The method is only called from module-compiler.cc, hence we can call it
on {CompilationStateImpl} directly and do not need to expose it.
R=mstarzinger@chromium.orgCC=frgossen@google.com
Change-Id: I72dcd7b109cfdb0b3fd78be635c482289c69dd9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587389
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61086}
{TurbofanWasmCompilationUnit} does not store any data except for a
pointer back to the {WasmCompilationUnit}, and has a single method only.
Thus remove it, and replace it by a static function.
This saves one field per compilation unit.
R=mstarzinger@chromium.org
Change-Id: I2bcb9246c65e6971aa747488ea631886ca3bc037
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587388
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61084}
{InterpreterCompilationUnit} does not store any data except for a
pointer back to the {WasmCompilationUnit}, and has a single method only.
Thus remove it, and replace it by a static function.
This saves one field per compilation unit. We can probably also remove
{TurbofanWasmCompilationUnit} in a similar way, which I will do in a
follow-up CL.
R=mstarzinger@chromium.org
Change-Id: I8fc2e18366757573499fd57f909ec8222c27be38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587387
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61083}
Our {Vector} template provides both {start} and {begin} methods. They
return exactly the same value. Since the {begin} method is needed for
iteration, and is also what standard containers provide, this CL
switches all uses of the {start} method to use {begin} instead.
Patchset 1 was auto-generated by using this clang AST matcher:
callExpr(
callee(
cxxMethodDecl(
hasName("start"),
ofClass(hasName("v8::internal::Vector")))
),
argumentCountIs(0))
Patchset 2 was created by running clang-format. Patchset 3 then
removes the now unused {Vector::start} method.
R=jkummerow@chromium.orgTBR=mstarzinger@chromium.org,yangguo@chromium.org,verwaest@chromium.org
Bug: v8:9183
Change-Id: Id9f01c92870872556e2bb3f6d5667463b0e3e5c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587381
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61081}
{LiftoffCompilationUnit} does not store any data, and has a single
method only. Thus remove it, and replace it by a static function.
This saves one field per compilation unit. We can probably also remove
{TurbofanWasmCompilationUnit} and {InterpreterCompilationUnit} in a
similar way, which I will do in follow-up CLs.
R=mstarzinger@chromium.org
Change-Id: I5e1a7d4245fd8bce4862cc83c96f9dac8e0c635e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587386
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61080}
CodeBuilder allows much simpler building of Code objects. The current
approach uses a large number of default parameters, which makes it difficult
to use and add any new ones. Large chunks of code are also duplicated across
TryNewCode and NewCode. The follow up CL completely removes these methods.
Bug: v8:9183
Change-Id: I6e988fd00bb89b871346100fe56dd01a9bd46073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585736
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61079}
This is a reland of 7a2651cbf5
x18 is not allocatable nor callee-saved in v8, so stop comparing
the before/after value in tests.
Presumably the Nexus failure was due to printf on that platform
clobbering x18.
This can be reproduced locally by modifying `CorruptAllCallerSavedCPURegister`
to also corrupt x18.
CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng
Original change's description:
> [arm64] Cleanup TODO around handling of x18
>
> Use `padreg` instead of x18 to maintain alignment in the CPURegList.
>
> Also clean up some comments and tidy up RequiredStackSizeForCallerSaved
> and PushCallerSaved.
>
> Change-Id: I80a780e5649e69a1746c43f37c2d1d875120c7a0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581609
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#60987}
Change-Id: I7c023a4706a98bcb9aa5acd37016a6d01e3979a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583762
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61078}
Allow for a third compilation strategy that compiles baseline code
lazily but initiates top tier compilation immediately. The strategy aims
at reducing startup time.
Bug: v8:9003
Change-Id: Ifd2060b25386c5221a45f6038c3849afeb956e69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571620
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61077}
New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support
compressed pointers in generated code. Enum name EMBEDDED_OBJECT
changed to FULL_EMBEDDED_OBJECT.
RelocInfo::[set_]target_object() abstract away the difference between
FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT.
Compressed embedded objects can only be created at this time on
x64 with pointer compression turned on. Arm64 constant pools don't
support compressed objects at this time.
Bug: v8:7703
Change-Id: I03bfd84effa33c65cf9bcefa5df680ab7eace9dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547661
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61076}
This adds a flag to print a message on important GC events, like
triggering a GC, reporting live code per isolate, and finally deleting
dead code.
This helps debugging issues with wasm code gc.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I901199bc19b2a8718728a9e4918c30e295e0e92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585842
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61075}
One fundamental assumption of the wasm code GC is that code becomes
"potentially dead" at most once; if the ref counts drops to zero later,
it should be freed for real.
In the current implementation, it happens that code becomes potentially
dead, then becomes dead for real (it's removed from the set of
potentially dead code), and then we remove the last reference. At that
point, we re-add the code to the potentially dead code, considering it
for garbage collection again. This can lead to an endless loop.
This CL fixes that by remembering which code was already detected as
dead, and does not consider this code for another GC.
This requires freeing code via the {WasmEngine} such that the set of
dead code can be cleaned up.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: If6a95a7918db2ad82edfad5447c536593243db7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585845
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61073}
- Rename (and negate) "stack_check" to the more descriptive
"skip_first_stack_check".
- Pass call frequency by value rather than mutable(!) reference.
- Embed some things directly into BytecodeGraphBuilder,
instead of stack-allocating them and then storing a pointer.
- Don't pass things to OsrIteratorState that it can already access via
the graph builder parameter.
Change-Id: Id852df1ce521a6eefb6047cf76a0882a4c6e95b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587375
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61072}
Remove Isolate versions of
Value::ToNumber/ToString/ToObject/ToInteger/ToInt32 and Context versions
of ToBoolean and BooleanValue (which could never throw anyway).
Bug: v8:7279, v8:9183
Change-Id: Ib144f8894a2b37c44216ba2d0cb298e8f0c72a3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585735
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61071}
This CL removes the flag '--turbo-preprocess-ranges' and enables it by
default.
If FLAG_turbo_control_flow_aware_allocation is set,
--turbo-preprocess-ranges is disabled and control flow aware
allocation is enabled instead.
Bug: v8:9088
Change-Id: I81d56f15efc8f765e317aa828d27f415f8b7fd40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585725
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61070}
All we really need to expose is a single function that builds the graph.
This change drastically simplifies the header file.
Change-Id: If185687b8220bdd253f967be9ab2ea3b088e5423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585856
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61068}
Previously it was possible for this function to fall back to the
ArrayBuffer methods to free the memory in the cases where the
is_wasm_memory flag on the JSArrayBuffer is not propagated.
This is no longer the case, as we check for the actual allocation
so all memory allocated by the WasmMemoryTracker should be freed by
it as well. Rename the method to match the existing implementation.
Change-Id: I50c9844bfdae1c378812df5add2253752532d0ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587795
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61066}
This is a reland of 4f9d7a94a1
Original change's description:
> [snapshot] Align internal snapshot data
>
> When the snapshot blob is not aligned properly, loading it can cause a
> crash on platforms such as arm.
>
> This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing
> the blob_data symbol (declared as a byte array) through a reinterpret
> cast to uintptr_t in an internal snapshot build.
>
> Thanks to florian.dold@gmail.com for the initial patch.
>
> Bug: v8:9171
> Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61000}
Tbr: delphick@chromium.org
Bug: v8:9171
Change-Id: I36f53647ff5c45bcc512147f082fdd069723175d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587377
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61062}
This CL just updates the map to its non-deprecated counterpart
before adding the integrity level transition.
Bug: chromium:956426
Change-Id: I0aaaeb0451aed28c8893968bbcd9f6eb327da18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585858
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61057}
This enables constant field tracking unconditionally.
TBR=jgruber@chromium.org
Bug: v8:8361
Change-Id: I02f35827d860c3e0f18a3d55cb156c088d48bc94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585730
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61055}
This is a reland of 2974a184fd
Added expectation for the case that caused the revert in:
https://chromium-review.googlesource.com/c/chromium/src/+/1585814
Original change's description:
> [Inspector] Adjust the length of some of the console functions.
>
> The function lengths on a number of the console methods was set to 1.
> The arguments to these functions are either variadic or optional so they
> should have length of 0.
>
> R=dgozman@chromium.org,ulan@chromium.org
> BUG=chromium:948678
>
> Change-Id: I183262e230145a565732396688a0541034931500
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61021}
Bug: chromium:948678
Change-Id: I092139117ee2b08f40a7c0ee4df49603cf383579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585533
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61053}
For a few double value above the max float, we have to round down
to that max float rather than rounding up to infinity.
Bug: chromium:956564
Change-Id: I34be1def5330bd4c3352b792d20dd500f108d9e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585852
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61052}
Instead of recording dependencies during ComputePropertyAccessInfo(s),
store off-the-record dependencies in the resulting PropertyAccessInfo(s)
and record them when the PropertyAccessInfo(s) are consumed. This will
enable us to do the ComputePropertyAccessInfo(s) during serialization.
Bug: v8:7790
Change-Id: I2a3918eb3bc2c795061ca7969c0053b68a53aea7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581610
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61051}
- Removes Utf8Iterator
- Replaces Utf8Decoder with something based on ValueOfIncremental +
NonAsciiStart and moves it into v8/internal.
- Internalizes utf8 strings by first converting them to one or two byte
- Removes IsUtf8EqualsTo and replaces current uses with IsOneByteEqualsTo
Tbr: jgruber@chromium.org
Change-Id: I16e08d910a745e78d6fd465718fc69ad731fd217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585840
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61049}
Add a WasmCodeRefScope around _v8_internal_Print_Code() because that
is needed for debugging.
R=clemensh@chromium.org
Change-Id: Ifdb7a32695163e0a109567ec00a52196e79e03db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585844
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61047}
I missed these cases when adding the branchful decompression on codegen.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: Idb3f5ca81e00bb17fa08ba2b2506b642ffbd7b4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571623
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61045}
If a {NativeModule} dies while a GC is running, we could leave behind
references to code of that deleted module. This CL fixes that.
This issue was found by running with --stress-wasm-code-gc.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I7f0d98977e6510899170306952936c4a7f7d3c10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585722
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61041}
The function {memory_copy_wrapper} is called directly from WebAssembly.
Before calling {memory_copy_wrapper} we do not reset the
tread-in-wasm flag. On asan builds on Windows this causes the problem
observed in the crash report.
My theory is the following: asan on Windows uses exceptions to allocate
shadow memory lazily. When {memory_copy_wrapper} accesses memory, asan
causes an exception to allocate shadow memory. This exception is first
caught by the WebAssembly trap handler, which resets the
thread-in-wasm flag but then does not handle the exception because it
cannot find a proper landing pad. Asan then handles the exception and
continues execution. However. the thread-in-wasm flag is not set
anymore. A later check of the thread-in-wasm flag then fails.
This CL disables asan for {memory_copy_wrapper} and thereby fixes the
problem. As indicated above, another solution would be to reset and set
the thread-in-wasm flag before and after the call to the C function,
respectively. However, we do not do that for other uses of direct calls
to C.
R=binji@chromium.org
Bug: chromium:952342
Change-Id: I2adb2eccf2ac25be58392d21f8f43a04414c7811
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584326
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61040}
Add a flag which causes wasm code gc to be triggered whenever any code
is found to be potentially dead. This mode found several bugs already,
and I plan to enable it in 'gc-stress' mode once all issues are fixed.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: If28d980ded98b77b9efe7446da74d857e3c5e1b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585720
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61039}
This reverts commit da7322c05f.
Reason for revert: Breaking the pointer compression bots, e.g.:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047
Original change's description:
> [csa] verify skipped write-barriers in MemoryOptimizer
>
> With very few exceptions, this verifies all skipped write-barriers in
> CSA and Torque, showing that the MemoryOptimizer together with some
> type information on the stored value are enough to avoid unsafe skipped
> write-barriers.
>
> Changes to CSA:
> SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
> MemoryOptimizer by default.
> Type information about the stored values (TNode<Smi>) is exploited to
> safely skip write barriers for stored Smi values.
> In some cases, the code is re-structured to make it easier to consume
> for the MemoryOptimizer (manual branch and load elimination).
>
> Changes to the MemoryOptimizer:
> Improve the MemoryOptimizer to remove write barriers:
> - When the store happens to a CSA-generated InnerAllocate, by ignoring
> Bitcasts and additions.
> - When the stored value is the HeapConstant of an immortal immovable root.
> - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
> - Fast C-calls are treated as non-allocating.
> - Runtime calls can be white-listed as non-allocating.
>
> Remaining missing cases:
> - C++-style iterator loops with inner pointers.
> - Inner allocates that are reloaded from a field where they were just stored
> (for example an elements backing store). Load elimination would fix that.
> - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
> We could handle that in Torque.
> - Double-aligned allocations, which are not lowered in the MemoryOptimizer
> but in CSA.
>
> Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
> can be handled by overload resolution (in Torque and C++).
>
> R=jarin@chromium.org
> TBR=mvstanton@chromium.org
>
> Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61016}
TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org
Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61038}
The `Script::InitLineEnds(Handle<Script>(script, isolate));` line
may lead to objects being moved around on the heap, so it’s necessary
to use a `Handle` to track that.
This was causing crashes in Node.js in Debug mode when using the
code cache in combination with the CPU profiler.
Refs: https://github.com/nodejs/node/issues/27307
Change-Id: I392b4c00c6ebad44753f87fcbf2e3278ea7799a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575698
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61036}
Peeling away layers of indirection. More to follow.
Change-Id: Ide15b9ece926f51d957de8fdc37829f02d86ca49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573700
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61035}
This fixes a deadlock that was detected by layout tests executing with
--future (hence enabling wasm code gc). It did not fail anywhere in v8
because GC is only triggered once we have > 1MB potentially dead code.
I plan to add a '--stress-wasm-code-gc' flag, which lowers this limit
to zero, thereby triggering GC when finding a single potentially dead
code. This mode found this issue, but also finds more, so I need to fix
other issues before enabling these stress tests.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I373955b90c8b79d7b9e16184729f45db947eeeab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583728
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61034}
This reverts commit 2974a184fd.
Reason for revert: For this change to land, layout tests have to
be changed on the chromium side:
https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064/31448https://test-results.appspot.com/data/layout_results/V8-Blink_Linux_64/31448/webkit_layout_tests%20%28with%20patch%29/layout-test-results/results.html
Original change's description:
> [Inspector] Adjust the length of some of the console functions.
>
> The function lengths on a number of the console methods was set to 1.
> The arguments to these functions are either variadic or optional so they
> should have length of 0.
>
> R=dgozman@chromium.org,ulan@chromium.org
> BUG=chromium:948678
>
> Change-Id: I183262e230145a565732396688a0541034931500
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61021}
TBR=dgozman@chromium.org,ulan@chromium.org,pfeldman@chromium.org,yangguo@chromium.org,dtapuska@chromium.org,kozyatinskiy@chromium.org
Change-Id: Iba25e9351641c5d2730eb727f3da91f86d5b1203
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:948678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585719
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61029}
Refactors logging suppression and profiling state tracking on isolates
to be tied to a RAII ProfilerScope. Fixes the case where multiple
concurrent profilers on the same isolate restore the wrong value of
is_logging.
Change-Id: I34b59422a4e6e077ae0abb46eb09d78a77870d46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575918
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61027}
Bug: v8:9060
Change-Id: I37282dd362cfdd0a162a76b122870f643ef5c8eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582483
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61024}
An additional wpt test (console-label-conversion.any.js) verifies that
calling toString will cause exception propagation.
Remove the TryCatch block.
BUG=chromium:948257
R=dgozman@chromium.org
Change-Id: Idaaf264b7675f7df8ead128c085ac4d4c044005d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1579541
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61023}
The function lengths on a number of the console methods was set to 1.
The arguments to these functions are either variadic or optional so they
should have length of 0.
R=dgozman@chromium.org,ulan@chromium.org
BUG=chromium:948678
Change-Id: I183262e230145a565732396688a0541034931500
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61021}
The generation of unwind info to enable stack walking on Windows/x64
(https://chromium-review.googlesource.com/c/v8/v8/+/1469329) was implemented
behind a temporary flag, in order to coordinate these changes with the
corresponding changes in Chromium.
The required changes to Chromium
(https://chromium-review.googlesource.com/c/chromium/src/+/1474703) have also
been merged, so we can now remove the flag and enable the generation of stack
unwinding info by default on Windows/x64.
Bug: v8:3598
Change-Id: I88814aaeabecc007f5262227aa0681a1d16156d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573138
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#61020}
Simplify accounting for compilation progress. Instead of complicated
logic in {OnUnitsFinished} the compilation progress is initialized in
{InitializeCompilationProgress}. We now keep tack of
- the required baseline tier,
- the required top tier, and
- the currently reached tier.
With this information {OnUnitsFinished} determines whether baseline and
top tier compilation are completed.
Bug: v8:9003
Change-Id: I3d147613f30363aade9ad5bf65be6e4d105e561e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583722
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61019}
This reverts commit 4f9d7a94a1.
Reason for revert: breaks roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1583053
Original change's description:
> [snapshot] Align internal snapshot data
>
> When the snapshot blob is not aligned properly, loading it can cause a
> crash on platforms such as arm.
>
> This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing
> the blob_data symbol (declared as a byte array) through a reinterpret
> cast to uintptr_t in an internal snapshot build.
>
> Thanks to florian.dold@gmail.com for the initial patch.
>
> Bug: v8:9171
> Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61000}
TBR=jgruber@chromium.org,delphick@chromium.org
Change-Id: Ie329fa8948b46d5434a0db72d4bfb539bd25a967
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9171
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584324
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61017}
With very few exceptions, this verifies all skipped write-barriers in
CSA and Torque, showing that the MemoryOptimizer together with some
type information on the stored value are enough to avoid unsafe skipped
write-barriers.
Changes to CSA:
SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
MemoryOptimizer by default.
Type information about the stored values (TNode<Smi>) is exploited to
safely skip write barriers for stored Smi values.
In some cases, the code is re-structured to make it easier to consume
for the MemoryOptimizer (manual branch and load elimination).
Changes to the MemoryOptimizer:
Improve the MemoryOptimizer to remove write barriers:
- When the store happens to a CSA-generated InnerAllocate, by ignoring
Bitcasts and additions.
- When the stored value is the HeapConstant of an immortal immovable root.
- When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
- Fast C-calls are treated as non-allocating.
- Runtime calls can be white-listed as non-allocating.
Remaining missing cases:
- C++-style iterator loops with inner pointers.
- Inner allocates that are reloaded from a field where they were just stored
(for example an elements backing store). Load elimination would fix that.
- Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
We could handle that in Torque.
- Double-aligned allocations, which are not lowered in the MemoryOptimizer
but in CSA.
Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
can be handled by overload resolution (in Torque and C++).
R=jarin@chromium.orgTBR=mvstanton@chromium.org
Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61016}
Adds a new flag to CpuProfiler to control whether or not "debug" names
(potentially inferred from scope) are used for captured frames
associated with a SharedFunctionInfo instance.
Bug: v8:9135
Change-Id: Ia1db20e389f3d0beb60eb47798820fb11d501c88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583042
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61015}
The main change is the reduction of the number of declared classes by
four by using templatized 'using' declarations instead of subtypes.
This also uses 'constexpr' to define constants, uses the defined
constants consistently, and adds static asserts.
R=jkummerow@chromium.org
Bug: v8:8834
Change-Id: I3868c9069f25261d428ec0847dea46de2cbc7a44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583763
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61014}
Introduce {CompileStrategy} to determine whether functions or an entire
module is compiled lazily. This replaces the previously used function
{IsLazyCompilation} and allows to introduce other compile strategies in
the future.
Bug: v8:9003
Change-Id: I3b8a32f1ccb55530afba07a02ccd7a0c10be3fac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583720
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61013}
This CL fixes a crash that happens on a goto definition lookup for a
file with no data attached to it.
Drive-by: Collect language server data even on compilation failures.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: Ia6323204391da3e64058e1fe47f87162186c15cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583721
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61012}
This is a reland of 3d846115d6
Reland changes mjsunit.status to skip the regression test on
all bots except ASAN.
Original change's description:
> [typedarray] Fix crash when sorting SharedArrayBuffers
>
> TypedArray#sort has a fast-path when the user does not provide a
> comparison function. This fast-path utilizes std::sort which operates
> directly on the raw data. Per spec, std::sort requires the "less than"
> operation to be anti-symmetric and transitive.
>
> When sorting SharedArrayBuffers (SAB) that are concurrently modified during
> sorting, the "less than" operator stops being consistent as the
> underlying data is constantly modified. This breaks some invariants
> in std::sort resulting in infinite loops or straight out segfaults.
>
> This CL fixes this by copying the data before sorting SABs and
> writing the sorted result back.
>
> Note: The added regression test is tailored for ASAN bots as a
> normal build would need too many iterations to consistently crash.
>
> R=neis@chromium.org, petermarshall@chromium.org
>
> Bug: v8:9161
> Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61004}
Bug: v8:9161
Change-Id: Idffc3fbb5f28f4966c8f1ac6770d5b5d6003a7e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583726
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61011}
Verify that baseline and top tier compilation are finished when
expected. Test cases will use the newly exposed functions
{baseline_compilation_finished} and {top_tier_compilation_finished} for
this.
Bug: v8:9003
Change-Id: I023af3390ed5e087a3b40efe7c340d7e93071a51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581941
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61010}
This reverts commit 3d846115d6.
Reason for revert: The test hangs flakily on windows:
https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/20612https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20nosnap%20-%20shared/33147https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19945
Original change's description:
> [typedarray] Fix crash when sorting SharedArrayBuffers
>
> TypedArray#sort has a fast-path when the user does not provide a
> comparison function. This fast-path utilizes std::sort which operates
> directly on the raw data. Per spec, std::sort requires the "less than"
> operation to be anti-symmetric and transitive.
>
> When sorting SharedArrayBuffers (SAB) that are concurrently modified during
> sorting, the "less than" operator stops being consistent as the
> underlying data is constantly modified. This breaks some invariants
> in std::sort resulting in infinite loops or straight out segfaults.
>
> This CL fixes this by copying the data before sorting SABs and
> writing the sorted result back.
>
> Note: The added regression test is tailored for ASAN bots as a
> normal build would need too many iterations to consistently crash.
>
> R=neis@chromium.org, petermarshall@chromium.org
>
> Bug: v8:9161
> Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61004}
TBR=neis@chromium.org,petermarshall@chromium.org,szuend@chromium.org
Change-Id: I046da3e4228bb1a8a3aa89d9c9d8de11875a9273
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9161
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583725
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61007}
It shipped in Chrome 73.
Bug: v8:6890
Change-Id: Idd8c98cf05a0d6e8fa58c5b0a34d079631f68b1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582879
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#61005}
TypedArray#sort has a fast-path when the user does not provide a
comparison function. This fast-path utilizes std::sort which operates
directly on the raw data. Per spec, std::sort requires the "less than"
operation to be anti-symmetric and transitive.
When sorting SharedArrayBuffers (SAB) that are concurrently modified during
sorting, the "less than" operator stops being consistent as the
underlying data is constantly modified. This breaks some invariants
in std::sort resulting in infinite loops or straight out segfaults.
This CL fixes this by copying the data before sorting SABs and
writing the sorted result back.
Note: The added regression test is tailored for ASAN bots as a
normal build would need too many iterations to consistently crash.
R=neis@chromium.org, petermarshall@chromium.org
Bug: v8:9161
Change-Id: Ic089928652f75865bfdb11e7453806faa6ecb988
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581641
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61004}
This CL refactors and extends the infrastructure around sending
diagnostic notifications. This enables publishing lint errors as
warnings after a compilation run.
R=sigurds@chromium.org, tebbi@chromium.org
Bug: v8:8880
Change-Id: Ia64d2d490c1449021c92f5dc45eb7f8dab21e60a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582405
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61003}
When the snapshot blob is not aligned properly, loading it can cause a
crash on platforms such as arm.
This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing
the blob_data symbol (declared as a byte array) through a reinterpret
cast to uintptr_t in an internal snapshot build.
Thanks to florian.dold@gmail.com for the initial patch.
Bug: v8:9171
Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61000}
This reverts commit 7a2651cbf5.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Android%20Arm64%20-%20N5X/4126
Original change's description:
> [arm64] Cleanup TODO around handling of x18
>
> Use `padreg` instead of x18 to maintain alignment in the CPURegList.
>
> Also clean up some comments and tidy up RequiredStackSizeForCallerSaved
> and PushCallerSaved.
>
> Change-Id: I80a780e5649e69a1746c43f37c2d1d875120c7a0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581609
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#60987}
TBR=jgruber@chromium.org,martyn.capewell@arm.com,joey.gouly@arm.com
Change-Id: Id95ac26142717f6503d284d20ca03b9de33a9122
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582403
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60999}
Make sure to adapt the formal parameters for the Promise.allSettled
method.
Bug: v8:7834
Change-Id: I255fc695f5ac0d62ed18f5aad78665feb38c241a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1580239
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60996}
This is a reland of d6121fd1a3
Original change's description:
> [Interpreter] Ensure Test*Handler don't allocate a frame for fast-path.
>
> Avoids allocating a frame for the fast-path in TestEqual, TestEqualStrict and
> TestLess/GreaterThan bytecode handlers. Also changes how feedback is tracked
> to try and avoid needing to keep feedback to "combine" with if it's unecessary
> which reduces the liveranges of the registers holding this data.
>
> This reduces the time needed for a tight loop in Ignition (e.g.,
> while (i < 1000000000) ++i;) from 12.8s to 10.8s.
>
> BUG=v8:9133
>
> Change-Id: I686b9da89541d15d233635db3276de3dad2fa282
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570020
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60906}
TBR=jgruber@chromium.org
Bug: v8:9133
Change-Id: Ie9940d029d412986e6713438630565a98fe3c51c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582401
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60989}
Use `padreg` instead of x18 to maintain alignment in the CPURegList.
Also clean up some comments and tidy up RequiredStackSizeForCallerSaved
and PushCallerSaved.
Change-Id: I80a780e5649e69a1746c43f37c2d1d875120c7a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581609
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#60987}
The order of the typeswitch branches causes repeated Smi-checks.
This CL fixes this by putting the Number case first.
However, the generated code is still worse due to repeated Map and
InstanceType loads. This will be fixed by a future load elimination for
Torque/CSA.
Bug: chromium:955976
Change-Id: I0f59ef795878f65b3cb11246626738bc33f8aff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581644
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60986}
Add suport for large object space allocations in Turbofan and use it
from CSA when young large objects are enabled. This maintains the
Turbofan invariant that the generation is statically predictable.
In principle, this enables write barrier elimination for large objects
allocated from Torque/CSA. But it doesn't seem to trigger much yet,
probably we have to improve the MemoryOptimizer.
Bug: v8:7793
Change-Id: I7ea7d0cb549573db65fafe5df5edf67e0ce90893
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565905
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60984}
This CL changes lint errors to not be printed directly to stderr.
Instead, they are collected in a list that gets surfaced via
the TorqueCompilerResult. This is done so they can be presented
to language server clients.
This change also removes the "abort_on_lint_errors" option.
API users can now decide for themselves what to do, depending on
the presence of lint errors in the returned list.
R=sigurds@chromium.org, tebbi@chromium.org
Bug: v8:8880
Change-Id: I44601010491aafcf4c8609fd8c115219317506a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581608
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60983}
When collecting JS block coverage, we track block execution counts on
so-called CoverageInfo objects. Generated bytecode and native code
contains inlined snippets of code to increment the appropriate
counters.
These used to be implemented as calls to the IncBlockCounter runtime
function. Each call incurred the entire CEntry overhead.
This CL reduces that overhead by moving logic over into a new
IncBlockCounter TFS builtin. The builtin is called directly from
bytecode, and lowered to the same builtin call for optimized code.
Drive-by: Tweak CoverageInfo layout to generate faster code.
Tbr: jarin@chromium.org
Bug: v8:9149, v8:6000
Change-Id: I2d7cb0db649edf7c56b5ef5a4683d27b1c34605c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571420
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60981}
Bug: v8:8976
Change-Id: Idc896770fd0f448c37d8d83b7970e3f8e16f5f2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1572682
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60979}
This fixes the bounds check for the 'in' operator to handle the negative
index case properly (by using the same machinery as the potentially
out-of-bounds loads/stores use).
Bug: chromium:952586
Change-Id: I2225acae8be7dcedbcde745e8ef202e789085041
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581179
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60978}
This extends the existing test coverage of interactions between the
exception handling and the reference type proposal. Now "any-func" and
"except-ref" can both be encoded as an exception value. Missing switch
cases have been added.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-anyref[-interpreter]
BUG=v8:8091,v8:7581
Change-Id: Ie2e9819fe66b4daab623390f27bb19007131f619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581600
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60977}
On Arm/64 the last return address is stored in a link register instead of
being pushed to the top-of-stack like on x64/ia32. Extend the support in the
tick sampler to check for samples in a frameless bytecode handler with support
for checking the link register if it exists instead of top-of-stack. In addition,
make the x64/ia32 check more robust by ensuring we only apply the change if the
pc is a bytecode handler and the top frame isn't a bytecode handler (stub) frame.
BUG=v8:9162
Change-Id: I89d2e80ea8a0b84ff6a265d0e0e73f9fdd1daca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578464
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60976}
Use the existing {ArrayVector} method for this, which reads nicer. In
some places, I replaced a stack-allocated array by {EmbeddedVector} to
avoid the {ArrayVector} call.
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: I5560c07f2775338fefd11acf67a540e003428e74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578899
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60975}
This is one step towards removing the {StrLength} helper and using
{size_t} consistently instead.
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: Ibcdfd579531a259d490c39a8e8c96d469a5a4aac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578901
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60974}
This reverts commit fa6ec3cb08.
Reason for revert: v8:9169, v8:9170
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux/31457https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64/31417https://ci.chromium.org/p/v8/builders/ci/V8%20Win32%20-%20debug/19919
Original change's description:
> [cpu-profiler] Split out debug mode for CPU profiler naming
>
> Adds a new flag to CpuProfiler to control whether or not "debug" names
> (potentially inferred from scope) are used for captured frames
> associated with a SharedFunctionInfo instance.
>
> Bug: v8:9135
> Change-Id: I104f3246431dc6336de4e4688c0d98c86e0bb776
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566169
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Alexei Filippov <alph@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60972}
TBR=ulan@chromium.org,alph@chromium.org,yangguo@chromium.org,petermarshall@chromium.org,acomminos@fb.com
Change-Id: I573194b5affd31fd0748b9ef3c45052e8ab420f5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581639
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60973}
Adds a new flag to CpuProfiler to control whether or not "debug" names
(potentially inferred from scope) are used for captured frames
associated with a SharedFunctionInfo instance.
Bug: v8:9135
Change-Id: I104f3246431dc6336de4e4688c0d98c86e0bb776
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566169
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60972}
The current logic sometimes skips the request for a code logging stack
guard request, even though no such request is pending. This happens if
the previous stack guard already executed, but a foreground task is
still pending.
This CL fixes this by re-requesting a stack guard interrupt when the
first code is added to the vector of outstanding code to be logged.
Plus minor drive-by fix.
R=mstarzinger@chromium.org
Bug: v8:9163
Change-Id: I4937f3983f15e7122141b04ddb1432cd1f78828b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578461
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60970}
In the PerformPromise{All, Race, AllSettled} operations, the resolve
property of the constructor is looked up only once.
In the implementation, for the fast path, where the constructor's
resolve property is untainted, the resolve function is set to undefined.
Since undefined can't be a valid value for the resolve function,
we can switch on it (in CallResolve) to directly call the PromiseResolve
builtin. If the resolve property is tainted, we do an observable property
lookup, save this value, and call this property later (in CallResolve).
I ran this CL against the test262 tests locally and they all pass:
https://github.com/tc39/test262/pull/2131
Spec:
- https://github.com/tc39/ecma262/pull/1506
- https://github.com/tc39/proposal-promise-allSettled/pull/40
Bug: v8:9152
Change-Id: Icb36a90b5a244a67a729611c7b3315d2c29de6e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574705
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60957}
The {Vector} class stores the size in a {size_t} since a while, but
many accessors and constructors still accept an {int}. This CL removes
all {int} uses except for the explicit {length()} accessor. It also
adds a comment to avoid this accessor if possible.
The {StrLength} function still has several users outside of vector.h,
which I plan to remove in a follow-up CL.
R=mstarzinger@chromium.org
Bug: v8:8834
Change-Id: I33c5b0e8b8b2cb3531716c1d99e4516a13d6ba1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578480
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60950}
This CL fixes some issues with GC.
1) It removes dead code from the set of potentially dead code to avoid
considering the same code for GC again and again.
2) It resets the {new_potentially_dead_code_size_} counter to avoid
triggering too many GCs.
3) When code becomes dead after GC, do not unconditionally free it; just
decrement its ref count (there might still be {WasmCodeRefScope}s
holding the code alive).
4) Update the comment of the ref count to be more accurate.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I28e5a1fed74411b8473bb66ddbad3ffe7643f266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1574518
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60949}
This adds two counters for collecting the absolute size of freed code,
and the percent of total generated code per module.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: Ia065081104fbff6459791c919e0b18677ba45cc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573698
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60948}
This is the next step to test the GC better: We zap the code region of
{WasmCode} objects which are detected to be unused. This is tested in
the future variant, so ClusterFuzz has a chance to catch missing
references.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I75a63384a2a8e2ed68b9447e6ee4faa24037da93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571622
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60945}
The WebAssembly JavaScript Interface specifies[1] that exported
functions are not constructors, hence do not have the "prototype"
property. This is not true for asm.js exported functions which are
expected to look like normal functions (or constructors).
[1] https://webassembly.github.io/spec/js-api/index.html#exported-function-exotic-objectsR=clemensh@chromium.org
TEST=mjsunit/regress/regress-crbug-935800
BUG=chromium:935800
Change-Id: Idecacfb7f5d4668540589af95fd59872334c21a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578499
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60943}
This CL implements the first set of diagnostic notifications.
When Torque compilation fails, the language server translates the
Torque error into a diagnostics notification and pushes it to the
client.
Note that per specification, the server is responsible to manage the
state of all published diagnostics. This means that the server is
also responsible for clearing out previous notifications if they
become stale.
Bug: v8:8880
Change-Id: Ief46dc1d94d1e5b7fa3e0048df494bfc05974031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569434
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60942}
EmbeddedVector lives on the stack only, and should not be implicitly
copied or assigned.
This also removes remaining uses of the removed Vector::set_start
method.
R=sigurds@chromium.org
Bug: v8:9142
Change-Id: I829e6ffad6b1a30baa6c874265e92d615dd0c981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1578458
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60940}
MicrotaskQueue associated to Context may be null after DetachGlobal,
and triggering FinalizationGroup clean up on the detached context
causes a crash.
This CL fixes the crash by cancelling the clean up on such a context.
Bug: chromium:937784
Change-Id: I57883ae0caf6c6bb35e482e441b6e09e921d9def
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552500
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60931}
Per suggestion, we put this behind runtime flag in the mean time.
Refactor some codes.
Bug: v8:6831
Change-Id: Ibeb2a62b2a132971f8bc51c045bf0d2594eec198
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566238
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60927}
We had one use of OS_CHROMEOS in mksnapshot. OS_CHROMEOS is defined if
gn's `is_chromeos` is true, which checks `current_os`. `current_os !=
target_os` can happen if we're building with a non-default toolchain,
which happens often on CrOS, since `mksnapshot` is a host binary.
Tested by manually verifying that .text.hot.embedded now shows up on
arm32/aarch64 builds of embedded.S.
Bug: v8:9103
Change-Id: I038b56f4c18c7dd9a651ce676a977697dad14ae6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573041
Commit-Queue: George Burgess <gbiv@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60925}
This CL adds the representation changes from/to CompressedPointer to the other
data types (excluding Tagged, which was done in a previous CL).
Also adding missing write barriers for compressed values (WriteBarrierKindFor).
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: Ieb4e6dd72371e858ba1da551f765e42581a51f90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571616
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60924}
There seems to be an issue where LTO inlines the icache flushing method
but removes the save and restore of the r7 register which is clobbered
for the icache flush syscall.
This CL tries to avoid the bug. It's purely speculative, as we cannot
reproduce the exact bug locally.
R=jkummerow@chromium.org
Bug: chromium:952759
Change-Id: I634fc4de3e8c4d1cb649384542c381d925b07a42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571619
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60922}
Add lazy validation for lazily compiled functions. The code is validated
only on first use. This applies to functions that are lazily compiled by
compilation hint as well as to entirely lazy modules.
Bug: v8:9003
Change-Id: If6a640db4bf4b846ac5e3805c138b8ac0a493cf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569427
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60921}
Block binary coverage currently also relies on invocation counts on
the feedback vector, which are not maintained in optimized code. This
fixes the SFI::IsInlineable predicate to also prevent inlining
functions when 1. binary coverage is enabled and 2. the function has
no reported binary coverage.
Drive-by: Add new predicates for binary/count modes.
Bug: v8:6000
Change-Id: I0039e43ebae880e3552e8349d20a144fe941ef3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571615
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60920}
We see crashes in the wild that we suspect are caused by these changes.
This is a manual revert because of conflicts.
Revert "[turbofan] Fix incorrect CheckNonEmptyString lowering."
This reverts commit b3b7011867.
Revert "[turbofan] Fix incorrect lowering of CheckNonEmptyString."
This reverts commit 5758209026.
Revert "[turbofan] Significantly improve ConsString creation performance."
This reverts commit d6a60a0ee1.
Bug: v8:9147
Change-Id: I262c21e5406a9c4c8ad0e0f995582c5802f0fa1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571613
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60919}
Add tests for tiering and lazy compilation with compilation hints. The
tests build modules and verify the {WasmCode}'s tier internally. The
module builder now supports compilation hints in CCTests.
Bug: v8:9003
Change-Id: I18d926c3b1ef3508835a51a9d1d86bfadcb5216e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566522
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#60916}
We translate stores with TaggedXXX (XXX in {"", "Signed", "Pointer"})
representation in CSA into stores of CompressedXXX with a
ChangeTaggedXXXToCompressedXXX in the raw-machine-assembler.
This way, CSA doesn't need to know about Compressed values since we
are introducing an explicit "compress" node.
Also, on ARM64, removed CheckPageFlagSet and CheckPageFlagClear since
CheckPageFlag can be used for both cases.
Moved CheckPageFlag to the TurboAssembler (from MacroAssembler) since it
was needed on code-generator-arm64.cc.
Bug: v8:8977, v8:7703
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Change-Id: Ia3a41b09a4d715588a36461620be0432ed064d13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566517
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60915}
port https://crrev.com/c/1541476
Original Commit Message:
This CL adds handling for cleaning up weakmap (EphemeronHashTable)
keys during scavenge, even if the weakmap resides in oldspace.
Change-Id: If6e06ea8621fd6aff374c04247c3168b2cbb361a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568712
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60912}
Imported from https://github.com/WebAssembly/wasm-c-api/ and
updated to work inside V8.
Tests will be added in an upcoming CL.
This is experimental; it is not yet recommended to rely on it.
Change-Id: I05914f4b63298bf7c848c4d4c8811f0f6eb882e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1516478
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60910}
This reverts commit d6121fd1a3.
Reason for revert: Fails cctest/test-cpu-profiler/Inlining2 on arm64-sim: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim/17702
Original change's description:
> [Interpreter] Ensure Test*Handler don't allocate a frame for fast-path.
>
> Avoids allocating a frame for the fast-path in TestEqual, TestEqualStrict and
> TestLess/GreaterThan bytecode handlers. Also changes how feedback is tracked
> to try and avoid needing to keep feedback to "combine" with if it's unecessary
> which reduces the liveranges of the registers holding this data.
>
> This reduces the time needed for a tight loop in Ignition (e.g.,
> while (i < 1000000000) ++i;) from 12.8s to 10.8s.
>
> BUG=v8:9133
>
> Change-Id: I686b9da89541d15d233635db3276de3dad2fa282
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570020
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60906}
TBR=rmcilroy@chromium.org,jgruber@chromium.org
Change-Id: I5e53138929bf1fae9f57f9dd023d258bb7d557ac
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9133
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571418
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60907}
Avoids allocating a frame for the fast-path in TestEqual, TestEqualStrict and
TestLess/GreaterThan bytecode handlers. Also changes how feedback is tracked
to try and avoid needing to keep feedback to "combine" with if it's unecessary
which reduces the liveranges of the registers holding this data.
This reduces the time needed for a tight loop in Ignition (e.g.,
while (i < 1000000000) ++i;) from 12.8s to 10.8s.
BUG=v8:9133
Change-Id: I686b9da89541d15d233635db3276de3dad2fa282
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570020
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60906}
The trap handler fallback is flaky, and was never enabled since it
never worked reliably. This CL removes
a) the --wasm-trap-handler-fallback flag,
b) the distinction between soft and hard address space limit,
c) methods to check whether memory has guard regions (it will always
have them on 64 bit architectures),
d) associated runtime functions,
e) the trap handler fallback tests,
f) recompilation logic for the fallback.
R=titzer@chromium.org
Bug: v8:8746
Change-Id: I7f4682b8cd5470906dd8579ff1fdc9b1a3c0f0e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570023
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60904}
This CL adds the representation changes from/to CompressedSigned to the other
data types (excluding Tagged, which was done in a previous CL).
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: If967a1a0fc669c45a2764cf950cf02d8c06b08b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547859
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60903}
We have very few tests for this currently, and it's hard to test
this, since code logging happens soon after scheduling the task and
stack guard. If the timing is just right, it can happen though that a
{NativeModule} dies while {WasmCode} objects of that {NativeModule} are
still part of the {code_to_log} vector. In that case, we need to remove
those code objects from the vector to avoid use after free.
R=mstarzinger@chromium.org
Change-Id: I16c7098bf11c54700cc650dad965106af2e39157
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566519
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60902}
This is a reland of 067ba2a0c6.
Unchanged reland, hence TBR.
Original change's description:
> [wasm] Add stack guard for logging code
>
> Benchmarks or worker threads might never return to the event queue,
> hence they will never execute the scheduled foreground task to log
> compiled and published wasm code.
> This CL adds a stack guard to log the code, to ensure that we also log
> it for wasm code that never returns to the event queue.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9104
> Change-Id: I176959cadb4ab3a60153d0717530c032272ad3e8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561073
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60879}
TBR=mstarzinger@chromium.org
Bug: v8:9104
Change-Id: I105b37ef8429d16ef5b983919ba8bca615e347c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570017
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60899}
This adds support for iOS builds in libsampler. Both iOS simulator
builds (target architecture x64) and iOS device builds (arm64) are
supported.
Note that this is mostly untested since we neither have iOS bots nor
an iOS test runner. This CL was thus only tested by compiling V8 for
both iOS simulator & device targets.
Bug: v8:9140
Change-Id: Ib618bf793771f4be84d1979a968d2b3ef9f6ff86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569436
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60898}
Realm.navigate hits a UAF when it's called after Realm.detachGlobal, and
that's hit a clusterfuzz test.
Bug: chromium:952749
Change-Id: Icf0f0d0b845bc5a2d1ddd80ab52756dae97b982f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1567583
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60896}
For some unknown reasons, the profiler starts seeing illegal source
positions (see referenced bug).
This CL quick-fixes that by just ignoring them for now. This might
regress profiling, and should be fixed mid-term.
R=mstarzinger@chromium.org
Bug: chromium:953309
Change-Id: I10db7e5ad24e8470e319fc9418cd3a684f614c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569845
Auto-Submit: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60895}
Avoids allocating a frame for the fast-path in IncHandler by marking some calling
branches as Deferred. Also avoid loading feedback slot and vector until it's needed
to reduce live range.
This reduces the time needed for a tight loop in Ignition (e.g.,
while (i < 1000000000) ++i;) from 15.5s to 12.8s.
BUG=v8:9133
Change-Id: I0a62efdaefca7f3024b3ae05c61631a63cb01390
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1570005
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60893}
OS X has been a UNIX 03 registered product since version 10.5,
released in October 2007.
Bug: v8:8834
Change-Id: I64ca5512a9999b6eb7b4003a6758081a06eb6529
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569437
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60891}
This is port for https://crrev.com/c/1524482
Original commit message:
This allows immediates to be encoded directly into instructions, rather than
mov-ing constants to registers first.
This patch only changes emit_{i64,i32}_add, other emit_ functions will be changed once
this approach has been approved.
Bug: v8:9038
Change-Id: I4f35498ccf89306f12601df5ce91e1748975b11b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568710
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60886}
The bulk memory proposal changed behavior of segment initialization
during instantiation. Previously, all segments would be bounds-checked,
after which the segments would be initialized.
The bulk memory proposal removes the up-front check, and always
initializes active segments in order, starting with element segments and
then continuing with data segments. Each active segment is initialized
as-if they were being initialized with the `memory.init` and
`table.init` instructions, so an out-of-bounds initialization may still
modify the memory or table partially.
Bug: v8:8892
Change-Id: I472fca2401e07d60b288f0cc745629a451b31088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565033
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60885}
Increase length of packed sealed array will create holes in packed array so transition to dictionary elements for now.
Later we can consider transitioning to holey sealed array.
Bug: chromium:952382
Change-Id: Ibe26ce56918859a114fccc1933f9c966c47c4112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566968
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60884}
Currently v8 ignores class instance fields when determining how many
properties to preallocate for a given function. This cl changes v8's
behavior to start preallocating for instance fields in addition to
properties.
Bug: v8:8774
Change-Id: If598c2ba8a1b14bd0293f36bae7d35e2d85f7898
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560216
Commit-Queue: Joshua Litt <joshualitt@google.com>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60882}
Just update merge conflict.
The reverted CL is https://chromium-review.googlesource.com/c/v8/v8/+/1565470.
Treat packed sealed, frozen element as packed element.
Also rename to IsPackedFrozenOrSealedElementsKind.
Bug: chromium:951988
Change-Id: I4e7cc0a0d43e1e1c109fa08231dd5396901f9614
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566235
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60881}
Benchmarks or worker threads might never return to the event queue,
hence they will never execute the scheduled foreground task to log
compiled and published wasm code.
This CL adds a stack guard to log the code, to ensure that we also log
it for wasm code that never returns to the event queue.
R=mstarzinger@chromium.org
Bug: v8:9104
Change-Id: I176959cadb4ab3a60153d0717530c032272ad3e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561073
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60879}
Extend test coverage for Wasm compilation with compilation hints. Tests
cover, in particular, error handling in streaming compilation and
asynchronous compilation.
Bug: v8:9003
Change-Id: Id46e02904a3a5df60c2617b11445bdc04c8b3b1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566520
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60876}
This is a cleanup CL that stemmed from the CompressedSigned one
https://chromium-review.googlesource.com/c/v8/v8/+/1547859
Bug: v8:8977, v8:7703
Change-Id: Icd217c43cc3430579dd79387d680205ef4440962
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569428
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60874}
We translate loads with TaggedXXX (XXX in {"", "Signed", "Pointer"})
representation in CSA into loads of CompressedXXX +
ChangeCompressedXXXToTaggedXXX in the raw-machine-assembler.
This way, CSA doesn't need to know about Compressed values since we
are introducing an explicit "decompress" node.
Also updating tests that were checking for the load nodes.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: Ie22ca8123a25ef005c1ff7383776f9355020fa42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565897
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60873}
We'll eventually map each relevant map to a PropertyAccessInfo at
serialization time.
Bug: v8:7790
Change-Id: I739075af3629359f43acfdeb609112f355f1bd38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565899
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60872}
The arm64 ABI defines x18 as a platform register, and as such
platforms may reserve it for their own purposes.
This CL unconditionally removes x18 from the allocatable register list
(previously it was only excluded from arm64 Windows). If, for some
reason, we want to keep x18 allocatable on some platforms, we can
explicitly enable it for specific platforms in the future.
Bug: v8:8940,v8:9140
Change-Id: I28c4f6aad714e21a0a54bab6041c13a1b28fd467
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564194
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60870}
This moves the vector of {WasmCode} to log (per isolate) from the
{LogCodesTask} to the {WasmEngine}, where lifetime is more clear.
This makes it harder to mess up the ref count of the stored {WasmCode}
objects.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I07131f95391bfabee3c376378179d8bcdc1555b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566518
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60869}
The Torque compiler makes heavy use of scoped globals (contextuals).
This created a problem for the design of the compiler interface:
- Either the compiler provides all the necessary scopes itself,
disallowing callers any access to the contextuals, which might
contain data the caller is interested in (such as the
compilation result).
- Or the caller provides all the necessary scopes.
This design was fine when the compiler executable was the only user.
With the recent addition of unit tests and the language server, this
interface became brittle, as missing scopes are only detected at
runtime.
This CL refactors the compiler interface to not leak contextual
scopes past the interface boundary. Content of contextuals is
collected and returned, providing access for the caller and freedom
to either use the data directly or move it into the callers own scopes.
R=sigurds@chromium.org
Bug: v8:7793
Change-Id: Ieb988522d08fc6026b3fb74d976008e566146770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529000
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60867}
Adds CpuProfiler::SetUsePreciseSampling, which provides a hint whether
to sacrifice CPU cycles to reduce the level of sampling interval
variance. On Windows, this controls whether or not busy waiting is
performed for sample rates < 100ms. Defaults to enabled (old behaviour).
Bug: v8:3967
Change-Id: Iee84c3ae8132541c78b1f78bf294ec7c718bb19b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510577
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60866}
When a stack trace is captured, it is stored in a private symbol on
the respective Error object. The first access to "Error.stack" will
then format the stack trace, with a possible call into user JS via
the Error.prepareStackTrace callback.
Until now, the accessor converted ".stack" to a normal data
property containing the formatted stack trace. This causes a new Map
with a new DescriptorArray to be created, which will not be shared
with anything else (also not other error objects with formated
stack traces).
This CL changes the accessor to store the formatted stack trace in
the same symbol (stack_trace_symbol) as the structured data. The
result is that an error object will have the same Map before and
after "Error.stack" is accessed.
Bug: v8:9115
Change-Id: I7d6bf49be76d63b57fbbaf904cc6ed7dbdbfb96b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564061
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60865}
After this CL, MicrotasksScope allows null MicrotaskQueue parameter,
so that the user can migrate one-by-one from the default microtask
queue to the finer grained one.
Change-Id: Id519920a9d57e80e279026ad05a14422fb72b050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559678
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60864}
Previously when an unresolved private name is not found
in the current scope but found in an outer class scope,
we forget to push it to the outer class scope so the
name would never get bound.
This patch simplifies ClassScope::ResolvePrivateNamesPartially()
and removes the search in outer class scopes since they are incomplete
at this point. Instead just push any private name that can't be
resolved in the current scope to the outer class scope so that it
gets handled later when the outer class scope is complete.
Bug: chromium:952722
Change-Id: Ia0dda74cac57a0a1e25a9a09575f55633c6093b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1567709
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#60863}
Blink used to use v8::MicrotasksScope::GetCurrentDepth() to get the
number of nested MicrotasksScope for the default microtask queue.
However, there was no corresponding one for non-default queues.
Change-Id: I1c2472ba19b1a11cb968f02119d91d92867c6e02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1567705
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60862}
Bug: v8:8976
Change-Id: I2d5131c2a1d96e5d5e0114efac3b1b2c3497351d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566249
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60861}
This is a reland of ffe6940fbc
The UBSan issue is fixed with https://crrev.com/c/1566511TBR=tebbi@chromium.org
Original change's description:
> Reland^2 "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 251d1623f3
>
> The reland fixes ASAN component builds by adding RTTI build config to both
> torque executables. Big thanks to sigurds for finding the fix.
>
> Original change's description:
> > Reland "[torque] Throw exception instead of aborting if something goes wrong"
> >
> > This is a reland of 3bd49f9b90
> >
> > The issue on the windows bot is apparently a compiler bug in MSVC related to
> > move construction. The fix seems to be to change the order of the fields in
> > "JsonParseResult" (go figure).
> >
> > Drive-by-change: Fix LS on windows by emitting correct line endings and
> > enabling exceptions for the LS executable as well.
> >
> > Original change's description:
> > > [torque] Throw exception instead of aborting if something goes wrong
> > >
> > > This CL enables exceptions for the Torque compiler and Torque language
> > > server. Instead of aborting when something goes wrong during
> > > compilation, a TorqueError is thrown, containing the error message
> > > and a source position. The compiler executable still prints the error
> > > and aborts, while the language server will pass this information
> > > along to the client (not included in this CL).
> > >
> > > R=danno@chromium.org
> > >
> > > Bug: v8:8880
> > > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#60512}
> >
> > Bug: v8:8880
> > Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60736}
>
> Bug: v8:8880
> Change-Id: Iba198d771169283e83e74324f27aa9e90b8d8975
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563770
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60804}
Bug: v8:8880
Change-Id: I5b7e40ad27bff8f7bfa22240954c2cb75083ad82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564065
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60860}
MicrotasksPolicy was a missing functionality of MicrotaskQueue that
was available on the per-Isolate MicrotaskQueue.
This expose that as a construction time option.
Change-Id: I22bcc8082ca64552d107ee6db138011654047861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559677
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60858}
This is a reland of 656f57bd78, which
was reverted due to Blink test failures. Those failures have been
temporarily suppressed.
Original change's description:
> [wasm] Add off-by-default runtime flag for growing shared memory
>
> Grow memory isn't ready to ship in M75.
>
> Bug: v8:8564, chromium:951795
> Change-Id: I75602bce833653b7943f5606236a97ca6dbad5c9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566239
> Reviewed-by: Ben Smith <binji@chromium.org>
> Commit-Queue: Adam Klein <adamk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60836}
Bug: v8:8564, chromium:951795
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: If096f76b4d5d1f5cbcb98e9c11a525a540e21f14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568125
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60855}
This reverts commit f4a747b72d.
Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite%20-%20debug/3001
Original change's description:
> [parser] Skip TDZ Checks in more cases of let and const
>
> The parser can now skip TDZ checks for cases when a reference is in,
> or nested in, a scope that's both a sibling of the declaration and
> created by a function expression.
>
> Bug: v8:7331
> Change-Id: Ia9748b5a8faa3037873efe5081837f5d0aa74115
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1542042
> Commit-Queue: Suraj Sharma <surshar@microsoft.com>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60853}
TBR=adamk@chromium.org,verwaest@chromium.org,surshar@microsoft.com
Change-Id: Iaa34b1f7cafcc0e77cd7cc20372885b1904bd827
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1568078
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60854}
The parser can now skip TDZ checks for cases when a reference is in,
or nested in, a scope that's both a sibling of the declaration and
created by a function expression.
Bug: v8:7331
Change-Id: Ia9748b5a8faa3037873efe5081837f5d0aa74115
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1542042
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60853}
Check if storage for thread_local variables has been allocated before
attempting to access such variables, as exceptions may be raised in the
thread before this initializion is complete, causing an infinite loop.
Bug: v8:8966
Change-Id: Ifc6223b74999a55bfd0ed2d6ebf054bbffd7e809
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507714
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60852}
libc++ will assert when indexing one element past the end of a vector, but V8
uses this as the end iterator for ScopedPtrList. Similarly, when there's no
elements in the vector, v[0] will also assert, so ScopedPtrList::begin() needs
to be updated too. This CL changes ScopedPtrList to use std::vector::data() to
get the iterators.
BUG=chromium:923166
TBR=machenbach
Change-Id: Ic6a5176611d52ed592da743ecce44287c452b379
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565543
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Auto-Submit: Thomas Anderson <thomasanderson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60851}
Edge names are not always string constants and have to be deleted at
some point. Copy them over to StringStorage to allow the embedder
freeing up their copy.
Bug: chromium:936797
Change-Id: I1c1a617c79c2016b3bd30c3460bb7a47edce1b95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565903
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60849}
While crrev.com/c/1520721 tried to avoid collecting source positions
when throw exceptions, it failed because they were still collected in
Isolate::CaptureStackTrace.
This removes that collection point and lets SetStackFrameCacheCommon
bail out when trying to set the stack frame cache for a bytecode that
doesn't have source positions.
It also adds tests that ensure source positions are not collected when
an exception is thrown (although one is disabled as it does not yet
work).
Bug: v8:8510
Change-Id: Id5caf579dda549d637fa9b3129c419d524be5ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565898
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60847}
This CL introduces the first (and most important) place where we need
to decrement the ref count of wasm code. When installing new code in
the code table and jump table, the prior code becomes unreachable via
new function calls.
This change executes many code paths that were unreachable before,
since the ref count was never decremented.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Ibe33df562f240f7cd5996f6061809e93838be425
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566512
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60845}
This makes sure that all overrides of {StackFrame::unchecked_code}
return a value, even if there is no {Code} object associated with the
frame. This ensures debug functions like {StackTraceFailureMessage}
continue working for all stack traces.
R=neis@chromium.org
BUG=chromium:952761
Change-Id: Ie42b301e4d43ebf67acc80e6c1b7bcb4cdc7c947
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566515
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60844}
Since {NativeModule::GetCode} returns a raw pointer to {WasmCode}, it
needs to increment the reference counter on that code object.
{HasCode} on the other hand does not return a code pointer, so it's
implemented separately now.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I812981aaf89281fb0296682114f248079e57a5e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566514
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60843}
- Remove AllocationSpaceName() which was in SHOUTY_CASE and did not
actually handle CODE_LO_SPACE.
- Make GetSpaceName() static because it is.
- Change callers of old AllocationSpaceName() to use GetSpaceName().
- Change the input type to a AllocationSpace rather than int given the
function crashes on invalid values.
Space::name() now returns a lower case result but this is only used by
functions guarded by gc_verbose or trace_fragmentation so I don't think
this will break anything.
Change-Id: Ice9a955365d4a22233af7ba39126ad8e5cff2aab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565474
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60842}
port https://crrev.com/c/1541476
Original Commit Message:
This CL adds handling for cleaning up weakmap (EphemeronHashTable)
keys during scavenge, even if the weakmap resides in oldspace.
Change-Id: If0598a499641ba502b00857204e32ca63e0712c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564320
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60837}
Grow memory isn't ready to ship in M75.
Bug: v8:8564, chromium:951795
Change-Id: I75602bce833653b7943f5606236a97ca6dbad5c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1566239
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60836}
Basically, SetPropertyInternal is called without handling COW map.
Improve test coverage as well.
Bug: chromium:951438
Change-Id: Iea8c818ab6a8ddea204f86a9d676a1ea42fd07f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1562731
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60834}
For slow-path of array.includes, it should be able to handle if arguments is undefined for sealed/frozen object
Bug: chromium:951780
Change-Id: I42dcf1e23ab07bfcd87e7a5d27b52e66b2d1d2ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565031
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60829}
This CL can be used as a base for specialising CompressedSigned and
CompressedPointer.
B
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977, v8:7703
Change-Id: I43c8e7f57021ac506822aba5bbd4bdf6cc3159ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543731
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60827}
This adds a new flag --modify-field-representation-inplace (enabled by
default), which lets the runtime perform field representation changes
for Smi to Tagged or for HeapObject to Tagged in-place instead of
creating new maps and marking the previous map tree as deprecated.
That means we create (a lot) fewer Maps and DescriptorArrays in the
beginning and also need to self-heal fewer objects later (migrating
off the deprecated maps). In TurboFan we just take the "field owner
dependency" whenever we use the field representation, which is very
similar to what we already do for the field types. That means if we
change the representation of a field that we used in optimized code,
we will simply deoptimize that code and have TurboFan potentially
later optimize it again with the new field representation.
On the Speedometer2/ElmJS-TodoMVC test, this reduces the total execution
time from around 415ms to around 352ms, which corresponds to a **15%**
improvement. The overall Speedometer2 score improves from around 74.1
to around 78.3 (on local runs with content_shell), corresponding to a
**5.6%** improvement here. 🎉
On the CNN desktop browsing story, it seems that we reduce map space
utilization/fragmentation by about 4-5%. But since we allocate a lot
less (fewer Maps and DescriptorArrays) we also significantly change
the GC timing, which heavily influences the results here. So take this
with a grain of salt. 🤷
Note: For Double fields, this doesn't change anything, meaning they
still create new maps and deprecate the previous map trees.
Bug: v8:8749, v8:8865, v8:9114
Change-Id: Ibd70efcb59be982863905663dbfaa89aa5b31e14
Cq-Include-Trybots: luci.chromium.try:linux-rel,win7-rel
Doc: http://bit.ly/v8-in-place-field-representation-changes
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565891
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60822}
When all units started compiling, but not all are finished yet, the
main thread waits in a busy loop.
This CL fixes that by introducing a semaphore which is signalled when
baseline compilation finishes or compilation fails. The foreground
thread waits on this semaphore if there are no more units to start.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: I7351c0b777f008fef3aa1d1d16089c4e6fd91106
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564055
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60821}
This reverts commit d14ed12e56.
Reason for revert: breaks mjsunit tests in lite mode: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20lite/3557
Original change's description:
> [ic] Remove the check for fast prototypes in LoadIC_Uninitialized
>
> When handling load named properties (without feedback vectors) we used
> to miss to runtimes if the prototypes aren't set. This was because we
> wanted to give the prototype a chance to become fast, since most prototypes
> start in slow mode but move to fast after the initial setup. Though this
> check is not really useful when we don't have feedback vectors, and once
> feedback vectors are allocated we will turn the prototypes fast anyway.
>
> Bug: v8:8394, v8:8860
> Change-Id: Ib2247e5e921f6375bda65310560ac832fd0339bf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561316
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60818}
TBR=mythria@chromium.org,verwaest@chromium.org
Change-Id: I28e420951483c93363e8a78621a247a7723d735f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8394, v8:8860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565893
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60820}
Read-only space sharing requires an iterator independent of heap. This
also enables future removal of read-only space from heap.
Bug: v8:7464
Change-Id: Ia07a9369494ea2c547d12c01ffa1d7b8b6bbeabc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552795
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60819}
When handling load named properties (without feedback vectors) we used
to miss to runtimes if the prototypes aren't set. This was because we
wanted to give the prototype a chance to become fast, since most prototypes
start in slow mode but move to fast after the initial setup. Though this
check is not really useful when we don't have feedback vectors, and once
feedback vectors are allocated we will turn the prototypes fast anyway.
Bug: v8:8394, v8:8860
Change-Id: Ib2247e5e921f6375bda65310560ac832fd0339bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561316
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60818}
... all of the kind that modifies the accumulator but no other
registers. Also move a few of that kind out of the IGNORED_BYTECODES
list, where they didn't belong.
R=mslekova@chromium.org
Bug: v8:7790
Change-Id: I67189750e5e01fc8a3b6b5117b61a0d21837693a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561320
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60817}
Previously we had some kind of self-healing when calling lazy accessor
pairs via InvokeApiFunction(), but we also have other paths for calling
into FunctionTemplateInfos directly, which didn't do this check. Since
we already walk the heap when installing the DebugBreakTrampoline, and
compile all uncompiled functions, we can also just forcibly instantiate
all the lazy accessor pairs at that time and not have to worry about the
break-at-entry later.
Bug: v8:178, v8:7596, v8:8834
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Change-Id: I514392cf328fc8ed0b80ad19009f32e20ff850b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1565890
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60813}
To keep things simple, we just ensure that the spill slots always
contain full uncompressed pointers before GC sees them.
Bug: v8:8977, v8:7703
Change-Id: I54eab1b3e79e8525200139e487ff64d82ae157e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564198
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60811}
This is a reland of 21adacab88
The failure that caused this revert is unrelated to this change
and is fixed in a separate CL (https://crbug.com/v8/9123).
Original change's description:
> Reserve two in-object properties slots for JSErrors
>
> The most common use-case for creating errors is "new Error('message')".
> The resulting JSError object has two properties. The message passed to
> the constructor and an accessor for the stack.
>
> This CL reserves two in-object property slots for these two, so no
> PropertyArray has to be created.
>
> Bug: v8:9116
> Change-Id: I84467453446f333bf65425807707ee6581894e61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564195
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60791}
Bug: v8:9116
Change-Id: I5b0e0183ca0cbc55739aae9097c08aee34b4fa54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564059
Auto-Submit: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60809}
This reverts commit 1416d5a565.
Reason for revert: blocks roll https://chromium-review.googlesource.com/c/chromium/src/+/1564550
Original change's description:
> [map] Support in-place field representation changes.
>
> This adds a new flag --modify-field-representation-inplace (enabled by
> default), which lets the runtime perform field representation changes
> for Smi to Tagged or for HeapObject to Tagged in-place instead of
> creating new maps and marking the previous map tree as deprecated.
>
> That means we create (a lot) fewer Maps and DescriptorArrays in the
> beginning and also need to self-heal fewer objects later (migrating
> off the deprecated maps). In TurboFan we just take the "field owner
> dependency" whenever we use the field representation, which is very
> similar to what we already do for the field types. That means if we
> change the representation of a field that we used in optimized code,
> we will simply deoptimize that code and have TurboFan potentially
> later optimize it again with the new field representation.
>
> On the Speedometer2/ElmJS-TodoMVC test, this reduces the total execution
> time from around 415ms to around 352ms, which corresponds to a **15%**
> improvement. The overall Speedometer2 score improves from around 74.1
> to around 78.3 (on local runs with content_shell), corresponding to a
> **5.6%** improvement here. 🎉
>
> On the CNN desktop browsing story, it seems that we reduce map space
> utilization/fragmentation by about 4-5%. But since we allocate a lot
> less (fewer Maps and DescriptorArrays) we also significantly change
> the GC timing, which heavily influences the results here. So take this
> with a grain of salt. 🤷♂️
>
> Note: For Double fields, this doesn't change anything, meaning they
> still create new maps and deprecate the previous map trees.
>
> Bug: v8:8749, v8:8865, v8:9114
> Change-Id: I694a53f87ae5caeb868fd98a21809b66d4297d35
> Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
> Doc: http://bit.ly/v8-in-place-field-representation-changes
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561132
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60764}
TBR=jarin@chromium.org,neis@chromium.org,ishell@chromium.org,bmeurer@chromium.org,verwaest@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:8749, v8:8865, v8:9114
Change-Id: I666975d08d51bbe7ab4faec9428b9a1f88e9b322
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564208
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Michael Hablich <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60807}
This reverts commit ffe6940fbc.
Reason for revert: Breaks UBSan bot
Original change's description:
> Reland^2 "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 251d1623f3
>
> The reland fixes ASAN component builds by adding RTTI build config to both
> torque executables. Big thanks to sigurds for finding the fix.
>
> Original change's description:
> > Reland "[torque] Throw exception instead of aborting if something goes wrong"
> >
> > This is a reland of 3bd49f9b90
> >
> > The issue on the windows bot is apparently a compiler bug in MSVC related to
> > move construction. The fix seems to be to change the order of the fields in
> > "JsonParseResult" (go figure).
> >
> > Drive-by-change: Fix LS on windows by emitting correct line endings and
> > enabling exceptions for the LS executable as well.
> >
> > Original change's description:
> > > [torque] Throw exception instead of aborting if something goes wrong
> > >
> > > This CL enables exceptions for the Torque compiler and Torque language
> > > server. Instead of aborting when something goes wrong during
> > > compilation, a TorqueError is thrown, containing the error message
> > > and a source position. The compiler executable still prints the error
> > > and aborts, while the language server will pass this information
> > > along to the client (not included in this CL).
> > >
> > > R=danno@chromium.org
> > >
> > > Bug: v8:8880
> > > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#60512}
> >
> > Bug: v8:8880
> > Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> > Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60736}
>
> Bug: v8:8880
> Change-Id: Iba198d771169283e83e74324f27aa9e90b8d8975
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563770
> Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60804}
TBR=sigurds@chromium.org,tebbi@chromium.org,szuend@chromium.org
Change-Id: I30ccec8ac28158c102a4e9a01074432172685f96
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564207
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60805}
This is a reland of 251d1623f3
The reland fixes ASAN component builds by adding RTTI build config to both
torque executables. Big thanks to sigurds for finding the fix.
Original change's description:
> Reland "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 3bd49f9b90
>
> The issue on the windows bot is apparently a compiler bug in MSVC related to
> move construction. The fix seems to be to change the order of the fields in
> "JsonParseResult" (go figure).
>
> Drive-by-change: Fix LS on windows by emitting correct line endings and
> enabling exceptions for the LS executable as well.
>
> Original change's description:
> > [torque] Throw exception instead of aborting if something goes wrong
> >
> > This CL enables exceptions for the Torque compiler and Torque language
> > server. Instead of aborting when something goes wrong during
> > compilation, a TorqueError is thrown, containing the error message
> > and a source position. The compiler executable still prints the error
> > and aborts, while the language server will pass this information
> > along to the client (not included in this CL).
> >
> > R=danno@chromium.org
> >
> > Bug: v8:8880
> > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60512}
>
> Bug: v8:8880
> Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60736}
Bug: v8:8880
Change-Id: Iba198d771169283e83e74324f27aa9e90b8d8975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563770
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60804}
This CL changes the Symbol "stack_trace_symbol" to directly hold a
FrameArray instead of wrapping it with a JSArray first.
Bug: v8:9115
Change-Id: I2ac0b1fb380211568abdc6d9f50431c405349dec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564060
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60801}
For synchronous compilation, the foreground thread takes part in
compilation. It should only compile Liftoff functions though, otherwise
it might unnecessarily delay initial compilation by executing expensive
TurboFan units.
Drive-by: Minor refactoring to avoid else after return.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: Ibf994a9a48417943652f13096419afd73cb59f85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564192
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60800}
This fix build error(mksnapshot) on mips64el after
https://crrev.com/c/1526009. We should implements
"compress changes" functions on mips64, but now mips64 build
failed while enable pointer compression, we need port some
more pacth to mips64, for example: https://crrev.com/c/1477215
Change-Id: I745cc9b0cf60825f526720db7f5eaedd923b4634
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549133
Commit-Queue: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60799}
See intent to ship here: https://groups.google.com/forum/#!topic/v8-users/zM05lYEBVog
wasm-module-builder.js is also changed to use the new syntax for specifying a table
index in an element segment. In the MVP, the table index was always zero. The
reference types proposal adds support for multiple tables, and originally used this
value to specify a non-zero table index. The bulk memory proposal needed a way to
specify a passive element segment, so it re-purposed the table index as a flags field
and uses a different field for the table index.
Bug: v8:7747
Change-Id: If24f2d04e88a29b714f1a78ed417803bae702c76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560215
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60796}
This is particularly useful to fuzzers that seek to provoke
optimization.
Bug: v8:9119
Change-Id: I729f72a0e22686fbd56793875175c230e0230823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564196
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60794}
This reverts commit 21adacab88.
Reason for revert: Breaks Mac64 GC Stress Bot
Original change's description:
> Reserve two in-object properties slots for JSErrors
>
> The most common use-case for creating errors is "new Error('message')".
> The resulting JSError object has two properties. The message passed to
> the constructor and an accessor for the stack.
>
> This CL reserves two in-object property slots for these two, so no
> PropertyArray has to be created.
>
> Bug: v8:9116
> Change-Id: I84467453446f333bf65425807707ee6581894e61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564195
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60791}
TBR=jgruber@chromium.org,bmeurer@chromium.org,szuend@chromium.org
Change-Id: I4667c4f49b3244d7809e8605b3858e246858a413
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9116
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564200
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60792}
The most common use-case for creating errors is "new Error('message')".
The resulting JSError object has two properties. The message passed to
the constructor and an accessor for the stack.
This CL reserves two in-object property slots for these two, so no
PropertyArray has to be created.
Bug: v8:9116
Change-Id: I84467453446f333bf65425807707ee6581894e61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564195
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60791}
This unifies the logic used for foreground compilation and background
compilation. The main thread used a separate
{FetchAndExecuteCompilationUnit} function so far, which implements the
same as the {BackgroundCompileTask}, but without compiling in batches.
This CL removes that method, and uses the same
{ExecuteCompilationUnits} method from both foreground and background
tasks.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: Id30edb766c46d860a5b0ef45386af7e9fd6a1cc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564191
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60790}
This avoids accessing the page flags of all old generation PagedSpace pages when starting sweeping.
Bug: v8:9093
Change-Id: Ibdfb35f3e368107f8c364c9498312b01edce47d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554688
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60789}
It should work when Object.defineProperty is used to set a new value for seal object.
Add more test to cover this case as well.
Bug: chromium:951374
Change-Id: Idbbcc052b627587c71d5b5252340130d0fdfd595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1562470
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60786}
Instead of a hack in the {AsyncCompileJob}, handle empty modules by
just calling the callbacks for "baseline finished" and "top tier
finished" immediately, at the point where compilation would be started
usually.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: Id7b32fe2508e5a8902c60865f7f7d675a7a02610
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564054
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60785}
This adds references to HeapObject fields to Torque.
The syntax is based on Rust (which is essentially C pointer syntax).
The type &T is a reference to T (which must be a scalar type for now).
We can create references from field access expressions, using the
addressof(&) operator:
&obj.fieldname
To read or assign a reference, we use the dereference(*) operator:
*someref = *otherref
This CL also uses references internally normal class field accesses,
but only if there is no overload for field accessor functions.
This allows to have overloaded field accessors for a subtype like
FastJSArray. However, there is a change in behavior in that an
operator ".fieldname" will stop reference creation and will therefore
also stop write access to a class field of the same name. That's why
this CL had to add a write overload ".length=" for FastJSArray.
References desugar to a pair of a tagged HeapObject pointer and an
untagged offset into this HeapObject. On the CSA-side, they are
represented by the C++ struct
struct TorqueReference {
TNode<HeapObject> object;
TNode<IntPtrT> offset;
};
Bug: v8:7793
Change-Id: Ica6468d47847bd68fb6b85f731cf8fbe142fa401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557151
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60780}
The {code_table_} in {NativeModule} is protected by the
{allocation_mutex_}. The {code} and {code_table} accessors did not
acquire this lock though.
This CL removes the unsafe {code_table} accessor, renames {code} to
{GetCode} and protects it by a lock.
R=mstarzinger@chromium.org
Bug: v8:9112
Change-Id: Id2df68460b4c10291a49b4016b9574e02744e8b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561315
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60779}
The field type can always be generalized in-place, even for root maps.
There's no need to create defensive copies in this case. This happens
for example in the superWrapper in the Speedometer2/EmberJS-Debug test.
Bug: v8:8834, v8:9114
Change-Id: Ief05516d0e9d84850c52d2cf8815953ef77d5223
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1562131
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60778}
On x64, we allocate one big code region such that we can use near jumps
and near calls. The jump table did not make use of that design yet.
This CL changes that by emitting jump table slots as near jumps. This
also speeds up patching jump table slots significantly, since far jumps
populate the inline constant pool, which is unneeded overhead in this
case.
As a drive-by, this CL cleans up the API of near_call and near_jmp. The
current semantics is broken, and only works because this is only used
for WebAssembly calls which are patched anyway after code generation.
Also, x64 now uses the same path in test-jump-table-assembler.cc as
arm64 to ensure that all targets are within near-call-distance.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: Iffc34e248b72167307ffdab62dd2212c4ae86a32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561313
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60777}
Change-Id: Ic31b33ef4c290aee31be2d66295978908f568775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563410
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60775}
When clearing a DebugInfo, we need to check whether that function is
currently executing and, if so, update the on-stack BytecodeArray
pointer to refer to the original BytecodeArray. Otherwise, the original
BytecodeArray might get flushed, which can cause problems when
attempting to resume execution of the function.
Bug: v8:9067
Change-Id: Ief28a501294f5a34052e13f618fa084311eaa0b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548573
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60774}
Some code - especially WebAssembly - does not make use of the code
target vector. Unconditionally reserving 100 entries adds unnecessary
overhead e.g. to jump table patching (~10%). This CL just removes this
reservation.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: I671820f3eb413fa2d03cef4bbf06adfc7a585266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559868
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60772}
The current NumberEqual check ignores -0 when it is stored to
a constant unboxed double field containing 0.
Bug: v8:9113
Change-Id: I7eb59ca8af09ab7317da3c6ce9c9cedad81f6cae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561317
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60771}
This doesn't seem to provide any noticable performance wins, and just
adds more (generated) code. On a synthetic micro-benchmark for accessing
dictionary elements I was able to measure only a <1% difference for
loads and barely 1-2% for stores. That doesn't seem to be enough of a
reason to add four unrolled iterations of the lookup loop in all kinds
of places.
Bug: v8:5787, v8:8834
Change-Id: Iab8f71bf70a5518589ed4999a5be21d268ba1081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563774
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60770}
... and ensure that runtime behaviour is in sync with the IC code.
Bug: chromium:950747, v8:9113
Change-Id: Ied66c9514cbe3a4d75fc71d4fc3b19ea1538f9b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561319
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60768}
Previously we'd need to eagerly compile upon access to function.length for a
lazy function. The preparser already computes function.length, however, so we
can store that information in the already available preparse data.
Change-Id: I19007c9db5839e8038291fb4433866303935f089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564190
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60767}
MicrotasksScope has accidentally ignored the given MicrotaskQueue instance
when it's scoping out. That confused the embedder to start using the non
default MicrotaskQueue.
Change-Id: Id345605cf6520cd073429b08698de75f7681d93c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1563836
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60765}
This adds a new flag --modify-field-representation-inplace (enabled by
default), which lets the runtime perform field representation changes
for Smi to Tagged or for HeapObject to Tagged in-place instead of
creating new maps and marking the previous map tree as deprecated.
That means we create (a lot) fewer Maps and DescriptorArrays in the
beginning and also need to self-heal fewer objects later (migrating
off the deprecated maps). In TurboFan we just take the "field owner
dependency" whenever we use the field representation, which is very
similar to what we already do for the field types. That means if we
change the representation of a field that we used in optimized code,
we will simply deoptimize that code and have TurboFan potentially
later optimize it again with the new field representation.
On the Speedometer2/ElmJS-TodoMVC test, this reduces the total execution
time from around 415ms to around 352ms, which corresponds to a **15%**
improvement. The overall Speedometer2 score improves from around 74.1
to around 78.3 (on local runs with content_shell), corresponding to a
**5.6%** improvement here. 🎉
On the CNN desktop browsing story, it seems that we reduce map space
utilization/fragmentation by about 4-5%. But since we allocate a lot
less (fewer Maps and DescriptorArrays) we also significantly change
the GC timing, which heavily influences the results here. So take this
with a grain of salt. 🤷♂️
Note: For Double fields, this doesn't change anything, meaning they
still create new maps and deprecate the previous map trees.
Bug: v8:8749, v8:8865, v8:9114
Change-Id: I694a53f87ae5caeb868fd98a21809b66d4297d35
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: http://bit.ly/v8-in-place-field-representation-changes
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561132
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60764}
v8 currently detects ABI by checking OS and endianness,
but this is not sufficient to properly detect cases in
which the ELFv2 ABI is used on big-endian Linux systems.
Update these checks to use additionally use the _CALL_ELF
macro in order to properly handle such cases.
This issue was initially discovered by the Adélie Linux team.
Change-Id: Iefc0510963d93e59d6c62469a505c70c594bb14a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1555424
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60759}
In file include/v8config.h we define:
ifdef V8_OS_WIN
...
if defined(_M_X64) || defined(__x86_64__)
define V8_OS_WIN_X64 true
endif
and V8_OS_WIN_X64 is supposed to be defined when targeting X64 on Windows only.
But this is wrong because V8_OS_WIN_X64 gets defined also on an ARM64 builds
when the host machine is X64. It should instead be:
ifdef V8_OS_WIN
...
if defined(V8_TARGET_ARCH_X64)
define V8_OS_WIN_X64 true
endif
Bug: v8:9090
Change-Id: I88e4c46bb6df1efa2070d4e1785081d71df96f0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554222
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60758}
This CL makes sure that Crashpad on Chromium will behave exactly like it did
before we added code to emit unwinding info, even when FLAG_win64_unwinding_info
is not set.
In particular, before merging the Chromium CL:
https://chromium-review.googlesource.com/c/chromium/src/+/1474703/
that modifies Crashpad to use the new function SetUnhandledExceptionCallback(),
we need to make sure that Isolate::Init() will call
win64_unwindinfo::RegisterNonABICompliantCodeRange() even when
FLAG_win64_unwinding_info is false.
In that case RegisterNonABICompliantCodeRange will only register unwind info to
invoke the Crashpad exception handler for unhandled exceptions.
Note that RegisterNonABICompliantCodeRange will be a no-op with the current
Crashpad code that never calls SetUnhandledExceptionCallback().
Bug: v8:8661
Change-Id: I63d845e9dca79ddd5978dfb43b626ace50078e80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554119
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60757}
When getting the starting address of a data segment, you can't use
`&vector[offset]` if offset is equal to the length of the vector. This
can happen when the length of the segment is 0.
The fix is to use Vector::SubVector instead.
Bug: v8:9106
Change-Id: Icf8968cc246c6d217d8061f76fb2631c2292433c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560405
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60755}
The wasm engine is the same for all units, thus we should store (or
get) it in the compilation task, and not store it duplicated in each
compilation unit.
R=mstarzinger@chromium.org
Bug: v8:8916, v8:8343
Change-Id: Id4b062b5b8a52228b4d6051a67e025088a61d466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559863
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60754}
If the runtime does not transition in keyed store IC miss handler,
avoid generating transitioning handler since this could make
the receiver map non-stable. (The optimizing compiler does not like
non-stable fast prototype maps.)
Bug: chromium:950328
Change-Id: I113880d2033518e3eb8fd11df1599e56a67d7fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559867
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60752}
This is a reland of Ie3ac389e1c082d1671efd4d74abc076ce943301b with a fix
for MSAN failures.
Interrupt budget was store in bytecode array and used to be shared
across all contexts. With lazy feedback allocation, using context
independent interrupt budget might lead to performance cliffs when
we have closures that do not share the same feedback (for ex: across
contexts). This would be a problem even earlier but it could be
more pronounced with feedback vector allocation, since the budgets
for optimization is much higher (144x) than the budget for feedback
allocation.
Bug: chromium:948835, v8:8394
Change-Id: I74f998c30e27caf3bd34510f4d7f57b65e6c7f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561072
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60750}
This reverts commit 251d1623f3.
Reason for revert: Breaks ASAN debug builders for ClusterFuzz, see https://ci.chromium.org/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20ASAN%20-%20debug%20builder/8115
Original change's description:
> Reland "[torque] Throw exception instead of aborting if something goes wrong"
>
> This is a reland of 3bd49f9b90
>
> The issue on the windows bot is apparently a compiler bug in MSVC related to
> move construction. The fix seems to be to change the order of the fields in
> "JsonParseResult" (go figure).
>
> Drive-by-change: Fix LS on windows by emitting correct line endings and
> enabling exceptions for the LS executable as well.
>
> Original change's description:
> > [torque] Throw exception instead of aborting if something goes wrong
> >
> > This CL enables exceptions for the Torque compiler and Torque language
> > server. Instead of aborting when something goes wrong during
> > compilation, a TorqueError is thrown, containing the error message
> > and a source position. The compiler executable still prints the error
> > and aborts, while the language server will pass this information
> > along to the client (not included in this CL).
> >
> > R=danno@chromium.org
> >
> > Bug: v8:8880
> > Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> > Reviewed-by: Daniel Clifford <danno@chromium.org>
> > Commit-Queue: Simon Zünd <szuend@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#60512}
>
> Bug: v8:8880
> Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60736}
TBR=danno@chromium.org,tebbi@chromium.org,szuend@chromium.org
Change-Id: I0b22db1652bd46fbb7167f75b710ed5e408ea8ac
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8880
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561311
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60747}
This CL moves frames.tq and arguments.tq to the front of the file
list when compiling Torque files.
Note that order independent compilation will most likely be
implemented in the near future, at which point this code becomes
obsolete.
R=tebbi@chromium.org
Bug: v8:8880
Change-Id: I7e32637925c28202f9b017a568bc06ae5bd595b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561210
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60746}
Make the tracing code and output more consistent and/or compact.
Also, restrict --trace-heap-broker to reports about missing data and
introduce a new flag --trace-heap-broker-verbose that prints everything.
Bug: v8:7790
Change-Id: I6e678fb97bf8631428594f77d8b5f0909ab2e281
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559864
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60745}
Avoiding the helper function to get the time in milliseconds avoids
redundantly getting the current platform and simplifies code.
R=mstarzinger@chromium.org
Bug: v8:8916
Change-Id: Ie7214f896a14f45aef359ea095a4b0532aeccf77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1561070
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60744}
Instead of having sequential compilation implemented as a separate
path, we can just use the existing parallel compilation path, and
restrict the number of parallel compilations (if deterministic
compilation is required).
R=mstarzinger@chromium.org
Bug: v8:9104
Change-Id: Ia12c6e45455834a131b3d2ed55f5fe9132903d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552782
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60740}
The generic HashTableBase approach was producing the wrong results for
the over-allocation, so I'm using the HashTable template now, which
seems to produce the right results.
Also distinguish properties backing stores for prototypes from regular
properties backing stores (since we're primarily interested in the
prototypes for now).
Bug: v8:7266
Change-Id: I5bbda6851f0320168ada1beb104042d0052c9a17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559869
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60737}
This is a reland of 3bd49f9b90
The issue on the windows bot is apparently a compiler bug in MSVC related to
move construction. The fix seems to be to change the order of the fields in
"JsonParseResult" (go figure).
Drive-by-change: Fix LS on windows by emitting correct line endings and
enabling exceptions for the LS executable as well.
Original change's description:
> [torque] Throw exception instead of aborting if something goes wrong
>
> This CL enables exceptions for the Torque compiler and Torque language
> server. Instead of aborting when something goes wrong during
> compilation, a TorqueError is thrown, containing the error message
> and a source position. The compiler executable still prints the error
> and aborts, while the language server will pass this information
> along to the client (not included in this CL).
>
> R=danno@chromium.org
>
> Bug: v8:8880
> Change-Id: Iad83c46fb6a91c1babbc0ae7dbd94fbe4e7f1663
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526003
> Reviewed-by: Daniel Clifford <danno@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60512}
Bug: v8:8880
Change-Id: I00e6591bbb4c516dd7540a7e27196853bc637f11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545995
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60736}
This reverts commit f39944853f.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/26128
Original change's description:
> [interpreter] Move interrupt budget from BytecodeArray to FeedbackCell
>
> Interrupt budget was store in bytecode array and used to be shared
> across all contexts. With lazy feedback allocation, using context
> independent interrupt budget might lead to performance cliffs when
> we have closures that do not share the same feedback (for ex: across
> contexts). This would be a problem even earlier but it could be
> more pronounced with feedback vector allocation, since the budgets
> for optimization is much higher (144x) than the budget for feedback
> allocation.
>
> Bug: chromium:948835, v8:8394
> Change-Id: Ie3ac389e1c082d1671efd4d74abc076ce943301b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558088
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60734}
TBR=jarin@chromium.org,mlippautz@chromium.org,mythria@chromium.org,jgruber@chromium.org,bmeurer@chromium.org
Change-Id: Icbec4d28d6ac258827e222461cff51f2a2f42472
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:948835, v8:8394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1560990
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60735}
Interrupt budget was store in bytecode array and used to be shared
across all contexts. With lazy feedback allocation, using context
independent interrupt budget might lead to performance cliffs when
we have closures that do not share the same feedback (for ex: across
contexts). This would be a problem even earlier but it could be
more pronounced with feedback vector allocation, since the budgets
for optimization is much higher (144x) than the budget for feedback
allocation.
Bug: chromium:948835, v8:8394
Change-Id: Ie3ac389e1c082d1671efd4d74abc076ce943301b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558088
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60734}
@@replace should only call ToString(replaceValue) once. Prior to this
CL this was not the case when
1. the given regexp is fast
2. the replacement is not callable
3. and its string representation contains a '$'.
In such a situation we'd call ToString both in the RegExpReplace
builtin, and after bailing out again in the RegExpReplaceRT runtime
function.
The fix is to pass the result of ToString(replaceValue) to the runtime
function. ToString in RegExpReplaceRT will be a no-op since the value
is already guaranteed to be a string.
Bug: chromium:947822
Change-Id: I14b4932a5ee29e49de4c2131dc2e98b50d93da49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559739
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60733}
The resolve/reject callbacks to PerformPromiseAll is refactored out so
that we can just pass different closures for PerformPromiseAllSettled.
Similarly, a closure to update the value is passed to
Generate_PromiseAllResolveElementClosure so that we can create a
diferrent value in case of Promise.allSettled.
Bug: v8:9060
Change-Id: I4e1bebe6da4ea0965a67cccc8365ed91cf4683c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559216
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60732}
- Add a new ClassScope for block scopes created for classes.
- Add a VariableMap in the class scope for private name resolution,
and a separate UnresolvedList for private names that will be resolved
only using ClassScopes. These are stored in RareData and will only be
allocated when there are private name declaration or access in the
class.
Design: https://docs.google.com/document/d/1l-D70uaHzXU8QVgQZ3ACikb3FLO6LTAfQVdGDXsh5mw/edit?usp=sharing
TBR: hpayer@chromium.org
Bug: v8:8330
Bug: v8:7468
Change-Id: I78191fc075f7f195f6c56c959773c382346cce8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1488271
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60726}
Avoid divide by zero for empty elements backing stores, and generally
don't account for empty_property_array / empty_fixed_array.
Bug: v8:7266
Change-Id: I5d1c5f43165810f7ec3bcebf3caf1bc737b46e59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559865
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60724}
Design docs: bit.ly/fast-frozen-sealed-elements-in-v8
This change is only support the transition from packed elements to packed sealed elements (via object.seal) or to packed frozen elements (via object.freeze).
Added tests for non-extensible, sealed, frozen packed elements in https://chromium-review.googlesource.com/c/v8/v8/+/1474559
Added tests for non-extensible array in optimized code in https://chromium-review.googlesource.com/c/v8/v8/+/1531030 and https://chromium-review.googlesource.com/c/v8/v8/+/1544274
Using JSTests/ObjectFreeze micro-benchmarks for release build
Before:
TaggedTemplate-Numbers(Score): 0.967
TaggedTemplateLoose-Numbers(Score): 8.82
After:
TaggedTemplate-Numbers(Score): 1.51
TaggedTemplateLoose-Numbers(Score): 8.89
Bug: v8:6831
Change-Id: Ib1089f1bc02eafb8d76ffe617f8fa3e406abd5a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1474559
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60723}
This stages wasm code gc behind "--future" to get test coverage while
implementing this feature.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Id620ee92518c4dd9cebc0fd47817bfc80e5cf3f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559741
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60722}
This adds the {CurrentGCInfo} data structure to the wasm engine. It
holds all information needed for the current GC cycle, which is
currently only the set of Isolates that still need to report their live
code, and the set of dead wasm code (which is potentially reduced when
Isolates report live code).
Running the GC is guarded by the new '--wasm-code-gc' flag. I will add
this to the --future variant in a follow-up CL.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I82e96d986cf5a758bc0f94e49e13ad78fae4e935
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559738
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60721}
The --js-arguments flag is gone since https://crrev.com/c/1291469.
This CL removes a remaining reference to that, and as a drive-by
changes the proposed '--noflag' to '--no-flag'.
R=petermarshall@chromium.org
Bug: v8:8834
Change-Id: I69a8d008e87949d64329b4350197ba0651b54340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558087
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60720}
This reverts commit 84853ad1a1.
Reason for revert: Blocking LKGR because of Arm timeouts, see
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm%20-%20sim%20-%20debug/16047
Original change's description:
> [turbofan] Temporarily disable OSR for performance data
>
> Just set the flag --use-osr to false by default.
> If it's set to true on the command line, then it'll be on.
>
> I'd like to get some performance metrics on various tests spread
> throughout our performance bot infrastructure.
>
> Change-Id: I1ebc33264505af080901e531dca625452880f81b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558089
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60693}
TBR=mvstanton@chromium.org,mslekova@chromium.org
Bug: chromium:950934
Change-Id: I6c713f33f491bda49cd1d1d2f155f1971217089e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559859
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60719}
This adds data structures to track potentially dead code in the wasm
engine. The engine will then trigger an engine-wide GC once the
potentially dead code reaches a certain threshold.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I13216a66bb8e8e1594b165a65708e53057e9e535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559736
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60718}
This adds support for passing/returning reference type parameter/return
values when the interpreter is calling extern functions. It expands the
existing test coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-interpreter,mjsunit/wasm/anyfunc-interpreter
BUG=v8:8091,v8:7581
Change-Id: I377e9d28aa36866c0441683ffd6a48160b721ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559853
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60715}
Rename the (mksnapshot-specific) --ebt-os flag to --target-os. This
flag specifies the target os for mksnapshot-generated files,
specifically for embedded.S.
In the future we should base all of embedded-file-writer.cc on this
(and an upcoming --target-arch) flag and remove other current
cross-compilation workarounds (e.g.: V8_TARGET_OS_WIN,
V8_TARGET_OS_FUCHSIA).
Bug: chromium:945659,v8:9103
Change-Id: I814fa8c5d4ee9ca0542f63dcae790086d887bbe2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559748
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60711}
This change aims to simplify RawMachineAssembler::CallCFunction
interface by use of variadic templates.
Change-Id: Ie7081f692f62674f891f09abfd7149e8d95eeb81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1526015
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60710}
Instead optimize based on the name feedback. This simplifies matters
for concurrent optimization.
Drive-by: Rename "index" to "key" for clarity where appropriate.
Bug: v8:7790
Change-Id: Id6db1174c7840c24044bc655e0ffee6a5b0de21c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559742
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60709}
The new @generatePrint annotation automatically generates ...Print
methods for objects from their Torque class definition. While this
is mostly geared towards objects derived from Struct, it works on
any Torque class.
Bug: v8:7793
Change-Id: Iaa772879d397b95c7853dafdd9f09a85dbde8e35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557152
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60708}
Drive-by fix: In ProcessFeedbackForGlobalAccess, we had forgotten to
return the feedback when it already existed.
Bug: v8:7790, v8:9094
Change-Id: Ie4be6cef5755bbdd9d8ed472caaa2e32d243893d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554680
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60705}
The {remaining_uncommitted_code_space} method is only used for testing.
This CL removes it, and replaces all uses by {committed_code_space}.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: Icb50471da3564a5cd114b15836c8b346b932a108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559735
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60704}
We currently store the {remaining_uncommitted_code_space_}. This CL
switches this to store {total_committed_code_space_} plus the maximum
allowed (in {max_committed_code_space_}). This counter will be used by
the GC to decide when to trigger a GC.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I5946bbd3ba18e9fcbca4631afb942cd5b82834f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558084
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60702}
This adds support for loading and storing mutable imported globals
having a reference type in the interpreter. It expands existing test
coverage to the interpreter.
R=clemensh@chromium.org
TEST=mjsunit/wasm/anyref-globals-interpreter
BUG=v8:8091,v8:7581
Change-Id: I78e0c5c73664a183e1d92ec91eadf8b9a93e4787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559743
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60701}
Removing the 'native' flag from ParseInfo removed the last use-site
of this flag.
R=jgruber@chromium.org
Bug: v8:9043
Change-Id: I0e28d77c571c25c7925e8e372e631a9630492c25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550705
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60700}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in src/snapshot to 'using' declarations.
R=jgruber@chromium.org
Bug: v8:8834
Change-Id: Ie555e9ac7e1ec04c20d411647f8ab70f671c1cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545903
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60699}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in src/debug to 'using' declarations.
R=jgruber@chromium.org
Bug: v8:8834
Change-Id: I205e14a0b230a26119e5b209a2bcec493a8815e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545901
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60698}
When compilation hints are disabled (they are by default) the decoder
failed on custom sections with the name 'compilationHints'. This is
fixed and a test is added.
Bug: v8:9003
Change-Id: I5d25c019a702a722d8baf497d1bcd3a578a2d4bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557150
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60696}
This adds support for handling reference types when loading/storing
globals. Support for imported mutable globals is still missing and will
be done in a follow-up change.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-global-interpreter
BUG=v8:8091,v8:7581
Change-Id: I0d14919b1ce7f49c4a0541e3d6a99ee203cfb311
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558086
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60695}
In mksnapshot, we only need to ensure we generate counter code in
(embedded) builtins, if needed. The counter function does not need to do
anything useful as long as it returns unique pointers for each counter,
and we don't need to dump counters.
Tbr: petermarshall@chromium.org
Change-Id: I94a53ef5193b89365948d0395e1908e6d3c6e396
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549159
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60694}
Just set the flag --use-osr to false by default.
If it's set to true on the command line, then it'll be on.
I'd like to get some performance metrics on various tests spread
throughout our performance bot infrastructure.
Change-Id: I1ebc33264505af080901e531dca625452880f81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1558089
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60693}
In RecordVirtualBytecodeArrayDetails() check whether the BytecodeArray
has a source position table before accessing it, otherwise it will just
crash with --enable-lazy-source-positions.
Bug: v8:8510
Change-Id: I1250e89faf836a8d5976ca98c14b6b7314bacb98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1559730
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60692}
See the changes in BUILD.gn for an explanation of why a new flag is necessary.
It's likely that current usages of V8_TARGET_OS_* and V8_TARGET_ARCH_* also need
to change, but this is good enough for now to ensure both Win/cross/x86 and
Win/cross/x64 build.
BUG=chromium:945659
R=machenbach,thakis
TBR=jgruber
Change-Id: Ie2765db91a1c0d8c72ccf42c9d7fece792d9b252
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1542500
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60687}
This adds preliminary support for references types as argument or return
values to functions that are redirected to the interpreter. The current
interpreter entry stub remains unchanged, using one buffer area that is
hidden from the GC. The corresponding {Runtime_WasmRunInterpreter} now
correctly boxes/un-boxes reference types into handles. This switch to a
handlified representation happens before any method that potentially
triggers a GC is called.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-anyref-interpreter
BUG=v8:8091,v8:7581
Change-Id: I41c766ed5ac877042d5964e72f3fd7df390c4e98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557147
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60684}
This CL contains a bunch of different improvements to the existing
object stats, namely:
- Introduce DEPRECATED_DESCRIPTOR_ARRAY_TYPE virtual instance type to
also estimate the memory overhead of DescriptorArrays for deprecated
Maps.
- Do proper over-allocation computating for inobject fields in JSObjects.
- Introduce OBJECT_PROPERTY_ARRAY_TYPE virtual instance type and properly
compute over-allocation for PropertyArrays
- Compute over-allocation for JSObject/JSArray elements properly.
- Correctly report JSFunction and JSCollection like the other
JSObjects, specifically report over-allocation properly for the
instances itself and for the elements/properties backing stores.
- Implement correct over-allocation computation for hash tables in
ObjectStatsCollectorImpl::RecordHashTableVirtualObjectStats().
Bug: v8:7266
Change-Id: I9cadd703266dc90911a8e7420c3b00dcee82b06d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557139
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60683}
Flag syntax is explained in a comment in flags.h, but we can make d8
easier to learn for new people if we also expose that explanation in the
--help text.
Change-Id: I7fd9ad0e545c2d9110119c0283bb14d665bcf19e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1555061
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60682}
For CheckNonEmptyString we not only need to rule out that the input is
not the empty string, but also make sure that the input is actually a
string, hence we need to do a proper instance type check in the general
case.
Bug: chromium:949996, chromium:947949, v8:8834, v8:8931, v8:8939, v8:8951
Change-Id: Icc260d735d19337bba4bb71570a6c6385e47c310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557146
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60681}
The JSInliningHeuristic is now completely heap-access free. JSInliner
still includes Allow* guards and will be brokerized as a follow-up CL.
R=neis@chromium.org
Bug: v8:7790
Change-Id: I6df5d8515bb8bd8d512e8442e4f4dba9ebe9dd2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1528437
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60680}
This ensures that ApiObjects in V8 are not dropped if they are
currently used as WeakCollection keys. As proxy to determine key
status we use the presence of the identity hash on the object.
R=ulan@chromium.org
Bug: v8:8557, chromium:949244
Change-Id: Ifa0e24be44431a0200fd6a1d9898cd366b940bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557143
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60675}
We would only increment write barrier counters from the the MacroAssembler's
RecordWrite method which is only used in limited cases. Instead, we should
increment it inside the RecordWrite stub, this way we catch all uses, including
WASM.
Also, we had a static counter aimed at telling us how many barriers exist in
generated code, as opposed to how many are executed. This counter was not
functional since the compiler isn't aware of counters at the moment. Let's just
remove it to avoid confusion.
Change-Id: I6b173ab858c8984ef03ede225afdc999ba82b5c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1524483
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#60673}
Remove unused includes and add includes that were indirect.
Remove UnboundQueue which was not used anywhere.
Change-Id: If47faac45fc9c16a27453ecabed927ea00df3045
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1557136
Auto-Submit: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60672}
The --trace-gc-verbose flag was mistakenly reporting the generic LO space size
in place of the *code* LO space size.
Change-Id: Iddb83b540b0e0a201aa358649d91ef606721e0be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554693
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60665}
This is a reland of 63608968b6
The previous CL failed on Windows, but it was a general bug. The
dropped_elem_segments was not being set on the instance properly in
cctests, so`table.init` instructions would fail by reading uninitialized
data.
I took this opportunity to also add an implementation of
`elem.drop` in the interpreter, and ported the JS tests for those too.
Original change's description:
> [wasm] Implement table.init for interpreter
>
> This also fixes CheckCallViaJS when a trap occurs. In that case, the
> trap callback is called instead of an exception being thrown, so if it
> isn't handled, a bogus result will be returned instead.
>
> Bug: v8:8965
> Change-Id: I560e89f353756df23c062fb8c9484d9971c19253
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1539078
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Smith <binji@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60473}
Bug: v8:8965
Change-Id: Ia547d9530b7ca67fde5bd94539f49153b796e82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547142
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60664}
As part of one of the stack trace refactorings, this field moved from
StackFrameInfo to the StackTraceFrame class, but was not properly
removed.
R=petermarshall@chromium.org
Bug: v8:8742
Change-Id: I18b9bd7650eed0f5bdb0823da9fdefb6afa3491e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550800
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60659}
This makes sure that the implicit operand stack slot used for passing an
exception from the throw-site to the catch-site is counted against the
maximum stack height.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-rethrow-interpreter
BUG=v8:8091
Change-Id: I7e8f47ba4662eb273792e7508207f67588264a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554683
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60658}
This introduces a new PROTOTYPE_DESCRIPTOR_ARRAY_TYPE, which is used to
be able to distinguish DescriptorArrays for prototypes from regular
ones. This is primarily useful for the live objects, since for dead
DescriptorArrays we will likely not be able to figure out whether they
belong to a prototype Map, unless they die together.
Bug: v8:7266
Change-Id: I4b8e0008cc8bae607778151b7c18d30f4efba88d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554687
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60654}
This is a reland of d746be9ceb
Original change's description:
> [wasm] Use work-stealing queues for background compilation
>
> This reduces contention on the mutex protecting the {CompilationState}
> by splitting the compilation unit queues into several queues (one per
> background task). Each task executes its own queue first, and steals
> from other queues once it runs out of work.
> The implementation of the set of work-stealing queues is encapsulated
> in the new {CompilationUnitQueues} class in module-compiler.cc.
>
> R=titzer@chromium.org
>
> Bug: v8:8916
> Change-Id: I5a40314917e7d4a35d7ff9e8ec124ec212beacab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543350
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60572}
Bug: v8:8916
Change-Id: Ic0cbad0ddc31be24715c5490b9ec71a39186fd3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549172
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60653}
Typed arrays with elements cannot be frozen, but this function
previously would have falsely reported that they are after
an `Object.freeze()` call. Since the latter bails out when
the object is already frozen, the effect was that when calling
`Object.freeze()` on a typed array more than once, the first call
would throw and subsequent ones would not.
Change-Id: I75e59f51ebb94797cdf39bac4ec4c25c547e70a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552781
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60652}
This introduces new virtual instance types to further diagnose what's
going on in MapSpace, namely:
- MAP_ABANDONED_PROTOTYPE_TYPE includes all the abandoned (fast-mode)
prototype maps.
- MAP_DEPRECATED_TYPE includes all the deprecated (fast-mode) maps.
- MAP_DICTIONARY_TYPE includes all the dictionary-mode maps.
- MAP_PROTOTYPE_DICTIONARY_TYPE includes all the prototype maps in
dictionary-mode.
- MAP_PROTOTYPE_TYPE includes all the prototype maps in fast-mode.
- MAP_STABLE_TYPE includes all the (fast-mode) stable (leaf) maps.
Those maps who don't fall into any of the buckets above are categorized
as MAP_TYPE (as before).
The naming was chosen like this to make it possible to filter for the
relevant maps in the object stats via 'MAP_.*_TYPE'.
Bug: v8:7266
Change-Id: I233734e96a390ddb391bfff8a34a8fec842d1f7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554685
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60651}
This ensures the lifetime of reference values on the simulated operand
stack of the interpreter is coupled to a lifetime of the {ThreadImpl}.
We no longer directly store reference values on the stack, but maintain
a separate "reference stack" on the GC'ed heap. This will ensure the GC
traces such references properly.
The new {StackValue} safety wrapper makes sure all use-sites that access
the operand stack properly convert to/from handles when dealing with
reference values.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-interpreter
BUG=v8:8091,v8:7581
Change-Id: I8c05f2d945a6def943b89be0cfca538a73df8855
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552791
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60650}
This expose v8::Context::DetachGlobal() as Realm.detachGlobal() in d8,
so that we can test API behaviors on Blink's detached iframes.
Change-Id: I4de1dd1a20d5862aba709e36d1d6afa9b221df6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554322
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60649}
This is the first step towards full huge typed array support in V8.
Before this change, the JSTypedArray::length and the elements backing
store length (FixedTypedArrayBase::length) were used more or less
interchangeably to determine the number of elements in a JSTypedArray.
With this change we disentangle these two lengths, and instead make
JSTypedArray::length authoritative. For on-heap typed arrays, the
FixedTypedArrayBase::length will remain the number of elements in the
backing store, but for the off-heap typed arrays, this length will be
set to 0 (matching the fact that the FixedTypedArrayBase instance does
not contain any elements itself).
This also unifies the JSTypedArray::set_/length() and length_value()
methods to only have JSTypedArray::set_/length() which returns/takes
size_t values. Currently this still requires the values to be in Smi
range, but later we will extend this to allow arbitrary size_t values
(in the safe integer range).
Bug: v8:4153, v8:7881
Change-Id: Iff9089130bb31fa9e08e0cf913e7ab52c3dbf107
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Doc: http://doc/1Z-wM2qwvAuxH46e9ivtkYvKzzwYZg8ymm0x0wJaomow
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543729
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60648}
Locks for compilation state callbacks and for the native module are
again taken one after the other. As a consequence, publishing compiled
Wasm code again happens in parallel. Compile times are now comparable to
before lazy hints were enabled.
Bug: chromium:949050
Change-Id: I45c52254d046de080938bd131fd3ed8116660bef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552787
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60646}
This reverts commit 1fb26d837f.
Reason for revert: Flushes out TSan issues: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20TSAN/25782
Original change's description:
> [regalloc] Enable control flow aware allocation
>
> This is a test to see how much and where we regress. We have seen
> some quirks of our current allocator that do not show up in this
> new approach, so we need to decide whether to stabilize the new
> allocation scheme. Performance numbers are a key indicator for that
> decision.
>
> This patch is intended to be reverted after stability and performance
> numbers are in (i.e. after a few days).
>
> Change-Id: I8df8ff7de8efa82a8abbdfa1d21d7877756f129e
> Bug: v8:9088
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552786
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60643}
TBR=mstarzinger@chromium.org,jarin@chromium.org,sigurds@chromium.org
Change-Id: Ia1934b01b0909479b2bd52ba686cc9b3fb364b4b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1554682
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60645}
This is a test to see how much and where we regress. We have seen
some quirks of our current allocator that do not show up in this
new approach, so we need to decide whether to stabilize the new
allocation scheme. Performance numbers are a key indicator for that
decision.
This patch is intended to be reverted after stability and performance
numbers are in (i.e. after a few days).
Change-Id: I8df8ff7de8efa82a8abbdfa1d21d7877756f129e
Bug: v8:9088
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552786
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60643}
Some state related to WasmMemories is cached on the JSArrayBuffer
object (is_growable, is_wasm_memory). The problem with this is in
some PostMessage flows, this information can get lost depending on
how JSArrayBuffers are deserialized. In this particular case when
the WasmMemory is postMessaged, it goes through the Blink
DedicatedWorkerMessagingProxy::PostMessageToWorkerGlobalScope flow,
which reconstructs the ArrayBuffer from the backing store, and size,
and loses the is_growable flag, leading to a failure to grow memory.
Moving the is_growable flag so that AllocationData can be the source
of truth for all wasm memory state, and is consistently preserved
across PostMessage.
Change-Id: I775f66ddeff68b8cafc18b75ca5460dfb0343c8b
Bug: v8:9065
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549789
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60641}
Indexed fields in classes can now be initialized using iterators
and a spread syntax, e.g.:
class Foo {
length: Smi;
elements[length]: Object;
}
new Foo{length: 5, elements: ...iter};
where iter implements Torque's iterator protocol. This protocol
requires the definition of a method with the following signature:
Next(): <type> labels NoMore;
Where <type> is the Torque type of the values to be iterated.
In the case of indexed field initialization, the type must be
the field's type or a subtype thereof.
Field initialization with spread is desugared into a loop that
calls the spread iterator's Next method and assigns each
returned value in order to the corresponding indexed field
element.
The general machinery for the spread syntax has been added to
the ast and parser, however, it can currently only be used in
the specific context of indexed field initialization. Spread
operators used in any other context will cause an error.
Bug: v8:7793
Change-Id: If071e61db8166573c28d13318879c88ba96f6d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550407
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60639}
We only use the safe math helpers (CheckedNumeric<T>) in very few
places. The headers are huge though, and complex. They are pulled in to
839 of our object files, increasing compilation time.
I also find the implicit checks more easy to understand than the complex
logic in CheckedNumeric.
Thus, this CL removes the safe_math headers and implements bounds
checks for the five uses explicitly.
R=jkummerow@chromium.org, mlippautz@chromium.org
Bug: v8:8834
Change-Id: I2d60f95799ee61cfa161354428605f67829cd736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547651
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60630}
It's implied by the last clause of the conjunction.
Change-Id: I78a810a259888eda696c77cd6c117b35ef9e861a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549171
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60627}
Context::microtask_context can be null after v8::Context::DetachGlobal
is called, and that should cancel microtasks that are associated to
the detached context.
However, there are several callers left without the null check to the
microtask queue, and that causes crashes.
This CL adds the null check and cancellation as the crash fix.
Bug: chromium:937784
Change-Id: Ie8d107f28f200cee6e75798e3f72c5ed7a2a461c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545139
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60623}
This changes the syntax for constructing structs and classes to explicitly
mention the fieldnames, similar to JavaScript object literals.
The fields still have to be listed in the same order as in the struct/class
declaration.
As in Javascript, {foo: foo} can be abbreviated as {foo}.
Example:
macro NewJSArray(implicit context: Context)(
map: Map, elements: FixedArrayBase): JSArray {
return new JSArray{
map,
properties_or_hash: kEmptyFixedArray,
elements,
length: elements.length
};
}
Drive-by cleanup: Make struct and class constructors follow the same pattern
in the parser and the AST.
Bug: v8:9018 v8:7793
Change-Id: I22ff7f68270e4f406aa80731a709d41ea52f52bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1551999
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60622}
Don't record samples from machines without high-resolution timers,
as that can cause serious reporting issues. See the thread at
http://g/chrome-metrics-team/NwwJEyL8odU/discussion for more details.
Bug: v8:9074
Change-Id: I8f9b588b249f944c4bc95feedf56960b28db9ddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1552001
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60621}
This is port for https://crrev.com/c/1524482
Original commit message:
This allows immediates to be encoded directly into instructions, rather than
mov-ing constants to registers first.
This patch only changes emit_{i64,i32}_add, other emit_ functions will be changed once
this approach has been approved.
Bug: v8:9038
Change-Id: I96929f870e54b24403a32428f3db31b42f41087a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545148
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60619}
Just rely on calling toString. This matches other vendor's implementations.
BUG=chromium:948257
R=dgozman@chromium.org
Change-Id: I325a12dd47712263a1ef4deee0bb2de9c4a1c656
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545124
Reviewed-by: Pavel Feldman <pfeldman@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60617}
Making 43K of room for landing ICU64.
Size Change (on x64.release)
D8 before 23,683,192
D8 after 23,639,296
Reduce 43,896 bytes
Bugs: v8:8348
Change-Id: I057f7d59e955a2e5e017873e5b3b5daf5b142ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1478710
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60616}
This is a part of porting Proxy-related builtins to Torque.
Spec: https://tc39.github.io/ecma262/#sec-proxy.revocable
Bug: v8:6664
Change-Id: I5f53eb4dff8ff9d3156b601652f3f86ede25fc1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1529261
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60613}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in interpreter code to 'using' declarations.
R=leszeks@chromium.org
Bug: v8:8834
Change-Id: Ide1e8a35a56a840b36b3ceab1307df1bcab94acd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545900
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60609}
This CL enables adding code to the top-most {WasmCodeRefScope} when
either adding code to the {NativeModule} (we have a nice choke point
for that in {PublishCodeLocked}), or when looking up existing code from
a {NativeModule}.
It also enables the DCHECK that for each such operation, there must be
an enclosing {WasmCodeRefScope}.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: Ie93ca0b31b1577bef074923b3d228a9f214a909c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533861
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60608}
When TurboFan optimizes field access, we need to check first that the
runtime already determined the correct field representation properly.
If the field representation is still None, we cannot optimize this in
TurboFan straight away but we have to call the IC to let the runtime
do the magic.
Bug: chromium:944865
Change-Id: I032a48824e83806e1be7670346f518b258a9dd65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549167
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60607}
The native flag is a left-over from self-hosted JavaScript. Currently
only the empty function and empty script are marked native.
This CL removes the native flag from the ParseInfo,
UnoptimizedCompilationInfo and its handling in the bytecode generator.
R=leszeks@chromium.org
Bug: v8:8834,v8:9043
Change-Id: I60726e28ce83cc84249e9c49bdc88d81f0a695c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545079
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60606}
Using the Isolate's allocator when creating the WasmModule can lead to
use-after-free situations when the NativeModule is shared across
Isolates.
R=mstarzinger@chromium.org
Bug: v8:9079
Change-Id: I5a564852179cc5b9d4cbad2a002d3b6e14b01968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550404
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60605}
This adds new timed histograms to measure the time that TurboFan spends
on various compilation phases on a per function bases. This includes the
following new counters:
- V8.TurboFanOptimizePrepare
Time spent in the preparation phase of TurboFan optimization. Recorded
on each regular optimization of a function.
- V8.TurboFanOptimizeExecute
Time spent in the execution phase of TurboFan optimization. Recorded on
each regular optimization of a function.
- V8.TurboFanOptimizeFinalize
Time spent in the finalization phase of TurboFan optimization. Recorded
on each regular optimization of a function.
- V8.TurboFanOptimizeTotalForeground
Total time spent on the main thread during TurboFan optimization.
Recorded on each regular optimization of a function.
- V8.TurboFanOptimizeTotalBackground
Total time spent on a background thread during TurboFan optimization.
Recorded on each regular optimization of a function.
- V8.TurboFanOptimizeTotalTime
Total time from starting optimizing to installing the code object.
Recorded on each regular optimization of a function.
- V8.TurboFanOptimizeForOnStackReplacementPrepare
Time spent in the preparation phase of TurboFan optimization for On
Stack Replacement (OSR). Recorded on each optimization for on-stack
replacement of a function.
- V8.TurboFanOptimizeForOnStackReplacementExecute
Time spent in the execution phase of TurboFan optimization for On Stack
Replacement (OSR). Recorded on each optimization for on-stack replacement
of a function.
- V8.TurboFanOptimizeForOnStackReplacementFinalize
Time spent in the finalization phase of TurboFan optimization for On Stack
Replacement (OSR). Recorded on each optimization for on-stack replacement
of a function.
- V8.TurboFanOptimizeForOnStackReplacementTotalTime
Total time from starting optimizing for On Stack Replacement (OSR) to
installing the code object. Recorded on each optimization for on-stack
replacement of a function.
This should give us a good overview and guide/validate future work on
the concurrent optimization pipeline.
Bug: v8:7790, v8:9074
Change-Id: I96573cd1da472684d06624b7573e4afd6efca99c
Doc: http://doc/1umgFxjLQ9p22lVS_BdhmAlo1o9xnxnWlhVi_HMWNktM
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547864
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60604}
With lazy feedback allocation we load the interrupt budget from the
ClosureFeedbackCellArray instead of the bytecode array. The factory method
that constructs the ClosureFeedbackCellArray ensures we have a field for
interrupt budget. So, it is safe to omit bounds check here. Including the
bounds check increases the size of all jump bytecode handlers by around
~120 bytes. This translates to ~9-10KB of the native code size on Android.
Bug: chromium:948835
Change-Id: I8e10b3f630097728ae9e520bfb0d85dfc0f806ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550403
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60603}
On arm processors, we need to have some kind of subexpression
elimination running after memory optimizer, so that we reuse index
calculation for loads and stores. This CL introduces a small cleanup
phase after memory optimizer.
Bug: chromium:947225
Change-Id: Ifda7b348d968d58f31947a4ba139863059f4112d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547664
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60602}
This seals any surrounding {HandleScope} when the interpreter enters the
main interpreter loop. It ensures that there are no accidental leaks of
handles into the surrounding scope and enforces that operations dealing
with handles open their own scope.
R=clemensh@chromium.org
Change-Id: I43d479129bef60beb7565022b24577f8bf1dc522
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550401
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60601}
This adds preliminary support for handling the "br_on_exn" opcode in the
interpreter. It also makes "catch" and "rethrow" use a proper exception
reference instead of a dummy value.
To that end this also adds {Handle<>} as a new kind of {WasmValue} which
is intended to pass reference values (e.g. "anyref" or "except_ref") to
the runtime system. Therefore lifetime of such a {WasmValue} is directly
coupled to any surrounding {HandleScope}.
For now we just store {Handle<>} directly on the simulated operand stack
of the interpreter. This is of course bogus, since the surrounding scope
does not outlive the interpreter activation. Decoupling the lifetime of
the operand stack from a {HandleScope} will be done in a follow-up CL.
As a drive-by this change also implements support for the "ref_null" and
the "ref_is_null" opcodes as a proof-of-concept that the new {WasmValue}
is also applicable to the "anyref" reference type.
R=clemensh@chromium.org
TEST=cctest/test-run-wasm-interpreter/ReferenceTypeLocals
BUG=v8:8091,v8:7581
Change-Id: I2307e0689a19c4aab1d67f1ba6742cb3cc31aa3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1550299
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60598}
In the process turn the Torque's Arguments type into a real struct
and add interoperability with it and CSA's CodeStubArguments.
This change is motivated by the desire to include Arguments
in structs (e.g. iterators), which is not possible for constexpr
fields.
Bug: v8:7793
Change-Id: I840538b84c4c58fee75e0b9cd3bdbb3b96a6b948
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549162
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60597}
- Use IsInRange
- Convert scale to index using >>1 which works for 1, 2, 4
- Use mask to check Reads/Writes accumulator
Change-Id: Iaeb2236a2d179dc70b62fa599c08984800170336
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541039
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60595}
During instantiation, exceptions can be thrown when looking up the
imports, e.g. because of proxies. If the exception is thrown
internally, before actually calling out to JS code, it won't be
externally caught.
This CL removes the DCHECK that errornously checked that a pending
exception was externally caught.
R=mstarzinger@chromium.org
Bug: chromium:948228
Change-Id: Idbdb340167c1943f78397cc9b310ef5743755726
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547855
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60593}
Const-qualified fields are allowed in both classes and structs.
In both cases, const fields can only be set via initialization
during construction.
Drive-by: unitialized -> uninitialized
Bug: v8:7793
Change-Id: Idec08df30f7897c756b7dd6f2b10bb6012fefb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547853
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60592}
The tiers are now consistently referred to as baselin and top tier.
Bug: v8:9003
Change-Id: I74ad1867aca63bee9eb83b7f0f9fbaf2b1523dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547667
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60591}
Adds the notion of a "source type" to CpuProfileNode instances, hinting
at the underlying source of the function or state that resulted in the
generation of the node.
Bug: v8:9001
Change-Id: Ie14c54d41b99eb02f54b423fa5d939e9d7f63785
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1510576
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60590}
This CL uses MemCopy in CopyElements, because we think that the input
FixedArrays can never overlap. This CL also adds a DCHECK to ensure
this. If our assumption is wrong, it will be interesting to learn why.
Change-Id: Ib8258b934f43b82b1281481c592762e43b35938f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549154
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60589}
The cache also needs to keep the code alive. The code objects are
import wrappers and not wasm functions (which we will focus on first),
but eventually we would also like to collect unused import wrappers.
This CL explicitly increments the ref count when {WasmCode} is added
to the cache, and derements all ref counts in the destructor.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I1bfb276b25b359d83900147e75ec47788e1fa8de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535825
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60588}
Includes both changing from compressed pointers and to compressed pointers.
Also added tests to the representation changer test
B
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng,v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:8977
Change-Id: I8a13f6b7ec2208442aa354949173cc9061bce168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533866
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60587}
This introduces a helper class for the immediates to a "br_on_exn"
instruction. It is basically a wrapper around a pair of existing
immediates to simplify PC offset calculations. This is similar to what
is being done for e.g. {MemoryCopyImmediate} already.
R=clemensh@chromium.org
BUG=v8:8091
Change-Id: I85a552baa6bfa78304abc6cf9509aef365d47057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547865
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60586}
Even though both are allowed in the style guide, it recommends to use
'using', as its syntax is more consistent with the rest of C++.
This CL turns all typedefs in src/regexp to 'using' declarations.
R=jgruber@chromium.org
Bug: v8:8834
Change-Id: I2765c3465fec7e8c42c3a84b924522f220ab5676
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1545904
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60585}
All standard containers provide a method named {empty} to check whether
the container is empty. On {base::Vector}, that method is named
{is_empty}, while {empty} is an unused factory method for creating an
empty {Vector}.
This CL renames {is_empty} to {empty} and removes the unused factory
method.
R=leszeks@chromium.org
Bug: v8:8834
Change-Id: I686bd07527801fbe783c412bc241221d8ec3660a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547862
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60584}
They are already filtered by the incremental marker.
Change-Id: If43a16d54a2b0eb7d6a36482d3439fc7191c31a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549160
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60583}
This is a reland of 3cda21de77
Original change's description:
> V8 x64 backend doesn't emit ABI compliant stack frames
>
> On 64 bit Windows, the OS stack walking does not work because the V8 x64
> backend doesn't emit unwinding info and also because it doesn't emit ABI
> compliant stack frames. See
> https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0/edit
> for more details.
>
> This problem can be fixed by observing that V8 frames usually all have the same
> prolog and epilog:
>
> push rbp,
> mov rbp, rsp
> ...
> pop rbp
> ret N
>
> and that it is possible to define XDATA (UNWIND_CODEs) that specify how Windows
> should walk through V8 frames. Furthermore, since V8 Code objects are all
> allocated in the same code-range for an Isolate, it is possible to register a
> single PDATA/XDATA entry to cover stack walking for all the code generated
> inside that code-range.
>
> This PR contains changes required to enable stack walking on Win64:
>
> EmbeddedFileWriter now adds assembler directives to the builtins
> snapshot source file (embedded.cc) to emit additional entries in the .pdata and
> in the .xdata section of the V8 executable. This takes care of stack walking
> for embedded builtins. (The case of non-embedded builtins is not supported).
> The x64 Assembler has been modified to collect the information required to emit
> this unwind info for builtins.
>
> Stack walking for jitted code is handled is Isolate.cpp, by registering
> dynamically PDATA/XDATA for the whole code-range address space every time a new
> Isolate is initialized, and by unregistering them when the Isolate is
> destroyed.
>
> Stack walking for WASM jitted code is handled is the same way in
> wasm::NativeModule (wasm/wasm-code-manager.cpp).
>
> It is important to note that Crashpad and Breakpad are already registering
> PDATA/XDATA to manage and report unhandled exceptions (but not for embedded
> builtins). Since it is not possible to register multiple PDATA entries for the
> same address range, a new function is added to the V8 API:
> SetUnhandledExceptionCallback() can be used by an embedder to register its own
> unhandled exception handler for exceptions that arise in v8-generated code.
> V8 embedders should be modified accordingly (code for this is in a separate PR
> in the Chromium repository:
> https://chromium-review.googlesource.com/c/chromium/src/+/1474703).
>
> All these changes are experimental, behind:
>
> the 'v8_win64_unwinding_info' build flag, and
> the '--win64-unwinding-info' runtime flag.
>
> Bug: v8:3598
> Change-Id: Iea455ab6d0e2bf1c556aa1cf870841d44ab6e4b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1469329
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Paolo Severini <paolosev@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#60330}
Bug: v8:3598
Change-Id: If988baf7d3e4af165b919d6e54c1ad985f8e25e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1534618
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#60581}
Adds the following UMA counters:
- V8.GCMarkingSum: Overall time spent in marking per GC cycle
- V8.GCMainThreadMarkingThroughput: Overall marking throughput
considering marking time spent on the main thread and
allocated bytes after GC. Only reported if more than 1MB of
live objects have been marked in the cycle.
Bug: chromium:945806
Change-Id: I24a37bf59f02da9aba984bed9de62fdb39be8882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547657
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60579}
There was a negation missing in the check.
Bug: chromium:948559
Change-Id: I54cfdd8b83771d80aebe506e4c2793cef301e48b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549164
Auto-Submit: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60578}
This reverts commit d746be9ceb.
Reason for revert: Speculative revert because this CL *might* cause timeouts on several bots:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20predictable/23351
Original change's description:
> [wasm] Use work-stealing queues for background compilation
>
> This reduces contention on the mutex protecting the {CompilationState}
> by splitting the compilation unit queues into several queues (one per
> background task). Each task executes its own queue first, and steals
> from other queues once it runs out of work.
> The implementation of the set of work-stealing queues is encapsulated
> in the new {CompilationUnitQueues} class in module-compiler.cc.
>
> R=titzer@chromium.org
>
> Bug: v8:8916
> Change-Id: I5a40314917e7d4a35d7ff9e8ec124ec212beacab
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543350
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60572}
TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org
Change-Id: I92d8862ec0ff0002160a62ed9df9b044fc95c93d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8916
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1549166
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60576}
This is a reland of 660d828790
Original change's description:
> [debug] Mark toLocaleString and TA#join builtins as side-effect free.
>
> Bug: chromium:940373
> Change-Id: If5f90ff5f873f0687c6a6a4063e0d09d6bbbd556
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533157
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
> Cr-Commit-Position: refs/heads/master@{#60440}
Bug: chromium:940373
Change-Id: I03fe4c06cad9848db211739170462d52ce3f7acf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538791
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#60575}
... which doesn't respect address hints when reserving an address space
region and therefore makes it impossible to fulfill V8 heap alignment
requirements.
As a workaround we just overreserve address space to ensure that we
will be able to find a properly aligned 4GB subregion.
Bug: v8:7703
Change-Id: Ibf54e5e13131c2640a448944e3a3bae937c8b938
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547861
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60574}
This reduces contention on the mutex protecting the {CompilationState}
by splitting the compilation unit queues into several queues (one per
background task). Each task executes its own queue first, and steals
from other queues once it runs out of work.
The implementation of the set of work-stealing queues is encapsulated
in the new {CompilationUnitQueues} class in module-compiler.cc.
R=titzer@chromium.org
Bug: v8:8916
Change-Id: I5a40314917e7d4a35d7ff9e8ec124ec212beacab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1543350
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60572}
This happened because {EphemeronKeyWriteBarrierFromCode} will also be
called if both table and key are in old-space, and key is an evacuation
candidate.
Bug: chromium:948307, v8:8557
Change-Id: Ic1284209584b74cb343163e4beec632a3f1544b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547858
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60568}
Bug: v8:7790
Change-Id: I44c722357434a32ae9400a0e44dbc522dafe873a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547849
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60567}
This CL adds all the necessary {WasmCodeRefScope}s in the code base, or
at least a good approximation. A follow-up CL will enable a check that
a {WasmCodeRefScope} exists whenever a pointer to a {WasmCode} object
is returned from the {NativeModule}. This should flush out any missing
scopes.
R=titzer@chromium.org
Bug: v8:8217
Change-Id: I54c7eb39aeb1acde38273c399396e6b1390a4cb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1533860
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60566}
Don't just DCHECK that intrinsic calls are one-byte, but explicitly
check and return (a failure) when they are not.
Bug: chromium:948248
Change-Id: If2c16f337e9c97e5a585d21a51a985f4abbe1c29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547857
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60565}
This is a reland of 09fa63a935
Original change's description:
> [wasm-hints] Enabled Lazy Compilation by Hint
>
> Hints for lazy compilation are now taken into consideration. If the
> custom hints section suggests lazy compilatin we do so unless the module
> consists of a single function.
>
> Bug: v8:9003
> Change-Id: Ibdc400453cee20d4d5c814733887b38fb675b220
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535827
> Commit-Queue: Frederik Gossen <frgossen@google.com>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60557}
Bug: v8:9003
No-Try: true
Change-Id: I8d6f4518aa548c815fba4e6e62d2206129336cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547851
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60564}
In {TryAllocateBackingStore} we already have two gc-and-retry loops.
This CL adds a third one, and pulls out the gc-and-retry loop to a
helper method.
R=ulan@chromium.org
Bug: v8:8898, chromium:909723
Change-Id: I830aa86b899223825d2e6abfcbacad0ccbf3485b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547666
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60562}
This is a reland of dd07cbcfdf
Original change's description:
> PPC/S390: [heap] Clean-up keys of oldspace weakmaps during scavenge
>
> Port 6604f1826d
>
> Original Commit Message:
>
> This CL adds handling for cleaning up weakmap (EphemeronHashTable)
> keys during scavenge, even if the weakmap resides in oldspace.
>
> Change-Id: Idf8b6115e57b1229864afefe6ffee85acb5e7547
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1538320
> Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
> Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
> Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
> Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
> Cr-Commit-Position: refs/heads/master@{#60446}
Change-Id: I8136d873cfc399c84a4daf4de9a1043f016561cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1546561
Auto-Submit: Milad Farazmand <miladfar@ca.ibm.com>
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#60560}
Lower the interrupt budget so we allocate feedback vectors earlier.
The earlier budget of 2048 causes ~3% regressions in speedometer. From earlier
experiments, there was no noticeable memory savings between 2048 and 1024.
Bug: v8:8394
Change-Id: I6327e22c4df60c262420975f2e204cdbacefb485
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547662
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60559}
This reverts commit 09fa63a935.
Reason for revert: Falkes on https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20shared/29942
Original change's description:
> [wasm-hints] Enabled Lazy Compilation by Hint
>
> Hints for lazy compilation are now taken into consideration. If the
> custom hints section suggests lazy compilatin we do so unless the module
> consists of a single function.
>
> Bug: v8:9003
> Change-Id: Ibdc400453cee20d4d5c814733887b38fb675b220
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535827
> Commit-Queue: Frederik Gossen <frgossen@google.com>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#60557}
TBR=mstarzinger@chromium.org,clemensh@chromium.org,frgossen@google.com
Change-Id: I18dd424fe8cf05f220f7498bb1ebe4b9fce7d240
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547668
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60558}
Hints for lazy compilation are now taken into consideration. If the
custom hints section suggests lazy compilatin we do so unless the module
consists of a single function.
Bug: v8:9003
Change-Id: Ibdc400453cee20d4d5c814733887b38fb675b220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1535827
Commit-Queue: Frederik Gossen <frgossen@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60557}
It is not safe to access flags from concurrent marking visitor. We access
FLAG_flush_bytecode and FLAG_stress_flush_bytecode when visiting
SharedFunctionInfo and JSFunction to decide if we need to collect bytecode.
This cl adds a bytecode_flushing_mode which will be initialized when creating
the visitor. This way we can avoid accessing flags.
Bug: v8:9045
Change-Id: I84bf09ec2dd1543abad54bd87f8bf953830b89e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541108
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60553}
We added %PrepareForOptimization, that holds the bytecode array strongly until the
function is optimized, to test using assertOptimized. This function expects that the
function is optimized before preparing the next function for optimization. In some
tests, we may not explicitly optimize a function because it got inlined into other
functions or if it was already optimized. This cl relaxes this condition and holds
onto multiple bytecode arrays.
Bug: v8:8801, v8:8395
Change-Id: Iebccc4a798aa3f35be9ee295eb3c4917da659c22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541055
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60552}
Drive-by: make sure that Allocate node consistently take intptr
input as size (as opposed to sometimes intptr, sometimes int32).
Bug: v8:8984
Change-Id: Ida56b9788cd11b470cc866f1b7df71f03ef0075f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1541037
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#60551}
