For the wasm2js wrappers we have an optimization to call a JavaScript
function directly if the signature of the JavaScript function matches
the signature of the WebAssembly import. However, we are not supposed
to do this optimization if the imported function is a constructor,
because constructors can only be called with `new`. With this CL we
do not apply this optimization when the imported function is a
constructor.
R=titzer@chromium.org
Bug: chromium:824859
Change-Id: I1722367bd865d0b129eadf7d4849182410447179
Reviewed-on: https://chromium-review.googlesource.com/985974
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52296}
This relands commit 496d05967c.
Original change's description:
> [heap] Detect ineffective GCs near the heap limit.
>
> Currently V8 can enter CPU thrashing GC loop near the heap limit. In
> such cases it is better to trigger an out-of-memory failure earlier to
> avoid wasting CPU time and to avoid unresponsiveness.
>
> This patch adds a mechanism for tracking consecutive ineffective GCs.
> A GC is considered ineffective if the heap size after the GC is still
> close to the heap limit and if the average mutator utilization dropped
> below a fixed threshold.
>
> V8 execution is aborted after four consecutive ineffective GCs.
>
> Bug: chromium:824214
TBR: hpayer@chromium.org
Change-Id: Ib09d24d6280078ce6c33519309a2563c70fb68e1
Reviewed-on: https://chromium-review.googlesource.com/980555
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52286}
We need to bypass shortcuts when executing accessors defined via FunctionTemplate
if we have break points at function entry.
R=ishell@chromium.org, jgruber@chromium.org
Bug: v8:7596
Change-Id: I0e1bdbbba0f7dcd0fb7fe90d35b18234d073fe94
Reviewed-on: https://chromium-review.googlesource.com/980316
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52276}
Intent to ship:
https://groups.google.com/d/msg/v8-users/ShhW0Xewph0/1-OT9q0_DQAJ
Bug: v8:6791
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibcf5ac09c0099496ef2c6a3c23bef9f9e72658f1
Reviewed-on: https://chromium-review.googlesource.com/981596
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52256}
When a wasm function has a large stack frame, the x64 code generator
performs the stack overflow check before constructing the frame. This
requires using the `address_of_real_stack_limit` external reference, as
well as the `ThrowWasmStackOverflow` runtime function.
`ThrowWasmStackOverflow` is called via a generated trampoline, but it is
not a builtin, so the serializer adds it to the `stub_lookup_` map. This
map is encoded by using a monotonically increasing `stub_id` that starts
at 0.
When the function is serialized, a stub is differentiated from a builtin
by which half of the `i32` bits is used, upper or lower. A stub only
uses the lower 16 bits and a builtin only uses the upper 16 bits.
The deserializer checks whether the lower 16 bits are 0; if so, it is
determined to be a builtin. But if the `stub_id` is 0, then it will be
confused with builtin 0 (`RecordWrite`). Calling the builtin instead of
the stub causes a crash.
This CL starts all `stub_id`s at 1, which prevents the builtin/stub
confusion.
There is an additional bug that is not fixed by this CL:
`ThrowWasmStackOverflow` shouldn't be called at all. Currently it is
called because `address_of_real_stack_limit` is a thread-local value
that is not properly relocated.
Bug: chromium:808848
Change-Id: I06b3e650ea58ad717dcc47a3716443e16582e711
Reviewed-on: https://chromium-review.googlesource.com/981687
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52252}
Also annotate maps with the space, now that this can be RO_SPACE as well
as MAP_SPACE.
Bug: v8:7464
Change-Id: Id597b2195c179b38f93b0e1c6b2ce9ef04e4f0e4
Reviewed-on: https://chromium-review.googlesource.com/980554
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52251}
This reverts commit 496d05967c.
Reason for revert: https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Linux64_-_internal_snapshot%2F14705%2F%2B%2Frecipes%2Fsteps%2FCheck__flakes_%2F0%2Flogs%2FOutOfMemoryIneffectiv..%2F0
Original change's description:
> [heap] Detect ineffective GCs near the heap limit.
>
> Currently V8 can enter CPU thrashing GC loop near the heap limit. In
> such cases it is better to trigger an out-of-memory failure earlier to
> avoid wasting CPU time and to avoid unresponsiveness.
>
> This patch adds a mechanism for tracking consecutive ineffective GCs.
> A GC is considered ineffective if the heap size after the GC is still
> close to the heap limit and if the average mutator utilization dropped
> below a fixed threshold.
>
> V8 execution is aborted after four consecutive ineffective GCs.
>
> Bug: chromium:824214
> Change-Id: I647032707d49e5383e1317c5e7616dd57077ea32
> Reviewed-on: https://chromium-review.googlesource.com/978178
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52244}
TBR=ulan@chromium.org,hpayer@chromium.org
Change-Id: I267d247010a90224be60c27c83eeb37c3878fba5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:824214
Reviewed-on: https://chromium-review.googlesource.com/982072
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52246}
Currently V8 can enter CPU thrashing GC loop near the heap limit. In
such cases it is better to trigger an out-of-memory failure earlier to
avoid wasting CPU time and to avoid unresponsiveness.
This patch adds a mechanism for tracking consecutive ineffective GCs.
A GC is considered ineffective if the heap size after the GC is still
close to the heap limit and if the average mutator utilization dropped
below a fixed threshold.
V8 execution is aborted after four consecutive ineffective GCs.
Bug: chromium:824214
Change-Id: I647032707d49e5383e1317c5e7616dd57077ea32
Reviewed-on: https://chromium-review.googlesource.com/978178
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52244}
This CL changes the poisoning in the interpreter to use the
infrastructure used in the JIT.
This does not change the original flag semantics:
--branch-load-poisoning enables JIT mitigations as before.
--untrusted-code-mitigation enables the interpreter mitigations
(now realized using the compiler back-end), but does not enable
the back-end based mitigations for the Javascript JIT. So in effect
--untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
use the same mechanics (including changed register allocation) that
--branch-load-poisoning enables for the JIT.
Bug: chromium:798964
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
Reviewed-on: https://chromium-review.googlesource.com/928881
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52243}
The instruction scheduler is not supported on these platforms.
Bug: v8:7577
Change-Id: If89494153407c6223e30d856dd0f3152eb0c5817
Reviewed-on: https://chromium-review.googlesource.com/973362
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52241}
--cleanup-code-caches-at-gc flag was removed in
b8b25e1c27,
rendering the test obsolete.
Change-Id: I34331d230102924899c89d3330379df51a489029
Reviewed-on: https://chromium-review.googlesource.com/980937
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52239}
The embedder can get notification when V8 heap size approaches the heap limit
and can extend the heap limit if needed using
- v8::Isolate::AddNearHeapLimitCallback
- v8::Isolate::RemoveNearHeapLimitCallback
This generalizes the exiting v8::debug::SetOutOfMemoryCallback API.
Bug: chromium:824214
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia444cb7efb6fe85c57fa3785e8fd1d8b654a5224
Reviewed-on: https://chromium-review.googlesource.com/979447
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52238}
This is done now while embedders have yet to adapt to the new API before
it becomes hard to migrate.
Also renamed variable/methods to use "worker threads" rather than
"background" nomenclature.
Extracted from https://chromium-review.googlesource.com/c/v8/v8/+/978443/7
while resolving the more contentious bits around using task runners.
TBR=rmcilroy@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie3ddf15a708e829c0f718d89bebf3e96d1990c16
Reviewed-on: https://chromium-review.googlesource.com/980953
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52231}
This has been made possible when custom builtin constructors were
removed.
R=jgruber@chromium.org
Bug: v8:178, v8:7518
Change-Id: I7ee064c3b899732ebe9381ea004f231fa6c0cef0
Reviewed-on: https://chromium-review.googlesource.com/975541
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52229}
We don't want to run into the situation of breaking inside of
debug-evaluate. That would get even more confusing with throw-on-side-effect.
R=kozyatinskiy@chromium.org
Bug: v8:7592
Change-Id: I93f5de63d8943792ff000dbf7c6311df655d3793
Reviewed-on: https://chromium-review.googlesource.com/978164
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52227}
The mutator utilizaton is computed for each mark-compact GC cycle as
mutator_time / total_time, where
- total_time is the time from the end of the previous GC to the end of
the current GC
- mutator_time = total_time - incremental_steps_duration - gc_time.
Bug: chromium:824214
Change-Id: Ie1814f22f0816a3c9c579107f4950f6fc8c8a72d
Reviewed-on: https://chromium-review.googlesource.com/978215
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52221}
The optimization was replacing
String.fromCharCode(x) == "y"
with x == y instead of (x & 0xFFFF) == y if x was outside
of uint16 range.
Bug: v8:7340, v8:7531
Change-Id: I967306cc2e05c28de82e16cf1b2312fe47396a7d
Reviewed-on: https://chromium-review.googlesource.com/979808
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52214}
This param is no longer used to construct the SFI.
Bug: v8:7503
Change-Id: Ic93c91ce0ad9acf84da7f382c9a170c732db7176
Reviewed-on: https://chromium-review.googlesource.com/977926
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52205}
This relands commit ed3636e21bc772fec35deefc90850dc5bf850775..
Original change's description:
> [heap] Ensure that OOM callback is called before OOM.
>
> This patch also fixes MaxReserved() to accound for page headers and
> adds two tests for heap size and memory allocator size near OOM.
>
> Bug: chromium:824214
> Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
> Reviewed-on: https://chromium-review.googlesource.com/973614
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52184}
TBR=machenbach@chromium.org
Change-Id: Idc3086a8b9dd30038f48cae64c9a8eb0b45ee372
Reviewed-on: https://chromium-review.googlesource.com/977913
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52200}
This reverts commit ed3636e21b.
Reason for revert: Seems to lead to several timeouts in debug mode:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/19780
And on windows.
Original change's description:
> [heap] Ensure that OOM callback is called before OOM.
>
> This patch also fixes MaxReserved() to accound for page headers and
> adds two tests for heap size and memory allocator size near OOM.
>
> Bug: chromium:824214
> Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
> Reviewed-on: https://chromium-review.googlesource.com/973614
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52184}
TBR=ulan@chromium.org,hpayer@chromium.org
Change-Id: I1a98c070cee4039a1ef7851fcabd32d56d0629fe
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:824214
Reviewed-on: https://chromium-review.googlesource.com/977973
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52192}
This eases transition handlers caching and avoids memory overhead of
respective StoreHandler objects. In addition, it allows to use such
transition handlers on runtime side to make Object.assign implementation
a bit faster.
Bug: v8:5988
Change-Id: Iba660a11d4b300cd5f80615fb7e2608e53da8fee
Reviewed-on: https://chromium-review.googlesource.com/931701
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52187}
This patch also fixes MaxReserved() to accound for page headers and
adds two tests for heap size and memory allocator size near OOM.
Bug: chromium:824214
Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
Reviewed-on: https://chromium-review.googlesource.com/973614
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52184}
Also add a new fast-path for String.fromCodePoint.
R=neis@chromium.org
Bug: v8:7570, v8:7340
Change-Id: I6cd6e6fc98943588ecd646f24fcda043d4033ab0
Reviewed-on: https://chromium-review.googlesource.com/978244
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52183}
This CL also cleans up some related naming in typed-optimization.
R=neis@chromium.org
Bug: v8:7531, v8:7570
Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051
Reviewed-on: https://chromium-review.googlesource.com/978066
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52182}
This moves source position tables associated with WasmCode objects to be
located outside the garbage-collected heap. There now is a clear link to
the source position table from code, making the one-to-one relationship
and its lifetime explicit.
R=ahaas@chromium.org
BUG=v8:7424
Change-Id: I9d0b332732508c302ba525059ef02559f45aa2f6
Reviewed-on: https://chromium-review.googlesource.com/975565
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52178}
Moves RO_SPACE to the front of the AllocationSpace enum, so the space
pre-allocation iterations don't miss it. Being at the start of the enum
means that it continues to not be iterated over by any sweeper code,
which iterates from FIRST_GROWABLE_PAGED_SPACE to
LAST_GROWABLE_PAGED_SPACE (renamed from FIRST_PAGED_SPACE and
LAST_PAGED_SPACE).
Bug: v8:7464
Change-Id: I480ba784afbd878552d1cb7f9f5fa57c3b55e004
Reviewed-on: https://chromium-review.googlesource.com/973604
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52177}
When using trap handlers, memory references do not get any checks inserted. This
means there is no check for a null memory as happens when the memory size is
0. Normally this would be correctly caught as an out of bounds access, since the
low memory addresses are not normally mapped. However, if they were mapped for
some reason, we would not catch the out of bounds access.
The fix is to ensure WebAssembly instances always have a guard region even if
the memory is size 0.
This is a rewrite of 5e76ff5a4a
Note that this can lead to a large amount of unnecessary address space usage,
so we share a single reservation for empty array buffers.
Bug: chromium:769637
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia8e84be6d595e347d3d342959f2c374db1a3f683
Reviewed-on: https://chromium-review.googlesource.com/702657
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52163}
On float comparisons, we need a scratch byte register for the setcc
instruction, and if none is available, we spill. But this spilling code
is skipped if one of the operands is NaN. The cache state is updated
however, so following code assumes that the spill happened.
This CL fixes this by spilling before checking for NaN, such that the
spilling code is always executed.
R=titzer@chromium.org
Bug: v8:7582, v8:6600
Change-Id: I768d8de14e494d3ebea181c1f9f3129a4b005396
Reviewed-on: https://chromium-review.googlesource.com/973961
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52162}
This is a reland of d8f564eac6TBR=mstarzinger@chromium.org,yangguo@chromium.org,jgruber@chromium.org
Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I5187851b923e9a92f43daf8cb99e662786cbb839
Reviewed-on: https://chromium-review.googlesource.com/975942
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52159}
This is a reland of ed2605f040
Original change's description:
> [d8][wasm] Test wasm compilation completion
>
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
>
> R=ahaas@chromium.org
>
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}
Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
Reviewed-on: https://chromium-review.googlesource.com/975242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52154}
SuspendGenerator needs the accumulator to be live so that it can return
it.
Bug: chromium:806723
Change-Id: Iaa88fce96c36876e3e4256324ca650d475480c10
Reviewed-on: https://chromium-review.googlesource.com/975404
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52147}
Delaying the logging until after module creating ensures that the
module has been fully parsed and hence that all names are available.
Also refactors the code to bring all code logging/disassembling into
one place.
Change-Id: I8219d70876d2ccd3a5ffb8250b46fdf60a46fe6c
Reviewed-on: https://chromium-review.googlesource.com/973443
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52146}
See referenced bug: Async compilation can deadlock if a background task
queues the last compilation unit to be finished while the finisher
is already exiting because there was no more work.
This CL fixes this by making the finisher task check for new work after
setting the finisher_is_running_ flag to false.
R=ahaas@chromium.orgCC=kimanh@google.com
Bug: chromium:824681
Change-Id: If1f5700a9fdd5d150b36e37a5d14b692c2b0f3fb
Reviewed-on: https://chromium-review.googlesource.com/975301
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52139}
Mostly cosmetic changes. The biggest change is to encode block result
types using symbolic names instead of hex numbers.
R=ahaas@chromium.org
Change-Id: Ic0e6eccf687338e68508094168ddd70734cef301
Reviewed-on: https://chromium-review.googlesource.com/973527
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52138}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
(Reland of https://chromium-review.googlesource.com/952452)
TBR=mstarzinger@chromium.org
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
Reviewed-on: https://chromium-review.googlesource.com/970649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52136}
In Promise.all we used to allocate a fresh closure plus a fresh context
for each individual element, which is quite a lot of overhead, especially
since this could be shared in a single context for all elements. The only
bit of information that is needed for each resolve element closure is the
index under which to store the resulting value. With this change we move
this index to the "identity hash" field of the JSFunction, which doesn't
care about the concrete value anyways, as long as it's not zero (the "no
hash" sentinel), and share the rest of the fields in a single outer
context for all resolve element closures.
This limits the maximum number of elements for Promise.all to 2^21 for
now, but that should be fine. Shall we ever see the need for more than
this, we can add machinery to overflow to separate context for indices
larger than 2^21.
This significantly reduces the overhead due to Promise.all on the
parallel-async-es2017-native test, with execution time dropping from
around 148ms to 133ms, so overall a steady 10% improvement on this
benchmark.
Bug: v8:7253
Change-Id: I1092da771c4919f3db7129d2b0a244fc26a7b144
Reviewed-on: https://chromium-review.googlesource.com/973283
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52134}
Fix up disassembly triggered by --print-*-code to print to the trace
file specified by --redirect-code-traces-to rather than unconditionally
to stdout.
Change-Id: I80a8772361e8fb0550efcbbab6a7b7d822385303
Reviewed-on: https://chromium-review.googlesource.com/973167
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52119}
On ia32, the upper "half stack slot" must be located above the lower
half stack slot (in absolute address), hence the index is
"2 * index - 1" instead of "2 * index + 1". Note that the index
describes the negative offset from the stack pointer.
R=titzer@chromium.org
Bug: v8:7579
Change-Id: If207af405b126ab30043432d7934273e6e2a5330
Reviewed-on: https://chromium-review.googlesource.com/973301
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52116}
Some debugging tests relied on the following anti-pattern:
let exception = false;
try {
/* ... some code that may throw on test failure ... */
} catch (e) {
exception = e;
}
assertFalse(exception);
This may be problematic if a falseish value is thrown.
Change-Id: I02eace4cc656fc9581928a90ac53cda4dc72b30c
Reviewed-on: https://chromium-review.googlesource.com/972822
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52105}
The multi-return tests and fuzzer used a custom call descriptor which
was based on the default RegisterConfiguration. This meant that for the
tests, all available registers could be used to pass parameters and to
return values. This caused a problem, because in some cases we need a
scratch register in the frame deconstruction.
With this CL I change both the tests and the fuzzer to use the
WebAssembly call descriptor. Thereby we only use 2 registers for
returns, and one of the other registers can be used as scratch
register.
WebAssembly is the only use case at the moment which wants to return
values not only through registers but also over the stack. Therefore
I think it's acceptable to only test the WebAssembly usecase.
R=mstarzinger@chromium.org
Bug: chromium:813288
Change-Id: I31bed757af5f3e8589d2b3dfb6f0112ddecd1a20
Reviewed-on: https://chromium-review.googlesource.com/970656
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52099}
Embedded builtins are now based off the v8_enable_embedded_builtins
gn flag instead, which conditionally defines V8_EMBEDDED_BUILTINS.
Bug: v8:6666
Change-Id: I44d40d30fce3a3ed9bbf973d46c4990ba3fade40
Reviewed-on: https://chromium-review.googlesource.com/964361
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52092}
The new API supersedes the old `RegisterDefaultSignalHandler` and flag
combination. Now the embedder must explicitly call
`EnableWebAssemblyTrapHandler` to activate the trap handler and optionally
install the default signal handler. The old flag is now used only by D8 to
decide whether to call this function.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I05fbb2138138bfc95b14361aabd712db84789b4a
Reviewed-on: https://chromium-review.googlesource.com/963179
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52081}
This moves the Wasm-specific metadata from being fields on the
ArrayBuffer into a table managed by WasmMemoryTracker.
Bug: chromium:776273
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id8b050bfdfe0fbe9436fb055e92c08d503d3c2ba
Reviewed-on: https://chromium-review.googlesource.com/850550
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52080}
src/base/debug/stack_trace_posix.cc: suppressed unused function warnings
for functions DemangleSymbols, OutputPointer(in order to compile with
-Werror flag)
test/cctest/test-isolate-independent-builtins.cc: corrections to make
ByteInText test case compatible with aix. (affects aix only)
Change-Id: I49e45e63545404c77aaed3f51b26557f6f03455e
Reviewed-on: https://chromium-review.googlesource.com/927484
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52071}
The embedders should use the EmbedderGraph API. The similar structure
can be created with the following steps:
1) Create a root node for each retainer info group.
2) Iterate all handles using Isolate::VisitHandlesWithClassIds.
3) Add an edge from the retainer info node to the v8 wrapper node.
4) Add an edge from the v8 wrapper node to the retainer info node.
See how HeapSnapshotRetainedObjectInfo is converted to the new API.
Bug: chromium:749490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I124ae3853354863b4f888e6aa2ea13777dcaa37d
Reviewed-on: https://chromium-review.googlesource.com/948842
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52067}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
Reviewed-on: https://chromium-review.googlesource.com/952452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52064}
In general, TurboFan doesn't encounter phi nodes with only a single
data input in the backend. However, CSA-based builtins (especially
auto-generated ones, e.g. from Torque), may contain single-input phi nodes,
although outside the auto-generated case this doesn't happen much in practice.
Single input phi nodes (i.e. phis in blocks with one predecessor) don't have
any side effects and are essentially useless and harmless, but to avoid problems
in the backend of TurboFan (whose SSA deconstruction disallows control flow
splits that continue to blocks with phis), this CL tweaks the existing
CSA-only control flow and graph sanitization in the CSA path to ensure
no no-op phis.
Change-Id: I109f4dc6cde5ad1794585a09609a230b1848e0d5
Reviewed-on: https://chromium-review.googlesource.com/963711
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52056}
Also unskip test that has already been fixed in f1b1ec7.
R=jgruber@chromium.org
Bug: v8:178
Change-Id: I9cd2156ef41146b0dd58a974088726f5cbda8058
Reviewed-on: https://chromium-review.googlesource.com/970243
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52050}
For problems with the current approach, see crbug.com/v8/7564.
We can instead gather all weak references in code in VisitEmbeddedPointer.
BUG=v8:7564, v8:7308
Change-Id: Ib369e7ab9efd62c90bdac69835318929c58217f2
Reviewed-on: https://chromium-review.googlesource.com/968250
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52041}
This type is dangerous because it can become smaller over time (as
strings get internalized).
Bug: v8:6521
Change-Id: Iea650789ab52c13a0519f46999edc8a7959ccc71
Reviewed-on: https://chromium-review.googlesource.com/968525
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52040}
This avoids a deopt loop.
Bug: v8:7254
Change-Id: I3a676186bc52fd47b03f03c26cb07d9257993693
Reviewed-on: https://chromium-review.googlesource.com/968503
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52036}
