This removes a loop that runs exactly one or two times by straight-line
code for the two cases. This should make it more readable and easier to
maintain.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: I242bc4a7f7333b04ec39e79dc530625fb5e2305f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287505
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68800}
We often want to pass a list of moves of fixed length. Instead of
constructing an array on the caller's stack and passing it via
{ArrayVector}, we should just pass it via {std::initializer_list}. This
also avoids to spell out the internal name
{LiftoffAssembler::ParallelRegisterMoveTuple}.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: Ibe7ac5a5a02686533333cb45652cbb2b99ad9c60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287498
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68799}
This change has no impact. It only changes the order of the arguments when using v8_enable_reverse_jsargs.
Change-Id: I6063da3703f0fa4a2b790e4291727dd7ff460dfa
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2292232
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68798}
Since we are not using CodeAssemblerVariables anymore, we can properly
scope the class so that the only way to instance one is through the
typed version (i.e TypedCodeAssemblerVariable).
Bug: v8:6949
Change-Id: I3ee99bcbb9421aadd0944af57f6452e832719758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290858
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68797}
This will be needed later for concurrent marking
Bug: chromium:1056170
Change-Id: Iab7812d7ac8a30e3a54bd7c4b739077b293db775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287869
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68796}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: I8293cc1854e39726eb9e4e5f9d2a34d38fa54859
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288861
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68791}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: I2fc4a44ea05e4d087565811f343893f0e97dc660
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288857
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68789}
This CL removes the GetTraceDescriptor virtual call from garbage
collected mixins and replaces it with querying the object start
bitmap.
The CL also removes the mixin macros which are now no longer needed.
Bug: chromium:1056170
Change-Id: I27ed299f93025d09a3bb3f0d17b14bed3c200565
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68787}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: Ic7d893b8d6772bd923c37c3d1e7cff5cc6667192
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288868
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68786}
This is a reland of bebb2bdc06
Original change's description:
> [heap] Allow LocalHeap on the main thread
>
> This changes the safepoint scope to skip LocalHeap that is active
> for the current thread to avoid deadlocking.
>
> Bug: v8:10315
> Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68769}
Bug: v8:10315
Tbr: dinfuehr@chromium.org
Change-Id: I1974d8b6ffffbf3244e7ede2d20d9b2d623df150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290851
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68785}
... by migrating old-style code
MyObject* obj = new (zone) MyObject(...)
to the new style
MyObject* obj = zone->New<MyObject>(...)
Bug: v8:10689
Change-Id: Icc60fdbf247ec05f9b5688b3d2d73d4fed06ea89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289770
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68784}
Instead allocating the bitmap with malloc, we now reserve a block
at the start of the memory chunk. This CL is a partial revert of
https://chromium-review.googlesource.com/c/v8/v8/+/1254125
Additionally it refactors field offset computation and moves them
to MemoryChunkLayout.
Having the bitmap in the memory chunk simplifies sharing of RO pages
and also solves the malloc fragmentation issues.
Bug: chromium:1073140
Change-Id: Ibc04f48921fc9496370858ce4c25c56b31c93c89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289979
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68783}
Saturating conversions are implemented on all platforms now, so remove
the (unreachable) bailout.
Also, move the new cases up to the other macros, such that the
indentation (by clang-format) makes more sense.
R=rstz@chromium.org, thibaudm@chromium.org
Bug: v8:10520
Change-Id: Ia44a4852a087b0a2c19b3d62aebd73c834fa9af9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289982
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68782}
This will allow implementing per-type allocation stats.
Also migrate old-style zone allocations
... = new (zone) MyObject(...)
to the new style:
... = zone->New<MyObject>(...)
in several source files.
Bug: v8:10689
Change-Id: I1b044c9eccb4ac7e1b627276691f3c1fbad52137
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288232
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68781}
PersistentHandles::NewHandle/LocalHeap::NewPersistentHandle currently
erase the type of the object. This patch templatizes them to preserve
the type and introduces versions that take Handle<T>
Bug: v8:10315
Change-Id: I899179a5b842b7b16144b340f6cd2b91e1db228f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287501
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68779}
This CL ports the atomic object start bitmap from blink.
Using the bitmap for mixin tracing is left as a followup.
Bug: chromium:1056170
Change-Id: I4998a0d9d76708a7bab0634e04354809dfc8c78f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287504
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68778}
The test creates a mock platform. The bug was that the lifetime of the
mock platform was shoter than the lifetime of the isolate. Even though
the mock platform restores the old platfrom, a background thread may
still have a pointer to the mock platform leading to UAF.
Bug: v8:10690
Tbr: dinfuehr@chromium.rg
Change-Id: Ic14bf408e5e3e9e7d07e01af545bb88c21462300
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290850
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68777}
This reverts commit 8ba517e194.
Reason for revert: causing Chromium test failures on external/wpt/wasm/jsapi/functions/entry-different-function-realm.html, e.g. here: https://ci.chromium.org/p/v8/builders/ci/V8%20Blink%20Mac/3045
Original change's description:
> [wasm] Make an "incumbent context" available for module instantiation
>
> A Wasm module's start function might be imported from JavaScript, and
> as such might contain calls to Blink. For such a case, we must make
> sure that an "incumbent context" is available.
> See microtask queue handling for a similar example.
>
> Bug: chromium:1096558
> Change-Id: I2e3c0fc20d4e3581e490822c3ac63ce2c5e1e990
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284982
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68760}
TBR=jkummerow@chromium.org,verwaest@chromium.org
Change-Id: Ib36d2198cf686f561a2a64034faf0479686f3500
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1096558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290853
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68775}
Partial implementation of v128.const, only the optimized case for all 0s
and all 1s. The other cases bailout to TurboFan for now, and will be
added in subsequent patches.
Bug: v8:9909
Change-Id: I3240c1c5f4259c45d51edca00fec37047bc1b3a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284212
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68772}
This reverts commit bebb2bdc06.
Reason for revert: Breaks GarbageCollectionWithLocalHeap test.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20debug/31107
Original change's description:
> [heap] Allow LocalHeap on the main thread
>
> This changes the safepoint scope to skip LocalHeap that is active
> for the current thread to avoid deadlocking.
>
> Bug: v8:10315
> Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68769}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: Ifba8218f9104afed3f2d92258296067f8f424062
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2290573
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68770}
This changes the safepoint scope to skip LocalHeap that is active
for the current thread to avoid deadlocking.
Bug: v8:10315
Change-Id: I45e80ae66d0dbbe768107aa9cf0603204c644d9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289983
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68769}
When local heap is parked it is not allowed to dereference any handles.
A GC might be relocating objects at that point.
Change-Id: I557682d47f8f0acfe041506833f6b397feb4438b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289981
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68768}
Motivation: With rtt.sub now allowed in constant expressions, we have
to generalize WasmInitExpr to be able to handle expressions with
operands. This is the second CL that prepares the ground for this
change.
Changes:
- Remove the error from read-value-type when reading a generic rtt.
- Add validation for HeapTypeImmediate in ModuleDecoder. Use it to
validate null constants immediates, which was missing. Add tests.
- Change ValueType::name to print rtt depths as integers.
- Move global initializer building in wasm-module-builder to its own
function.
Bug: v8:7748
Change-Id: Ic041e1c7d032f2a1063a21fec1bfe96cb0d8120e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284983
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68767}
MemMove makes an indirect call to memmove_function which is
overwritten in init_memcopy_functions to an address not
permitted by CFI to be called indirectly.
This CL disables CFI_ICALL for this function.
BUG=chromium:584575
Change-Id: I372f0c13a1900bf3c48484db9ba7ff4a3b3fc7e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289010
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68766}
With this change, if we pass --trace-turbo-stack-accesses, output will
be something like:
=== Stack access counters ===
Number of functions: xx
Name: wasm-function#1, Loads: xx, Stores: xx
...
Total Loads: xx, Total Stores: xx
This only applies to optimized/wasm functions.
Bug: v8:10663
Change-Id: I0b08e3fa321b76dc53942c8fbffd14759978c7b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2283913
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68765}
This reverts commit 273f4e42e3.
Reason for revert: Based on another need that needs to be reverted because of TSAN failures.
Original change's description:
> [heap] Avoid ParkedMutexGuard during allocation
>
> Since main thread allocation does not start incremental marking anymore
> while holding allocation_mutex_, background allocation does not need
> ParkedMutexGuard anymore to avoid deadlocks.
>
> This also means background thread allocation isn't paused anymore to
> perform a GC, which already resulted in subtle bugs (e.g. in
> ExpandBackground with incremental marking). We also do not
> stop-the-world anymore while holding allocation_mutex_.
>
> Bug: v8:10315
> Change-Id: Iadf00bc26434c765722b82a10497ab06151f15cc
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289771
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68754}
TBR=ulan@chromium.org,dinfuehr@chromium.org
Change-Id: I3a16c13626c891e8063564fc05fd2d3fc427d159
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289975
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68761}
A Wasm module's start function might be imported from JavaScript, and
as such might contain calls to Blink. For such a case, we must make
sure that an "incumbent context" is available.
See microtask queue handling for a similar example.
Bug: chromium:1096558
Change-Id: I2e3c0fc20d4e3581e490822c3ac63ce2c5e1e990
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284982
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68760}
Motivation: With rtt.sub now allowed in constant expressions, we have
to generalize WasmInitExpr to be able to handle expressions with
operands. This CL prepares the ground for this change and adds no
functionality.
Changes:
- ValueType::heap_representation and HeapType::representation now
return HeapType::Representation.
- Add ValueType::is_rtt().
- WasmInitExpr:
- Make kind private. Rename val -> operator, make it private. Add
accessors.
- Rename kGlobalIndex -> kGlobalGet.
- Squash global_index and function_index into index.
- Add heap_type Immediate. Use it for RefNullConst. TypeOf in
module-decoder.cc can now fully determine the type of a
WasmInitExpr.
- Add class constructors/static method constructors for each Operator
kind.
- Delete copy constructor. WasmInitExpr will use std::unique_ptr for
its operands.
- consume_init_expr now uses a stack.
- A few minor improvements.
Bug: v8:7748
Change-Id: I3ba3ee7ac2d6bc58e887790c37110ceb80658985
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284483
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68759}
In previous change https://crrev.com/c/2274308 , I attempted to fix an
issue where FindOptimalSpillingPos could sometimes fail to find the
LiveRange that covers the top of the loop. However, I misunderstood how
TopLevelLiveRange::GetChildCovers behaves, so I introduced a different
case where FindOptimalSpillingPos would fail to find the right
LiveRange. This change updates GetChildCovers to do what I had thought
it would do, so it can find the right LiveRange in all cases.
chromium:1102243
Bug: chromium:1101958, chromium:1101954, chromium:1102257,
Change-Id: If91c642c3f7f5e3a8b4cfaa3b3577865c84afcb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288660
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#68758}
After native-context-independent codegen, verify that the resulting
Code object does not embed any nc-dependent objects, and that no code
dependencies have been created.
Bug: v8:8888
Change-Id: I894e74b27e86e7727ff17aa0dbfdd908373a5e55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284498
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68757}
By introducing a globally known map for each generic type.
These maps are never used to allocate objects, they only
serve as sentinels for generic heap types.
Bug: v8:7748
Change-Id: I950a8c712dc1510759a833fe9122b9e9a6222dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288860
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68755}
Since main thread allocation does not start incremental marking anymore
while holding allocation_mutex_, background allocation does not need
ParkedMutexGuard anymore to avoid deadlocks.
This also means background thread allocation isn't paused anymore to
perform a GC, which already resulted in subtle bugs (e.g. in
ExpandBackground with incremental marking). We also do not
stop-the-world anymore while holding allocation_mutex_.
Bug: v8:10315
Change-Id: Iadf00bc26434c765722b82a10497ab06151f15cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2289771
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68754}
The tool is no longer supported since we migrated to Turbofan.
Change-Id: I55b911f47867b2a6985ce14f973cd837f71ec4b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2288859
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68753}
For 64-bit binary operations, Liftoff on arm made the assumption that
register pairs are always ordered, i.e. the register code for the low
word is lower than the register code for the high word.
Ensuring this was only implemented in {GetUnusedRegister} in
https://crrev.com/c/2168875. Other cases were missing though, e.g.
return values, but also different places were we
construct register pairs internally.
Thus, this CL removes this constraint again and instead handles
unordered register pairs in 64-bit binary operations on arm.
R=thibaudm@chromium.org
Bug: chromium:1101304
Change-Id: I4cd9fb1577f82ab06d34c9dde6533cf04a2cade7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287870
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68752}
