No longer access the heap directly, as policed by Disallow*
scopes in JSContextSpecialization::Reduce.
Bug: v8:7790
Change-Id: I40f1c500b04b96152421fd5de631747ba386bca1
Reviewed-on: https://chromium-review.googlesource.com/1101322
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53759}
This reverts commit 9e27d4735f.
Reason for revert: Layout Test failures: https://ci.chromium.org/buildbot/client.v8.fyi/V8-Blink%20Linux%2064/24123
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: I892856056258e3c68b36409b8b2d69e7686fc385
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1102377
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53756}
This is a reland of 9e27d4735f
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
Change-Id: I05262fef66d852876b9bb2869339053629c9b51d
Reviewed-on: https://chromium-review.googlesource.com/1102297
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53751}
This reverts commit 9e27d4735f.
Reason for revert: Fails MSan (use of uninitialized value): https://ci.chromium.org/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21562
Original change's description:
> [debugger] Rewrite the ScopeIterator/DebugEvaluate to use Scope rather than ScopeInfo for inner scopes.
>
> This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
>
> Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
> Reviewed-on: https://chromium-review.googlesource.com/1095094
> Commit-Queue: Toon Verwaest <verwaest@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53741}
TBR=yangguo@chromium.org,jarin@chromium.org,neis@chromium.org,jgruber@chromium.org,verwaest@chromium.org
Change-Id: Ief87c1e79fa2ec40f52fd747ec4ebbacf0da798b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1101377
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53743}
This CL also bottlenecks all current scope handling in the ScopeIterator, and cleans up frame handling in debug-frames and the deoptimizer.
Change-Id: I061922a356ce17794262f8d77d5d7c824558fc50
Reviewed-on: https://chromium-review.googlesource.com/1095094
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53741}
This is a reland of 0909dbe3d6.
Added missing V8_EXPORT_PRIVATE to AndroidLogStream.
TBR=mstarzinger@chromium.org
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
Bug: v8:7820
Change-Id: I8164bad78a401dbe4246c9ffcacd050fe511ed58
Reviewed-on: https://chromium-review.googlesource.com/1100636
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53733}
This reverts commit 0909dbe3d6.
Reason for revert: Blocks roll:
https://chromium-review.googlesource.com/c/chromium/src/+/1099143
Original change's description:
> Introduce StdoutStream which prints to Android log or stdout
>
> The often used construct {OFStream(stdout)} does not work on Android.
> This CL introduces an {StdoutStream} which behaves exactly like
> {OFStream(stdout)} on non-android platforms, and redirects to the
> Android log on appropriate systems and configurations.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:7820
> Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
> Reviewed-on: https://chromium-review.googlesource.com/1088911
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53692}
TBR=mstarzinger@chromium.org,jarin@chromium.org,jgruber@chromium.org,clemensh@chromium.org,bmeurer@chromium.org
Change-Id: Iadadd9a0df10dca0fad647138a83db50148e864d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7820
Reviewed-on: https://chromium-review.googlesource.com/1100635
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53725}
The {WasmSharedModuleData} struct was introduced to hold data common to
all wasm instances belonging to the same module. The idea was to keep
"internal state" separate from the JS-facing {WasmModuleObject}. Since
this objective has no real value, and we already store some internal
data on the {WasmModuleObject}, this CL merges these two objects.
R=titzer@chromium.org, mstarzinger@chromium.org
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I04f6d07bf5d812bc4717af26f0f64231345861f9
Reviewed-on: https://chromium-review.googlesource.com/1097491
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53698}
The often used construct {OFStream(stdout)} does not work on Android.
This CL introduces an {StdoutStream} which behaves exactly like
{OFStream(stdout)} on non-android platforms, and redirects to the
Android log on appropriate systems and configurations.
R=mstarzinger@chromium.org
Bug: v8:7820
Change-Id: Ia682fdf6d064e37c605c19b032f5a10b96ac825b
Reviewed-on: https://chromium-review.googlesource.com/1088911
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53692}
The isolate is mainly used for accounting purposes. As such, it
doesn't need a field in the WasmCodeManager, and cannot have one
if it is to be made isolate independent. Instead, pass the isolate
explicitly in the appropriate cases.
R=mstarzinger@chromium.org
BUG=v8:7424
Change-Id: I539c2b33692e57605a280530bd704ef25269ad0f
Reviewed-on: https://chromium-review.googlesource.com/1073412
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53676}
As specified in https://tc39.github.io/ecma262/#sec-atomics-wait, the
critical section must occur before the load and comparison.
This slightly changes the `AtomicsWaitCallback` API, but in a
direction that arguably makes it more consistent.
As a drive-by fix, reset `node->waiting_` in case there
was an exception from the first callback.
Refs: https://chromium-review.googlesource.com/c/v8/v8/+/1095814
Bug: v8:7836
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I577cdf76cedfe39bc61f783203b543c7c68fc238
Reviewed-on: https://chromium-review.googlesource.com/1096236
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53673}
This CL inserts NOP instructions a little bit earlier into empty
blocks; this ensures that instructions keep their initial position.
Bug: v8:7327
Change-Id: Idee5269f4fd7fc15c44bda83a2be74e8cff62df8
Reviewed-on: https://chromium-review.googlesource.com/1097078
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53672}
These tests are also affected by duplicate builtin copies (on- and
off-heap).
TBR=yangguo@chromium.org
Bug: v8:6666, v8:7718
Change-Id: I8adfe8b8b63fb5f539cdff5e709e9358a47dfc7e
Reviewed-on: https://chromium-review.googlesource.com/1097088
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53668}
In the process:
- Add strict ordering of Types so that name mangling is consistent
and build time. Previously, the UnionType stored the union's
types in a std::set<const Type*>, which did not have a consistent
ordering of the types in the set.
- Add a int31 type to enable consistency and correctness of
handling of 'constexpr int31' values on the C++ side.
- By removing the "implicit" keyword for operators, there is now
one less difference between operators and calls, another
incremental step in unifying operators and calls.
- Enable external (i.e. C++-defined) generic specializations
- Add CSA support for checking double ElementsKinds, including
tests.
- Clean up some constexpr/non-constexpr handling of ElementsKinds.
Bug: v8:7793
Change-Id: I27699aba70b98ebf5466e5b62b045d7b1dad62c8
Reviewed-on: https://chromium-review.googlesource.com/1091155
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53664}
This patch ports over the spec defined operation `GetOption` from
JavaScript to C++:
https://tc39.github.io/ecma402/#sec-getoption
The JS implementation will be deleted once all it's
users are migrated.
Refactors LocaleConstructor to use this method which fixes some test262
tests. The test262 test status file is updated to reflect this.
Bug: v8:5751, v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ief5eae9b69dcea50062825163ca7658ed20bd0cf
Reviewed-on: https://chromium-review.googlesource.com/1094201
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53652}
- Shuffle canonicalization improved to reverse operands to match
more architectural shuffles.
- Handles shuffles where the order of operands is reversed.
- Adds tests for non-canonical shuffles, and for swizzles.
- Improves TryMatchConcat method.
- Substantially rewrites shuffles on ia32 to better handle swizzles
and fix bugs on reversed shuffles where source registers are
overwritten.
- Adds Palignr macro-assembler instructions for ia32.
Bug: v8:6020
Change-Id: I8e43a1e7650057c66690af1504b67509a1437d75
Reviewed-on: https://chromium-review.googlesource.com/1070934
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53648}
Whenever an Isolate is available on a variable, field, or method
parameter, use that instead of GetIsolate(). Also convert simple
cases of the one-argument handle constructor to either use an
available Isolate, or use GetIsolate() if their first parameter
is a variable.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I52805905a9ca8729615ead78859f43d5e8f605f1
Reviewed-on: https://chromium-review.googlesource.com/1092853
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53629}
ExistingCodeLogger was behaving incorrectly when the CodeEventHandler
API was used in combination with --interpreted-frames-native-stack.
Instead of collecting copied trampolines as InterpretedFunction:functionName,
they were being collected as Builtin:IntepreterEntryTrampolines.
This patch adds special handling for copied trampolines when
using ExistingCodeLogger.
R=yangguo@google.com
Change-Id: I3ee4be03800122d28d53b51b20c60dcf6263e4c1
Reviewed-on: https://chromium-review.googlesource.com/1087813
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53624}
Internal references create absolute pointers within the code and must
therefore be disallowed for embedded builtins to remain
position-independent.
Drive-by: remove related cctest. This test used to be relevant before
embedding was fully implemented, but by now it is useless and rather
misleading since it gives a false sense of safety.
Bug: v8:6666
Change-Id: I57a62274b57c3ef1303d5114c68e2a9b1f92bda4
Reviewed-on: https://chromium-review.googlesource.com/1092732
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53623}
OrderedHashTableHandler (to be renamed to OrderedHashTable) is the
interface that abstracts away the two different ordered hash tables.
All operations on the two ordered hash tables must be performed
through this new interface so that we can seamlessly migrate from one
table to another behind the scenes.
Bug: v8:6443, v8:7569
Change-Id: Ifc0a38974605b63e0a2a36b4aafb8dc68a081f4a
Reviewed-on: https://chromium-review.googlesource.com/1059865
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53622}
The globals tests for simd are failing on mips big endian. Will re-enable
after fixing.
R=clemensh@chromium.org
BUG=v8:6020
Change-Id: I8a8a17c4e947b69ccc2eb6bbe79c308b1129d1af
Reviewed-on: https://chromium-review.googlesource.com/1089814
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53595}
JSWeakCollection should use EphemeronHashTable as backing store instead of
ObjectHashTable such that the GC can handle these structures differently in
the future.
Bug: chromium:844008
Change-Id: Icc6df60c975a942877e2507ef45e0d235e5f72be
Reviewed-on: https://chromium-review.googlesource.com/1089063
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53572}
As a first step towards moving accesses to the broker, this moves
heap accesses from BitsetType::Lub to the broker.
Bug: v8:7790
Change-Id: Ie240b84b979717caae42cb8aa06ee8d9877a446d
Reviewed-on: https://chromium-review.googlesource.com/1088695
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53571}
`SetBuildEmbedderGraphCallback`, unlike `SetWrapperClassInfoProvider`,
assumes a monolithic embedder that can provide all necessary information.
That is not the case for e.g. Node.js, which can e.g. provide multiple Node.js
instances per V8 Isolate, as well as native addons that may allocate resources
on their own.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib53dfde82416dd69934b08623e27d674a483ac2d
Reviewed-on: https://chromium-review.googlesource.com/1082441
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53545}
DevTools may process another protocol message during API interrupt this
API may lead to createInjectedScript reentrance and will fail.
Let's postpone interrupts.
Bug: chromium:846099
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ia06e034a6287087e4674559d8911d2f4a0b1b459
Reviewed-on: https://chromium-review.googlesource.com/1086372
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53531}
Currently we enable instrumentation if debugger is active. With this
approach we can not:
- capture async stack when debugger is disabled,
- avoid async instrumentation overhead when debugger is enabled and
async stacks are disabled.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I19400c4c4e12b6c9b5a980fb6bd3293bac6e6a64
Reviewed-on: https://chromium-review.googlesource.com/1081494
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53530}
This CL introduces a new gn argument: v8_enable_pointer_compression which is
false by default. All the changes done in this CL are made under this flag.
Upper half-word of a Smi word must be properly sign-extended according to the
sign of the lower-half containing the actual Smi value.
Bug: v8:7703
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b52ab49cd18c7c613130705de445fef44c30ac5
Reviewed-on: https://chromium-review.googlesource.com/1061175
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53519}
Removes all explicit calls to GetIsolate() in transitions.cc by passing
it through calling functions and implicit calls via the single argument
Handle constructor and handle function.
Unfortunately in the interests of making these changes vaguely
manageable, I've also pushed some new GetIsolates down into
objects-debug.cc, objects-printer.cc and objects.cc.
Bug: v8:7786
Change-Id: I1f98530dec6c004e17dc3336f3cef09fbb446bae
Reviewed-on: https://chromium-review.googlesource.com/1085451
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53518}
Add an inspection callback for embedders that allows tracking
of `Atomics.wait()` calls in order to enable diagnostic tooling
around it, as well as providing a way to break out of an
`Atomics.wait()` call without having to fully terminate execution.
The motivation here is that this allows embedders to perform
somewhat customizable deadlock detection.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ib6346747aa3cbffb07cf6abd12645e2d98584f0f
Reviewed-on: https://chromium-review.googlesource.com/1080788
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53517}
This cl enables sharing of feedback slots for load / sotre named property.
This is a follow up cl of
https://chromium-review.googlesource.com/c/v8/v8/+/966302 that introduces
this feature.
Bug: v8:7530
Change-Id: I0c056b7a3608117db2fc99ebcd6836dfeed471d8
Reviewed-on: https://chromium-review.googlesource.com/1065737
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53515}
Removes most[1] explicit calls to GetIsolate() in parsing/ by passing
it through calling function functions and implicit calls via the single
argument Handle constructor and handle function.
[1] One remains in preparsed-scope-data.cc:
data_->GetIsolate()->PushStackTraceAndDie()
Bug: v8:7786
Change-Id: I4c445995a73c19bdf4649b65487b7443d56ddd2a
Reviewed-on: https://chromium-review.googlesource.com/1085057
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53513}
This is a reland of 515cc07d28
Original change's description:
> [csa] Ensure the requested allocation size fits in a Smi
>
> In CSA::AllocateRaw, ensure that the given allocation size fits into a
> Smi.
>
> Bug: chromium:848672
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I4e74791296163188b1ca77cae8226a9833fba8ef
> Reviewed-on: https://chromium-review.googlesource.com/1084930
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53495}
TBR=yangguo@chromium.org,ishell@chromium.org
Bug: chromium:848672
Change-Id: I135868390784a0ee95ff42224dd00f66f3bf2d80
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1086828
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53512}
This is a reland of df1676e616
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
Bug: v8:7382,v8:7806,chromium:849293
Change-Id: I176cb660d92eb174bd91685cb0a39f50c4cbaa69
Reviewed-on: https://chromium-review.googlesource.com/1086827
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53511}
This reverts 667555c6b8.
This is a short-term fix for NodeJS regression caused by Scavenger
not collecting weak handles that are marked as independent.
Bug: chromium:847863, chromium:780749
Change-Id: Ia1c02e042d0e593c6f5badb82c4ef20b923d3806
Reviewed-on: https://chromium-review.googlesource.com/1082442
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53502}
After [1], a manual dependency on exe_and_shlib_deps is no longer necessary
since it's automatically added. This CL removes all remaining manual references
to exe_and_shlib_deps.
[1] d7ed1f0a9c
BUG=chromium:845700
R=machenbach
Change-Id: I17da573b7b6509a690caf8be6ae6afc180105f07
Reviewed-on: https://chromium-review.googlesource.com/1082913
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53500}
In CSA::AllocateRaw, ensure that the given allocation size fits into a
Smi.
Bug: chromium:848672
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I4e74791296163188b1ca77cae8226a9833fba8ef
Reviewed-on: https://chromium-review.googlesource.com/1084930
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53495}
This reverts commit df1676e616.
Reason for revert: https://crbug.com/v8/7382#c26
Original change's description:
> [array] Implement Array.p.sort in Torque
>
> This CL implements a generic baseline version and 3 fastpaths, for
> various elements kinds, of Array.p.sort in Torque. Details can be found
> in the Design Doc: https://goo.gl/Ge321G.
>
> Performance impact on micro benchmarks depends on the element kind
> and whether the user provides a comparison function.
> For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
> the board. For Dictionary we are slower in all micro benchmarks (0.7).
> For PackedSmi it depends on the call site and whether or not a
> comparison function is used.
>
> Detailed numbers: https://goo.gl/mTyPSb
>
> Bug: v8:7382
> Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
> Reviewed-on: https://chromium-review.googlesource.com/1061523
> Commit-Queue: Simon Zünd <szuend@google.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53481}
TBR=cbruni@chromium.org,jgruber@chromium.org,szuend@google.com
Change-Id: I4c1b32a434d49caba67c80bccb068390607f90a2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7382
Reviewed-on: https://chromium-review.googlesource.com/1085407
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53494}
This avoids embedding the {CEntryStub} into generated {WasmCode} and
instead loads it from the instance object. It is another step towards
making the generated code independent of the Isolate.
R=clemensh@chromium.org
BUG=v8:7472
Change-Id: Ic6ab7602a77fc11e6ec4a03e1bdba647d54df5e3
Reviewed-on: https://chromium-review.googlesource.com/1084841
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53491}
1) The code table never grows, so store it in a heap-allocated byte
array instead of an std::vector.
2) Rename {functions_count} to {num_functions} for consistency with
{num_imported_functions} and occurences in other data structures.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: Id9d66545ed7aa675d663dad5936a9ef6d44ace7d
Reviewed-on: https://chromium-review.googlesource.com/1066014
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53488}
This makes stack checks in WasmCode independent of the underlying
Isolate by loading the limit address from the WasmInstanceObject instead
of embedding it into the instruction stream. It hence removes the last
use of the Isolate field from WasmGraphBuilder.
Additionally this introduces the notion of a "runtime stub" which
represents stub code global to the NativeModule that can be directly
called from each WasmCode in the same module. These stubs can act as
trampolines via which Isolate-independent WasmCode can enter other V8
builtins or runtime functions that remain Isolate-dependent. They will
eventually replace the current "trampoline" in a NativeModule.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: Ie1f5582ee656b1ab7716ea06316d6e21a0268e74
Reviewed-on: https://chromium-review.googlesource.com/1078732
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53487}
This CL implements a generic baseline version and 3 fastpaths, for
various elements kinds, of Array.p.sort in Torque. Details can be found
in the Design Doc: https://goo.gl/Ge321G.
Performance impact on micro benchmarks depends on the element kind
and whether the user provides a comparison function.
For HoleySmi/HoleyElement we have a speedup between 1.5-1.8 across
the board. For Dictionary we are slower in all micro benchmarks (0.7).
For PackedSmi it depends on the call site and whether or not a
comparison function is used.
Detailed numbers: https://goo.gl/mTyPSb
Bug: v8:7382
Change-Id: I50acabd2032af0bc01d36b0de0f555d66be56a7e
Reviewed-on: https://chromium-review.googlesource.com/1061523
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53481}
Also enables tests for globals and mixed type use
R=gdeepti@chromium.org,bbudge@chromium.org,clemensh@chromium.org,titzer@chromium.org
BUG=v8:6020
Change-Id: I828f1628a1c27d9f07ba3a830600f81c5a404b2d
Reviewed-on: https://chromium-review.googlesource.com/1080340
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Aseem Garg <aseemgarg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53477}
This is another step to remove a huge amount of legacy code from v8.
R=dgozman@chromium.org
Bug: v8:5530
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I634bda41c53a49dc4912291eb52f02847f56f4f3
Reviewed-on: https://chromium-review.googlesource.com/1080398
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53459}
We use name of the function at the moment of first appearance of given
function in stack trace. Any further name changes would be ignored.
It gives us around 20% speedup.
Perf analysis: https://bit.ly/2wp99vtR=yangguo@chromium.org,jgruber@chromium.org
Bug: v8:7078
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I9f21f0bd9cd923e5abaeffb9209df0be2f49afff
Reviewed-on: https://chromium-review.googlesource.com/1050984
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53446}
New intstrumentation consists of:
- kAsyncFunctionSuspended when async function is suspended on await
(called on each await),
- kAsyncFunctionFinished when async function is finished.
Old instrumentation was based on reusing async function promise.
Using this promise produces couple side effects:
- for any promise instrumentation we first need to check if it is
special case for async function promise or not - it requires
expensive reading from promise object.
- we capture stack for async functions even if it does not contain
awaits.
- we do not properly cancel async task created for async function.
New intsrumntation resolved all these problems as well as provide
clear mapping between async task and generator which we can use later
to fetch scope information for async functions on pause.
R=dgozman@chromium.org,yangguo@chromium.org
Bug: v8:7078
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ifdcec947d91e6e3d4d5f9029bc080a19b8e23d41
Reviewed-on: https://chromium-review.googlesource.com/1043096
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53445}
With this CL we use interrupt for pause in two cases:
- when we process Debugger.pause on interruption,
- when we would like to break as soon as possible after OOM.
In all other cases, e.g. for async step into we use break
on function call by calling StepIn debugger action.
In mentioned cases we should not actually use interrupt as well:
- Debugger.pause in this case scheduled using interrupt and we
may just break right now without requesting another interrupt,
unfortunately blink side is not ready,
- we should use more reliable way to break right after near OOM
callback, otherwise we can get this callback, increase limit,
request break on next interrupt, before interrupt get another
huge memory allocation and crash.
There are couple advantages:
- we get much better break locations for async stepping
(see inspector tests expectations),
- we can remove DEBUG_BREAK interruption
(it should speedup blackboxing with async tasks, see
removed todo in debug.cc for details)
- it is required preparation step for async step out,
(see https://chromium-review.googlesource.com/c/v8/v8/+/1054618)
Bug: v8:7753
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iabd7627dbffa9a0eab1736064caf589d02591926
Reviewed-on: https://chromium-review.googlesource.com/1054155
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53439}
Extends the functionality of Managed<T> to track an estimated size
for the external memory associated with an instance of Managed<T>
in order to allow for proper accounting in the garbage collector.
R=mstarzinger@chromium.orgCC=ulan@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I8c49c6245eaf267c9264ebb93b43d5dfbf4671fd
Reviewed-on: https://chromium-review.googlesource.com/1076332
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53433}
This extends the ScriptCompiler::CompileModule function with a
CompileOptions argument. Accepted values are kNoCompileOptions (in
which case, behavior remains unmodified) and kConsumeCodeCache. If the
latter is passed, we try to fetch the given module from the code
cache.
Since it is possible to compile the same source code as both a script
and a module (and different code is generated for the two cases), a
new is_module bit is added to the SerializedCodeData header to
disambiguate between the two cases.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I34b3642505577ed9ed0caedbee5876308c5a53ea
Reviewed-on: https://chromium-review.googlesource.com/1073327
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53432}
This CL is a proposal to add "checked" casts (CAST in CSA) to the Torque language.
The CL adds the "unsafe_cast<>" operator that emits a "CAST".
Example:
let n: Number = ...;
...
if (TaggedIsSmi(n)) {
let m: Smi = unsafe_cast<Smi>(n);
...
}
The cast wont incur a runtime overhead now.
R=tebbi@chromium.org
Change-Id: I9fca90d1d11e61617ba0270e5022fd66200e2195
Reviewed-on: https://chromium-review.googlesource.com/1070151
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53416}
This adds a convenience overload for `EscapableHandleScope::Escape()`
which moves `MaybeLocal<T>`s into the outer scope, like a regular
`Local<T>`.
This basically moves the syntactic clutter of having to write
`maybe_local.FromMaybe(Local<Foo>())` instead of just `maybe_local`
to a central location.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1d87d75c6564b10e8ec34957bdd3eac46ffea917
Reviewed-on: https://chromium-review.googlesource.com/1056529
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53415}
see crbug.com/841460 , we recently hit some build issues when using
Goma + jumbo builds because of a conflict on the definition of CONST,
v8 defines it in globals.h and including windows.h also defines it. It
should be possible to fix this by adding a bunch of #undef CONST but it
seems a little bit hacky and might not always work (this could only fix
the problem temporary if the jumbo merge limit changes and cause some
include files to get included in a different order).
Renaming the v8 definition of CONST to kConst, this follows the
style guide guidelines: "there is no reason to change old code to use
constant-style names, unless the old names are actually causing a
compile-time problem"
(https://google.github.io/styleguide/cppguide.html#Enumerator_Names)
I also had to turn the PropertyConstness enum into an enum class to
avoid some conflicts (both PropertyConstness and VariableMode define
kConst).
Bug: chromium:841460
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2b70b9095374e88a5ae364cc557b39f20a3ab60f
Reviewed-on: https://chromium-review.googlesource.com/1064197
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sébastien Marchand <sebmarchand@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53413}
Calls from embedded builtins to stubs are expensive due to the
indirection through the builtins constants table. This moves
all remaining Array constructor stubs to builtins.
Bug: v8:6666
Change-Id: I5989a7480697a506a1bae1929ddd2e3f1d655048
Reviewed-on: https://chromium-review.googlesource.com/1074759
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53399}
The result of SmiUntag is a sign-extended word-size value.
Bug: v8:7703
Change-Id: I85dc87b541cab78286e47e2147c16c6a0939f509
Reviewed-on: https://chromium-review.googlesource.com/1073232
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53389}
Introduce a new public API called CodeEventListener to allow embedders
to better support external profilers and other diagnostic tools without
relying on unsupported methods like --perf-basic-prof.
Bug: v8:7694
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I063cc965394d59401358757634c9ea84c11517e9
Co-authored-by: Daniel Beckert <daniel@sthima.com.br>
Reviewed-on: https://chromium-review.googlesource.com/1028770
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53382}
Modifies several Type:: methods to take an Isolate to pass through to
BitSetType::Lub as well as their call sites.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9ac769c4c658995421fd28b9b1d77d6f84627116
Reviewed-on: https://chromium-review.googlesource.com/1071515
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53362}
Removes use of HeapObject::GetIsolate() from Object::BooleanValue in
preparation for removing the method.
Requires adding Isolate parameter to CommonOperatorReducer constructor.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If735e71df3288bf1eb11576605c2d95a19472181
Reviewed-on: https://chromium-review.googlesource.com/1071653
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53361}
This loads references to {null} values from the instance object instead
of embedding them into the generated code. It is one step towards making
the {WasmCode} objects independent of the Isolate.
Note that this also fixes an issue with the serializer/deserializer that
failed to properly serialize {null} values and accidentally collapsed
them to {undefined} values instead.
R=ahaas@chromium.org
TEST=mjsunit/regress/wasm/regress-7785
BUG=v8:7424,v8:7785
Change-Id: Ie436c2d96890e7c8c89ffe2bd4189a759254775b
Reviewed-on: https://chromium-review.googlesource.com/1070981
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53352}
At the moment, WebAssembly.instantiate(bytes) is implemented by
desugaring it to WebAssembly.compile(bytes).then(WebAssembly.instantiate).
The problem is that the {then} in this snippet is observable. With this
CL I introduce a CompilationResultResolver which allows to do the
desugaring internally and thereby make the {then} unobservable.
Unfortunately the result of WebAssembly.instantiate(bytes) is different
than the result of WebAssembly.instantiate(module). Therefore I also
introduced an InstantiationResultResolver for symmetry with
WebAssembly.compile.
R=mstarzinger@chromium.org
Bug: chromium:837417
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2d98e03d65f2ada19041d5a9e2df5da91b24ccca
Reviewed-on: https://chromium-review.googlesource.com/1059783
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53347}
Implement lowering for simd operations I32x4ConvertI16x8 and
I16x8ConvertI8x16. Also, remove skip tests from status files that
were overriden when tests were renamed.
TEST=cctest/test-run-wasm-simd/RunWasm_I16x8ConvertI8x16_turbofan
Change-Id: If428f5039a32995c8ee64294c936419173a87aa7
Reviewed-on: https://chromium-review.googlesource.com/1069007
Reviewed-by: Aseem Garg <aseemgarg@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53343}
Moving them away was a mistake. Fixing this enables getting rid of a bunch of
includes.
BUG=v8:5402
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I5482eab4281c7450350f058fe0a04a6f375ea082
Reviewed-on: https://chromium-review.googlesource.com/1070188
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53328}
Currently, we context allocate all parameters for generators.
With this CL, we keep arguments on stack (unless they escape to inner
closure) and copy them between the stack and the generator's register
file on suspend/resume. This will save context allocation in most cases.
Note: There is an asymmetry between suspend and resume.
- Suspend copies arguments and registers to the generator.
- Resume copies only the registers from the generator, the arguments
are copied by the ResumeGenerator trampoline.
Bug: v8:5164
Change-Id: I6333898c60abf461b1ab1b5c6d3dc7188fa95649
Reviewed-on: https://chromium-review.googlesource.com/1063712
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53327}
Since the StubCache it's cleared at the end of the GC, it doesn't
matter if it contains weak or strong pointers.
BUG=v8:7308
Change-Id: Ib141e3d411523c67ccb8f8979845a88488d6e4ee
Reviewed-on: https://chromium-review.googlesource.com/1064053
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53311}
The current profiling mode (called kLeafNodeLineNumbers in this CL)
produces a tree, with each node representing a stack frame that is seen
in one or more samples taken during profiling. These nodes refer to a
particular function in a stack trace, but not to a particular line or
callsite within that function.
This CL adds a new more (called kCallerLineNumbers) which produces a
different profile tree, where each stack trace seen during profiling,
including the line number, has a unique path in the tree.
The profile tree was previously keyed on CodeEntry*. Now it is keyed on
the pair of CodeEntry* and line_number, meaning it has distinct nodes
for those combinations which exist, and each distinct stack trace that
was sampled is represented in the tree.
For optimized code where we have inline frames, there are no line
numbers for the inline frames in the stack trace, causing duplicate
branches in the tree with kNoLineNumberInfo as the reported line number.
This will be addressed in follow-ups.
Bug: v8:7018
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I512e221508f5b50ec028306d212263b514a9fb24
Reviewed-on: https://chromium-review.googlesource.com/1013493
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53298}
Replaces the anchor page circular doubly linked list
with a doubly linked list pointing to nullptr on its ends.
Fixes a memory leak when rewinding pages.
The large pages list will move to the new list implementation
in a follow-up CL.
Change-Id: I2933a5e222d4ca768f4b555c47ed0d7a7027aa73
Reviewed-on: https://chromium-review.googlesource.com/1060973
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53288}
If it points to a new space object which doesn't get scavenged, we need to drop
the reference.
BUG=v8:7308, v8:7768
Change-Id: I4485a7abcac3a26781811cc9bf134fd80e5f35b5
Reviewed-on: https://chromium-review.googlesource.com/1069127
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53287}
This CL adds grammar support for function pointers to generic builtins.
It also instantiates generic specializations when they are only used
in an assignment to a function pointer.
Example:
builtin GenericBuiltinTest<T: type>(c: Context, param: T): Object {
return Null;
}
let fnptr: builtin(Context, Smi) => Object = GenericBuiltinTest<Smi>;
Change-Id: Ib7e5f47ffc05f14eb5d0b789936587263dfb961d
Reviewed-on: https://chromium-review.googlesource.com/1068731
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53284}
This map is often quite small and holds small items (ints) so wastes
quite a bit of overhead in the backing tree representation.
This CL changes the std::map to a sorted vector of pairs. This reduces
the size significantly (2.13 MiB -> 598 KiB on the node server example).
Bug: v8:7719
Change-Id: Ic829693f007732ae145fae02850a1ed913cd941e
Reviewed-on: https://chromium-review.googlesource.com/1064233
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53278}
ToDirectStringAssembler::PointerToData returns a raw pointer, which
is invalidated when GC moves the original string and hence must not
be accessed after any allocations. This fixes the bug introduced in
b4ebbc57a9 / r53260.
Bug: chromium:845060
Tbr: jgruber@chromium.org
Change-Id: I248d0dd2a275bf9308269b3f65d00c4c4c3d4292
Reviewed-on: https://chromium-review.googlesource.com/1068213
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53272}
This also includes the precise reducer name. Currently the information
is available in the node tooltip in turbolizer. The new shortcut 's' in
the graph view selects the nodes the currently selected nodes were created
from.
Bug: v8:7327
Change-Id: I7ca7327d0cfa112972e3567df6e4a223c8eff3c0
Reviewed-on: https://chromium-review.googlesource.com/1064059
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53258}
When processing imports of an instance, we were storing pointers to
exported (and re-imported) wasm functions in the code table of the
importing module. This is dangerous since imports are instance specific.
Avoid ever storing call targets for imports in the NativeModule.
Instead, read the call targets from the imports table of the instance.
R=mstarzinger@chromium.org
Bug: chromium:843563
Change-Id: Id9f43a6c127025a5feaa81b2be75c001bc0bea81
Reviewed-on: https://chromium-review.googlesource.com/1065774
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53256}
Also fixup some implementations that were lagging behind per the lack of
pure virtual not having enforced everything yet.
Also fixed recently introduced
PredictablePlatform::CallDelayedOnWorkerThread() to ignore delayed tasks
after realizing the intent is to intercept worker tasks instead of
sending them to |platform_|.
Node.js migrated off these APIs @
https://github.com/v8/node/pull/69R=ahaas@chromium.org, yangguo@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I92171f213b5fc64ab1f21e8eec72738f5ce228bd
Reviewed-on: https://chromium-review.googlesource.com/1045310
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53223}
Currently ProfilerListener holds all the CodeEntries it ever
created during the profiling session. It is not capable of removing
entries corresponding to the code objects discarded by GC as there's
no such code event.
However it is sometimes possible to tell if a code object was GCed.
Hook up to the CodeMap code entry removal and if the entry has never
been hit by a sample we can safely delete it.
As a bonus the CodeEntryInfo size has been reduced on x64, which also
saves 8 x <number of code entries> bytes.
BUG=v8:7719
Change-Id: I988bc5b59f3fba07157a9f472cbcf68596fcd969
Reviewed-on: https://chromium-review.googlesource.com/1054346
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53222}
This CL adds the new type expression
builtin(Context, ArgType1, ...) => ReturnType
and allows to use Torque-defined builtins as values of this type, as well
as calling values of this type.
The new function pointer types are subtypes of Code.
Change-Id: Ib7ba3ce6ef7a8591a4c79230dd189fd25698d5b9
Reviewed-on: https://chromium-review.googlesource.com/1060056
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53217}
https://github.com/tc39/proposal-intl-locale
Rename locale property to baseName to better reflect the intented use case and the change in spec.
TBR: bmeurer@chromium.org
Bug: v8:7684
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I91b630b49ce73abcebd6040ec968c91d75cff879
Reviewed-on: https://chromium-review.googlesource.com/1014411
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53193}
ArrayBuffer memory allocated off-heap was previously tracked by a test-
only retained_size() field on each LocalArrayBufferTracker.
Changes in off-heap ArrayBuffer memory usage are now reported to the
Space with which the ArrayBuffer is associated, so that the value is
cheaply available to include in e.g. GC limit calculations, via a new
getter, ExternalBackingStoreBytes().
Changes to external ArrayBuffer backing-store allocations are tracked in
an AtomicNumber associated with each Space, to allow for ArrayBuffers
being concurrently moved or freed from multiple Pages in the same Space
during sweeps & compactions.
Bug: chromium:837583
Change-Id: I8b1b6addd5cd05533d8da55ca813e134bc36e181
Reviewed-on: https://chromium-review.googlesource.com/1052347
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53192}
With the introduction of a jump table, call targets will not be
{WasmCode} objects any more. Instead, we just call any {Address}.
This CL does not change anything yet, but changes interfaces to accept
an {Address} instead of {WasmCode*}.
R=titzer@chromium.org
Bug: v8:7758
Change-Id: Id299738bb7cc6a1891e4a03d7f67c24cde6d1699
Reviewed-on: https://chromium-review.googlesource.com/1058793
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53191}
{ImportedFunctionEntry} offers two {set} methods: One takes a
{JSReceiver*}, the other one a {WasmInstanceObject*}. Since
{WasmInstanceObject} inherits from {JSReceiver}, it's quite easy to
confuse the two if the instance is hold as e.g. {JSObject}.
Hence, rename the methods to remove this ambiguity.
R=titzer@chromium.org
Bug: v8:7758
Change-Id: I06617a565faa561d3afc70085e0df3b528c715bb
Reviewed-on: https://chromium-review.googlesource.com/1059147
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53185}
This CL changes the generated C++ code for LabeledStatementBlocks to
only emit labels if they are used.
Prior to this CL, when a label was only used on one path of an
if constexpr expression, and not at all anywhere else,
the try/label construct would BIND a label that was not used,
causing a CSA verification error.
R=tebbi@chromium.org
Change-Id: Ia81a0cd081b84528c95bbdbdb98b9ab51928e13f
Reviewed-on: https://chromium-review.googlesource.com/1057247
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53173}
This makes the fact that {WasmSharedModuleData} is shared across
instances explicit by hanging this {shared} reference off the module
object instead of the instance-specific {WasmCompiledModule} object.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I99bf3d855d6283bdc48373f0f8e2df1990905d3f
Reviewed-on: https://chromium-review.googlesource.com/1051909
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53163}
Module and script SharedFunctionInfos can't be used interchangeably
(e.g.: it should not be possible to bind a Module's SFI to a Context).
The dedicated type disambiguates the two.
This also adds an overload for CreateCodeCache which takes an unbound
module script instead of an unbound script. Both are just a SFI
underneath, so their behavior is identical.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iab519d0d50b6b41c95abdb6397f5622e292da4d8
Reviewed-on: https://chromium-review.googlesource.com/1047107
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53150}
Shares the feedback slot when loading / storing named properties
when the name of the property and the variable corresponding
to the object are the same. This reduces the memory usage on most
real world benchmarks. There is a slight (~1%) increase in the overall
time spent in V8 on a couple of these pages.
There is also no overall performance regression on peak-performance
benchmarks like Octane, ARES. More detailed results are in this doc[1]
[1]: https://docs.google.com/document/d/1rPNjXU-WOlyNQovuQS28Zf2PHCENR97Bi76gV9mHHOc/edit?usp=sharing
BUG: v8:7530
Change-Id: I7dd98c2d26f4e6c94690ca7d9a8a4a8281b3142d
Reviewed-on: https://chromium-review.googlesource.com/966302
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53145}
Change-Id: I37ed9115c099f3d17f23a26348a1bbf5f773ee32
Reviewed-on: https://chromium-review.googlesource.com/1056668
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#53136}
In the process, add a few simple tests for "constexpr" expressions, which
identified a few bugs that are also fixed in this CL.
Change-Id: I97486c781572642d2b574b92133b1f9cda3db592
Reviewed-on: https://chromium-review.googlesource.com/1055493
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53135}
This makes the fact that export wrapper code is shared across instances
explicit by hanging the {export_wrappers} array off the module object
instead of the instance-specific {WasmCompiledModule} object.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic5c73bcc17f759e520c105317361e5654628b99e
Reviewed-on: https://chromium-review.googlesource.com/1051987
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53131}
The CompilationManager was introduced to manage the memory of
AsyncCompileJobs. However, by now this can be done better by the new
WasmEngine.
This CL just moves the code to wasm-engine.[h,cc] and adjusts the
callsites.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icd2c1f19feeaa854c74e020b41e314b8ad00cea5
Reviewed-on: https://chromium-review.googlesource.com/1052109
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53112}
The 'pause' instruction is used for implementing retpolines. It is
currently being printed as 'nop', which is incorrect.
R=titzer@chromium.org
Change-Id: I134b6dae332103fd7f9b3c4e5520f0d5db06ba74
Reviewed-on: https://chromium-review.googlesource.com/1051789
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53109}
Moves all Oddballs, empty_feedback_metadata, lots of symbols and
immortal heap numbers and several other empty collection objects.
RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE
old 31800 0 241976 24032 176 0
new 35080 0 238680 24032 176 0
diff +3280 -3296
Reland of https://chromium-review.googlesource.com/c/v8/v8/+/1025996,
without the empty_property_dictionary which is not read-only.
Bug: v8:7464
Change-Id: I84840d86eb3e5906ddb8b4c4e9e70bfec0cf78bc
Reviewed-on: https://chromium-review.googlesource.com/1049611
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53096}
Re-enables and fixes msan test failures due to string padding being
cleared only selectively in tests. This change instead makes sure it
always happens in TestIsolate.
Bug: v8:7746
Change-Id: I259b43ad25cb7af18bf16d29effb15772c981a67
Reviewed-on: https://chromium-review.googlesource.com/1051647
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53095}
This is a reland of 40f1aaf330
Put back padding clearing into the SerializeObject method but only when
the String is not in RO_SPACE. For RO_SPACE strings, if required
iterate over the space before serialization clearing the strings.
Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
>
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
>
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
>
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
>
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
>
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}
Bug: v8:7464
Change-Id: Ia8386c4ff5f5df3207f584caf7a9b1ff1e405f25
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1042145
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53087}
This CL removes the JSGraph from WasmGraphBuilder and uses MachineGraph,
which is independent of the isolate, instead. In addition to using
the machine graph in the WasmGraphBuilder, this CL splits off a subclass
for compiling wrappers that does have a JSGraph and encapsulates it in
the .cc file. This makes the separation of WASM function graphs and WASM
wrapper graphs more explicit.
R=mstarzinger@chromium.orgCC=ahaas@chromium.org
BUG=v8:7721
Change-Id: I3c190baef2084919d22a9a89a8c9f11d2ddcf3d0
Reviewed-on: https://chromium-review.googlesource.com/1050266
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53086}
D8 enables the Wasm trap handler by default now, but we need to make sure the
older bounds check case still gets test coverage too, as bounds checks will
continue to be a supported configuration.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I5b0bdded6929a9b3a8480e87d038398b8d2a0fd8
Reviewed-on: https://chromium-review.googlesource.com/1048835
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53078}
If termination was requested on pause we should handle it properly as
soon as execution resumed.
R=yangguo@chromium.org
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ica50500094138097f115545db716264126fbe59e
Reviewed-on: https://chromium-review.googlesource.com/1049486
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53074}
This changes JS-to-Wasm wrappers to no longer embed a WeakCell with the
associated instance into the code, but load the instance object from the
passed {WasmExportedFunction} object instead.
R=titzer@chromium.org
BUG=v8:7424
Change-Id: I5403f882912eb23e760fabe70207440648754a69
Reviewed-on: https://chromium-review.googlesource.com/1028053
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53057}
- Make FeedbackVector backing store a WeakFixedArray.
- "feedback" is always strong but "extra" might be weak.
- Whenever the handler stored in FeedbackVector is a WeakCell to a transition
Map, replace it with an in-place weak reference.
For a more detailed description of the changes, see the design doc
https://docs.google.com/document/d/1P8cIme2wKszdYt64ObAiuh6pXgLnrrn80Hpl1ejJbOU/edit#heading=h.ijx1oculrikp
BUG=v8:7308
Change-Id: I72c5cf6597ef24d4c22a1fe8e25b67ca196d4ec8
Reviewed-on: https://chromium-review.googlesource.com/1027855
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53051}
This API will be used by Node.js to provide output compatible with
Chrome devtools.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I265495f8af39bfc78d7fdbe43ac308f0920e817d
Reviewed-on: https://chromium-review.googlesource.com/1044491
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Eugene Ostroukhov <eostroukhov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53041}
The DCHECK was incorrect. This new API method can be called from any
debug mode since the embedder does not know which mode we are in.
It should only apply the side effect logic when the mode is
kSideEffects.
Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I11b0e5194b151a2b88171d6be21c3ccbba9cd408
Reviewed-on: https://chromium-review.googlesource.com/1046162
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53030}
Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).
My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.
This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.
TBR=mlippautz@chromium.org
Bug: v8:6666
Change-Id: I4cd63477f19a330ec70bbf20e2af8a42fb05fabb
Reviewed-on: https://chromium-review.googlesource.com/1044245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53027}
Define simple accessors in the header and give them lower case names.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: I2914013fdea2218189275bbaa9f98ea5de0ccd7c
Reviewed-on: https://chromium-review.googlesource.com/1046546
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53024}
These tests can be unskipped now that off-heap trampolines are packed
into the binary.
Bug: v8:6666
Change-Id: Ib8d55064a42da3b12fd940441298e5273181c601
Reviewed-on: https://chromium-review.googlesource.com/1047165
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53023}
ProfilerListener which holds CodeEntries has been moved from Logger to
CpuProfiler. This way we can clear entries when all the profiles
produced by a particular CpuProfiler are deleted.
BUG=v8:7719
Change-Id: I31d47dc7da44648c8fb8e87b47e2e6260d3dc5c3
Reviewed-on: https://chromium-review.googlesource.com/1043050
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53004}
Creating a new instance from a v8::Function will invoke its
constructor. If it is an API callback that has not been marked as
kHasNoSideEffect, this CL introduces a way to invoke it without
throwing.
Calls within the constructor are still checked for side effects.
Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia4e410d487e2847bc511cb96f0be30a3563991f6
Reviewed-on: https://chromium-review.googlesource.com/1034116
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53003}
This makes {Script} objects created for WebAssembly no longer reference
a concrete instance object, but a module object instead. All uses of the
field in question only require module-wide information and the script is
meant to represent the set of all instances, not just one concrete
instance.
R=clemensh@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I751d4b75c8a970cffcb1a37b6c22ff69e9ee5489
Reviewed-on: https://chromium-review.googlesource.com/1043871
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53002}
This method is intended for use by code caching as follows:
1. The module is compiled (and perhaps instantiated).
2. The embedder fetches and stores the module's unbound script (i.e.
the shared function info).
3. Module evaluation, maybe triggering lazy compilation.
4. Generated code for the module (which hangs off the shared function
info) is inserted into the code cache.
Subsequent module loads can load from the code cache prior to
evaluation.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I80018cd921ab1a18323906a548b249e19d9f9509
Reviewed-on: https://chromium-review.googlesource.com/1041745
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52998}
On div and rem on ia32 and x64, we sometimes need to spill. If this
spilling code happens inside of a branch, the cache state will reflect
that the value was spilled, even though the actual spilling code might
not have executed.
R=titzer@chromium.org
Bug: v8:6600, chromium:839800
Change-Id: I93b681a23119f903feb54235d6d44a7cbd5815fe
Reviewed-on: https://chromium-review.googlesource.com/1044185
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52995}
Add binop tests for div and rem of i32 and i64. The test is extended to
handle traps, and to check that the value of local variables is not
affected by the operation.
R=titzer@chromium.org
Bug: v8:6600, chromium:839800
Change-Id: I1a4cbc40bd399666d9831d021afb96e0c53a9f64
Reviewed-on: https://chromium-review.googlesource.com/1044166
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52989}
The Promoted* prefix was used to refer both to the total number of old
generation objects, and to the delta of objects moved from the new to
old generations.
PromotedTotalSize() is also renamed, to reflect the actual calculation
it performs
Bug: chromium:837583
Change-Id: Id27a0661618257ef64eb469a83bb49c0e8ce6923
Reviewed-on: https://chromium-review.googlesource.com/1042314
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52986}
This is a reland of a0c57368a9
Original change's description:
> [wasm] Maintain link from Instance to Module.
>
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
>
> R=clemensh@chromium.org
>
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}
Change-Id: I9854400bfc1d22bd258f17118fcb7460cdc3acd5
Reviewed-on: https://chromium-review.googlesource.com/1043786
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52985}
Instead rely on the scope info containing the name as well.
Change-Id: Ie1f96ea023a793b11209510566f6831b1dfd40ab
Reviewed-on: https://chromium-review.googlesource.com/1042567
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52983}
Temporarily skip this test until it can be fixed.
TBR=machenbach@chromium.org
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7718
Change-Id: I04b6c47b72ed041b2b22669187b8afbcc0c05ff6
Reviewed-on: https://chromium-review.googlesource.com/1042398
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52960}
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
This reverts commit a0c57368a9.
Reason for revert: Speculative revert due to failures with custom
snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/19061
Local bisect also points to this change:
http://shortn/_IhVxU2FKLu
Original change's description:
> [wasm] Maintain link from Instance to Module.
>
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
>
> R=clemensh@chromium.org
>
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I1830e6ce14314f06f918a0c428182bfd68354ad9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041968
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52949}
This reverts commit 40f1aaf330.
Reason for revert:
https://luci-milo.appspot.com/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21000
Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
>
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
>
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
>
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
>
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
>
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}
TBR=yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
Change-Id: Id4770c0fdb21cd9eea2f62a019f44a6bdea8f0a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1041948
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52944}
Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
is only usable with ReadOnlySpace::WritableScope to avoid the space
being left writable). MarkAsReadOnly updates the high water mark and
makes several previously mutating methods into no-ops.
Moves some writes to immutable objects out of the bootstrapper to
setup-heap-internal so they don't write to a read-only page.
Also avoid writing hashes to strings that already have the value set as
that invariably means writing to the "0" and "1" constant strings in
RO_SPACE.
Before serialization, it makes RO_SPACE writable again so that any
padding can be cleared before writing it.
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
Reviewed-on: https://chromium-review.googlesource.com/1014128
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52943}
This moves the link from a {WasmInstanceObject} to its corresponding
{WasmModuleObject} into the right place and also makes it strong. This
ensures that an instance always keeps the underlying module alive and
hence removes the situation of an "orphaned instance".
R=clemensh@chromium.org
Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
Reviewed-on: https://chromium-review.googlesource.com/1041691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52942}
The tracker needs to maintain the byte length as there is no order guarantee
when sweeping pages and the byte length may be a HeapNumber that is stored on a
different page.
The abstraction for ArrayBuffers is left untouched. We distinguish between the
following cases:
1. Regular AB (backing_store and bye_length should be used)
2. AB allocated using kReservation but not part of wasm
3. AB allocated using kReservation and part of wasm
In practice, 2. does not exist, but we still maintain "allocation_base" and
"allocation_length" which fall back to backing_store and byte_length in this
case. The problematic part is that they look like innocent getters on the
object but actually refer to different data structures or on-heap objects.
Since 2. does not exist, and 3. looks up the bounds in its own tracker, it is
fine for ArrayBufferTracker to pass backing_store and tracked byte_length.
Bug: v8:7701
Change-Id: Ib89d5fe94fce5cef8e5d8343a5415a3b9ad0deba
Reviewed-on: https://chromium-review.googlesource.com/1039385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52923}
This is a reland of ad221d144a
Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
>
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
>
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
>
> This is a reland of https://crrev.com/c/985142.
>
> Bug: v8:7619
> Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
> Reviewed-on: https://chromium-review.googlesource.com/996466
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52412}
Bug: v8:7619
Change-Id: I0f311305472ca2305ad2fa9163560ff54c1422c2
Reviewed-on: https://chromium-review.googlesource.com/999872
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52921}
This reverts commit 2df5e7a7b6.
Reason for revert: Mystery crashes https://bugs.chromium.org/p/chromium/issues/detail?id=838805
Original change's description:
> [parser] Slice the source string where possible
>
> When internalizing string literals (for quoted strings or property names),
> try to create a sliced string of the source string rather than allocating
> a copy of the bytes.
>
> This will not work for string literals that contain escapes (e.g. unicode
> escapes), and currently does not support two-byte strings.
>
> Bug: chromium:818642
> Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
> Reviewed-on: https://chromium-review.googlesource.com/1010282
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52898}
TBR=marja@chromium.org,yangguo@chromium.org,jarin@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Change-Id: I598b6668c43a3e843e2dd8e60852b2b2f3461954
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1039885
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52919}
Original CL: https://crrev.com/c/1018468
During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.
This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.
TBR=yangguo@chromium.org,mlippautz@chromium.org
Bug: v8:6666
Change-Id: I3fa422c57de99c9851dc7a86394a8387c7c2b397
Reviewed-on: https://chromium-review.googlesource.com/1039366
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52916}
This fixes a bug where we didn't run before/after hooks for await when
the debugger is not active, as reported downstream in
https://github.com/nodejs/node/issues/20274
Change-Id: I1948d1884c591418d87ffd1d0ccb2bebf4e908f1
Reviewed-on: https://chromium-review.googlesource.com/1039386
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52909}
When internalizing string literals (for quoted strings or property names),
try to create a sliced string of the source string rather than allocating
a copy of the bytes.
This will not work for string literals that contain escapes (e.g. unicode
escapes), and currently does not support two-byte strings.
Bug: chromium:818642
Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
Reviewed-on: https://chromium-review.googlesource.com/1010282
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52898}
GetWorkerThreadsTaskRunner() was about to be phased out [1] but v8
r52818 landed ahead of it.
Add CallDelayedOnWorkerThread() to the new worker thread API to support
this use case before phasing out GetWorkerThreadsTaskRunner()
[1] https://chromium-review.googlesource.com/c/v8/v8/+/978443
Implemented it in d8+cctest+default-platform right away to avoid
requiring a non-null Isolate* (and yet another transitional API).
R=ahaas@chromium.org, kozyatinskiy@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2bee08fee08cf15a664d31cc6817e21cebe1d140
Reviewed-on: https://chromium-review.googlesource.com/1033584
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52892}
This includes the following changes:
- Limit code space to 128 MB.
- Use direct branches wherever possible.
- Where not possible, continue using load literal followed by an indirect
branch.
- Sort RelocInfo by target_address_address for the serializer, since mixing
load literal instructions and branch instructions messes up that order.
- Ensure we always wipe out targets in the serializer (not just for the
snapshot) in order to be able to distinguish between constant pool entries
and branch instructions.
Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790
Reviewed-on: https://chromium-review.googlesource.com/939175
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52885}
The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.
With that in place, we also remove the array masking approach based
on arithmetic.
Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.
Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.
Bug: chromium:798964
Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}
This removes Type::operator-> which was used to split the change that
removed undefined misuse of Type* to represent integers.
Bug: v8:3770
Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99
Reviewed-on: https://chromium-review.googlesource.com/1033736
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52878}
This is part of the effort to decrease the amount of undefined behavior.
that v8 relies on.
The main change here is to represent types with class Type rather than
with pointer Type*. To make the CL smaller, I used an operator overload
hack to separate the change from `->` to `.`. I am working on a CL that
will remove the operator and change all those arrows to dots.
Bug: v8:3770
Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22
Reviewed-on: https://chromium-review.googlesource.com/1032551
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52872}
This finishes off the fixes and adds a DCHECK to make sure future tests
have page-sized memories. The one exception is for asm.js, because
asm.js does not have the same page size restriction.
Bug: v8:7704, v8:7570
Change-Id: I9f6d0f6c1744072fb1efa88abdfd2011938960df
Reviewed-on: https://chromium-review.googlesource.com/1033827
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52869}
This reverts commit 6379e2a464.
Reason for revert:
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64%2F23855%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Fmkgrokdump%2F0
Original change's description:
> [builtins] Patch self-references in constants table
>
> During code generation, we generate self-references (i.e. references to
> the Code object currently being generated) as references to a temporary
> handle. When the final Code object has been allocated, the handle's
> location is fixed up and RelocInfo iteration fixes up all references
> embedded in the generated code.
>
> This adds support for this mechanism to the builtins constants table
> builder. CodeObject() is now a new handle pointing to a dedicated
> self-reference marker in order to distinguish between self-references
> and references to undefined. In Factory::NewCode, we patch up
> the constants table.
>
> Bug: v8:6666
> Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511
> Reviewed-on: https://chromium-review.googlesource.com/1018468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52854}
TBR=yangguo@chromium.org,mlippautz@chromium.org,jgruber@chromium.org
Change-Id: I8cf8c4b43f51285ea913c6c8fdd339bd9ea645df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1033092
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52856}
During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.
This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.
Bug: v8:6666
Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511
Reviewed-on: https://chromium-review.googlesource.com/1018468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52854}
This removes the last reference from {NativeModule} that made it
specific to a concrete WebAssembly instance, by only referencing the
{WasmSharedModuleData} instead of a {WasmCompiledModule}. Note that
eventually we want to remove this reference completely to become even
independent of the underlying Isolate soon.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: I29b8cde8beadeef75c90e90fbff1830f2bf4e636
Reviewed-on: https://chromium-review.googlesource.com/1032433
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52853}
Linkage-related methods were declared in wasm-compiler.h and
implemented in wasm-linkage.cc. This required all users of e.g. wasm
call descriptors to include the whole wasm compiler header. Also, some
wasm linkage information is independent of turbofan and also used
outside of the compiler directory.
This CL splits off wasm-linkage.h (with minimal includes) and puts it
in src/wasm. This allows to use that information without including
compiler headers (will clean up several uses in follow-up CLs).
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7570
Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
Reviewed-on: https://chromium-review.googlesource.com/1013701
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52849}
Both macros currently call a function with individual CHECKs, which
makes error messages only show that one part of the equality check (and
not the the actual float values), and hides the actual location of the
check.
This CL refactors this such that the actual value is shown (just as
with other CHECK_EQ macros) and it shows the right file name and line
number.
R=ahaas@chromium.org
Bug: v8:7570
Change-Id: I198e73c053178a09f14330a18069463760693f81
Reviewed-on: https://chromium-review.googlesource.com/1027879
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52832}
The test is flaky on arm in --optimize-for-size.
NOTRY=true
Bug: v8:7605
Change-Id: I6219442545244bb0c07f8b028668f41602a83b30
Reviewed-on: https://chromium-review.googlesource.com/1032331
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52827}
This CL simplifies and extends the implementation of Managed<T>
and now uses a std::shared_ptr<T> underneath in order to offer
cross-isolate management of C++ allocated memory.
R=mstarzinger@chromium.orgCC=ulan@chromium.org
Bug: v8:7424
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id43a26f565677e8c9cdfd73810568d4f2b1871fe
Reviewed-on: https://chromium-review.googlesource.com/1028190
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52820}
This is a reland of f5d308510a
Original change's description:
> [builtins] Introduce further constant & external reference indirections
>
> This introduces further indirections for embedded constants and
> external references for builtins generated by the macro-assembler.
> The used mechanisms (LookupConstant and LookupExternalReference) are
> identical to what we already use in CSA.
>
> Almost all builtins are now isolate-independent in both release and
> debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
> builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
>
> Bug: v8:6666
> Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
> Reviewed-on: https://chromium-review.googlesource.com/1006581
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52810}
TBR=mstarzinger@chromium.org
Bug: v8:6666
Change-Id: I73dfe207f2c5f79a9a06c165c75f5619e88a5a17
Reviewed-on: https://chromium-review.googlesource.com/1030550
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52819}
This introduces further indirections for embedded constants and
external references for builtins generated by the macro-assembler.
The used mechanisms (LookupConstant and LookupExternalReference) are
identical to what we already use in CSA.
Almost all builtins are now isolate-independent in both release and
debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
Bug: v8:6666
Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
Reviewed-on: https://chromium-review.googlesource.com/1006581
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52810}
When running this test locally, the OptimizeFunctionOnNextCall
call fails, because the line above has no semicolon, and automatic
insertion doesn't help, probably because of the % sign. The test still
runs, but the first call after level1() fails, meaning the inlining
does not happen.
Change-Id: Icd2d08e676ea3cade63d4e12277748a447e410fc
Reviewed-on: https://chromium-review.googlesource.com/1030210
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52808}
This adds support for the I32AtomicCompareExchange operations in the
interpreter. Also, the interpreter will now fail if it encounters
an unknown opcode from the atomic prefix.
Bug: chromium:826069
Change-Id: Iec1742271f4fdd83fcaa09ca72c24d1cf8c58835
Reviewed-on: https://chromium-review.googlesource.com/1029867
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52807}
The WasmInstanceObject stores two new arrays:
- imported_mutable_globals_buffers_: a FixedArray of all the imported
globals' array buffers.
- imported_mutable_globals: a calloc'd array of Addresses pointing to
the mutable global in its array buffer.
When accessing the global, the generated code looks up the address in
imported_mutable_globals to find where to load/store.
Bug: v8:7625
Change-Id: I60844c21a788fce28f346455f10f2283d1c152e9
Reviewed-on: https://chromium-review.googlesource.com/1020602
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52794}
When only_terminate_in_safe_scope flag is passed as CreateParams for
v8::Isolate, V8 does not trigger intrruption for termination if there
is no explicit SafeForTerminationeScope.
Scope enables termination only in direct v8 calls, any recursive calls
require explicit SafeForTerminationScope.
R=yangguo@chromium.org
Bug: chromium:820640
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iac17e30a4b47aa84e70e9218ca0adca9d07f726e
Reviewed-on: https://chromium-review.googlesource.com/1025390
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52793}
I missed one required change which was hidden behind an #if. The fix is in
the diff between Patch 1 and Patch 3.
Original message:
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.
Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.
* I removed the public constructors and replaced them by
ExternalReference::Create(). The reason is to separate external
creation more clearly from internal creation, because externally
created ExternalReferences sometimes need redirection, whereas
internally created ExternalReferences are just stored as they are.
In addition, by removing the isolate from the signature of the
public constructors, they suddenly exactly matched the interal
constructor.
* Replace all uses of the public constructors with
ExternalReference::Create().
* Remove the isolate from all call sites where necessary.
This is a step towards making WebAssembly compilation independent of
the isolate.
R=mstarzinger@chromium.org
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I750c162f5d58ed32e866722b0db920f8b9bd8057
Reviewed-on: https://chromium-review.googlesource.com/1026673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52777}
This is just code reshuffling to enable changing Type* to Type.
Bug: v8:3770
Change-Id: I8ed4ff41b480cab377d115c57c49d6f6c0c46d6d
Reviewed-on: https://chromium-review.googlesource.com/1025897
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52772}
This expands the SideEffectType flag to cover whitelisting embedder
callbacks that are setup with Template accessors.
- v8::ObjectTemplate::SetNativeDataProperty
- v8::ObjectTemplate::SetLazyDataProperty
- v8::ObjectTemplate::SetAccessor
Bug: v8:7515
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ieda6c793141ab249c4f41d00e6572fe2a29ac629
Reviewed-on: https://chromium-review.googlesource.com/1015896
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52770}
This reverts commit 44ea425ab1.
Reason for revert: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Arm%20-%20debug%20builder/13575
Original change's description:
> [refactoring] Remove the isolate from signatures of ExternalReferences
>
> In this CL I remove the isolate from signatures of ExternalReference
> accessor functions where the isolate is not used. The uses of the
> isolate were already removed in previous CLs.
>
> Changes:
> * I split the ExternalReference list in external-reference.h into
> those which need the isolate for initialization and those which do not.
>
> * I removed the public constructors and replaced them by
> ExternalReference::Create(). The reason is to separate external
> creation more clearly from internal creation, because externally
> created ExternalReferences sometimes need redirection, whereas
> internally created ExternalReferences are just stored as they are.
> In addition, by removing the isolate from the signature of the
> public constructors, they suddenly exactly matched the interal
> constructor.
>
> * Replace all uses of the public constructors with
> ExternalReference::Create().
>
> * Remove the isolate from all call sites where necessary.
>
>
> This is a step towards making WebAssembly compilation independent of
> the isolate.
>
> Bug: v8:7570
> R=mstarzinger@chromium.org
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
> Reviewed-on: https://chromium-review.googlesource.com/1018982
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52768}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
Change-Id: I7c0d8d420f815cede23d550dee8942ac4d7791cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1026570
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52769}
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.
Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.
* I removed the public constructors and replaced them by
ExternalReference::Create(). The reason is to separate external
creation more clearly from internal creation, because externally
created ExternalReferences sometimes need redirection, whereas
internally created ExternalReferences are just stored as they are.
In addition, by removing the isolate from the signature of the
public constructors, they suddenly exactly matched the interal
constructor.
* Replace all uses of the public constructors with
ExternalReference::Create().
* Remove the isolate from all call sites where necessary.
This is a step towards making WebAssembly compilation independent of
the isolate.
Bug: v8:7570
R=mstarzinger@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
Reviewed-on: https://chromium-review.googlesource.com/1018982
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52768}
Wasm tier-up first compiles the whole module using Liftoff, and then
using Turbofan. The idea is to achieve fast start-up times by first
running Liftoff-compiled code. In the meantime we finish compilation
with Turbofan, and replace the Liftoff-compiled code as soon
as Turbofan finished compilation, thus achieving high performance.
Tier-up is enabled through the flag FLAG_wasm_tier_up.
Bug: v8:6600
Change-Id: I70552969c53d909a591666a1e7ce1ee1419b2f34
Reviewed-on: https://chromium-review.googlesource.com/1010422
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52759}
This CL splits the definition of ValueType and its helper functions
into its own header file.
R=clemensh@chromium.org
Bug: v8:7570
Change-Id: I3aa776edb45839d7d38836e131df45732c685310
Reviewed-on: https://chromium-review.googlesource.com/1021810
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52758}
Passing a pointer of the needed type, and then reading using
ReadUnalignedValue is pointless, since the compiler can assume
alignment of the pointer value.
This CL fixes the remaining external refs of wasm to take an Address to
a single buffer.
R=ahaas@chromium.org
Bug: v8:7570, v8:3770
Change-Id: If8a7324a4703e1e900cb3c5644baef207e6a371d
Reviewed-on: https://chromium-review.googlesource.com/1023406
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52754}
This CL introduced SafeForInterruptsScope. This scope overrides
outer PostponeInterruptsScopes:
- reschedule postponed interrupts if needed,
- allow requesting new interrupts.
As soon as scope removed interrupts are posponed if needed.
This scope will be:
- used to allow inspector to interrupt and terminate
DebugeEvaluate::Local,
- exposed with new flag on Isolate to implement SafeForTerminationScope
in blink.
R=yangguo@chromium.org
Bug: chromium:820640
Change-Id: I15befc10c2cee393d1e3be48cecb31ee14dae638
Reviewed-on: https://chromium-review.googlesource.com/1022969
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52743}
This is a reland of 5728b3fbc5
Original change's description:
> [builtins] Separate species protectors for Array, TypedArray, Promise
>
> Previously, there was one species protector for Array, TypedArray and
> Promise. This CL splits the protector in three separate ones. This means
> that invalidating one of them does not have negative performance
> implications for the other ones.
>
> Bug: chromium:835347, v8:7340
> Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f
> Reviewed-on: https://chromium-review.googlesource.com/1023408
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52733}
Bug: chromium:835347, v8:7340
Change-Id: I0c0188a0723e206ddb362834bcf872b23cd7666d
Reviewed-on: https://chromium-review.googlesource.com/1023811
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52742}
The movw/movt instructions are only available since Armv7. One of the
disassembly tests was expecting these instructions when, on Armv6, we generate a
load literal.
Change-Id: I2b11894b5de748fc185f341b0cd49fa518d005e5
Reviewed-on: https://chromium-review.googlesource.com/978143
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52738}
This reverts commit 5728b3fbc5.
Reason for revert: Breaks noi18n build
Original change's description:
> [builtins] Separate species protectors for Array, TypedArray, Promise
>
> Previously, there was one species protector for Array, TypedArray and
> Promise. This CL splits the protector in three separate ones. This means
> that invalidating one of them does not have negative performance
> implications for the other ones.
>
> Bug: chromium:835347, v8:7340
> Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f
> Reviewed-on: https://chromium-review.googlesource.com/1023408
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52733}
TBR=sigurds@chromium.org,bmeurer@chromium.org
Change-Id: Ied8b436e7991c759eb3b98702c142aa127a7e63c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:835347, v8:7340
Reviewed-on: https://chromium-review.googlesource.com/1024151
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52736}
Previously, there was one species protector for Array, TypedArray and
Promise. This CL splits the protector in three separate ones. This means
that invalidating one of them does not have negative performance
implications for the other ones.
Bug: chromium:835347, v8:7340
Change-Id: Id84aa0071f17096192965264eb60ddadd1e8e73f
Reviewed-on: https://chromium-review.googlesource.com/1023408
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52733}
At the moment, the isolate is allocated and initialized in a single
step. This has the downside that the platform cannot register the
isolate before the isolate gets initialized, and therefore the platform
is not available for the isolate during initialization. With this CL we
register the uninitialized isolate on the platform and initialize the
isolate after that.
This change is needed to allow the creation of task runners already
during the initialization of the isolate.
The related chromium CL: https://crrev.com/c/1015020R=yangguo@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I52e89388a757f2693d1a800e7aa7701aa0080795
Reviewed-on: https://chromium-review.googlesource.com/1014044
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52731}
Several functions on Array.prototype incorrectly threw a TypeError just
because their receiver was sealed or frozen.
Bug: v8:7677
Change-Id: I4ec38bfbf468f9bd676f1c0b341c8a50cf814f15
Reviewed-on: https://chromium-review.googlesource.com/1021870
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52718}
The function allocating objects in the test can be inlined in the middle
of the run. All allocations after inlining are currently not accounted.
This patch sums up allocations of the function and its outer function.
The difference between counts is now about 4%-6% (down from 15%).
Bug: chromium:834832
Change-Id: Iad071bd5bf53bb3527c9cb24d0a9ea38618c833c
Reviewed-on: https://chromium-review.googlesource.com/1021734
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52713}
The existing signature is problematic for two reasons:
1. The void* -> V cast is invalid if sizeof(V) < sizeof(void*)
2. It's impossible to distinguish between a returned value of 0 and
nullptr, designating failure.
Bug: v8:6666
Change-Id: I71e8fc9119256c24a15b5bb73438f024f1af4f88
Reviewed-on: https://chromium-review.googlesource.com/1018466
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52708}
The convert operation only write an output value if the conversion
succeeded. Thus, we always initialize the buffer before calling the
conversion function.
R=ahaas@chromium.org
Change-Id: Ide230a1e608205f9067349db08adde6a90b31d6f
Reviewed-on: https://chromium-review.googlesource.com/1021377
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52703}
Instead of passing multiple pointers to input and output, or to two
input values, just pass one pointer which holds all inputs and where
the output is written.
This also reduces the size of generated Turbofan graphs, since only one
stack slot is needed and less arguments are passed to the call.
It also fixes undefined behaviour, since we were passing a pointer e.g.
as {uint64_t*}, but accessed it using {ReadUnalignedValue}. Now we pass
an Address, which does not have any alignment constraints.
R=ahaas@chromium.org
Bug: v8:3770, v8:6600
Change-Id: I54ef80b7e27f77587a9062560c0b3e01d6593e6d
Reviewed-on: https://chromium-review.googlesource.com/1019147
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52702}
The memory metric samples memory usage immediately after forcing GC via
LowMemoryNotification. This makes the metric sensitive to the unmapper
tasks timing.
This patch forces eager unmapping in CollectAllAvailableGarbage.
It also forces eager unmapping of non-regular chunks at the beginning
of Mark-Compact to avoid accumulation of non-regular chunks.
Bug: chromium:833291, chromium:826384
Change-Id: Iddf02cd4ab8613385d033899d29525fe6ee47fdd
Reviewed-on: https://chromium-review.googlesource.com/1017102
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52696}
These functions are now unused within V8, as we need tighter control in
mksnapshot for creating embedded.cc.
Embedders should switch to using SnapshotCreator directly.
Bug: v8:6666
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id231b3d1fdf50e06c9278f13d095186364264b86
Reviewed-on: https://chromium-review.googlesource.com/1019442
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52692}
ScavengeExternalString and ScavengeExternalOneByteString clear GC flags,
which confuses concurrent sweeping that was started from another test.
Tests that mutate flags should not be threaded.
Bug: v8:7671
Change-Id: I08656d06fe85ff45baca685ebe5982528aad774c
Reviewed-on: https://chromium-review.googlesource.com/1019102
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52690}
This refactoring is a big step towards separating Turbofan-related code
from backend independent code. This will allow us to include way less
headers from "src/compiler" at various places.
The {WasmCompilationUnit} contained information for Turbofan
compilation, and for Liftoff compilation. This CL tears this apart, such
that {WasmCompilationUnit} holds backend-independent information, plus
a pointer to either {LiftoffCompilationUnit} or
{TurbofanWasmCompilationUnit}. These pointers are opaque, so that
{function-compiler.h}, defining {WasmCompilationUnit}, does not need to
include any Turbofan specific or Liftoff specific headers.
R=ahaas@chromium.org, titzer@chromium.org, mstarzinger@chromium.org
Bug: v8:7570, v8:6600
Change-Id: I024c9a23508ee1b4b3cbe1d068c8e785d732daca
Reviewed-on: https://chromium-review.googlesource.com/1016640
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52684}
Since external strings are used for things like source strings, we
should tenure them from creation.
Change-Id: I226ab9036836d76d8c17ed168ad97d7f0f824278
Reviewed-on: https://chromium-review.googlesource.com/1006961
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52677}
There are various situations where we explicitly compare a SMI against
another SMI (e.g., BuildIndexedJump). This is also a common pattern for
generated code (e.g., comparing a loop variable with an integer). Instead
of using the generic equality/strict-equality stub for this, which is
expensive, this CL offers a simple comparison stub, repurposing the
TestEqualStrictNoFeedback bytecode to TestReferenceEqual
Bug: v8:5310
Change-Id: Ib2b47cd24d5386cf0d20d3bd794776dc6e3a02a5
Reviewed-on: https://chromium-review.googlesource.com/1007542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Christian O. Andersson <cricke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52655}
Previously, if an unbound script was created in a non-inspected context,
but later bound to an inspected one, it never appeared in the
debugger sources.
After this change `OnAfterCompile` will be invoked not on the original
script compilation, but when it's actually bound to a context for
execution, which means `Debugger.scriptParsed` will be now sent to the
inspector even for such precompiled scripts.
R=jgruber@chromium.org, kozyatinskiy@chromium.org, yangguo@chromium.org
Bug: v8:7654
Change-Id: Ice13312e425903fb2baf14edab5c566d649a6438
Reviewed-on: https://chromium-review.googlesource.com/1013581
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52652}
Class fields needs to be initialized after `this` is bound, as per the
new spec change:
https://github.com/tc39/proposal-class-fields/pull/92
This CL moves the initialization of `this` from parser desugaring to
the bytecode generator.
Bug: v8:7647
Change-Id: I20f749403e5a4d2f06a39726cf39012ceb541987
Reviewed-on: https://chromium-review.googlesource.com/1014383
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52646}
Casting from a floating-point type to an integer type is undefined behavior
if the integral part of the float cannot be represented in the range of the
int.
Bug: v8:3770, chromium:831145
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I2e85ea8b0f09bbeeb3e0dcc1135fc747fa312f6d
Reviewed-on: https://chromium-review.googlesource.com/1011651
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52631}
First version which can compile a very basic code.
Change-Id: I3b98412a5ca39a28f8fe5b60516b82c6981dd187
Reviewed-on: https://chromium-review.googlesource.com/993232
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52622}
The embedder should not need to keep track of the source string.
R=jgruber@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ie27df755a22fbcae7b6e87a435419d2d8f545558
Reviewed-on: https://chromium-review.googlesource.com/1013482
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52614}
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.
Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
This allows an embedder to check if a Value is a module namespace object.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idffceff451dd5f5c6a53d4cb3ce02c1c2c5b653c
Reviewed-on: https://chromium-review.googlesource.com/1011762
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52597}
This patch moves the desugaring from the parser to the bytecode
generator for super calls that have a spread at a non last position.
This allows us to have the post super() call behavior, such as
initializing instance fields in one place in VisitCallSuper.
Bug: v8:7642
Change-Id: I00a693beb7078a63282359c1121b66bb62c157c8
Reviewed-on: https://chromium-review.googlesource.com/1009907
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52596}
This is mostly a simple copy & paste of the stub implementation from
code-stubs-arch.cc to builtins-arch.cc.
The conversion allows removal of a special case for the DoubleToIStub
within the compiler & wasm pipelines, and also makes the following
builtins isolate-independent (in conjunction with
https://crrev.com/c/1006581):
TFC BitwiseAnd
TFC BitwiseOr
TFC BitwiseXor
TFC Exponentiate
TFC ShiftLeft
TFC ShiftRight
TFC ShiftRightLogical
TFJ AtomicsAdd
TFJ AtomicsAnd
TFJ AtomicsCompareExchange
TFJ AtomicsExchange
TFJ AtomicsLoad
TFJ AtomicsOr
TFJ AtomicsStore
TFJ AtomicsSub
TFJ AtomicsXor
TFJ MathClz32
TFJ MathImul
TFJ MathPow
TFJ NumberParseInt
TFJ StringFromCharCode
TFJ TypedArrayFrom
TFJ TypedArrayOf
TFJ TypedArrayPrototypeMap
Drive-by: dead code removal & TODOs in code-stubs.h.
Bug: v8:6666
Change-Id: I763cba2242bcadc2d130b0aaa16a9787212b466a
Reviewed-on: https://chromium-review.googlesource.com/1012024
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52591}
This changes DoubleToIStub to return its result on the stack instead
of a specific return register.
In a follow-up, the DoubleToIStub could be converted into a builtin.
Bug: v8:6666
Change-Id: I7852e1586c8f7b56bc5d2545a7bf6238dd2ad650
Reviewed-on: https://chromium-review.googlesource.com/1009702
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52587}
Looking up line numbers with the JITLineInfoTable would sometimes give
wrong answers. Fix these bugs and add a cctest for this data structure.
Also do some cleanup while we're here like inlining the (empty)
constructor and destructor and removing the empty() method which is
only used unnecessarily anyway, to make the contract of
GetSourceLineNumber a bit clearer.
Also rename the data structure to SourcePositionTable, because it
doesn't just provide info for JIT code, but also bytecode, and 'Info'
is pretty ambiguous.
Bug: v8:7018
Change-Id: I126581c844d85df6b2b3f80f2f5acbce01c16ba1
Reviewed-on: https://chromium-review.googlesource.com/1006795
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52571}
It's not possible to use GeneratedCode for this test because the called
stubs use the stdcall calling convention but GeneratedCode does not allow
specifying a custom calling convention.
BUG=v8:7164
Change-Id: Ic28c4313bb2b68103b94e4c1ae7c037a789edce2
Reviewed-on: https://chromium-review.googlesource.com/1008994
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52558}
When using registers during the Liftoff-prologue, we need to make sure
that all reserved registers are correctly pushed to and restored
from stack.
Change-Id: Iac444448cfd99fca70a811cb941d0cf5979d638b
Reviewed-on: https://chromium-review.googlesource.com/1005754
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52555}
Previously embedder had to create an instance of TracingCpuProfiler explicitly.
The patch makes the profiler created automatically for every isolate.
The profiler has no overhead unless tracing with v8.cpu_profiler category is enabled.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9369c2c56bcddc72093eda33dc2bc185c9253b4a
Reviewed-on: https://chromium-review.googlesource.com/1006049
Commit-Queue: Alexei Filippov <alph@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52552}
This CL allows SetPrototypeAdd and ArrayIteratorPrototypeNext
to be called on temporary objects during side effect free evaluation.
Bug: v8:7588
Change-Id: Id77848e48d98c243de91bc6c0fae5a0877e693d4
Reviewed-on: https://chromium-review.googlesource.com/998439
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52548}
This reverts commit e5a687be00.
Reason for revert: Crashes on GCC: https://build.chromium.org/p/client.v8/builders/V8%20Linux%20gcc%204.8/builds/19002
Original change's description:
> [CFI] Refactor test use to use GeneratedCode
>
> Replace direct call to generated code with call using GeneratedCode to
> match the rest of v8.
>
> BUG=v8:7164
>
> Change-Id: I3e45d3e7c45f06fc362a22217ee7f0f1b70745e2
> Reviewed-on: https://chromium-review.googlesource.com/1002534
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52536}
TBR=clemensh@chromium.org,vtsyrklevich@chromium.org
Change-Id: I684a93d20f104244e2b74ab79ddc7d6e3a1ecf3c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7164
Reviewed-on: https://chromium-review.googlesource.com/1006614
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52538}
Replace direct call to generated code with call using GeneratedCode to
match the rest of v8.
BUG=v8:7164
Change-Id: I3e45d3e7c45f06fc362a22217ee7f0f1b70745e2
Reviewed-on: https://chromium-review.googlesource.com/1002534
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52536}
Before Turbofan/Ignition it was possible to use external profilers to
sample running V8/Node.js processes and generate reports/FlameGraphs
from that. It's still possible to do so, but non-optimized JavaScript
functions appear in the stack as InterpreterEntryTrampoline. This commit
adds a runtime flag which makes interpreted frames visible on the
process' native stack as distinguishable functions, making the sampled
data gathered by external profilers such as Linux perf and DTrace more
useful.
R=bmeurer@google.com, franzih@google.com, jarin@google.com, yangguo@google.com
Bug: v8:7155
Change-Id: I3dc8876aa3cd9f1b9766624842a7cc354ccca415
Reviewed-on: https://chromium-review.googlesource.com/959081
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52533}
The ImportedFunctionEntry and IndirectFunctionTableEntry stored handles
internally, but were created from raw pointers. This is not allowed.
The two options to fix this are to either handlify the whole interface,
or do the opposite and use raw pointers everywhere. Since no current
user depends on a handlified interface, and both objects are being used
in performance critical code, this CL unhandlifies the interface and
adds a DisallowHeapAllocation scope to enforce that no GC happens while
any ImportedFunctionEntry or IndirectFunctionTableEntry is alive.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Change-Id: I098c2abcdd28c4b117272ac3ea0358ff2e56b36c
Reviewed-on: https://chromium-review.googlesource.com/1005075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52531}
New space objects which die after scavenging might contain weak references.
IncrementalMarking::UpdateWeakReferencesAfterScavenge must drop the
corresponding slot.
This bug didn't surface before, since all weak slots are in the old space (but
this will change soon).
BUG=v8:7308
Change-Id: Ib1e507d4207e35547240dc0867ec7787b3f3103e
Reviewed-on: https://chromium-review.googlesource.com/1005000
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52519}
The checked condition now more precisely corresponds to the actual
ineffective GC detection heuristic.
Change-Id: I727932c76ff3183e7b038437eefba564c9778ff7
Reviewed-on: https://chromium-review.googlesource.com/997634
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52509}
The reloading was needed when GC would compact the Heap::retained_maps
array. But that's no longer true; the compaction is done in
Heap::AddRetainedMap, outside GC. So it's not possible that the length would
change because of an allocation.
(Pre-cleanup for in-place weak ref work.)
BUG=v8:7308
Change-Id: I18554353014865992f9151002cc4097fb986faf1
Reviewed-on: https://chromium-review.googlesource.com/1002775
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52506}
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.
This saves about 20KB of binary size on x64.
Original review: https://chromium-review.googlesource.com/c/v8/v8/+/959533
Originally landed as r52416 / f9a2e24bbc
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id072cbe6b3ed30afd339c7e502844b99ca12a647
Reviewed-on: https://chromium-review.googlesource.com/1000540
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52492}
gn flag: v8_enable_minor_mc
The default is 'true' until infra is updated to be able to build and
test with it using this flag.
Bug: v8:7638
Change-Id: I7946eb9bf4087c528d1a844b156a726a1c0671bf
Reviewed-on: https://chromium-review.googlesource.com/1000777
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52485}
The prologue checks if optimized code exists, and if not, continues
execution of the current function. Otherwise, it jumps to the address
specified in the native module's code_table.
Also-by: clemensh@chromium.org
Change-Id: If3e76de02115f44ab7758590a949c3f0965a11ca
Reviewed-on: https://chromium-review.googlesource.com/985837
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52471}
Replace direct calls to generated code with calls using GeneratedCode to
match the rest of v8.
BUG=v8:7164
Change-Id: I5d90bcb6e90d99e105be18886d4844b83f611b95
Reviewed-on: https://chromium-review.googlesource.com/1000416
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52467}
Currently a WeakMap key edge shows up as '<id> / WeakMap'. This patch
changes it to '<id> / key <KeyName> in WeakMap'.
Bug: chromium:827713
Change-Id: I0306bacdc331ab69739be88cf29d16a21187625f
Reviewed-on: https://chromium-review.googlesource.com/992035
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52465}
Merge the outer_scope_info and feedback_metadata fields on
SharedFunctionInfo. outer_scope_info is only used during parsing,
and feedback_metadata is only available after compilation, so the
two never exist at the same time. Thus, they can share a field slot.
The exception is un-compiling and re-compiling a function, where we
need the outer_scope_info again. Fortunately, the outer_scope_info
can be re-calculated from the SFI's scope_info.
Bug: v8:7606
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I6b97fefe859e89df75ad870da4a0bfa4b869772a
Reviewed-on: https://chromium-review.googlesource.com/992432
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52454}
Given that we got a store transition handler for free (because it's just
a transition map) there's no need to wait for a second "use" of that
transition in order to install a normal store transition handler.
Bug: v8:5988
Change-Id: Iecdcfdd096a8efffdd0662f1b1d604943e57d85a
Reviewed-on: https://chromium-review.googlesource.com/997553
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52442}
Test that Managed objects get collected if they are not referenced any
more.
R=ulan@chromium.org
Bug: v8:7628
Change-Id: I4a594ebe835071d76d7a6e2ddee6a6092b3e4a31
Reviewed-on: https://chromium-review.googlesource.com/999482
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52438}
This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.
Bug: v8:7424
R=mstarzinger@chromium.org
Change-Id: Ia35a3ce91a8f6135767fa764e185cde8bbc889f4
Reviewed-on: https://chromium-review.googlesource.com/997932
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52436}
This reverts commit f9a2e24bbc.
Reason for revert: gc stress failures not all fixed by follow up.
Original change's description:
> [cleanup] Refactor the Factory
>
> There is no good reason to have the meat of most objects' initialization
> logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
> this CL changes the protocol between Heap and Factory to be AllocateRaw,
> and all object initialization work after (possibly retried) successful
> raw allocation happens in the Factory.
>
> This saves about 20KB of binary size on x64.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
> Reviewed-on: https://chromium-review.googlesource.com/959533
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52416}
TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/999414
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52420}
This reverts commit ad221d144a.
Reason for revert: Layout test failures:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/22780
Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
>
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
>
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
>
> This is a reland of https://crrev.com/c/985142.
>
> Bug: v8:7619
> Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
> Reviewed-on: https://chromium-review.googlesource.com/996466
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52412}
TBR=bradnelson@chromium.org,eholk@chromium.org
Change-Id: Ic15d14c6fa69300bc0fdc036b9fee8ecf65fd397
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7619
Reviewed-on: https://chromium-review.googlesource.com/999412
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52418}
There is no good reason to have the meat of most objects' initialization
logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
this CL changes the protocol between Heap and Factory to be AllocateRaw,
and all object initialization work after (possibly retried) successful
raw allocation happens in the Factory.
This saves about 20KB of binary size on x64.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
Reviewed-on: https://chromium-review.googlesource.com/959533
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52416}
This change makes full 8 GiB guard regions always enabled on 64-bit
platforms.
Additionally, since all Wasm memory allocation paths have some form of
guard regions, this removes and simplifies most of the logic around
whether to enable guard regions.
This is a reland of https://crrev.com/c/985142.
Bug: v8:7619
Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
Reviewed-on: https://chromium-review.googlesource.com/996466
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52412}
The AssembleMove and AssembleSwap tests would only perform moves on stack
parameters. This limits us to testing with slots that are likely to be in range
of loads and stores. As well as only testing memory accesses with positive
offsets relative to the frame pointer.
This patch addresses these limitations by moving half of the stack parameters
into spill slots, to then perform moves on them. Additionally, to increase
ranges, we create articial space between each spilled slot.
As a drive-by, allow giving custom names to code objects created with the
CodeAssemblerTester. It helps a lot inspecting disassembly.
And finally, this CL uncovered a bug where I had forgotten to initialize
FixedArrays, which would make the incremental marker crash.
Bug: v8:6848
Change-Id: Ic1954c1896130f6c55e09a3068bf341cc4c68670
Reviewed-on: https://chromium-review.googlesource.com/980613
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52406}
This is a reland of 63ecddc814
Original change's description:
> [runtime] Remove the construct_stub field of the SFI
>
> Don't dispatch based on the construct_stub field anymore. Rather than
> read it out and jump to the construct stub, we can switch on the
> builtin_id.
>
> Builtins will always have builtin_id as a Smi, so this signals we need
> to jump to JSBuiltinsConstructStub. The only exception is for uncompiled
> functions, which will have kCompileLazy as the builtin_id, but need to
> jump to the generic stub instead.
>
> API function calls will have a FunctionTemplateInfo in the SFI
> function_data field, and need to go to the builtins stub as well.
>
> The final case is everything else, which should go to the generic stub.
>
> Bug: v8:7503
> Change-Id: I14790a5f9784dc0d940bf10a05f5310026e1d482
> Reviewed-on: https://chromium-review.googlesource.com/980941
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52345}
TBR=bmeurer@chromium.org
Bug: v8:7503
Change-Id: Ie46bfb0af173ad7ac8cbdfeed1865e60f3f413f7
Reviewed-on: https://chromium-review.googlesource.com/997712
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52389}
Fixes a crash that happens when calling postMessage on an empty typed
array.
GetBuffer should only call MaterializeArrayBuffer for on-heap buffers,
but the on-heap check is slightly wrong. This CL moves the on-heap check
logic to the JSTypedArray class so that other parts of the codebase
don't need to worry about how that is determined.
Also add some dchecks to materialize itself. It should only receive
on-heap buffers and should always transform them to off-heap buffers.
There is also no reason for it to be static, so change that here too.
Bug: chromium:797588
Change-Id: Icd88a5b68e424d82c9f1f7889ca42a40a72a1bdc
Reviewed-on: https://chromium-review.googlesource.com/995898
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52388}
In order to clarify the difference between, e.g., InstructionStart and
instruction_start, rename as follows:
Code::instruction_start -> raw_instruction_start
Code::instruction_end -> raw_instruction_end
Code::instruction_size -> raw_instruction_size
The difference between the camel-case and raw_* function families is
in how they handle off-heap-trampoline Code objects. For example, when
called on an off-heap-trampoline: raw_instruction_start returns the
trampoline's entry point, while InstructionStart returns the off-heap
code's entry point (located in the .text section of the binary).
Some callsites were updated to call the camel-case function family as
appropriate.
Bug: v8:6666
Change-Id: I4a572f47c2d161a853599d7c17879e263b0d1a87
Reviewed-on: https://chromium-review.googlesource.com/997532
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52387}
Removing these tests from skip list because corresponding wasm simd
opcodes lowering has been implemented.
Change-Id: I77bbbee573ba65cf27dc9ee39f4d352bafb5849f
Reviewed-on: https://chromium-review.googlesource.com/988032
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52383}
test-heap/TransitionsArraySimpleToFull was relying on an allocation
happening (and GC being triggered) right at the start of
TransitionsAccessor::Insert. That allocation would put the TransitionsAccessor
back to the kUninitialized state. If there's no allocation at that point of the
program logic, the test will fail, since the TransitionsAccessor will be go to
the kFullTransitionArray state.
(Needed for the in-place weak ref work, which will remove the allocation at that point.)
BUG=v8:7308
Change-Id: Id3985e107d86440fe05daf5f3f29c84d028df929
Reviewed-on: https://chromium-review.googlesource.com/995476
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52374}
This is a reland of 7a2c371383
Original change's description:
> [debug] introduced runtime side effect check
>
> This CL demonstrates minimum valuable addition to existing debug evaluate
> without side effects mechanism.
> With this CL user can evaluate expressions like:
> [a,b] // create any kind of temporary array literals
> [a,b].reduce((x,y) => x + y, 0); // use reduce method
> [1,2,3].fill(2); // change temporary arrays
>
> The core idea: any change of the object created during evaluation without
> side effects is side effect free. As soon as we try to store this temporary
> object to object existed before evaluation we will terminate execution.
>
> Implementation:
> - track all objects allocated during evaluation and mark them as temporary,
> - patch all bytecodes which change objects.
>
> A little more details (including performance analysis): [1].
>
> [1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
>
> Bug: v8:7588
> Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
> Reviewed-on: https://chromium-review.googlesource.com/972615
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52370}
Bug: v8:7588
Change-Id: Ibc92bf19155f2ddaedae39b0c576b994e84afcf8
Reviewed-on: https://chromium-review.googlesource.com/996760
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52373}
This is a reland of dbdede0101
after a webkit layout test (geolocation-api/timestamp.html) was
fixed by
https://chromium-review.googlesource.com/c/chromium/src/+/994343 .
Original change's description:
> Implement a new spec for timezone offset calculation
>
> https://github.com/tc39/ecma262/pull/778 was recently merged
> to Ecma 262.
>
> It changes the way to convert between "local time" and UTC in such
> a way that it'd work for all timezones whether or not there has
> been any change in the timezone offset of the standard time. For
> instance, Europe/Moscow and some parts of US state of Indiana have
> changed the standard (non-DST) timezone offset a few times. The
> previous spec assumes that the the standard timezone offset is
> constant, but the new spec take into account the offset change
> history.
>
> In addition, it specifies a new way to calculate the timezone
> offset during a timezone transition (either in and
> out of DST or timezone offset shift).
>
> During a negative transition (e.g. fall backward / getting
> out of DST), repeated times are to be interpreted as if the
> offset before the transition is in effect.
>
> During a positive transition (e.g. spring forward / getting
> into DST), skipped times are to be treated similarly. That
> is, they are to be interpreted as if the offset before the
> transition is in effect.
>
> With icu-timezone-data, v8 is compliant to the new spec for the
> past and the future as well as now whether or not the standard
> timezone offset of a given timezone has changed over time
> (e.g. Europe/Moscow, Pacific/Apia). With icu-timezone-data,
> Australia/Lord_Howe (30 minute DST change) also works per spec.
>
> Without icu-timezone-data, it works only for timezones of which
> the standard timezone offset is the same as the current offset
> (e.g. most North American timezones other than parts of Indiana)
> and of which the DST shift is an hour. For instance, it doesn't work
> for Europe/Moscow in 2010 when the standard timezone offset was
> +4h because the current (2018) standard timezone offset is +3h. Neither
> does it for Lord Howe in Australia with the DST shift of 0.5 hr.
>
> This CL used to require one of the two ICU CLs below, but not
> any more.
>
> https://chromium-review.googlesource.com/c/chromium/deps/icu/+/572652
> https://chromium-review.googlesource.com/851265 (a proposed CL to the
> upstream ICU).
>
> Bug: v8:3547,chromium:417640,v8:5714
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: Ib162295da5bee31b2390bd0918157014aebd3e33
> Reviewed-on: https://chromium-review.googlesource.com/572148
> Commit-Queue: Jungshik Shin <jshin@chromium.org>
> Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52332}
Bug: v8:3547, chromium:417640, v8:5714
Change-Id: I47536c111143f75e3cfeecf5d9761c43a98a10f5
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/995971
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52372}
This reverts commit 7a2c371383.
Reason for revert: msan is broken
Original change's description:
> [debug] introduced runtime side effect check
>
> This CL demonstrates minimum valuable addition to existing debug evaluate
> without side effects mechanism.
> With this CL user can evaluate expressions like:
> [a,b] // create any kind of temporary array literals
> [a,b].reduce((x,y) => x + y, 0); // use reduce method
> [1,2,3].fill(2); // change temporary arrays
>
> The core idea: any change of the object created during evaluation without
> side effects is side effect free. As soon as we try to store this temporary
> object to object existed before evaluation we will terminate execution.
>
> Implementation:
> - track all objects allocated during evaluation and mark them as temporary,
> - patch all bytecodes which change objects.
>
> A little more details (including performance analysis): [1].
>
> [1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
>
> Bug: v8:7588
> Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
> Reviewed-on: https://chromium-review.googlesource.com/972615
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52370}
TBR=ulan@chromium.org,rmcilroy@chromium.org,yangguo@chromium.org,kozyatinskiy@chromium.org,leszeks@chromium.org
Change-Id: Ied1739c6308b13a4981189e0999f5912316cf456
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7588
Reviewed-on: https://chromium-review.googlesource.com/996135
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52371}
This CL demonstrates minimum valuable addition to existing debug evaluate
without side effects mechanism.
With this CL user can evaluate expressions like:
[a,b] // create any kind of temporary array literals
[a,b].reduce((x,y) => x + y, 0); // use reduce method
[1,2,3].fill(2); // change temporary arrays
The core idea: any change of the object created during evaluation without
side effects is side effect free. As soon as we try to store this temporary
object to object existed before evaluation we will terminate execution.
Implementation:
- track all objects allocated during evaluation and mark them as temporary,
- patch all bytecodes which change objects.
A little more details (including performance analysis): [1].
[1] https://docs.google.com/document/d/10qqAtZADspPnpYa6SEdYRxrddfKIZJIzbLtGpsZQkRo/edit#
Bug: v8:7588
Change-Id: I69f7b96e1ebd7ad0022219e8213211c7be72a111
Reviewed-on: https://chromium-review.googlesource.com/972615
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52370}
