This adds a separate test module and output expectation for Wasm GC.
This covers the new types and instructions from
https://github.com/WebAssembly/gc/blob/main/proposals/gc/MVP.md
Unlike the previous disassembler tests, one cannot easily create the
module bytes with WABT's `wat2wasm` from the expected text output (at
least right now), so I used Binaryen's `wasm-as` instead to generate
the module from a separate input file (not included here, because it
uses folded expressions, which the debugger doesn't.)
Change-Id: Id0205b2788fd7be5ea7696242cbe8a74a4bca892
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013265
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84264}
Tests don't work when incremental marking is started before the test
is run.
Bug: v8:13267
Change-Id: I00e30ede96bfe3632ef701436395479f5ef083ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026843
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84259}
For Int32Div (and Uint32- and -Mod), Turbofan has long had the ability
to replace division-by-constant with multiplication-by-inverse. This
patch brings the same goodness to Int64Div and friends.
This benefits Wasm code that uses i64.{div,rem}_{s,u} instructions.
Fun fact: Turboshaft supports this already.
Change-Id: I4be5536dfb81fb2f1c5d812f2a289da7dc2eef30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026762
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84257}
When runnig cppgc_unittests in a cppgc standalone build, the test
ConcurrentSweeperTest.IncrementalSweeping fails. This is becuase
TestPlatform::RunAllForegroundTasks was actually not running all
tasks becasue v8::platform::PumpMessageLoop only runs a single task.
Change-Id: Ie68eee369abd12edcf04e697a1d8ca574059d160
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026163
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84246}
Modify the existing x64 trap handler test to support arm64 too.
Bug: v8:13383
Change-Id: I23eb8276ad94289e9a27b756d51040321778d912
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990564
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84241}
This is a reland of commit 936b61a209
Change compared to original: Fix parameter types for CallRuntimeStub
in Liftoff.
Original change's description:
> [wasm-gc] Canonicalize JS Numbers as i31ref at the boundary
>
> JS numbers flowing into Wasm as i31ref should be canonicalized at the
> boundary. In-range numbers get canonicalized to Smis, and out-of-range
> numbers to HeapNumbers. This way, casting to i31ref, or checking for
> i31ref when casting to other types, is reduced to a Smi check.
>
> Bug: v8:7748
> Change-Id: Icd2bbca7870c094f32ddc9cba1d2be16207e80d1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008345
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84219}
Bug: v8:7748
Change-Id: I67737150252b844a296338db0c60f76b470aa43b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4022711
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84240}
Reland of https://crrev.com/c/3998633.
Each thread has its own MarkingBarrier instance for incremental
marking. A thread local variable is used to get the current thread's
instance on background threads.
However on main threads this thread local variable was always
set to nullptr. The main thread would get to its own instance through
the heap_ field in the host object's page header. This was solved this
way because setting current_marking_barrier on the main thread
seemed quite complex. Multiple isolates may be run on the same thread
and isolates may even be migrated between threads.
However, with --shared-space loading the heap_ field for a shared
object would return the main isolate's heap and we end up with
the wrong MarkingBarrier instance on client isolates. So this
CL makes main and background threads more uniform by setting the
thread local field also on the main thread. The field is set by
the already existing v8::Isolate::Scope API. Some embedders might have
to add these scopes if they don't use them properly already.
Bug: v8:13267
Change-Id: Idc257ecf6b6af09a379bdd7cd7c1d4a5e46689c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4016715
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84237}
This reverts commit 936b61a209.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20no%20pointer%20compression/2000/overview
Original change's description:
> [wasm-gc] Canonicalize JS Numbers as i31ref at the boundary
>
> JS numbers flowing into Wasm as i31ref should be canonicalized at the
> boundary. In-range numbers get canonicalized to Smis, and out-of-range
> numbers to HeapNumbers. This way, casting to i31ref, or checking for
> i31ref when casting to other types, is reduced to a Smi check.
>
> Bug: v8:7748
> Change-Id: Icd2bbca7870c094f32ddc9cba1d2be16207e80d1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008345
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84219}
Bug: v8:7748
Change-Id: Ia74e49147d230f9217ebeb2bf435d10d8f93126e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020457
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84221}
JS numbers flowing into Wasm as i31ref should be canonicalized at the
boundary. In-range numbers get canonicalized to Smis, and out-of-range
numbers to HeapNumbers. This way, casting to i31ref, or checking for
i31ref when casting to other types, is reduced to a Smi check.
Bug: v8:7748
Change-Id: Icd2bbca7870c094f32ddc9cba1d2be16207e80d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008345
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84219}
Client isolates need the incremental marking barrier for objects in
the shared heap. The marking barrier for the shared heap can be
enabled either with or without incremental marking in the client
isolate's local heap.
Client isolates get a new marking worklist in the MarkingBarrier
class for marking of shared objects. Shared objects will always be
pushed into that worklist for tracing. MarkingBarrier can be enabled
for shared marking and/or marking of local isolates.
Bug: v8:13267
Change-Id: I0b60134432de9af3c76e24620816555ee49da1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001768
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84202}
{ModuleWireBytes} is just a wrapper around {base::Vector<const byte>},
so should be passed by value, just as {base::Vector}.
This CL adds a comment about this and fixes all functions and methods
that receive a {ModuleWireBytes} via const reference.
R=ahaas@chromium.org
Change-Id: Idbdc66c04a9acb92934b450c046ba7fd055448e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013309
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84172}
This reverts commit 39d387bb72.
Reason for revert: causes DCHECKS, timeouts, TSAN failures under stress
Original change's description:
> [heap] Invoke allocation observers before limiting the LAB
>
> Currently whenever we reach a step we get a small LAB the same size as
> the allocated object. This is becuase the remaining step size is smaller
> then the current allocation.
> Invoking observers before limiting the LAB, and thus updating step
> sizes, should eliminate the small LAB we get whenever we reach a step.
>
> Drive-by: remove redundant method arguments.
>
> Bug: v8:12612
> Change-Id: Ied92a947308368d3b289e246fdb4f40ac5e5981f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013683
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84157}
Bug: v8:12612, v8:13465
Change-Id: I74b412dc41bfc86ea7fb190ce3284349a9022057
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4018913
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84162}
Currently whenever we reach a step we get a small LAB the same size as
the allocated object. This is becuase the remaining step size is smaller
then the current allocation.
Invoking observers before limiting the LAB, and thus updating step
sizes, should eliminate the small LAB we get whenever we reach a step.
Drive-by: remove redundant method arguments.
Bug: v8:12612
Change-Id: Ied92a947308368d3b289e246fdb4f40ac5e5981f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013683
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84157}
This is a reland of commit bc777d5fd6
Original change's description:
> [wasm-gc] Allow (ref none) to occur internally
>
> This type is uninhabited by any actual values, but it can show up
> as a "theoretical" value in the type system, e.g. for conditional
> branches that are statically never-taken.
>
> Bug: v8:7748
> Change-Id: Ieb8a5354dbd04fe76e1047766c5bb60f02f6cdd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013859
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84125}
Bug: v8:7748
Change-Id: I9cd3dbd20b0e62959203171d3c7180ef2efeecba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013329
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84155}
This reverts commit bc777d5fd6.
Reason for revert: WasmTyper needs adaptations.
Original change's description:
> [wasm-gc] Allow (ref none) to occur internally
>
> This type is uninhabited by any actual values, but it can show up
> as a "theoretical" value in the type system, e.g. for conditional
> branches that are statically never-taken.
>
> Bug: v8:7748
> Change-Id: Ieb8a5354dbd04fe76e1047766c5bb60f02f6cdd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013859
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84125}
Bug: v8:7748
Change-Id: Ic6fdd5deaabb2bac99dee25ccc65971b8de31e7c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013688
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84132}
This type is uninhabited by any actual values, but it can show up
as a "theoretical" value in the type system, e.g. for conditional
branches that are statically never-taken.
Bug: v8:7748
Change-Id: Ieb8a5354dbd04fe76e1047766c5bb60f02f6cdd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013859
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84125}
When introducing heap type decoding we added some module-specific checks
to the constructor of certain immediates. This broke the previous design
where module-specific checks were done in a separate {Validate} method.
This CL restores that state.
R=jkummerow@chromium.org
Change-Id: I1ed887daecc25990272c95a24f4444da2d8b5466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008318
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84118}
Change-Id: Ife69129bc0bf5e565154b7e04bc1d6ad4d106c0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4006746
Auto-Submit: Juan José <soyjuanarbol@gmail.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84113}
Controlled by a command-line flag --wasm-disassembly-max-mb,
set to 1000 MB for now. The intention is to avoid OOM crashes
for huge modules.
Bug: chromium:1362286
Change-Id: Ifc0cdd7e8dda016c7cc65dcd75ff6ed51c785a6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008625
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84111}
The SuppressMicrotaskExecutionScope being pushed was for the isolate's
default queue. It should be for the current queue not the default one.
This wouldn't cause any issues because microtasks are also suppressed
via the is_running_microtasks_ variable as well but is odd to read.
BUG=chromium:961186
Change-Id: Id7a64aac0fb86322014f9755f0abc0330a85556f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004599
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84099}
The BytecodeIterator does not pass a module, so we cannot validate heap
types properly. Thus disable validation completely for the
{BytecodeIterator} and provide a second method (for testing only) which
also validates.
Drive-by: Pass the {WasmFeatures} enum set by value.
R=jkummerow@chromium.org
Change-Id: Ieb231304193c789601a59c3b22a023f10b79a730
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003079
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84097}
This adds a separate test module and output expectation for names in
the custom "name" section in Wasm binaries.
Also fixes a small inconsistency: The index of both data and element
segments is now printed as a comment, in case one prints their name
(as we do for functions, globals, etc.)
Data segment names are currently not printed for consistency with
legacy behavior.
Change-Id: I8900f54b02e031a811dfd9be8326d6f63d26d4a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004717
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Auto-Submit: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84093}
The {BytecodeIterator} that also read locals declarations had a weird
fallback path to allow decoding of locals to fail, and just assume no
locals, decoding all bytes as code.
This CL removes that, and modifies the test that needs this
functionality to prepend a zero byte for encoding "0 locals".
R=jkummerow@chromium.org
Change-Id: I609e2bf6986eeb6380d65b03bf8512f0b09af764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4003078
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84088}
Previously, some float literals were printed with loss of information by
the Wasm disassembler, e.g., `1234567.5` was printed as `1234568`,
which is clearly wrong.
With this fix, the disassembler will always preserve information in its
output, i.e., it will print the correct `1234567.5`.
However, unfortunately, it will now print the binary representation of
`0.1` as `0.100000001`, since 0.1 can actually not be represented
exactly as a binary fraction.
Ideally, we would print the smallest representation of a float that,
when parsed again (e.g., by `wat2wasm`), produces the same float.
Unfortunately, there is currently no easy way to implement this.
There are several options, but they are either incorrect in other ways
or not available here:
- `DoubleToCString`: output will be even longer for decimal fractions
that cannot be represented in binary, since it will just round to the
nearest double instead.
- `printf` + `%g` format specifier: still prints `0.1` as `0.100000001`.
- `std::format`: C++20 only.
- `std::to_char`: C++17, but this particular header is not yet allowed.
- `absl::to_char`: Abseil is not available in V8.
It seems we have to choose either between losing information (such that
the output of the disassembler would not round-trip if assembled to a
binary again), or to have those ugly, long outputs.
Change-Id: Id40044a1724aeb115309688cbf05f71aa4745c6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004957
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84084}
Restructure such that we only either shrink or grow the space, and only
at the end of the GC.
Bug: v8:12612
Change-Id: I7671e139b6023cd04f438f48401cf392d4549b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980253
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84076}
It's been enabled by default since Chromium M95.
Also removes duplicate setup code for WebAssembly.Tag JS API
from WasmJs::InstallConditionalFeatures, since we're guaranteed
to set it up via the non-conditional WasmJs::Install.
Bug: v8:8091
Change-Id: Ic500feb655ad4fc0703ed226504847ca6d940537
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3996810
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84074}
Objects in the shared heap do not have a usable Isolate (i.e. it cannot
execute code or have HandleScopes). PropertyIterator should be using the
currently executing Isolate via the Context instead.
Bug: chromium:1379616
Change-Id: I7ac87519ef4aa901ef7b71e00f98c2cba66e725b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3997702
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84052}
Tests the disassembler output for all instructions and section types
from Wasm MVP (extensions such as reference types, SIMD, name section,
etc. will come in separate CL(s) and module(s), since they contain a
lot of additional instructions).
Also fixes a small issue in `MultiLineStringBuilder` found by ASAN.
The test checks the output of the disassembler against the text input
given to `wat2wasm` which generates the module given to the
disassembler.
The module in this test includes all non-extension instructions from
https://webassembly.github.io/spec/core/appendix/index-instructions.html
and module sections from
https://webassembly.github.io/spec/core/text/modules.html
at least once (and sometimes multiple times in case there are
variants).
Change-Id: Iaa8791cfc51431fb436f42b98604e83cd9258d06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001769
Auto-Submit: Daniel Lehmann <dlehmann@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84050}
This CL introduces the mechanism for conservative stack scanning (CSS).
Behind a compile-time flag, it also introduces a CSS pass which scans
the stack during the GC marking phase and marking verification. This
pass is now redundant, i.e., it is not needed for the correctness of
garbage collection. It will be used for experimenting with CSS and for
benchmarking.
Bug: v8:13257
Change-Id: If35bc24fde3bc08c5735d9e2f1b67724f7e31ef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968710
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84036}
The output of the disassembler is compared against a WebAssembly text
file that is also used to generate the module bytes given as input to
the disassembler.
This will be extended to cover all instructions/constructs of Wasm MVP
in the future. Also more tests are to be added, e.g., for the Wasm SIMD
and GC extensions.
Change-Id: I44648b295accfe91bbd0780170a2705f8a38b766
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3985913
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84018}
Before this CL Oilpan young generation didn't support running with
stack. The problem was in initializing stores that don't have the write
barrier. If a GC happens during object initialization, the following
pointer stores can be missed:
struct GCed: GarbageCollected<GCed> {
GCed():
m1(MakeGarbageCollected<>()), // calls GC
m2(MakeGarbageCollected<>()) // old-to-young ref missing barrier
{}
...
};
The CL solves it by recording in-construction objects in a dedicated
remembered-set, which is retraced on next GCs.
Bug: chromium:1029379
Change-Id: I17975e2e2253b2792f71fb64a639e5bdb2ef4935
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3990829
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84009}
Maps are now in old space, so start to report the first page in old
space now.
Bug: v8:12578
Change-Id: Icf08c9074558a2d47bb9f1f8df72cec9668d2b4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3986087
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84002}
Since crrev.com/c/3973310 which renamed the isolate scopes, the unit and
cctests for the object-start bitmap and the conservative stack visitor
have broken.
Bug: v8:13257
Change-Id: If8a498827f2085108cf0740a9c5c994145424fc3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3980255
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83960}
Update the free list implementation for new space to set a larger
minimum size and skip redundant step in the allocation logic.
Bug: v8:12612
Change-Id: I480fe99cf4cfad7c25d687540b7841cd56d41d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976508
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83920}
This CL simplifies safepoint scopes, there are now three kinds of
safepoint scopes:
1) IsolateSafepointScope - performs an isolate local safepoint
2) GlobalSafepointScope - a global safepoint across multiple isolates
3) SafepointScope - chooses based on condition between local/global
This CL is not supposed to change current safepointing behavior in
any way. The CL renames the current SafepointScope to
IsolateSafepointScope and changes GlobalSafepointScope to always
perform a global safepoint. It then also introduces the new
SafepointScope and makes use of it for snapshotting and in heap.cc.
Bug: v8:13267
Change-Id: Ie7e1f81b6158c98d3d98552ba735cc73c9b869c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973310
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83912}
This code looks like it was copied over of Abseil. However, parts of it
are not used anywhere, aside from their own unit tests, so delete them.
The unused functions are:
- MatchEmptyOrDeleted()
- CountLeadingEmptyOrDeleted()
- ConvertSpecialToEmptyAndFullToDeleted()
In turn, _mm_cmpgt_epi8_fixed() is also unused and can be deleted.
Bug: v8:11388
Change-Id: I35b84600690e6f044a1d5ab4bf41e7f67fb76d87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3965230
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83892}
The wasm decoder immediates are currently templatized by the {validate}
enum value. They do not need to be though; the only difference is in the
constructor, so the constructor should be templatized instead.
This CL implements that, and also changes the {validate} enum to be a
tag (a typename) instead. This is needed in order to enable template
parameter deduction for the constructor calls (C++ does not allow to
explicitly define the template parameter at constructor calls).
As a nice side effect, this produces nicer symbolized stack traces.
Before:
v8::internal::wasm::Decoder::read_u32v<(v8::internal::wasm::Decoder::ValidateFlag)1>
After:
v8::internal::wasm::Decoder::read_u32v<v8::internal::wasm::Decoder::BooleanValidationTag>
R=jkummerow@chromium.org
Change-Id: I013c909ebaf2c8c495f32b5ce598905f3eccc3ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3973267
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83889}
v8::TracedReference and their underlying traced handles are not
actually phantom references but have been historically represented as
such. This patch splits off their backing implementaton into
`TracedHandles`.
As a drive-by, re-organize the free list to rely on indices instead of
pointers, saving a full word for each node. In additon, the setup also
allows for freeing fully empty node blocks after GCs.
Allocation/free of nodes is also organized in a way that avoids
jumping between handles/blocks/nodes for accounting purposes.
Removing CRTP in GlobalHandle internals is left for a follow up.
Bug: v8:13372
Change-Id: Ib55aa9ba71202d5918b486c161fe6f747d31c719
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966952
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83872}
The feature has been enabled since M106 so we can safely remove the
flag with M109.
R=bmeurer@chromium.org
Bug: chromium:1334585
Change-Id: Iefe0b10e3be59d6dde54d676b5f1e0cf938851ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959659
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83865}
It's been enabled by default since Chrome 91.
Bug: v8:6020
Change-Id: Id26b7fb0b7dffe19a88a6f0071dd59203b06415a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3957636
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83862}
When merging a newly deserialized script into an existing one from the
compilation cache, it is often the case that a SharedFunctionInfo from
the cached script ("old SFI") has been flushed and the corresponding
SharedFunctionInfo from the new script ("new SFI") is compiled. In that
case, it is sufficient to copy the bytecode array and feedback metadata
from the new SFI to the old SFI, as already implemented.
However, there is another case to consider: perhaps the new SFI is
compiled and the old SFI was never compiled. In that case, the old SFI
has no ScopeInfo and some of its flags may be incorrect.
To fix the problem, this CL updates CompleteMergeInForeground to copy
everything except script_or_debug_info from the new SFI to the old SFI.
This change implies some duplication of ScopeInfos, since each ScopeInfo
can point to its parent, so matching parent ScopeInfos from the new and
old scripts will coexist. However, this isn't a new problem: similar
duplication is already caused by the portion of the merge algorithm
which attaches new compiled SFIs into the old Script where the old
Script doesn't have a matching SFI. I don't see any way in which this
duplication would cause incorrect behavior. In fact, it is possible to
get duplicated ScopeInfos without any merging at all, which indicates to
me that such duplication is safe. Duplication occurs if a SFI is flushed
or removed while one of its descendant functions is still alive, and
subsequently the same function literal is compiled again.
Bug: v8:12808, chromium:1359773
Change-Id: I2a3a720021c797c62a87d10e999603ff5e29a027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3965723
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83825}
It's been enabled everywhere since Chrome 88, and the related
Chromium flag was removed in https://crrev.com/c/2886421.
Bug: v8:6532
Change-Id: I987a5761f9453d4e7d77d16199e8f0b3a659c70a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956131
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83809}
For MinorMC it is sufficient to finalize new space sweeping.
Starting MinorMC will only ensure that background tasks are paused and
all new space pages are swept.
Accounting becomes more complicated since we can have minor sweeping
and full sweeping running at the same time. To support that, new space
sweeping is split to a separate sweeping scope. Also, the
Notify*SweepingCompleted methods are updated for the possibility of
nested sweeping. The distinction is that Notify*SweepingCompleted
knows what kind of sweeping we want to finalize, but not what kind
is currently running.
Bug: v8:12612
Change-Id: If46fa3bc036080d4231171e613fa3aefe7400246
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945098
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83800}
Remove the dedicated MinorMC sweeping flag and merge with the
general concurrent sweeping flag.
Bug: v8:12612
Change-Id: I278f274e293a7160839259df38b4a2951df31e91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3936272
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83767}
