The new API supersedes the old `RegisterDefaultSignalHandler` and flag
combination. Now the embedder must explicitly call
`EnableWebAssemblyTrapHandler` to activate the trap handler and optionally
install the default signal handler. The old flag is now used only by D8 to
decide whether to call this function.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I05fbb2138138bfc95b14361aabd712db84789b4a
Reviewed-on: https://chromium-review.googlesource.com/963179
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52081}
This moves the Wasm-specific metadata from being fields on the
ArrayBuffer into a table managed by WasmMemoryTracker.
Bug: chromium:776273
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id8b050bfdfe0fbe9436fb055e92c08d503d3c2ba
Reviewed-on: https://chromium-review.googlesource.com/850550
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52080}
src/base/debug/stack_trace_posix.cc: suppressed unused function warnings
for functions DemangleSymbols, OutputPointer(in order to compile with
-Werror flag)
test/cctest/test-isolate-independent-builtins.cc: corrections to make
ByteInText test case compatible with aix. (affects aix only)
Change-Id: I49e45e63545404c77aaed3f51b26557f6f03455e
Reviewed-on: https://chromium-review.googlesource.com/927484
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52071}
The embedders should use the EmbedderGraph API. The similar structure
can be created with the following steps:
1) Create a root node for each retainer info group.
2) Iterate all handles using Isolate::VisitHandlesWithClassIds.
3) Add an edge from the retainer info node to the v8 wrapper node.
4) Add an edge from the v8 wrapper node to the retainer info node.
See how HeapSnapshotRetainedObjectInfo is converted to the new API.
Bug: chromium:749490
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I124ae3853354863b4f888e6aa2ea13777dcaa37d
Reviewed-on: https://chromium-review.googlesource.com/948842
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52067}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1219a4d6aa5abaa9fee54dda883da7a3186e347a
Reviewed-on: https://chromium-review.googlesource.com/952452
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52064}
In general, TurboFan doesn't encounter phi nodes with only a single
data input in the backend. However, CSA-based builtins (especially
auto-generated ones, e.g. from Torque), may contain single-input phi nodes,
although outside the auto-generated case this doesn't happen much in practice.
Single input phi nodes (i.e. phis in blocks with one predecessor) don't have
any side effects and are essentially useless and harmless, but to avoid problems
in the backend of TurboFan (whose SSA deconstruction disallows control flow
splits that continue to blocks with phis), this CL tweaks the existing
CSA-only control flow and graph sanitization in the CSA path to ensure
no no-op phis.
Change-Id: I109f4dc6cde5ad1794585a09609a230b1848e0d5
Reviewed-on: https://chromium-review.googlesource.com/963711
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52056}
Also unskip test that has already been fixed in f1b1ec7.
R=jgruber@chromium.org
Bug: v8:178
Change-Id: I9cd2156ef41146b0dd58a974088726f5cbda8058
Reviewed-on: https://chromium-review.googlesource.com/970243
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52050}
For problems with the current approach, see crbug.com/v8/7564.
We can instead gather all weak references in code in VisitEmbeddedPointer.
BUG=v8:7564, v8:7308
Change-Id: Ib369e7ab9efd62c90bdac69835318929c58217f2
Reviewed-on: https://chromium-review.googlesource.com/968250
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52041}
This type is dangerous because it can become smaller over time (as
strings get internalized).
Bug: v8:6521
Change-Id: Iea650789ab52c13a0519f46999edc8a7959ccc71
Reviewed-on: https://chromium-review.googlesource.com/968525
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52040}
This avoids a deopt loop.
Bug: v8:7254
Change-Id: I3a676186bc52fd47b03f03c26cb07d9257993693
Reviewed-on: https://chromium-review.googlesource.com/968503
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52036}
Instead of returning nullptr, just always call FatalProcessOutOfMemory
when we cannot allocate more memory.
In a follow-up CL, this should be extended to first try to run a GC and
see if this freed enough memory.
This CL is intentionally minimal in order to make it backmergable.
The unittest for WasmCodeManager needs to be refactored into a
parameterized test, such that each individual (parameterized) test can
die with OOM without affecting other tests.
R=mstarzinger@chromium.org
Bug: chromium:822266
Change-Id: I1336aa05ed50124b77ffaa4435ec9bed70e15c18
Reviewed-on: https://chromium-review.googlesource.com/966501
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52025}
This reverts commit ed2605f040.
Reason for revert: Test flakes.
Original change's description:
> [d8][wasm] Test wasm compilation completion
>
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
>
> R=ahaas@chromium.org
>
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}
TBR=ahaas@chromium.org,clemensh@chromium.org
Change-Id: If1e015bd346a71df1da8effe92882c37a00d1e62
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/968521
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52023}
Remove IsBlockTerminator and introduce InstructionScheduler::AddTerminator in
order to handle block terminator instructions.
Instead of the kBlockTerminator flags, we now rely on Instruction::IsTrap(),
Instruction::IsDeoptimizeCall() and explicitly denoting block terminators
when adding them with InstructionScheduler::AddTerminator().
IsBlockTerminator incorrectly included deopts when they were not at the end of
a block, which meant that an instruction with side effects could have been
reordered with respect to a deopt as the deopt was not identified correctly.
Since the snapshot does not contain deopts, this is not causing any problems
at the moment (the scheduler is only enabled on the snapshot).
Change-Id: I1c2dad748a9398a3355630d9a542f4ac89afaa42
Reviewed-on: https://chromium-review.googlesource.com/960501
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52019}
This fixes failing tests 'ByteinRodata' and 'ByteInText' on MIPS.
Changed assemble directives for 'test_string0_bytes' and
'test_function0_bytes' from .local to .global, and reordered function
bytes according to endianess.
Change-Id: Iecac3a966a57531b41c8ce8959e16021d465520a
Reviewed-on: https://chromium-review.googlesource.com/966287
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52014}
The compilation state of a native module is now extracted into its own
datastructure. It reflects which functions are left to compile, and contains
task managers to accomplish parallel and asynchronous compilation.
Bug:
Change-Id: I45308c7b32ba78e6c83f2d260990846a653bbd9c
Reviewed-on: https://chromium-review.googlesource.com/958865
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52013}
This reverts commit c94dcb2117.
Reason for revert: several performances regressions.
Original change's description:
> [compiler] Don't infer receiver maps for stores.
>
> This avoids a deopt loop.
>
> Bug: v8:7254
> Change-Id: I9ab1dfc754c5ad63c451a9e2276aa1d7eb4c27b1
> Reviewed-on: https://chromium-review.googlesource.com/966065
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51994}
TBR=jarin@chromium.org,neis@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7254
Change-Id: Iff9c6fb61a559e48ad11d2db9e559de61cc0f5ef
Reviewed-on: https://chromium-review.googlesource.com/968302
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52012}
d8 was recently changed to keep running until wasm compilation has
completed. This adds a message test to test that.
R=ahaas@chromium.org
Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
Reviewed-on: https://chromium-review.googlesource.com/966184
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52008}
This is a reland of f1b1ec70a6
Original change's description:
> [builtins] Remove off-heap builtins from the snapshot
>
> This CL is the final major step towards shipping off-heap-safe builtins
> embedded into the binary.
>
> Prior to snapshot serialization, we now:
> * create the embedded blob containing off-heap instruction streams,
> * use that to generate embedded.cc (containing embedded binary data),
> * replace off-heap-safe builtins with trampolines,
> * and serialize those into the final snapshot.
>
> The new RelocInfo::OFF_HEAP_TARGET kind is used to fix up trampoline
> targets on deserialization.
>
> Bug: v8:6666
> Change-Id: Ib07aea9e3bd7ecdec42291c1388b3a7453ea96ce
> Reviewed-on: https://chromium-review.googlesource.com/950775
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51960}
TBR=yangguo@chromium.org,mstarzinger@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_mac64_dbg,v8_mac64_rel
Bug: v8:6666
Change-Id: Id9954af3c8195754ff3658c4603858904fcf88c4
Reviewed-on: https://chromium-review.googlesource.com/964481
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52006}
With this CL the name of an SFI is either stored directly on the SFI
itself (for uncompiled ones) or on the related ScopeInfo if present.
- Combine scope_info and name field on SFI into name_or_scope_info field
- Change the name of a couple of SFI accessors: name => Name,
has_shared_name => HasSharedName, set_name => SetName
- Add Runtime::kGetFunctionName due to more complex SFI name accessing
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idcce158446c9447b92d9a15125d086952c6e0824
Reviewed-on: https://chromium-review.googlesource.com/964201
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52001}
The flag lets d8 wait for async compilation of WebAssembly to finish
before d8 shuts down.
R=clemensh@chromium.org
CC=kimanh@google.com
Change-Id: I4cf59a1f35cc5a0ecaf769d2745df5e2e14eb509
Reviewed-on: https://chromium-review.googlesource.com/966031
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51999}
This avoids a deopt loop.
Bug: v8:7254
Change-Id: I9ab1dfc754c5ad63c451a9e2276aa1d7eb4c27b1
Reviewed-on: https://chromium-review.googlesource.com/966065
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51994}
This CL ads a StartPosition and EndPosition accessors on SFI and
ScopeInfo to facilitate future refactoring. In a future CL the
start and end position are no longer stored directly on SFIs.
This CL will temporarily increase memory since the position info
is duplicated on the SFI and the ScopeInfo.
Drive-by-fix: Clean up some constants in ScopeInfo
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1a8c5dd4e2156c007e04d92e72e478b915516e0d
Reviewed-on: https://chromium-review.googlesource.com/955629
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51987}
There was a bug in spilling i64 constants, in that the half stack slot
*above* should have been filled with the high word instead of the one *below*.
Instead of just fixing this, this CL optimizes spilling x64 constants to the
stack by emitting shorter and faster code, especially if the constant fits in
31 bits (which is the majority of cases).
R=titzer@chromium.org
Bug: v8:7565,v8:6600
Change-Id: Id75ddafe82615930a84333a0c49bd515ccbcc093
Reviewed-on: https://chromium-review.googlesource.com/965062
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51985}
This also introduces two new simplified operators,
NumberIsFinite and ObjectIsFiniteNumber; the latter
handles all values, and the former is a fast-path
of the fast-path that is inserted by typed optimization
if we know the input has Type::Number.
Bug: v8:7340, v8:7250
Change-Id: I1b4812c01bf470bbff40fb3da6e11da543a22cd2
Reviewed-on: https://chromium-review.googlesource.com/951244
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51980}
The streaming compilation pipeline did not parse the names section and
this is also not longer needed for getting function or local names.
However, the module name still needs to be set eagerly.
Change-Id: I1ac12e98b970ea0781302dc44ee684510bdf2d69
Reviewed-on: https://chromium-review.googlesource.com/962452
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51979}
A value of type OtherSeqString can change its type to OtherNonSeqString
via inplace internalization (and redirection via a ThinString). This can
lead to out of bounds memory accesses and generally correctness bugs, as
seen with crbug.com/822284.
This change might affect performance in some cases, and we'll need to
evaluate whether it's worth spending cycles on adding another mechanism
that leverages the sequential string information in a safe way on a case
by case basis.
Bug: chromium:822284
Change-Id: I0de77ec089a774236555f38c365f7548f454edfe
Reviewed-on: https://chromium-review.googlesource.com/966021
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51975}
This introduces a new JSCreateTypedArray operator, backed by a dedicated
CreateTypedArray builtin, and adds support to lowering new TypedArray
calls to this operator. This way we avoid the overhead of going through
the generic construct stub machinery for hot code. This not only
recovers the performance regression on the typed array constructor
benchmarks, but even improves slightly beyond what we had in 6.6.
We might in the future try to fully inline the TypedArray constructor
into optimized code for certain cases.
Bug: chromium:820726, v8:7503, v8:7518
Change-Id: Ied465924d5695db576d533792f1db68456b9b5ea
Reviewed-on: https://chromium-review.googlesource.com/959010
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51973}
TurboFan assumed that the output of NumberToString is always a
sequential string, since that's what we put into the number to
string table. However we might eventually morph these strings
into ThinStrings when we need to internalize them, in which case
the type in TurboFan will be wrong, and we read out of bounds.
Also-By: tebbi@chromium.org
Bug: chromium:822284
Change-Id: I5aebe73028b95849fff72bba262c517677112353
Reviewed-on: https://chromium-review.googlesource.com/964523
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51970}
