This CL removes 'v8_use_snapshot' and the usages of the implied
V8_USE_SNAPSHOT define. One test runner unittest was updated to use the
"asan" variant instead of the now obsolete "no_snap" variant.
Related chromium CL: https://crrev.com/c/1796325.
Bug: v8:8531
Change-Id: I5da7c9f8e9110fe7bc0f4e4f821bcb7f7d98f927
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784282
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64290}
We are not shipping ptr-compr in M79 on x64 because chromium:1009439
blocks 31-bit Smis on 64-bit architectures, so these's no point in
disabling double fields unboxing.
This CL will be reverted after the M79 branch point.
Bug: v8:9799, chromium:1009439
Change-Id: I28d0013d3ab06ce41d5028ba4f66c9b249de52d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862556
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64288}
Fix uses of cached descriptors arrays used in loops that map-check
to ensure validity of the cache to also reload the descriptor in
case there are missed in-place representation updates.
As a drive-by, introduce inner HandleScopes for these loops.
Bug: chromium:1012301
Change-Id: I17273caf629a181b846d3c09777b5c08fd8cbb0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859621
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64287}
The reason is to unblock M79 blocked by chromium:1009439 while full
solution is not ready yet.
This CL will be reverted after the M79 branch point.
Bug: v8:9767, chromium:1009439
Change-Id: I5302d86fe953ecd94d9a4bba0d29c807b7b9d703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1862554
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64286}
This replaces all left-over uses of {WasmGraphBuilder::Buffer} with
proper alternatives (e.g. using {base::SmallVector} instead).
R=clemensb@chromium.org
Change-Id: I2607ce7e2638a1bb35daccbb5b38382d5b62a430
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859626
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64285}
Use v8::Data as basetype for managed objects that can integrate with
v8::EmbedderHeapTracer.
Bug: v8:9841
Change-Id: Id3e06701207a23870cea89e1d7d334c48fcd3006
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856002
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64283}
WebAssembly locals are specified to be zero on function entry. Liftoff
implements this by just storing the constant 0 in the virtual stack for
integer types, and using one floating point register initialized to
zero for all floating point types.
For big counts of locals this leads to problems (manifesting as huge
blocks of code being generated) once we hit a merge point: All those
constants (for int) and all duplicate register uses (for floats) need to
be fixed up, by using separate registers for the locals or spilling to
the stack if no more registers are available. All this spilling
generates a lot of code, and can even happen multiple times within a
function.
This CL optimizes for such cases by spilling all locals to the stack
initially. All merges within the function body get much smaller then.
The spilled values rarely have to be loaded anyway, because the initial
zero value is usually overwritten before the first use.
To optimize the code size for initializing big numbers of locals on the
stack, this CL also introduces the platform-specific
{FillStackSlotsWithZero} method which uses a loop for bigger local
counts.
This often saves dozens of kilobytes for very big functions, and shows
an overall code size reduction of 4-5 percent for big modules.
R=jkummerow@chromium.org
Bug: v8:9830
Change-Id: I23fa4145847827420f09e043a11e0e7b606e94cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856004
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64282}
The macros will use AVX variants when available.
Bug: v8:9561
Change-Id: I06872a08184983adc8018ffdf03916feac02016f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1857422
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64280}
This switches the {WasmGraphBuilder} to use {SmallVector} for passing
argument and return values. It deprecates {WasmGraphBuilder::Buffer},
which is a dangerous construct as it makes it easy to accidentally use
the single buffer for two vectors at the same time. This also removes
the by now unused {WasmGraphBuilder::Realloc} method.
R=clemensb@chromium.org
Change-Id: I6bd9be437a99c23bb403a046a75c148ac4a14451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859619
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64277}
This switches the {WasmGraphBuilder::GetExceptionValues} to use a proper
vector instead of the deprecated {Buffer} method. This also addresses a
TODO about missing landing pads for the above affected method.
R=clemensb@chromium.org
Change-Id: I33ba7d712a00f2a284ec159a501bcd90e02a3a51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1859620
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64276}
older gcc compilers (tested on PPC gcc 6) may throw the following error if
a non-copyable element is added to std::map:
src/torque/instance-type-generator.cc:192:76: required from here
/usr/include/c++/6/ext/new_allocator.h:120:4: error: use of deleted
function 'constexpr std::pair<_T1, _T2>::pair(const std::pair<_T1, _T2>&)
[with _T1 = v8::internal::torque::{anonymous}::InstanceTypeTree* const; _T2 =
std::unique_ptr<v8::internal::torque::{anonymous}::InstanceTypeTree>]'
explicitly constructing the std::pair will fix the compilation error.
Bug: v8:9850
Change-Id: I1e69e804be8bb9c16d013a90b532d670a97ed055
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1857552
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64275}
With exception handling enabled new call paths open up, which will
perform environment merging while a "call" or "call_indirect" is
currently being emitted. This will lead to double-use of the buffer
returned by calls to {Buffer} or {Realloc}. In general we should
transition away from this optimization to safer constructs such as
{base::SmallVector} to avoid such bugs.
R=clemensb@chromium.org
TEST=mjsunit/regress/regress-9832
BUG=v8:9832
Change-Id: I4c862ac1bc7dc34ad62279c82f6414153e8cbddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856006
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64271}
The assert code gets put into an unreachable block in release builds
to make sure it's type-checked and torque knows the code it contains is
used, but still it doesn't emit actual machine code.
Bug: v8:7793
Change-Id: I580fdd7ac059e0dbe85283fd35c3038634a7228e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1857226
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64270}
This patch stores the result of sysconf() in a long integer and
checks the result of Free().
Change-Id: If77e46a2f188e6bc36ef2e98eac36bf7a7d67dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855942
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64263}
... for the case we haven't seen any elements on the entire prototype chain.
Contributed by tao.pan@intel.com
Change-Id: Ied7d1a918b545e71d94ab1521bf0d233ea15cfce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848960
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/master@{#64261}
This requires a change to instruction selector to UseUnique so that it
does not shadow the temporary register.
Bug: v8:9810
Change-Id: Iaceadbc39f0c51a92c2a73c4b1097d49a7397876
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1850614
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64259}
Design doc:
https://docs.google.com/document/d/1ZU6rCvF2YHBGMLujWqqaxlPsjFfjKDE9C3-EugfdlAE/edit
Changes from the design doc:
- Changed to use 'class' declarations rather than 'type' declarations
for things that need instance types but whose layout is not known to
Torque. These declarations end with a semicolon rather than having a
full set of methods and fields surrounded by {}. If the class's name
should not be treated as a class name in generated output (because
it's actually a template, or doesn't exist at all), we use the
standard 'generates' clause to declare the most appropriate C++ class.
- Removed @instanceTypeName.
- @highestInstanceType became @highestInstanceTypeWithinParentClassRange
to indicate a semantic change: it no longer denotes the highest
instance type globally, but only within the range of values for its
immediate parent class. This lets us use it for Oddball, which is
expected to be the highest primitive type.
- Added new abstract classes JSCustomElementsObject and JSSpecialObject
to help with some range checks.
- Added @lowestInstanceTypeWithinParentClassRange so we can move the new
classes JSCustomElementsObject and JSSpecialObject to the beginning of
the JSObject range. This seems like the least-brittle way to establish
ranges that also include JSProxy (and these ranges are verified with
static assertions in instance-type.h).
- Renamed @instanceTypeValue to @apiExposedInstanceTypeValue.
- Renamed @instanceTypeFlags to @reserveBitsInInstanceType.
This change introduces the new annotations and adds the ability for
Torque to assign instance types that satisfy those annotations. Torque
now emits two new macros:
- TORQUE_ASSIGNED_INSTANCE_TYPES, which is used to define the
InstanceType enumeration
- TORQUE_ASSIGNED_INSTANCE_TYPE_LIST, which replaces the non-String
parts of INSTANCE_TYPE_LIST
The design document mentions a couple of other macro lists that could
easily be replaced, but I'd like to defer those to a subsequent checkin
because this one is already pretty large.
Bug: v8:7793
Change-Id: Ie71d93a9d5b610e62be0ffa3bb36180c3357a6e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1757094
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64258}
Increase the embedded vector size to 91 as that is the max size needed to print
a s128 as a 32x4.
- max value of uint32_t has 10 digits in decimal, 1 for a potential sign,
3 spaces in between 4 of them -> 3 + 4 * 11 = 47
- max value of uint32_t has 8 digits in hex, 3 spaces in between -> 3 + 4 * 8 = 35
- the prefix "v128:" -> 5
- " / " to separate the decimal and hex representation -> 3
- null byte
47 + 35 + 5 + 3 + 1 = 91
Bug: v8:9754
Change-Id: I153c30738fa8862b44fb5103cbe62ea0bcea9718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1814885
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64256}
The dispatch_semaphore_t is a higher-level, more-efficient semaphore
primitive if the cross-process capabilities of semaphore_t are not
needed.
Bug: chromium:1012386
Change-Id: I9cc6f025f00159f9424c054a3395542b9db00b89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848211
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64254}
setUnicodeKeywordValue doesn't remove unrelated keyword/value pairs
when the locale is too long, which causes NumberFormat to fail when
calling createInstance. Fix this by using LocaleBuilder to add keyword/value
into a new locale instead of removing the keyword.
Also see https://unicode-org.atlassian.net/browse/ICU-20862
Bug: chromium:1012579
Change-Id: I0f664f60dad8fe786443c8ca8b21ea43323cbf49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855586
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64253}
The pointer to the first page of code space is not consistent and
therefore shouldn't be included in the mkgrokdump output.
No-Tree-Checks: true
Bug: v8:9844
Change-Id: I697c34e30e9b67b44e603e92d4bd3c7b81c1af3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856511
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64250}
TSAN complains about missing synchronization on access to the page flags
because it does not support and recognize the memory fence we emit after
page initialization.
This adds a TSAN only acquire load to the code accesses page flags
similar to the existing load in MarkObject.
Bug: v8:9842
Change-Id: I34dac308ac1cce1d74a4a1bad95a482abc071595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856008
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64247}
When we allocate a large page we write a free space filler of the object's
size which is encoded as a Smi. Previously the 1Gb didn't fit into 31-bit
Smi. In addition, when pointer compression is enabled we should use the
same limitation as we had for 32 bit architectures.
Bug: v8:9767, chromium:1013042
Change-Id: I6e372324417f03977943f18816eaaf49540184ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856007
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64246}
When building with GCC8.1, has error: variable ‘kUpperBoundIsMax’,
‘kLowerBoundIsMin’ set but not used [-Werror=unused-but-set-variable]
so, using USE(var) to fix this error
Change-Id: I05133d3cb5843f4c0a4a59591470b0fcaa21f16f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848852
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64245}
This is for consistency and compiler-enforced type safety. No change
in behavior intended.
Change-Id: I31467832ba6c63fd5f97df9fee6221559b283d67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1852766
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64244}
In some cases operand of compress operation may be a decompress node of
different representation. For example, after linearizing of
CheckedTaggedToTagged[Signed|Pointer](value) we will proceed using
|value| node which may have any other tagged representation.
Bug: v8:8977, v8:7703
Change-Id: I3e276511f2c6127b3ecc1fe1cef4f64e7120d027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1856003
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64243}
The root was moved to the beginning of a 4Gb reservation, which
imapacts codegen https://chromium-review.googlesource.com/c/v8/v8/+/1835548
Since the tests are now passing, removed the SKIP on cctests.
Bug: v8:9820, v8:9706
Change-Id: Icb45e5b078c405aee880bd7f1c333d28acb7c271
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1849527
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64242}
This makes allocation of backing stores more robust by perfoming GCs
on allocation failure. The GCs help if there are existing large backing
stores that are retained by dead JSArrayBuffer objects.
Bug: chromium:1008938, v8:9380
Change-Id: Ic80b29214b8843427dfcdd141df71363821afe71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1855998
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#64241}
