This is a reland of a865d16bc2
Changes:
- Make the next ID atomic
- Leave more space for runtime calls in debug mode
Original change's description:
> [wasm] Resume suspender on resolved promise
>
> Implement the WasmResume builtin, which resumes a wasm suspender
> when the corresponding JS promise resolves.
>
> Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
> Drive-by 2: Add a stack ID for better tracing.
>
> R=ahaas@chromium.org
> CC=fgm@chromium.org
>
> Bug: v8:12191
> Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78842}
Bug: v8:12191
Change-Id: I3c231690b27be79a0c00e13043342bb4a3628886
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427203
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78890}
Port 276355cb9d
Original Commit Message:
The 32-bit value is zero-extended to pointer size, which is a no-op on
32-bit systems. The operation changes nothing about the signedness of
the value, so the old name was a bit misleading.
We also provide one unified no-op implementation for all 32-bit systems.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ica443175725f12e44e69ad22e5fe347c56ea6c13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429208
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78889}
We often allocate many of them (six digit numbers), and allocating them
in new space causes a lot of GCs.
This CL makes table initialization more than 30% faster for Photoshop,
which again makes each Wasm instantiation ~20% faster.
R=manoskouk@chromium.org
Bug: v8:12593
Change-Id: Ia913079b6412fa718b55c62681ba23751f3934e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429204
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78888}
Previously, when accessing SandboxedPointer fields with the sandbox
disabled, we would always do a ReadUnalignedValue/WriteUnalignedValue.
However, that is only necessary when pointer compression is enabled.
Otherwise, the field will be properly aligned.
This CL also factors out the logic to determine when to use an unaligned
or aligned read/write for a field into two new helper functions.
Bug: chromium:1292669
Change-Id: I2c1af187c5b2699101c3fee9cc551be788d3a845
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429200
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78887}
- Adds a GN flag to enable the feature
- Adds facets to manifest used by d8/unittests
- Adds some DCHECKS
- Uses zx_handle_t type to avoid global initialization/destructor
Bug: v8:11232
Change-Id: Ibd7766abefbf8c213393cf6365c34f9ff4e6ed7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420828
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78886}
This explicitly passes along the break reason when requesting a pause
that is handled via an interrupt. Pushing the break reason is not
enough (as done before), as the reason may be used and consumed on
another pause call that triggers a setPauseOnNextCall.
Fixed: chromium:1292519
Change-Id: If8635c9397a7b9a1e6757be8048c9edc613c27f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427208
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78885}
The ctors dispatch between atomic and non-atomic writes; there's no
need for a default initializer.
Bug: chromium:1292728
Change-Id: I2b4c3341ee2d2682ba0113c8366456147ebc717e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429201
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78884}
This is the 2. CL in a series of CollectGarbage refactoring CLs.
It moves two kinds of callbacks to the epilogue of CollectGarbage:
- Weak second pass phantom callbacks
- GCEpilogueCallbacks
As the prologue callbacks have also been moved outside the GC cycle,
with this CL the need for nesting tracers is eliminated. DCHECKs are
put in place to ensure this.
Bug: v8:12503
Change-Id: I0bc2c0fa0de1b0ffc32b5c648a612c0b3e0e1f3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427199
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78883}
The 32-bit value is zero-extended to pointer size, which is a no-op on
32-bit systems. The operation changes nothing about the signedness of
the value, so the old name was a bit misleading.
We also provide one unified no-op implementation for all 32-bit systems.
R=thibaudm@chromium.org
Bug: v8:10949, chromium:1281995
Change-Id: Id04641fe793155ea98bf878b6789e4afce3da7df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424493
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78881}
- This enables a hash table for local names in ScopeInfo.
- Drive by fix iterating local names in FinalizeReparsedClassScope
Bug: v8:12315
Change-Id: I02c22bfdc4f1d91f19f368885fca24b2a577d26e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422632
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78876}
If PKU is used, we just called {pkey_mprotect} and called it a day,
whereas {PageAllocator::SetPermissions} also discards the system pages
when switching to {kNoAccess} (both in {OS::SetPermissions}, which is
used by the default platform, as well as the GIN platform used in
Chrome).
In order to avoid memory regressions when using PKU, this CL changes the
PKU implementation to behave like the POSIX {OS::SetPermissions}
function and also discard system pages when removing all access.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I35f9c436925c1500e5884db1caf620c975586f7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424496
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78874}
This guarantees that they are smaller than the maximum external pointer
table index when shifted to the right on load.
Bug: v8:10391
Change-Id: I601f37fbb9640ee4b5215958afcc474c5e0eb9af
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359631
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78873}
We might have to wait for background tasks to complete (e.g. when
awaiting ax WebAssembly.instantiate) and not just other promises.
Bug: v8:12568
Change-Id: Ibf99074d7a3c924b77b7959006087a05d39ffd3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423777
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78871}
We temporarily disable fuzzing for wasm-gc until we update the fuzzer
to the isorecursive hybrid type system.
Bug: chromium:1291959
Change-Id: I2238c37bc49cbac2bf1c4085815a2283db982ab3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423782
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78869}
For backwards compatibility, we do not impose this restriction on
nominal modules.
Bug: v8:7748
Change-Id: I42c4dc824fc9824280527522b05fa3bf68c8929b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422638
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78868}
{NativeModuleSerializer::WriteCode} does always return {true}, hence
remove the return value to avoid dead code in callers.
R=ahaas@chromium.org
Bug: v8:12425
Change-Id: I3c07829f327fc039b3baffdec3f9f6637adc2861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425357
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78866}
Previously we'd predict exceptions thrown in [[Reject]] handlers as
always caught (by PromiseRejectReactionJob), but that's not what is
actually specified in ECMAScript. The PromiseRejectReactionJob will turn
any exception thrown into a promise rejection just like we do in the
case of PromiseFulfillReactionJob, and so the catch prediction should
match that behavior.
Fixed: chromium:1290861
Change-Id: Id992708b009666da7c6bf1b6e3cf30752ca0a227
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423775
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78864}
This reverts commit 7ddacd681b.
Reason for revert: GC Stress failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/40615/overview
Original change's description:
> [web snapshot] Dehandlify more parts of the deserializer
>
> - Use Heap::AddGCEpilogueCallback to update often accessed FixedArrays
> in the WebSnapshotDeserializer.
> - ReadValue returns now a raw value to avoid handle creation in more
> cases
> - Drop representation support for now in ReadValue
> - Avoid a few more handles when setting up objects
>
> Bug v8:11525
>
> Change-Id: I6955b56887834bc655bdaa9c390016d9a17db82d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416242
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78862}
Change-Id: I44385ac118707ec60aa8c76e219b387bc3ba322e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423781
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78863}
- Use Heap::AddGCEpilogueCallback to update often accessed FixedArrays
in the WebSnapshotDeserializer.
- ReadValue returns now a raw value to avoid handle creation in more
cases
- Drop representation support for now in ReadValue
- Avoid a few more handles when setting up objects
Bug v8:11525
Change-Id: I6955b56887834bc655bdaa9c390016d9a17db82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416242
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78862}
This reverts commit 7f26cbd291.
Reason for revert: Issue 1292333: DCHECK failure in op->IsStackSlot() || op->IsFPStackSlot() in code-generator-x64.cc
Original change's description:
> [fastcall] Add Wasm entry for Fast API calls
>
> Allow Wasm to generate calls directly to Fast API C functions.
> This massively reduces the overhead of these calls (~300%).
> Currently options parameter is not supported.
>
> This is a reland of
> https://chromium-review.googlesource.com/c/v8/v8/+/3364356
> with a fix to a data race.
>
> Bug: chromium:1052746
> Change-Id: I8c1c255419496d03a94ec2b443329842469586d5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3398394
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#78714}
Bug: chromium:1052746
Change-Id: Ieb3f6f836bd604b0e4c5801f082997831eb7ac26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3426610
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78861}
Since inheritance depth of every type is known in the isorecursive
hybrid type system, rtts with depth are removed. This enables
simplification of type checks in Liftoff and Turbofan, as well as
decoding of object allocation instructions.
Bug: v8:7748
Change-Id: I6b52579b584191d92644de1c6e805d9f054641d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422626
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78860}
Those versions are broken, and sporadically reset the PKRU register on
context switches (observed on ChromeOS only). This was fixed by this
patch:
https://lore.kernel.org/all/20210623121456.399107624@linutronix.de/
Thus we detect the running kernel version (once per process), and
disable PKU if we detect a potentially broken kernel version.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: Ib5158b4cf51d5c2811678b1b7dcc1494bc0ff46a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417440
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78857}
They're failing due to Inf/NaN differences after the latest clang roll,
skipping for now to keep the tree green. A follow-up CL will likely want
to broaden the expectations for these tests to allow both Inf & NaN in
certain cases.
Bug: v8:12588
Change-Id: I8055b67077fc67cc65246a89a4b4949d8838829e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425660
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78855}
This is a reland #3. The fixes were landed separately.
Perf Sheriffs: this CL might regress some benchmarks while improving
the others.
Bug: v8:11880
Change-Id: I8ed5bf59360649718960dc34c06015ee6ff1532a
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_compile_dbg
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422643
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78854}
Change-Id: Ie62c4d46b767f1dcf70e8e75a30b5fc4d90ac295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424897
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78851}
Runtime_HasProperty already does the right thing; this CL is directing
more cases to it.
Bug: v8:12580
Change-Id: I16ae6099fa9781ecc663085e87a7fc59abd10d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422639
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78850}
We can now specify the trials for clusterfuzz using the file
clusterfuzz_trials_config.json. There is also a presubmit check
to make sure that it is formatted correctly.
Change-Id: Iafb7063b63b1daeb7653830542d13b419cf187d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416191
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78848}
This reverts commit 517ed4ad00.
Reason for revert: There still seems to be an issue on V8 Win msvc related to this CL (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/20568/overview).
Original change's description:
> Reland "[Torque] Generalize Torque literals to larger size"
>
> Previously, literals in Torque were stored as double values, which
> made it impossible to precisely represent 64 bit integer values.
> This CL replaces the old literal expression with an integer and
> floating point literal expression that are unbounded in size. We
> allow implicit conversion of these literals to arbitary integer
> and floating point types respectively and insert a corresponding
> bounds check into generated CSA.
>
> Changes in the reland: Simplified IntegerLiteral to single digit.
>
> Bug: v8:7793, chromium:1289282
> Change-Id: I31c762c2f31165c7a1d0b07842b764e5851ce189
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406750
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78811}
Bug: v8:7793, chromium:1289282
Change-Id: I818cec9625fbd827a4a30088d8c8b759fb6c50d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424484
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78847}
