This is a reland of d1b27019d3
Fixes include:
Adding missing file to bazel build
Forward-declaring classing before friend-classing them to fix win/gcc
Add missing v8-isolate.h include for vtune builds
Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}
Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit
Bug: v8:11965
Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76460}
We add ref.func and ref.is_null to the fuzzed module.
ref.is_null returns i32, so it is added to i32 generator.
ref.func is added to GenerateOptRef.
GetRefType function is added to generate reftypes.
Bug: v8:11954
Change-Id: Ia1add950bed573a02b6bec1cba401273d401919e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106925
Commit-Queue: Rakhim Khismet <khismet@google.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76431}
Abstract reference types in the fuzzer have only generated trivial
values. This CL adds the capability for them to generate values of their
subtypes in addition.
Drive-by: Fix emission of multiple tables in wasm-fuzzer-common.
Bug: v8:11954
Change-Id: Id434109c9ae6c1e1b799414c90f18180b8895755
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3109672
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76430}
This reverts commit d1b27019d3.
Reason for revert: Broke vtune build, tsan build and possibly others
Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}
Bug: v8:11965
Change-Id: Id57313ae992e720c8b19abc975cd69729e1344aa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113627
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76428}
This moves every single class/function out of include/v8.h into a
separate header in include/, which v8.h then includes so that
externally nothing appears to have changed.
Every include of v8.h from inside v8 has been changed to a more
fine-grained include.
Previously inline functions defined at the bottom of v8.h would call
private non-inline functions in the V8 class. Since that class is now
in v8-initialization.h and is rarely included (as that would create
dependency cycles), this is not possible and so those methods have been
moved out of the V8 class into the namespace v8::api_internal.
None of the previous files in include/ now #include v8.h, which means
if embedders were relying on this transitive dependency then it will
give compile failures.
v8-inspector.h does depend on v8-scripts.h for the time being to ensure
that Chrome continue to compile but that change will be reverted once
those transitive #includes in chrome are changed to include it directly.
Full design:
https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
Bug: v8:11965
Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76424}
This CL implements both the Register-Register and the
Register-Immediate variants needed by liftoff.
Change-Id: I148df8418097004710a17e0b216c2f18db808b8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3105085
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#76420}
This reverts commit 6ae18c2d3c.
Reason for revert: breaks a bunch of tests on Mac arm64 bots:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5754/overviewhttps://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20debug/2421/overview
Original change's description:
> [wasm] Move write scope out of NativeModule::AddCode
>
> {NativeModule::AddCode} is a central method that should usually be
> called in batches, where the caller holds a {CodeSpaceWriteScope} for a
> longer time (over several compilations).
> This CL moves us closer to that by removing the scope from that central
> method and instead putting it in callers where it becomes more visible.
> There are already TODOs to introduce caching or batching to avoid some
> switching, and one more TODO is added.
>
> Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76344}
Bug: v8:11974
Change-Id: Ia6a6814f153f7602d5d691bc5c930601ff4622a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3111268
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76414}
It must be possible to determine an object's size on the heap without
relying on the presence of any other objects. Specifically, if an
object and its WasmTypeInfo die at the same time, they can be swept
in any order, and the sweeper may need to know their sizes.
This patch solves the problem by repurposing two bytes in the Map,
where WasmStructs can store their instance size, and WasmArrays can
store their element size (which can be used to compute their size).
Fixed: chromium:1240670
Change-Id: Ib960fd0a409936aff1aef4daafed4c38b8497880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3106649
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76391}
S10 is a Callee save register and be used in scratch_list.
In cctest, could use scratch but not does't go through the JSEntry function that can save callee save reg. So cctest could be crashed due to using s10.
Bug: v8:12124
Change-Id: I62c3582ad490681d5efb24e8bfe0884006d42e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3103425
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#76375}
liftoff-assembler-ia32.h can now use it. TurboFan ia32 doesn't use it
because it generates different instruction codes (movlps, movhps).
Bug: v8:11589
Change-Id: I07540814acff2d8ea48e06d1e00023d80b276a3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095009
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76373}
Move optimized implementation (accounts for AVX2) into
shared-macro-assembler, and use it everywhere.
Drive-by fix in liftoff-assembler-ia32.h to use Movss and Movsd
macro-assembler functions to that they emit AVX when supported.
Bug: v8:11589
Change-Id: Ibc4f2709d323d5b835bcac175a32b422d47d3355
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3095008
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76372}
We snapshot all the code first, then log it without holding the lock.
Change-Id: I8c18b2db56678a9320ea6b63cd06290453c0a66a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097472
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76354}
Change i16x8.splat to use Punpcklqdq instead of Pshufd as the final step
to move low 32 bits to all lanes.
Move this implementation to shared-macro-assembler and use it
everywhere.
Bug: v8:11589,v8:12090
Change-Id: I968b1dca5a262e4e67875caea18c5c09828cb33a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092558
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76353}
The optimal implementation is in TurboFan x64 codegen, move it into
shared-macro-assembler, and have TurboFan ia32 and Liftoff use it. The
optimal implementation accounts for AVX2 support.
We add a couple of AVX2 instruction to ia32 in sse-instr.h, not all of
them are used, but follow-up patches will use them, so we add support
(including diassembly and test) in this change.
Drive-by clean up to test-disasm-x64.cc to merge 2 AVX2 test sections.
Bug: v8:11589
Change-Id: I1c8d7deb0f8bb70b29e7a680e5dbcfb09ca5505b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092555
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76352}
{NativeModule::AddCode} is a central method that should usually be
called in batches, where the caller holds a {CodeSpaceWriteScope} for a
longer time (over several compilations).
This CL moves us closer to that by removing the scope from that central
method and instead putting it in callers where it becomes more visible.
There are already TODOs to introduce caching or batching to avoid some
switching, and one more TODO is added.
Drive-by: Remove an unneeded {CodeSpaceMemoryModificationScope}.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: Ia13c601abc766e5fca6ca053bf1fc4d647b53ed0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3098186
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76344}
This is a reland of a3b2c4ec81
The fix is in PS3, for UBSan. We use WriteUnalignedValue for
potentially unaligned memory writes.
Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
> both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
> we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}
Bug: v8:11908
Change-Id: I5ded6d01cff40803b2f70525163f760edcf97165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093506
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76327}
The {CodeSpaceWriteScope} in {InstanceBuilder::Build} was kept open
while processing imports, which could compile another wasm module via
{compiler::ResolveWasmImportCall} and
{WasmEngine::SyncCompileTranslatedAsmJs}. This leads to errors since
{CodeSpaceWriteScope}s for different modules cannot be held open at the
same time.
This CL fixes that by only opening the {CodeSpaceWriteScope} for the
actual compilation of import wrappers.
Drive-by: Only call {ProcessImports} if there are imports to be
processed, to avoid some of the overhead of {ProcessImports} and
{CompileImportWrappers}.
R=jkummerow@chromium.org
Bug: chromium:1239522
Change-Id: Ifbaf64a4be92088ae4a3fd7e9700a33397b2a967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097283
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76311}
Bug: v8:12008
Change-Id: I2e1d918a1370dae1e15919fbf02d69cbe48f63bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76308}
We need to drop the object and the rtt from the liftoff stack before
loading the result.
Bug: v8:7748
Change-Id: Idbd4878ededc35892c951cafb3f8a8298133adff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094015
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76304}
The static limit didn't account for possible S128 elements.
This patch makes the limit element type specific.
Fixed: chromium:1237024
Change-Id: Ic1e37656e2882c0eb7ea6400c83e4094eb747e88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097269
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76303}
This reverts commit a3b2c4ec81.
Reason for revert: UBSan https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8839060153390139249/+/u/Check/gdbjit
Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
> both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
> we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}
Bug: v8:11908
Change-Id: Ic1a74a9239e8ef6107efd36f61c089ae6bfc5b6c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093365
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76274}
- Add new enum WASM_CODE to JitCodeEvent::CodeType
- Use AddressRegion instead of AddressRange (remove the latter)
- Change CodeDescription constructor to take an AddressRegion,
both JIT_CODE and WASM_CODE use this
- Add a simple mjsunit test that sets --gdbjit to check that
we don't crash.
- Add a api test for adding WASM_CODE
Bug: v8:11908
Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76271}
Move the implementation into shared macro-assembler. TurboFan and
Liftoff for both ia32 and x64 can now share the implementation. No
functionality change expected.
Bug: v8:11589
Change-Id: Ia1f680ba139fca627e82e7dc0a9cf1c833e483cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088513
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76268}
Move the implementation into shared macro-assembler. TurboFan and
Liftoff for both ia32 and x64 can now share the implementation. No
functionality change expected.
Bug: v8:11589
Change-Id: I8d3567ef6e4a430fe8e007e44d5d55cf8e8a6a7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3088273
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76264}
This should not be needed any more after https://crrev.com/c/2944808,
which made job execution deterministic in predictable mode.
R=thibaudm@chromium.org
Bug: v8:11848, v8:10936
Change-Id: I7f71af063d366ca2ba9223afeb6c2caa77b02a99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090334
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76258}
These are no longer enabled, so remove the code mitigation logic from
the codebase.
BUG=chromium:1003890
Change-Id: I536bb1732e8463281c21da446bbba8f47ede8ebe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3045704
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76256}
Make "emit_s128_set_if_nan" take LiftoffRegisters rather than Registers.
The decoding of the FP register code is architecture dependent, and in
particular we expect an FP pair on arm.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I44a364c3ef3a0c41000ea1f6cead4916ee04145d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089165
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76246}
Move I32x4SConvertF32x4 into shared implementation, and takes care of
both AVX and no-AVX implementation. Instruction selector still requires
dst == src to save a move in codegen.
Bug: v8:11589
Change-Id: Ie982682b3002192ab27700bf73f8c1e66aeba492
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086732
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76243}
MovFloatToInt and MovIntToFloat have been optimized
on Power8 and above to use VSX instructions instead if
using the memory.
Change-Id: I77af9aa20aa477f8f9e3ec9545445ef777aa0c72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087726
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76241}
This adds dedicated histograms for measuring the memory consumption and
compilation time for compiling "huge functions". Those are functions
with a body of more than 100kB. They are a *very* small fraction of all
functions (<0.01% according to current data), but their compile time is
often unproportionally large. Since they would just disappear in the
overall histograms, this CL adds dedicated histograms to make the
compile time and memory consumption of those functions more visible.
R=ecmziegler@chromium.org
Bug: chromium:1238828
Change-Id: I30bd07792ef4d9d67ff60c49c9edd0892c5c6e6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089166
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76239}
TurboFan currently calls into runtime for these two instructions, but
there is a better 4-instruction lowering that Liftoff already uses. Move
this into macro-assembler so we can share this across both compilers. We
name this PopcntHelper because there isn't a Cnt on ARM64 that works on
Word32/Word64.
Bug: v8:12071
Change-Id: I182bf466b76cbad985d8c5b8ddae0f4352f71cd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3087812
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76236}
This is a reland of 1c0cca0f56. It is
modified now to use V8_HAS_PTHREAD_JIT_WRITE_PROTECT and is rebased on
https://crrev.com/c/3085271 which fixes the definition of that macro.
Original change's description:
> Reland: [wasm] Check correctness of thread-local write protection
>
> The fix landed as a separate CL: https://crrev.com/c/3081522
> This is an unmodified reland.
>
> Original description:
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
> Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
> Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76177}
Bug: v8:11974
Change-Id: Iffc510e85c8c56f26bfa88115ed3a8bdd33ef422
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085269
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76235}
The combination of --wasm-write-protect-code-memory and MAP_JIT was not
handled correctly. We were trying to unnecessarily switch permissions,
and a DCHECK was failing because the writers count was not increased
previously (because the {CodeSpaceWriteScope} uses a separate
implementation if MAP_JIT is available).
This CL fixes the issues by explicitly setting
{WasmCodeAllocator::protect_code_memory_} to false if MAP_JIT is being
used.
R=jkummerow@chromium.org
Bug: v8:12070
Change-Id: Ifb05ba01f8e2e7781d7c29fe80d1144a3d65543b
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089159
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76233}
Use logical shifts to emulate arithmetic shift, by first adding a bias
to make all signed values unsigned, then subtracting the shifted bias.
Details are in code comments for SharedTurboAssembler::I64x2ShrS.
Also refactor ia32 (which was already using this algorithm) to use the
shared macro-assembler function. And convert Liftoff's implementation as
well.
Bug: v8:12058
Change-Id: Ia1fd5fe5a9a0b7a7f31c426d4112256c8bf7021b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3083291
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76209}
This reverts commit 1c0cca0f56.
Reason for revert: this made tree closed. (https://crbug.com/1238174)
Original change's description:
> Reland: [wasm] Check correctness of thread-local write protection
>
> The fix landed as a separate CL: https://crrev.com/c/3081522
> This is an unmodified reland.
>
> Original description:
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
> Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
> Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76177}
Bug: v8:11974, 1238174
Change-Id: I74d8723344e4b9015d956ebfe3fda492280356b6
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084041
Auto-Submit: Minoru Chikamune <chikamune@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76184}
This is a reland of fffcbaea55
Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}
Since array.new_with_rtt implicitly introduces a loop, we should mark
any loop including this instruction as non-innermost.
Bug: chromium:1236958
Change-Id: I2d92b5fdba748df0e4ac1d6cbc524428b1042578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080574
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76178}
The fix landed as a separate CL: https://crrev.com/c/3081522
This is an unmodified reland.
Original description:
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.
This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.
R=jkummerow@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76177}
We currently print reference type indices as unsigned LEB. This will not
work properly for large indices (>=64), as they will be interpreted as
negative indices when read back. They may also alias with builtin types.
In this CL, we fix this by defining builtin types as negative numbers.
We add positive byte constants that can be used in function bodies.
We adapt wasm-module-builder and tests to the above changes.
Bug: v8:7748
Change-Id: I4dfaa65d4cbf77a6731ca2283148bd842ea5c56b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080569
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76176}
Check that the tag argument matches the exception's own tag, and throw a
type error if not.
R=jkummerow@chromium.org
Bug: chromium:1237751, v8:11992
Change-Id: Ia404b83c202a247791583f0252833c36801e9ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081523
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76175}
Code freeing can happen at any point in time where a GC might be
triggered. Hence it's difficult to ensure that no other
{CodeSpaceWriteScope} is already open at that point. The way these scope
objects are implemented forbids multiple scopes for different modules
though.
To solve this, this CL just avoids the code zapping in
{WasmCodeAllocator::FreeCode}, which is the only place that actually
writes to the code space. Without this, we do not need the
{CodeSpaceWriteScope} in {NativeModule::FreeCode} any more.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I1f01979e1eaea6c311c9ad568d605aabeef3bfc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081522
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76174}
On Windows, the overhead of {SetPermissions} (which maps to a
{VirtualAlloc} call) heavily depends on the amount of memory on which
permissions are switched. Hence this CL changes permission switching
to only switch the code regions that are actually needed. This will
increase the number of system calls, but reduce the total size of
switched memory.
On a Unity benchmark, this reduced the lazy compilation time on Windows
from 13.7 seconds to 3.6 seconds (3.0 seconds without write protection).
On Linux, there is no measurable effect, but permission switching
generally seems to have way less overhead on Linux.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I46dd4ae9997587226b3d81166cf2e1128383ab34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077144
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76163}
Port edc349dbf5
Port 593fbb69c4
Bug: v8:11235
Change-Id: I19dd21a14f6475b0cf212728c4124f3b8f6c9c3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3076770
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76156}
This reverts commit fee168ce06.
Reason for revert: The DCHECK fails when freeing code
(https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/38292/overview),
which means that the current code is not correct. The added DCHECK
makes the bots red though, so the state before this CL was still
better.
Original change's description:
> [wasm] Check correctness of thread-local write protection
>
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=jkummerow@chromium.org
>
> Change-Id: I43fa886d9d0fdf0e1846137dc411745fcca471fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074477
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76134}
TBR=jkummerow@chromium.org
Change-Id: I5262b0e886f99a64452966345fc084a1ab750459
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078360
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76146}
pthread_jit_write_protect* functions are only available on arm64 Mac,
not on iOS (which also sets V8_{TARGET_,}OS_MACOSX).
This CL refactors the logic to detect whether pthread_jit_write_protect
and MAP_JIT are available and defines a global preprocessor macro which
can subsequently be used instead of the existing complex condition.
R=jkummerow@chromium.org, mlippautz@chromium.org
Change-Id: I63894f42df35406d6eee90a4ce5070c2fde7b566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76143}
This reverts commit fffcbaea55.
Reason for revert: Breaks in Chromium (e.g. https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20%28NVIDIA%29)
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: I954de1afbabf101fb5d4f52eca0d3b80a723385b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077153
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76138}
This patch makes V8 accept the binary format produced by Binaryen
after https://github.com/WebAssembly/binaryen/pull/3933 when the
--experimental-wasm-gc-experiments flag is present. The explicit
inheritance information is not used for anything. Validation is
performed only insofar as explicit supertypes must be valid types.
Bug: v8:7748
Change-Id: Id5b5050aa03591281632e3a2a161aa93422e10bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071406
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76135}
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.
This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.
R=jkummerow@chromium.org
Change-Id: I43fa886d9d0fdf0e1846137dc411745fcca471fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074477
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76134}
This CL limits the amount of address space we reserve for shared
WebAssembly memory. Up until now we just reserved either the defined
maximum size of the memory or the V8-defined maximum memory size,
depending on whether the maximum size is defined or not. This could
cause OOMs easily on 32-bit systems due to address space exhaustion.
With this CL we limit the amount of address space we reserve for shared
WebAssembly memory.
1) We try to reserve at least the initial size;
2) If no maximum size is defined, we reserve 1GB by default;
3) If a maximum size is defined, then we reserve that maximum size
but at most 1GB.
Note that the handling of shared memory here is different than the
handling of not-shared memory because for shared memory it is not
possible to grow with realloc.
R=clemensb@chromium.org
Bug: v8:12038
Change-Id: I00493b330ee00588d65cbffa6f042e039106736e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071206
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76116}
This CL fixes a long standing issue where reentering TimedHistograms
scopes would cause spurious measurements. Only the non-nested scopes
yielded correct results.
Due to the changed numbers, the V8.Execute histogram is renamed to
V8.ExecuteMicroSeconds. Note that this histogram is also guarded
behind the --slow-histograms flag due to the additional overhead.
Unlike before, it does no longer include time for external callbacks
and only measures self time. The following example illustrates the
new behaviour:
1. Enter V8: |--+.......+--| self-time: 4 units (reported)
2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
3. Re-enter V8: |---| self-time: 3 units (reported)
This would result in 2 histogram entries with 4 time units for the first
V8 slice and 3 units for the nested part. Note that the callback time
itself is ignored.
This CL attempts to clean up how TimedHistograms work:
- Histogram: the base class
- TimedHistograms: used for time-related histograms that are not nested
- NestedTimeHistograms: Extends TimedHistograms and is used for nested
histograms
This CL changes Histograms to not measure time themselves. Measurements
happen in the *HistogramScopes:
- BaseTimedHistogramScope: Base functionality
- TimedHistogramScope: For non-nested measurements
- NestedTimedHistogramScope: For nested measurements
- PauseNestedTimedHistogramScope: Ignore time during a given scope.
This is used to pause timers during callbacks.
Additional changes:
- ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
and always sets VMState<EXTERNAL>
Bug: v8:11946
Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76111}
Just re-use the error constructor's initial map for the
WebAssembly.Exception constructor, instead of creating a new one.
R=jkummerow@chromium.org
Bug: v8:11992
Change-Id: If1ee53a1e9492c9ab4b59e363b388260ff097cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071211
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76108}
The number of arguments for the LiftoffCompiler has grown significantly
since its initial implementation, and it becomes hard to keep track of
all options at the call sites.
This CL refactors all optional parameters into a {LiftoffOptions} struct
which has a factory-like interface.
This will allow us to add more options in the future, e.g. for dynamic
tiering.
R=thibaudm@chromium.org
Change-Id: I66697bb2f99b676a84c158304cc3a285e1b077d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069148
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76098}
The merge values of a block have to be initialized to their
static types, even if the actual values on the stack have
subtypes of the loop's static type.
Drive-by cleanup: drop some unneeded manual {TestModuleBuilder}
instantiations from existing tests. The test fixture provides
one anyway.
Bug: chromium:1234453
Change-Id: I39c7eae4b6a6d5124f29be92da5ee92ff7e20e57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068948
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76087}
Also introduce a separate error type for WebAssembly.Exception,
since the properties should not be added to RuntimeError.
R=jkummerow@chromium.org
Bug: v8:11992
Change-Id: I8f4ae0da9a95184366e07dc43e58a5a9ff4382ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055304
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76061}
This avoids having all code writable while compiling functions. We only
need it writable for copying the code to the NativeModule and for
updating the jump table(s).
R=jkummerow@chromium.org
Change-Id: Ifb212b1cd3f7702fac4b1eb9e7bc7d5b5bd5198a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063221
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76035}
wasm-code-manager.cc is no longer included if v8_enable_webassembly ==
false, so we can remove this guard.
Bug: v8:11879
Change-Id: Ide77e7e334d2711c1cbbbbedc34c2796ffaf793d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3061358
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76024}
Since recently, the WebAssembly instance gets cached in Liftoff code
to avoid reloading it from the stack whenever it is used. Typically the
cached instance gets invalidated at a function call and therefore does
not need to be recorded in safepoints.
However, when the DebugBreak builtin is called, the cached instance
was not invalidated. It is even incorrect to invalidate the cached
instance there because that would modify the CacheState of Liftoff.
Therefore this CL adds the register that caches the instance to the
safepoint of the call to the DebugBreak builtin.
R=clemensb@chromium.org
Bug: v8:11979
Change-Id: I7f9153e0c0e7e797b11b827111b4d61e29606071
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063222
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76021}
The original CL was flaky because deserialization did not wait correctly
for the compilation of missing functions to finish. The baseline-finished
event was set even when there were still some functions missing. The
combination of deserialization and lazy compilation was also not handled
correctly.
Original change's description:
> [wasm] Support partial serialization of modules
>
> At the moment a WebAssembly module can be serialized successfully when
> all functions were compiled with TurboFan. However, for some functions
> it may not be necessary to be compiled with TurboFan, e.g. for functions
> where Liftoff code is as good as TurboFan code.
>
> With this CL we allow WebAssembly modules to get serialized even when
> not all functions are compiled with TurboFan. Missing functions are
> marked as missing in the serlialization. Upon deserialization, missing
> functions either get compiled by Liftoff, or initialized with a
> lazy-compilation stub, depending on the V8 configuration.
>
> Bug: v8:11862
Change-Id: I79a9e8e14199cff87fce6ae41a87087e047bbc65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060485
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76017}
This reverts commit bce81d6be0.
Reason for revert: Newly introduced test is flaking, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20ASAN/41030/overview or https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/43171/overview
Original change's description:
> [wasm] Support partial serialization of modules
>
> At the moment a WebAssembly module can be serialized successfully when
> all functions were compiled with TurboFan. However, for some functions
> it may not be necessary to be compiled with TurboFan, e.g. for functions
> where Liftoff code is as good as TurboFan code.
>
> With this CL we allow WebAssembly modules to get serialized even when
> not all functions are compiled with TurboFan. Missing functions are
> marked as missing in the serlialization. Upon deserialization, missing
> functions either get compiled by Liftoff, or initialized with a
> lazy-compilation stub, depending on the V8 configuration.
>
> Bug: v8:11862
> Change-Id: Ic833a17639bf841c5def6fe3c35173fe0376c246
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960209
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75987}
Bug: v8:11862
Change-Id: I5445c097ec47f407e5f951d4cf6d2168113f80e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060484
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75997}
This adds a code comment before the OOL code for the special stack check
for a large frame. Otherwise it is hard to see where it begins in the
code, and it might be unexpected to see that block of code at the end of
a Liftoff function.
Drive-by: Replace another "out of line: " comment by "OOL: ", which is
typically understood equally well.
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ie8b243cedebe979ca46e0515a9fdd0695ab58304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059081
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75995}
The JS API constructor was renamed to "WebAssembly.Tag" to match the
spec:
https://github.com/WebAssembly/exception-handling/issues/159
Rename "exception" to "tag" throughout the codebase for consistency with
the JS API, and to match the spec terminology (e.g. "tag section").
R=clemensb@chromium.org,nicohartmann@chromium.org
Bug: v8:11992
Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75994}
Add an explicit check for the available stack space before allocating a
large frame. Even though this typically does not cause problems on ia32,
we should do it to be consistent with other platforms and with TurboFan
code.
This follows the same structure as on x64: https://crrev.com/c/3059074
A follow-up CL will add a DCHECK to verify that we never overflow the
stack space by more than 4KB (https://crrev.com/c/3059076).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ifffe56f29feae14545e6f70e30a1c94c5eabad6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059075
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75991}
Add an explicit check for the available stack space before allocating a
large frame. Even though this typically does not cause problems on x64,
we should do it to be consistent with other platforms and with TurboFan
code.
After also fixing ia32 (https://crrev.com/c/3059075), we can add a
DCHECK to verify that we never overflow the stack space by more than
4KB (https://crrev.com/c/3059076).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: I4f407dc6a83d4a71636066777706f23d05002111
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059074
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75990}
The comment is a left-over of the state before
https://crrev.com/c/3055302. It should have been removed as part of that
CL.
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ic5234b230b3eda30e9a4a346e8c3b83c813a5dbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059078
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75989}
At the moment a WebAssembly module can be serialized successfully when
all functions were compiled with TurboFan. However, for some functions
it may not be necessary to be compiled with TurboFan, e.g. for functions
where Liftoff code is as good as TurboFan code.
With this CL we allow WebAssembly modules to get serialized even when
not all functions are compiled with TurboFan. Missing functions are
marked as missing in the serlialization. Upon deserialization, missing
functions either get compiled by Liftoff, or initialized with a
lazy-compilation stub, depending on the V8 configuration.
Bug: v8:11862
Change-Id: Ic833a17639bf841c5def6fe3c35173fe0376c246
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960209
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75987}
We add new alternative "new_object" in order to
emit new struct and array types. We check whether
heaptype is struct or array type so we could emit
"NewDefault" or "NewWithRtt". The additional methods
(IsArray/StructType, GetArray/StructType) was added to WasmModuleBuilder.
Bug: v8:11954
Change-Id: I7a0e73edfbaa49beb1efd60b0f1b9916dc50df22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056459
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Rakhim Khismet <khismet@google.com>
Cr-Commit-Position: refs/heads/master@{#75966}
FP Div, Min and Max are added in this CL.
Opcodes are also reordered in macros to match the
instruction selector.
Change-Id: Idd6909721b0d06d523c93873e5faff39449d937c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3058294
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75965}
Port 593fbb69c4
Original Commit Message:
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).
This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I0b87d73776b59ade36faea2f4772c63c89eb740e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056455
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75942}
Currently we first construct the frame (via
{TurboAssembler::EnterFrame}), then we spill the instance to the
respective slot (via {LiftoffAssembler::SpillInstance}). Instead, we
should already spill the instance as part of frame construction. That
allows for a more compact instruction to be used ("push" instead of
"mov" on Intel), and on arm64 even allows to merge pushing into an
existing instruction (where we currently push the zero register x31
instead).
This makes the prologue more similar to what TurboFan generates in
{TurboAssembler::AssembleConstructFrame} (which does not use
{TurboAssembler::EnterFrame}).
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: Ibb4a38d2049cff66fec9450db4f7f375d006beac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3055302
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75938}
Handle large frames by doing an explicit check to see if there is enough
remaining stack space before the stack limit.
The bailout which can be removed then is being triggered on more than 1
percent of all functions, so this is expected to improve compile time by
several percent, because we avoid the costly TurboFan compilation for
those >1%.
The code follows the same pattern as on arm, see
https://crrev.com/c/3046180.
R=ahaas@chromium.org
Bug: v8:11235
Change-Id: I0d359ae5fe0126da7ade860f596cfc108e7fd1d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3054114
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75925}
Adds Integer and FP Sub and Mull.
Change-Id: Ide2cfdbdc308d18011ba5cc6a61cd326c13c09b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3048789
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75922}
The WebAssembly.Exception constructor creates a WasmExceptionPackage,
which represents an exception thrown from wasm. The first argument is a
WebAssembly.Tag, and the rest are the values to encode in the exception.
R=jkummerow@chromium.org
Bug: v8:11992
Change-Id: I1327b2e4545159397ffe73a061aa577608167b74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049074
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75912}
This is a reland of b99fe75c6d.
The test is now skipped on non-SIMD hardware.
Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
> the register. This is a bit cleaner, and I first thought that
> this would be the bug.
>
> R=jkummerow@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}
TBR=zhin@chromium.orgCC=jkummerow@chromium.org, thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: I662b62fafe99389be7a6c23b970fdf3768f866cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3051610
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75901}
This reverts commit b99fe75c6d.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/43105
Original change's description:
> [liftoff][arm64] Zero-extend offsets also for SIMD
>
> This extends https://crrev.com/c/2917612 also for SIMD, which
> (sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
> As part of this CL, that method is renamed to {GetEffectiveAddress}
> which IMO is a better name. Also, it just returns a register to make the
> semantic of that function obvious in the signature.
>
> Drive-by: When sign extending to 32 bit, only write to the W portion of
> the register. This is a bit cleaner, and I first thought that
> this would be the bug.
>
> R=jkummerow@chromium.org
> CC=thibaudm@chromium.org
>
> Bug: chromium:1231950, v8:12018
> Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
> Reviewed-by: Zhi An Ng <zhin@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75898}
Bug: chromium:1231950, v8:12018
Change-Id: I4e7a9d6fa6809b7c4d9be919cd5698737d784849
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049085
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75900}
This extends https://crrev.com/c/2917612 also for SIMD, which
(sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
As part of this CL, that method is renamed to {GetEffectiveAddress}
which IMO is a better name. Also, it just returns a register to make the
semantic of that function obvious in the signature.
Drive-by: When sign extending to 32 bit, only write to the W portion of
the register. This is a bit cleaner, and I first thought that
this would be the bug.
R=jkummerow@chromium.org
CC=thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75898}
Handle large frames by doing an explicit check to see if there is enough
remaining stack space before the stack limit.
The bailout which can be removed then is being triggered on more than 1
percent of all functions, so this is expected to improve compile time by
several percent, because we avoid the costly TurboFan compilation for
those >1%.
R=ahaas@chromium.org
Bug: v8:11235
Change-Id: I935998f7676647572598b52c989f7d41cc5239a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046180
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75897}
Starting with Simd Add ops which are ported to liftoff.
Change-Id: I2128303accf9bc47812560f5aa38b5ccfc2e3e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049070
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75890}
...while on-heap objects are referring to it. This is accomplished
by storing a reference to its associated WasmInstanceObject on every
WasmTypeInfo object.
Details: https://bit.ly/2UxD4hW
Fixed: v8:11953
Change-Id: Ifb6f976142356021393d41c50717d210d525d521
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3043959
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75863}
While pointer-compression still doesn't guarantee 8-byte alignment
for objects, the WasmInstanceObject definition should be prepared
for a future where that changes.
No behavioral differences are expected from this, and likely no
performance differences for now either.
Change-Id: Iedd85f4361d45e1e3cf5d645496b9ad34acf533b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038527
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75855}
This is a reland of 4cc547c759
Change: prevent a memcpy to nullptr by skipping the call to copy_out()
when the length is zero.
Original change's description:
> [wasm][eh] Add WebAssembly.Tag.type
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Id069ffbf76bf836b613287788b1b1fccbb577475
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021173
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75815}
Bug: v8:8091
Change-Id: I22f400b6e36d1322a4eabd20a68b4bdd70d61377
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041436
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75847}
This adds a little {Simulator::ProbeMemory} method that is used from
several places in the arm64 simulator to test if a memory address can be
accessed, and trigger a signal from a specific location such that the
trap-handler can handle it. In case of a trap, the simulator is
redirected to the landing pad and stops executing the memory
instruction that triggered the trap.
Standard memory accesses and SIMD memory loads and stores are
instrumented to probe the memory. This passes all existing tests. In
case this CL misses certain spots, we can still add them later. This
will not be a security problem, since we do not use the simulator in
production.
R=ahaas@chromium.orgCC=mseaborn@chromium.org, v8-arm-ports@googlegroups.com
Bug: v8:11955
Change-Id: I52a81341e99fabc5fcf9e41ef4d8dd2226092803
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015557
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75843}
Since most Torque-defined extern classes use @generateCppClass, it makes
more sense to instead annotate the small number that don't. This is part
of the cleanup work that Nico recommended in [1].
Classes that still have to opt out:
- Those that can be converted by https://crrev.com/c/3015666
- HeapObject: sort of special since it's the root of the inheritance
hierarchy. Generated code would include two declarations that don't
compile until HeapObject is defined:
bool IsHeapObject_NonInline(HeapObject o);
explicit TorqueGeneratedHeapObject(
Address ptr, HeapObject::AllowInlineSmiStorage allow_smi);
- SmallOrdered*: these classes use templates on the C++ side, which is
not currently representable in Torque.
- SwissNameDictionary: according to a comment, the Torque generation for
this class is incorrect. I haven't investigated further.
Drive-by fix: make the Torque formatter keep LF on Windows rather than
writing CRLF.
[1] https://docs.google.com/document/d/1q_gZLnXd4bGnCx3IUfbln46K3bSs9UHBGasy9McQtHI/edit#
Bug: v8:8952
Change-Id: I1fbb5290f0c645842b84c53816c09bb3398206a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3028721
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75841}
We add additional num_types and liftoff parameters
for GetValueType to be able to generate user-def reftypes.
num_types is the number of types in the program and
liftoff checks if we could add reftypes or not.
The additional method (NumTypes) was added to WasmModuleBuilder and
additional field (liftoff) to WasmGenerator constructor.
Bug: v8:11954
Change-Id: I4904a41043264c65d5cba5b22129184d6a486bfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3041426
Commit-Queue: Rakhim Khismet <khismet@google.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75840}
Avoiding the builtin call, and potentially enabling other Turbofan
optimizations to apply.
This required teaching the MemoryLowering pass how to produce
Wasm-style isolate-independent code, where external references won't
work, and builtin calls have to be encoded differently.
Bug: v8:7748
Change-Id: Ib6d87da644330e7c3623c11aa333b23074aeae19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038524
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75824}
Hashing FunctionSigs can be quite expensive for large modules;
luckily in some cases we can avoid doing that work.
Change-Id: Ia18060b4c27ab34b44bda4bb81ea05299ecb0f49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038523
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75819}
This is a reland of 431fff66f5.
The fix is in BUILD.gn: We need to also include chromeos, which is a
linux target which is not covered by "is_linux" in gn.
R=ahaas@chromium.org
Original change's description:
> [traphandler] Add simulator support
>
> This prepares the trap handler to support being used from simulators.
> Modifications to the arm64 simulator will be done in a follow-up CL. For
> now, the trap handler will be registered but not used in Wasm (we emit
> explicit bounds checks instead, as before).
>
> The implementation uses inline assembly, so it is only available on x64
> POSIX systems for now. This is the main platform we use for testing and
> for fuzzing, so it should give us the test coverage we need. If needed,
> inline assembly for other platforms can be added later.
> The new code will be executed by the existing arm64 simulator bots, e.g.
> "V8 Linux - arm64 - sim".
>
> R=ahaas@chromium.org, mseaborn@chromium.org
>
> Bug: v8:11955
> Change-Id: Idc50291c704d9dea902ae0098e5309f19055816c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011160
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75780}
Bug: v8:11955
Change-Id: I8af39dea5b2cd3fa5418170a458832b3d6075107
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040844
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75809}
This reverts commit 431fff66f5.
Reason for revert: Causes link error in chrome: https://ci.chromium.org/ui/p/chromium/builders/ci/Linux%20ChromiumOS%20MSan%20Builder/24667/overview
Original change's description:
> [traphandler] Add simulator support
>
> This prepares the trap handler to support being used from simulators.
> Modifications to the arm64 simulator will be done in a follow-up CL. For
> now, the trap handler will be registered but not used in Wasm (we emit
> explicit bounds checks instead, as before).
>
> The implementation uses inline assembly, so it is only available on x64
> POSIX systems for now. This is the main platform we use for testing and
> for fuzzing, so it should give us the test coverage we need. If needed,
> inline assembly for other platforms can be added later.
> The new code will be executed by the existing arm64 simulator bots, e.g.
> "V8 Linux - arm64 - sim".
>
> R=ahaas@chromium.org, mseaborn@chromium.org
>
> Bug: v8:11955
> Change-Id: Idc50291c704d9dea902ae0098e5309f19055816c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011160
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75780}
Bug: v8:11955
Change-Id: I74d2e41864fc515bd9727898f12ec1498b97ee62
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040839
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75798}
Since {CodeSpaceWriteScope} is now used from cctests (since
https://crrev.com/c/3024150), its constructor and destructor need to be
exported.
R=jkummerow@chromium.org
Change-Id: I30627d632a9f4e4fde51bcb037bad69ceaedf6fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038062
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75786}
This is a reland of 0b091e9bd3
Some blink web tests have been temporarily disabled to allow landing
changes to the JS API in V8.
Original change's description:
> [wasm][eh] Rename Exception to Tag in the JS API
>
> See:
> https://github.com/WebAssembly/exception-handling/issues/159
>
> This change only does the rename where it's observable. This should also
> be renamed throughout the codebase for consistency and will be done
> separately.
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75718}
Bug: v8:8091
Change-Id: Id5375b5287fff81b8e0096377a55ef63e6d9b985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035083
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75785}
This prepares the trap handler to support being used from simulators.
Modifications to the arm64 simulator will be done in a follow-up CL. For
now, the trap handler will be registered but not used in Wasm (we emit
explicit bounds checks instead, as before).
The implementation uses inline assembly, so it is only available on x64
POSIX systems for now. This is the main platform we use for testing and
for fuzzing, so it should give us the test coverage we need. If needed,
inline assembly for other platforms can be added later.
The new code will be executed by the existing arm64 simulator bots, e.g.
"V8 Linux - arm64 - sim".
R=ahaas@chromium.org, mseaborn@chromium.org
Bug: v8:11955
Change-Id: Idc50291c704d9dea902ae0098e5309f19055816c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011160
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75780}
Shared ops between TurboFan and Liftoff are moved into
the macro-assembler.
Change-Id: I03cd3af10074b6b4666a7d2a13e652629576f76f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035764
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75768}
This CL addresses two problems:
- the previous implementation of the large-function TF bailout
didn't work for streaming compilation, because it tried to look
at the size of wire bytes that weren't yet available. Moving the
logic so it gets executed later ensures that the function size
is available.
- module serialization currently requires all functions to be
compiled with Turbofan, so the hard limit breaks serialization for
modules containing such huge functions. This CL enables the limit
only for --experimental-wasm-gc, so that non-experimental modules
continue to be serializable as they always have been. In the
future, we will avoid this limitation by making serialization more
flexible.
Fixed: v8:11991
Change-Id: Ibcee6fafec00fb83c2b99ae906836e8598142529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035095
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75765}
This removes the low-level {SwitchMemoryPermissionsToWritable()} and
{SwitchMemoryPermissionsToExecutable()} functions. They are only used in
tests and can be replaced by {CodeSpaceWriteScope} objects that we also
use in production.
R=jkummerow@chromium.org
Change-Id: I7ba702c836f3ac2dd7c7a81d6362040b28e8bef4
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024150
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75739}
We had two implementations of a thread-local counter for the number of
writers: One in {CodeSpaceWriteScope} and one in
{WasmCodeManager::SetThreadWritable}. This CL removes the latter, and
uses the counter in {CodeSpaceWriteScope} for all implementations.
R=jkummerow@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Change-Id: I683131296c6106a2b12986942bb18e6c0e716612
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024148
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75733}
This reverts commit 0b091e9bd3.
Reason for revert: Causes Web Platform Test failures, blocking roll
E.g., https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/12616/overview
Original change's description:
> [wasm][eh] Rename Exception to Tag in the JS API
>
> See:
> https://github.com/WebAssembly/exception-handling/issues/159
>
> This change only does the rename where it's observable. This should also
> be renamed throughout the codebase for consistency and will be done
> separately.
>
> R=ahaas@chromium.org
>
> Bug: v8:8091
> Change-Id: Iec1118194981dfd33be6e30256b6e72d12143e1f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021172
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75718}
Bug: v8:8091
Change-Id: Id2067e1cdc33fa657ef738ef5fafad84057f7209
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3027261
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75725}
Previously we had passed kOnEntryBreakpointPosition as a marker through
the regular SetBreakPointForScript() logic and handled that specially in
WasmScript, however this instrumentation breakpoint is special and gets
in the way of returning more information about a regular breakpoint in
case of crbug.com/700516, so I decided to just isolate that into it's
own method, especially since the only user already special-cases Wasm
anyways.
Bug: chromium:1162229, chromium:700516
Change-Id: Ie7966c1701365a4b03710d6dc32cc8278577ee3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026711
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75724}
If the debugger is disabled for an isolate, we first remove all
breakpoints for that isolate, and then tier up the module (if there is
no other isolate that keeps it tiered down).
During the first step, functions might get recompiled since the
set breakpoints change. This is not needed in case we will tier-up the
module afterwards anyway. It also triggers a DCHECK if we reinstall
debugging code even though the module is already marked "tiered up".
This CL avoids the installation of debugging if the module is not tiered
down, and also slightly modified the condition for installing new code
when tiered-up (to allow overwriting debugging code with non-debugging
code even if it's the same tier).
R=thibaudm@chromium.org
Bug: chromium:1228628
Change-Id: I83828d4186e299f779a858006eafa3dbc7966c35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026707
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75722}
This is a reland of dcdaf42fa8. It adds
CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.
Bug: v8:11611
Change-Id: I813fc8de36d1445c6a887abf496ec10e1a803815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953296
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75715}
This is a reland of dacce72070
Original change's description:
> [wasm] Fix fallback from PKU to mprotect
>
> The {WasmCodeManager::SetThreadWritable} method would return true if
> called in a nested scope, even if PKU is not available. The caller
> cannot tell then whether permission switching happened or not.
>
> This CL refactors the code to do an explicit check for PKU support, and
> removes the boolean return value from {SetThreadWritable}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11959, v8:11974
> Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75699}
Bug: v8:11959, v8:11974
Change-Id: I7086aa3f1cd12615e6f12bbd061084ecd325eb11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021180
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75707}
This reverts commit dacce72070.
Reason for revert: Needs a fix.
Original change's description:
> [wasm] Fix fallback from PKU to mprotect
>
> The {WasmCodeManager::SetThreadWritable} method would return true if
> called in a nested scope, even if PKU is not available. The caller
> cannot tell then whether permission switching happened or not.
>
> This CL refactors the code to do an explicit check for PKU support, and
> removes the boolean return value from {SetThreadWritable}.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11959, v8:11974
> Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75699}
Bug: v8:11959, v8:11974
Change-Id: I199cf6dd6e12a209649fcf86f922e2500b50bbde
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021179
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75700}
The {WasmCodeManager::SetThreadWritable} method would return true if
called in a nested scope, even if PKU is not available. The caller
cannot tell then whether permission switching happened or not.
This CL refactors the code to do an explicit check for PKU support, and
removes the boolean return value from {SetThreadWritable}.
R=jkummerow@chromium.org
Bug: v8:11959, v8:11974
Change-Id: I2d45f1fa240305c6f92f63cdf190131d637bfe95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021383
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75699}
Since PKU-based switching always switches the permissions for all wasm
code memory in the process, the method should not be on the
{NativeModule} or {WasmCodeAllocator}, but instead on the process-wide
{WasmCodeManager}.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I75a82e51401b2572977c134077e1669cf5077049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021382
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75694}
This refactors the {GetMemOp} function once again:
Instead of computing (mem_start + (offset_reg + offset_imm)), do compute
((mem_start + offset_imm) + offset_reg). This avoids an overflow in
(offset_reg + offset_imm) when using 32-bit computations, which hides
OOB memory accesses when relying on the trap handler.
As a nice side-effect, this change makes the whole method a lot nicer to
read.
We also need to change {StoreTaggedPointer} now, which was relying on the
inner working of {GetMemOp}. The new version makes the semantics more
transparent at the cost of repeating some logic from (the previous version
of) {GetMemOp}.
R=jkummerow@chromium.org
Bug: v8:11955, chromium:1227465, v8:11951
Change-Id: Ia068ca7c4f7db89b81529edd3438b0e4eee7d23d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015566
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75693}
- Implement f32/f64 fcopysign
- Implement f32/f64 type conversion
- enable some test cases that now pass.
Change-Id: Ia36299484adac885349df25d7c233dd7e43dded4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2992914
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75690}
Most Torque-defined extern classes already use @generateCppClass. As
Nico pointed out in [1], it would be nice to convert the remaining
classes and remove this option. This change converts about a third of
those remaining classes. I know that the future of Torque-defined
classes is a subject of some debate right now, but I think that it's
worth doing a few mechanical changes to reduce the existing variety of
options.
[1] https://docs.google.com/document/d/1q_gZLnXd4bGnCx3IUfbln46K3bSs9UHBGasy9McQtHI/edit#
Bug: v8:8952
Change-Id: Ic96f9b16397149099f87380f68e01b1f2a6d5b90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3018056
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75685}
These need some consideration. Clang apparently considers V8_UNLIKELY
to mean "always false", which seems questionable to me (possibly a
bug?). That said, removing it in the cases here doesn't seem likely to
cause problems -- the logging instance seems fine, and the other used to
not have the macro and gained it in a commit that seemed to have nothing
to do with performance.
The trampoline register change is safe, but perhaps V8 will support an
architecture in the future which needs this conditional?
I'd leave these as-is, but it also seems a shame not to enable
-Wunreachable-code-aggressive just because of these...
Bug: chromium:1066980
Change-Id: Ib819298cecba082666c26fa7010009f8e9441bf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994805
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75681}
The recently added experimental support for non-nullable locals
(https://chromium-review.googlesource.com/c/v8/v8/+/3010283) made
DecodeLocalGet slightly bigger, which caused Clang not to inline
it any more, which has a measurable performance impact because this
is one of the hottest decoding functions. Forcibly inlining it
fixes the regression.
Bug: chromium:1227332
Change-Id: Ifb85f7f5a43ad1c0376bbf37e4af84fb4903371f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3018206
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75676}
Port [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
Change-Id: I166ee58ad1fe682847ee252db134ab615056b416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3020545
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#75671}
Trap handling is not implemented yet for memory64. Make sure that no
code tries to use it, by setting {NativeModule::bounds_checks_}
accordingly.
This requires some changes to tests to make sure that the
{WasmModule::is_memory64} field is set before creating the corresponding
{NativeModule}.
R=ahaas@chromium.org
Bug: v8:10949
Change-Id: I11d9544b603fc471e3368bb4e7487da4711293a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011167
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75632}
Behind a new --experimental-wasm-nn-locals flag.
The checking policy implemented here is that locals count as
initialized until the end of the current control structure,
as described here:
https://github.com/WebAssembly/function-references/issues/44#issuecomment-801977331
Bug: v8:7748
Change-Id: I954fdf1b4e02ed4b45ef61b8379b7c0bbe802400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010283
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75613}
We did not handle conflicts between regular register moves and the
cached instance / cached memory start correctly. This could lead to us
overwriting a regular register when restoring the cached instance, which
results in either crashes or miscalculations afterwards.
R=ahaas@chromium.org
Bug: chromium:1217064
Change-Id: Icd4b08b97a47726108a50d51b3a7ba410d132f98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003158
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75602}
This should mitigate some of the regressions introduced in
https://chromium-review.googlesource.com/c/v8/v8/+/2972910.
Changes:
- Use a single Zone for all init. expressions in InstanceBuilder.
- Specialize DecodeFunctionBody() for init. expressions.
Bug: v8:11895, chromium:1226551
Change-Id: Ie39f981efeaa89e57f8ccb68903c6e7cc1cb7f09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3009465
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75597}
We only care about huge functions (>100kB) as they can cause extended
compilation times and OOM situations. These are difficult to see in the
existing histogram as they only account for a tiny fraction of functions.
We therefore introduce a new counter that only covers those functions
and remove the other histogram.
Bug: chromium:1222273
Change-Id: I72fcec3fda5a358de6e29eb78d1fcf40059fb6c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008646
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75594}
Port 6f48b7b369
Original Commit Message:
This is a reland of b0bcedccfd
Changes:
- Consistently use int32_t for max_steps and nondeterminism
- Skip SIMD tests on architectures that don't support it
Original change's description:
> [wasm][liftoff][ia32][x64] Detect SIMD NaNs for fuzzing
>
> R=clemensb@chromium.org
>
> Bug: v8:11856
> Change-Id: I9764e3e2944690ed0883afdab20afd47fdd4acfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979605
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75512}
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I5d0281bb9668c22d9d068fdf95bc80404b982744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3006474
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75564}
The new DCHECK fires when the tier was set to {kNone}, which was the
case for wrappers.
Since the compiler is only interesting for proper Wasm functions, we
keep the DCHECK but only print the compiler for code objects that
represent actual Wasm functions.
R=thibaudm@chromium.org
Bug: chromium:1223839
Change-Id: Icc0f13b34b53fee2a8d53857a4769ab4d80ab805
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003467
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75562}
This is a three-state field now: kTrapHandler, kExplicitBoundsChecks,
kNoBoundsChecks. It is set once based on the flags
(--wasm-bounds-checks and --wasm-enforce-bounds-checks) and depending on
whether the signal handler for wasm trap handling was installed. All
compilation then only uses the field value, and does not need to check
any flags any more.
R=ahaas@chromium.org
Bug: v8:11926
Change-Id: I2c0eb5ecb742ee65d1c10e4dceff7204119dab7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996191
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75558}
For static OOB accesses in Liftoff we were adding a protected
instruction information, mapping the PC of a jump instruction to the
landing pad. This is not needed, as the jump instruction is not supposed
to trigger a signal.
This CL slightly refactors the code to avoid this protected instruction
information, and resolves the old TODO.
R=ahaas@chromium.org
Change-Id: I668f3ec6a0815af83cbc04fb307744000166fb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003156
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75554}
In the existing code we calculate twice how we want to compile a
WebAssembly function, first in InitializeCompilationProgress, and then
again in InitializeCompilationUnit. With this CL we use the information
in the compilation progress to create the CompilationUnits. Not only
does this make the code cleaner, it will also allow us to initialize the
compilation progress differently for deserialization but reuse the code
to create CompilationUnits.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Iee48727be429e3a3a950404806fdd04264145999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988759
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75516}
Changes:
- Use a lightweight WasmElemSegment::Entry struct to store element
segment entries in a WasmModule.
- Also, restructure LoadElemSegmentImpl to handle all types of
global.get entries correctly.
- Simplify InitializeIndirectFunctionTables and make it handle all types
of entries correctly.
- In the above two cases, reject WasmJSFunctions for now.
Bug: v8:11895
Change-Id: Ie714f8c7f1af8959486138d2ad49bc622a89276d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991248
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75513}
We've already been zero-extending 32-bit offset registers since
https://chromium-review.googlesource.com/c/v8/v8/+/2917612,
but that patch only covered the case where offset_imm == 0.
When there is a non-zero offset, we need the same fix.
Bug: chromium:1224882,v8:11809
Change-Id: I1908f735929798f411346807fc4f3c79d8e04362
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998582
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75500}
We currently only measure the compilation time of individual functions,
but that does not include other things that happen for lazy compilation,
like switching memory permissions or publishing the code.
This CL adds a dedicated counter to measure the complete lazy
compilation time.
R=jkummerow@chromium.orgCC=dlehmann@google.com
Bug: v8:11940
Change-Id: I9a87882d2adc7bea6c5258954a642da18b8337ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997106
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75498}
There are still a few cases remaining that seem more controversial;
I'll upload those separately.
Bug: chromium:1066980
Change-Id: Iabbaf23f9bbe97781857c0c589f2b3db685dfdc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994804
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75494}
This is a reland of 071a1acf32
Changes compared to original:
Expect SIMD test to fail if SIMD is not supported.
Original change's description:
> [wasm] Refactor initializer expression handling
>
> Design doc: https://bit.ly/3xPxWUe
>
> This CL introduces two main changes:
> - Initializer expressions are now decoded by WasmFullDecoder. With
> wasm-gc, initializer expressions are no longer just constants, and
> require complex decoding (including stack tracking). This resulted in
> extensive code duplication.
> - Initializer expressions are not stored explicitly by module-decoder as
> an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded
> again during module instantiation. This should reduce memory
> consumption for globals and other module elements with initializer
> expressions (which has been observed in the 40MB range in some
> real-world benchmarks.
>
> Summary of changes:
> - Add a static parameter {kFunctionBody, kInitExpression} to the
> WasmDecoder. Use it to specialize validation to function bodies/init.
> expressions.
> - Introduce a new Interface for the WasmFullDecoder for init.
> expressions.
> - Differentiate between constant and non-constant opcodes in
> WasmFullDecoder.
> - Change representation of init. expressions in WasmModule to
> WireBytesRef.
> - Reimplement EvaluateInitExpression in module-instantiate to re-decode
> initializer expressions.
> - Remove some now-invalid module decoder tests.
>
> Pending changes:
> - Also refactor initializer expressions for element segment entries.
> - Reintroduce deleted tests.
>
> Bug: v8:11895
> Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75476}
Bug: v8:11895
Change-Id: I2dface5ff28d5a2d439a65d3e5cb83135c061bb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997722
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75492}
This reverts commit 071a1acf32.
Reason for revert: Breaks on nosse: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/42795/overview
Original change's description:
> [wasm] Refactor initializer expression handling
>
> Design doc: https://bit.ly/3xPxWUe
>
> This CL introduces two main changes:
> - Initializer expressions are now decoded by WasmFullDecoder. With
> wasm-gc, initializer expressions are no longer just constants, and
> require complex decoding (including stack tracking). This resulted in
> extensive code duplication.
> - Initializer expressions are not stored explicitly by module-decoder as
> an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded
> again during module instantiation. This should reduce memory
> consumption for globals and other module elements with initializer
> expressions (which has been observed in the 40MB range in some
> real-world benchmarks.
>
> Summary of changes:
> - Add a static parameter {kFunctionBody, kInitExpression} to the
> WasmDecoder. Use it to specialize validation to function bodies/init.
> expressions.
> - Introduce a new Interface for the WasmFullDecoder for init.
> expressions.
> - Differentiate between constant and non-constant opcodes in
> WasmFullDecoder.
> - Change representation of init. expressions in WasmModule to
> WireBytesRef.
> - Reimplement EvaluateInitExpression in module-instantiate to re-decode
> initializer expressions.
> - Remove some now-invalid module decoder tests.
>
> Pending changes:
> - Also refactor initializer expressions for element segment entries.
> - Reintroduce deleted tests.
>
> Bug: v8:11895
> Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75476}
Bug: v8:11895
Change-Id: I9fcfdedad73ef21beb9632f50305b8e678a2dff6
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997582
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75484}
The {EnterFrame} and {LeaveFrame} methods will already emit a (scoped)
code comment in the form
[ EnterFrame
... instructions ...
]
Thus skip the additional code comment emitted by Liftoff.
R=ahaas@chromium.org
Bug: v8:11879
Change-Id: I488568022cb03b16f07a12c1a575d90613691758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996197
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75479}
Extern ref in Liftoff is enabled since M-90
(https://crrev.com/c/2625886), hence remove the flag to simplify the
code.
R=ahaas@chromium.org
Bug: v8:11879
Change-Id: Ie72dfbc006d6f42e2e9e83d44ff78e3c53a82614
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996195
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75478}
We currently merge i32 binary operations with a subsequent if or br_if,
and we merge i32.eqz with a subsequent br_if. The combination i32.eqz +
if was missing, even thought there is already support for that in the
"if" handler.
R=ahaas@chromium.org
Change-Id: Id4386d0c5d6dcf3605c72ea1146169d2088abe98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996196
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75477}
Design doc: https://bit.ly/3xPxWUe
This CL introduces two main changes:
- Initializer expressions are now decoded by WasmFullDecoder. With
wasm-gc, initializer expressions are no longer just constants, and
require complex decoding (including stack tracking). This resulted in
extensive code duplication.
- Initializer expressions are not stored explicitly by module-decoder as
an AST (WasmInitExpr), but rather as a WireBytesRef, and are decoded
again during module instantiation. This should reduce memory
consumption for globals and other module elements with initializer
expressions (which has been observed in the 40MB range in some
real-world benchmarks.
Summary of changes:
- Add a static parameter {kFunctionBody, kInitExpression} to the
WasmDecoder. Use it to specialize validation to function bodies/init.
expressions.
- Introduce a new Interface for the WasmFullDecoder for init.
expressions.
- Differentiate between constant and non-constant opcodes in
WasmFullDecoder.
- Change representation of init. expressions in WasmModule to
WireBytesRef.
- Reimplement EvaluateInitExpression in module-instantiate to re-decode
initializer expressions.
- Remove some now-invalid module decoder tests.
Pending changes:
- Also refactor initializer expressions for element segment entries.
- Reintroduce deleted tests.
Bug: v8:11895
Change-Id: I76512bfe1386c8338667d30fa6db93880a1e4b42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972910
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75476}
There currently is no way to enforce explicit bounds checks if the
embedder installed the signal handler for wasm trap handling (queried
via {trap_handler::IsTrapHandlerEnabled()}).
This CL adds a respective flag and makes all compilation emit explicit
bounds checks if it is disabled.
R=ahaas@chromium.org
Bug: v8:11926
Change-Id: Ie19faab1766d3105f3c22cb4470c0f15398f1d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989129
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75453}
This is a reland of edab873071
It was speculatively reverted but the issue turned out to just be slow
tests.
Original change's description:
> Fix -Wimplicit-int-float-conversions.
>
> Bug: chromium:989932
> Change-Id: Ief917b023cb079f5ff87dc8963d74f225d074d7a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989096
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Auto-Submit: Peter Kasting <pkasting@chromium.org>
> Commit-Queue: Peter Kasting <pkasting@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75413}
Bug: chromium:989932
Change-Id: Iec8ac8ee32705c6a699a2df2f292ffe07cde99f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994802
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75443}
WasmFeatures::FromIsolate() was called without a HandleScope in the
original CL. This was fixed by using the WasmFeatures from the
NativeModule instead of calling WasmFeatures::FromIsolate.
Original message:
Initializing the compilation progress first, and making it an explicit
step, allows us to share the wrapper compilation code between async
compilation and streaming compilation. In the future it will also allow
us to initialize compilation units based on the compilation progress,
which will allow us to share more code between async compilation and
deserialization.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Id2d0990e5c7fa0f266f730f7e0bfa24fe641497b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2993029
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75436}
This reverts commit 3161106e77.
Reason for revert: Breaks layout tests (missing handle scope): https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/12278/overview
Original change's description:
> [wasm] Initialize compilation progress before compilation units
>
> Initializing the compilation progress first, and making it an explicit
> step, allows us to share the wrapper compilation code between async
> compilation and streaming compilation. In the future it will also allow
> us to initialize compilation units based on the compilation progress,
> which will allow us to share more code between async compilation and
> deserialization.
>
> R=clemensb@chromium.org
>
> Bug: v8:11862
> Change-Id: If8394f3068840f759b8325ba806549dbd208f195
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2978258
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75380}
Bug: v8:11862
Change-Id: I05fa906a86ba8d3226356bcda99786a4a82e6374
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988416
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75393}
The cached memory start was not preserved across stack checks in debug
code. This only manifests if the stack check is actually executed, hence
it's tricky to reproduce.
R=ahaas@chromium.org
Bug: chromium:1222648
Change-Id: I8d678305022e3521bd457ad49ebed30d81b05231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2987824
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75388}
Add a code comment for checking the maximum number of steps, and
disambiguate the different types of breakpoints.
R=thibaudm@chromium.org
Change-Id: I9be40461554948a61e81b3f9953cfc4475e52e54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2985400
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75383}
Most Liftoff code comments are generated by the {NextInstruction}
function. That code was inside an "#ifdef DEBUG" block so far, because
previously code comments were only enabled in debug builds anyway. Now
that we have the separate v8_code_comments gn arg, they can also be
enabled in release builds.
Hence remove the "#if DEBUG" such that code comments are also output in
release mode.
This should not introduce any compile time regressions since both macros
are no-ops in official builds.
R=ahaas@chromium.org
Change-Id: I0bdd11534620072ccf0ff959c7f7d658aa75717b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2985243
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75382}
Initializing the compilation progress first, and making it an explicit
step, allows us to share the wrapper compilation code between async
compilation and streaming compilation. In the future it will also allow
us to initialize compilation units based on the compilation progress,
which will allow us to share more code between async compilation and
deserialization.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: If8394f3068840f759b8325ba806549dbd208f195
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2978258
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75380}
The code used to be only enabled in debug mode. Now that we have a
separate v8_code_comments gn arg, this is not the case any more. Hence
remove the "DEBUG_" prefix from the macro.
R=ahaas@chromium.org
Change-Id: I60215e3b07d6cb0cee5076136834e4bb5a13355b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982345
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75378}
We were just printing "Liftoff" in the compiler field, whichout a way to
tell if it's Liftoff's debugging code flavour or default Liftoff code.
This CL encodes that in the "compiler" field by selecting between
"TurboFan", "Liftoff", and "Liftoff (debug)".
R=ahaas@chromium.org
Change-Id: Ia0c004eab96c0e10e52e81c4e2863dab423124fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2985399
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75377}
This is a reland of 9701d4a420
with a small fix for some code landed in between the dry-run and
submission.
Original change's description:
> [base] Move most of src/numbers into base
>
> Moves all but conversions.*, hash-seed-inl.h and math-random.* into
> base, in preparation for moving the parts of conversions that don't
> access HeapObjects.
>
> Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
>
> Bug: v8:11917
> Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75354}
Bug: v8:11917
Change-Id: Ie1ec9032fe56646a7c7303185cecc70fce5694ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982607
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75368}
Instead, make the array-allocating builtin initialize the object.
This speeds up later stages of Turbofan graph processing, in particular
live range computation.
Bug: v8:7748
Change-Id: Iba0d682922b444b1d6151eeaee8d939821ebc980
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983457
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75367}
There is only one global wasm engine, so we do not need to store the
pointer in the NativeModule. We just use {GetWasmEngine()} instead,
which reads the global pointer.
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I66dedd571755774d96621b8d20ff23bdfef8134f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2983208
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75366}
We've seen Turbofan take excessive amounts of time for very large
functions. As a short-term mitigation, this patch disables optimization
for functions larger than 500KB (in their Wasm binary format).
Functions of such sizes are rare, so most modules should be unaffected
by this patch.
Change-Id: I9d222df5ca51b0fb5d6db7a7e9e3402f5276ff38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982608
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75364}
This reverts commit 9701d4a420.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/40802/overview
Original change's description:
> [base] Move most of src/numbers into base
>
> Moves all but conversions.*, hash-seed-inl.h and math-random.* into
> base, in preparation for moving the parts of conversions that don't
> access HeapObjects.
>
> Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
>
> Bug: v8:11917
> Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Auto-Submit: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75354}
Bug: v8:11917
Change-Id: Iacf796c95256016fa74f0a910c5bb1a86baa425a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982605
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75356}
Moves all but conversions.*, hash-seed-inl.h and math-random.* into
base, in preparation for moving the parts of conversions that don't
access HeapObjects.
Also moves uc16 and uc32 out of commons/globals.h into base/strings.h.
Bug: v8:11917
Change-Id: Ife359148bb0961a63833aff40d26331454b6afb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979595
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75354}
This is a reland of ac6546469d.
Two constants defined in {AssemblerBase} were not defined anywhere,
which is fixed now.
Original change's description:
> [wasm] Remove WasmInstructionBuffer
>
> {WasmInstructionBuffer} was basically a wrapper around {AssemblerBuffer}
> which remembered the last {AssemblerBuffer} on {Grow()}. Since the
> {Assembler} itself already keeps track of the latest {AssemblerBuffer},
> this functionality is mostly redundant. All we need instead is a method
> to retrieve the {AssemblerBuffer} from the {Assembler}.
>
> This CL thus removes {WasmInstructionBuffer} and instead adds
> {AssemblerBase::ReleaseBuffer}.
>
> R=jkummerow@chromium.org, mslekova@chromium.org
> CC=dlehmann@google.com
>
> Bug: v8:11714
> Change-Id: Id07945b67992802a6177bf09e5f5c5be08f657b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982013
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75336}
Bug: v8:11714
Change-Id: I8797de1a7a78a93aaef936e46bfd1e73ec2cc9d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982015
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75338}
This reverts commit ac6546469d.
Reason for revert: Breaks ASAN no-inline - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20ASAN%20no%20inline%20-%20release%20builder/22909/overview
Original change's description:
> [wasm] Remove WasmInstructionBuffer
>
> {WasmInstructionBuffer} was basically a wrapper around {AssemblerBuffer}
> which remembered the last {AssemblerBuffer} on {Grow()}. Since the
> {Assembler} itself already keeps track of the latest {AssemblerBuffer},
> this functionality is mostly redundant. All we need instead is a method
> to retrieve the {AssemblerBuffer} from the {Assembler}.
>
> This CL thus removes {WasmInstructionBuffer} and instead adds
> {AssemblerBase::ReleaseBuffer}.
>
> R=jkummerow@chromium.org, mslekova@chromium.org
> CC=dlehmann@google.com
>
> Bug: v8:11714
> Change-Id: Id07945b67992802a6177bf09e5f5c5be08f657b0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982013
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75336}
Bug: v8:11714
Change-Id: Iff32952f712ab2f0f9a16d91906d0135c084f4df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982014
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75337}
{WasmInstructionBuffer} was basically a wrapper around {AssemblerBuffer}
which remembered the last {AssemblerBuffer} on {Grow()}. Since the
{Assembler} itself already keeps track of the latest {AssemblerBuffer},
this functionality is mostly redundant. All we need instead is a method
to retrieve the {AssemblerBuffer} from the {Assembler}.
This CL thus removes {WasmInstructionBuffer} and instead adds
{AssemblerBase::ReleaseBuffer}.
R=jkummerow@chromium.org, mslekova@chromium.orgCC=dlehmann@google.com
Bug: v8:11714
Change-Id: Id07945b67992802a6177bf09e5f5c5be08f657b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982013
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75336}
Instrument floating-point operations to set a flag if the result is NaN.
Does not handle f32x4 and f64x2 results yet.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I1c3603e2c0c92e71bea8418e85852c01904379af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979600
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75335}
If we were unlucky and start wrapper compilation exactly after the
isolate started shutting down, we would not have an isolate info any
more in the isolate and would access a nullptr.
This CL fixes that by just returning an invalid operations barrier token
in that case.
R=ahaas@chromium.org
Bug: v8:11878
Change-Id: I6dcb28a21debb12ba812f705cd5c6387c76eda09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2982339
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75334}
Detect if Simd is enabled and if so push/pop the entire
128 bit value, if not then only push/pop the double values.
Change-Id: I45d54dcf799a685066559cc3521ef44cd884b788
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979352
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75332}
... which didn't properly handle non-Smi integer indices with
JSTypedArray receivers.
The addition of new JSReceiver::OrdinaryDefineOwnProperty() overload
with LookupIterator::Key caused circular dependency between lookup.h
and js-objects.h, so the LookupIterator::Key was moved out of the
LookupIterator class in order to make it forward-declarable.
Bug: chromium:1209405
Change-Id: I265f0c00f65ab6476c8f1d0ca1264f555d43465f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972727
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75326}
These are the changes Cobalt currently has in V8's cpu related code.
- Add missing Starboard CPU code
- Replace some V8_OS_WIN with V8_TARGET_OS_WIN, they are found when
cross-compiling for Linux platforms on Windows
Bug: v8:10927
Change-Id: Id63ae8614cbe6fe0eb53df89060c8ca2c9969ef4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2963803
Commit-Queue: John Xu <johnx@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75318}
Moves VSNPrintf, SNPrintf and StrNCpy out of utils/utils.h into
base/strings.h.
Bug: v8:11879
Change-Id: I0e165cb27c42f89c9acd1c6378514b40a90cd18d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972732
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75308}
In the first CL to introduce a histogram for deserialization time a
high-resolution counter was required to get microsecond precision.
However, with the histogram we want to detect if we need to optimize
deserialization or not. For this information high precision does not
matter, it is more important that we get information from all devices.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Id72e25ab7e5ac8217393ab6fd11416187822a158
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2978256
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75306}
StringBuilder and its base class SimpleStringBuilder aren't very safe
and are a potential source of memory leaks or double-frees.
This removes the StringBuilder class and converts all of its usages to
use the standard library.
(As a drive-by, this converts std::ostream* to std::ostream& which is
more idiomatic C++).
Bug: v8:11917
Change-Id: I0eaf9d60cf49836e65bb28f0e114b33ef8103a61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2978252
Auto-Submit: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75298}
We can get rid of this by deferring adding a new global to the module's
globals, and using the current size of globals to determine allowed
global indices.
Bug: v8:11895
Change-Id: Ide80eab2de4abdbab96a7298acf3665599c394ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972908
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75295}
- Add an expected type argument in DecodeWasmInitExprForTesting. This
eliminates the need to check for kWasmVoid in consume_init_expr.
- Invoke StartDecoding() to initialize module in
DecodeWasmInitExprForTesting.
- Pass the current module to DecodeInitExprForTesting.
- Adjust tests.
Bug: v8:11895
Change-Id: I13b71b68a2011bf08742701cb9dd986afd6e55f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972907
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75292}
This is a reland of 0f90a2aa1c.
The issue was inverted destructor order between WasmCodeManager and
WasmEngine. WasmEngine has to be destructed first, because it contains
a barrier to ensure that background compile threads finished before
global state is being destructed.
Original change's description:
> [wasm] Provide a global WasmCodeManager
>
> The WasmCodeManager was part of the WasmEngine so far, but there is only
> exactly one WasmEngine. Hence we can pull it out, and also remove the
> pointer in the WasmCodeAllocator.
>
> The argument passed from the single constructor call is now inlined in
> the constructor itself.
>
> Drive-by: Replace "GetPlatformPageAllocator()->CommitPageSize()" by just
> "CommitPageSize()".
>
> R=jkummerow@chromium.org
>
> Bug: v8:11879
> Change-Id: I6c0e74cea308f5806d1aa479945d90b6ef8d1613
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972909
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75270}
Bug: v8:11879
Change-Id: I0eaa2395f5c1e30f3f7303c5f3df70c227b74d3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2975859
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75289}
This reverts commit 0f90a2aa1c.
Reason for revert: Breaks MSAN, please see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/38941/overview
Original change's description:
> [wasm] Provide a global WasmCodeManager
>
> The WasmCodeManager was part of the WasmEngine so far, but there is only
> exactly one WasmEngine. Hence we can pull it out, and also remove the
> pointer in the WasmCodeAllocator.
>
> The argument passed from the single constructor call is now inlined in
> the constructor itself.
>
> Drive-by: Replace "GetPlatformPageAllocator()->CommitPageSize()" by just
> "CommitPageSize()".
>
> R=jkummerow@chromium.org
>
> Bug: v8:11879
> Change-Id: I6c0e74cea308f5806d1aa479945d90b6ef8d1613
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972909
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75270}
Bug: v8:11879
Change-Id: I110eec313762d73073f530aec7cf0be82c4db344
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972921
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75274}
Merges `NativeModuleModificationScope` (with an implementation using
Intel PKU, if available, and mprotect otherwise) and
`CodeSpaceWriteScope` (for Apple Silicon, where switching to RWX with
mprotect is disallowed anyway, so MAP_JIT and thread-local switching
must be used).
Because `CodeSpaceWriteScope` sounded better (and is shorter), we kept
its name (which unfortunately makes the diff a bit harder to read).
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11714
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Change-Id: Ib2a7d18e72797a725ed34b904c70769166d811dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972911
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#75272}
The WasmCodeManager was part of the WasmEngine so far, but there is only
exactly one WasmEngine. Hence we can pull it out, and also remove the
pointer in the WasmCodeAllocator.
The argument passed from the single constructor call is now inlined in
the constructor itself.
Drive-by: Replace "GetPlatformPageAllocator()->CommitPageSize()" by just
"CommitPageSize()".
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I6c0e74cea308f5806d1aa479945d90b6ef8d1613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972909
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75270}
In an effort to merge `CODE_SPACE_WRITE_SCOPE` and
`NativeModuleModificationScope`, this CL moves the interface and
implementation of the latter into code-space-access.{h,cc}, where the
former already lives. No other changes to the code itself.
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11714
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Change-Id: I1aabce26f2033430523a7a3a0a4864e7267bee21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972803
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#75267}
There is exactly one WasmEngine per process, hence we do not need to
store or pass a pointer to it. We just use {GetWasmEngine} (which just
reads a global variable) whenever we need it.
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I7e0e86e326f4cafe5a894af0ff6d35803c0340a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972725
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75266}
The WasmEngine is shared across the whole process, so there is no need
to store it in every Isolate.
Instead, we can just get it from everywhere on any thread using
{wasm::GetWasmEngine()}, which is a simple read of a global.
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I13afb8ca3d116aa14bfaec5a4bbd6d71faa9aa17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969825
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75265}
It will be used by consume_init_expr().
Bug: v8:11895
Change-Id: I577b5126a3c2cd0a6075ff9f085b4c93a8554846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972906
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75259}
When we later introduce an additional template argument to WasmDecoder,
we will have to add it here too, as well as in all places which use
MemoryAccessImmediate. It is simpler to have a helper function in
WasmDecoder to fetch the 64-bit memory status.
Bug: v8:11895
Change-Id: I08edbf4e825cd148b30b2a5c0d04a26dfbaed186
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972905
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75252}
Split interface functions into constant, non-constant, and meta
functions. This will be useful once initializer expression decoding is
implemented as an interface for WasmFullDecoder.
Additionally, add ArrayInit() interface function (currently unused).
Bug: v8:11895
Change-Id: If076fe47871868c2d754f9c72c865f0a7f9f97d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964609
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75251}
In order to avoid unnecessary conversions to CodeT and back this CL:
- makes compiler::CompileCWasmEntry() return CodeT,
- makes Execution::CallWasm() accept CodeT.
Bug: v8:11880
Change-Id: Ic4b7b5f476c6efcfca4bc116ecd45cdee9f0c6c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2971743
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75247}
The {WasmCodeManager::CanRegisterUnwindInfoForNonABICompliantCodeRange}
method does not access any information on the {WasmCodeManager} object,
hence make it static.
R=jkummerow@chromium.org
Bug: v8:11879
Change-Id: I9a06ec556825bc7709970b65f22156952fa7f191
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972726
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75246}
The adding of base:: was mostly prepared using git grep and sed:
git grep -l <pattern> | grep -v base/vector.h | \
xargs sed -i 's/\b<pattern>\b/base::<pattern>/
with lots of manual clean-ups due to the resulting
v8::internal::base::Vectors.
#includes were fixed using:
git grep -l "src/utils/vector.h" | \
axargs sed -i 's!src/utils/vector.h!src/base/vector.h!'
Bug: v8:11879
Change-Id: I3e6d622987fee4478089c40539724c19735bd625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968412
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75243}
Currently, we have two different classes for switching the WebAssembly
generated code space to writable (e.g., before patching jump tables, or
when adding or removing code): `CodeSpaceWriteScope` (with the macro
`CODE_SPACE_WRITE_SCOPE`) and `NativeModuleModificationScope`.
The former was introduced for Apple Silicon ARM64 hardware ("Apple M1"),
which uses `MAP_JIT` + `pthread_jit_write_protect_np()` to change memory
permissions. The latter uses either Intel PKU (aka. memory protection
keys) to switch permissions (fast and thread-local, like on M1), and
alternatively `mprotect()`, on systems that do not have PKU support.
Since both classes serve the same purpose just with different
implementations on different platforms, we want to merge them in
follow-up CLs. As a first step, here we align all uses of
`CODE_SPACE_WRITE_SCOPE` with existing `NativeModuleModificationScope`s.
The two had diverged due to optimization work, where we moved
`NativeModuleModificationScope`s around (pulling them out of loops and
across function boundaries) to lower the amount of mprotect switches.
This should have none, or at best a very small positive performance
impact on Apple M1, since we now also switch less often (even though
switching should be very cheap). In terms of security, this in theory
makes the code space writable for longer time spans, but this is
probably not a large effect because
(1) we often moved the scope outside of loops, where it was open for
every iteration anyway, or
(2) in some cases a CODE_SPACE_WRITE_SCOPE was open somewhere on the
call stack already.
R=jkummerow@chromium.orgCC=clemensb@chromium.org
Bug: v8:11714
Change-Id: Id8744429e1183e118ab5e078750d294a99c9dce0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2968946
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#75230}
At the moment deserialization happens synchronously on the main thread.
This is fine at the moment because deserialization is fast. However,
future refactorings may affect deserialization time, and may force us
to deserialize in the background. This CL adds a timer to monitor
deserialization time, so that we get a signal if deserialization time
regresses.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: I18b52c19106b92158cd986492926a24d0d57e6ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966389
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75218}
WebAssembly.Exception is the static representation of a wasm exception.
It holds the signature and the tag of the exception, can be imported and
exported from a wasm module, and will eventually allow inspecting a
wasm-thrown exception from JS.
R=clemensb@chromium.org
Bug: v8:8091
Change-Id: Ided352777e1217e6f873b84a2fc21c3acf59ff6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966384
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75214}
Empty function bodies can actually reach the compiler. We could prevent
this by making this a decoder error instead, but that would be a
redundant check, so we should just remove the DCHECK instead.
R=ahaas@chromium.org
Bug: chromium:1219898
Change-Id: Ie1bed30cee44be9ac42b5f5f980a122c8dc8b2ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2966385
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75191}
On a loop back edge both the cached instance and the cached memory
start have to get restored for the next loop iteration. In the original
CL we did not consider the case that by restoring the instance we may
overwrite the currently cached memory start.
Original description:
WebAssembly functions often have subsequent memory accesses, and each of
these memory accesses need the start address of the memory in a register.
With this CL the register with the memory start address is cached, so
only the first memory access has to load the memory start address into a
register, subsequent memory accesses can just reuse the register.
In first measurements with the epic benchmark this reduces the size of
the generated Liftoff code by a bit more than 5%.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: I884c0da24be8bc6b10f2c6bf5437b9a279819538
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960220
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75183}
When we pass function arguments on the stack, untagged parameters
"come first", i.e. are put to lower addresses / can be popped off
first. So when a function instructs the stack walker to visit its
parameters (belonging to its caller's frame), it must skip past
any untagged parameters at the top of the caller's frame.
Change-Id: I5a42e4850b0808237ae937c90b0cec930df8571b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964394
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75180}
In the same vein we did tagged stores, we can do tagged loads.
As a drive-by, move GetTSANRelaxedStoreStub to CodeFactory.
Bug: v8:7790, v8:11600
Change-Id: Ic1ef3245623756538eab64c3358047e3797195c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953162
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75145}
This reverts commit fd93f33824.
Reason for revert: Out of bounds errors in Unity benchmark (link is internal).
Original change's description:
> [wasm][liftoff] Cache the memory start register
>
> WebAssembly functions often have subsequent memory accesses, and each of
> these memory accesses need the start address of the memory in a register.
> With this CL the register with the memory start address is cached, so
> only the first memory access has to load the memory start address into a
> register, subsequent memory accesses can just reuse the register.
>
> In first measurements with the epic benchmark this reduces the size of
> the generated Liftoff code by a bit more than 5%.
>
> R=clemensb@chromium.org
>
> Bug: v8:11862
> Change-Id: Ic33e7e3c00a4209570821269c728187affbeadcf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947403
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75113}
Bug: v8:11862
Change-Id: I20c7e7d729cf9846499db90c02f8581d7f994ace
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960216
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75132}
Code protection scopes now work with shared code, hence the TODO can be
removed.
R=jkummerow@chromium.org
Change-Id: I925732c653f652d4576f21e82c96c1477b11ec12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959612
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75129}
M1 hardware uses the CodeSpaceWriteScope (which uses MAP_JIT under the
hood), hence all other memory protection mechanisms should be disabled
there.
Trying to protect code space allocated with MAP_JIT would fail
otherwise, resulting in a CHECK failure.
R=jkummerow@chromium.org
CC=dlehmann@chromium.org
Bug: chromium:1218782
Change-Id: I626990575c2180168c2e421a93b9f0b035382f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2959613
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75123}
This is the last CL of the code generated stores.
Bug: v8:7790, v8:11600
Change-Id: If8bbabb422027f938c7acc0bdc12a233dfed580e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950760
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75121}
If a module is not fully (baseline) compiled yet, we cannot reliably
tier it down, because we might not have the wire bytes for all functions
available (in streaming compilation). After baseline compilation
finished, we already check if we need to tier down, and do it then.
Hence we can just skip any tier-down of unfinished modules.
We cannot easily test this in V8 stand-alone, as inspector-test can only
execute one command at a time, so we cannot trigger asynchronous
compilation and then enable the debugger while this is running.
R=thibaudm@chromium.org
Change-Id: I250162a8d3c20599cacebff2f4f540ff6f8b1946
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953298
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75117}
WireBytesStorage is the class used to access the wire bytes of a
function for compilation. It is stored and passed in a shared_ptr,
because it can be updated while compilation is running, and the
compilation threads will keep the old reference alive until the last
reference is dropped.
This CL fixes a few issues where we unnecessarily passed a reference
to the shared_ptr instead of just a raw pointer, and changes one
copy-assign into a move-assign to avoid an unneeded reference increase
and decrease.
R=thibaudm@chromium.org
Bug: v8:11879
Change-Id: I18b626a7b6cde09d5b29f091bd9f49d01d408206
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953196
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75116}
WebAssembly functions often have subsequent memory accesses, and each of
these memory accesses need the start address of the memory in a register.
With this CL the register with the memory start address is cached, so
only the first memory access has to load the memory start address into a
register, subsequent memory accesses can just reuse the register.
In first measurements with the epic benchmark this reduces the size of
the generated Liftoff code by a bit more than 5%.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Ic33e7e3c00a4209570821269c728187affbeadcf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947403
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75113}
This removes/replaces header includes with the aim of shrinking the
size of the inline header cycle. Specifically before this CL, there was
a single Strongly-Connected Component comprising 60 header files from
src/objects and src/heap.
Now there are two 2 SCCs. The src/heap SCC has 6 files and depends on
the src/objects SCC, which has 50 files. Additionally some previously
implicit dependencies have been added.
Dependencies calculated using:
git grep "#include \"" *.h *.cc | sed 's/:#include "/ /;s/".*$//' | \
awk 'BEGIN {print "digraph deps {" } END {print "}"} {print "\""$1"\" -> \""$2"\""}'
SCCs found using sccmap from graphviz.
Also removes unused Cell::FromValueAddress method.
Change-Id: Ib19d00ccd14e490ee64d57be4d99b1b3686ac32a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951734
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75103}
Functions defined inside a class declarations are inline by default.
Thus remove the 'inline' annotation from all such definitions.
Drive-by: Move the 'inline' annotation of
{WasmFunctionBuilder::signature} from the definition to the declaration.
R=jkummerow@chromium.org
Bug: v8:11384
Change-Id: I18be0b7d83c2414b3237e2f834e470c613143d7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953320
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75096}
There was already a lookahead implementation in Liftoff for the case
where a comparison was followed by kExprBrIf. This CL extends this
lookahead implementation to kExprIf as well. This extension reduces the
size of the code generated by Liftoff in the Epic benchmark by 1.5%.
R=clemensb@chromium.org
Bug: v8:11873, v8:11862
Change-Id: If4428bdd64eedcdd6dc543efc3b9945cbd8be3cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953322
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75088}
Changes:
- Remove endianness transformations from WasmValue contstructors.
WasmValue will now use the system's endianness. Remove
CopyToWithSystemEndianness.
- Remove endianness transformation from global variable load/stores in:
wasm-compiler.cc, liftoff-compiler.cc, wasm-objects{.cc, -inl.h}, and
wasm-interpreter.cc
- Adjust SIMD tests that directly access part of a value by changing
which lane they access within that value. We do that by introducing
a LANE macro and use it over ReadLittleEndianValue.
Change-Id: I99e97c6eae72e9a135b184633ec266049803bb03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944437
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75085}
With the upcoming "exception handling" proposal, we have to ensure
that traps are not catchable. This patch adds missing "uncatchable"
annotations to traps in the C-API and table-related instructions.
Fixed: v8:11813
Change-Id: I7bbd5043ede58a5315bd5117eb496ed014e79e91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953160
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75082}
For Cobalt's purpose in the past, we introduced base::Memcpy to
intercept memcpy calls and replace it with SbMemoryCopy on
Starboard/Cobalt. Recently Cobalt removed SbMemoryCopy because we found
out that memcpy implementation is universal. To reduce the cost to
maintain base::Memcpy, let us remove it and revert back to raw memcpy.
Bug: v8:10927
Change-Id: I060f191f8f1aed8b78ffe4558a3743f3a2da008b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951462
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: John Xu <johnx@google.com>
Cr-Commit-Position: refs/heads/master@{#75070}
Changes:
- Implement a single function
WriteGlobalValue(const WasmGlobal&, const WasmValue&). Compute an
intermediate WasmValue when needed.
- Add WasmValue::CopyTo() to avoid reading little endian values in
WasmValue, and then transforming back to little endian.
- Add WasmValue::to_string() for tracing.
Change-Id: Ia7d9b9cddc7b8f77ae35fc588fe34c41ef444a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948664
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75047}
Loop fallthroughs should leave values according to their out-type on the
stack, even when the stack is polymorphic.
Bug: chromium:1217470
Change-Id: I0a7e0569fa24fc16fcac76569a5ba14b6c7b0a9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949090
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75043}
These can now be implemented with EvaluateInitExpression
Change-Id: I891e0ef91627eaac1af85af10748ada5f032e5c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948663
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75040}
Add a new testing tier based on Liftoff. In this tier, the Liftoff
compiler takes an address to a counter, and decrements that counter at
every instruction. When the counter reaches 0, execution aborts.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I20970e323ff19f7cb6ab6855377c678ca391421e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944440
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75022}
This is a reland of 79d63a5ef3. Some fixes
landed already, and two tests need to be skipped now (one with a tracking
bug).
Original change's description:
> [wasm] Remove all implications from --predictable
>
> In predictable mode, we want to execute the same code as otherwise,
> modulo timing. Hence remove any implications which change behaviour
> (like tier-up or asynchronous compilation).
> Note that --predictable is a debugging flag, so the configurations does
> not need to "make sense" in production.
>
> R=ahaas@chromium.org
>
> Bug: v8:11848
> Change-Id: If74fbacadeb087d977922c41f33fd18738b50ded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940898
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74973}
Bug: v8:11848
Change-Id: I3564e4351d6545bb9643d1ae44722eb2606b8961
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944936
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75009}
Changes:
- Add struct.new_with_rtt as a new WasmInitExpr. Parse it in
consume_init_expr(). Add it to
InstanceBuilder::EvaluateInitExpression().
- Change WasmInitExpr::operand_ to vector operands_.
- In consume_init_expr(), use parsed over hard-coded opcode length.
- Improve WasmStruct::WasmStructPrint slightly.
- Add Factory::NewWasmStruct().
- Add WasmValue::CopyToWithSystemEndianness.
- In wasm-module-builder.js, generalize emit_init_expr for expressions
with operands. Add missing init. expression types.
- Add tests.
Bug: v8:7748
Change-Id: Ica12378d202730aff1b57c7d4240aa00ef124f8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940893
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75006}
- Add new Builtin enum
- Move Builtins::Name:kXXX to Builtin::kXXX
- Update existing code
Follow CLs will unify the mix of using int builtin-ids and
Builtins::Name to only use the new Builtin enum and changing it to
an enum class.
Change-Id: Ib39aa45a25696acdf147f46392901b1e051deaa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905592
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74995}
A spec test (wasm-js/global/value-get-set) requires
WebAssembly.Global.value.set to throw an exception if it is called with
0 arguments. The implementation in V8, however, just checked if the
first parameter is `undefined`. This implementation indeed threw an
exception if 0 arguments were provided, but it also threw an exception
when `undefined` is provided as a parameter. This, however, violates
the spec, because globals can be reset to `undefined`.
With this CL we replace the checking for `undefined` by checking the
length of the arguments that get provided.
R=ecmziegler@chromium.org
Bug: chromium:1211342
Change-Id: Ic87a0b369dea3e49eddb8f71f2c29dc6a8f5f558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940901
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74982}
When growing a memory without a maximum, we should still check against
the spec'ed limit, to avoid an overflow when computing the new number of
pages.
R=ahaas@chromium.org
Bug: chromium:1215808
Change-Id: I476b954268277e7dce1106a9b8c3c713b0d1a560
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944433
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74980}
We currently take the sample at the moment the isolate is created. At
that point, the embedder callback for taking samples is not installed
yet. Hence delay taking the sample until the first module is created.
This will only take samples for isolates that actually use wasm, which
will reduce the overall number of samples, but will give a better
picture of PKU support for Wasm.
R=jkummerow@chromium.orgCC=dlehmann@google.com
Bug: v8:11714
Change-Id: I8a4163961c06076efd6c5dde5751682b53863c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944429
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74975}
Introduce EmitTSANStoreOOLIfNeeded methods which make it easier on the
eyes in code-generator.cc.
Also pass along the size, which lays the groundwork for the other
instructions e.g. kX64Movq since we don't require the store to be a
Tagged one. This creates new builtins (since we now have a version with
32 bits and another one for 64 bits stores). We can extract the common
code in builtins-internal-gen.cc to de-duplicate the common code.
Bug: v8:7790, v8:11600
Change-Id: I81d80b852ec96b94d170a20f6d61621743b74b32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933664
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74971}
Strict equality checking of ValueTypes only made sense before
reference types came along.
Change-Id: I632f541328cb27ae87a5e3daccd4ffb9cfc8a502
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928513
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74965}
ReadLittleEndianValue needs to be used to assure ptrs
are dereferenced correctly on BE machines.
Change-Id: I420f863de1b98d5d68688614ead4847258779c9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2941022
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74951}
So far, initializer-expression evaluation was tied to setting global
values. We now need it to operate independently of globals, so that we
can implement new constant expressions like struct.new, which need their
arguments to be computed before they can be initialized.
Changes:
- Move type computation of WasmInitExpr into WasmInitExpr::type.
- Fix WasmInitExpr::type kRttSub case for rtts without depth.
- Introduce InstanceBuilder::EvaluateInitExpression().
- Rename InstanceBuilder::GetRawGlobalPointer() ->
GetRawUntaggedGlobalPointer().
- Simplify InstanceBuilder::InitGlobals using EvaluateInitExpression().
- Introduce ValueType::is_numeric.
- Add Simd128(byte*) constructor.
- Introduce WasmValue::CopyTo() for numeric types.
Change-Id: Ic502b611f3998187abd9fc6ec377c2954c27abdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2939982
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74949}
Changes:
- Merge all immediates which read a u32_v index into IndexImmediate.
Refactor overloaded Validate(const byte*, [Type]Immediate) functions
to Validate[Type](const byte*, IndexImmediate).
- Move MemoryIndexImmediate/MemoryAccessImmediate validation into their
own Validate functions. Remove CheckHasMemory(), move its
functionality into these Validate() functions.
- Refactor MemoryInitImmediate, TableInitImmediate and
CallIndirectImmediate as composite immediates.
- Change field initializations for some Immediates to constructor
initializers. This helps us drop some useless default constructors.
- Use the correct pc in StackEffect for struct.new_default.
Bug: v8:11831
Change-Id: I878f69a33f8473dc275184995b3b7b88fe0dfc8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928498
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74948}
This instruction is a non-standard V8-only experiment for now,
hidden behind the --experimental-wasm-gc-experiments flag.
The motivation is to provide a way to set up non-canonicalized
RTT hierarchies, to enable expressing the type system of Java-like
languages in terms of WasmGC constructs.
Bug: v8:7748
Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74920}
Different platforms have different limits for growing memory, thus the
correctness fuzzer should crash instead of failing to grow. This will
make the fuzzer ignore the test case.
Instead of using the minimum of {wasm::max_mem_pages()} and the declared
maximum as the limit for growing, we can just use the declared limit.
{wasm::max_mem_pages()} will already be checked in the called methods.
All we need is a check for the --correctness-fuzzer-suppressions flag if
growing actually fails (either because of the platform-specific limit,
or because of an actual OOM).
Drive-by: unify the duplicated call to
{BackingStore::GrowWasmMemoryInPlace}.
R=ahaas@chromium.org
Bug: chromium:1213320
Change-Id: I7f219e1f93824225946d8a2136f15874c091e234
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2931815
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74917}
- Maintain the correct stack in unreachable code for all type casts.
- Compute the correct type for the pushed stack value for ref.cast.
- Check if current_code_reachable_and_ok_ instead of checking the
popped values' types against bottom.
- Add unit tests.
Bug: v8:7748
Change-Id: I02c26f526060f40884c4ff1e541315f71d8ad90a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928191
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74912}
Similar to https://crrev.com/c/2912786, this fixes a high number of
page permission switches (incuring mprotect syscall and lock contention
overhead) by pulling a {NativeModuleModificationScope} outside of a
loop (and across a function boundary).
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:11663, chromium:932033
Change-Id: I2ec47f3eeeb2ab9624d2eaea9b4e776738871c97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928504
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74906}
Port 2b77ca200c
Original Commit Message:
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ife3ae4f93b85fe1b2c76fe4b98fa408b5b51ed71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929661
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74886}
The split between "Complete" methods and "Validate" methods is subtle
and undocumented. The "Complete" methods are only used in places where
we know that the function is valid anyway: Printing wasm code and
getting stack effects of an instruction (for the interpreter). Both are
also not performance critical.
Hence this CL merges the "Complete" methods in the respective "Validate"
methods and just call the latter instead of the former.
R=jkummerow@chromium.org
Bug: v8:11831
Change-Id: Id9591c73587262c30b8c56770b090f2b0d2d45b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922118
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74882}
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11809
Change-Id: I21e2535c701041d11fa06c176fa683d82db0a3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917612
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74881}
In the Chrome DevTools Protocol, the step actions are named StepOut,
StepOver, and StepInto, but internally we used StepOut, StepNext, and
StepIn instead. This change adjusts the naming to be consistent.
Bug: chromium:901814, chromium:1162229
Change-Id: Id3502a1b0a4aadd94734ec3d1fef73c1782fa220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928510
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74877}
Various behaviour preserving changes that make it easier to switch on
callee-saved registers without having to land refactoring code at the
same time.
- Use MaybeStoreRegisters / MaybeRestoreRegisters
- Use CallRecordWriteStubSaveRegisters everywhere for now. Eventually
this will be replaced by CallRecordWriteStub in places with fixed
registers.
- Use WriteBarrierDescriptor::ComputeSavedRegisters, which for now
returns the same as allocatable_registers
Full x64 implementation: https://crrev.com/c/2922604
Bug: v8:11420
Change-Id: I04e6ac2f6333edc91cb1030a0217f59ad441a1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922250
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74876}
So far, units compiled with TurboFan were published one-by-one as soon
as they were ready, which reduces the latency until the faster code is
available. However, especially when write-protecting code with mprotect,
this yielded a lot of page protection switches, which incurs syscall and
lock contention overhead. Thus, https://crrev.com/c/2922114 already
introduced TurboFan batching when using write-protection.
During experiments, we found this could even be beneficial in the
default configuration, i.e., without write-protection enabled. This CL
changes to always do the publishing in batches. This choice should be
revisited once the tier-up strategy changes, e.g., with lazy compilation
or dynamic tier-up.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Change-Id: I0ba792c969f7e017ac57103d2bbfe9a142cf302d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928186
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74871}
This is a reland of 17915002fc with an
added fix for TurboAssembler::CallTSANRelaxedStoreStub.
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: Ibac3e6f0360d35579ee0b0dc5d698f8cdab93260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922604
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74870}
This will be thrown during array allocations if the requested size is
larger than kV8MaxWasmArrayLength.
Additional changes:
- In test-gc.cc, add the possibility to check against the trap message
in CheckHasThrown.
- Small reorganization of WasmGCTester in test-gc.cc.
Bug: v8:7748
Change-Id: I6f74b525bd7087fcc66f43c451ef130df022b0f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922247
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74867}
And add s10 to scratch_register_list. Clean up t* register used in macroassembler
Bug: v8:7703
Change-Id: Ib8477cd7528b8c2a2297da3f46659f30af45286e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914246
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74841}
This reverts commit 17915002fc.
Reason for revert: Breaks TSAN builds (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20builder/19166/overview)
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: I20f239e64ec2834acd651341634974291992add5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922316
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74832}
Calls to the record write stub are quite frequent and the caller has to
save all registers used by the builtin.
This CL moves the register saving to the builtin itself, reducing the
call-site code size significantly in many cases and thus improving
compilation speed of sparkplug.
Follow-up CLs with introduce the same behaviour to other platforms.
- CallRecordWriteStubSaveRegisters preserves the existing behaviour and
saves clobbered registers.
- CallRecordWriteStub expects the registers to match the ones specified
in the WriteBarrierDescriptor for more compact code.
Bug: v8:11420
Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74831}
With mprotect-based write protection of the WebAssembly code space,
we switch page protection flags each time (at least) one compilation
thread needs write access. Two such switches happen when TurboFan
compilation results are available in {ExecuteCompilationUnits}: One
switch happens when calling {NativeModule::AddCompiledCode} and one more
when calling {NativeModule::PublishCode} via
{SchedulePublishCompilationResults} and {PublishCompilationResults}.
So far, each TurboFan result was published eagerly, i.e., as soon as it
became available. This has the benefit that faster code is available
immediately, and had no large cost or downside without write protection.
However, with write protection switching permissions is expensive (an
mprotect syscall) and needs to lock the
{WasmCodeAllocator::allocation_mutex_} (which causes lock contention and
under Linux many futex syscalls). Thus, immediately publishing each
TurboFan result when using write protection can cause up to 10x slower
compilation compared with not using write protection. In terms of
syscalls we measured (non scientifically) with
{sudo perf stat -e 'syscalls:sys_enter*' d8 ...} on the Unity benchmark:
- mprotect: 10k vs. 44k syscalls (baseline vs. write protection)
- futex: 31k vs. 112k syscalls (baseline vs. write protection)
- sys time: 1.6s vs. 10s (baseline vs. write protection)
All of those are clearly to high.
The fix here is simply to batch togther multiple TurboFan functions into
one publishing step when using write protection. The batching logic
already exists for Liftoff, so we can just disable eager publishing for
TurboFan when using write protection. Additionally, we publish once when
all Liftoff results are available (even if the batch is not complete),
such that time-to-execute is not regressed.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Bug: v8:11663, chromium:932033
Change-Id: Ibf6f28ecf4733b40322e62761e66046dec60a125
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922114
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74829}
This adds detection for constant memory indexes which can statically be
proven to be in-bounds (because the effective offset is within the
minimum memory size). In these cases, we can skip the bounds check and
the out-of-line code for the trap-handler.
This often saves 1-2% of code size.
R=ahaas@chromium.org
Bug: v8:11802
Change-Id: I0ee094e6f1f5d132af1d6a8a7c539a4af6c3cb5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919827
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74825}
Changes:
- Add --experimental-wasm-gc-experiments flag.
- Add array.copy opcode. Implement it in decoding and code generation
behind the new flag.
- Add WasmCodeBuilder::BoundsCheckArrayCopy. Move BoundsCheckArray to
the private section.
- Add WasmArrayCopy and WasmArrayCopyWithChecks builtin.
- Add WasmArrayCopy runtime function.
- Add WasmArray::ElementSlot.
- Always print two hex digits in CHECK_PROTOTYPE_OPCODE.
- In test-gc, print the thrown-error message if the function should not
throw.
- In test-gc, add GetResultObject with one argument.
Bug: v8:7748
Change-Id: I58f4d37e254154596cdef5e78482b55260dd3782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912729
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74806}
This is a reland of 916eb86952
Change compared to original:
Remove ternary operator from lambda, as this triggers a gcc bug.
Original change's description:
> Reland "[wasm][bug] Fix a couple of bugs in validation of unreachable code"
>
> This is a reland of 4a037f871e
>
> Changes compared to original change: None. This seems not to create
> problems after all.
>
> Original change's description:
> > [wasm][bug] Fix a couple of bugs in validation of unreachable code
> >
> > Changes:
> > - SetBlockType now instantiates the block's start merge with values of
> > the correct type in unreachable code.
> > - EnsureStackArguments now keeps the existing stack values and moves
> > them over the new bottom values.
> > - Drop stack size validation in Drop().
> > - Add new tests in unreachable-validation.js.
> >
> > Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74650}
>
> Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74677}
Bug: v8:11819
Change-Id: I9b8d915547ec9aee7cb5233937089d431db54c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919833
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74797}
The new functionality is hidden behind the --wasm-gc-js-interop flag.
Bug: v8:11804
Change-Id: I9dd779efe3dbf3c773948b6fd8872e3aea8cd7a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912784
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74790}
Inline the SaveFPMode flag directly into the TSANRelaxedStore stubs:
- Saves one register for input arguments
- Avoid branches in the TSANRelaxedStore stubs
Bug: v8:7790, v8:11600
Change-Id: Ib1083f8c1a7e856028ff606ba8c2a93efb10db69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917037
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74781}
This reverts commit 916eb86952.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20gcc/11805/overview
Original change's description:
> Reland "[wasm][bug] Fix a couple of bugs in validation of unreachable code"
>
> This is a reland of 4a037f871e
>
> Changes compared to original change: None. This seems not to create
> problems after all.
>
> Original change's description:
> > [wasm][bug] Fix a couple of bugs in validation of unreachable code
> >
> > Changes:
> > - SetBlockType now instantiates the block's start merge with values of
> > the correct type in unreachable code.
> > - EnsureStackArguments now keeps the existing stack values and moves
> > them over the new bottom values.
> > - Drop stack size validation in Drop().
> > - Add new tests in unreachable-validation.js.
> >
> > Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74650}
>
> Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74677}
Tbr: manoskouk@chromium.org
Change-Id: Ia24aa453735464bdd3aafca4617beabb0cbf8823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917601
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74771}
Implementation copied from d8. Gated behind a build-time flag.
Can be useful for debugging issues.
Change-Id: I444d625242b1fb8fe9139472a06cb1a90269401a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2906233
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74767}
For mprotect-based write protection of WebAssembly code memory, we open
{NativeModuleModificationScope}s each time a thread needs write-access
to the code space. While fine-grained switching is good for security
(the permission should only be granted for as short as possible,
especially since it is process-wide), this can degrade performance
considerably for two reasons (we measured up to 10x slower Liftoff
compilation time cf. having no write protection):
1. Switching permissions with mprotect() (and likely with similar
functions on non-POSIX platforms) is just inherently expensive due to
the syscall, modifying page tables, and potentially subsequent TLB
flushes. For a simple benchmark (compiling Unity with --liftoff-only)
--wasm-write-protect-code-memory increases the number of mprotect
syscalls from ~2.6-2.8k to 6-8k (!).
2. Modifying the permissions in {SetWritable()} is synchronized
across threads via the {NativeModule::allocator_mutex_}. With many fine-
grained permission switching requests, lock contention on this mutex
incurs a very high number of futex syscalls (measured on Linux only,
but the problem is likely a general one). For the same simple benchmark
as above (compiling Unity), --wasm-write-protect-code-memory increases
the number of futex syscalls from ~1k to 20-40k (!).
Both problems are fixed in the CL here, following this simple recipe
(in case we get more of these issues in the future):
1. Identify the hot syscall either via sampling-based profiling with
`sudo perf record -g -F10000 d8 ...` (needs sudo for kernel stacks) and
then looking into the record or a flamegraph, or with event-based
profiling with `sudo perf stat -g -e 'syscalls:sys_enter*' d8 ...`.
In particular, if {NativeModuleModificationScope}s are repeatedly
opened (behind a function) in a loop, this can be a problem.
2. Add a scope object outside of the loop, potentially to a function
upwards in the call hierarchy of the hot loop/function.
3. Remove the scope object in the innermost function/hot loop.
4. Check all callers of the hot function (which now no longer has a
scope object), whether additional scopes need to be added there for
correctness.
The following two offenders were especially visible in the profile:
- Most of the mprotect calls were coming from {PatchJumpTablesLocked}.
Pulled the scope object up into {PublishCode}.
- Most of the lock contention was caused by {AddCodeWithCodeSpace}.
There already was a scope object up the call chain in {AddCompiledCode}.
- Fixed scope inside the loop in {FreeCode} for good measure as well.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:11663, chromium:932033
Change-Id: I89e4a1f0998f06e4d4b5e360e0bf81836d4240f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912786
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74763}
This is a reland of 50cbeca9ac
Relanding as-is, only rebase-related changes. Reason for reland: was
speculatively reverted.
Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}
Bug: v8:7790, v8:11600
Change-Id: Ide78ca82f38ee84bb7d24f5da2b4e8a8bd26621a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914877
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74751}
This is a first step towards supporting unwrapped WasmObject objects on
JavaScript side.
In addition this CL
1) introduces Representation::WasmValue which is used for all WasmObject
fields exposed to JavaScript side.
2) adds creation of meaningful DescriptorArrays for WasmObject's Maps.
Bug: v8:11804
Change-Id: I4afcd39da5cb77b659943da54a2ca34d13bcc9bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912776
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74744}
There are two different limits for the maximum memory size in
WebAssembly:
1) A 4GB limit which is the same on all platforms, and is observable for
JS programs. It is used to limit the allowed declared maximum size of a
wasm memory.
2) A potentially lower limit (2GB on 32-bit systems, 4GB otherwise)
which can be further limited using a command-line flag. This limit is
used whenever actually allocating or growing a wasm memory. This limit
is not directly observable, but we make sure that no wasm memory will
ever be bigger than this limit.
The second limit is the one we should check against when allocating or
growing memory, while the first limit should be used when validating
a module (or the parameters for WebAssembly.Memory). The compiler can
rely on no memory being bigger than the second limit, which again is
never bigger than the first limit.
This CL adds some more documentation to the two limits, and cleans up
all usages.
This also makes {kPlatformMaxPages} and {kMaxMemoryPagesAtRuntime}
obsolete.
R=jkummerow@chromium.org
Bug: chromium:1207263
Change-Id: I43541aafd3f497d1c368bd9400e9bc667bdfd3d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910787
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74742}
With this CL it is not possible anymore to initialize a func ref table
with extern ref ref.null.
R=manoskouk@chromium.org
Change-Id: If6023da6fc21844dd813cc6191f2a4ca595f8b00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912577
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74727}
... and use the generated WasmObject instance type range for data refs
checks.
Bug: v8:11804
Change-Id: I855ff76404ff7e3ca919dabec238d35cb39c0baf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910784
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74713}
Additional changes:
- Clean up liftoff implementation of br_on_*.
- Bundle operations everywhere based on operation rather than type.
- Remove reference argument from WASM_BR_ON_* macros, to bring them in
sync with WASM_BR_ON_CAST.
- Add missing function decoding unittests for br_on_*.
Bug: v8:7748
Change-Id: I5f5ebfac5b50b5a9a201acb435344d7471326242
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909857
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74709}
This is a reland of 8f39a58586
Changes compared to original:
Change the type of arguments of WASM_I32V from byte to int for MSVC
compatibility.
Original change's description:
> [wasm-gc] Implement br_on_cast_fail
>
> Bug: v8:7748
> Change-Id: I7894ad51ccf8ac41a5081c272a583a4ff25c1835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900225
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74652}
Bug: v8:7748
Change-Id: I39f39ff6979382f5618683a8e7754f56df4ec9e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905599
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74689}
gcc may throw the following compilation error if UNREACHABLE
is used within a constexpr function:
```
error: call to non-'constexpr' function
'void V8_Fatal(const char*, ...)'
```
Bug: v8:11420
Change-Id: I7f8237d00ba1a5d9bd778d45eb833b89cbe8eb24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2906032
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74688}
We used to recompile WasmCapiCallWrappers whenever they were
needed, but never garbage-collected them, which caused a memory
leak when many short-lived instances of the same module were
created. This patch makes the wrappers cacheable and caches them,
which avoids both repeated compilation effort and the unbounded
memory growth.
Drive-by cleanup: unify WasmCapiFunctionData with the other
Wasm*FunctionData classes by making it inherit from WasmFunctionData.
Bug: v8:11774
Change-Id: Ia0c0d76be2938dc7bebfdc845f4a1cfeafef4a70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905605
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74682}
When adding new instances to the WeakArrayList of a script's
instances, use Append() instead of AddToEnd() to allow possible
compaction of the WAL.
Also, check for interrupt requests every now and then, which
allows incremental marking to get finalized when appropriate.
Bug: v8:11774
Change-Id: I8be959a78d8ef370f65e8f9849f48e34c9691a13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905603
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74681}
This is a reland of 4a037f871e
Changes compared to original change: None. This seems not to create
problems after all.
Original change's description:
> [wasm][bug] Fix a couple of bugs in validation of unreachable code
>
> Changes:
> - SetBlockType now instantiates the block's start merge with values of
> the correct type in unreachable code.
> - EnsureStackArguments now keeps the existing stack values and moves
> them over the new bottom values.
> - Drop stack size validation in Drop().
> - Add new tests in unreachable-validation.js.
>
> Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74650}
Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74677}
If fuzzers pass a low --wasm-max-initial-code-space-reservation limit,
we might run into a DCHECK/CHECK failure because the "overhead" per code
space (for jump tables) is more than half of the reserved code space
(DCHECK) or actually bigger than the reserved code space (CHECK).
This CL fixes that by explicitly failing with an OOM message in that
case. This should only happen if that testing flag is set.
I do have a test case for this (reduced from the ClusterFuzz report) but
it needs >20000 functions (to make the jump tables big enough to fail
the checks), so it runs really slow (>90 seconds in debug).
Since the failure only happens with a testing flag, I think it's
acceptable to fix this without a regression test.
R=ahaas@chromium.org
Bug: chromium:1208259
Change-Id: I99e56a533efcdfa51d99eb5f64edead490398b3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904206
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74666}
Inline the RememberedSetAction and SaveFPMode flags directly into the
RecordWrite stubs:
- Save two register for input arguments
- Avoid branches in the RecordWrite stubs
We end up with 2 stubs for the EphemeronKeyBarrier and 4 stubs for
RecordWrite. Due to more inlined calls we have roughly 1KiB more
builtins code for RecordWrite currently. We will address this in the
future by splitting out common code into a separate stub. There is
no additional code size overhead for EphemeronKeyBarrier.
This saves 4 to 8 bytes on x64 per RecordWrite call and 2.5% sparkplug
code size reduction on d3.min.js.
Bug: v8:11420
Change-Id: Ib7170265dd6dd4b3aaf8275083f096e76fae8251
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902731
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74661}
Recent changes in wasm-module-builder.js were not translated to the
fuzzer JS output. After this CL, the fuzzer should generate .js files
that output back the fuzzed module.
Change-Id: I8bc33ab7f4f838a519c7aa47e425d8ac65b88d45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2904217
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74659}
This reverts commit 4a037f871e.
Reason for revert: Bot failures, including MSVC compilation.
Original change's description:
> [wasm][bug] Fix a couple of bugs in validation of unreachable code
>
> Changes:
> - SetBlockType now instantiates the block's start merge with values of
> the correct type in unreachable code.
> - EnsureStackArguments now keeps the existing stack values and moves
> them over the new bottom values.
> - Drop stack size validation in Drop().
> - Add new tests in unreachable-validation.js.
>
> Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74650}
Change-Id: Icb16af9a8ed16e593fe345ab727b992d9c9b1500
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905597
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74657}
Changes:
- SetBlockType now instantiates the block's start merge with values of
the correct type in unreachable code.
- EnsureStackArguments now keeps the existing stack values and moves
them over the new bottom values.
- Drop stack size validation in Drop().
- Add new tests in unreachable-validation.js.
Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74650}
We used to verify its index as if it was a function index.
Bug: chromium:1210447
Change-Id: I5e015b1b11b22b6b7e7e13dac4945f8eb6f3d846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903153
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74649}
This was only relevant for the br_on_exn instruction, which doesn't
exist anymore.
R=clemensb@chromium.org
Change-Id: I03f85a316a8265ad1c5e1c15862d7ae98b784977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902734
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74641}
This reverts commit 50cbeca9ac.
Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/3824/overview
Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}
Bug: v8:7790
Bug: v8:11600
Change-Id: I3a4c57a29346fe6c84ec11404d8ff64cfac51a70
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902926
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74622}
Continuing the cleanups and using the tags rather than synchronized_
in the name of the accessors.
`map_word` (and its setter) can also be marked explicitly as relaxed to
show that they are atomic accessors.
Bug: v8:7790
Change-Id: I0725054ef37022c777f47660cb11cf839bb7f273
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897094
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74605}
Instead of calling the C function directly from codegen, we call a
builtin that calls the C function. This is done to encapsulate the
push/pop registers in the code in the builtin.
Bug: v8:7790, v8:11600
Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74599}
This is to make space for new instructions, such as br_on_non_null.
Change-Id: Id631478a1c0da2c20efe81aabe755d5fda841dba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897086
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74570}
