This CL enhances the interface of the fast C API with constants and
structs necessary for supporting JSArrays, TypedArrays and ArrayBuffers.
It also adds checks for incompatible combinations of argument type/flags.
Bug: chromium:1052746
Change-Id: I032167d0739d33f8151f78574c89d565cb9bd821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74857}
The delegate instruction is executed when an exception is thrown, not
after the last instruction of the block. Handle reachability
accordingly.
R=ahaas@chromium.org
Bug: chromium:1212396
Change-Id: I55e342cd73da44142cfbad7e16ab65ef513e6a60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928499
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74855}
Change API RegExp::GetSource to return a string identical to ToString()
and RegExp.prototype.source.
Bug: v8:11693
Change-Id: I3d148883fe6f8a3ff49e552ddd72b1e92f52baf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74854}
This CL refactors mjsunit tests, so that the common core of all tests is
abstracted away.
Bug: v8:11525, v8:11706
Change-Id: I24a1af4298380e21a64e4d17149422c32fbf8a4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914882
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74853}
Removing some additional complexity that is not frequently used.
Change-Id: I10195971d872d710ba3a87170fb62c1948e7716e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923502
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74851}
Use Relaxed_Memcpy when making a new TypedArray that copies from a
SharedArrayBuffer.
Bug: chromium:1209639
Change-Id: Iaa1f069552f0aa42a1f423e5ee0a913b3330153c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923274
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74842}
And add s10 to scratch_register_list. Clean up t* register used in macroassembler
Bug: v8:7703
Change-Id: Ib8477cd7528b8c2a2297da3f46659f30af45286e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914246
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74841}
The refactoring makes it explicit that a v8::Array results in a
protocol::ListValue, and a v8::Object in a protocol::DictionaryValue,
which will be useful in a follow-up.
Bug: chromium:1213393
Change-Id: I0d6e5b013a828e12cb3200672d4fd9b14a14a807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919831
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74839}
To support Fast API calls with overloads, implement compile-time
function resolution based on the number of arguments passed to the JS
function.
Bug: v8:11739
Change-Id: I96839dc0b6fc540eff94573ac9e77f678908fc3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901249
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74837}
The counter as size_t can legitimately overflow on 32-bit systems, since
decreasing the counters is performed after all backing stores were
freed on a background thread. Before sweeping is finished a new backing
store could already be allocated which then leads to the overflow.
Bug: v8:11788, chromium:1211437
Change-Id: Id9f3e58b0e84e831fe47109f7deb3a05ae7e489c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922242
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74836}
This reverts commit 17915002fc.
Reason for revert: Breaks TSAN builds (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20builder/19166/overview)
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: I20f239e64ec2834acd651341634974291992add5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922316
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74832}
Calls to the record write stub are quite frequent and the caller has to
save all registers used by the builtin.
This CL moves the register saving to the builtin itself, reducing the
call-site code size significantly in many cases and thus improving
compilation speed of sparkplug.
Follow-up CLs with introduce the same behaviour to other platforms.
- CallRecordWriteStubSaveRegisters preserves the existing behaviour and
saves clobbered registers.
- CallRecordWriteStub expects the registers to match the ones specified
in the WriteBarrierDescriptor for more compact code.
Bug: v8:11420
Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74831}
This CL does 2 things:
1) Implements forwarding of histogram reporting from cppgc to v8 via
CppHeap.
2) Establishes the pipeline in GCTracer for sending the histograms to
the embedder.
Currently only cppgc histograms are populated.
See crrev.com/c/2916956 for usage.
Bug: chromium:1154636
Change-Id: I8150116f757e105d0dfac96a3f6e7dd95717f5bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917033
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74830}
With mprotect-based write protection of the WebAssembly code space,
we switch page protection flags each time (at least) one compilation
thread needs write access. Two such switches happen when TurboFan
compilation results are available in {ExecuteCompilationUnits}: One
switch happens when calling {NativeModule::AddCompiledCode} and one more
when calling {NativeModule::PublishCode} via
{SchedulePublishCompilationResults} and {PublishCompilationResults}.
So far, each TurboFan result was published eagerly, i.e., as soon as it
became available. This has the benefit that faster code is available
immediately, and had no large cost or downside without write protection.
However, with write protection switching permissions is expensive (an
mprotect syscall) and needs to lock the
{WasmCodeAllocator::allocation_mutex_} (which causes lock contention and
under Linux many futex syscalls). Thus, immediately publishing each
TurboFan result when using write protection can cause up to 10x slower
compilation compared with not using write protection. In terms of
syscalls we measured (non scientifically) with
{sudo perf stat -e 'syscalls:sys_enter*' d8 ...} on the Unity benchmark:
- mprotect: 10k vs. 44k syscalls (baseline vs. write protection)
- futex: 31k vs. 112k syscalls (baseline vs. write protection)
- sys time: 1.6s vs. 10s (baseline vs. write protection)
All of those are clearly to high.
The fix here is simply to batch togther multiple TurboFan functions into
one publishing step when using write protection. The batching logic
already exists for Liftoff, so we can just disable eager publishing for
TurboFan when using write protection. Additionally, we publish once when
all Liftoff results are available (even if the batch is not complete),
such that time-to-execute is not regressed.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Bug: v8:11663, chromium:932033
Change-Id: Ibf6f28ecf4733b40322e62761e66046dec60a125
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922114
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74829}
This reverts commit 5fd3858258.
Reason for revert: Failures on the predictable bot: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20predictable/36749/overview
Original change's description:
> [flags] Predictable should not imply single-threaded
>
> The --predictable flag is often used to reproduce issues, and having it
> imply --single-threaded can change decisions like which compiler(s) to
> use. This is because --single-threaded is meant to be set by embedders
> (hence we do our best to support single-threaded execution), whereas
> --predictable is a testing-only flag which should not change semantics
> too much. The fact that --predictable executes everything in a single
> thread is already implied by the PredictablePlatform.
>
> R=ahaas@chromium.org, machenbach@chromium.org
> CC=jkummerow@chromium.org
>
> Change-Id: Ic174dd59dfdbd6aa1a410f983db05db26c944cd5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919828
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74822}
Change-Id: Id312cd2b3a150fa3e61daf6550651dc252264ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922248
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74828}
When 'beforeScriptExecution' is enabled, a pause event may be generated
with a reason of 'instrumentation' rather than 'other.' This patch
ensures that in the case of a schedule-break, both an 'instrumentation'
and 'other' pause event is generated.
This is important for debuggers that rely on getting 'other' breakpoints
to determine if they should actually break, or continue executation.
Change-Id: I73613f4df6fa7942e7ca2be58853e5420589ba0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2915680
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74827}
This adds detection for constant memory indexes which can statically be
proven to be in-bounds (because the effective offset is within the
minimum memory size). In these cases, we can skip the bounds check and
the out-of-line code for the trap-handler.
This often saves 1-2% of code size.
R=ahaas@chromium.org
Bug: v8:11802
Change-Id: I0ee094e6f1f5d132af1d6a8a7c539a4af6c3cb5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919827
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74825}
This is to mitigate flaky timeouts due to memory problems on some
Bionic bots.
Bug: v8:11818
Change-Id: I4758f0f167b94d81f43e183a5599a39d8545b4e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922245
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74824}
This function broke abstraction and as a result became incorrect when
the call feedback was extended with the CallFeedbackContent flag.
Bug: v8:11821, v8:9974
Change-Id: Ic40dc45440a697a554d015dd50f0178e79963920
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919820
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74823}
The --predictable flag is often used to reproduce issues, and having it
imply --single-threaded can change decisions like which compiler(s) to
use. This is because --single-threaded is meant to be set by embedders
(hence we do our best to support single-threaded execution), whereas
--predictable is a testing-only flag which should not change semantics
too much. The fact that --predictable executes everything in a single
thread is already implied by the PredictablePlatform.
R=ahaas@chromium.org, machenbach@chromium.org
CC=jkummerow@chromium.org
Change-Id: Ic174dd59dfdbd6aa1a410f983db05db26c944cd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919828
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74822}
This CL renames the --d8-web-snapshot-api flag to explicitly mark it as
experimental, so that it is ignored by fuzzers.
Bug: v8:11525, v8:11706
Change-Id: Iff8a9d5697b60d0ade841773d1f0b537fcb19b70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922109
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74820}
Use a read-write lock for protecting original_top, original_limit and
pending_object for all spaces. This way Heap::IsPendingAllocation is
always guaranteed to read a consistent top/limit-pair and also the
last values for those fields.
The main thread will acquire an exclusive lock to update those fields.
Concurrent Turbofan threads will use shared locks to read them.
This may be quite expensive on the Turbofan-side, so landing this CL
should help us figure out how big of a regression this simple fix would
be. For main thread execution performance is supposed to be okay, since
this is only used on the allocation slow path.
Bug: v8:11778, chromium:1213266
Change-Id: I9464f53fd50057ec2540ab5b79f74ee52a5d7500
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903143
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74814}
Based on an analysis of auto-generated code, based on
browser_protocol.pdl and js_protocol.pdl:
https://goreportcard.com/report/github.com/daabr/chrome-vision#misspell
Bug: chromium:1213460
Change-Id: Ib96b2d2700d0bf1ac90e88accd0bc15eccbb9d7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848874
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74810}
The timer might not be started when the main thread starts shutdown
between a background thread invoking RequestGC() and
AwaitCollectionBackground().
Add early bailout to AwaitCollectionBackground() in case shutdown
was already initiated.
Bug: v8:11823
Change-Id: Id646cdefa99adb04553c21337ad19538071ee3d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919957
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74808}
