This adds initial support for concurrently patching jump table slots. It
is needed once different Isolates share code (for the --wasm-shared-code
feature). We need to ensure that instructions holding the target address
within a jump table slot do not cross cache-line boundaries. To do this,
the jump table has been split into consecutive pages.
Note that this also adds a stress test for multiple threads hammering at
a single slot concurrently. The test is currently limited to the ia32
and the x64 architecture, but will be extended to cover others. The test
reliably triggers tearing of the target address on almost every run of
the test and hence serves to prevent regressions.
R=clemensh@chromium.org
TEST=cctest/test-jump-table-assembler
BUG=v8:8018
Change-Id: Ife56bbb61ffcae5d8906ca7b8c604b195603707c
Reviewed-on: https://chromium-review.googlesource.com/1163664
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54942}
Map::AsElementsKind returns the given map if it already has the desired
elements kind.
Change-Id: Ia9c92eabdb28c82da376eb87f0117dc76414240d
Reviewed-on: https://chromium-review.googlesource.com/1164368
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54941}
For async instantiation of WebAssembly code we had the assumption that
a pending exceptions (an exception which comes from
execution JS code) and an ErrorThrower error cannot occur at the same
time. This assumption turned out to be wrong. With this CL we handle
this case by prefering pending_exceptions over ErrorThrower errors.
In addition I extended the tests for failing instantiation to also
exercise async instantiation, and I added a regression test.
R=clemensh@chromium.org
Bug: chromium:870646
Change-Id: I4cb54ff8642ad4ea193b20f79905c9f6508c2b2e
Reviewed-on: https://chromium-review.googlesource.com/1163511
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54940}
MIPSr1 doesn't support SEB and SEH instructions and this
causes test InstructionSelectorTest.Word32SarWithWord32Shl to fail.
This CL disables this test on MIPSr1.
TEST=unittests/InstructionSelectorTest.Word32SarWithWord32Shl
Change-Id: I284a85210bd0d38374ca339671643560e8a305e2
Reviewed-on: https://chromium-review.googlesource.com/1164363
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#54939}
This reverts commit 5414884aec.
Reason for revert: breaks the roll due to not testing CrOs
Original change's description:
> [api] Remove deprecated functions
>
> Removes all V8_DEPRECATED functions that weren't recently marked as well
> any V8_DEPRECATE_SOON function that relied on using the address of
> an object to get hold of the Isolate.
>
> Normally we would have advanced the V8_DEPRECATE_SOON methods to
> V8_DEPRECATE in this release and removed them in the follow release, but
> their continuing presence blocks the work on creating a shared
> Read-Only space where some objects would not belong to any single
> Isolate. In preparation chromium and node.js (via the v8/node github)
> have been modified in advance.
>
> Bug: v8:7786
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I8b4b06189896d94aff908ebcd121b3b38f9b482a
> Reviewed-on: https://chromium-review.googlesource.com/1154915
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54915}
TBR=yangguo@chromium.org,delphick@chromium.org
Change-Id: Iaf23e04d55a95b01b0423effa6cde3c0be5e2ba8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1164902
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54937}
A recent refactoring accidentally disabled the code path that keeps
negative indices for TypedArrays on the fast path.
Change-Id: I89bbb414f54d04f85af77c6d205705906925c61e
Reviewed-on: https://chromium-review.googlesource.com/1164469
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54932}
- DCHECK(IsMipsArchVariant(kMips32r2) || IsMipsArchVariant(kMips32r6)) is failed.
- I tried not to select instruction kMipsSeb in case of kMips32r1.
R=ivica.bogosavljevic@mips.com
Bug: v8:8006
Change-Id: If07450b1a35b4e9cb608344e137c032381da224d
Reviewed-on: https://chromium-review.googlesource.com/1160073
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54931}
- Solves a problem for PPC in a configuration where commit page size
is 64K. https://chromium-review.googlesource.com/c/v8/v8/+/1149515
- Uses existing VM allocation code to get properly aligned memory.
- Makes sure the size for SetPermissions is a multiple of system page
size.
Bug:chromium:756050
Change-Id: Ib3799ab7a3bb44b0091c234234c1cc47938379c2
Reviewed-on: https://chromium-review.googlesource.com/1161210
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54930}
We want to limit these cases since they result in unecessary work on background threads
doing the streaming parse / compile, and delay the script execution unecessarily
while waiting for the streamer to complete.
BUG=chromium:865098
Change-Id: Ibb3346c2e644bb333521d876d00aeb9cc063b6aa
Reviewed-on: https://chromium-review.googlesource.com/1163669
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54929}
Now we can remove FixedArrayOfWeakCells (this was the last user).
Previous try: https://chromium-review.googlesource.com/1150170
BUG=v8:7308
Change-Id: Ie924e379ea8bbd797430e3ca591019fe001e78ad
Reviewed-on: https://chromium-review.googlesource.com/1154909
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54928}
In Liftoff, bugs often happen only if specific cache states are
constructed. For this, longer sequences of instructions are needed.
Thus, add a few rules to increase the chance of generating longer
sequences.
R=ahaas@chromium.org
Change-Id: I8f112edf0280282bf275585e8a15772013c25245
Reviewed-on: https://chromium-review.googlesource.com/1158695
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54927}
This CL is the first step towards a SetProperty stub, by adding a
stub that redirects to the runtime and replacing every runtime
call-site with a call to this stub.
A followup CL will then add an implementation to the stub similar
to KeyedStoreGenericAssembler::KeyedStoreGeneric().
R=cbruni@chromium.org, jgruber@chromium.org
Change-Id: Iff2f913988cada6220d54817d94d011ad6de2b77
Reviewed-on: https://chromium-review.googlesource.com/1163519
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54926}
- Trigger serialization for more objects, such as some root maps.
- Serialize more data for certain object kinds.
- Add macros for convenience.
- Mark a few functions as const.
R=jarin@chromium.org
Bug: v8:7790
Change-Id: Id39b97e93728c0b3d87d9546bdf68abd04496c05
Reviewed-on: https://chromium-review.googlesource.com/1158572
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54923}
This is in preparation of making sure that jump table slots don't cross
cache line boundaries. It is only introducing helper functions for back
and forth conversion between "index" and "offset", but should not make
any functional changes yet.
R=ahaas@chromium.org
BUG=v8:8018
Change-Id: I6ab525f9b89a6a15414c043a54c9fffb527a1ab6
Reviewed-on: https://chromium-review.googlesource.com/1163517
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54922}
Check each dependency's validity again right before installing it,
because a GC during preceding installations can theoretically trigger
invalidation for some dependency kinds.
Also inline the IsSane checkers into the constructors.
R=jarin@chromium.org
Change-Id: I1331dee27f01e8fd07cb953dddfed72fd1841559
Reviewed-on: https://chromium-review.googlesource.com/1161933
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54920}
Node.js is using AdjustAmountOfExternalAllocatedMemory to get
external memory from V8 [1]. In addition, they have a unittest
that verifies that AdjustAmountOfExternalAllocatedMemory returns
the correct value [2]. This CL proposes a new way to report
external memory through HeapStatistics.
[1]07cb69720b/src/node_process.cc (L187)
[2]https://github.com/nodejs/node/blob/master/test/parallel/test-memory-usage.js
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia58ed0bab1c1d4ee23672e1347b9a00b6705a43c
Reviewed-on: https://chromium-review.googlesource.com/1162156
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54919}
Previously, Intl.PluralRules was mostly implemented in JavaScript. This
patch moves most of the constructor and parts of other methods to C++.
The size of the Intl.PluralRules object is reduced by not storing
MinimumIntegerDigits, MinimumFractionDigits, MaximumFractionDigits,
MinimumSignificantDigits, MaximumSignificantDigits. Instead these are
looked up from icu::DecimalFormat as required.
Another optimziation is that we don't create the result of
resolvedOptions when the Intl.PluralRules object is constructed, but
instead defer until this method is called. In the future, we may want
to cache the result.
This patch also cleans up several error handling paths that shouldn't
happen with ICU and instead just crashes should it ever happen.
Bug: v8:5751
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I84c5aa6c25c35fe2d336693dee1b36bf3dcd4a79
Reviewed-on: https://chromium-review.googlesource.com/1158701
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54917}
Removes all V8_DEPRECATED functions that weren't recently marked as well
any V8_DEPRECATE_SOON function that relied on using the address of
an object to get hold of the Isolate.
Normally we would have advanced the V8_DEPRECATE_SOON methods to
V8_DEPRECATE in this release and removed them in the follow release, but
their continuing presence blocks the work on creating a shared
Read-Only space where some objects would not belong to any single
Isolate. In preparation chromium and node.js (via the v8/node github)
have been modified in advance.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I8b4b06189896d94aff908ebcd121b3b38f9b482a
Reviewed-on: https://chromium-review.googlesource.com/1154915
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54915}
This CL puts off-heap targets (i.e. code addresses for embedded builtins)
in the constant pool on ARM.
We are landing this CL to evaluate impact on benchmarks and code size,
and expect to revert it once we have gathered that data.
Bug: v8:6666
Change-Id: If4935a6fb162cd1ffb34489c6fa9630f10ca2c9f
Reviewed-on: https://chromium-review.googlesource.com/1154924
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54914}
This is not used in Chrome or Node anymore.
(This could also potentially be just removed at this point.)
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I59ecc216faeb3d56d3a52c548a863544570b6173
Reviewed-on: https://chromium-review.googlesource.com/1161936
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54913}
By using a built-in this functions works with SafeStack and doesn't
require an attribute disabling ASan.
BUG=chromium:864705
Change-Id: I898d42c0b39b07300f1679eba11e7f50cad42120
Reviewed-on: https://chromium-review.googlesource.com/1162669
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54912}
This reverts commit bf5ea8138c.
Reason for revert: Breaks Sanitizers
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20ASAN/26688
Original change's description:
> [tracing] allow dynamic control of tracing
>
> If the trace_buffer_ was null, we were returning a pointer to a static
> flag back that permanently disabled that particular trace point.
>
> This implied an assumption that tracing will be statically enabled at
> process startup, and once it is disabled, it will never be enabled
> again. On Node.js side we want to dynamically enable/disable tracing as per
> programmer intent.
>
> Change-Id: Ic7a7839b8450ab5c356d85e8e0826f42824907f4
> Reviewed-on: https://chromium-review.googlesource.com/1161518
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
> Cr-Commit-Position: refs/heads/master@{#54903}
TBR=yangguo@chromium.org,ofrobots@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I9459992e8c2ee403b9ddc8f6b9582d204139f6e8
Reviewed-on: https://chromium-review.googlesource.com/1162122
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54911}
This reverts commit 898f880aa7.
Reason for revert: TSAN report memory leaks
This is not related to this CL, but to behavior in tracing-controller.cc. Sorry!
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8938962708686133568/+/steps/Check_-_slow_path__flakes_/0/logs/memory_grow/0
Original change's description:
> [cpu-profiler] Turn on detailed line info for optimized code
>
> Cautiously turn on this flag by default to check the impact on
> performance bots. Could show minor regressions in old space and/or
> code_and_metadata memory buckets.
>
> Bug: v8:7983
> Change-Id: Ic4369cdb0231f4f88eada699da948e8bb48a25fd
> Reviewed-on: https://chromium-review.googlesource.com/1162234
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54908}
TBR=yangguo@chromium.org,petermarshall@chromium.org
Change-Id: If17abee873cb589fc6450231149ccc82e7ca9f7b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7983
Reviewed-on: https://chromium-review.googlesource.com/1163441
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54910}
Cautiously turn on this flag by default to check the impact on
performance bots. Could show minor regressions in old space and/or
code_and_metadata memory buckets.
Bug: v8:7983
Change-Id: Ic4369cdb0231f4f88eada699da948e8bb48a25fd
Reviewed-on: https://chromium-review.googlesource.com/1162234
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54908}
This fixes a CHECK failure in MapVerify, and gets the correct behaviour
for uses of the well-known symbols.
BUG=v8:7611, chromium:866229
R=jkummerow@chromium.org, mvstanton@chromium.org, bmeurer@chromium.org
Change-Id: I5d679357b8807ea9d1054121d8d336fe0dd43c7c
Reviewed-on: https://chromium-review.googlesource.com/1162278
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#54905}
If the trace_buffer_ was null, we were returning a pointer to a static
flag back that permanently disabled that particular trace point.
This implied an assumption that tracing will be statically enabled at
process startup, and once it is disabled, it will never be enabled
again. On Node.js side we want to dynamically enable/disable tracing as per
programmer intent.
Change-Id: Ic7a7839b8450ab5c356d85e8e0826f42824907f4
Reviewed-on: https://chromium-review.googlesource.com/1161518
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#54903}
I have a project that embeds V8 and uses a single `Isolate` from multiple
threads. The program runs just fine, but sometimes the inspector doesn't
stop on the correct line after stepping over a statement that switches
threads behind the scenes, even though the original thread is restored by
the time the next statement is executed.
After some digging, I discovered that the `Debug::ArchiveDebug` and
`Debug::RestoreDebug` methods, which should be responsible for
saving/restoring this `ThreadLocal` information when switching threads,
currently don't do anything.
This commit implements those methods using MemCopy, in the style of other
Archive/Restore methods in the V8 codebase.
Related: https://groups.google.com/forum/#!topic/v8-users/_Qf2rwljRk8
Note: I believe my employer, Meteor Development Group, has previously
signed the CLA using the group email address google-contrib@meteor.com.
R=yangguo@chromium.org,jgruber@chromium.org
CC=info@bnoordhuis.nl
Bug: v8:7230
Change-Id: Id517c873eb81cd53f7216c7efd441b956cf7f943
Reviewed-on: https://chromium-review.googlesource.com/833260
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54902}
In order to enable PIC code in builtins we need to have BranchLong
position independent.
Change-Id: I374134ff540b515f3cf385a8b936487b47c55762
Reviewed-on: https://chromium-review.googlesource.com/1152810
Reviewed-by: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Reviewed-by: Sreten Kovacevic <skovacevic@wavecomp.com>
Commit-Queue: Ivica Bogosavljevic <ibogosavljevic@wavecomp.com>
Cr-Commit-Position: refs/heads/master@{#54901}
This CL fixes a bug found by Clusterfuzz, in which the functions
LoadDataViewByteOffset and -ByteLength incorrectly had a return
type of TNode<Smi> instead of TNode<Number>.
This caused a CAST() call to fail when the requested byte offset
or byte length did not fit inside a Smi, i.e. when the underlying
ArrayBuffer of the DataView had a length longer than 2^30 on
32-bit platforms.
The CL also includes a new test in mjsunit to test against this.
Bug: chromium:869313
Change-Id: Ibb7d29bda5782a12c4b506c070bb03fef8c3ec70
Reviewed-on: https://chromium-review.googlesource.com/1158582
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54900}
We have two constants for the PC load delta; this CL
consolidates them into one. The CL does not change MIPS
as the two constants are defined to different values there.
Bug: v8:6666
Change-Id: If207a59dea3ef33756a5d7330217ab8a176bdf63
Reviewed-on: https://chromium-review.googlesource.com/1161926
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54898}
After the recent bugfix, the special case for 'undefined' is no longer
needed.
Bug: v8:7813
Change-Id: Iee3fccd72c525ac86a6fa6b3c55bcd2ce8159852
Reviewed-on: https://chromium-review.googlesource.com/1161906
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54897}
This became obsolete when I rewrote CompilationDependencies.
R=jarin@chromium.org
Change-Id: Ifc567fafccd33e98be9d1bdf6264c680be3149e4
Reviewed-on: https://chromium-review.googlesource.com/1161919
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54896}
