Deprecates EmbedderHeapTracer::NumberOfWrappersToTrace and replaces it
with EmbedderHeapTracer::IsTracingDone.
V8 only really cares about the final state (emptiness) here and
embedders may choose implementations that have a hard time determinining
exact size for their work queues.
Bug: chromium:843903
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1e141c47771ef08aab7dbe204e8175cfee99cf92
Reviewed-on: https://chromium-review.googlesource.com/1127599
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54311}
This extends the current Promise Rejection Hook with two new events
kPromiseRejectAfterResolved
kPromiseResolveAfterResolved
which are used to detect (and signal) misuse of the Promise constructor.
Specifically the common bug like
new Promise((res, rej) => {
res(1);
throw new Error("something")
});
where the error is silently swallowed by the Promise constructor without
the user ever noticing can be caught via this hook.
Doc: https://goo.gl/2stLUY
Bug: v8:7919
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I890a7e766cdd1be88db94844fb744f72823dba33
Reviewed-on: https://chromium-review.googlesource.com/1126099
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54309}
- Refactors most of the logic into a helper CanonicalizeShuffle
overload that is more easily tested.
- Reorders these methods to be in the order they're used.
- Adds unit tests for this helper.
Bug: v8:6020
Change-Id: Ia7e08bd2ff3ae62b13c9283c6de04e0e1e85086b
Reviewed-on: https://chromium-review.googlesource.com/1118706
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54303}
Instead of creating a separate code object per exported function, we
can share the code per signature, and load the function index from the
{WasmExportedFunction} object which is being passed as an argument
anyway.
This greatly reduces instantiation time for modules with a lot of
exports.
As a next step, we could even share the code across instances, or (with
more work) across isolates.
R=mstarzinger@chromium.org
Bug: chromium:860491
Change-Id: I6438065b2de0df59dce980fb52408a0f475144b3
Reviewed-on: https://chromium-review.googlesource.com/1127660
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54299}
- Move the CompilationDependencies member of OptimizedCompilationInfo
to Turbofan's PipelineData (and thus into the compiler namespace).
- Move compilation-dependencies.{cc,h} to the compiler directory.
Bug: v8:7902
Change-Id: I5471d0923daf83abe975357325db5bc5ad0a8571
Reviewed-on: https://chromium-review.googlesource.com/1127793
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54295}
When calling an import which is an exported wasm function, the
interpreter needs to look through the jump table to find the
actual code object.
We already had that logic for indirect calls, but it was missing for
imported calls.
R=ahaas@chromium.org
Bug: chromium:860392
Change-Id: I6b5a0192f79c23cb1de55407fe93f6df9a17235a
Reviewed-on: https://chromium-review.googlesource.com/1127671
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54291}
This reverts commit f45045cca5.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [parser] Move some PPSD sanity checks to debug
>
> Move some of PreParsedScopeData's santity checks, such as the magic
> value separating skippable function data from scope data, to be debug
> only, to save memory.
>
> Start position of inner skippable functions is still kept, because it's
> too good at catching bugs, but we may want to remove it in the future
> as well.
>
> Bug: chromium:818642
> Change-Id: If86ff1b9845e8dd3b015b4e554d0033328b145bf
> Reviewed-on: https://chromium-review.googlesource.com/1127046
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54263}
TBR=marja@chromium.org,leszeks@chromium.org
Change-Id: I15ceedd66d9ecb66cf65f5834d09975b41d3ed27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1127859
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54290}
This CL implements Reduction and Lowering for the DataView Int32,
Uint32, Float32 and Float64 getters.
This makes DataView getters fully supported in TurboFan (except for
BigInts), and should bridge the performance gap with TypedArrays.
Change-Id: Ifa98df9cf13e44d6468ad9ec8a19c86b41c6d2b1
Reviewed-on: https://chromium-review.googlesource.com/1127360
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54288}
This CL surfaces AssemblerOptions to CodeAssembler::GenerateCode and
to pipeline methods. To allow forward declaring AssemblerOptions,
AssemblerBase::Options was moved out of the AssemblerBase class.
Bug: v8:6666
Change-Id: If9fc50d3d4767bb5dd39a0c3b6e094021f4cae2b
Reviewed-on: https://chromium-review.googlesource.com/1127039
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54286}
This is a reland of 4b9b9b6845, which
accidentally disabled optimization after dependency changes (instead
of retrying).
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> Reland "[turbofan] Rewrite CompilationDependencies"
>
> This is a reland of 52a10e5081, after
> eliminating an invalid assumption about maps.
>
> TBR=jarin@chromium.org
> TBR=mstarzinger@chromium.org
>
> Original change's description:
> > [turbofan] Rewrite CompilationDependencies
> >
> > Instead of installing code dependencies during graph reduction,
> > install them after code generation.
> >
> > Bug: v8:7902, v8:7790
> > Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> > Reviewed-on: https://chromium-review.googlesource.com/1119913
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54170}
>
> Bug: v8:7902, v8:7790
> Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
> Reviewed-on: https://chromium-review.googlesource.com/1126999
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54254}
Bug: v8:7902, v8:7790
Change-Id: I2b7a7d186e03990350e375470569177e3309683c
Reviewed-on: https://chromium-review.googlesource.com/1127579
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54280}
After liveedit removed - we do not need this context any more.
R=yangguo@chromium.orgTBR=clemensh@chromium.org
Bug: v8:5530
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idb43d016d51b8048f6cd2ca590fd7510abcacb49
Reviewed-on: https://chromium-review.googlesource.com/1106802
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54273}
* Rename BoilerplateDescription to ObjectBoilerplateDescription
* Add literal_type flag to ObjectBoilerplateDescription,
which is stored as zeroth element of Fixed array
* Create ArrayBoilerplateDescription with elements_kind and
constant_elements field
* Replace CompileTimeValue and ConstantElementPair with
ArrayBoilerplateDescription
* Kill ConstantElementPair and CompileTimeValue
Change-Id: Icb42dcfd575a27e2b64ffd5e2e61f9d703d5e986
Bug: v8:7787, chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1122411
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54272}
This CL adds a Reduction for the DataViewGetInt16 and -Uint16 builtins,
and the corresponding handling in LoadDataViewElement node in the
effect control linearizer.
It also adds tests for the new getters.
Change-Id: I5101755e47657c25f10be1417f105e3ae72a3c39
Reviewed-on: https://chromium-review.googlesource.com/1126919
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54271}
Replace CHECK with throwing exception when no or invalid arguments
are passed to async_hooks.createHook.
Bug: chromium:860481
Change-Id: Ie5a915ee66f2a0ff79c4df5aef94ff883866ecda
Reviewed-on: https://chromium-review.googlesource.com/1127054
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54264}
Move some of PreParsedScopeData's santity checks, such as the magic
value separating skippable function data from scope data, to be debug
only, to save memory.
Start position of inner skippable functions is still kept, because it's
too good at catching bugs, but we may want to remove it in the future
as well.
Bug: chromium:818642
Change-Id: If86ff1b9845e8dd3b015b4e554d0033328b145bf
Reviewed-on: https://chromium-review.googlesource.com/1127046
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54263}
The embedder should ultimately be responsible for handling this since they
anyway give us a copy of the data. They can easily make sure that the chunks we
get do not have lonely bytes.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie862107bbbdd00c4d904fbb457a206c2fd52e5d0
Reviewed-on: https://chromium-review.googlesource.com/1127044
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54262}
This introduces a second factory method for allocating new module
objects that are based on existing native modules which are potentially
shared between multiple Isolates.
R=clemensh@chromium.org
TEST=cctest/test-wasm-shared-engine
BUG=v8:7424
Change-Id: I8c74d821542d443a8ad2352cb77b84b445e21acb
Reviewed-on: https://chromium-review.googlesource.com/1126931
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54261}
Creates two different functions specialized for string and boolean
types.
Gets rid of several allocations and keeps the C++ <-> JS type
conversions to a minimum. Improves the API as we don't have to create
the fallback or V8 Strings unnecessarily.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I788e43e6ef23f3e9144ff719f01d6334fe6cb9ce
Reviewed-on: https://chromium-review.googlesource.com/1126750
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54259}
This is a reland of 52a10e5081, after
eliminating an invalid assumption about maps.
TBR=jarin@chromium.orgTBR=mstarzinger@chromium.org
Original change's description:
> [turbofan] Rewrite CompilationDependencies
>
> Instead of installing code dependencies during graph reduction,
> install them after code generation.
>
> Bug: v8:7902, v8:7790
> Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
> Reviewed-on: https://chromium-review.googlesource.com/1119913
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54170}
Bug: v8:7902, v8:7790
Change-Id: I9cbaf98980379b9b17464af5952ec0c47e1cdc6f
Reviewed-on: https://chromium-review.googlesource.com/1126999
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54254}
This is a first set of test cases for sharing an {WasmEngine} and the
contained {WasmCode} between multiple Isolates. Currently this can only
be done using internal API methods on the Isolate, an external API that
is usable by embedders does not exist yet.
R=clemensh@chromium.org
TEST=cctest/test-wasm-shared-engine
BUG=v8:7424
Change-Id: I35541a76b5aceec4519e3a46e6a9ef4d01cad22b
Reviewed-on: https://chromium-review.googlesource.com/1126382
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54248}
In the WebAssembly fuzzers we detect infinite loops with the
interpreter: if the interpreter does not finish after a finite number
of steps, we do not execute the compiled code. However, we cannot
redirect the start function to the interpreter in the fuzzer, and
therefore we cannot detect infinite loops in the start function. With
this CL we avoid the problem completely by not instantiating a module
in the fuzzer which has a start function. Note that the module still
gets compiled.
R=clemensh@chromium.org
Bug: chromium:858914
Change-Id: Icbbe9a003544918d5267cdd1d9405b21bb681133
Reviewed-on: https://chromium-review.googlesource.com/1126766
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54246}
Replace Is<oddball>(GetIsolate()) calls with a no-parameter version
that goes through ReadOnlyRoots, and add a version that takes a
ReadOnlyRoots if that is available in the parent (but Isolate isn't).
Also opportunistically clean up a few places where ReadOnlyRoots are
available but we still pass in an Isolate parameter.
TBR=yangguo@chromium.org
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icc0b8a7d8f9c6b84c0ec8fe771fcfb75c9dc5468
Reviewed-on: https://chromium-review.googlesource.com/1126302
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54245}
Now that ReadOnlyRoots is used everywhere to access the read-only roots,
this makes the Heap accessors for such roots private.
It also adds tests that the roots reachable from ReadOnlyRoots are all
in RO_SPACE as well as tests that the roots still publicly accessible
from Heap are not in RO_SPACE. There's a white list in the file for
the few roots where the root pointer itself can change. (For instance
materialized_objects points to empty_fixed_array to start with before
before later pointing to a mutable array).
Also fixes up new use of heap->empty_fixed_array() in elements.cc added
since I cleaned it up.
Bug: v8:7786
Change-Id: I9ac7985c9f85910b5b22d2f9f559dfd04d43ed44
Reviewed-on: https://chromium-review.googlesource.com/1126252
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54240}
Fixes V8 correctness failure when there's a proxy in the global object
prototype chain and unsuccessful attempt is made to access a property.
Bug: chromium:849024
Change-Id: I829e1a6c038982b7c7a77f8bdefb61facb4614f0
Reviewed-on: https://chromium-review.googlesource.com/1124446
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54237}
If the first object in the space already exceeds the target chunk size,
we would leave the first chunk empty. That violates some assumptions
later when we allocate for deserialization.
R=hpayer@chromium.org, jgruber@chromium.orgTBR=hpayer@chromium.org
Bug: v8:7887
Change-Id: Iee8147fe1205bb6b1c893d48acde1099b5032a14
Reviewed-on: https://chromium-review.googlesource.com/1126763
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54235}
This is just derived from is_wasm_memory.
Change-Id: I2f77fb5e32e325c51de9af4228ca33313c21abc6
Reviewed-on: https://chromium-review.googlesource.com/1126107
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54230}
Changes SharedFunctionInfo to store a function_token_offset, relative
to the start_position, instead of the full function_token_position.
This enables us to reduce both FunctionTokenPosition and
ExpectedNofProperties to 16 bits each, saving 32 bits per SFI.
BUG=chromium:818642,chromium:783853
TBR=yangguo@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I45aefcec605c1da502053c23c73564ceaed6c9b5
Reviewed-on: https://chromium-review.googlesource.com/1122982
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54220}
This reverts commit e438d5d4de.
Reason for revert: TSAN failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/21357
Original change's description:
> [heap] Make objects allocated in new_lo_space look like young generation objects.
>
> The scavenger still does not handle young generation large objects correctly.
> This will be added in a follow-up CL.
>
> Bug: chromium:852420
> Change-Id: I2587509d6e7f329aeff3db246d949bb30b3a91a5
> Reviewed-on: https://chromium-review.googlesource.com/1124477
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54197}
TBR=ulan@chromium.org,hpayer@chromium.org
Change-Id: Ief44cfd841278f2d53d51f3a21c03b70b8025a7a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1125979
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54205}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2f2c031c03d56d360ef940fc925e0583e6ae31dc
Reviewed-on: https://chromium-review.googlesource.com/1125720
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54202}
The scavenger still does not handle young generation large objects correctly.
This will be added in a follow-up CL.
Bug: chromium:852420
Change-Id: I2587509d6e7f329aeff3db246d949bb30b3a91a5
Reviewed-on: https://chromium-review.googlesource.com/1124477
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54197}
This is a reland of 8e0f67be3f
Previously landed as: 3c4d0316e4 / 1065818
Previously landed as: 8e0f67be3f / 1088890
Original change's description:
> [async] Expose async hooks to d8
>
> This implementation follows the Node.js API as a guideline.
Bug: chromium:850530
Change-Id: I8ba22b11c80328108b197d687826ce0198420c9c
Reviewed-on: https://chromium-review.googlesource.com/1125679
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54191}
This is a reland of 3dfaf8264f
Original change's description:
> [debug] liveedit in native
>
> Liveedit step-by-step:
> 1. calculate diff between old source and new source,
> 2. map function literals from old source to new source,
> 3. create new script for new_source,
> 4. mark literals with changed code as changed, all others as unchanged,
> 5. check that for changed literals there are no:
> - running generators in the heap,
> - non droppable frames (e.g. running generator) above them on stack.
> 6. mark the bottom most frame with changed function as scheduled for
> restart if any.
> 7. for unchanged functions:
> - deoptimize,
> - remove from cache,
> - update source positions,
> - move to new script,
> - reset feedback information and preparsed scope information if any,
> - replace any sfi in constant pool with changed one if any.
> 8. for changed functions:
> - deoptimize
> - remove from cache,
> - reset feedback information,
> - update all links from js functions to old shared with new one.
> 9. swap scripts.
>
> TBR=ulan@chromium.org
>
> Bug: v8:7862,v8:5713
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
> Reviewed-on: https://chromium-review.googlesource.com/1105493
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54146}
TBR=dgozman@chromium.org
Bug: v8:7862, v8:5713
Change-Id: I163ed2fd2ca3115ba0de74cb35a6fac9e40fdd94
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1124879
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54187}
We need to push the sign-extended constant instead of just the lower 32
bits. Otherwise, the callee might read stale data from the stack.
Bug: chromium:854011, v8:6600
R=ahaas@chromium.orgCC=rodolph.perfetta@arm.com
Change-Id: Iafcfd6ba9532771615b41215fb4d1a2b85ce5623
Reviewed-on: https://chromium-review.googlesource.com/1124683
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54185}
Moves STRUCT_LIST AND ALLOCATION_SITE_LIST into roots.h and adds access
to their associated maps using ReadOnlyRoots.
Also corrects the location of external_map, message_object_map,
empty_script, many_closures_cell, invalid_prototype_validity_cell and
builtins_constants_table which are not in RO_SPACE.
Finally this adds a convenience ReadOnlyRoots(Isolate*) constructor.
Bug: v8:7786
Change-Id: I4982dd0cbea2062a124605678599ba48831f020f
Reviewed-on: https://chromium-review.googlesource.com/1124319
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54178}
Tests cctest/test-run-wasm-simd/RunWasm_I16x8ConvertI32x4_turbofan
and cctest/test-run-wasm-simd/RunWasm_I8x16ConvertI16x8_simd_lowered
will be skipped for big endian until implementation for big endian is
done correctly.
Change-Id: Ia6253070ede207f437e4b710a656bce8d65e412e
Reviewed-on: https://chromium-review.googlesource.com/1113307
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54176}
This CL adds a regression test that will check that the elements
pointer is properly reloaded after the JavaScript comparison
function is called during Array.p.sort.
R=jgruber@chromium.org
Bug: chromium:859809
Change-Id: I15f55fcc1906bd8d0751596e5457367a643b92da
Reviewed-on: https://chromium-review.googlesource.com/1124475
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54174}
Instead of installing code dependencies during graph reduction,
install them after code generation.
Bug: v8:7902, v8:7790
Change-Id: I8a3798254abb5b9ec7c295a1592aeb6b51f24c7a
Reviewed-on: https://chromium-review.googlesource.com/1119913
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54170}
Variables/return values with constexpr type cannot have multiple
assignments. We check this now.
For conditionals, it is important to always infer a non-constexpr type.
This CL adds the ability to map any type (including union types) to be
mapped to their non-constexpr variant. Conditionals infer their type as
the non-constexpr version of a combination of the two branch types.
In addition, this improves subtyping for constexpr types:
If A extends B, then constexpr A extends constexpr B.
This makes it necessary to clean up "constexpr String", which has nothing
to do with tagged values.
Bug: v8:7793
Change-Id: Ia4d3cd5dc98f45b0ec89adf05c5c6111a0e51cc6
Reviewed-on: https://chromium-review.googlesource.com/1122864
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54167}
This CL is a manual revert of the Array.p.sort Torque QuickSort
implementation.
The plan is to ship TimSort in either Chromium 69 or 70 and not ship
Torque-QuickSort at all (to keep disruption to a minimum). For this
reason we revert back to the implementation in array.js.
R=jgruber@chromium.org
Bug: chromium:859809, v8:7382
Change-Id: I92eb70408883f51d98311e78642f554316bc1e76
Reviewed-on: https://chromium-review.googlesource.com/1124334
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54166}
The current output of release builds is not very helpful, as it does
not contain the line number, nor the values of {expect_exception} or
{i_isolate->has_pending_exception()}.
R=ahaas@chromium.org
Bug: chromium:854011
Change-Id: I0bc1b8be6151d5420310eb67b2ebd0dc866fc9a6
Reviewed-on: https://chromium-review.googlesource.com/1122869
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54164}
This CL adds a comparison for the performance of getting and setting
float32 and float64 values with DataViews and with TypedArrays.
Since TypedArrays do not specify endianness, we can't compare
performance across both possible endiannesses, but this is better
than no comparison at all.
Change-Id: Iea54b942c0bb8168e9d8002d94e2bb9bc6566331
Reviewed-on: https://chromium-review.googlesource.com/1120250
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54158}
This CL adds code to inline the Int8 and Uint8 getters for DataView
objects in TurboFan in js-call-reducer.cc, as well as a new test file.
It already improves execution speed compared to the Torque baseline
implementation, and implements most of the architecture needed
for inlining the other DataView getters and setters as well.
Change-Id: I0e62b98fd6ec995f7db5ec42ea1eff1f03572f97
Reviewed-on: https://chromium-review.googlesource.com/1119909
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54157}
This CL replaces most uses of the V8_EMBEDDED_BUILTIN define
by a new read-only runtime flag called FLAG_embedded_builtins.
The flag is true iff V8_EMBEDDED_BUILTINS is defined.
Bug: v8:6666
Change-Id: Ifcc909dc9b028a2c967f8a0e45029df5e71072df
Reviewed-on: https://chromium-review.googlesource.com/1122401
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54156}
This reverts commit 3dfaf8264f.
Reason for revert: Failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20gcc%204.8/20394
Original change's description:
> [debug] liveedit in native
>
> Liveedit step-by-step:
> 1. calculate diff between old source and new source,
> 2. map function literals from old source to new source,
> 3. create new script for new_source,
> 4. mark literals with changed code as changed, all others as unchanged,
> 5. check that for changed literals there are no:
> - running generators in the heap,
> - non droppable frames (e.g. running generator) above them on stack.
> 6. mark the bottom most frame with changed function as scheduled for
> restart if any.
> 7. for unchanged functions:
> - deoptimize,
> - remove from cache,
> - update source positions,
> - move to new script,
> - reset feedback information and preparsed scope information if any,
> - replace any sfi in constant pool with changed one if any.
> 8. for changed functions:
> - deoptimize
> - remove from cache,
> - reset feedback information,
> - update all links from js functions to old shared with new one.
> 9. swap scripts.
>
> TBR=ulan@chromium.org
>
> Bug: v8:7862,v8:5713
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
> Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
> Reviewed-on: https://chromium-review.googlesource.com/1105493
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54146}
TBR=dgozman@chromium.org,ulan@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org
Change-Id: I45df5b6f3abaf29e593c6ac11edefbd0177d0109
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7862, v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/1124159
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54151}
This CL changes the NumberDictionary fast-path for Array.p.sort to
throw a TypeError when trying to write to a read-only property.
Previously, the fast-path simply bailed to the slow-path which could
swallow the TypeError by accident. I.e. because the fast-path could
leave the array in an inconsistent state that is already sorted.
Example:
let arr = new Array(10);
Object.defineProperty(arr, 0, {value: 2, writable: false});
Object.defineProperty(arr, 2, {value: 1, writable: false});
arr.sort();
The pre-processing step will move the value 1 to index 1: {0: 2, 1: 1}
When trying to swap those 2 values, the fast-path will write the 2 at
index 1, then try to write the 1 at index 0 and fail, bailing to the
slow-path. As the array looks like {0: 2, 1: 2} its already sorted
and the TypeError will not be thrown.
R=jgruber@chromium.org
Bug: v8:7382, v8:7907
Change-Id: I5d2f2d73478fdca066ce1048dcb2b8301751cb1f
Reviewed-on: https://chromium-review.googlesource.com/1122120
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54150}
For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.
Bug: chromium:856095
Change-Id: I0227f4ccbc6c61c8f5f7669a266ef7a64c6a9a43
Reviewed-on: https://chromium-review.googlesource.com/1117922
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54149}
Liveedit step-by-step:
1. calculate diff between old source and new source,
2. map function literals from old source to new source,
3. create new script for new_source,
4. mark literals with changed code as changed, all others as unchanged,
5. check that for changed literals there are no:
- running generators in the heap,
- non droppable frames (e.g. running generator) above them on stack.
6. mark the bottom most frame with changed function as scheduled for
restart if any.
7. for unchanged functions:
- deoptimize,
- remove from cache,
- update source positions,
- move to new script,
- reset feedback information and preparsed scope information if any,
- replace any sfi in constant pool with changed one if any.
8. for changed functions:
- deoptimize
- remove from cache,
- reset feedback information,
- update all links from js functions to old shared with new one.
9. swap scripts.
TBR=ulan@chromium.org
Bug: v8:7862,v8:5713
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I8f6f6156318cc82d6f36d7ebc1c9f7d5f3aa1461
Reviewed-on: https://chromium-review.googlesource.com/1105493
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54146}
Currently we rely on tasks to invoke the second pass phantom callbacks.
This may accumulate phantom callbacks and make GCs ineffective if we
do not enter the message loop to run the tasks between the GCs.
Bug: v8:7912
Change-Id: I799c97ff99ed6967480bda24ea0bf1c6a7dd69be
Reviewed-on: https://chromium-review.googlesource.com/1122621
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54144}
Adds Intl::IsObjectOfType method to do type checks. This will make it
easier to port the methods using the runtime type check calls as we
won't have to create a v8::string for type checks.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0babdc8709564be693ce808e2ef3ffef7b24ceec
Reviewed-on: https://chromium-review.googlesource.com/1121943
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54143}
This correctly serializes {RelocInfo::INTERNAL_REFERENCE} addresses in a
position-independent form, so that they can be properly relocated when
the code is deserialized again. We store the offset within the code in
the serialized stream.
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: Ie8c84ee67bdfc17a65faa159a21cc1f2a78ac924
Reviewed-on: https://chromium-review.googlesource.com/1122414
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54140}
Pass Isolate to ConsumedPreParsedScopeData::SetData (guaranteed to be
called on main thread) and use it to create the handle in
ConsumedPreParsedScopeData::GetDataForSkippableFunction, rather than
calling GetIsolate.
Bug: v8:7786
Change-Id: Ibd632bb57f35a921f37c620d77dd6dfdb1f092c6
Reviewed-on: https://chromium-review.googlesource.com/1088703
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54138}
When parsing a numeric literal in a line like "a=0x0e+b|0;",
currently the scanner consumes the "e+" part (as it thinks
it's the start of an exponent).
In the ECMAScript lexical grammar HexIntegerLiteral cannot
contain exponents, which means the '+' character should be
parsed as a binary operator.
R=bradnelson@chromium.org
BUG=v8:7893
Change-Id: I97a0d4ea2ee1d38a3462efbfaef5eb87b8ea704b
Reviewed-on: https://chromium-review.googlesource.com/1116551
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54132}
This makes sure the reverse tag translation of direct call targets to
respective call tags is properly performed. Otherwise all direct call
end up being deserialized to call the function with index '0'. Ooops!
R=clemensh@chromium.org
TEST=mjsunit/wasm/compiled-module-serialization
BUG=chromium:857049
Change-Id: I37c1ee72b000daec87efdeed08d60a067b1a1b0c
Reviewed-on: https://chromium-review.googlesource.com/1120256
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54124}
Provide a more complete BigInt API.
Bug: v8:7712
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic8562d616f3125deabdf8b52c7019b191bef0e07
Reviewed-on: https://chromium-review.googlesource.com/1101198
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54122}
Adds the builtin Trace and IsTraceCategoryEnabled functions
exposed via extra bindings. These are intended to use by
embedders to allow basic trace event support from JavaScript.
```js
isTraceCategoryEnabled('v8.some-category')
trace('e'.charCodeAt(0), 'v8.some-category',
'Foo', 0, { abc: 'xyz'})
```
Bug: v8:7851
Change-Id: I7bfb9bb059efdf87d92a56a0aae326650730c250
Reviewed-on: https://chromium-review.googlesource.com/1103294
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Fadi Meawad <fmeawad@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54121}
This CL adds simd select, addHoriz, shuffle, anyTrue and all true to the
interpreter. It also gets rid of SIMD_COMPILED_AND_LOWERED_TEST and
SIMD_COMPILED_TEST macros.
R=gdeepti@chromium.org
BUG=v8:6020
Change-Id: I44abbcaddc3223a95c79ccc65ae9c6bf1a911c5d
Reviewed-on: https://chromium-review.googlesource.com/1119258
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54116}
This CL fixes the NumberDictionary fast-path in Array.p.sort, when
storing to a read-only property that was never read from.
R=jgruber@chromium.org
Bug: v8:7907
Change-Id: I2b772fb5b1619a94a7d239ba4417ecb7902a167c
Reviewed-on: https://chromium-review.googlesource.com/1119910
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54109}
Just a refactoring to make clear that we are talking about function
names. Note that there are also names for locals inside functions,
which we currently don't use.
Drive-by: Remove style-guide violation by {WasmModule::names_} field.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I9c47ea01893f128e1716be01032adfaf006ae28a
Reviewed-on: https://chromium-review.googlesource.com/1118271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54105}
Commit edec05ea73
Usage of Print function was not consistent with it's signature,
which caused failures in compilation.
Original commit message:
`All Object::Print functions now take an Isolate* parameter. Various
XX::XXPrint functions now take an Isolate if it's needed rather than
calling GetIsolate(). Such method use DECL_PRINTER_WITH_ISOLATE rather
than DECL_PRINTER.
The _v8_internal_Print_ function (intended for use in gdb) now uses
Isolate::Current() to get hold of an Isolate.
Reduces the GetIsolate and GetHeap count by 9 and 5 respectively.
Also removes unneeded gdb/lldb macros (along with their support
functions), jfv, jfm, jda and jta, since job does the same thing.`
Cr-Original-Commit-Position: refs/heads/master@{#54029}
Change-Id: I5d4eb974340159ae91a50c1c2272ab195fc514ea
Reviewed-on: https://chromium-review.googlesource.com/1116965
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#54103}
- Adds some unit tests for InstructionSelector::TryMatch* methods.
- Adds a TryMatchIdentity method. We should detect identity shuffles
and emit no code in that case.
Bug: v8:6020
Change-Id: I5dea84738bf87db7112eb7d19f91b1e6b20811c7
Reviewed-on: https://chromium-review.googlesource.com/1116058
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54097}
When storing an indexed property in a typed array, it's necessary to
convert the value to a Number (or to a Bigint) before performing the
bounds check, per
https://tc39.github.io/ecma262/#sec-integerindexedelementset.
This CL adds appropriate type conversions in
Object::SetPropertyInternal (which technically is reached after the
bounds check has already occurred, but this isn't observable yet ---
In the future, once OOB accesses on TypedArrays actually throw, this
will need to be refactored again), and in StoreFastElementStub, and
ElementsTransitionAndStoreStub (via CSA::EmitElementStore).
The change was not necessary in TurboFan, as
JSNativeContextSpecialization already performs the value conversion
before the boundscheck.
The result is some fixed test262 tests, and some new test coverage
for this behaviour in mjsunit.
BUG=v8:7896, v8:5327
R=neis@chromium.org, jkummerow@chromium.org, gsathya@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ibe6bec24c72ef6a4fd3e77d5bcafa03737f4c5e3
Reviewed-on: https://chromium-review.googlesource.com/1117372
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54096}
Supporting postMessage from WebAssembly.Module requires implementing
some logic in the ValueSerializer and ValueDeserializer delegates. This
change implements some simple logic for d8.
This change also fixes a DCHECK that occurs when sending a shared
WebAssembly.Memory object to two Workers.
Bug: chromium:857049
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idddb23a48175c7175967af3fbc03d8572452a069
Reviewed-on: https://chromium-review.googlesource.com/1117871
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54093}
Another pair of {std::unique_ptr} and {size_t} that can be stored as
one {OwnedVector}, which allows to pass it as one thing.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: Ideac0dbd390ba8147b6620daa86f0d3da6c3b609
Reviewed-on: https://chromium-review.googlesource.com/1118236
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54091}
Instead of storing both the {NativeModule} and the {WasmModule} in a
{Managed} object, just store the {WasmModule} in the {NativeModule}
directly. This fixes crashes that happen if the {Managed<WasmModule>}
dies before the {Managed<NativeModule>}.
R=mstarzinger@chromium.org
Bug: chromium:854794, v8:7879, v8:7889
Change-Id: I6b11729943fe7a03d225138782655ee5dafd26a6
Reviewed-on: https://chromium-review.googlesource.com/1118171
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54090}
This CL adds the newline character as a valid character
in Torque strings.
You can now write Print('Hello, World!\n') in Torque and it works!
Change-Id: I2a1f87cfef492fedd3d24086e226d3ebaf882115
Reviewed-on: https://chromium-review.googlesource.com/1118229
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#54089}
When run locally, one times out and the other runs out of stack space.
R=sigurds@chromium.org
Change-Id: I7cc1aa9bb0857f12ac46baf80de18a2c5175b8b9
Reviewed-on: https://chromium-review.googlesource.com/1118231
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54087}
This CL removes the friendship between {NativeModule} and
{NativeModuleSerializer}/{NativeModuleDeserializer}.
Instead, it adds a new public method ({AddDeserializedCode}) which is
being called from the deserializer.
Drive-by: Unify the argument order to {AddCode}, {AddOwnedCode} and
{WasmCode}.
R=mstarzinger@chromium.org
Bug: chromium:856938
Change-Id: I88943c90c45650e21ae6bc17395a17f86319c046
Reviewed-on: https://chromium-review.googlesource.com/1117075
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54084}
This reverts commit fdf69d53b6.
Reason for revert: Speculative revert for broken GPU bots:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29/1638https://ci.chromium.org/p/v8/builders/luci.v8.ci/Mac%20V8%20FYI%20Release%20%28Intel%29/1624
Original change's description:
> [heap] Adds a young generation large object space
>
> This CL adds the young generation lage object spaces and a flag
> --young-generation-large-objects that by default allocates all
> large objects in this space. This is a preparation CL. The space
> is not fully functional.
>
> Bug: chromium:852420
> Change-Id: Ib66d26fa52cda89bf04787084826aeb84b6ec1ac
> Reviewed-on: https://chromium-review.googlesource.com/1099164
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54056}
TBR=ulan@chromium.org,yangguo@chromium.org,hpayer@chromium.org
Change-Id: I175514f806a19c7837022795210625ca40e3c318
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1118038
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54072}
This is required for jumbo builds to work before the stable jumbo chunk
algorithm[*] can reland.
[*] https://chromium-review.googlesource.com/c/chromium/src/+/1102218
Bug: chromium:856964, chromium:782863
Change-Id: Ibbe0994980eb554acd4e1557e733d07526a90608
Reviewed-on: https://chromium-review.googlesource.com/1117059
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#54070}
This fixes include violations where normal "foo.h" headers included
inline "bar-inl.h" headers. It also removes two (almost) dead methods.
R=clemensh@chromium.org
BUG=v8:7754
Change-Id: I11c6ce71650db22f3c1d7cf5ca50529c94b94839
Reviewed-on: https://chromium-review.googlesource.com/1117076
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54060}
This CL adds the young generation lage object spaces and a flag
--young-generation-large-objects that by default allocates all
large objects in this space. This is a preparation CL. The space
is not fully functional.
Bug: chromium:852420
Change-Id: Ib66d26fa52cda89bf04787084826aeb84b6ec1ac
Reviewed-on: https://chromium-review.googlesource.com/1099164
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54056}
Rolling v8/third_party/icu: f61e46d..172d331
This also disables the test that is broken by this roll.
TBR=gsathya@chromium.org
Bug: chromium:856119
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If400b5b388b683d6e2d013673b53ca0c1b7572ce
Reviewed-on: https://chromium-review.googlesource.com/1116794
Commit-Queue: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54055}
We currently store the protected instructions per code object in a
{std::unique_ptr<std::vector<ProtectedInstructionData>>}. This wastes
memory, because it requires two heap allocations, plus the vector might
over-allocate (and it currently does, because it is filled dynamically
during compilation).
This CL changes that to store the protected instructions in an
{OwnedVector}. This requires one copy after generating the list of
{ProtectedInstructionData} in an {std::vector} during compilation, but
saves memory afterwards.
R=mstarzinger@chromium.org
Bug: chromium:856938
Change-Id: Ie290a17dc32f27fbbfe0c000a52297181c954550
Reviewed-on: https://chromium-review.googlesource.com/1116701
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54052}
{PrintCollection} can print any collection which is iterable via a
standard for-each loop in C++. The output format of {4, 7, 11} is:
[4, 7, 11]
This helper avoids a few repetitions of manually outputting such
collections.
R=titzer@chromium.org
Bug: v8:7754
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Iaa91e5465968a029815b3aa2b35948f711956cdb
Reviewed-on: https://chromium-review.googlesource.com/1112005
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54048}
Instead of just discarding the expression classifier after parsing an after
parsing an arrow function, accumulate the async arrow formal parameters errors
BUG=v8:7817
R=gsathya@chromium.org, littledan@chromium.org, marja@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0a84a25d7d42f89200b6fbf05eab3d39ab51fb10
Reviewed-on: https://chromium-review.googlesource.com/1113622
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#54034}
All Object::Print functions now take an Isolate* parameter. Various
XX::XXPrint functions now take an Isolate if it's needed rather than
calling GetIsolate(). Such method use DECL_PRINTER_WITH_ISOLATE rather
than DECL_PRINTER.
The _v8_internal_Print_ function (intended for use in gdb) now uses
Isolate::Current() to get hold of an Isolate.
Reduces the GetIsolate and GetHeap count by 9 and 5 respectively.
Also removes unneeded gdb/lldb macros (along with their support
functions), jfv, jfm, jda and jta, since job does the same thing.
Bug: v8:7786
Change-Id: Ib93ebca6ca47c4db9c85cc6d9ff8004da5942dec
Reviewed-on: https://chromium-review.googlesource.com/1112001
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54029}
This is a reland of f0bcbc90c1.
A few casts were still wrong.
Original change's description:
> Reland "Introduce MutableHeapNumber class."
>
> This is a reland of 40ac6b187a, which
> was incorrect due to a bad merge.
>
> Original change's description:
> > Introduce MutableHeapNumber class.
> >
> > V8 knows heap numbers and mutable heap numbers. They have
> > difference instance types, but in C++ code we've used the
> > same class for both (HeapNumber). Confusingly, however,
> > IsHeapNumber would return false for mutable heap numbers,
> > while HeapNumber::cast would succeed.
> >
> > This CL adds a separate class MutableHeapNumber and
> > eliminates the confusing behavior.
> >
[...]
> TBR=bmeurer@chromium.org
> TBR=ulan@chromium.org
>
> Change-Id: I3af1014c949821dfac0754a3e48c65ce1bad1ad1
> Reviewed-on: https://chromium-review.googlesource.com/1114539
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54022}
Change-Id: I19a33da4b6abcd445b528a84d4f56ba1964d337b
Reviewed-on: https://chromium-review.googlesource.com/1114100
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54027}
Remove the one-argument Handle constructor and "handle" factory method,
replacing them with Isolates where available and GetIsolate() methods
otherwise.
TBR=verwaest@chromium.org
Bug: v8:7786
Change-Id: I8ee92ef727c05382c984a3e4c290198d0b312619
Reviewed-on: https://chromium-review.googlesource.com/1113542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54025}
This reverts commit f0bcbc90c1.
Reason for revert: Still failing bots.
Original change's description:
> Reland "Introduce MutableHeapNumber class."
>
> This is a reland of 40ac6b187a, which
> was incorrect due to a bad merge.
>
> Original change's description:
> > Introduce MutableHeapNumber class.
> >
> > V8 knows heap numbers and mutable heap numbers. They have
> > difference instance types, but in C++ code we've used the
> > same class for both (HeapNumber). Confusingly, however,
> > IsHeapNumber would return false for mutable heap numbers,
> > while HeapNumber::cast would succeed.
> >
> > This CL adds a separate class MutableHeapNumber and
> > eliminates the confusing behavior.
> >
> > TBR=bmeurer@chromium.org
> >
> > Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
> > Reviewed-on: https://chromium-review.googlesource.com/1113544
> > Commit-Queue: Georg Neis <neis@chromium.org>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54012}
>
> TBR=bmeurer@chromium.org
> TBR=ulanchromium.org
>
> Change-Id: I3af1014c949821dfac0754a3e48c65ce1bad1ad1
> Reviewed-on: https://chromium-review.googlesource.com/1114539
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54022}
TBR=ulan@chromium.org,jarin@chromium.org,neis@chromium.org,bmeurer@chromium.org
Change-Id: I99c226e95dfb0b913903cc83193f6e51de8c1b47
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1114099
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54024}
This is a reland of 40ac6b187a, which
was incorrect due to a bad merge.
Original change's description:
> Introduce MutableHeapNumber class.
>
> V8 knows heap numbers and mutable heap numbers. They have
> difference instance types, but in C++ code we've used the
> same class for both (HeapNumber). Confusingly, however,
> IsHeapNumber would return false for mutable heap numbers,
> while HeapNumber::cast would succeed.
>
> This CL adds a separate class MutableHeapNumber and
> eliminates the confusing behavior.
>
> TBR=bmeurer@chromium.org
>
> Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
> Reviewed-on: https://chromium-review.googlesource.com/1113544
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54012}
TBR=bmeurer@chromium.org
TBR=ulanchromium.org
Change-Id: I3af1014c949821dfac0754a3e48c65ce1bad1ad1
Reviewed-on: https://chromium-review.googlesource.com/1114539
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54022}
Change the ScriptIterator to:
a) construct its script list handle using the given isolate, and
b) take the Script (which it doesn't store) by pointer instead of
by Handle, to avoid callers needing to allocate a handle.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I72c1ee13f1b72fe962f4b1bccba69ae4e97088a7
Reviewed-on: https://chromium-review.googlesource.com/1113316
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54018}
The option to "enable serialization" actually only enables the
roots-relative register addressing. In the spirit of expressing specific
behaviors rather than isolate-wide modes, rename this flag to what
it actually does.
R=bmeurer@chromium.org
Change-Id: Iacbad8064c8f38b364db2a0bdd0e83ef4a265867
Reviewed-on: https://chromium-review.googlesource.com/1113742
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54016}
This reverts commit 40ac6b187a.
Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/21009
Original change's description:
> Introduce MutableHeapNumber class.
>
> V8 knows heap numbers and mutable heap numbers. They have
> difference instance types, but in C++ code we've used the
> same class for both (HeapNumber). Confusingly, however,
> IsHeapNumber would return false for mutable heap numbers,
> while HeapNumber::cast would succeed.
>
> This CL adds a separate class MutableHeapNumber and
> eliminates the confusing behavior.
>
> TBR=bmeurer@chromium.org
>
> Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
> Reviewed-on: https://chromium-review.googlesource.com/1113544
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54012}
TBR=ulan@chromium.org,jarin@chromium.org,neis@chromium.org,bmeurer@chromium.org
Change-Id: I358a822f20b9110def968e69463a753a2a32c68c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1114538
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54013}
V8 knows heap numbers and mutable heap numbers. They have
difference instance types, but in C++ code we've used the
same class for both (HeapNumber). Confusingly, however,
IsHeapNumber would return false for mutable heap numbers,
while HeapNumber::cast would succeed.
This CL adds a separate class MutableHeapNumber and
eliminates the confusing behavior.
TBR=bmeurer@chromium.org
Change-Id: Id894d177c7fe8cc3f451be80c273b50daee91378
Reviewed-on: https://chromium-review.googlesource.com/1113544
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54012}
Previously the KeyAccumulator incorrectly reused the filter properties when
collecting the keys of a proxy target. This led to incorect behavior where for
instance non-enumerable properties were filtered too early.
Bug: v8:7818
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I9b43b65be168ef0975fea9245d433a54338d228e
Reviewed-on: https://chromium-review.googlesource.com/1113743
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54008}
This CL adds a fast path for DataView getters and setters when the
load or store to be performed is aligned and when the requested
endianness matches the platform endianness.
In that case, we can just emit the right load/store instruction
instead of having to read and write data byte by byte.
Change-Id: I10bd95a7fe8d23f695899eb8173bc654fb38fbb0
Reviewed-on: https://chromium-review.googlesource.com/1106168
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54005}
The upstream test suite for Unicode property escapes [1] is exhaustive
and is updated soon after every new release of the Unicode Standard.
It is then upstreamed into Test262.
This patch simplifies our own Script_Extensions tests and the script
used to generate them. Now, only a few code points are tested for each
Script_Extension. This avoids unnecessary friction every time ICU
is updated based on a new Unicode version.
[1] https://github.com/mathiasbynens/unicode-property-escapes-tests
[2] https://github.com/tc39/test262/tree/master/test/built-ins/RegExp/property-escapes
Bug: chromium:850334, v8:7825
Change-Id: I792d6848ef48b41ea5e9db18b777040d019822f3
Reviewed-on: https://chromium-review.googlesource.com/1112250
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54003}
Unittests may take compilation dependencies without committing them,
because no code object is ever created. This CL ensures that after each
unittest, all uncommitted dependencies are discarded. Without this,
the compilation dependencies leaks pointers to already freed C++ objects
between test-cases, which are then accessed after free if a unittest
invalidates the corresponding compilation dependency.
Bug: v8:851886
Change-Id: I55d989c42d45f5d713613bc1d3f86e00bd1b8d21
Reviewed-on: https://chromium-review.googlesource.com/1113313
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53998}
This reverts commit aafd5c52ab.
Reason for revert: Tentative revert for
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64/24825https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20msvc/3242
Original change's description:
> [parser][log] Log script id during background compilation
>
> - Add separate script-create, script-reserve-id and script-details log events
> - Add log events for CompilationCache hits and puts
> - Simplify function event logging by only pass along the script id
> - Explicitly create Scripts in parse-processor.js on script events only
> - Create a temporary script id in the ParseInfo for use during background
> parsing and compilation
> - Clean up ParseInfo initialization to centralize creation and use of
> script ids
> - Allow creating Scripts with predefined script ids
>
> Bug: chromium:757467, chromium:850038
> Change-Id: I02dfd1d5725795b9fe0ea94ef57b287b934a1efe
> Reviewed-on: https://chromium-review.googlesource.com/1097131
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53978}
TBR=ulan@chromium.org,cbruni@chromium.org,gsathya@chromium.org,leszeks@chromium.org
Change-Id: I629f72f51d5e086e2b54658c1fdd18cec268aab2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:757467, chromium:850038
Reviewed-on: https://chromium-review.googlesource.com/1112538
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53984}
This is a reland of ada648006b, fixed
for 32 bit architectures (register pairs).
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: Ibc8801737e9604a8490382c569b0378585625376
Reviewed-on: https://chromium-review.googlesource.com/1112238
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53981}
It looks like we do not need live_edit flag.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7862
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b635f7d24138894b7a0f94fc90293d50e40f22c
Reviewed-on: https://chromium-review.googlesource.com/1108386
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53980}
This reverts commit ada648006b.
Reason for revert: Failure with slow dchecks: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux%20-%20debug/20982
Original change's description:
> [Liftoff] Fix register use count
>
> In {SetLocalFromStackSlot}, we decrement the use count of the register
> in the target slot without updating this slot, and then call
> {GetUnusedRegister}. At that point, the register use counts do not
> match the cache state, which leads to errors later on.
> This CL fixes this by marking the target slot as a stack slot after
> reducing the register use count.
>
> It also adds a Validation which helped to find that error and will
> catch similar errors earlier.
>
> R=titzer@chromium.org
>
> Bug: chromium:854050, v8:6600
> Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
> Reviewed-on: https://chromium-review.googlesource.com/1111958
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53976}
TBR=titzer@chromium.org,clemensh@chromium.org
Change-Id: I5b8d8d405dcd7f82ee431cba290419425b9859a1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:854050, v8:6600
Reviewed-on: https://chromium-review.googlesource.com/1112277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53979}
- Add separate script-create, script-reserve-id and script-details log events
- Add log events for CompilationCache hits and puts
- Simplify function event logging by only pass along the script id
- Explicitly create Scripts in parse-processor.js on script events only
- Create a temporary script id in the ParseInfo for use during background
parsing and compilation
- Clean up ParseInfo initialization to centralize creation and use of
script ids
- Allow creating Scripts with predefined script ids
Bug: chromium:757467, chromium:850038
Change-Id: I02dfd1d5725795b9fe0ea94ef57b287b934a1efe
Reviewed-on: https://chromium-review.googlesource.com/1097131
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53978}
The wire bytes are currently stored as {SeqOneByteString} on the JS
heap. In order to make the {NativeModule} isolate independent, and to
ensure fast access to the wire bytes, they should move to the native
heap.
R=titzer@chromium.org
Bug: chromium:854794, v8:7868, v8:7424
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I36811ec87f780c5b1f6863cd6de89a165aa0b7d5
Reviewed-on: https://chromium-review.googlesource.com/1108208
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53977}
In {SetLocalFromStackSlot}, we decrement the use count of the register
in the target slot without updating this slot, and then call
{GetUnusedRegister}. At that point, the register use counts do not
match the cache state, which leads to errors later on.
This CL fixes this by marking the target slot as a stack slot after
reducing the register use count.
It also adds a Validation which helped to find that error and will
catch similar errors earlier.
R=titzer@chromium.org
Bug: chromium:854050, v8:6600
Change-Id: I74d3a5aa947ec4247d7b4557567f642bf4082316
Reviewed-on: https://chromium-review.googlesource.com/1111958
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53976}
Cleanup decoding of flags so that invalid flags for sections other than
memory are caught correctly.
Bug: chromium:853453
Change-Id: Ia347d5f7672eee93ca3f6a743f06fba629f55cb5
Reviewed-on: https://chromium-review.googlesource.com/1104976
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53972}
This changes the WebAssembly pipeline to no longer expect source
position tables for {WasmCode} to be allocated on the GC'ed heap.
R=clemensh@chromium.org
BUG=v8:7721
Change-Id: Ib2c6e3d0840e47b83809f60519c0d1b94af186af
Reviewed-on: https://chromium-review.googlesource.com/1109686
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53961}
Before flipping the flag, some tests need to be adapted. This CL
prepares these tests, such that the flag flip CL really just flips a
flag.
R=titzer@chromium.org, hablich@chromium.org
Bug: v8:6600, chromium:787421
Change-Id: I8030df69cda5f3fb81354350a37f65c0d1c669bd
Reviewed-on: https://chromium-review.googlesource.com/1110363
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53959}
This prologue is not needed any more now that we have the jump table.
If optimized code exists, we will not even enter the Liftoff code any
more, but instead jump to the optimized code right away.
This also allows to remove the {WASM_CODE_TABLE_ENTRY} relocation info
kind.
R=mstarzinger@chromium.org
Bug: v8:7758
Change-Id: I0449693d7434088fb264104fe59365d7ca2b74c6
Reviewed-on: https://chromium-review.googlesource.com/1110222
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53954}
Pass Isolate directly into CallHandlerInfo methods so that calls to
GetHeap can be removed.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: If28fbbd65530b01b69786c3e743754cff3b1ba3a
Reviewed-on: https://chromium-review.googlesource.com/1107926
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53945}
Also add a DCHECK to a branch that can only be taken for the null
prototype.
R=sigurds@chromium.org
Change-Id: Ib94fe8f25ecfd1a4baa576915e6edfa60bcd771b
Reviewed-on: https://chromium-review.googlesource.com/1109961
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53939}
After this CL all liveedit tests call the same LiveEdit::PatchScript
method. This method will be updated later.
As well some new liveedit cctests added, unfortunately part of them
do not work with current implementation.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7862
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3521af12b0f95b39d13aaafb1d1cf60f3f642a97
Reviewed-on: https://chromium-review.googlesource.com/1108382
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53936}
Each local ABT is logically for one page. We passed the space in to the
constructor, but this is wrong because the space a page is in can
change, e.g. for compaction pages.
Instead, pass the page to the local ABT constructor and always get the
space from this. To do this we need to push the AllocateLocalTracker()
helper and friends down to Page, rather than its superclass MemoryChunk.
Unfortunately, we need to keep ReleaseLocalTracker() on MemoryChunk even
though only Pages can have local trackers, because we can't do virtual
dispatch on MemoryChunk::ReleaseAllocatedMemory() which would allow us
to clean up the tracker memory nicely for pages only.
We also have to make sure we update external bytes accounting properly
when swapping spaces, as in SemiSpace::Swap().
Change-Id: Iff02e41dd12a6b04a57fcc32f9e2b4f049fcbc24
Reviewed-on: https://chromium-review.googlesource.com/1107635
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53930}
The name {CallerOwnedBuffer} does not make sense in all situations,
especially if such an object is returned instead of being passed as
argument.
I am working on moving the wasm wire bytes off the JS heap, and hence
will return unowned references via the API. To prepare this change, I
deprecate the existing {CallerOwnedBuffer} and introduce a new
{BufferReference} struct with proper field names.
R=titzer@chromium.org, adamk@chromium.org
Bug: v8:7868
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic8953951447038a831b15a336a52a199bfbeafd5
Reviewed-on: https://chromium-review.googlesource.com/1108207
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53929}
Other fuzzers already have this ability. This CL adds it to the fuzzer.
The input has to be valid bytes, otherwise we cannot generate the text
representation.
R=titzer@chromium.orgCC=gdeepti@chromium.org
Change-Id: If1ba8accc707bee3b042e93f4201949f0233c90e
Reviewed-on: https://chromium-review.googlesource.com/1109794
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53926}
This completes the transition to Assembler::Options, which reduces
the assemblers's dependency on isolates, and there is now only one
way to create an Assembler, which is to use the options.
Note that some operations on assemblers still need an isolate, such
as GetCode(), and in these cases, the isolate is an additional
argument to the method.
R=jgruber@chromium.orgCC=mstarzinger@chromium.org
Change-Id: I413209d816c63a7c3640f1c226764693dcad1e7f
Reviewed-on: https://chromium-review.googlesource.com/1106169
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53925}
This is a reland of c2f1090db8, fixing jumbo builds.
Original change's description:
> [wasm] Move serialization tests to own file
>
> Move out all serialization related tests to
> {test-wasm-serialization.cc}, to reduce the size of
> {test-run-wasm-module.cc}.
>
> R=titzer@chromium.org
>
> Bug: v8:7754
> Change-Id: I0b2133baf69e2557df27d1733cc267d1d4cf7452
> Reviewed-on: https://chromium-review.googlesource.com/1107980
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53909}
TBR=titzer@chromium.org
Bug: v8:7754
Change-Id: Ic0bb02b1b782676c6100daa2d588adce8b54c388
Reviewed-on: https://chromium-review.googlesource.com/1109838
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53919}
All other sorting benchmarks use arrays of roughly the same length.
This CL adds a set of benchmarks that sort arrays of various lengths.
Two data configurations are used for each length: Completely random
and already sorted.
R=jgruber@chromium.org
Bug: v8:7382
Change-Id: Ib80a3421a68029c8e4f823605bab7b2d7fe1ae34
Reviewed-on: https://chromium-review.googlesource.com/1109509
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53917}
This CL adds sorting of a randomized array to the PreSorted benchmark
to act as a baseline/reference point.
R=jgruber@chromium.org
Bug: v8:7382
Change-Id: I45b77a6584d5d9a4f14a807f3796af7197673eaa
Reviewed-on: https://chromium-review.googlesource.com/1109508
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53913}
Move out all serialization related tests to
{test-wasm-serialization.cc}, to reduce the size of
{test-run-wasm-module.cc}.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: I0b2133baf69e2557df27d1733cc267d1d4cf7452
Reviewed-on: https://chromium-review.googlesource.com/1107980
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53909}
Byteswap operations are used a lot in WASM on big endian
architecture. This CL removed unused 1-byte swapping,
rewrite tests so they have better coverage and cleans up
some other minor things.
TEST=cctest/test-run-wasm/RunWasmTurbofan_I32DivSOnDifferentRegisters
Change-Id: I60466bbd5fe3f64e8e55684265dc43e92fcabc2c
Reviewed-on: https://chromium-review.googlesource.com/1106379
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53908}
This CL fixes a bug where execution would continue on a fast-path
even though a previous recursion step bailed to the slow path. This
would allow possibly illegal loads that could leak to JS.
Drive-by change: Instead of bailing to the slow-path on each recursion
step, we now bail completely and start the slow-path afterwards.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: chromium:854299, v8:7382
Change-Id: Ib2fd5d85dbd0c3894d7775c4f62e053c31b5e5d1
Reviewed-on: https://chromium-review.googlesource.com/1107702
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53892}
When encountering a LoadStackPointer input to a comparison, generate a register
LocationOperand that points to the stack pointer. This can avoid unnecessary
spilling of the stack pointer.
Since sp is a special register for arm64, we need to add a mechanism to print
its name in RegisterConfiguration.
This is a port of https://chromium-review.googlesource.com/1055568 that made
the same change for arm.
It also ports the tests added in
https://chromium-review.googlesource.com/1099068 to arm and arm64.
Bug: v8:7844
Change-Id: I5adc672ff877b9888ef755e8e60e4eabbc61061b
Reviewed-on: https://chromium-review.googlesource.com/1107810
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#53889}
There is no point calling AllocationSpaceName manually every time. We
could get rid of AllocationSpaceName entirely, except that the
serializer calls it directly on ints that are casted to AllocationSpace
objects first.
Change-Id: I26b2181347dba960c8523d5dcecf8128208c59a2
Reviewed-on: https://chromium-review.googlesource.com/1107816
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53888}
Some cctests force fresh creation of heap constants, even though the
cctest binary itself is an embedded snapshot build (i.e.: a snapshot
blob exists, and a binary-embedded blob exists). This breaks a few
assumptions, for example that off-heap builtins have a single,
canonical off-heap code range.
Unfortunately this isn't that easy to fix. I see a few alternatives:
1. In builtins setup, if an embedded blob exists, regenerate the
builtins for their metadata (things like the safepoint table offset),
and then replace them by off-heap trampolines.
2. As above, but deserialize the trampolines from the snapshot blob.
3. As above, but pack required metadata into the embedded blob and
create trampolines from there.
4. Act as if the embedded blob does not exist.
Alternative 1 does not work because the generated code can be slightly
different at at runtime vs. mksnapshot-time. Alternative 2 is out
because we do not have access to the snapshot blob in TestIsolate
setup. Alternative 3 is probably the preferred option but would be a
more involved change.
This CL takes path 4. It's not an optimal solution, but it can be
replace by alternative 3 later.
TBR=ulan@chromium.org
Bug: v8:7718, v8:7751
Change-Id: I36c024cb0179615011c886ed3978bc95f0d197ac
Reviewed-on: https://chromium-review.googlesource.com/1098924
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53886}
Unconditionally setting the JSFunction code to that of the SFI
may skip initializing the feedback vector.
R=leszeks@chromium.org
Bug: v8:7857
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I65d4bf32493be4cade2eaf3d665d44f93e80f809
Reviewed-on: https://chromium-review.googlesource.com/1107618
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53881}
This test was not adapted for the jump table yet.
R=mstarzinger@chromium.org
Bug: v8:7867
Change-Id: Ifd03899b0757972525dcc54f04949635d03fa493
Reviewed-on: https://chromium-review.googlesource.com/1107624
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53878}
This is a reland of 380dba0a5c
Original change's description:
> [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
>
> Use AllocationSite without Weaknext field for all the allocations in nested
> literal except for Root. The nested field is sufficient to link all the
> allocations in a nested literal. Only the Root is added to heap weak_alloc_list
> for GC to traverse
>
> Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
> Reviewed-on: https://chromium-review.googlesource.com/1101323
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53813}
Change-Id: Ic451fb3600b87f8f69748b1659ff89a80c9322fa
Reviewed-on: https://chromium-review.googlesource.com/1106257
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Cr-Commit-Position: refs/heads/master@{#53872}
The reference to the {NativeModule} (stored in a {Managed}) should live
on the {WasmModuleObject}, not on the individual {WasmCompiledModule}
objects.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I21dfa088c9643d36d9fd5052a145e7e2af5e47f9
Reviewed-on: https://chromium-review.googlesource.com/1106380
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53860}
Our tests currently don't set {WasmModule::num_declared_functions}
correctly. This CL fixes that.
This enables the use of {WasmModule::num_declared_functions} instead of
{NativeModule::num_functions_ - NativeModule::num_imported_functions_}.
Drive-by: Fix {std::vector} reservation to reserve enough space for all
functions during decoding.
R=titzer@chromium.org
Change-Id: I6d7783aed1c0de3275fc72787dec17c38ff8c73b
Reviewed-on: https://chromium-review.googlesource.com/1106166
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53857}
We need to create one {WasmCompiledModule} before creating the
{WasmModuleObject}. This CL refactors the code such that the
{WasmModuleObject} itself creates the {WasmCompiledModule}. This moves
us closer to removing the {WasmCompiledModule}.
R=titzer@chromium.org
Change-Id: I9f85e47f643c39840036f4f1f92df736732c8f74
Reviewed-on: https://chromium-review.googlesource.com/1105762
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53833}
This is a reland of 733b7c8258.
The arm64 bug was fixed in https://crrev.com/c/1105051.
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=titzer@chromium.org,mstarzinger@chromium.org
Bug: v8:7758
Change-Id: I68555230c6db97e70f0b8fef784188f55ee04794
Reviewed-on: https://chromium-review.googlesource.com/1105158
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53829}
This removes several GetIsolate calls from Map:: methods and instead
passes the Isolate in. This is a very noisy change but mostly it is just
adding Isolate to method declarations and forwarding it on.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I159505e50a9462d01066f14da0fcc29762bd5531
Reviewed-on: https://chromium-review.googlesource.com/1075267
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53826}
This CL changes all ArraySort benchmarks to execute the setup
function for each iteration (one run call), instead of only once for
all iterations.
Even though we now also measure the time needed to copy and prepare
the array, this is needed, otherwise we would mainly measure sorting
already sorted arrays.
R=cbruni@chromium.org, jgruber@chromium.org
Change-Id: I2e0e301b52b0288b8c825c3c8401c348c4a0dee7
Reviewed-on: https://chromium-review.googlesource.com/1105045
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53825}
TurboFan returned null handles if compilation did not succeed. This CL
changes that to a MaybeHandle to make it explicit that client code needs
to handle the error.
Bug: v8:7856
Change-Id: I6087e6263faa1150b9788213dd22c398b4a2fc2d
Reviewed-on: https://chromium-review.googlesource.com/1104688
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53824}
Bump limit for isolate creation in cctest; the test started crashing recently
on nosnap.debug builds, hence we bump the limit.
Bug: v8:7856
Change-Id: I7c2396c7f112a2ed7fc189f0fa72658e0ed75050
Reviewed-on: https://chromium-review.googlesource.com/1104691
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53816}
This reverts commit 380dba0a5c.
Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/1471
Original change's description:
> [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
>
> Use AllocationSite without Weaknext field for all the allocations in nested
> literal except for Root. The nested field is sufficient to link all the
> allocations in a nested literal. Only the Root is added to heap weak_alloc_list
> for GC to traverse
>
> Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
> Reviewed-on: https://chromium-review.googlesource.com/1101323
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53813}
TBR=ulan@chromium.org,cbruni@chromium.org,chandanreddy@google.com
Change-Id: Icc87027f14f917da3033db256c2535e08e2a4a34
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1105159
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53815}
Use AllocationSite without Weaknext field for all the allocations in nested
literal except for Root. The nested field is sufficient to link all the
allocations in a nested literal. Only the Root is added to heap weak_alloc_list
for GC to traverse
Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
Reviewed-on: https://chromium-review.googlesource.com/1101323
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53813}
This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.
R=jgruber@chromium.org
Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}
This reverts commit 733b7c8258.
Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com
Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7758
Reviewed-on: https://chromium-review.googlesource.com/1105157
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53807}
This introduces the concept of a jump table for WebAssembly, which is
used for every direct and indirect call to any WebAssembly function.
For lazy compilation, it will initially contain code to call the
WasmCompileLazy builtin, where it passes the function index to be
called.
For non-lazy-compilation, it will contain a jump to the actual code.
The jump table allows to easily redirect functions for lazy
compilation, tier-up, debugging and (in the future) code aging. After
this CL, we will not need to patch existing code any more for any of
these operations.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7758
Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
Reviewed-on: https://chromium-review.googlesource.com/1097075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53805}
Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.
Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.
This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}
For now we keep params since NewSloppyArguments uses it to figure out how to structure the arguments object. We should be able to only keep params in case we have a special case though. E.g., leaf functions with no duplicate parameters don't need special treatment. Or we simply encode the parameter index for each context slot. (I'm not sure duplicates need special treatment.)
Change-Id: Icfbb844e5331aeb93c50bc07edd58246c8aeb1d7
Reviewed-on: https://chromium-review.googlesource.com/1104420
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53802}
We currently store the {WasmModule} (generated during decoding) in a
unique_ptr and pass ownership to the {WasmModuleObject} after
compilation.
I plan to move the {Managed<NativeModule>} from {WasmCompiledModule} to
{WasmModuleObject}, which will force us to create the
{WasmModuleObject} *before* compilation, so that the {CompilationState}
is available during compilation.
This CL prepares that refactoring by storing the {WasmModule} in a
{shared_ptr} in the {AsyncCompileJob}. Note that it will eventually be
stored in a {shared_ptr} in the {Managed} anyway.
R=titzer@chromium.org
Change-Id: Iac5e3c1067af2801e938f77a455a68807801526a
Reviewed-on: https://chromium-review.googlesource.com/1104117
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53801}
Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837
Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}
The test test-api/InitializeDefaultIsolateOnSecondaryThread1 has been
failing since at least 6.8, but our infra only recently realized that.
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
Bug: v8:7856
Change-Id: I8cbfd4ea554bb32c50c01d437efa5b18f60c2fde
Reviewed-on: https://chromium-review.googlesource.com/1104458
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53795}
We currently have a system where the protected instructions are
unregistered when the last instance dies, and registered again on the
next instantiation. This is triggered by {WasmCompiledModule::Reset}.
Since the reference to the {NativeModule} will move to the
{WasmModuleObject}, and this object stays alive even if the last
instance dies, this will become hard to maintain.
It will also make it harder to share wasm code across isolates.
This CL refactors this to register trap handler data once when the code
is added to the {NativeModule}, and releases it if the code dies.
R=mstarzinger@chromium.org
CC=eholk@chromium.org
Bug: v8:5277
Change-Id: I3f1b336095230b255f3849c271b37b62f2b96cd6
Reviewed-on: https://chromium-review.googlesource.com/1103567
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53791}
This is a step towards avoiding materializing function_ altogether if we deoptimize. Typically we only need the SharedFunctionInfo.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idee78f02d1afe3d2cb70e93a6d96a5a33907f892
Reviewed-on: https://chromium-review.googlesource.com/1100474
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53789}
Return the raw Object* when accessing the constant pool of bytecode
with the bytecode array accessor, to avoid needing an isolate there.
If the returned value needs to be a handle, we create the handle
later.
Bug: v8:7786
Change-Id: Ifeac2a06f0383230bf7e9bfc1b751d9750ecfb51
Reviewed-on: https://chromium-review.googlesource.com/1102334
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53784}
The FuzzAssemble* tests rely on two CSA functions which are relatively big. And
with the --enable-slow-asserts flag they get so big that the register
allocator's memory consumption becomes a problem. Let's just override this flag.
Bug: v8:7819, v8:6848, v8:7842
Change-Id: I95db59b9c788aa665d04339892b2e0b5d92d9a89
Reviewed-on: https://chromium-review.googlesource.com/1093315
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#53779}
This CL moves the remaining runtime DataView getters to Torque,
namely DataViewGetBigInt64/BigUint64, and removes the associated
runtime code that is now unneeded.
All of the DataView getters are now implemented in Torque, which brings
a nice performance improvement over the former C++ builtin code.
Change-Id: I35cf2eabce3c79cc0d3200e7f24dbe0c3e5c2804
Reviewed-on: https://chromium-review.googlesource.com/1092736
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53765}
We currently create a managed object holding a shared reference to the
WasmModule, and pass this to the factory method for the
WasmModuleObject. Instead, we can just create it inside that factory
method, removing code duplication.
R=herhut@chromium.org
Change-Id: I3cea858ba445971dc8dbeb693061ef5684bc02da
Reviewed-on: https://chromium-review.googlesource.com/1102336
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53763}
No longer access the heap directly, as policed by Disallow*
scopes in JSContextSpecialization::Reduce.
Bug: v8:7790
Change-Id: I40f1c500b04b96152421fd5de631747ba386bca1
Reviewed-on: https://chromium-review.googlesource.com/1101322
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53759}
This reverts commit 9e27d4735f.
Reason for revert: Layout Test failures: https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/24123
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: I892856056258e3c68b36409b8b2d69e7686fc385
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1102377
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53756}
This is a reland of 9e27d4735f
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
Change-Id: I05262fef66d852876b9bb2869339053629c9b51d
Reviewed-on: https://chromium-review.googlesource.com/1102297
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53751}
Byte offset can be outside of Smi range and must be loaded as a Number
rather than a Smi.
Bug: chromium:852258
Change-Id: Ida6e07ba68a050d4f5a9f28500986cc67c619b4c
Reviewed-on: https://chromium-review.googlesource.com/1100886
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53748}
This reverts commit 9e27d4735f.
Reason for revert: Fails MSan (use of uninitialized value): https://ci.chromium.org/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21562
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: Ief87c1e79fa2ec40f52fd747ec4ebbacf0da798b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1101377
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53743}