Module and script SharedFunctionInfos can't be used interchangeably
(e.g.: it should not be possible to bind a Module's SFI to a Context).
The dedicated type disambiguates the two.
This also adds an overload for CreateCodeCache which takes an unbound
module script instead of an unbound script. Both are just a SFI
underneath, so their behavior is identical.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iab519d0d50b6b41c95abdb6397f5622e292da4d8
Reviewed-on: https://chromium-review.googlesource.com/1047107
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53150}
The clusterfuzz issue crashes because VisitBinops expected only but 4
input operands but in the generated graph 5 input operands get created
The issue is fixed by increasing the size of the input operand buffer.
R=jarin@chromium.org
Bug: chromium:842501
Change-Id: I4bbb09a968e165e6f5a0a02d06eee97333f7aa38
Reviewed-on: https://chromium-review.googlesource.com/1056989
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53147}
Makes all but one data member private instead of protected and replaces
all Space::heap_ accesses with Space::heap().
Also moves Executability down from Space into PagedSpace and remove all
references in SemiSpace since it's always initialized with
NOT_EXECUTABLE.
Bug: v8:7754
Change-Id: Ic03ce35a5f970b3c1e25b32da53e4c9717b2ee1e
Reviewed-on: https://chromium-review.googlesource.com/1055510
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53146}
Shares the feedback slot when loading / storing named properties
when the name of the property and the variable corresponding
to the object are the same. This reduces the memory usage on most
real world benchmarks. There is a slight (~1%) increase in the overall
time spent in V8 on a couple of these pages.
There is also no overall performance regression on peak-performance
benchmarks like Octane, ARES. More detailed results are in this doc[1]
[1]: https://docs.google.com/document/d/1rPNjXU-WOlyNQovuQS28Zf2PHCENR97Bi76gV9mHHOc/edit?usp=sharing
BUG: v8:7530
Change-Id: I7dd98c2d26f4e6c94690ca7d9a8a4a8281b3142d
Reviewed-on: https://chromium-review.googlesource.com/966302
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53145}
We must not accept something of kBit representation as of
kWord32 representation (unless it's truncated accordingly).
Deopt instead.
Bug: v8:7740
Change-Id: Ib4f73600d66f8762a6e22f7ea1ce79e8ef451b34
Reviewed-on: https://chromium-review.googlesource.com/1054670
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53144}
We accidentally always enabled retpolines for indirect calls in
https://crrev.com/c/1047385. This regresses performance and code size
unnecessarily if the --no-untrusted-code-mitigations flag is used.
R=titzer@chromium.org
Bug: chromium:840376, chromium:798964
Change-Id: I6bab130e33d0dafa1f547ebf7e7930a23c4eba20
Reviewed-on: https://chromium-review.googlesource.com/1057128
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53142}
LSan is not implemented on windows, and trying to use the
{__lsan_ignore_object} function gives link error.
Since LSan is never enabled on windows, we also don't need the
annotations, so just disable them on windows.
R=bmeurer@chromium.org
Bug: chromium:842166,v8:7738
Change-Id: Ibaed77b4b884c09c7a08e081d953c56c53f907ff
Reviewed-on: https://chromium-review.googlesource.com/1056990
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53141}
Change-Id: I37ed9115c099f3d17f23a26348a1bbf5f773ee32
Reviewed-on: https://chromium-review.googlesource.com/1056668
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#53136}
In the process, add a few simple tests for "constexpr" expressions, which
identified a few bugs that are also fixed in this CL.
Change-Id: I97486c781572642d2b574b92133b1f9cda3db592
Reviewed-on: https://chromium-review.googlesource.com/1055493
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53135}
Node.js still support older versions of clang, and some of those
versions require us to explicitly declare default constructors for
classes. While updating V8 to 6.7 on Node.js we hit a build failure on
Mac OS X and FreeBSD because there was one constructor not complying
with that rule. This commit fixes it.
R=bmeurer@google.com, franzih@google.com, ofrobots@google.com, yangguo@google.com
Bug: v8:7743
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I1f57f0c88c27e4755c9e05f6fedd9def55d8cb77
Reviewed-on: https://chromium-review.googlesource.com/1050666
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#53132}
This makes the fact that export wrapper code is shared across instances
explicit by hanging the {export_wrappers} array off the module object
instead of the instance-specific {WasmCompiledModule} object.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ic5c73bcc17f759e520c105317361e5654628b99e
Reviewed-on: https://chromium-review.googlesource.com/1051987
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53131}
In case of {kLoadI32}, use same sequence of instructions as in case
of {kI64LoadI32S}. This fixes irregular behavior on target.
TEST=cctest/test-run-wasm/RunWasmLiftoff_I32ShrSOnDifferentRegisters
Change-Id: I7ae6915c8b9bacb682e01db2c00f0c280dbb8254
Reviewed-on: https://chromium-review.googlesource.com/1054878
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#53130}
The root visitor now collects marked roots in the marking worklist and
filters out objects that are not in the new space.
This reduces average marking time in MinorMC in Richards from 0.08ms
to 0.04ms:
baseline mark:
len: 22
min: 0.07
max: 0.18
avg: 0.0809090909091
[0,5[: 22
mark
len: 22
min: 0.03
max: 0.13
avg: 0.0409090909091
[0,5[: 22
Bug: chromium:651354
Change-Id: I979e2f5ba331f88029b69bab23978f7fcadb7024
Reviewed-on: https://chromium-review.googlesource.com/1055490
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53128}
This was already the case for 1-byte strings. This prevents crashes when
attempting to externalize such strings.
Bug: chromium:842078, v8:7464
Change-Id: I3092a6748edaf77b2689f7b6f6b949929998e508
Reviewed-on: https://chromium-review.googlesource.com/1054290
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53124}
Currently we are throwing an out-of-memory fatal error.
Bug: chromium:840329
Change-Id: I736dee890b6a338b458c9a4cc1c3fbb95e95742b
Reviewed-on: https://chromium-review.googlesource.com/1050285
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53123}
This reverts commit c280e7d4f4.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [heap] Clear the memory of pooled pages when allocating from the pool.
>
> Bug: chromium:999634
> Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f
> Reviewed-on: https://chromium-review.googlesource.com/1041688
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52948}
TBR=hpayer@chromium.org,mlippautz@chromium.org
Change-Id: I838d5fe1e6c6ac8b726a90a44b2eacbea9057866
Reviewed-on: https://chromium-review.googlesource.com/1054070
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53119}
Test mjsunit/wasm/compiled-module-serialization fails on those
architectures that do not support missaligned memory access.
We fix this by adding padding between code header and code start
in NativeModule serializer/deserializer so the code start is
properly aligned.
TEST=mjsunit/wasm/compiled-module-serializationx
Change-Id: I4f35b78a1190194088795b6f09becc3ad4251fdb
Reviewed-on: https://chromium-review.googlesource.com/1044186
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53117}
Avoid writing NumberOfElements to HashTable when it hasn't changed as
the HashTable could be in RO_SPACE and this operation will crash.
Bug: v8:841592
Change-Id: Iffadd567fc10aa9cd13d953da81275464b16c6c0
Reviewed-on: https://chromium-review.googlesource.com/1052693
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53116}
Allocation is super slow and produce big performance regression on
blink side.
Bug: chromium:839567,chromium:839809
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3e9989435515ecfaedaee60c1f0c6939b9053e95
Reviewed-on: https://chromium-review.googlesource.com/1053105
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53115}
We cannot drop the deprecated API right away because we need to keep binary compatiblity.
As a short term solution create CPU profiler lazily if the API is called.
BUG=v8:7070
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I04029844895976b25db165f4fba6afbfe1681913
Reviewed-on: https://chromium-review.googlesource.com/1047848
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53113}
The CompilationManager was introduced to manage the memory of
AsyncCompileJobs. However, by now this can be done better by the new
WasmEngine.
This CL just moves the code to wasm-engine.[h,cc] and adjusts the
callsites.
R=titzer@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icd2c1f19feeaa854c74e020b41e314b8ad00cea5
Reviewed-on: https://chromium-review.googlesource.com/1052109
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53112}
This is a reland of e084eea628.
Undefined behavious was fixed in https://crrev.com/c/1051235.
Original change's description:
> Fix SourcePositionInfo for wasm
>
> In wasm we often don't have a SharedFunctionInfo associated with a
> compilation job, so we can't get a Script. Just print "unknown" in
> these cases (instead of crashing).
>
> R=titzer@chromium.org
> CC=herhut@chromium.org
>
> Bug: chromium:840757, v8:7738
> Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887
> Reviewed-on: https://chromium-review.googlesource.com/1049632
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53080}
TBR=titzer@chromium.org
Bug: chromium:840757, v8:7738
Change-Id: If04040a33766955cfed78e7c27226dd04c3f9b9f
Reviewed-on: https://chromium-review.googlesource.com/1051266
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53111}
The 'pause' instruction is used for implementing retpolines. It is
currently being printed as 'nop', which is incorrect.
R=titzer@chromium.org
Change-Id: I134b6dae332103fd7f9b3c4e5520f0d5db06ba74
Reviewed-on: https://chromium-review.googlesource.com/1051789
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53109}
As SSCA mitigation, use retpoline for each indirect call. We currently
only support retpolines on ia32 and x64.
R=titzer@chromium.org
Bug: v8:6600, chromium:798964
Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800
Reviewed-on: https://chromium-review.googlesource.com/1052113
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53108}
Code comments are heap-allocated and never freed. We don't want to
attach them to the code object via a finalizer, since that could change
gc timing and heap layout when you enable code comments. They are used
to testing only anyway, so leaking is acceptable here.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: v8:7738
Change-Id: I27b0f95db1d66b57f4f113c154f23edb84e6700d
Reviewed-on: https://chromium-review.googlesource.com/1051241
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53107}
Plus a bit of CSA typification.
Bug: v8:7725
Change-Id: I43fea4a4c0739f9c24d84035816b046e742372ee
Reviewed-on: https://chromium-review.googlesource.com/1051653
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53102}
This CL adds a counter for sorting non-packed JSArrays where
Object.prototype was modified, or the prototype of the instance
differs from Array.prototype.
This is the V8 side of the change.
The Chromium-side CL: https://crrev.com/c/1051651R=jgruber@chromium.org
Bug: v8:7382
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I3ce9789a5df4bb9af5d1bfc89681fcd112e28e83
Reviewed-on: https://chromium-review.googlesource.com/1051650
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53101}
