... in favour of an optional return type for MapRef::prototype().
This also eliminates one kind of use of ShouldHaveBeenSerialized(),
which I want to get rid of entirely.
Bug: v8:7790
Change-Id: I031f067d644570e5c8aaeaf94c5ff69ff0515a99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874456
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74385}
Effect control linearization already does splitting on most constant nodes it
introduces, and we don't get much benifit otherwise for what is a fairly
BUG=v8:9684
Change-Id: I74301058d157cc163762722576f9301088f8e72a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874460
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74383}
As per WebAssembly Web API[1], the engine should only consider names
from the name section to synthesize function names in the context of
call stacks. We previously also added support to harvest the exports
table here in an attempt to improve the DevTools debugging experience,
but that needs a separate fix specifically for the inspector (which
should also take into account the imports to harvest names).
[1]: https://webassembly.github.io/spec/web-api/index.html#conventions
Fixed: chromium:1164305
Change-Id: I4bde5c8398a5164f1d8ac9060ad3743ed494c41e
Bug: chromium:1159307, chromium:1164241, chromium:1071432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874464
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74382}
The IC_BUILTIN and IC_BUILTIN_PARAM macro prevent code navigation and
they only avoid very simple, non-performance critical code.
Change-Id: Ic9d10a9c53a1890149d86b43a6989afae7f1d6f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871464
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74381}
This reverts commit 305aa12f8c.
Reason for revert: Breaks MSVC compilation: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/17718/overview
Original change's description:
> cppgc: Save xmm registers on the stack
>
> Microsoft x86_64 ABI considers XMM6-XMM15 as non-volatile
> (callee-saved), which means that the compiler can store pointers in them.
> We need to make sure they are pushed onto the stack inside the stack
> scanning trampolines.
>
> Bug: v8:11710
> Change-Id: Ida804fe49d3d3b6f179ec276903a42ec8d3d86be
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865745
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Auto-Submit: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74376}
Bug: v8:11710
Change-Id: I9593e55b5c935619a6707f3c00f9ac295475b30d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874462
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74379}
This change makes it possible to enable SharedArrayBuffer per Context,
controlling whether it should be enabled or not with a callback. The
previous implementation of the reverse origin trial for
SharedArrayBuffer was broken, since the feature could only be enabled
globally per process, and only if the feature flag is set early enough
in the v8 initialization. This does not play well with how origin
trials work.
The implementation is similar to the callbacks that already exist for
the origin trials for WebAssembly simd and exceptions.
SharedArrayBuffer is still controlled by the flag
harmony_sharedarraybuffer. If that flag is disabled, then
SharedArrayBuffer is disabled unconditionally. On top of that, this CL
introduces a new flag for enabling SharedArrayBuffer per context. If
that flag is set, a callback is used to determine whether
SharedArrayBuffer should be enabled.
Note that this only controls whether the SharedArrayBuffer constructor
should be exposed on the global object or not. It is always possible
to construct a SharedArrayBuffer using
new WebAssembly.Memory({
shared:true, initial:0, maximum:0 }).buffer.constructor;
There are few things which I do not like of this approach, but I did
not have better ideas:
1. The complex logic of dobule flag + callback. However, this seemed
the best way to me to not break embedders which rely on that flag
being enabled by default.
2. The fact that what actually matters is just whether the callback
returns `true` once. It would be good to check that the callback gives
a consistent return value, or to provide a better API that cannot be
missunderstood.
Bug: chromium:923807,chromium:1071424,chromium:1138860
Change-Id: Ibe3776fad4d3bff5dda9066967e4b20328014266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867473
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74378}
This CL adds a new %VerifyType compiler intrinsic that can be used
by tests and fuzzers to generate a runtime type check of the given
input value. Internally, %VerifyType is lowered to %AssertType
which is why checks are currently limited to range types.
tests to be const-correct.
Drive-by: Add a few consts to NodeProperties accessors to allow
Bug: v8:11724
Change-Id: I06842062d0e8278a5ba011d5a09947fe05b6e85e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859959
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74377}
Microsoft x86_64 ABI considers XMM6-XMM15 as non-volatile
(callee-saved), which means that the compiler can store pointers in them.
We need to make sure they are pushed onto the stack inside the stack
scanning trampolines.
Bug: v8:11710
Change-Id: Ida804fe49d3d3b6f179ec276903a42ec8d3d86be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865745
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74376}
We potentially emitted the same gap move multiple times to satisfy slot
constraint of live ranges defined by a constant. Avoid this by keeping
track of already spilled ranges for a given instruction.
This is not expected to cause any regression because this case is rare.
If it does, a better approach to save allocations would be to re-use the
same vector by storing it somewhere that survives the function calls,
e.g. in the ConstraintBuilder.
Drive-by: Remove unused functions.
R=sigurds@chromium.orgCC=nicohartmann@chromium.org
Bug: chromium:1204748
Change-Id: I75a838a8b27775ecdeddb4c60cf72c56d5f1c2a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871462
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74375}
Main changes:
- Allow global.get in elements segments with expressions-as-elements.
- Allow element segments with types other than funcref.
Detailed changes:
- Move WasmInitExpr to its own file. Add stream opearator << support.
- Simplify type of PrintCollection.
- Make WasmElemSegment use an array of WasmInitExpr's over the previous
ad-hoc implementation. Move null_index to WasmModuleBuilder.
- Refactor consume_element_segment_header. Make it return a
WasmElemSegment.
- Refactor consume_element_expr. Make it return a WasmInitExpr.
- Refactor DecodeElementSection. Make it invoke
consume_element_segment_header, then populate its element array.
- Update module-instantiate.cc to handle global.get elements.
- Fix bug in wasm-objects.cc where the wrong type index was passed into
module()->has_signature()
- Adapt and add tests.
Change-Id: I5abfbe424dbb750ee2dca59f91c451ffcb79f95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857959
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74374}
Simplifies the traversal of nodes in Scheduler::PrepareUses to
avoid having to carefully order stack traversal for pre/post
ordering visits. Instead simply pre visit when pushing a node
onto the stack, then post visit the node when popping it from
the stack and then visiting it's inputs. This keeps the same
invariants required, but reduces visit overhead.
In addition, move checking for CoupledControlEdges out of
Increment/DecrementUnscheduledUseCounts such that the
coupled control edge calculation only needs to be done once
per node, rather than once for every input of the node. Also
remove unecessary recursion from these functions.
All told, these optimizations reduce the PrepareUses overhead
by 40-50%.
BUG=v8:9684
Change-Id: I934523a732892a1f66d7e77f8d04e200169080f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2863602
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74373}
This is the final part of a CL series that establishes
MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by
converting direct constructor uses to (Try)MakeRef calls, and then
marking the ctor as protected.
Bug: v8:7790
Change-Id: I41bfa226d48cbdfee53b434ec52004eb6507e67a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874166
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74372}
This is part of a CL series that establishes MakeRef/TryMakeRef as
the bottleneck for Ref construction. We do this by converting direct
constructor uses to (Try)MakeRef calls, and then marking the ctor
as protected.
Bug: v8:7790
Change-Id: I26faa6bc1934662c81ae127dee64bddffa428de9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874165
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74371}
WasmModules were not removed from the global type judgement cache when
they were deleted. This created problems if another module got allocated
in the same location as a previously deleted module, by creating false
positive cache hits. This CL fixes this issue by removing WasmModule
from the cache as part of its destructor.
Bug: v8:11700
Change-Id: I4948e361dd681040807f35d759b647d1bce585dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859863
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74370}
These should all be forward/backward compatible with Python 2/Python 3.
[tools] Tweak statusfile.py for Python 3
.iteritems() does not exist in Python 3, only .items().
(While .iteritems() was meant to be an optimization over .items()
in Python 2, .items() should work fine, and it is forward/backward
compatible.)
[tools] Fix another Python 3 issue in mb.py
sys.platform used to return e.g. 'linux2', which is 'linux' plus
whatever the first digit of `uname -r` was when Python was built.
As of Python 3.3, it always returns just 'linux' for Linux OSes.
Use `sys.platform.startswith('linux')` for forward/backward
compatibility.
[tools] Make base_runner.py Python 3 compatible
dict.keys() returns a dict_keys in Python 3, whereas it
used to return a simple array. list() is forward/backward
compatible with identical results on Python 2/3 (returns array).
(Tested on Linux x64, trying to recreate NodeJS's CI workflow.)
[tools] Make tools/dev/v8gen.py work with Python 3
dict.keys() returns a dict_keys in Python 3, whereas it
used to return a simple array. list() is forward/backward
compatible with identical results on Python 2/3 (returns array).
Comparing a None-type value numerically used to result in the
None-type value always being considered "less than" the thing
it is compared to. As of Python 3, numerically comparing against
None or None-typed values results in an error. Check if a value
is truthy before numerically comparing it, for forward/backward
compatibility.
print() used to transparently decode byte strings in Python 2.
In Python 3, they must be explicitly decoded first.
(Tested on Linux 64-bit, trying to recreate NodeJS's CI workflow.)
Bug: v8:9871
Change-Id: I059bf98577a67649bbe7ec49848989d468da96b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867270
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74369}
Element segments and tables in tests used an ad-hoc mechanism to
describe the different types of initializer expressions, e.g. an number
which could denote either the value of a constant or the index of a
global. This CL tidies up and generalizes the test infrastructure by
directly using WasmInitExpr in those cases.
Additional changes:
- Introduce WasmElemSegment class.
- Remove obsolete --experimental-wasm-bulk-memory flag from tests.
- Rename WasmInitExpr.type -> kind.
- Remove dependency of wasm-module-builder from mjsunit.js (except in
assertTraps).
Change-Id: I716254a04ceea9ceb8ac6b848e12e1637f618f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857638
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74368}
This is part of a CL series that establishes MakeRef/TryMakeRef as
the bottleneck for Ref construction. We do this by converting direct
constructor uses to (Try)MakeRef calls, and then marking the ctor
as protected.
Bug: v8:7790
Change-Id: I36c07f69378f3a630462c216ef5da284cfd3972f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871449
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74367}
Pointer cage reserved another register and inadvertently broke
speculation poisoning by aliasing kSpeculationPoisonRegister with
kInterpreterBytecodeArrayRegister (r12).
This CL changes kInterpreterBytecodeArrayRegister to r11. Note that this
changes it from being callee-save to caller-save, which required code
reshuffling in a baseline builtin.
Bug: v8:11726
Change-Id: Ic2a1bd6b3a2cb4c480c84375dd3274f2efedc81f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869985
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74364}
We don't have memory alignment yet, so using memory operands will cause
segv if we try to access the unaligned operands (on non-AVX systems).
The fix here is kept simple (the logic can be cleaned up a bit and
optimized to not use unique registers), in order to keep the cherry-pick
and back-merge as small and safe as possible.
Bug: chromium:1204071
Change-Id: Ieda23dcc097a06c6db20b952d7061708c3be0d24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869986
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74363}
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.
R=leszeks@chromium.org
Bug: v8:11717
Change-Id: I7b54d7c75ef474749e22599a4bf16d9d309f4436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859950
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74360}
Use a function pointer rather than lambda when loading unwinding
functions on Windows.
Bug: v8:7301
Change-Id: I00e9c895d9ffdce6ba485eaf4401a749faa5e825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867489
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74359}
Maps set on the JSFunction were done so in a non-atomic way, which meant
that we were failing to have a synchronization point and the read/writes
could be reordered.
This started happening after a previous CL[1] moved some methods from
relaxed to non-atomic, which triggered TSAN (see v8:11696).
[1]: https://chromium-review.googlesource.com/c/v8/v8/+/2843359
Bug: v8:7790, v8:11696
Change-Id: I8472ff8b63d391376ee2f1dcf0a8b4fd7cecfcd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851893
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74357}
WebAssembly.Function and functions of the C-API do not have a function
index. Their index is kAnonymousFuncIndex = -1. Therefore it is
necessary to change the return type of WasmCode::index() from uint to
int.
The changes in WasmFrame::Print produces output like the following:
[9]: CWasmEntryFrame [pc: 0x9d200084091]
[10]: Anonymous wasm wrapper [pc: 0x101c5975c972]
[11]: WASM [wasm://wasm/f4bee83a], function #1 ('fibonacci_wasm'), pc=0x101c5975c5dc (+0x7c), pos=123 (+32)
R=jkummerow@chromium.org
Bug: v8:11713
Change-Id: I1012e92713d64d24ed2a92729dd3c2e4a013b9c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871455
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74355}
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.
R=mslekova@chromium.org
Bug: v8:11717
Change-Id: Ic986c01ac151cee9fc6f7d950d0c4c139ebac6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859852
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74354}
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.
R=mslekova@chromium.org
Bug: v8:11717
Change-Id: Ib7dc2c9dbb1710f4fe47e083df7e373e8b8aef27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859956
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74353}
Also add convenience overloads that take handles, and use them in
access-info.cc.
Bug: v8:7790
Change-Id: I47e14b407b6a57c15da06b0396f8ae9ebb3a447d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871445
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74352}
This reverts commit 1527c4878a.
Reason for revert: reverted in favour of https://chromium-review.googlesource.com/c/v8/v8/+/2857640
Original change's description:
> Expose V8CommandLineAPIScope and V8InspectorSession::createCommandLineAPI
>
> This CL extracts CommandLineAPIScope from V8Console and exposes it
> as V8CommandLineAPIScope. Also, it exposes V8InspectorSession::createCommandLineAPI.
> These changes will be used by InspectorPageAgent to install command
> line APIs when evaluating scripts added using CDP's command
> Page.addScriptToEvaluateOnNewDocument.
>
> Chromium CL: https://crrev.com/c/2835786
>
> Doc: https://docs.google.com/document/d/1zGG7-NZMb-aOfFfHf1u4VsP4C-lZettopCvYDC6pkBw/
> Bug: chromium:1200705
> Change-Id: I39b27f957cfb6d682ea84e385eaf25d09d261b58
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835712
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74096}
Bug: chromium:1200705
Change-Id: Ic7f411f3c66dd33c1b021dab90f202b361ee85c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859953
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74350}
.. when concurrent recompilation is disabled by indirect means, e.g.
when --trace-turbo-graph is enabled.
Drive-by: Add an explicit isolate argument to GetOptimizedCode.
Bug: chromium:1204624
Change-Id: Iee4c10e60643473dbbe2b777ea8dbc0bc259282c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2866767
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74349}
Both NewSpace and NewLargeObjectSpace aren't used with
FLAG_single_generation enabled. So far both spaces still existed but
weren't used in this mode. This CL makes both spaces optional, which
ensure that we do not inadvertently create objects in them or use them
in any other way.
Bug: v8:11644
Change-Id: I52a449c62e9d3df126c95419433d2abbd75539a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862768
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74345}
The algorithm used to compute the textual differences uses requires
quadratic space (in the size of the input scripts). Previously the
implementation was naively allocating a single matrix, which is commonly
very sparse, since the expectation for LiveEdit is that only a small
portion of the script is actually altered. So we can use a std::map here
instead to reduce the cost.
We can also significantly reduce the cost (especially of the stack grow
due to the recursion) by precomputing the common prefix, and pre-filling
the table for the common suffix, both of which are also assumed to make
up for the majority of the script in case of LiveEdit.
This is still only ducktape, but should mitigate the crashes in the wild
significantly. Ideally we'd eventually replace this with an
implementation of the Myers algorithm that runs in linear space.
Fixed: chromium:1199807
Change-Id: Ib5fa0b1aa63c67631f919dc3b6641dfc0b20ae74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867470
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74344}
The only exception is when pointer compression is on with a per-Isolate
cage.
Bug: v8:11708
Change-Id: Ice9b0114bc102c20b4151ec66a861ba673934605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2864563
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74342}
AtomicCtorTag is needed by Blink to force atomic initialization of
members. This is used when reinitializing a member in a backing store.
Bug: chromium:1056170
Change-Id: I410766a9c9133a1f1c2ea2e1153cb1c61363459f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859944
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74341}
Additionally a bug in the wasm-to-C wrapper got fixed, which caused
problems with the thread-in-wasm flag: An invalid effect-chain got
constructed. With the write of the thread-in-wasm flag not being
properly placed in the effect chain, the write got scheduled too late.
R=jkummerow@chromium.org
Bug: v8:11713
Change-Id: I351bf622081850b7b0c7aebfd798d1e73ae34a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867468
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74340}
This reverts commit a4c37558d1.
Reason for revert: Speculative revert.
Seems to break all gpu builders, e.g.:
https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/14577
See shards for detailed output, e.g.:
https://chromium-swarm.appspot.com/task?id=534a8fbeaca4df10
Check failed: valid_arguments. V8.WasmMemoryProtectionKeysSupport
Original change's description:
> [wasm] Add PKU alloc/free and support counter
>
> To enforce W^X for the WebAssembly code space, we want to explore using
> Intel memory protection keys for userspace, also known as MPK, PKEYs, or
> PKU. Instead of flipping page protection flags with mprotect (which
> incurs a high syscall overhead; and which switches flags for the whole
> process), this associates a key with each page once, and then changes
> the permissions of that key with a fast thread-local register write.
> That is, this gives both finger-grained permissions (per-thread) and
> more performance.
>
> This CL is starts experimenting with PKUs by
> (1) trying to allocate a protection key once per {WasmEngine} in x64
> Linux systems, and
> (2) adding a counter for recording the sucess/failure of that, to assess
> the support for PKUs on the target machine.
>
> The low-level PKU allocating functions should be moved into base/platform
> long-term, but are inside wasm/ for this CL.
>
> R=clemensb@chromium.org
> CC=jkummerow@chromium.org
>
> Bug: v8:11714
> Change-Id: Ia4858970ced4d0b84cc8c2651e86dceb532c88a7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850932
> Commit-Queue: Daniel Lehmann <dlehmann@google.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74319}
Bug: v8:11714
Change-Id: I70349d413ac9092e2f033d138887678bfecaae17
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2868607
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74339}
Fix crash on Mac64 Debug build. The reason of the failure: misaligned
stack. Fix: apply attribute to force the stack be realigned.
Original description:
> The previous attempt has broken the tsan bot. The only reliable way to
> make sure that registers are not clobbered is by doing direct call from
> inline assembly, which is what this CL does.
> Change-Id: I6adbd5e735949a7cc4cc7fc686ee8c428863ffb9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859947
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74313}
Change-Id: I842d6876c2cf287cfe74e53e7cb45028dff61a56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865748
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74336}