Port 077205be55
Original Commit Message:
This CL allows SetPrototypeAdd and ArrayIteratorPrototypeNext
to be called on temporary objects during side effect free evaluation.
R=kozyatinskiy@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I4f6d4e885c19a032723ea8fe39976780900ba922
Reviewed-on: https://chromium-review.googlesource.com/1008634
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52554}
Previously embedder had to create an instance of TracingCpuProfiler explicitly.
The patch makes the profiler created automatically for every isolate.
The profiler has no overhead unless tracing with v8.cpu_profiler category is enabled.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9369c2c56bcddc72093eda33dc2bc185c9253b4a
Reviewed-on: https://chromium-review.googlesource.com/1006049
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52552}
Port ada64b58bf
Original Commit Message:
Before Turbofan/Ignition it was possible to use external profilers to
sample running V8/Node.js processes and generate reports/FlameGraphs
from that. It's still possible to do so, but non-optimized JavaScript
functions appear in the stack as InterpreterEntryTrampoline. This commit
adds a runtime flag which makes interpreted frames visible on the
process' native stack as distinguishable functions, making the sampled
data gathered by external profilers such as Linux perf and DTrace more
useful.
R=matheus@sthima.com.br, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I0416b53c53248a5624061d0155712a3e2396c725
Reviewed-on: https://chromium-review.googlesource.com/1008045
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52551}
The promise constructor fast-path did allocate contexts that were
too large, resulting in GC overhead compared to the slow-path which
contributes to a performance regression we are currently dealing with.
Bug: chromium:829253
Change-Id: I82883358933df9ce5241bad53b85867455046cc1
Reviewed-on: https://chromium-review.googlesource.com/1007054
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52550}
This CL allows SetPrototypeAdd and ArrayIteratorPrototypeNext
to be called on temporary objects during side effect free evaluation.
Bug: v8:7588
Change-Id: Id77848e48d98c243de91bc6c0fae5a0877e693d4
Reviewed-on: https://chromium-review.googlesource.com/998439
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52548}
ValueDeserializer::ReadWasmModule does not call API functions, therefore
there can be no scheduled_exceptions, and therefore we do not have to
translate scheduled_exceptions to pending_exceptions. On the contrary,
there can be pending_exceptions, which causes the call to
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION to crash.
This CL fixes a crash in a layout test which was caused by another
CL (https://crrev.com/c/975547).
R=mstarzinger@chromium.org
CC=binji@chromium.org
Change-Id: I3078a2a9a532b079b5a4ea604c2f3f777fa2e287
Reviewed-on: https://chromium-review.googlesource.com/1006794
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52547}
All call sites passed nullptr as the isolate argument and DOUBLE as the
exponent type. Remove these unused arguments and related dead code.
Bug: v8:6666
Change-Id: Ie94d9b489f494b2a5c80f5cc3dc81013ed4f4414
Reviewed-on: https://chromium-review.googlesource.com/1006754
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52545}
This test relies on allocation mementos remaining in place;
with the new forced GC in the deoptimizer, this test can't be
run with the deopt fuzzer on anymore.
Bug: v8:7644
Change-Id: I6271c00a7b6c4e90a5e190bac5debaafad03a0e3
Reviewed-on: https://chromium-review.googlesource.com/1004774
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52544}
This improves the stack layout of {WasmCompiledFrame} frames built by
Liftoff so that the first spill slot immediately follows the frame
marker. We will rely on this in the future when we expect the first
spill slot to always hold a {WasmInstanceObject} reference.
R=clemensh@chromium.org
Change-Id: I2babe8a813af23f3b5bc139a2b0b334072625f7b
Reviewed-on: https://chromium-review.googlesource.com/1006615
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52543}
On indirect function calls, if the corresponding table entry is empty,
we cannot call {GetCodeFromStartAddress}. In that case, the signature
check will fail anyway, so perform the signature check first, and only
get the code object if the check succeeds.
R=mstarzinger@chromium.org
Bug: chromium:831463
Change-Id: Iead949e4c12502b1a2a3949db2dabab4a184a1e7
Reviewed-on: https://chromium-review.googlesource.com/1005005
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52542}
Benchmark now sorts every element type of TypedArray and groups the
benchmarks by integer and floating point types. Also adding a sort
benchmark that uses multiple custom compare functions.
R=petermarshall@chromium.org
Bug: v8:7624
Change-Id: Id0f44adf78398c99a17fe3edb6ee5d7fccc4d99b
Reviewed-on: https://chromium-review.googlesource.com/1000774
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52541}
Builds with and without embedded builtins (when combined with RO_SPACE
changes) results in different v8heapconst.py. So this marks embedded
builds as non-shipping. When embedded builtins becomes the default then
this non-embedded builds should be marked as non-shipping.
Bug: v8:7464
Change-Id: I8649183daf63ae9f54ed6207ed1104ecf33c89ff
Reviewed-on: https://chromium-review.googlesource.com/1005515
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52540}
Blacklist two functions that can call casted function pointers, there is
not an easy way to fix these failures yet.
BUG=v8:7164
Change-Id: I895ccb09359d38c95c1ff93e41c306ecb1ad57fc
Reviewed-on: https://chromium-review.googlesource.com/1003226
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52539}
This reverts commit e5a687be00.
Reason for revert: Crashes on GCC: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/19002
Original change's description:
> [CFI] Refactor test use to use GeneratedCode
>
> Replace direct call to generated code with call using GeneratedCode to
> match the rest of v8.
>
> BUG=v8:7164
>
> Change-Id: I3e45d3e7c45f06fc362a22217ee7f0f1b70745e2
> Reviewed-on: https://chromium-review.googlesource.com/1002534
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52536}
TBR=clemensh@chromium.org,vtsyrklevich@chromium.org
Change-Id: I684a93d20f104244e2b74ab79ddc7d6e3a1ecf3c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7164
Reviewed-on: https://chromium-review.googlesource.com/1006614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52538}
The sort benchmarks are currently in their own directory, because we
might want to run them in isolation during the upcoming sort rework.
R=jgruber@chromium.org, petermarshall@chromium.org
Bug: v8:7382
Change-Id: Ic2e4e34d2838690529511d591099a66d0b908b0a
Reviewed-on: https://chromium-review.googlesource.com/1004997
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#52537}
Replace direct call to generated code with call using GeneratedCode to
match the rest of v8.
BUG=v8:7164
Change-Id: I3e45d3e7c45f06fc362a22217ee7f0f1b70745e2
Reviewed-on: https://chromium-review.googlesource.com/1002534
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52536}
Before Turbofan/Ignition it was possible to use external profilers to
sample running V8/Node.js processes and generate reports/FlameGraphs
from that. It's still possible to do so, but non-optimized JavaScript
functions appear in the stack as InterpreterEntryTrampoline. This commit
adds a runtime flag which makes interpreted frames visible on the
process' native stack as distinguishable functions, making the sampled
data gathered by external profilers such as Linux perf and DTrace more
useful.
R=bmeurer@google.com, franzih@google.com, jarin@google.com, yangguo@google.com
Bug: v8:7155
Change-Id: I3dc8876aa3cd9f1b9766624842a7cc354ccca415
Reviewed-on: https://chromium-review.googlesource.com/959081
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52533}
If it does not, the stack may be in an unconsistent state. Bailout if so.
BUG=chromium:828881
Change-Id: Ia66077d3846bf9a1d556a37fd8e0ca856f9d2464
Reviewed-on: https://chromium-review.googlesource.com/1002535
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52532}
The ImportedFunctionEntry and IndirectFunctionTableEntry stored handles
internally, but were created from raw pointers. This is not allowed.
The two options to fix this are to either handlify the whole interface,
or do the opposite and use raw pointers everywhere. Since no current
user depends on a handlified interface, and both objects are being used
in performance critical code, this CL unhandlifies the interface and
adds a DisallowHeapAllocation scope to enforce that no GC happens while
any ImportedFunctionEntry or IndirectFunctionTableEntry is alive.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Change-Id: I098c2abcdd28c4b117272ac3ea0358ff2e56b36c
Reviewed-on: https://chromium-review.googlesource.com/1005075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52531}
This whitelists Function-related builtins used by Blink callbacks at
the DOM wrapping stage, and other BigInt methods.
Bug: chromium:810176
Change-Id: If036114cd7f133f2c30247dff836698c2eb16a51
Reviewed-on: https://chromium-review.googlesource.com/1004000
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52530}
This mjsunittest assumed specific internal types (i.e. Smi)
for certain fields; it generates some dozens of variants of
the test using new Function, but used the same property names
in all of them. This causes V8 to sometimes learn more general
types for fields (i.e. unboxed double), which the test did not
expect. This commit uses unique field names for each of the test
variants.
Change-Id: Ib1ecb3ae33a57c8a1293a29a2233dad4e16a39fb
Reviewed-on: https://chromium-review.googlesource.com/1004897
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52528}
This is in preparation of using some of these constants to compute
values for the Liftoff assembler that are themselves constexpr.
R=clemensh@chromium.org
Change-Id: I573ef4ca164e0107968e482996963fde9a3960b0
Reviewed-on: https://chromium-review.googlesource.com/1005056
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52527}
This CL fixes the pathological O(n^2) patching behavior that
was introduced when simplifying the wasm instance/context data
structures. It introduces a per-instance reverse mapping of
function indexes to where they appear in import and indirect
function tables. The mapping is created lazily and rebuild in
response to too many failed lookups, which makes it robust
to table mutations in the future.
This CL also fixes a bug where the anonymous lazy compile stub
was not being used for direct calls, confusing the indirect
call patching mechanism.
R=clemensh@chromium.org,mstarzinger@chromium.org
Bug: v8:7424, chromium:830558
Change-Id: Ice0212593b31eb64687a3d52bd238020682a857f
Reviewed-on: https://chromium-review.googlesource.com/1004294
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52526}
... to see if it improves things in real-world area.
Change-Id: Icf6a1ff47f35eb3f7e25b549d736f7404148f6ab
Reviewed-on: https://chromium-review.googlesource.com/1004587
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52523}
This CL adds a context slot to builtin continuation frames which
stores the context, even for stub continuations. This context slot
is used in NotifyDeoptimized to provide the JavaScript context.
Bug: v8:7639
Change-Id: Ibdfe24141a759cda6d319db0933bea57919dc171
Reviewed-on: https://chromium-review.googlesource.com/1002776
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52522}
New space objects which die after scavenging might contain weak references.
IncrementalMarking::UpdateWeakReferencesAfterScavenge must drop the
corresponding slot.
This bug didn't surface before, since all weak slots are in the old space (but
this will change soon).
BUG=v8:7308
Change-Id: Ib1e507d4207e35547240dc0867ec7787b3f3103e
Reviewed-on: https://chromium-review.googlesource.com/1005000
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52519}
This reverts commit 6823c0a496.
Reason for revert: https://crbug.com/830499
Original change's description:
> [runtime] Do some more StringTable shrinking
>
> This CL further lowers the kMaxEmptyFactor constant to more aggressively shrink
> the StringTable when it's empty.
>
> Bug: v8:5443, chromium:818642
> Change-Id: I1c263a0afd7e6bed8a8bb857db032bf126c3ef4b
> Reviewed-on: https://chromium-review.googlesource.com/995473
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52401}
TBR=mlippautz@chromium.org,cbruni@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:5443, chromium:818642
Change-Id: Ibd009fe1e9fcd0b36f168ad425e1eb5e663a1ca8
Reviewed-on: https://chromium-review.googlesource.com/1004456
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52515}
Separating from main mega-CL for Torque to make landing it more
manageable.
Change-Id: Ic2cf2f5bff62613cb25cddd065479c85cfd9dd6c
Reviewed-on: https://chromium-review.googlesource.com/963704
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52514}
This reverts commit 29308cf0e5.
Reason for revert: Use existing runtime functions instead
Original change's description:
> Add boolean runtime checks for different element kinds.
>
> This will be used for Array.p.sort benchmarks to ensure that the
> arrays will have the correct element kind.
>
> R=cbruni@chromium.org, jgruber@chromium.org
>
> Bug: v8:7382
> Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7
> Reviewed-on: https://chromium-review.googlesource.com/1004754
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52511}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I45742879d3637470752335772f294d7e8ff3ce35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Reviewed-on: https://chromium-review.googlesource.com/1004589
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52513}
This will be used for Array.p.sort benchmarks to ensure that the
arrays will have the correct element kind.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7382
Change-Id: I4fe58d97d7f18fd193d4432964cf6b4f5335e0e7
Reviewed-on: https://chromium-review.googlesource.com/1004754
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52511}
The checked condition now more precisely corresponds to the actual
ineffective GC detection heuristic.
Change-Id: I727932c76ff3183e7b038437eefba564c9778ff7
Reviewed-on: https://chromium-review.googlesource.com/997634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52509}
Came across this cast while checking a CFI issue. It reinterpret_casts
between two identical function pointers, so it is redundant.
R=ulan@chromium.org
Bug: v8:7570
Change-Id: I2d92e93788027e41abdb12af8371251c0da6a709
Reviewed-on: https://chromium-review.googlesource.com/1004674
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52507}
The reloading was needed when GC would compact the Heap::retained_maps
array. But that's no longer true; the compaction is done in
Heap::AddRetainedMap, outside GC. So it's not possible that the length would
change because of an allocation.
(Pre-cleanup for in-place weak ref work.)
BUG=v8:7308
Change-Id: I18554353014865992f9151002cc4097fb986faf1
Reviewed-on: https://chromium-review.googlesource.com/1002775
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52506}
The deadlock should be fixed with https://crrev.com/c/1002174.
This is a reland of 4d1c2907d3
Original change's description:
> Reland "[d8][wasm] Test wasm compilation completion"
>
> This is a reland of ed2605f040
>
> Original change's description:
> > [d8][wasm] Test wasm compilation completion
> >
> > d8 was recently changed to keep running until wasm compilation has
> > completed. This adds a message test to test that.
> >
> > R=ahaas@chromium.org
> >
> > Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> > Reviewed-on: https://chromium-review.googlesource.com/966184
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52008}
>
> Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
> Reviewed-on: https://chromium-review.googlesource.com/975242
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52154}
Bug: chromium:824681
Change-Id: I4077645bcfcb2320f6573bb779027add36feee3f
Reviewed-on: https://chromium-review.googlesource.com/999632
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52505}
