Off-heap-safety slightly differs from isolate-independence in that it
allows external references and checks instruction-size constraints.
This adds the new predicate as well as a cctest verifying it. New
DCHECKs are introduced to document assumptions and upcoming work.
Note that this breaks the --stress-off-heap-code flag. Fixes will
follow in upcoming CLs.
Bug: v8:6666
Change-Id: If4f3e0f4428bacc8d293cd864b9b07b81679c423
Reviewed-on: https://chromium-review.googlesource.com/934183
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51513}
This is the follow-up CL to
https://chromium-review.googlesource.com/#/c/v8/v8/+/931122.
Now that HeapConstants can be loaded through the builtins constants
table, the extra CallStub and CallRuntime has become unnecessary.
Bug: v8:6666
Change-Id: I02bb7805ac37bed6fe27fdd0689ac22ad7de034b
Reviewed-on: https://chromium-review.googlesource.com/931123
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51512}
Convert all context, receiver and argc Node*s to their appropriate TNode
type.
Bug: v8:7310
Change-Id: Ic6bf22ffb22199d390731d424b7395c47a8f19cf
Reviewed-on: https://chromium-review.googlesource.com/934442
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51511}
E.g. SubString and StringAdd.
Bug: v8:7310
Change-Id: I352044f88fe79c5b576c5423d6feae3bcb7d725a
Reviewed-on: https://chromium-review.googlesource.com/934284
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51504}
Regular construct stubs eventually call InvokeFunction, which does
performs debug hook checking. For builtins such as Object, Array, etc.
this approach does not work since they have specialized construct stubs
that do not check for the debug hook.
R=bmeurer@chromium.org
Bug: v8:178
Change-Id: I3e1f5d2dae1c7a6220b7236bd6ea71d83a65171f
Reviewed-on: https://chromium-review.googlesource.com/931702
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51503}
This reverts commit f64a87c45a.
Revert "[v8] Even finer grain trace events for EVACUATE_COPY step."
This reverts commit 2c1b6d383e.
Traces have been gathered by the bots. I'm still analyzing the results
but let's revert these for now to soothe the poor bots which are
running with v8.gc tracing enabled and regressing like crazy
because of this crbug.com/814800.
R=hpayer@chromium.org
Bug: chromium:814800, chromium:813824
Change-Id: If97c1ff5d14de18414c3b8d65ecb3aaf4f1bb32d
Reviewed-on: https://chromium-review.googlesource.com/934131
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51502}
Instead of limiting the number of used spill slots and bailing out if
the limit is exceeded, we now store the number of spill slots used and
patch the stack frame size after generating all code.
This removes a lot of checks and bailouts.
Drive-by: Fix a bug with spilling f64 caller frame slots which was
uncovered by the additional test coverage after this CL.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I25d856f99451642cc15239c0461402e51487d0a1
Reviewed-on: https://chromium-review.googlesource.com/929162
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51500}
During builtins generation, parts of the builtins table may be filled
with placeholder code objects.
This CL ensures that such placeholders are replaced by the real
builtin object during finalization of the builtins constants table.
Bug: v8:6666
Change-Id: I3a2635b29b37690fd7e950b9f38d500704671afb
Reviewed-on: https://chromium-review.googlesource.com/934241
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51498}
Also a small drive-by cleanup to ToSmiLength to make the two functions
more consistent.
Bug: v8:7310
Change-Id: Ied01b72c2d30445eebac2bdab33d96e2df994274
Reviewed-on: https://chromium-review.googlesource.com/931545
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51497}
Moves the decision whether to embed the constant or perform a lookup
through the builtins constants table to
CodeAssembler::UntypedHeapConstant.
Root constants continue to be embedded (and are later turned into
loads through root-register by the backend); non-root constants are
added to the constants table at generation-time and loaded from there
at runtime.
This allows us to remove the recently added boilerplate around
CallStub and CallRuntime in a follow-up.
Bug: v8:6666
Change-Id: Id981088e4b9d665c678acc9718383179f681f063
Reviewed-on: https://chromium-review.googlesource.com/931122
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51495}
and use it more often.
Bug: v8:7310
Change-Id: I7773f35415a0bb529cdaac380c9068f4ed5010ae
Reviewed-on: https://chromium-review.googlesource.com/930236
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51493}
Originally reviewed at https://chromium-review.googlesource.com/929429
and landed as r51486 / d50c7731e8.
Update in reland: whitelisted new builtins as side effect free.
Bug: v8:6791
Change-Id: Iff45700c8a4eca23f3ee6fc9c0cb340dc027cbc6
Reviewed-on: https://chromium-review.googlesource.com/932802
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51491}
Without --harmony-function-tostring, anything other than a JSFunction
or JSBoundFunction throw when Function.prototype.toString is called on
them. But with the toString revision, anything callable allows toString
(and for non-Functions returns the good old "function () { [native code] }"
string).
Bug: v8:7484
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I3540e213a40992151761b59666fe36e0510da908
Reviewed-on: https://chromium-review.googlesource.com/932825
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51489}
When calling a function through a function table, check whether the
instance of the called function differs from the current instance, and
in that case call the other function via a c-wasm-entry instead of
interpreting it.
The c-wasm-entry needs to pass the wasm context, so this CL changes
this to receive the wasm context as parameter instead of embedding the
context of the calling instance.
R=titzer@chromium.org
Bug: chromium:814562, v8:7400
Change-Id: Iea93f270542169f8aac4f8c81aacec559c716368
Reviewed-on: https://chromium-review.googlesource.com/930966
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51485}
Creates a macro that in debug builds generates case statements for
unused bytes codes (marked UNREACHABLE). This will catch the case where
a byte code declared to be unused is actually used. Should be easier to
maintain than the existing comments.
Change-Id: I0b5d830be88b7ef747975657283c1b1e98182360
Reviewed-on: https://chromium-review.googlesource.com/928650
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51482}
This migrates harness adjustments, to be loaded after mjsunit.js on
fuzzers for correctness fuzzing.
This is the first step adding deeper pretty printing. Other
adjustments will be added in follow ups.
Bug: chromium:813833
Change-Id: I51168a31e733d54808cb8853a1c90e897acf3791
Reviewed-on: https://chromium-review.googlesource.com/930565
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51481}
We'll soon also host other configurations for general fuzzing, not only
correctness fuzzing in the new tools/clusterfuzz folder.
TBR=yangguo@chromium.org
Bug: chromium:813833
Change-Id: Icd966bfec91cc547522bad5d1a842500b554754f
Reviewed-on: https://chromium-review.googlesource.com/930331
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51480}
This reverts commit eac4b59fd9.
Reason for revert:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/21829
See:
https://github.com/v8/v8/wiki/Blink-layout-tests
Original change's description:
> [Compiler] Use CompilationCache for StreamedScript compilation.
>
> Previously GetSharedFunctionInfoForStreamedScript didn't either check the
> compilation cache or put the result of compilation into the compilation
> cache. This would mean future compiles would need to re-parse / compile
> the same script even if the isolate had already seen it. This CL
> fixes this.
>
> BUG=v8:5203
>
> Change-Id: I421627b80848feb9884e2440c4ee66556e05b3c9
> Reviewed-on: https://chromium-review.googlesource.com/924285
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51469}
TBR=rmcilroy@chromium.org,mythria@chromium.org
Change-Id: Id822b55bd162b74f098160a11e6a3bda6924c1e4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:5203
Reviewed-on: https://chromium-review.googlesource.com/931821
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51477}
AddCode and AddOwnedCode (from NativeModule), as well as the WasmCode
constructor are using a default value (false) for determining whether
the code is liftoff-compiled or not. This CL removes the default
value and requires each call to these functions/constructors to explicitly
set the value.
Change-Id: Icd4187d1710c774826c9134078ec65845bc98dd7
Reviewed-on: https://chromium-review.googlesource.com/928921
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51475}
This is preparatory cleanup work for eventually tracking the functions
(rather than concrete closures) in the CALL_IC, also for builtins like
the default PromiseCapability [[Resolve]] and [[Reject]] functions. It
adds a new FeedbackCell type, which is used by JSFunctions consistently
now to reference the feedback vector (or undefined if not the function
is not compiled yet or is a native/asm.js function).
This also changes the calling convention for FastNewClosure builtin and
the JSCreateClosure operator in TurboFan to carry the FeedbackCell here
instead of the parent FeedbackVector and the slot index. In addition we
eliminate the now unused %InterpreterNewClosure runtime function.
Bug: v8:2206, v8:7253, v8:7310
Change-Id: Ib4ce456e276e0273e57c163dcdd0b33abf863656
Reviewed-on: https://chromium-review.googlesource.com/928403
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51474}
This is an unfortunate restriction imposed by Worklist::kMaxNumTasks
for now.
This CL unbreaks tests for developers. The CQ didn't catch this breakage
because bots have 8 cores and concurrent marking uses num_cores-1.
R=hpayer@chromium.org
TEST=All tests passed on dev machine (was super broken without this change)
NOTRY=True (to unbreak devs)
Bug: v8:7477,chromium:812178
Change-Id: I644613857c74d1ae00965f3e6d1d7692a4303062
Reviewed-on: https://chromium-review.googlesource.com/931461
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51473}
This avoids generation of duplicate strings. Especially debug builds
suffer from this and generate 16000+ strings, mostly for CSA_ASSERT
and CAST statements. Deduplicating these trims that down to roughly
1000 strings.
Release builds are affected at a smaller scale. There, we have roughly
100 duplicate strings in the snapshot.
Bug: v8:6666
Change-Id: I688d3b97431b8cea1e98983eab5f07278dae91a0
Reviewed-on: https://chromium-review.googlesource.com/931041
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51472}
Perf-sheriffs please revert if this causes any performance regressions.
BUG=
Change-Id: I39075482f3c85d69407d6d8e5643d94c1a4425c2
Reviewed-on: https://chromium-review.googlesource.com/461117
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51470}
Previously GetSharedFunctionInfoForStreamedScript didn't either check the
compilation cache or put the result of compilation into the compilation
cache. This would mean future compiles would need to re-parse / compile
the same script even if the isolate had already seen it. This CL
fixes this.
BUG=v8:5203
Change-Id: I421627b80848feb9884e2440c4ee66556e05b3c9
Reviewed-on: https://chromium-review.googlesource.com/924285
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51469}
This patch adds EmbedderGraph::Node::NamePrefix method that will be used
by Chrome for detached DOM nodes.
Bug: chromium:811925
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I89d3b88a3b90ed85addb1d34f08dd15e0559aa9a
Reviewed-on: https://chromium-review.googlesource.com/926362
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51464}