If FLAG_enable_embedded_constant_pool is false, the field for the
builtin index would alias the field for the constant pool offset in the
code object. This makes constant_pool() return the builtin index, but it
also makes set_constant_pool() override the builtin index (and vice
versa).
This CL fixes this by making all constant_pool accessors honor that
flag.
R=mstarzinger@chromium.org
Change-Id: I88803a4f28bd5a2fe85a310708c7a365cc457339
Reviewed-on: https://chromium-review.googlesource.com/970586
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52076}
Off-heap code cannot embed external references. With this CL, we load
from the external reference table (reached through the root pointer)
instead.
In a follow-up, the table could be stored within the isolate itself,
removing one more level of indirection.
Bug: v8:6666
Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
Reviewed-on: https://chromium-review.googlesource.com/970468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52073}
Part of ongoing work to remove the construct_stub field of the SFI.
Generate_InternalArrayConstructor was actually incorrect for packed
internal arrays, where it would instead create a regular internal array
because it loaded the constructor function from the context every time.
Ultimately InternalArray should be removed, or the constructor ported
to CSA in the meantime. But for now, it is off the critical path for
the construct_stub removal.
Also fix a bug: Runtime_NewArray expects a type_info parameter, which
should be in rbx (on x64). Because we now go through
JSBuiltinsConstructStubHelper first, rbx is loaded with a value that
doesn't look like a heap object, which causes a crash in NewArray.
Fix that by first loading undefined explicitly (which is what the
ArrayConstructor builtin does already).
Bug: v8:7503
Change-Id: Ic92fa8864b0af2d32200eb0176ba55ccff03b114
Reviewed-on: https://chromium-review.googlesource.com/970823
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52072}
src/base/debug/stack_trace_posix.cc: suppressed unused function warnings
for functions DemangleSymbols, OutputPointer(in order to compile with
-Werror flag)
test/cctest/test-isolate-independent-builtins.cc: corrections to make
ByteInText test case compatible with aix. (affects aix only)
Change-Id: I49e45e63545404c77aaed3f51b26557f6f03455e
Reviewed-on: https://chromium-review.googlesource.com/927484
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52071}
We currently never shrink the StringTable which causes excessive memory usage
on certain websites. This CL tries to mitigate this by shrinking the
StringTable if it is very empty (nof_elements * 16 < capacity) hopefully
avoiding costly reallocations.
Bug: chromium:818642, v8:5443
Change-Id: I4e6a95b3a6992b499fa6dd59ae159c51f089965a
Reviewed-on: https://chromium-review.googlesource.com/970465
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52070}
Loading external references from off-heap builtins will be
root-pointer-relative. At least initially, these loads will happen in
CSA and thus need access to the root pointer value.
Bug: v8:6666
Change-Id: Iae4c89061df442f5afd03f93e5ba35c4e125b850
Reviewed-on: https://chromium-review.googlesource.com/970264
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52069}
The embedders should use the EmbedderGraph API. The similar structure
can be created with the following steps:
1) Create a root node for each retainer info group.
2) Iterate all handles using Isolate::VisitHandlesWithClassIds.
3) Add an edge from the retainer info node to the v8 wrapper node.
4) Add an edge from the v8 wrapper node to the retainer info node.
See how HeapSnapshotRetainedObjectInfo is converted to the new API.
Bug: chromium:749490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I124ae3853354863b4f888e6aa2ea13777dcaa37d
Reviewed-on: https://chromium-review.googlesource.com/948842
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52067}
Port CallIndirect and CallRuntime methods. Also, implement methods
for allocation and deallocation of stack slots, which are used in
trace memory operations.
Bug: v8:6600
Change-Id: I99e0115dcf6d971229892b27b4b4f01d0c5441e8
Reviewed-on: https://chromium-review.googlesource.com/970262
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52065}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
Reviewed-on: https://chromium-review.googlesource.com/952452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52064}
This was removed in one of the branches during weak-refs work.
Bug: v8:7574
Change-Id: Id2a1af22b1150d8c888c117c023e8c78f532b9f2
Reviewed-on: https://chromium-review.googlesource.com/970702
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52061}
The embedders should use the new EmbedderGraph API to provide retainer
info.
Bug: chromium:749490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iac8dc1e749ef14277b027f43e799357c5bd413ea
Reviewed-on: https://chromium-review.googlesource.com/948489
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52059}
The MessageLoopBehavior might change over time: Sometimes we want to
wait because wasm background compilation is going on, sometimes we
don't. This makes the semaphore go out of sync with the task queue (we
always notify it when a new task is scheduled, but we only sometimes
wait on it).
Using a condition variable instead of a semaphore avoids this problem.
R=ahaas@chromium.org
Change-Id: Ib9850efc634f5988d3f824895b6566bd76475985
Reviewed-on: https://chromium-review.googlesource.com/969122
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52057}
In general, TurboFan doesn't encounter phi nodes with only a single
data input in the backend. However, CSA-based builtins (especially
auto-generated ones, e.g. from Torque), may contain single-input phi nodes,
although outside the auto-generated case this doesn't happen much in practice.
Single input phi nodes (i.e. phis in blocks with one predecessor) don't have
any side effects and are essentially useless and harmless, but to avoid problems
in the backend of TurboFan (whose SSA deconstruction disallows control flow
splits that continue to blocks with phis), this CL tweaks the existing
CSA-only control flow and graph sanitization in the CSA path to ensure
no no-op phis.
Change-Id: I109f4dc6cde5ad1794585a09609a230b1848e0d5
Reviewed-on: https://chromium-review.googlesource.com/963711
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52056}
This is a reland of 40d66d8bf8
The fix disambiguates duplicate symbols in the generated embedded
builtins file.
Original change's description:
> [build] Make separate snapshot for trusted variant
>
> This enables side-by-side snapshots with and without untrusted-code
> mitigations. It'll be the default in all V8 stand-alone builds
> with external startup data. Internal snapshots are not supported.
>
> The files snapshot_blob.bin and snapshot_blob_trusted.bin will be
> bundled with V8 on swarming and the correct file is loaded dependent
> on the --untrusted-code-mitigations runtime flag.
>
> Likewise we embed two snapshots for builtins.
>
> Side-by-side snapshots won't be supported in Chromium.
>
> Bug: v8:7441
> Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524
> Reviewed-on: https://chromium-review.googlesource.com/960004
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52028}
Bug: v8:7441
Change-Id: I626171d4e07389f0453b4d0a698e2772fd37e8c5
Reviewed-on: https://chromium-review.googlesource.com/968623
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52055}
This adds support to get or set globals of all the standard types (i32,
i64, f32, f64).
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ie8d14d3d964e2abe3f19945a0e80b0e8462e9485
Reviewed-on: https://chromium-review.googlesource.com/969262
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52054}
Adds a new space RO_SPACE and modifies the serializer and other machinery
to support it.
Currently RO_SPACE has nothing in it, but will eventually contain all the
immovable immutable objects, so the GC can ignore it.
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib2ff474699196c138df8c24f7a2248471e30fbac
Reviewed-on: https://chromium-review.googlesource.com/925703
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52053}
It was stored in a shared_ptr so far, which makes it more difficult to
reason about life times. Since there is always exactly one owner of the
AsyncCompileJob, a unique_ptr actually suffices.
R=ahaas@chromium.org
Change-Id: If94c9091889ad05325c559a97e9a9ffeee8d450c
Reviewed-on: https://chromium-review.googlesource.com/968604
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52052}
This adds support for the f32.abs and f64.abs opcodes.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I05a16bb4301d492ba8d22a6326c7b2ce0f9f2faa
Reviewed-on: https://chromium-review.googlesource.com/968502
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52051}
Also unskip test that has already been fixed in f1b1ec7.
R=jgruber@chromium.org
Bug: v8:178
Change-Id: I9cd2156ef41146b0dd58a974088726f5cbda8058
Reviewed-on: https://chromium-review.googlesource.com/970243
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52050}
In order to remove the construct_stub field of the SFI we need all
construct stubs to be the same, and do any branching at runtime
instead. For builtins we don't need to set the construct stub because
the builtins construct stub will call into it for us.
There should only be two builtins left without the builtins construct
stub: Array and InternalArray, which are special cases that need to
be dealt with in another CL.
Bug: v8:7503
Change-Id: If0d419399a9ee22c09cf2a5a3d3dbea7a04dee77
Reviewed-on: https://chromium-review.googlesource.com/968862
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52046}
This reverts commit 46a3c77201.
Reason for revert: This is actually not quite ready. What we need is a speculation free poisoning, and if we do another branch, then I think that won't happen.
Original change's description:
> [turbofan] Masking/poisoning in codegen (optimized code, mips & mips64)
>
> This introduces masking of loads with speculation bit during code generation.
> At the moment, this is done only under the
> --branch-load-poisoning flag, and this CL enlarges the set of supported
> platforms from {x64, arm, arm64} to {x64, arm, arm64, mips, mips64}.
>
> Overview of changes:
> - new register configuration configuration with one register reserved for
> the speculation poison/mask (kSpeculationPoisonRegister).
> - in codegen, we introduce an update to the poison register at the starts
> of all successors of branches (and deopts) that are marked as safety
> branches (deopts).
> - in memory optimizer, we lower all field and element loads to PoisonedLoads.
> - poisoned loads are then masked in codegen with the poison register.
> * only integer loads are masked at the moment.
>
> Bug: chromium:798964
> Change-Id: I211395b8305ed0ad9288d6da48fa159fa970c827
> Reviewed-on: https://chromium-review.googlesource.com/951382
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
> Cr-Commit-Position: refs/heads/master@{#52042}
TBR=mvstanton@chromium.org,mstarzinger@chromium.org,ivica.bogosavljevic@mips.com
Change-Id: Ief4d9ef56d918172f0b545d321a64b1ab5b46915
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:798964
Reviewed-on: https://chromium-review.googlesource.com/969041
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52045}
Synchronous compilation currently continues creating new tasks even
though compilation has already failed. This stops the creation of
new background tasks and makes sure that the background task manager
in the CompilationState is not canceled twice.
Change-Id: Ic4c55275ff70e7eca901ad357253f81aa8e2e8e1
Reviewed-on: https://chromium-review.googlesource.com/968781
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52044}
EmitMonomorphicBinOp and EmitBinOpWithDifferentResultType were nearly
identical, they just differ in one argument to GetUnusedRegister.
This CL merges them.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ief75beb410c8ba248b43cd382693f25bd9153d74
Reviewed-on: https://chromium-review.googlesource.com/968501
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52043}
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64, arm, arm64} to {x64, arm, arm64, mips, mips64}.
Overview of changes:
- new register configuration configuration with one register reserved for
the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
of all successors of branches (and deopts) that are marked as safety
branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
* only integer loads are masked at the moment.
Bug: chromium:798964
Change-Id: I211395b8305ed0ad9288d6da48fa159fa970c827
Reviewed-on: https://chromium-review.googlesource.com/951382
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52042}
For problems with the current approach, see crbug.com/v8/7564.
We can instead gather all weak references in code in VisitEmbeddedPointer.
BUG=v8:7564, v8:7308
Change-Id: Ib369e7ab9efd62c90bdac69835318929c58217f2
Reviewed-on: https://chromium-review.googlesource.com/968250
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52041}
This type is dangerous because it can become smaller over time (as
strings get internalized).
Bug: v8:6521
Change-Id: Iea650789ab52c13a0519f46999edc8a7959ccc71
Reviewed-on: https://chromium-review.googlesource.com/968525
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52040}
This is another step towards efficient external reference access from
off-heap builtins.
Bug: v8:6666
Change-Id: I6f128a8a64724acaa092f28b1fceae01e3c05487
Reviewed-on: https://chromium-review.googlesource.com/968481
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52039}
This avoids a deopt loop.
Bug: v8:7254
Change-Id: I3a676186bc52fd47b03f03c26cb07d9257993693
Reviewed-on: https://chromium-review.googlesource.com/968503
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52036}
This reverts commit 40d66d8bf8.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Mac64/builds/20910
Original change's description:
> [build] Make separate snapshot for trusted variant
>
> This enables side-by-side snapshots with and without untrusted-code
> mitigations. It'll be the default in all V8 stand-alone builds
> with external startup data. Internal snapshots are not supported.
>
> The files snapshot_blob.bin and snapshot_blob_trusted.bin will be
> bundled with V8 on swarming and the correct file is loaded dependent
> on the --untrusted-code-mitigations runtime flag.
>
> Likewise we embed two snapshots for builtins.
>
> Side-by-side snapshots won't be supported in Chromium.
>
> Bug: v8:7441
> Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524
> Reviewed-on: https://chromium-review.googlesource.com/960004
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52028}
TBR=rmcilroy@chromium.org,machenbach@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I5b18f7aff7c05a17842fc68d785bb617eeca4a41
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7441
Reviewed-on: https://chromium-review.googlesource.com/968622
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52029}
This enables side-by-side snapshots with and without untrusted-code
mitigations. It'll be the default in all V8 stand-alone builds
with external startup data. Internal snapshots are not supported.
The files snapshot_blob.bin and snapshot_blob_trusted.bin will be
bundled with V8 on swarming and the correct file is loaded dependent
on the --untrusted-code-mitigations runtime flag.
Likewise we embed two snapshots for builtins.
Side-by-side snapshots won't be supported in Chromium.
Bug: v8:7441
Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524
Reviewed-on: https://chromium-review.googlesource.com/960004
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52028}
