This CL is part of an effort to enable concurrent marking in MinorMC.
For this purpose we plan to reuse the IncrementalMarking class which
already implements a part of the concurrent marking code for MajorMC
(and is currently coupled with MarkCompactCollector).
We plan to parameterize IncrementalMarking with CollectorBase, which
can be either MinorMarkCompactCollector or MarkCompactCollector, in
a subsequent CL.
Bug: v8:13012
Change-Id: I595bfdcb6e1abaa270d8037d889620433f26a416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749183
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81797}
The LeftTrimFixedArray will call OnMoveEvent every time. Even though when the profiling is not enabled in user mode, it still need to do some check, and the function call itself has certain overhead. This patch aims to remove the unnecessary check. We only need to check it when the logging status changes.
Change-Id: I0e957860616a18415398f7753ed21caab5a4361f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751964
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81794}
This adds a bunch of tracing hooks to the module decoder and uses
them to support "annotated hexdump" output for full modules in wami:
$ out/x64.release/wami my_module.wasm --full-hexdump
Change-Id: I5821d940b5ec236df9708eecd0124172d8893ffd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754741
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81791}
This file did not include all the headers it needed, so when
https://crrev.com/c/3749178 removed a bunch of headers, the MSVC build
broke. Add in the missing header to address the MSVC compiler falure.
Change-Id: I646787cfde802d8cabe7d61bac2f2066beaec436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764190
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81790}
Port d5b3d8e994
Original Commit Message:
This change already landed for x64, now come arm and ia32. The code
already existed for arm64.
The wasm instance got pushed three times in the lazy-compile builtin:
1) as part of the parameters;
2) as a parameter for the runtime function;
3) to load the jump table address after the runtime function;
The third push can be avoided by loading the jump table address after
all parameters get loaded from the stack again.
R=ahaas@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I731473b2d5e08e7ea5841ef589dd3f896b5302db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769698
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81789}
... in order to avoid expensive computation of cage_base for Code
objects and in order to avoid issues with wrong cage base values
computed from Code objects in external code space.
Drive-by: cage-bas'ify some accessors in JSFunction and Code.
This is a step towards Code-less embedded builtins.
Bug: v8:11880
Change-Id: I95dd8bcd4680e09c7463e1bc7d72dcbf9f2e5c1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769831
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81788}
... which might be undefined during initialization.
Bug: v8:13054
Change-Id: Ia3a7a95ffb1133b5d3d299c36bfb3875bcee2dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769830
Reviewed-by: Patrick Thier <pthier@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81783}
This change already landed for x64, now come arm and ia32. The code
already existed for arm64.
The wasm instance got pushed three times in the lazy-compile builtin:
1) as part of the parameters;
2) as a parameter for the runtime function;
3) to load the jump table address after the runtime function;
The third push can be avoided by loading the jump table address after
all parameters get loaded from the stack again.
R=clemensb@chromium.org
Bug: v8:13049, v8:12926
Change-Id: Ifdbe943520c031ec5c480798694bcacc490a64bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764348
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81782}
This is a reland of commit 8218c06158.
Compile errors on mac arm64 are fixed.
Original change's description:
> [wasm] Reset PKRU before spawning new threads
>
> We sometimes hit the DCHECK in the wasm code manager:
> DCHECK_IMPLIES(writable, !MemoryProtectionKeyWritable());
>
> This is because we spawn new threads while having a
> {CodeSpaceWriteScope} open. In the case of PKU, this changes the PKRU
> register to allow writes to the code space, and the value of that
> register is inherited by any new thread. If this thread then tries to
> switch to writable code spaces, it hits the DCHECK. It would hit a
> similar DCHECK when trying to execute code.
>
> We fix this issue by temporarily resetting the PKRU register to
> non-writable while we call the {NotifyConcurrencyIncrease} method. This
> is not a very robust solution, as any new call that potentially happens
> inside a {CodeSpaceWriteScope} needs to do the same, but refactoring the
> code to avoid spawning new threads while being in writable state would
> be a lot of work with other downsides.
>
> R=jkummerow@chromium.org
>
> Bug: v8:13075
> Change-Id: Ibc7270aa597902dc6d9649cb6bcdfce8b1a9bafc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762579
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81729}
Bug: v8:13075
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_compile_rel
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_compile_dbg
Change-Id: I2e634959c969fc022393ae51c391397c7195ee54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769829
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81781}
We check page flags in the deferred write barrier, and bail out early
if pointers to that page are not interesting. Make sure that the slot
register saving happens after that early bailout, to avoid unbalanced
push/pop.
To avoid bugs like this in the future, add a stack size check as a
prefix to every node's code gen.
Bug: v8:7700
Change-Id: I54a00fcbc843d473a1ca1e6cf3d852a0c60621c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769695
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81780}
The stack offsets of cache slots are always positive, but the compiler
does not know that. The lack of this knowledge makes division by the
system pointer size significantly more expensive.
One solution would be to rewrite the division to be an actual right
shift. Another solution is to teach the compiler that offsets are
positive. This CL does the latter.
This reduces the overall Liftoff compile time of the reproducer in the
linked issue by nearly 25%.
R=jkummerow@chromium.org, cbruni@chromium.org
Bug: v8:13063
Change-Id: Ib55b35d407e9909c792ae095a6767aaa03faebdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3760453
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81778}
In {ControlPathState} with {kMultipleInstances}, a node should be able
to be mapped to different states, but not twice to an identical state.
Change-Id: Ida340a6f4f5e891f586d5a90e7ae818f24dfbe98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769693
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81775}
Templetize ControlPathState on whether multiple states are allowed for the same node. Instantiate BranchElimination to allow a single state
per node, and WasmGCOperatorReducer to allow multiple.
This fixes a performance regression caused by crrev.com/c/3717994.
Bug: chromium:1339826
Change-Id: Id52d643daad618f45c3d8509f2a661e177609a0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754941
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81772}
The sandbox crash filter must be installed after the sandbox has been
initialized, which now happens during V8::Initialize.
Bug: v8:10391
Change-Id: I0103e32f091843415aaff4ec1c9bd93603244144
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769689
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81771}
- Removed duplication and unnecessary indirection from all suites testcfgs.
- Introduced a more comprehensive context to cover both command context and other platform specific concerns.
- Propagated above context to TestLoader to allow for test counting command execution on all platforms.
- Wrapped original pool with another class to give it a new interface and allow injecting different implementations in the future.
- Consolidated progress indicators under a single processor in the pipeline.
- Consolidated result retention requirements calculation outside of pipeline chain.
- Refactored LoaderProc and got it under tests.
- Added some more tests for the standard runner.
- Extracted BuildConfig class.
Bug: v8:12785
Change-Id: I87be040e91f792a983662bb5a10d55b36a14ea7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701595
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81770}
Baseline compiler generates instructions for bytecode JumpLoop with
the below layout:
[OSR Check Armed]
[OSR Handle Armed]
[Jump Loop Header]
This CL advances [Jump Loop Header] and the layout will be:
[OSR Check Armed]
[Jump Loop Header]
[OSR Handle Armed]
This can reduce the sizes of loops in baseline code.
Change-Id: I0a3996fddffd33caaef965c05f5c2593ad8951bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3759947
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81762}
- Avoid adding an Invalid type that can never be reached during
traversal;
- Expose class names as object names;
Bug: chromium:1321620
Change-Id: Ie3d9f78d97703535ecf67d56235d564ab6a9a7e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763866
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81758}
This CL refactors simd load/store to accept a scratch register
which will be used in macro-asm.
LE enforced versions of them is also introduced.
Change-Id: I97f4f4870d7889204b1d42cf50de85e234ecae36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3765514
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81757}
Previously these values weres stored only in the Code object associated
with the embedded builtins.
Bug: v8:11880
Change-Id: I8adf3f654c5c729a8cb58fc6941999b4c251896a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764442
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81755}
Currently the same reduction is used for both TypedArray's and
DataView's byte{Length,Offset} accessors. But their behavior differ on
detached buffers: TypedArray returns 0 while DataView throw.
Do not do the optimization for DataViews if we can't depend on the
detach protector.
Bug: chromium:1344549
Change-Id: I38b533a62f756869380cb5c19fe254e03979e81a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763785
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81754}
By about 10x-20x depending on platform and configuration.
Shorter test strings make the set of all possible substrings
considerably smaller.
Fixed: v8:13074
Bug: v8:12868
Change-Id: I46ae94fbcba43080d06b1b825feae6b2acf819d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763861
Reviewed-by: Andy Wingo <wingo@igalia.com>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81753}
Move everything past the Smi check and "pointers-from-here" check in the
write barrier into deferred code. This matches what TF does for
kArchStoreWithWriteBarrier.
Bug: v8:7700
Change-Id: I869e6d5c85c01a3e265abca6cfa6f86066c1ab96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764443
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81752}
For prototype loads from strings, we require an access check, since
string maps are shared between native contexts. This makes our prototype
constant load optimisation bail out to a generic load.
We can, however skip this check given the knowledge that this is a
prototype load from a primitive, and instead emit a string check. We can
also be a slight bit more tolerant of multiple different string maps,
same as TF.
Bug: v8:7700
Change-Id: I4ad858cadea68246f903443d19fa6cdd65a14564
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762576
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81751}
This CL refactors the implementation of inner pointer resolution, based
on the marking bitmap. MarkCompactCollector::FindBasePtrForMarking has
most of its code that processes the marking bitmap moved to a utility
function FindPreviousObjectForConservativeMarking, which iterates
backwards to find the closest previous object on the page that has been
marked.
Bug: v8:12851
Change-Id: I980ac5712d8b1df792196d77edb9526ca2e13e2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3758227
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81750}
