages are more
helpful.
BUG=v8:7308
Change-Id: I1da491d408c2e2a1017b1d3fe484b7b3d877a2cf
Reviewed-on: https://chromium-review.googlesource.com/1058802
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53180}
This CL changes the generated C++ code for LabeledStatementBlocks to
only emit labels if they are used.
Prior to this CL, when a label was only used on one path of an
if constexpr expression, and not at all anywhere else,
the try/label construct would BIND a label that was not used,
causing a CSA verification error.
R=tebbi@chromium.org
Change-Id: Ia81a0cd081b84528c95bbdbdb98b9ab51928e13f
Reviewed-on: https://chromium-review.googlesource.com/1057247
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53173}
Splitting out hash table into a separate file in
b934607d4c caused a performance
regression.
This inlines GetHash and GetSimpleHash to fix the regression.
Bug: chromium:840694, v8:6443
Change-Id: I0466fa017a179ef2375cec4ddec8f04dfba75921
Reviewed-on: https://chromium-review.googlesource.com/1058446
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53170}
Port 5dfe23a40d
Original Commit Message:
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
R=georgia.kouveli@arm.com, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie3fecf70f78c234fefad86fec74820a61f3d227b
Reviewed-on: https://chromium-review.googlesource.com/1057965
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53167}
Implement atomic compare exchange and atomic bin OPs for
PPC and s390
Change-Id: I8f89a0ebb912082c4c1e6b9a3daf64f28c114010
Reviewed-on: https://chromium-review.googlesource.com/1013861
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53165}
This makes the fact that {WasmSharedModuleData} is shared across
instances explicit by hanging this {shared} reference off the module
object instead of the instance-specific {WasmCompiledModule} object.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I99bf3d855d6283bdc48373f0f8e2df1990905d3f
Reviewed-on: https://chromium-review.googlesource.com/1051909
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53163}
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
Change-Id: Ifd1a5aaf22c9c594e653cf4689ba46587811c4d0
Reviewed-on: https://chromium-review.googlesource.com/1055568
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53161}
This CL disables a DCHECK in RemoveArrayHoles that was triggered for
JSArrays that have read-only elements in the prototype chain.
The DCHECK is not removed because it will be re-enabled later when
the copying from the prototype chain (during sorting) will be done
for JSArrays as well.
R=cbruni@chromium.org
Bug: chromium:840855
Change-Id: Ia278bd2f060df094f477b4efbc3f5bdafd7ea7a8
Reviewed-on: https://chromium-review.googlesource.com/1057588
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53159}
Liftoff currently does not support all asm.js code, and tier-up does
not work with lazy compilation. Hence, disable Liftoff for asm.js in
general. We will look at this later, when we have better tier-up.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I00d9e27d861067b22c0738ade7070538ee8c919c
Reviewed-on: https://chromium-review.googlesource.com/1047245
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53158}
Instead of unconditionally copying the script name into a
heap-allocated char vector, use existing storage if possible. Also, try
to avoid materializing the script name for computing its length.
R=titzer@chromium.org
Change-Id: If0e8ac95ecbbb4e7463d9e4a4cdb5579270bcdaf
Reviewed-on: https://chromium-review.googlesource.com/1051230
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53157}
Minor performance optimization: A {WasmDecoder} instantiated with
{validate == false} does not need to check {decoder->ok()}.
R=titzer@chromium.org
Change-Id: Ieac8b18432453e1cfe9ee66a15a5e2145570436e
Reviewed-on: https://chromium-review.googlesource.com/1057567
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53156}
Now that {WasmCode} objects are no longer specific to an instance, it is
no longer needed to patch code when the last instance is finalized. The
code specialization in {WasmCompiledModule::Reset} is no longer needed.
R=clemensh@chromium.org
Change-Id: I430e7f7258d309916de1188d47677c7feb8123b0
Reviewed-on: https://chromium-review.googlesource.com/1057488
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53155}
A std::unique_ptr of array type uses the "delete[]" operator to delete
the memory, hence we should use "new[]" to allocate it.
I sometimes get this reported locally, even though I have
"alloc_dealloc_mismatch=0" in ASAN_OPTIONS. So why not just fix it.
R=marja@chromium.org
Bug: v8:7754
Change-Id: I026287a0e0ee4b9560c4fc7333267e738392b13f
Reviewed-on: https://chromium-review.googlesource.com/1057230
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53154}
The --trace-turbo flag would cause a crash when compiling a WASM_FUNCTION. It
was caused by assuming the OptimizedCompilationInfo had a SharedFunctionInfo
attached if the code isn't a stub and wasm functions are not considered as such.
In order to test this, we've added a new flag to specify were to dump JSON
files: --trace-turbo-path. This is used to make sure we do not leave lots of
files behind in the top-level directory. It should be useful as standalone
feature too.
Change-Id: Ia9442638d28100bea45a8683fb233803cc5393f2
Reviewed-on: https://chromium-review.googlesource.com/1030555
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53153}
The flag hash is used by code caching to recognize incompatible V8
configurations. When the flag hash differs, the cache is thrown out.
Code produced by embed/noembed builds is incompatible, and thus needs
to change the flag hash as well.
Bug: v8:6666, v8:7739
Change-Id: Icae8c6dc39b2eab491d28b2155f67103acf68181
Reviewed-on: https://chromium-review.googlesource.com/1057331
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53152}
This gets rid of the weakness hacks which were needed for remembering that maps
as handlers are weak, and other handles are strong.
BUG=v8:7308
Change-Id: I7fd3252ba67350803e2207dc12bbdf6abbae7e23
Reviewed-on: https://chromium-review.googlesource.com/1055449
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53151}
Module and script SharedFunctionInfos can't be used interchangeably
(e.g.: it should not be possible to bind a Module's SFI to a Context).
The dedicated type disambiguates the two.
This also adds an overload for CreateCodeCache which takes an unbound
module script instead of an unbound script. Both are just a SFI
underneath, so their behavior is identical.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iab519d0d50b6b41c95abdb6397f5622e292da4d8
Reviewed-on: https://chromium-review.googlesource.com/1047107
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53150}
The clusterfuzz issue crashes because VisitBinops expected only but 4
input operands but in the generated graph 5 input operands get created
The issue is fixed by increasing the size of the input operand buffer.
R=jarin@chromium.org
Bug: chromium:842501
Change-Id: I4bbb09a968e165e6f5a0a02d06eee97333f7aa38
Reviewed-on: https://chromium-review.googlesource.com/1056989
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53147}
Makes all but one data member private instead of protected and replaces
all Space::heap_ accesses with Space::heap().
Also moves Executability down from Space into PagedSpace and remove all
references in SemiSpace since it's always initialized with
NOT_EXECUTABLE.
Bug: v8:7754
Change-Id: Ic03ce35a5f970b3c1e25b32da53e4c9717b2ee1e
Reviewed-on: https://chromium-review.googlesource.com/1055510
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53146}
Shares the feedback slot when loading / storing named properties
when the name of the property and the variable corresponding
to the object are the same. This reduces the memory usage on most
real world benchmarks. There is a slight (~1%) increase in the overall
time spent in V8 on a couple of these pages.
There is also no overall performance regression on peak-performance
benchmarks like Octane, ARES. More detailed results are in this doc[1]
[1]: https://docs.google.com/document/d/1rPNjXU-WOlyNQovuQS28Zf2PHCENR97Bi76gV9mHHOc/edit?usp=sharing
BUG: v8:7530
Change-Id: I7dd98c2d26f4e6c94690ca7d9a8a4a8281b3142d
Reviewed-on: https://chromium-review.googlesource.com/966302
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53145}
We must not accept something of kBit representation as of
kWord32 representation (unless it's truncated accordingly).
Deopt instead.
Bug: v8:7740
Change-Id: Ib4f73600d66f8762a6e22f7ea1ce79e8ef451b34
Reviewed-on: https://chromium-review.googlesource.com/1054670
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53144}
We accidentally always enabled retpolines for indirect calls in
https://crrev.com/c/1047385. This regresses performance and code size
unnecessarily if the --no-untrusted-code-mitigations flag is used.
R=titzer@chromium.org
Bug: chromium:840376, chromium:798964
Change-Id: I6bab130e33d0dafa1f547ebf7e7930a23c4eba20
Reviewed-on: https://chromium-review.googlesource.com/1057128
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53142}
LSan is not implemented on windows, and trying to use the
{__lsan_ignore_object} function gives link error.
Since LSan is never enabled on windows, we also don't need the
annotations, so just disable them on windows.
R=bmeurer@chromium.org
Bug: chromium:842166,v8:7738
Change-Id: Ibaed77b4b884c09c7a08e081d953c56c53f907ff
Reviewed-on: https://chromium-review.googlesource.com/1056990
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53141}
Change-Id: I37ed9115c099f3d17f23a26348a1bbf5f773ee32
Reviewed-on: https://chromium-review.googlesource.com/1056668
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#53136}
In the process, add a few simple tests for "constexpr" expressions, which
identified a few bugs that are also fixed in this CL.
Change-Id: I97486c781572642d2b574b92133b1f9cda3db592
Reviewed-on: https://chromium-review.googlesource.com/1055493
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53135}
Node.js still support older versions of clang, and some of those
versions require us to explicitly declare default constructors for
classes. While updating V8 to 6.7 on Node.js we hit a build failure on
Mac OS X and FreeBSD because there was one constructor not complying
with that rule. This commit fixes it.
R=bmeurer@google.com, franzih@google.com, ofrobots@google.com, yangguo@google.com
Bug: v8:7743
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I1f57f0c88c27e4755c9e05f6fedd9def55d8cb77
Reviewed-on: https://chromium-review.googlesource.com/1050666
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#53132}
This makes the fact that export wrapper code is shared across instances
explicit by hanging the {export_wrappers} array off the module object
instead of the instance-specific {WasmCompiledModule} object.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic5c73bcc17f759e520c105317361e5654628b99e
Reviewed-on: https://chromium-review.googlesource.com/1051987
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53131}
In case of {kLoadI32}, use same sequence of instructions as in case
of {kI64LoadI32S}. This fixes irregular behavior on target.
TEST=cctest/test-run-wasm/RunWasmLiftoff_I32ShrSOnDifferentRegisters
Change-Id: I7ae6915c8b9bacb682e01db2c00f0c280dbb8254
Reviewed-on: https://chromium-review.googlesource.com/1054878
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53130}
The root visitor now collects marked roots in the marking worklist and
filters out objects that are not in the new space.
This reduces average marking time in MinorMC in Richards from 0.08ms
to 0.04ms:
baseline mark:
len: 22
min: 0.07
max: 0.18
avg: 0.0809090909091
[0,5[: 22
mark
len: 22
min: 0.03
max: 0.13
avg: 0.0409090909091
[0,5[: 22
Bug: chromium:651354
Change-Id: I979e2f5ba331f88029b69bab23978f7fcadb7024
Reviewed-on: https://chromium-review.googlesource.com/1055490
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53128}
This was already the case for 1-byte strings. This prevents crashes when
attempting to externalize such strings.
Bug: chromium:842078, v8:7464
Change-Id: I3092a6748edaf77b2689f7b6f6b949929998e508
Reviewed-on: https://chromium-review.googlesource.com/1054290
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53124}
Currently we are throwing an out-of-memory fatal error.
Bug: chromium:840329
Change-Id: I736dee890b6a338b458c9a4cc1c3fbb95e95742b
Reviewed-on: https://chromium-review.googlesource.com/1050285
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53123}
This reverts commit c280e7d4f4.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [heap] Clear the memory of pooled pages when allocating from the pool.
>
> Bug: chromium:999634
> Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f
> Reviewed-on: https://chromium-review.googlesource.com/1041688
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52948}
TBR=hpayer@chromium.org,mlippautz@chromium.org
Change-Id: I838d5fe1e6c6ac8b726a90a44b2eacbea9057866
Reviewed-on: https://chromium-review.googlesource.com/1054070
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53119}
Test mjsunit/wasm/compiled-module-serialization fails on those
architectures that do not support missaligned memory access.
We fix this by adding padding between code header and code start
in NativeModule serializer/deserializer so the code start is
properly aligned.
TEST=mjsunit/wasm/compiled-module-serializationx
Change-Id: I4f35b78a1190194088795b6f09becc3ad4251fdb
Reviewed-on: https://chromium-review.googlesource.com/1044186
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53117}
Avoid writing NumberOfElements to HashTable when it hasn't changed as
the HashTable could be in RO_SPACE and this operation will crash.
Bug: v8:841592
Change-Id: Iffadd567fc10aa9cd13d953da81275464b16c6c0
Reviewed-on: https://chromium-review.googlesource.com/1052693
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53116}
Allocation is super slow and produce big performance regression on
blink side.
Bug: chromium:839567,chromium:839809
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3e9989435515ecfaedaee60c1f0c6939b9053e95
Reviewed-on: https://chromium-review.googlesource.com/1053105
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53115}
We cannot drop the deprecated API right away because we need to keep binary compatiblity.
As a short term solution create CPU profiler lazily if the API is called.
BUG=v8:7070
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I04029844895976b25db165f4fba6afbfe1681913
Reviewed-on: https://chromium-review.googlesource.com/1047848
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53113}
The CompilationManager was introduced to manage the memory of
AsyncCompileJobs. However, by now this can be done better by the new
WasmEngine.
This CL just moves the code to wasm-engine.[h,cc] and adjusts the
callsites.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icd2c1f19feeaa854c74e020b41e314b8ad00cea5
Reviewed-on: https://chromium-review.googlesource.com/1052109
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53112}
This is a reland of e084eea628.
Undefined behavious was fixed in https://crrev.com/c/1051235.
Original change's description:
> Fix SourcePositionInfo for wasm
>
> In wasm we often don't have a SharedFunctionInfo associated with a
> compilation job, so we can't get a Script. Just print "unknown" in
> these cases (instead of crashing).
>
> R=titzer@chromium.org
> CC=herhut@chromium.org
>
> Bug: chromium:840757, v8:7738
> Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
> Reviewed-on: https://chromium-review.googlesource.com/1049632
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53080}
TBR=titzer@chromium.org
Bug: chromium:840757, v8:7738
Change-Id: If04040a33766955cfed78e7c27226dd04c3f9b9f
Reviewed-on: https://chromium-review.googlesource.com/1051266
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53111}
The 'pause' instruction is used for implementing retpolines. It is
currently being printed as 'nop', which is incorrect.
R=titzer@chromium.org
Change-Id: I134b6dae332103fd7f9b3c4e5520f0d5db06ba74
Reviewed-on: https://chromium-review.googlesource.com/1051789
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53109}
As SSCA mitigation, use retpoline for each indirect call. We currently
only support retpolines on ia32 and x64.
R=titzer@chromium.org
Bug: v8:6600, chromium:798964
Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800
Reviewed-on: https://chromium-review.googlesource.com/1052113
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53108}
Code comments are heap-allocated and never freed. We don't want to
attach them to the code object via a finalizer, since that could change
gc timing and heap layout when you enable code comments. They are used
to testing only anyway, so leaking is acceptable here.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: v8:7738
Change-Id: I27b0f95db1d66b57f4f113c154f23edb84e6700d
Reviewed-on: https://chromium-review.googlesource.com/1051241
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53107}
Plus a bit of CSA typification.
Bug: v8:7725
Change-Id: I43fea4a4c0739f9c24d84035816b046e742372ee
Reviewed-on: https://chromium-review.googlesource.com/1051653
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53102}
This CL adds a counter for sorting non-packed JSArrays where
Object.prototype was modified, or the prototype of the instance
differs from Array.prototype.
This is the V8 side of the change.
The Chromium-side CL: https://crrev.com/c/1051651R=jgruber@chromium.org
Bug: v8:7382
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3ce9789a5df4bb9af5d1bfc89681fcd112e28e83
Reviewed-on: https://chromium-review.googlesource.com/1051650
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53101}
The {CommentOperator}, used for implementing the --code-comments flag,
is not UBSan-safe. This CL fixes this and adds a test which uses code
comments.
R=bmeurer@chromium.org
Bug: v8:7744
Change-Id: Ia6ec509e77d998df085ac7377cb24854354e3aa2
Reviewed-on: https://chromium-review.googlesource.com/1051235
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53100}
The previous version was correct too, since we check sminess before. But with the
new check, it's easier to see it's correct.
BUG=v8:7308
Change-Id: I1632353ee5dfd305479858ec4a690b17bb70e6a6
Reviewed-on: https://chromium-review.googlesource.com/1039525
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53099}
Instead of {base::AtomicNumber<intptr_t>} use {std::atomic<size_t>},
since we really want to store a size_t in there, and only abused
negative values before to avoid a compare-and-swap loop.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: Ibff0fe0550396f11b343f7e3c098ccf94f6e8dbb
Reviewed-on: https://chromium-review.googlesource.com/1049067
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53098}
... in order to be able to use it in other constants definitions in the header.
Bug: v8:7570
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id5d6ae34ab401ecf063bf5897b87b6bb87c24960
Reviewed-on: https://chromium-review.googlesource.com/1032782
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53097}
Moves all Oddballs, empty_feedback_metadata, lots of symbols and
immortal heap numbers and several other empty collection objects.
RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE
old 31800 0 241976 24032 176 0
new 35080 0 238680 24032 176 0
diff +3280 -3296
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/1025996,
without the empty_property_dictionary which is not read-only.
Bug: v8:7464
Change-Id: I84840d86eb3e5906ddb8b4c4e9e70bfec0cf78bc
Reviewed-on: https://chromium-review.googlesource.com/1049611
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53096}
The 'generates' clause was missing (so I suppose it got mapped
to JSReceiver).
Change-Id: I146546921e552f17dbadf74082b31315bf868bf7
Reviewed-on: https://chromium-review.googlesource.com/1032434
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53093}
After closing a handle scope, and when allocating a new segment in a
zone, treat that memory as uninitialized in MSan. This will hopefully
catch more errors than handle zapping, which needs to be enabled
explicitly.
R=ahaas@chromium.org
Bug: v8:7570
Change-Id: Ie3be07434bed878fb607a522787514421f397197
Reviewed-on: https://chromium-review.googlesource.com/1046657
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53089}
The comment in {CallRuntime} was misleading. The {rsi}/{esi} register
did not hold the instance, but the context instead. The generated code
was correct thought.
R=titzer@chromium.org
Change-Id: I18020a04ac75faedf7ad5e4b07cab27ae0aedae7
Reviewed-on: https://chromium-review.googlesource.com/1051232
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53088}
This is a reland of 40f1aaf330
Put back padding clearing into the SerializeObject method but only when
the String is not in RO_SPACE. For RO_SPACE strings, if required
iterate over the space before serialization clearing the strings.
Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
>
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
>
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
>
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
>
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
>
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}
Bug: v8:7464
Change-Id: Ia8386c4ff5f5df3207f584caf7a9b1ff1e405f25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1042145
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53087}
This CL removes the JSGraph from WasmGraphBuilder and uses MachineGraph,
which is independent of the isolate, instead. In addition to using
the machine graph in the WasmGraphBuilder, this CL splits off a subclass
for compiling wrappers that does have a JSGraph and encapsulates it in
the .cc file. This makes the separation of WASM function graphs and WASM
wrapper graphs more explicit.
R=mstarzinger@chromium.orgCC=ahaas@chromium.org
BUG=v8:7721
Change-Id: I3c190baef2084919d22a9a89a8c9f11d2ddcf3d0
Reviewed-on: https://chromium-review.googlesource.com/1050266
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53086}
The handles created for each SharedFunctionInfo within
SourcePosition::InliningStack live for the life of the profile,
reaching 5MiB+ on an example server application for Node.
This HandleScope limits their lifetime locally, given that the handles
do not escape.
This saves ~10% of peak memory.
Bug: v8:7719
Change-Id: I97ce0fd3658be89fdd9cb9c1369ea5bfae0ce579
Reviewed-on: https://chromium-review.googlesource.com/1049647
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53085}
This makes sure that the {WasmModuleObject} has been allocated before
any debug events are fired. Since {WasmScript} objects reference the
module object, it needs to be allocated earlier by now.
R=ahaas@chromium.org
TEST=debugger/regress/regress-crbug-840288
BUG=chromium:840288
Change-Id: I02783ce126c463ac953eb2192acb65f3a5d420a1
Reviewed-on: https://chromium-review.googlesource.com/1050246
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53084}
This reverts commit e084eea628.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20UBSanVptr/builds/3163
Original change's description:
> Fix SourcePositionInfo for wasm
>
> In wasm we often don't have a SharedFunctionInfo associated with a
> compilation job, so we can't get a Script. Just print "unknown" in
> these cases (instead of crashing).
>
> R=titzer@chromium.org
> CC=herhut@chromium.org
>
> Bug: chromium:840757, v8:7738
> Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
> Reviewed-on: https://chromium-review.googlesource.com/1049632
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53080}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: Ib2020ea3f2b778df9fe50ccbe803938f2f4fd709
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:840757, v8:7738
Reviewed-on: https://chromium-review.googlesource.com/1051265
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53082}
Port d8131cd63a
Original Commit Message:
Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).
My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.
This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I193e4275470d492912a7d0f8523c3b8c29f1b146
Reviewed-on: https://chromium-review.googlesource.com/1050732
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#53081}
In wasm we often don't have a SharedFunctionInfo associated with a
compilation job, so we can't get a Script. Just print "unknown" in
these cases (instead of crashing).
R=titzer@chromium.org
CC=herhut@chromium.org
Bug: chromium:840757, v8:7738
Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
Reviewed-on: https://chromium-review.googlesource.com/1049632
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53080}
Removes lots of parameters that are never used (found using
-Wunused-parameter).
Also wires up the pretenure parameter for Factory::NewFrameArray so it's
actually used.
Change-Id: I486e22ac0683afb84bba6a286947674254f93832
Reviewed-on: https://chromium-review.googlesource.com/1041687
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53077}
Next SSCA mitigation: Mask the function index on indirect calls. This
avoids speculative jumps to arbitrary memory.
R=titzer@chromium.org
Bug: v8:6600, chromium:798964
Change-Id: Id4a54fbb42096655d48965b63202bb58f98dc9aa
Reviewed-on: https://chromium-review.googlesource.com/1049627
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53076}
If termination was requested on pause we should handle it properly as
soon as execution resumed.
R=yangguo@chromium.org
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ica50500094138097f115545db716264126fbe59e
Reviewed-on: https://chromium-review.googlesource.com/1049486
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53074}
Similar to msan.h, asan should get its own header file such that the
functionality can be reused.
R=ahaas@chromium.org
Bug: v8:7570
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib81e4ff4b1d08158df7730c32345d4facf9453b0
Reviewed-on: https://chromium-review.googlesource.com/1046656
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53073}
In addition to a git grep I ran the
virtual/enable_wasm_streaming/http/tests/wasm_streaming/wasm_response_apis.html
layout test locally to confirm that the flag is not used in Chrome.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I00d013b85b585d26e50aacaeb82fb0b1ce1ff56c
Reviewed-on: https://chromium-review.googlesource.com/1049965
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53072}
Currently, non-msan builds don't check the arguments for
MSAN_ALLOCATED_UNINITIALIZED_MEMORY and MSAN_MEMORY_IS_INITIALIZED
calls, so type errors will only be reported on the msan builder.
This CL adds static_asserts for non-msan builds.
Drive-by: Rename MEMORY_SANITIZER to V8_USE_MEMORY_SANITIZER and move
it to macros.h, where also other such macros (like
V8_USE_ADDRESS_SANITIZER) live.
R=ahaas@chromium.org
Bug: v8:7570
Change-Id: If6c3c6e0d1287b5f1e0c59828cd028d1beac933d
Reviewed-on: https://chromium-review.googlesource.com/1046655
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53071}
Fixes the MaybeObject->Object conversion in ObjectStats to allow Smis,
rather than just HeapObjects.
Change-Id: I845613c47bb6ca696d444a025100b471fb385980
Reviewed-on: https://chromium-review.googlesource.com/1049925
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53070}
Loading the length from a PropertyArray is currently broken.
Bug: v8:7732
Change-Id: Ia05f314f2f4822a8821801889b7a58f75b3f198c
Reviewed-on: https://chromium-review.googlesource.com/1049610
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53067}
To stay compatible with JSC, Array.p.sort did a post-processing step
that shadowed elements from the prototype chain.
Some time ago, JSC changed and no longer exhibits this behavior. To
preserve comptibility and stay consistent with RemoveArrayHoles,
this CL removes this post-processing step altogether and adjusts
tests to expect the new behavior.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7382
Change-Id: Iecedc37cea25001d3768b99a3a9de3a2db90ba82
Reviewed-on: https://chromium-review.googlesource.com/1047286
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53066}
Code comments help a lot to understand the generated code. Add a
comment before each instruction, and some special comments for longer
instructions.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ic18974e5cc89e23533e3abc54b0389723b77ff73
Reviewed-on: https://chromium-review.googlesource.com/1049626
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53064}
This CL re-implements CopyFromPrototype, that is used during sorting,
as a runtime function, in preparation to move Array.p.sort to CSA.
CopyFromPrototype is called for sparse non-arrays, where elements
might be available on the prototype chain. For compatibility with
JSC, we copy them to the object itself and sort only own properties.
Bug: v8:7382
Change-Id: I4f5c14995cf9769c4f9f1d62b3a5bfde6d386556
Reviewed-on: https://chromium-review.googlesource.com/1044205
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53061}
This CL implements the functionality of SafeRemoveArrayHoles (JS),
which is used as a pre-processing step for sorting, in a runtime
function.
SafeRemoveArrayHoles is a generic fallback, when an existing runtime
function fails to remove holes/move undefineds to the end of an array.
This CL extends the existing runtime function to also support JSProxy
objects, and objects where indices have accessors.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7382
Change-Id: I4881539cf2171caba08ff6e3e50320291f49839c
Reviewed-on: https://chromium-review.googlesource.com/1041950
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53060}
On system which required a contiguous code range, we currently limit
the committed wasm code space to the heap code space. Since
https://crrev.com/c/1044195, this was only 128MB, making bigger
benchmarks fail.
There is no need to link the two limits, thus just remove that logic.
R=titzer@chromium.org
Change-Id: Id61f5dd28c96c3d2b7fcd730751285c6fc144bc5
Reviewed-on: https://chromium-review.googlesource.com/1049648
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53059}
This shares JS-to-Wasm wrapper code across instances belonging to the
same module object. We no longer need to copy the wrappers since they
are by now independent of the concrete instance.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I54188eae6378e53cc274cd19f8e652ffdba72ee5
Reviewed-on: https://chromium-review.googlesource.com/1049607
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53058}
This changes JS-to-Wasm wrappers to no longer embed a WeakCell with the
associated instance into the code, but load the instance object from the
passed {WasmExportedFunction} object instead.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I5403f882912eb23e760fabe70207440648754a69
Reviewed-on: https://chromium-review.googlesource.com/1028053
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53057}
at register is used a lot in macro-assembler-mips[64].cc and
we should not use it as temporary register in other parts of code
Change-Id: I7ef038cdf4f8c57aa76823e7ee0ffb40b62731cd
Reviewed-on: https://chromium-review.googlesource.com/1027816
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53055}
- Make FeedbackVector backing store a WeakFixedArray.
- "feedback" is always strong but "extra" might be weak.
- Whenever the handler stored in FeedbackVector is a WeakCell to a transition
Map, replace it with an in-place weak reference.
For a more detailed description of the changes, see the design doc
https://docs.google.com/document/d/1P8cIme2wKszdYt64ObAiuh6pXgLnrrn80Hpl1ejJbOU/edit#heading=h.ijx1oculrikp
BUG=v8:7308
Change-Id: I72c5cf6597ef24d4c22a1fe8e25b67ca196d4ec8
Reviewed-on: https://chromium-review.googlesource.com/1027855
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53051}
This CL introduces type narrowing and constant folding reducers
to constant fold code that comes out of inlined destructuring
of arrays. In particular, array iterator introduces code that
contains a phi of a temporary array that blocks escape analysis.
The phi comes from conditional that can be evaluated statically
(i.e., constant folded), so with better constant folding we
allow escape analysis to get rid of the temporary array.
On a quick micro-benchmark below, we see more than 6x improvement.
This is close to the hand-optimized version - if we replace
body of f with 'return b + a', we get 220ms (versus 218ms with
destructuring).
function f(a, b) {
[b, a] = [a, b];
return a + b;
}
function sum(count) {
let s = 0;
for (let i = 0; i < count; i++) {
s += f(1, 2);
}
return s;
}
// Warm up
sum(1e5); sum(1e5);
console.time("destructure array");
sum(1e8);
console.timeEnd("destructure array");
console.timeEnd: destructure array, 213.526000
console.timeEnd: destructure array, 1503.537000
Bug: v8:7728
Change-Id: Ib7aec1d5897989e6adb1af1eddd516d8b3866db5
Reviewed-on: https://chromium-review.googlesource.com/1047672
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53048}
We had four files in git which used CRLF. After adding a .gitattributes
file with "* text=auto", we should not get any new ones. This CL
converts the four existing files to LF.
R=mathias@chromium.org
Bug: v8:7570
Change-Id: Ia9c92f4bed14c6669de7d60390627a11de6450b8
Reviewed-on: https://chromium-review.googlesource.com/1047611
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53046}
If trap handlers cannot be installed, we printed two lines to stdout
and stderr, both not terminated by a newline. This CL adds a newline to
one output and uses the FATAL macro for the other, highlighting the
error better and showing the location where it happens.
R=eholk@chromium.org
Bug: v8:7570
Change-Id: Ic24f48f92b87528e0fd5889badf2c90d765e451a
Reviewed-on: https://chromium-review.googlesource.com/1047606
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53043}
This API will be used by Node.js to provide output compatible with
Chrome devtools.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I265495f8af39bfc78d7fdbe43ac308f0920e817d
Reviewed-on: https://chromium-review.googlesource.com/1044491
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53041}
This moves the internal fields on {WasmExportedFunction} objects from
being properties with private symbols to a separate structure instead.
The new {WasmExportedFunctionData} structure can hang off the underlying
shared function info which is created for each exported function. This
reduces the number of transitions, speeds up instantiation, and makes it
easier to reach them from generated code (in the future).
R=titzer@chromium.org
BUG=v8:7424
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa733b6c9f7bea96246d6680756aa7101669a1a9
Reviewed-on: https://chromium-review.googlesource.com/1047025
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53040}
The RareData objects contain fields that often absent in CodeEntry'es.
They are created as needed when a corresponding field is added.
This reduces CodeEntry size on x64 by 40% from 136 to 80 bytes.
BUG=v8:7719
Change-Id: I1f3c6255aa2f228895e835b536c743396131db31
Reviewed-on: https://chromium-review.googlesource.com/1045885
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53039}
We lost the print functionality for stub schedules somewhere on the
way. This re-adds the appropriate call to TraceSchedule to get it
going again.
Bug: v8:7327
Change-Id: I245823b440542708410d2253f9f4e78b2e22f3c9
Reviewed-on: https://chromium-review.googlesource.com/1047270
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53038}
In preparation for cleaning up PipelineData to use a MachineGraph
where appropriate, move the dead node up to MachineGraph.
R=ahaas@chromium.org
Bug: v8:7721
Change-Id: I3f9d456aef7cf4d80adbc93ae938636ffcc3712d
Reviewed-on: https://chromium-review.googlesource.com/1046828
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53037}
Retpolines were never used for off-heap wasm code. This CL adds them.
R=titzer@chromium.org
Bug: chromium:840376, chromium:798964
Change-Id: I9f1b2150cce484f831a83663d1fb06555e7eac82
Reviewed-on: https://chromium-review.googlesource.com/1047385
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53036}
Trying to reduce use of our self-baked data structures.
Bug: v8:7570
Change-Id: I419a932b6b8904810844d40a5636e423df832197
Reviewed-on: https://chromium-review.googlesource.com/1032739
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53033}
The DCHECK was incorrect. This new API method can be called from any
debug mode since the embedder does not know which mode we are in.
It should only apply the side effect logic when the mode is
kSideEffects.
Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I11b0e5194b151a2b88171d6be21c3ccbba9cd408
Reviewed-on: https://chromium-review.googlesource.com/1046162
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53030}
Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).
My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.
This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.
TBR=mlippautz@chromium.org
Bug: v8:6666
Change-Id: I4cd63477f19a330ec70bbf20e2af8a42fb05fabb
Reviewed-on: https://chromium-review.googlesource.com/1044245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53027}
In the process, rename Boolean constants (i.e. JavaScript constants),
to 'True' and 'False'. This uncovered a bug in the internal handling
of True/False labels was fixed (they shouldn't be Values and Torque
shouldn't conflate Labels with other Declarables, throwing exceptions
when they're improperly used in the wrong context). Furthermore,
the internal labels used for True and False for if statements
have been renamed so that they can't be aliased from user Torque code.
Change-Id: I09dbd2241d2bc2f1daff53862dee1b601810060c
Reviewed-on: https://chromium-review.googlesource.com/1044370
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53026}
Define simple accessors in the header and give them lower case names.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: I2914013fdea2218189275bbaa9f98ea5de0ccd7c
Reviewed-on: https://chromium-review.googlesource.com/1046546
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53024}