Commit Graph

70772 Commits

Author SHA1 Message Date
Camillo Bruni
f688fe086f Reland "[counters] Fix reentrant timers for V8.Execute"
This is a reland of fffcbaea55

Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests

Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8:           |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback):    |-+...+-|    self-time: 2 units (ignored)
> 3. Re-enter V8:             |---|      self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
>   histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
>   This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
>   and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}

Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}
2021-08-09 18:41:50 +00:00
Ng Zhi An
688b3b2163 [logging] Specify CodeEvent when logging CodeLinePosInfo
In gdbbjit's event handler, we return early if code_type is not
JIT_CODE. Unfortunately, in all CodeLinePosInfo event, we memset the
struct, so code_type is always BYTE_CODE, so no line information was
getting saved.

Drive-by clean up to aggregate initialize JitCodeEvent. Since the
initializer list is empty, all members are value-initialized, and in
this case, zero-initialized.

Bug: v8:12035
Change-Id: I67df2688f13fafbb0806546568eb2574ac8d5e2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071909
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76179}
2021-08-09 17:57:23 +00:00
Manos Koukoutos
16d9a1eb38 [wasm-gc] Fix array.new_with_rtt within loop
Since array.new_with_rtt implicitly introduces a loop, we should mark
any loop including this instruction as non-innermost.

Bug: chromium:1236958
Change-Id: I2d92b5fdba748df0e4ac1d6cbc524428b1042578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080574
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76178}
2021-08-09 17:22:42 +00:00
Clemens Backes
1c0cca0f56 Reland: [wasm] Check correctness of thread-local write protection
The fix landed as a separate CL: https://crrev.com/c/3081522
This is an unmodified reland.

Original description:
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.

This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.

R=jkummerow@chromium.org

Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76177}
2021-08-09 16:50:51 +00:00
Manos Koukoutos
ce8812aceb [wasm-gc][test] Add builtin ref type handling in wasm-module-builder
We currently print reference type indices as unsigned LEB. This will not
work properly for large indices (>=64), as they will be interpreted as
negative indices when read back. They may also alias with builtin types.
In this CL, we fix this by defining builtin types as negative numbers.
We add positive byte constants that can be used in function bodies.
We adapt wasm-module-builder and tests to the above changes.

Bug: v8:7748
Change-Id: I4dfaa65d4cbf77a6731ca2283148bd842ea5c56b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080569
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76176}
2021-08-09 16:23:22 +00:00
Thibaud Michaud
e7053d4673 [wasm][eh] Add missing type check in W.Exception.getArg()
Check that the tag argument matches the exception's own tag, and throw a
type error if not.

R=jkummerow@chromium.org

Bug: chromium:1237751, v8:11992
Change-Id: Ia404b83c202a247791583f0252833c36801e9ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081523
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76175}
2021-08-09 15:20:12 +00:00
Clemens Backes
d38ea7d979 [wasm] Avoid code modifications during code freeing
Code freeing can happen at any point in time where a GC might be
triggered. Hence it's difficult to ensure that no other
{CodeSpaceWriteScope} is already open at that point. The way these scope
objects are implemented forbids multiple scopes for different modules
though.
To solve this, this CL just avoids the code zapping in
{WasmCodeAllocator::FreeCode}, which is the only place that actually
writes to the code space. Without this, we do not need the
{CodeSpaceWriteScope} in {NativeModule::FreeCode} any more.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I1f01979e1eaea6c311c9ad568d605aabeef3bfc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081522
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76174}
2021-08-09 15:19:01 +00:00
Omer Katz
e82a3b1e79 cppgc: Add CHECK that caged heap is allocated below stack
On OSes other than Windows and Fuchsia the write barrier assumes that
the caged heap is allocated below the stack.
Add CHECK that the assumption holds.

Bug: chromium:1056170
Change-Id: I64c790e61b4cfa2adb8274ed74111f0433e9aefb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080570
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76173}
2021-08-09 15:16:06 +00:00
Camillo Bruni
7698e9befe [modules] Fix AsyncModuleExecutionFulfilled with pending error
This is a partial fix to mitigate immediate issues. The code needs some
overhaul to match the recent spec changes.

Drive-by-fix: Partially update comments to match spec

Bug: v8:11949
Change-Id: I6b03d38c758176e29e8951af21c43d030bbb684d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075360
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76172}
2021-08-09 15:15:03 +00:00
legendecas
112e924dea [runtime] Prevent performing GetOwnPropertyDescriptor on excluded keys
Excluded keys should not be performed with GetOwnPropertyDescriptor on
source object in CopyDataProperties.

The key values fetch in CopyDataProperties might be arbitrary kind. It
may be smi, string, and symbol. Yet the proxy keys collected by
KeyAccumulator are not expected types for numeric keys. Those keys
should be converted to expected types.

Also updates a typo in comments of
BytecodeGenerator::BuildDestructuringObjectAssignment. The elements in
rest_runtime_callargs should be [value, ...excluded_properties].

Refs: https://tc39.es/ecma262/#sec-copydataproperties
Bug: v8:11532
Change-Id: If71bfedf8272ce8405e8566a016fae66b3007dd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060275
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76171}
2021-08-09 14:27:41 +00:00
Omer Katz
5acd927b47 Reland "heap: Implement DiscardSystemPages for Fuchsia"
This is a reland of e5d568f4f4

Original change's description:
> heap: Implement DiscardSystemPages for Fuchsia
>
> Bug: v8:12050
> Change-Id: I9fa5c0d38f277e363befbdaecaaedd4ee55bfb07
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071208
> Reviewed-by: Wez <wez@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76160}

Bug: v8:12050
Change-Id: I8ca9a578bc36e9f85634dfa3fba0baef6bb82579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081521
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76170}
2021-08-09 14:18:51 +00:00
Camillo Bruni
6d096131b0 [codegen] Use StrictEquals for host defined options code cache checks
The previous CL https://crrev.com/c/3069152 only did a pointer equality
check for host defined options. This broke code caching for chrome.

This CL extends the check to use a shallow strict equals check on the
host defined options elements.

Bug: v8:10284, chromium:1237242
Change-Id: Ie0ab17a5f5abe024061b6c3d3d68367d9e92b78b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081607
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76169}
2021-08-09 14:15:01 +00:00
Victor Gomes
3dc66c735b [bazel] Initial support to mjsunit tests
No-Try: true
Bug: v8:11234
Change-Id: I2035107dfc1865ab17a6eb654a9a0967d6cac357
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080575
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76168}
2021-08-09 14:12:02 +00:00
Georg Neis
a22d54844f [compiler] Remove Ref statistics/analysis
This is no longer useful since the SerializeForBackgroundCompilation is
gone.

Bug: v8:7790
Change-Id: Icb4858a5863daca740fc13c52b7ee0bb7ec0f155
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081608
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76167}
2021-08-09 13:56:41 +00:00
Michael Lippautz
69426180fa cppgc: Fix missing <utility> include
<utility> is needed for std::forward.

Bug: chromium:1237252
Change-Id: I5c0c8c9a16c133bf54c360f32730f08bd2f158b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081602
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76166}
2021-08-09 13:28:04 +00:00
Manos Koukoutos
bb0000273b [turbofan] Optimize CsaLoadElimination
Design doc: https://bit.ly/36MfD6Y, section "Improving Computational
Complexity of CSALoadElimination".

We optimize CsaLoadElimination::AbstractState::KillField() by
fine-graining AbstractState. We now represent it with 6 maps
corresponding to (object kind, offset kind) pairs. This makes it
possible for KillField() to manipulate the state faster. For more
information consult the above design doc.

Bug: v8:11510
Change-Id: I7d991cd47f946edb20e746bc7e6792ae3c70004f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038521
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76165}
2021-08-09 12:59:03 +00:00
Jakob Gruber
d9c06ed127 [compiler] Fix a race on AccessorPair::{g,s}etter
The getter and setter members may be set after initialization; in that
case, use acquire-release semantics.

Bug: v8:7790, chromium:1236965
Change-Id: Ia28c89b664787ff92a56a2f6dcc4d76655df5ff3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080567
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76164}
2021-08-09 12:58:01 +00:00
Clemens Backes
0e447c4a3c [wasm] Only make needed regions writable
On Windows, the overhead of {SetPermissions} (which maps to a
{VirtualAlloc} call) heavily depends on the amount of memory on which
permissions are switched. Hence this CL changes permission switching
to only switch the code regions that are actually needed. This will
increase the number of system calls, but reduce the total size of
switched memory.

On a Unity benchmark, this reduced the lazy compilation time on Windows
from 13.7 seconds to 3.6 seconds (3.0 seconds without write protection).
On Linux, there is no measurable effect, but permission switching
generally seems to have way less overhead on Linux.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: I46dd4ae9997587226b3d81166cf2e1128383ab34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077144
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76163}
2021-08-09 11:30:01 +00:00
Sathya Gunasekaran
7df6678c32 [api] Implement signature checks using instance types
Rather than depending on slow signature checks, receiver type checks are
performed using fast numeric instance type checks.

This CL adds a instance type range for embedders to assign values and
uses these to perform type checks.

Bug: v8:11476
Change-Id: Ie8236ae47ca0ba93ae76a7e690b81aa0a2b0f3e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883623
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76162}
2021-08-09 11:01:15 +00:00
Clemens Backes
f9627c11b6 Revert "heap: Implement DiscardSystemPages for Fuchsia"
This reverts commit e5d568f4f4.

Reason for revert: Compile error: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Fuchsia%20-%20builder/9825/overview

Original change's description:
> heap: Implement DiscardSystemPages for Fuchsia
>
> Bug: v8:12050
> Change-Id: I9fa5c0d38f277e363befbdaecaaedd4ee55bfb07
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071208
> Reviewed-by: Wez <wez@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76160}

Bug: v8:12050
Change-Id: I2abdadc4b47656074aa49323f9896695ab5642df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080576
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76161}
2021-08-09 10:56:21 +00:00
Omer Katz
e5d568f4f4 heap: Implement DiscardSystemPages for Fuchsia
Bug: v8:12050
Change-Id: I9fa5c0d38f277e363befbdaecaaedd4ee55bfb07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071208
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76160}
2021-08-09 10:46:21 +00:00
Clemens Backes
465ca09fda [base] Downgrade CHECKs to DCHECKs in BoundedPageAllocator
BoundedPageAllocator was added in https://crrev.com/c/1226915 with lots
of CHECKs. There was no special reason given for that, and it's
inconsistent with the default choice for DCHECKs that we have in other
parts of the code.
Hence this CL degrades most of these CHECKs to DCHECKs, except for the
{SetPermissions} calls which we need to execute in all configurations,
and where checking the return value makes sense to detect memory bugs or
OOM situations.

R=ishell@chromium.org
CC=bikineev@chromium.org

Bug: v8:11879
Change-Id: I23e3a961f2f5a6893bceaa4fb75be61fe895d5f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059691
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76159}
2021-08-09 10:39:01 +00:00
Camillo Bruni
26285e2fa3 [modules] Update Module::Status enum to match spec
Change-Id: Ia324f486f138757017951c0d2b83502937b950d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075362
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76158}
2021-08-09 10:16:51 +00:00
Jakob Gruber
d3d10bc2e4 [compiler] Fix the gcc build
.. by removing the UNREACHABLE call.

Bug: v8:7790
Change-Id: Ib2f299df78ace89b17a6956da6018d108ff1a0ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074469
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76157}
2021-08-09 09:17:32 +00:00
Lu Yahan
601c2713df [liftoff][riscv64] Add explicit stack check for large frames
Port edc349dbf5
Port 593fbb69c4

Bug: v8:11235
Change-Id: I19dd21a14f6475b0cf212728c4124f3b8f6c9c3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3076770
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76156}
2021-08-09 09:01:31 +00:00
Leszek Swirski
f888f48e4c [api] Add API for off-thread code cache deserialization
To consume a code cache off-thread

  1. The embedder creates a CachedData object wrapping the data blob.
  2. The embedder calls ScriptCompiler::StartConsumingCodeCache with the
     CachedData, and receives a ScriptCompiler::CodeCacheConsumeTask
     which takes ownership of the CachedData.
  3. The embedder calls ScriptCompiler::CodeCacheConsumeTask::Run
     on a different thread.
  4. Once this completes, the embedded passes the completed task as an
     optional argument into Source constructor, and calls Compile as
     before.

This is roughly similar to how streaming compilation works, with the
QoL improvement that Source owns the CodeCacheConsumeTask and therefore
we can reuse the same Compile method and do the off-thread finalization
behind the scenes inside Compile.

On the v8::internal side, ScriptCompiler::CodeCacheConsumeTask wraps a
v8::internal::BackgroundDeserializeTask, which has a Run and a Finish
method. The Run creates a LocalIsolate (again, similar to
BackgroundCompileTask), calls some helpers on CodeSerializer, and stores
the pre-finalization result in a OffThreadDeserializeData structure.
This stores Persistent Handles to the off-thread initialized SFI and
a vector of Scripts needing fixing up, and it owns the PersistentHandles
object which owns those Handles. Finally, the Finish method consumes
this OffThreadDeserializeData structure, fixes up Scripts, moves the
SFI Handle into the caller HandleScope, and that's it.

Since we don't yet have the source at off-thread deserialization time,
the various code cache sanity checks are done without the source hash
when deserializing, and the Finish method re-does them now that the
source is available.

Bug: chromium:1075999
Change-Id: If1faf35ba3ef840fa4e735581d0b29c96c1d5fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067322
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76155}
2021-08-09 08:55:41 +00:00
Jakob Gruber
71986fef2f [compiler] Handle empty optional in ReadFeedbackForGlobalAccess
Alternatively, the CHECK and load could be removed.

Bug: v8:7790,chromium:1237309
Change-Id: I45b1495002a47f2f4ff2915c7997e34c79c1aed2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080561
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76154}
2021-08-09 08:49:11 +00:00
Jakob Gruber
5e90616319 [compiler] Verify FieldType objects are safe to read
.. in AccessInfoFactory. In order to be read safely, they must pass
the IsPendingAllocation predicate, called internally from TryMakeRef.

In a follow-up, DescriptorArrayRef methods should also be updated
similarly.

Bug: v8:7790,chromium:1236373
Change-Id: I96b59458033c327e3d2e01e8e4496e2c91609eb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080560
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76153}
2021-08-09 07:47:21 +00:00
Jakob Gruber
3f035df2bd [compiler] AssumeMemoryFence for a few refs
.. namely:

 AllocationSite::nested_site
 CodeHandlerInfo::data
 ScopeInfo::OuterScopeInfo

These are all immutable after initialization.

Bug: v8:7790,chromium:1237387
Change-Id: I73f1c366d9f4fa9ad721051dea668227ba987e63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080559
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76152}
2021-08-09 07:27:52 +00:00
QiuJi
5d18f75b7b [riscv64][codegen] Remove PrepareForTailCall
Port: ec7171608b
Bug: v8:11879
Change-Id: I1e2f1d712a14fee383227c5a2b479cf00dde9e9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062031
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76151}
2021-08-09 03:59:01 +00:00
v8-ci-autoroll-builder
a1a442c527 Update V8 DEPS.
Rolling v8/build: e69b289..1b13158

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0e3ad135baaac1da14a41595c4ae2b3b4cc68807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078875
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76150}
2021-08-09 03:47:31 +00:00
v8-ci-autoroll-builder
f07c6f415d Update V8 DEPS.
Rolling v8/build: db33878..e69b289

Rolling v8/third_party/aemu-linux-x64: SwiFc4HfyqrpEgrdH7vFxbez4XNv6ZZoVOjUMszAYo8C..zSIltuD7SHwbJrbeTyt6t1P_n6bQJXzs-YHXShrGDI8C

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Id26f091082bcf84fa1ba36d3eb538d5d8dc9b450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3079511
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76149}
2021-08-08 03:57:13 +00:00
v8-ci-autoroll-builder
dbb49ac1c1 Update V8 DEPS.
Rolling v8/build: 1ed6f53..db33878

Rolling v8/third_party/aemu-linux-x64: Nw0OOp4j9l4Sj0WpOmaRhNeJ137UfsLg0P1YrF8uzKwC..SwiFc4HfyqrpEgrdH7vFxbez4XNv6ZZoVOjUMszAYo8C

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e0d77d..c71b1c7

Rolling v8/third_party/depot_tools: bbf0599..e989bf9

Rolling v8/tools/luci-go: git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b..git_revision:e7749d37e8e52fd6eb9c79266a17d7fcb6f6ec04

Rolling v8/tools/luci-go: git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b..git_revision:e7749d37e8e52fd6eb9c79266a17d7fcb6f6ec04

Rolling v8/tools/luci-go: git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b..git_revision:e7749d37e8e52fd6eb9c79266a17d7fcb6f6ec04

TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ic61d8afe7af10676c065dd31f46142635b5491dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077358
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76148}
2021-08-07 03:49:09 +00:00
Frank Tang
3ff1904941 Fix bugs in DisplayNames v2
Bug: v8:12043
Change-Id: I0691387546ec82616bdf22d19c8a990c8164fca2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071915
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76147}
2021-08-06 21:37:39 +00:00
Clemens Backes
a910264a76 Revert "[wasm] Check correctness of thread-local write protection"
This reverts commit fee168ce06.

Reason for revert: The DCHECK fails when freeing code
(https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/38292/overview),
which means that the current code is not correct. The added DCHECK
makes the bots red though, so the state before this CL was still
better.

Original change's description:
> [wasm] Check correctness of thread-local write protection
>
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=​jkummerow@chromium.org
>
> Change-Id: I43fa886d9d0fdf0e1846137dc411745fcca471fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074477
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76134}

TBR=jkummerow@chromium.org

Change-Id: I5262b0e886f99a64452966345fc084a1ab750459
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078360
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76146}
2021-08-06 19:13:29 +00:00
Milad Fa
fe492561b1 S390 [liftoff]: Implement simd comparisons
Change-Id: I48effbb727b523ac1911584d3072c13671633046
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077623
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76145}
2021-08-06 18:44:39 +00:00
Victor Gomes
63be6dde31 [baseline] Update EstimateInstructionSize
Adds a minimum estimated size.

Data suggests that estimated instruction size (+ relocation info size)
is linear to bytecode array length. This CL adds a constant for this
equation. The ratio remains the same.

This is important, because we want to increase success rate of
estimation when compiling on-heap.

When off-heap, we round up the assembler buffer to 4kB, so this CL
will only impact JS functions with more than 585 bytecodes, i.e, the
new added constant will be negligible.

Note: Relocation info (for Sparkplug) is usually so small that it is
not useful to have a separate zone for this.

Bug: v8:11872
Change-Id: I789e72f80b970d1f541965e7ae808b61c8174326
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069155
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76144}
2021-08-06 17:40:26 +00:00
Clemens Backes
639e856310 [wasm] Disable MAP_JIT functionality on iOS
pthread_jit_write_protect* functions are only available on arm64 Mac,
not on iOS (which also sets V8_{TARGET_,}OS_MACOSX).
This CL refactors the logic to detect whether pthread_jit_write_protect
and MAP_JIT are available and defines a global preprocessor macro which
can subsequently be used instead of the existing complex condition.

R=jkummerow@chromium.org, mlippautz@chromium.org

Change-Id: I63894f42df35406d6eee90a4ce5070c2fde7b566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76143}
2021-08-06 17:30:47 +00:00
Clemens Backes
d3b5b63d0f [isolate] Increase allowed stack overflow for sanitizer builds
C++ frames can get quite big in sanitizer builds. In the linked bug it
was an ASan debug build, which overflowed the stack by more than 8kB
just from C++ frames (when entering the runtime, there was no overflow
yet).
Hence increase the allowed stack overflow a bit for sanitizer builds,
from 8kB to 32kB.

R=jkummerow@chromium.org

Bug: chromium:1236560
Change-Id: I119fdb859f7ab5e6a0a4174cf79f0a16baa39432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078359
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76142}
2021-08-06 17:18:31 +00:00
Thibaud Michaud
2656330f34 [wasm] Print hash of anonymous scripts in stack traces
So that it is possible to differentiate modules in the stack trace even
when they are anonymous.

R=kimanh@chromium.org

Bug: v8:11808
Change-Id: I12a1f07accdf62c404052f32624e9914381a7451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074472
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76141}
2021-08-06 17:14:55 +00:00
Junliang Yan
007aec55ee ppc: [liftoff] implement PrepareStackFrame
Change-Id: Iffed72ddf703ea868a959c15f65547c34f976200
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077060
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76140}
2021-08-06 17:09:25 +00:00
Jakob Kummerow
dcc6bd76a9 [bigint] Two more fixes for fast .toString()
Firstly, the fast path checking for applicability of the equality
"A/B = 0 with remainder A" must use the condition "A<B", not "A<=B".
Secondly, *all* early return paths must ensure that enough padding
'0' characters are written.

Fixed: chromium:1236694
Bug: v8:11515
Change-Id: I3fa7e17f5f3969ddbb5417b53abf3bff3fc1355b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075365
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76139}
2021-08-06 17:08:05 +00:00
Leszek Swirski
a12c6fa2ea Revert "[counters] Fix reentrant timers for V8.Execute"
This reverts commit fffcbaea55.

Reason for revert: Breaks in Chromium (e.g. https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29)

Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8:           |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback):    |-+...+-|    self-time: 2 units (ignored)
> 3. Re-enter V8:             |---|      self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
>   histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
>   This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
>   and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}

Bug: v8:11946
Change-Id: I954de1afbabf101fb5d4f52eca0d3b80a723385b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077153
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76138}
2021-08-06 14:31:44 +00:00
Rakhim Khismet
7810ce0468 [fuzzer][wasm] Add support for reftypes in test generator
We add support for struct and arraytypes in wasm-fuzzer-common.
Also, we add addStruct and addArray while generating tests.
Other OptRef types like eqref/anyref have been supported.
Adding struct and arraytypes in wasm-compile has been placed
at the beginning in order to generate them in addSignature.

Bug: v8:11954
Change-Id: Ibe468dd4df70ad40367196c88353b28b7654f086
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074463
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#76137}
2021-08-06 14:22:35 +00:00
Victor Gomes
9b19cc5ca2 [cleanup] Rename CompilerDispatcher
We would like to use the name CompilerDispatcher for dispatcher base
class to be used by Sparkplug and OptimizingCompileDispatcher.

Bug: v8:12054
Change-Id: Id69955101c1f46fc2f79b6f77b05c92ed8a31edb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077150
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76136}
2021-08-06 13:36:39 +00:00
Jakob Kummerow
d314be6730 [wasm-gc] Experiment: accept types with explicit inheritance
This patch makes V8 accept the binary format produced by Binaryen
after https://github.com/WebAssembly/binaryen/pull/3933 when the
--experimental-wasm-gc-experiments flag is present. The explicit
inheritance information is not used for anything. Validation is
performed only insofar as explicit supertypes must be valid types.

Bug: v8:7748
Change-Id: Id5b5050aa03591281632e3a2a161aa93422e10bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071406
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76135}
2021-08-06 13:35:37 +00:00
Clemens Backes
fee168ce06 [wasm] Check correctness of thread-local write protection
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.

This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.

R=jkummerow@chromium.org

Change-Id: I43fa886d9d0fdf0e1846137dc411745fcca471fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074477
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76134}
2021-08-06 13:34:34 +00:00
Santiago Aboy Solanes
4a7abdc32a [sab] Make TypedArraySlice FastCopy atomic for SABs
Bug: chromium:1237153
Change-Id: If3c17d46cf53ba73cd6c199703b2854eb55fb68d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077145
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76133}
2021-08-06 13:14:16 +00:00
Junliang Yan
674517a2cc ppc: [liftoff] Add cp to kLiftoffAssemblerGpCacheRegs list
Change-Id: Iec59381ae9111de130070197c26212a8f9c18159
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3076061
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76132}
2021-08-06 12:43:55 +00:00
Junliang Yan
06f7ed704a ppc: [liftoff] Fix AndU64 issue with signed value
Change-Id: Id8ac0df2ac107c1bfc68b852f47e5928b0fe098e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3076062
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76131}
2021-08-06 12:32:21 +00:00