This ensures that the actual instructions are in their final form when
adding them to the NativeModule.
R=titzer@chromium.org
Change-Id: Ia20698823e5a18a3c3ef7d2370769b70addfc4e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60384}
The reason for the revert was that Liftoff did not bail out on indirect
calls to tables other than table 0. Whenever the Liftoff code got
executed, the test would fail.
Original message:
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.
The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Iedd56ee7acb281441bca32ffd3dc7157203ee1ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532072
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60382}
This reverts commit 1ca088652d.
Reason for revert: Regressions across the board
Original change's description:
> Reland "[regalloc] Introduce deferred fixed ranges"
>
> This is a reland of b176931311
>
> Original change's description:
> > [regalloc] Introduce deferred fixed ranges
> >
> > Fixed ranges are used to express register constraints in the
> > allocator. This change splits these fixed ranges into one for
> > normal code and deferred code. The former are handeled as before
> > whereas the latter are only made visible while allocating
> > registers for deferred code.
> >
> > This prevents forward looking decisions in normal code to be
> > impacted by register constraints from deferred code.
> >
> > Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> > Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> > Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60322}
>
> Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60364}
TBR=jarin@chromium.org,sigurds@chromium.org,herhut@chromium.org
Change-Id: Id8ad6c39774e38dd67decea997e08a4c58c452ec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532327
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60381}
When running wasm tests, the interpreter previously used a static
collection of function indexes stored in WasmTable to perform
call_indirect calls internal to that module. This has the wrong behavior
if the table is changed (via WasmTableObject::Set, `table.copy`, or
`table.init`).
This CL changes the cctests to always generate an intepreter entry for
all functions, and stores those entries in the dispatch table. This
allows us to use the same execution path as for non-testing code.
The interpreter entry compiler needed to be changed to support
multi-value returns too, since a 64-bit integer return value may be
lowered to two 32-bit integer returns.
Bug: v8:9016
Change-Id: I277df21ffde5c2eee0b691fcc9bab2b1a43eeffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1531137
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60380}
This CL changes ToString of stack frames to optionally take a
IncrementalStringBuilder instance. Instead of using one instance per
frame when serializing a stack trace, a single instance is now used.
This improves local stack serialization micro benchmarks by ~6%.
R=jgruber@chromium.org
Bug: v8:8742
Change-Id: I067069f91919c167434979b4d9013019e46ed3b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532063
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60378}
This field's size is kIntSize but it was read as a 8-byte value in
assembly code.
Bug: v8:7703
Change-Id: I16e8c845c27b224b368c8888073cff6d53f28a54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532324
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60377}
Added a new Error Message for Missing Function Name.
The program:
function(){}
...now produces:
SyntaxError: Function statements require a valid function name.
...instead of:
SyntaxError: Unexpected Token (
Bug: v8:3698, v8:6513
Change-Id: I3c12dfcfe80b94209aa9af434ae1d212970cf362
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1500914
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60376}
This has been functionally obsolete for a while now. From a performance
point of view it also became obsolete, because the only on-heap {Code}
object being generated within this scope is the start function wrapper.
R=clemensh@chromium.org
BUG=v8:6792
Change-Id: I978488fbd8d26b55d957d56449c5ff021b888ce1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532320
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60374}
In order to reduce lock contention in the NativeModule, to publish
compiled code in batches.
This is implemented via a new {NativeModule::AddCompiledCode} variant
that takes a {Vector<WasmCompilationResult>}, allocates code space for
all of the results, copies all code over and relocates it, and then
publishes all of it.
R=titzer@chromium.org
Bug: v8:8916
Change-Id: I437bd222dc2471b89b114cdb42049991af36f1f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532062
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60373}
This reverts commit 3cda21de77.
Reason for revert: Breaks the roll on Windows (see https://cr-buildbucket.appspot.com/build/8918477701097622400)
Original change's description:
> V8 x64 backend doesn't emit ABI compliant stack frames
>
> On 64 bit Windows, the OS stack walking does not work because the V8 x64
> backend doesn't emit unwinding info and also because it doesn't emit ABI
> compliant stack frames. See
> https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0/edit
> for more details.
>
> This problem can be fixed by observing that V8 frames usually all have the same
> prolog and epilog:
>
> push rbp,
> mov rbp, rsp
> ...
> pop rbp
> ret N
>
> and that it is possible to define XDATA (UNWIND_CODEs) that specify how Windows
> should walk through V8 frames. Furthermore, since V8 Code objects are all
> allocated in the same code-range for an Isolate, it is possible to register a
> single PDATA/XDATA entry to cover stack walking for all the code generated
> inside that code-range.
>
> This PR contains changes required to enable stack walking on Win64:
>
> EmbeddedFileWriter now adds assembler directives to the builtins
> snapshot source file (embedded.cc) to emit additional entries in the .pdata and
> in the .xdata section of the V8 executable. This takes care of stack walking
> for embedded builtins. (The case of non-embedded builtins is not supported).
> The x64 Assembler has been modified to collect the information required to emit
> this unwind info for builtins.
>
> Stack walking for jitted code is handled is Isolate.cpp, by registering
> dynamically PDATA/XDATA for the whole code-range address space every time a new
> Isolate is initialized, and by unregistering them when the Isolate is
> destroyed.
>
> Stack walking for WASM jitted code is handled is the same way in
> wasm::NativeModule (wasm/wasm-code-manager.cpp).
>
> It is important to note that Crashpad and Breakpad are already registering
> PDATA/XDATA to manage and report unhandled exceptions (but not for embedded
> builtins). Since it is not possible to register multiple PDATA entries for the
> same address range, a new function is added to the V8 API:
> SetUnhandledExceptionCallback() can be used by an embedder to register its own
> unhandled exception handler for exceptions that arise in v8-generated code.
> V8 embedders should be modified accordingly (code for this is in a separate PR
> in the Chromium repository:
> https://chromium-review.googlesource.com/c/chromium/src/+/1474703).
>
> All these changes are experimental, behind:
>
> the 'v8_win64_unwinding_info' build flag, and
> the '--win64-unwinding-info' runtime flag.
>
> Bug: v8:3598
> Change-Id: Iea455ab6d0e2bf1c556aa1cf870841d44ab6e4b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1469329
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#60330}
TBR=bbudge@chromium.org,ulan@chromium.org,mvstanton@chromium.org,mstarzinger@chromium.org,gdeepti@chromium.org,jgruber@chromium.org,paolosev@microsoft.com
Change-Id: If8470da94c58df8c800cbe8887f9f86236e43353
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:3598
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532321
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60372}
This flag has been on, but was disabled for the reland of the control
flow aware register allocator (currently behind a flag).
Change-Id: I4a6aabd0c2a10160ef9bd96372fc5c72096d5369
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532079
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60371}
This prepares a refactoring to add and publish compilation results in
batches. For this, we need to separate the two phases, so that we can
lock the module, allocate all the code space, release the lock, copy
the code, lock the module, publish the code, and release the lock
again.
In particular, this CL does the following:
1) It removes the {AddOwnedCode} method. The functionality of creating
the {WasmCode} and memcpy'ing the instruction into that is done in
the other {Add*Code} methods. Adding to {owned_code_} is done in
{PublishCode}.
2) {PublishInterpreterEntry} is now functionally equivalent to
{PublishCode}, so it's removed.
3) After {AddCode}, the caller has to call {PublishCode}. In a
follow-up CL, this will be called in batches (first {AddCode} them
all, then {PublishCode} them all).
4) {AddCompiledCode} now assumes that the {WasmCompilationResult}
succeeded. Otherwise, the caller should directly call {SetError} on
the {CompilationState}.
5) {PublishCode} is now the chokepoint for installing code to the code
table, the owned code vector, the jump table, and setting interpreter
redirections. It replaces previous direct calls to {InstallCode} or
explicitly adding to {owned_code_}.
6) Increasing the {generated_code_size_} counter is now done in
{AllocateForCode}, which is the chokepoint for allocating space for
generated code. This way, we will only increase this counter once
once we allocate in batches.
R=titzer@chromium.org
Bug: v8:8916
Change-Id: I71e02e3a838f21797915cee3ebd373804fb12237
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530817
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60369}
We also need to deoptimize the code if the embedded 32-bit map dies.
Bug: v8:8982, chromium:943823
Change-Id: Iabeac5c943444a7b4d858704c3720228f3d74fe1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532073
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60367}
This removes the special casing for the lazy compilation stub which used
to have its own code kind, just so that the stack walker would properly
recognize its frame.
Also, by re-using the existing machinery for runtime stubs we no longer
need to copy this stub into the native module and get all the niceties
that come with embedded builtins for free.
Thirdly this will make it easier to start lazy compilation from the
background or to do it on a per-function basis without requiring yet
more special machinery, since {NativeModule::SetLazyBuiltin} no longer
requires access to the Isolate.
Kudos for the inspiration for this cleanup go to Frederik, I merely did
some of the legwork.
R=clemensh@chromium.org
BUG=v8:8834
Change-Id: Iac2b51a2e33fb0e88d25d3632fa18998123ee6c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532064
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60365}
This is a reland of b176931311
Original change's description:
> [regalloc] Introduce deferred fixed ranges
>
> Fixed ranges are used to express register constraints in the
> allocator. This change splits these fixed ranges into one for
> normal code and deferred code. The former are handeled as before
> whereas the latter are only made visible while allocating
> registers for deferred code.
>
> This prevents forward looking decisions in normal code to be
> impacted by register constraints from deferred code.
>
> Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60322}
Change-Id: I1a31150256eb5608db985b144aab7ea457169d0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530810
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60364}
This reverts commit 9d167f57e0.
Reason for revert: There is a crash on https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20026
Original change's description:
> [wasm][anyref] Add support of call-indirect for multiple tables
>
> With this CL it is possible to use any anyfunc table in call-indirect,
> not just the first table.
>
> The current implementation is based on runtime calls. This is just an
> initial implementation which should be replaced by a
> dispatch-table-based eventually. However, this implementation allows
> us to move forward with the anyref proposal implementation.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7581
> Change-Id: I57d09b18add7f525555bf7c949aef17a64b0e7c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530801
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60360}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
Change-Id: Iba4b84078aa070498be7e79212970b94595f5757
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7581
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532069
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60362}
Previously, the builtin BigIntToWasmI64 and its calling descriptor had
an inconsistent name, not reflecting the signature which is i64 to BigInt.
This CL removes BigIntToWasmI64 in favor of I64ToBigInt. Also for
consistency the Wasm tranpoline has been renamed from BigIntToWasmI64
to WasmI64ToBigInt.
Change-Id: I4125ee99a7358797181770f413db70affa657d5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532065
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60361}
With this CL it is possible to use any anyfunc table in call-indirect,
not just the first table.
The current implementation is based on runtime calls. This is just an
initial implementation which should be replaced by a
dispatch-table-based eventually. However, this implementation allows
us to move forward with the anyref proposal implementation.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I57d09b18add7f525555bf7c949aef17a64b0e7c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530801
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60360}
The array allocated in {SetInterpreterRedirection} was accidentally
left uninitialized, which could result in later calls to
{has_interpreter_redirection} to return true. In that case, we would
not patch the jump table when publishing the code, and would then crash
during execution.
This was uncovered by an unrelated change. It's covered by existing
tests though, we were just lucky so far that the relevant bits were 0
for some reason.
R=mstarzinger@chromium.org
Change-Id: I712200cb0c9f2a9c828f6a9a502e6307dc438bd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1532060
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60359}
Wasm Compilation hints are now used when
{--experimental-wasm-compilation-hints} is set to create compilation
units as suggested. Hints regarding the compilation strategy, e.g. lazy
compilation, are ignored for now.
Bug: v8:9003
Change-Id: Id275537db375e425e872b0a05b587931c829c865
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524202
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60352}
Omit user roots when raw heap snapshots are used, i.e., when
the gn flag v8_enable_raw_heap_snapshots is enabled. For regular
Chrome production builds this is not the case.
Blink CL: https://crrev.com/c/1529096
Bug: chromium:936797
Change-Id: I5ae0ec1ecfab9a76352d8ce927d1c40e707262cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528994
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60351}
SaveFlags previously worked by re-setting the flags using the command
line. Unfortunately, this could reset flags being used by concurrent
processes, which would cause TSAN issues.
Now, SaveFlags stores a copy of the state of all flags on creation, and
only resets changed flags in its destructor. It does this by (ab)using
the flag-definitions.h pseudo-header, adding a new mode to that header
which applies an includer-defined macro to each flag definition.
Change-Id: I4c156ecb36b4b7c05402138088266465d31e33b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530809
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60350}
This CL includes a revert of [1] with thakis@'s proposed fix at [2]. Verified a
build with the below gn args works on Linux:
target_os = "win"
target_cpu = "x86"
is_debug = false
is_official_build = true
is_component_build = false
use_goma = true
enable_nacl = false
use_custom_libcxx = true
[1] 93ee541417
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=942347#c2
BUG=chromium:942347
R=machenbach
CC=thakis
Change-Id: I34f5744a9f600efbc075f4b5ba8d1c66bff46ae6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529250
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Thomas Anderson <thomasanderson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60349}
Converted JSGeneratorObject, JSAsyncFunctionObject , JSAsyncGenerator to torque.
Change-Id: I6eb2463d66c118c60fee472776a471120641344c
Bug: v8:8952
Change-Id: I6eb2463d66c118c60fee472776a471120641344c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1512472
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60347}
This is a follow-up CL from https://chromium-review.googlesource.com/c/v8/v8/+/1432597
Indices of first and last symbol properties are recorded and used on a second iteration of DescriptorArrayForEach() to potentially reduce the iteration range
Bug: v8:6705
Change-Id: Iac73909d138214d1128e935eff686f2f058e17f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516021
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60344}
Due to ppc having a fixed 4 byte instruction length, changing
ByteChunk length from 8 to 4 bytes will fix any padding issues
while generating the "embed.S" file.
Change-Id: Ide799908effd88d5387e97627917b095fcc3051c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524720
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60337}
Port 1c1545401f
Original Commit Message:
On LoadCodeObjectEntry check for IsOffHeapTrampoline instead of
BuiltinIndexOffset so LoadCodeObjectEntry can correctly jump to the
on-heap trampoline when we use --interpreted-frames-native-stack.
R=mat@mmarchini.me, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com, miladfar@ca.ibm.com
BUG=
LOG=N
Change-Id: I12cb669743bc674bd4f151f4348f763c5bd73647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529258
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60332}
This way d8 can use a read-only mapping for its input file. Otherwise,
it would require write access for reading the sources.
Bug: v8:8997
Change-Id: I8e117f0a3d9c125ffd1dc1682d5af04b3f6287c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530804
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60331}
On 64 bit Windows, the OS stack walking does not work because the V8 x64
backend doesn't emit unwinding info and also because it doesn't emit ABI
compliant stack frames. See
https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0/edit
for more details.
This problem can be fixed by observing that V8 frames usually all have the same
prolog and epilog:
push rbp,
mov rbp, rsp
...
pop rbp
ret N
and that it is possible to define XDATA (UNWIND_CODEs) that specify how Windows
should walk through V8 frames. Furthermore, since V8 Code objects are all
allocated in the same code-range for an Isolate, it is possible to register a
single PDATA/XDATA entry to cover stack walking for all the code generated
inside that code-range.
This PR contains changes required to enable stack walking on Win64:
EmbeddedFileWriter now adds assembler directives to the builtins
snapshot source file (embedded.cc) to emit additional entries in the .pdata and
in the .xdata section of the V8 executable. This takes care of stack walking
for embedded builtins. (The case of non-embedded builtins is not supported).
The x64 Assembler has been modified to collect the information required to emit
this unwind info for builtins.
Stack walking for jitted code is handled is Isolate.cpp, by registering
dynamically PDATA/XDATA for the whole code-range address space every time a new
Isolate is initialized, and by unregistering them when the Isolate is
destroyed.
Stack walking for WASM jitted code is handled is the same way in
wasm::NativeModule (wasm/wasm-code-manager.cpp).
It is important to note that Crashpad and Breakpad are already registering
PDATA/XDATA to manage and report unhandled exceptions (but not for embedded
builtins). Since it is not possible to register multiple PDATA entries for the
same address range, a new function is added to the V8 API:
SetUnhandledExceptionCallback() can be used by an embedder to register its own
unhandled exception handler for exceptions that arise in v8-generated code.
V8 embedders should be modified accordingly (code for this is in a separate PR
in the Chromium repository:
https://chromium-review.googlesource.com/c/chromium/src/+/1474703).
All these changes are experimental, behind:
the 'v8_win64_unwinding_info' build flag, and
the '--win64-unwinding-info' runtime flag.
Bug: v8:3598
Change-Id: Iea455ab6d0e2bf1c556aa1cf870841d44ab6e4b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1469329
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60330}
This extends the support for the "except_ref" type on global variables
to support mutable globals, as well as importing and exporting such
globals. Test coverage is also increased.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I816406e322ffb574a4f054947682491e7b40335f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530802
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60327}
This makes it easier to publish them in batches. Function index and
requested compilation tier are duplicated from the WasmCompilationUnit.
R=titzer@chromium.org
Bug: v8:8916
Change-Id: I87852670be029b1d729f98f01729362ca379fb50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529009
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60325}
This reverts commit b176931311.
Reason for revert: Flag access breaks TSAN (not an issue with this
CL as such, but we need to revert to re-open the tree).
Original change's description:
> [regalloc] Introduce deferred fixed ranges
>
> Fixed ranges are used to express register constraints in the
> allocator. This change splits these fixed ranges into one for
> normal code and deferred code. The former are handeled as before
> whereas the latter are only made visible while allocating
> registers for deferred code.
>
> This prevents forward looking decisions in normal code to be
> impacted by register constraints from deferred code.
>
> Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60322}
TBR=jarin@chromium.org,sigurds@chromium.org,herhut@chromium.org
Change-Id: I5675a96acf0b5e5f7d63c60a742d2971b6d0d34d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1530803
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60324}
Fixed ranges are used to express register constraints in the
allocator. This change splits these fixed ranges into one for
normal code and deferred code. The former are handeled as before
whereas the latter are only made visible while allocating
registers for deferred code.
This prevents forward looking decisions in normal code to be
impacted by register constraints from deferred code.
Change-Id: I67d562bb41166194e62765d5ab051bc961054fc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1477742
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60322}
When pointer compression is enabled the [u]intptr_t and double fields are
only kTaggedSize aligned so in order to avoid undefined behavior in C++ code
we have to access these values in an unaligned pointer friendly way although
both x64 and arm64 architectures (where pointer compression is supported)
allow unaligned access.
These changes will be removed once v8:8875 is fixed and all the
kSystemPointerSize fields are properly aligned.
Bug: v8:7703
Change-Id: I4df477cbdeab806303bb4f675d52b61c06342c8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528996
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60321}
This was unimplemented but is needed for Perfetto which posts delayed
tasks on worker threads e.g. drain the trace buffer into a file every x
seconds.
This is implemented by adding a second queue which holds the delayed
tasks in chronological order of 'next-to-execute'. We use an
std::multimap for the queue so that we can easily get the next delayed
task with begin().
The implementation will move delayed tasks into the main task queue
when their deadline expires.
Drive-by cleanup of the runner destructor which can just use = default.
Bug: v8:8339
Change-Id: I3629c5d6e15ced2fc47eb1b7519a2dbbf8461fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521114
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60320}
... which can be used with STL algorithms.
When pointer compression is enabled the [u]intptr_t and double fields are
only kTaggedSize aligned so in order to avoid undefined behavior in C++ code
we have to access these values in an unaligned pointer friendly way although
both x64 and arm64 architectures (where pointer compression is supported)
allow unaligned access.
These changes will be removed once v8:8875 is fixed and all the
kSystemPointerSize fields are properly aligned.
Bug: v8:7703
Change-Id: If581fc00d63ae759c73b2a0f115331eea336605f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528995
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60319}
This change significantly improves the performance of string
concatenation in optimized code for the case where the resulting string
is represented as a ConsString. On the relevant test cases we go from
serializeNaive: 10762 ms.
serializeClever: 7813 ms.
serializeConcat: 10271 ms.
to
serializeNaive: 10278 ms.
serializeClever: 5533 ms.
serializeConcat: 10310 ms.
which represents a 30% improvement on the "clever" benchmark, which
tests specifically the ConsString creation performance.
This was accomplished via a couple of different steps, which are briefly
outlined here:
1. The empty_string gets its own map, so that we can easily recognize
and handle it appropriately in the TurboFan type system. This
allows us to express (and assert) that the inputs to NewConsString
are non-empty strings, making sure that TurboFan no longer creates
"crippled ConsStrings" with empty left or right hand sides.
2. Further split the existing String types in TurboFan to be able to
distinguish between OneByte and TwoByte strings on the type system
level. This allows us to avoid having to dynamically lookup the
resulting ConsString map in case of ConsString creation (i.e. when
we know that both input strings are OneByte strings or at least
one of the input strings is TwoByte).
3. We also introduced more finegrained feedback for the Add bytecode
in the interpreter, having it collect feedback about ConsStrings,
specifically ConsOneByteString and ConsTwoByteString. This feedback
can be used by TurboFan to only inline the relevant code for what
was seen so far. This allows us to remove the Octane/Splay specific
magic in JSTypedLowering to detect ConsString creation, and instead
purely rely on the feedback of what was seen so far (also making it
possible to change the semantics of NewConsString to be a low-level
operator, which is only introduced in SimplifiedLowering by looking
at the input types of StringConcat).
4. On top of the before mentioned type and interpreter changes we added
new operators CheckNonEmptyString, CheckNonEmptyOneByteString, and
CheckNonEmptyTwoByteString, which perform the appropriate (dynamic)
checks.
There are several more improvements that are possible based on this, but
since the change was already quite big, we decided not to put everything
into the first change, but do some follow up tweaks to the type system,
and builtin optimizations later.
Tbr: mstarzinger@chromium.org
Bug: v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Ia24e17c6048bf2b04df966d3cd441f0edda05c93
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: https://bit.ly/fast-string-concatenation-in-javascript
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499497
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60318}
This adds basic support and tests for having global variables of type
"except_ref" that are default initialized to "null". The functionality
is part of the exception handling proposal and solely enabled by the
corresponding feature flag.
R=ahaas@chromium.org
TEST=mjsunit/wasm/exceptions-global
BUG=v8:8091
Change-Id: I581bc942fbe6688a5c58790a842fb024de22d924
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528439
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60317}
If pointer compression is on, it makes sense to embed the map as
a 32-bit constant, for direct comparison. No need to uncompress
the receiver map.
Bug: v8:8982
Change-Id: I285ca4d5b49b26536873776d298e18bcbf84b23e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518182
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60313}
According to WebAssembly's thread proposal, the memory type is decided
at the Object's creation and don't change over time.
When growing a shared memory and the old buffer was marked as shared;
setup the new buffer as shared as well.
Bug: v8:8564
Change-Id: I7e59071d11b41315429232ae0c90436c6810bd0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526012
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Auto-Submit: Sven Sauleau <ssauleau@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60312}
This implements the behavior discussed and specified here:
https://github.com/tc39/ecma262/issues/1461https://github.com/tc39/ecma262/pull/1470
As part of making this change, I realized that we didn't actually
toggle the behavior between the optimized and unoptimized version
based on the --harmony-await-optimization flag at all and just the
unoptimized version by default.
This patch removes the unoptimized version and uses the optimized
version as the default.
The other builtins that use this flag are not touched as part of this
CL, they will be updated separately.
Bug: v8:8998
Change-Id: I315e1b39dda91d0127b5e567986485d713eaa78d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525872
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60310}
Consumers can use this to derive the full stack from sampled leaf nodes
without having to flatten the tree.
Bug: v8:8999
Change-Id: I42c638dd2c757837b0c03514c204be0182653291
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525877
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60309}
This helper can lower a parallel move a,b <- c,d for registers where
the sets {a,b} and {c,d} overlap.
Change-Id: I3c6ab20c075847d43628c5fd77851a3e614849c5
Bug: v8:8834
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528533
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60304}
There were four places where we did essentially the same steps in
order to extract the initial map for inlining a JSCreate operation.
This CL creates a function on NodeProperties for this task.
As a side effect, this fixes a bug in ReduceJSCreateArray, where
has_initial_map could get called when it wasn't permissible to do so.
Notes: For simplicity, in one or two places where we used to get the
target/newtarget constants from the types we now get them from
HeapConstant nodes.
Cosmetic change: rename "receiver_map" to the more accurate
"root_map" in JSNativeContextSpecialization::ExtractReceiverMaps.
Bug: chromium:939316
Change-Id: I8fd9eb50993be3d839ab9b18eeea28184c53eabf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528435
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60301}
Implements decoding of compilation hints section in
{ModuleDecoderImpl}. The {wasm-module-builder.js} supports
the creation of that section. The feature can be enabled
with {--experimental-wasm-compilation-hints}.
Bug: v8:9003
Change-Id: Ic87e19d916f2ce316de453ea8c7c48c236a6d673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521115
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60299}
The page size of PPC is kept unchanged because PPC has larger
physical pages (64KB).
Bug: chromium:852420
Change-Id: Ib888ea00a476ff103e00211dbb439186148ef81e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1481631
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60296}
Bug: v8:8996
Change-Id: I035c380768c324d8912aa8bc414d533dbf7f3e5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524640
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60292}
On LoadCodeObjectEntry check for IsOffHeapTrampoline instead of
BuiltinIndexOffset so LoadCodeObjectEntry can correctly jump to the
on-heap trampoline when we use --interpreted-frames-native-stack.
R=jgruber@chromium.org, yangguo@google.com
Bug: v8:8911
Change-Id: I172d4735671726d32328de246990b513106e3a7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516692
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60288}
Clients of the code-assembler.h shouldn't depend on lots of compiler
internals. Do not include anything from src/compiler there!
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: Ie6f66af47153fad0b95c53d4d9cb03b95d3501fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526196
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60286}
Anyfunc globals are very similar to anyref globals. This CL is mostly
about extending the conditions which guard the anyref globals code.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: Ia92ac4560102cc3ed0060342f92758db28f415ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526004
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60281}
This was always the intended behavior: when --embedded-variant is not
passed, we should assume "Default". What actually happened in this
case was that we'd initialize to nullptr. This CL adds the missing
nullptr check.
Bug: v8:6666
Change-Id: I87247c6c6cfec20da86d2714732a2f6044bb9b77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526193
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60278}
This is a reland of 5a61630d1d
Original change's description:
> [inspector] Allow limiting the total size of collected scripts.
>
> Introduces the setMaxCollectedScriptsSize Debugger protocol method.
> If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
> scripts up to the specified total size of their sources.
>
> BUG=v8:8988
>
> Change-Id: I94d52866494102add91ca2d569a2044b08c9c593
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60227}
TBR=dgozman@chromium.org
Bug: v8:8988
Change-Id: I9b1db01856a43636c1eb8ad2ec36e3727353228d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524668
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60271}
The existing has property handling did not account for the fact an IC can have LOAD_IGNORE_OUT_OF_BOUNDS while some of the maps in the IC do not allow out of bounds loads.
bug: chromium:942068
Change-Id: I935402d9d72e9c0228510ef69154ea130d1c71f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1525876
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60269}
We have a version for each (Any, Pointer, Signed)
Bug: v8:8977
Change-Id: I1df994f96e24183a136c25818bf4917d9f8126d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524481
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60268}
This slot has become obsolete now that all CEntry stubs are builtins
(which are part of the rootset) and no longer need to be kept alive
explicitly by a slot in the frame.
R=verwaest@chromium.org
BUG=v8:8834
Change-Id: I7b791cc509ef800bcf7aa5faab31ddf35370f944
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520725
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60267}
We were just counting the number of stack elements instead of their
actual memory usage. This limits recursion a lot more and helps
avoiding OOM situations.
R=titzer@chromium.org
Bug: chromium:938739
Change-Id: I0e0ec2949f9fbad9c9e2c8677ec0223d5cd6a24b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526006
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60264}
Compiling without -fno-exceptions causes compilation errors, this
CL fixes that.
The reason for the compilation error is a mismatch of "V8_NOEXCEPT"
on mixins for base::Optional where it is not present for deleted
copy/move constructors, but present on base::Optional for defaulted
ones.
Bug: v8:8985
Change-Id: I54af77496657fde44292c050221d11533a54db03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518175
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60261}
This is a false positive of a potential evaluation order problem flagged
by the newest version of gcmole. While this is strictly speaking safe,
it is not statically known that the default argument of the fourth
parameter to {AbsoluteAndNot} is a nullptr and hence not a stale raw
reference. Since this is the only false positive of this kind in the
code base, I would vote to just avoid it by sequencing the operations.
R=jkummerow@chromium.org
BUG=v8:8813
Change-Id: I4a8f2ed4eb09766ce98e4e3d32f680a3a84eedf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523548
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60259}
This CL allows for either of 'minimum' or 'initial' for MemoryDescriptor
and TableDescriptor. It also adds a flag for the reflection features.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: Icfd4825f63e1eb784a39d10f740d55e81489eba7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1485243
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60256}
Introduces the setMaxCollectedScriptsSize Debugger protocol method.
If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
scripts up to the specified total size of their sources.
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
BUG=v8:8988
TBR=dgozman@chromium.org
Change-Id: I6f7da07c4c9ae35b5252aabddb98b693ec77b4e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524662
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60255}
Bug: v8:7226
Change-Id: Ia2ed97b193e77a016aa10e7abd50ce59ea38f7a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518558
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60254}
This CL only provides the implementation of memory.{init,copy,fill} and
data.drop.
Bug: v8:8965
Change-Id: I439f2520bfee8f147e4b0d1d31f954aaad2e14ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510575
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60253}
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I5b9a614dd0c8b028d756cbd401c803de4cb9437f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513159
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60252}
This CL also changes the constructor for WasmTableObject so that the
maximum_length is set to undefined instead of a default value if there's
no maximum provided.
R=binji@chromium.org,adamk@chromium.org
Bug=v8:7742
Change-Id: I6310224e9997464bf69c198e2694a6cd76e01e8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513156
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60250}
Consolidates all the work into a single TFS builtin (CreateHTML)
called by all these functions. Reduces the builtin size by
about half.
Change-Id: I92b2c7889f72db4c8c79d7ef0ce0e61036ab619e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1522727
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60248}
Since the new Objects were introduced, we can no longer cast integers to
and Object pointer and call methods on them in gdb (due to how gdb's
expression evaluator deals with temporaries). So, we add a new helper
method to our gdbinit, "$job", which takes an address and returns an
Object that is now exists in real (stack) memory.
Bug: v8:8994
Change-Id: I760a007e7d2303e3a4b1fecb87e094fb9974e91e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523329
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60245}
This should have no effect unless the embedder uses an old version
of the standard library with missing overloads of <math.h> functions,
which causes such functions to perform implicit conversion to double.
In such cases, the CL removes the implicit conversion.
Change-Id: Ib90a461c81b1f354f7acdf32df88257bff20aca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523549
Auto-Submit: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60243}
Compilation only stores whether an error has been found, but not the
exact error or it's location. This is generated by running a validation
pass once all wire bytes have been received.
This unifies error messages by removing one more location where we
generate compilation error messages, and makes it deterministic because
a) we always report the error in the first failing function, and
b) if names are present, the error message will always contain the
function name.
R=titzer@chromium.org
Bug: chromium:926311, v8:8814
Change-Id: I79551b8bb73dcee503484de343a3ada60a6add4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521112
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60242}
Piggybacking of splitting heap setup, this change adds a shared
read-only heap and a flag to enable it.
Also makes CallOnce use std::function instead of a raw function
pointer so the CL can use lambdas with CallOnce.
Bug: v8:7464
Change-Id: I9a97fb1baa6badca39a7381de3fd9e01f5969340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518180
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60241}
Main changes:
- Rename ProcessedFeedback to ElementAccessFeedback and introduce a base class
with the old name ProcessedFeedback.
- Introduce another kind of ProcessedFeedback, namely GlobalAccessFeedback for
the LoadGlobal/StoreGlobal IC. It's either a PropertyCell or a script context
slot.
- Produce such processed feedback in the serializer, when visiting LdaGlobal and
similar bytecodes.
- Consume it, and disallow heap access, in JSNativeContextSpecialization's
ReduceJSLoadGlobal and ReduceJSStoreGlobal (for --concurrent-inlining).
Minor changes:
- Introduce a FeedbackSource class (pair of FeedbackVector and FeedbackSlot)
that is used as the key of the processed feedback hash table. We already have
two similar classes, FeedbackNexus and VectorSlotPair, but both are unsuitable
for technical reasons (e.g. FeedbackNexus construction accesses the heap).
Eventually we should remove VectorSlotPair.
- Processed feedback is now returned as a pointer, which is nullptr if the
original feedback wasn't interesting (e.g. megamorphic).
The title says "partially" because the CL doesn't yet take into account named
accesses where the receiver happens to be the global proxy.
Bug: v8:7790
Change-Id: I4404d98636b91a8f2d5667115944bae4773a4770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518184
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60240}
This simplifies some code by removing unneeded checks and early
returns. I just accidentally hit got one more instance of this, and I
think we should get rid of the requirement of only decoding LEBs that
start before the end pointer of the decoder.
R=titzer@chromium.org
Change-Id: I608c5c1c292088ac14fac20b7cb030f39c165bd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523550
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60238}
This reverts commit 57bc36aa8f.
Reason for revert: Frame may not be allowed accesses to half size location. Reverting as a precautionary measure.
Original change's description:
> [ptr-compr] Correct size for tagged values in GetByteWidth
>
> Bug: v8:8477
> Change-Id: Id565bb8a4d420b715e3e89325786de699e30b22c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517883
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60197}
TBR=mvstanton@chromium.org,solanes@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8477
Change-Id: Id0482074972194d8e8c531e0ea06da762e0262b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1523347
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60236}
We want to get rid of the atomicops library, hence switch all uses to
std::atomic.
R=mlippautz@chromium.org
Bug: v8:8926, v8:8834
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Change-Id: I9b7cca83703775b1ddee4f16f51b7ad6535bb67c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520717
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60233}
Since StreamedSource takes ownership of the ExternalSourceStream
passed into it, it should take it by unique_ptr rather than raw
pointer to signal this transfer of ownership. The old constructor
is now deprecated.
Change-Id: I24681926c2f3141f7dd3664f72019a4c6deabfd7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520713
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60232}
This reverts commit 5a61630d1d.
Reason for revert: Breaking gc stress bot - https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/21477
Original change's description:
> [inspector] Allow limiting the total size of collected scripts.
>
> Introduces the setMaxCollectedScriptsSize Debugger protocol method.
> If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
> scripts up to the specified total size of their sources.
>
> BUG=v8:8988
>
> Change-Id: I94d52866494102add91ca2d569a2044b08c9c593
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
> Commit-Queue: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60227}
TBR=dgozman@chromium.org,alph@chromium.org,kozyatinskiy@chromium.org
Change-Id: I26de645e425f0f7d5aa8212eeefda76dad695b78
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8988
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1522988
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60229}
Introduces the setMaxCollectedScriptsSize Debugger protocol method.
If the max size is set, the debugger will hold collected (not referenced by other v8 heap objects)
scripts up to the specified total size of their sources.
BUG=v8:8988
Change-Id: I94d52866494102add91ca2d569a2044b08c9c593
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518556
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60227}
Splits heap setup to enable a single setup method on read-only heap.
This simplifies shared read-only heap initialization code.
Bug: v8:7464
Change-Id: If4f61e1fbc4780e19dcda2b2d50050b2c204b0e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518179
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60224}
This enables things like simple DCHECKs in functions that do not have
access to isolate or heap.
Change-Id: I7962c28f0c6a4928ee880f1373501f29e45ae1f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517886
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60222}
The JSONTraceWriter didn't write the "flow_in", "flow_out" and "bind_id"
fields, which are necessary to support TRACE_EVENT_WITH_FLOW and
friends. This just mirrors the logic from trace_event_impl.cc in Chrome.
Bug: v8:8991
Change-Id: I496db587fbb74d3c7205bbab4c23ec41c63fa715
Document: http://bit.ly/v8-tracing-signals
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1521108
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60218}
Add a CheckSmi call to the value of the position argument to
String.prototype.startsWith(search, [position]).
Bug: v8:8400, chromium:939746
Change-Id: I7462bebe0d3fde605a4c27a34c0d9bb3f0cc1c20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514198
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60216}
I always have to look up which are the thread-safe ones. So add this
documentation in counters.h.
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: I2cd28b6604585152b1ba3ecacbd597166f1b0e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520716
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60214}
This CL extracts the capturing for detailed and simple
stack traces into a configurable helper. Rather then introducing a
single flag for this helper, noting whether we capture simple or detailed
stack traces, each "difference" between the two can be turned on/off
separately, for easier, future refactorings.
R=jgruber@chromium.org
Bug: v8:8742
Change-Id: I0cf5e975438f05ff40f91d8a8f097059424e3d19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1520326
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60213}
As pointed out on https://crrev.com/c/1508675, the number of buckets of
{V8.WasmModuleCodeSizeMiB} should not change, thus change it back to
64. Also change the number of buckets for the two new counters for
symmetry.
R=isherman@chromium.org, mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Ia7b10460be2c059d865381d3164a781668a7b0f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518173
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60208}
This Cl adds a type to {WasmTableObject}, and extends
{WasmTableObject::Set} and {WasmTableObject::Get} to support anyref
tables. I did it in one CL so that I can write tests.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I6c6d78f84715a7805f7bb881a63d3c1174f6a6ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511332
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60206}
Enable cross-origin frame filtering by exposing this bit from
ScriptOriginOptions.
Bug: v8:8956
Change-Id: I109eec9db8b3d42d68d32abc5edd437b1c91a9b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1493294
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60205}
We need to ensure that the NativeModule stays alive while any
{BackgroundCompileScope} exists, because during that time we hold
shared ownership of the mutex in the {BackgroundCompileToken}. If the
{NativeModule} dies during that period, we would need to get exclusive
ownership of the mutex and deadlock.
This change requires holding a {std::weak_ptr<NativeModule>} in the
BackgroundCompileToken instead of a raw pointer, hence it can only be
initialized after the NativeModule was created. This is done via a
separate {InitCompilationState} method.
R=ahaas@chromium.org
Bug: v8:8979
Change-Id: Ia14bd272ea0bc47aec547024da6020608418c9d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518178
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60203}
We want to get rid of the atomicops library, hence switch all uses to
std::atomic.
R=mlippautz@chromium.org
Bug: v8:8926, v8:8834
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Change-Id: I7966d4ea98c5dd2ff712b1d84a6877f407f55ec7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518176
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60202}
The TryGetOwnProperty code supports only unique names that are not
array indices. Unfortunately, this is neither obvious from its type,
nor from its comment, nor from its code.
ProxiesCodeStubAssembler::CheckHasTrapResult violated the assumption
and was already fixed a few days ago. This CL fixes
CheckGetSetTrapResult and improves our code documentation in the
form of comments and assertions. Concretely:
- Add CodeStubAssembler::IsUniqueName and IsUniqueNameNoIndex
- Use IsUniqueNameNoIndex in CheckGetSetTrapResult to guard
TryGetOwnProperty (bailout to runtime if not satisfied).
- Similarly, use IsUniqueNameNoIndex to simplify the previous fix in
CheckHasTrapResult.
- Add a IsUniqueNameNoIndex CSA_ASSERT to TryGetOwnProperty and a few
other places to avoid such bugs in the future.
- Add a IsUniqueName CSA_ASSERT to a few places where we apparently
expect unique names (I don't know if those allow indices or not).
- Add a DCHECK to Name::IsUniqueName to ensure and document that this
shortcut version is equivalent to HeapObject::IsUniqueName.
Bug: chromium:937618
Change-Id: Id4a18ab2a0e9c7591b087dd0c9fe018aa9b9ef3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514732
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60196}
In particular, remove {toUint8Array} method and make {toBuffer} return
a {Uint8Array} view to the buffer like before
https://crrev.com/c/1508352. Also, the returned view does not need to be
another copy of the bytes, it can really just be a view.
As a follow-up, this requires the test-only DeserializeWasmModule
runtime method to receive the wire bytes as Uint8Array, and also
requires the {IsWasmCompileAllowed} callback to handle
{ArrayBufferView} (like chromium's version already does).
R=ahaas@chromium.org
Change-Id: I87296cdbac14b74e7c8b38a372aa3df572ca6ad6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518172
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60195}
This removes a redundant "mov <reg>, #0" by spilling the zero register
directly.
Change-Id: I608f5200ee25e176f6d3279aec07c581d9f7d769
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1517872
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#60192}
The regexp interpreter holds several unhandlified references to heap
objects, and is thus within a DisallowHeapAllocation scope. But there
are two situations in which we can and do allocate safely:
1. When creating & throwing a stack overflow exception. The interpreter
aborts afterwards, and thus possible-moved objects are never used.
2. When handling interrupts. We manually relocate unhandlified references
after interrupts have run.
This CL explicitly allows allocations on stack overflows.
Isolate::StackOverflow allocates heap objects.
Bug: chromium:940722, v8:8724
Change-Id: I74ef6f0dd7a30bd55f49a7bc0f2f6ac82adbeda8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1518174
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60191}
Enabled Wasm interpreter as first-class tier. Depending on the flag
{--wasm-interpret-all} the interpreter is the default and only tier
used to run Wasm modules.
Change-Id: I9ffa333f7138437e646dee2113f06c1676bac331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516292
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60190}
We want to allocate feedback vectors lazily in lite mode. To do that,
we should create closures with the correct feedback cell. This cl
allocates feedback cell arrays to hold these feedback cells in lite mode.
This cl also modifies the compile lazy to builtin to expect these arrays
in the feedback cell.
Drive-by fix: InterpreterEntryTrampoline no longer has argument count in
a register. So updated comments and removed unnecessary push/pop of this
register.
Bug: v8:8394
Change-Id: I10d8ca67cebce61a284f0c80b200e1f0c24577a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511274
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60189}
This function is not used (anymore) but needs to be defined, so put an
UNREACHBLE inside.
Bug: v8:7790
Change-Id: I5a8df2cbc236f60ee95ccc9d91c288d8d9c19060
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1515792
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60188}
... similar to how we do this in native irregexp code, i.e. handle
interrupts on each backtrack. Unhandlified references into the code
ByteArray and the subject String object are updated after a potential
GC.
Since interrupts may change the subject string's representation, the
interpreter is now called in a loop to handle retries.
Bug: v8:8724
Change-Id: Ic34de8d69ccc56d4656b8ed080c2c168c212ebfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511477
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60187}
Extensions are now always passed via unique_ptr and are owned by V8.
This CL removes the deprecated API where the embedder would own the
Extension, but has no mechanism for deleting it.
R=ulan@chromium.org
Bug: v8:8725
Change-Id: Icb83660fad9d04c66f8db2265091ebabcbb197c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514493
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60186}
Added a new compilation unit for Wasm interpreter in order to make it
a first-class tier in the future. Adapted Wasm interpreter usage to
work with the new interface. The new compilation unit is currently
not used.
Change-Id: Ib9e1d0dc6ca1b03467cc43059f03ce153bb96400
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514734
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60183}
Seal read-only space before startup deserialization. This is necessary
for fully isolating read-only space creation. Strings within read-only
space are now eagerly rehashed.
Bug: v8:7464
Change-Id: I8b91a6f6b31e03e69d80109b1ca30c675a495c36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511485
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#60182}
According to the wasm js-spec, the table index can be uint32. The
implementation in our implementation expected an int though. We did not
check for the int overflow.
I replaced the throwing of the exception in WasmTableObject::Get to use
the ErrorThrower instead of throwing the exception with Isolate::Throw
directly. The reason is that I see with other CL's that I have to throw
several errors, and I don't want to introduce a new message and
MessageId for every error. Moreover, the ErrorThrower is a standard way
in wasm to throw errors. It feels right to throw the error the same way
here.
R=mstarzinger@chromium.org
Bug: chromium:940296
Change-Id: Idb77c813506fe66a3192b66fe0e8e807b80580ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514496
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60181}
Type declaration may contain a parent type in an "extends" clause.
This CL changes the token type of the name after such a clause
from std::string to Identifier*. The resulting SourcePosition is then
used to implement the "goto-definition" link from that name to the
definition of the parent type.
R=mvstanton@chromium.org
Bug: v8:8880
Change-Id: I9ea6cd83e4d6ef535906e36626f64d458c7d0270
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511481
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60179}
Since kTaggedSize got shrinked and we are actually compressing
the pointers (as oppposed to zeroing their upper bits),
we need to update the arm64 codebase to accommodate this change.
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: I890f3ab8c046f47232e80f85830f9ae8f4dbced4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499498
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60172}
When given a sticky regexp s.t. lastIndex > subject.length, the
following should happen:
1. exec returns null (= no match)
2. lastIndex is reset to 0.
This is usually done by the RegExp.p.exec builtin; but in some cases
we take different paths and try to re-implement the parts of exec that
we need.
One of these cases was in %StringReplaceNonGlobalRegExpWithFunction.
Here, we set lastIndex to 0 but then incorrectly called into
RegExpImpl::Exec. REI::Exec started matching with lastIndex == 0,
which is just plain wrong. With this CL we now correctly omit the
REI::Exec call and return null.
Bug: chromium:937681, v8:5361
Change-Id: I6bb1114a6b92ed3c6e63ec7f6ec2df4b95a19b4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514679
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60169}
This removes three unneeded includes from wasm-code-manager.h, and adds
four that were missing.
R=ahaas@chromium.org
Bug: v8:7490, v8:8834
Change-Id: I0f0f367c0ff748cc1561689b7e2badf3a7a01ca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513717
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60168}
In order to get a more complete picture about the code sizes of
compiled wasm modules, sample the code size of each module after
top-tier compilation finished. This happens via the {WasmEngine}
because that's where we know which isolates use a given {NativeModule}
and can schedule foreground tasks to sample the code size.
R=mstarzinger@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8217
Change-Id: Id585db8a9ab8f3aa1060b08411afaa31c5414f87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508404
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60167}
We currently see >20% of modules overflow on this counter, i.e. having
more than 100k functions. Thus increase the histogram size to 1M, which
is the maximum number of functions supported in v8.
R=titzer@chromium.org
Bug: v8:8975
Change-Id: Ie709ec37cdea90b78637da63b48aea0f4775cee5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514736
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60165}
Currently the total allocated address space is collected twice per Wasm
memory: Once on allocation, once on release. Recording it once provides
the same data.
R=titzer@chromium.org
Bug: v8:8975
Change-Id: I99719ecb44b14ce5da1be4a74291377f91f4038a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514738
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60164}
The WasmCompileLazy runtime function used to return the start of the
instructions of the newly compiled function. With garbage collection of
wasm code, it would be tricky to keep this wasm code object alive until
it is being called. Thus make the runtime function not return anything,
and call via the jump table instead. The jump table was patched as part
of lazy compilation to point to the compiled code.
Drive-by: Merge {LazyCompileFunction} into single caller {CompileLazy}.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Id3c02f4dfe2c536e335af2e7e1b9700203d48675
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1509472
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60163}
This CL changes the FieldAccessExpression to include a SourcePosition
for the field, allowing a jump from such an access to the definition
of a field inside a class or struct.
Drive-by: Change the source position of a field from the position
of its type to the position of its name. This will coincidentally
improve the accuracy of error messages.
R=danno@chromium.org
Bug: v8:8880
Change-Id: I7996e8a57a2ff90e8bdca6f40c1b298d48071e23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1512573
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60162}
It will soon be possible to throw arbitrary exceptions from within
interpreter execution (namely, in interrupts). We can thus no longer
assume that an EXCEPTION return code means we need to throw a stack
overflow exception.
Bug: v8:8724
Change-Id: I10e24aba4305dc7b39248ced9a52735c59ab662c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511474
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60161}
Fixing ThreadId according to the following changes:
656254b17b
Change-Id: I1e1943ac7e3ed03799c213e566816bfe5c21967d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1512718
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60159}
Our UMA data shows a lot of small modules, and I have the suspicion we
are loosing some numbers about the bigger ones. Thus sample the module
code size after baseline compilation finished. At that point the
majority of the code was generated.
Sampling after top-tier finished is not that easy since we do not spawn
a foreground task at that point.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Icaa4a2efb201d24cbc8d2e1b8da516ae26574f01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508675
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60158}
It wasn't always guaranteed that they were serialized before taking the
dependency.
Bug: chromium:940361
Change-Id: Id5e5e14532809e7496546c2011176e33848506ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514495
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60156}
Similar to NativeRegExpMacroAssembler::Result, the regexp interpreter
will need a RETRY return code in case the subject string
representation changes during an interrupt. This CL adds a new
IrregexpInterpreter::Result type to decouple from RegExpImpl::Result.
Bug: v8:8724
Change-Id: I946fc0cbc4d7d8631312b72f13a45abeb9986905
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511472
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60154}
The table_object instance field is not needed anymore because its
purpose is fulfilled now by the tables field I introduced to support
multiple tables.
In addition I removed {table_instances_} from the {InstanceBuilder}.
This field existed because tables could exist without a WasmTableObject.
With recent changes, WasmTableObjects always exist.
R=mstarzinger@chromium.org
Bug: v8:7581
Change-Id: I5e8e3d2910f7ed7ae74d61eff660f9451b3493ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1466641
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60149}
This is a pre-work for allocating feedback vectors lazily. Feedback cells
are required to share the feedback vectors across the different closures
of the same function. Currently, they are held in the CreateClosureSlot
in the feedback vector. With lazy feedback vector allocation, we may not
have a feedback vector. However, we still need a place to store the
feedback cells, so if feedback vector is allocated in future it can still
be shared across closures.
Here is the detailed design doc:
https://docs.google.com/document/d/1m2PTNChrlJqw9MiwK_xEJfqbFHAgEHmgGqmIN49PaBY/edit
BUG=v8:8394
Change-Id: Ib406d862b2809b1293bfecdcfcf8dea3127cb1c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1503753
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60147}
The {id_} stored in {ThreadId} should not be atomic. Only getting a new
id for the current thread needs to be atomic. If any user of {ThreadId}
needs atomicity, that user should wrap {ThreadId} in a {std::atomic}
instead.
Drive-by: Remove {Equals} method, use {operator==} instead.
Drive-by: Move static methods after member methods.
R=ishell@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8834
Change-Id: Id0470eb2fa907948843ac1153e2dc5dcd9a8fbc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1494006
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60146}
v8::EmbedderHeapTracer::TracePrologue may call back into V8 during
StartMarking. In this case we expect that the write barriers are set up and
consistent, i.e., global flag matches page flag.
Blink calls back into V8 in a corner case where sweeping is finalized on
incremental marking start which may trigger resettting a V8 Value which may
trigger DescriptorArray re-shuffling.
Bug: chromium:940003
Change-Id: Ia15c798d0faaab802df1c3b569b5b6a323a4fe59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1514492
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60145}
Currently, if input types are not string or number, ToString builtin
will fall into runtime and a loop of ToPrimitive and type-checks is
done in runtime, which is slow.
This CL reimplements ToString to add support for that ToPrimitive and
type-checks loop in CSA instead of runtime to improve performance. This
will benefit Array.prototype.toString/join a lot when the array elements
are objects.
This Cl improves the performance of Speedometer2.0 EmberJS-Debug case
by ~14% on Atom.
Change-Id: I27c2669097be1e542e30119cdffcf79c0d16a0eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1498698
Commit-Queue: Shiyu Zhang <shiyu.zhang@intel.com>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60144}
If the branch associated with the condition is kDead, the current
node will be killed anyway, so let us just survive the lowering.
Bug: chromium:935092
Change-Id: If7b39e3b5452d6c9bc5199080eb38725e6c4eab5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1488769
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60143}
This should not be used anymore (and it definitely is not by Node.js
or Chromium).
Change-Id: I4a1ce1fda98efd197a64ce0969dae5c8b18f6e97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511484
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60139}
Integer splats should use an operand when a register is not allocated.
Bug: V8:8927
Change-Id: I14c80b7b073fae3754ec32f4fa8605af399ef341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1513102
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60138}
We want to compare two inputs so need to perform the same
operation(ExtractBits) on them.
Change-Id: I6c81884fdd34dfa125b842f010cd40f8a6816a0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1511132
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60136}
This allows the devtools to preview the private fields that are
installed on an object.
Change-Id: I6d8aad7ad0e51cdf18f6139b4bb8665e4b606aa5
Bug: v8:8773, v8:8337
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1487914
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60134}
Call to ReduceKeyedLoadFromHeapConstant got lost in rebasing,
as did the kHas check in ReduceElementAccessOnString. Added
some tests to ensure both cases are covered.
Change-Id: I8d6992c33315436b6228471b9bc57e3b267ad09f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508837
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60132}
This is the reland of https://chromium-review.googlesource.com/c/v8/v8/+/1495898
builtin_function_id corresponded to BuiltinFunctionId (a manually maintained list of 'interesting' functionsmainly used during optimization). With this change, we nuke builtin-function-id in favor of builtin-id and 8 bits is freed up in SFI.
Bug: v8:6993
Change-Id: I7e1681cc2a95864c71ce8bdda075481310607166
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506445
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60131}
the problem is that we call irregexp code in two ways:
1. CallCFunction9 from CSA builtins
2. Through GeneratedCode::Call from the runtime.
1 is a standard C call and expects the target to be a FD,
2 is our own implementation where we dynamically generate a FD.
So there's a mismatch between the two.
Change-Id: I8391db30fa7586d296b5d1880a7f44dafad21a2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1487341
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60129}
This CL contains find, findIndex, every and some. Now that we've
established the pattern on the torque side for iterating array
builtins, it's a very easy port, which nonetheless decreases
code size in the snapshot, w00t!
Bug: v8:8906
Change-Id: I3082d8e3e298e55733a42d6b441e5812b7f12f3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496976
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60128}
inspector target has header come from protocol_generated_sources in
sources. So protocol_generated_sources needs to be in public_deps.
Bug: chromium:931596
Change-Id: I3b5ea390e79549b48930b16819840e1a0f87304b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1506994
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60125}
This modifies the ObjectVisitor to provide a dedicated VisitEphemeron
method invoked when visiting a EphemeronHashTable. This is pre-work
for further changes to how ephemerons are handled during scavenging.
Bug: v8:8557
Change-Id: Ia423b10667ec222cbe5f44d8a931ea33314625f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508673
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60119}
Optimizations to use fast memmove to move elements are preserved, as
well as heuristics for bailout to the runtime if left or right
trimming is desired.
Bug: v8:7672
Change-Id: I01ffc1143b63d705d99a40eab3a7e873596d0aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1499495
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60118}
We have to create WasmExportedFunction objects for any WebAssembly
function which may escape a WebAssembly instance. Up until now we
created these WasmExportedFunction objects eagerly during instantiation
time: for any exported function, and any element in an exported table we
create such an object.
With the anyref proposal, the table.get instruction can allow any
function in a table to escape its instance. Therefore we would have to
create a WasmExportedFunction object for any function which is put into
a table.
With this CL we create WasmExportedFunctions for table entries lazily.
We initialize tables with placeholders consisting of the instance and
the function index. If we encounter a placeholder in table.get, we
create the WasmExportedFunction for the expected function to return it.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Bug: v8:7581
Change-Id: I4f32bd7433285d0b04a22c0fb70b736bac55b3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505575
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60115}
instead of forwarding template constructors for these classes introduced in
edab9a2021 commit.
TurboAssemblerBase constructors were declared as public to make the inherited
TurboAssembler, and MacroAssembler ctors also public.
This fixes Visual C++ 2017 compile error, when the template ctor in
TurboAssemblerBase class matches deleted copy ctor.
Bug: v8:8935
Change-Id: I1144a7025830c3a0ab86acaa8ea81def02d293b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1496977
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60114}
RotateRight32 needs a "number of bits" operand in the range 0..31.
Thankfully that's how x86 shift instructions behave anyway, and
how the bitwise shift operators in JavaScript are spec'ed, so this
fix is unobservable in non-UBSan builds.
RemoveArrayHolesGeneric can be used for length values anywhere in
the uint32_t range, so it must not implicitly cast those to int.
That actually caused an observable bug where a proxy's traps would
not get called at all, but only for huge "length" properties, where
the entire operation would also be painfully slow.
Bug: chromium:935133, chromium:937652
Change-Id: I13f74ca27eae6b2b089d58217842b699b2574509
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510272
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60112}
This is a reland of 821bc64951
Original change's description:
> [wasm simd] Fix F32x4 Min and Max
>
> - Fix F32x4 tests to save results in globals, so they can be checked
> in C++ code. Perform correct checks in case of NaNs.
> - Fix ia32, x64 implementations of F32x4Min, F32x4Max to correctly
> deal with NaNs.
> - Enable tests for all float values on all platforms, except skip
> denormalized results on ARM, and skip extreme values for reciprocal,
> reciprocal square root approximation opcodes.
> - Disable Min, Max test for interpreter (see v8:8425) since it doesn't
> handle NaNs correctly.
> - Fix vmin, vmax implementations in ARM simulator.
>
> Bug: v8:8639
> Change-Id: I87e188e3cb078f09fdacfd9955f426c20a11bf64
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1495897
> Commit-Queue: Bill Budge <bbudge@chromium.org>
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60021}
Bug: v8:8639
Change-Id: Ic557aa1d323693eabf5885ff5eddc15e3174079b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1501279
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60109}
V8's MemMove and libc's memset do not specify how the memory is filled,
but wasm requires the direction to be backward only when the regions are
overlapping and the source address is less than the destination address.
Bug: v8:8950
Change-Id: If392967b51b33ad65fe145660f44b857559e34b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507316
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60106}
... because the latter are not meant to be modified from non-main thread
and especially after V8 isolate is set up while the former are modified
cuncurrently by tracing API.
Tbr: verwaest@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Bug: v8:8929, v8:8834
Change-Id: I44d3da2f388bb8bb8d0365ac6354e761bf92b936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505581
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60104}
This change enables clean-up of weak map entries in the
scavenger of the weak map is in the young generation.
With this change, the scavenger treats keys in ephemerons as
weak instead of strong, but does not implement full ephemeron
semantics: Values are treated always as strong, independently
of whether the key is live or not.
This approach ensures that no value is cleaned up accidentally.
After scavenging, all entries with dead keys are removed from
weak maps. After that, some values that are not referenced anywhere
anymore might still be in the heap, and those can be cleaned up
in the next scavenge.
What the scavenger does, amounts to one iteration of the
fixed-point algorithm required to implement ephemeron semantics.
We hope that this is a reasonable trade-off between time spent
tracing and cleaned-up entries.
This change does not affect weak maps that reside in old space.
Bug: v8:8557
Change-Id: Ic5618b3b863ad8c314c87449571150e756fecbf0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1467182
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60101}
smi size is sill 8 bytes when V8_COMPRESS_POINTERS is undefined.
Bug: v8:7703
Change-Id: I0d1e757e42e8b1e6b10960420135245e24553175
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1508572
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Auto-Submit: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60097}
