Use the existing generic js-to-wasm wrapper to handle arguments in
the stack-switching export wrapper, by combining them into a single
helper function parameterized by a boolean.
If the stack_switch parameter is false, the generated js-to-wasm wrapper
is the same as before.
If the stack_switch parameter is true, we allocate and switch to the new
stack before starting to process the parameters. To load the parameters,
we also keep a pointer to the old stack.
After the call, we convert the return value according to the return type
as usual, and then switch back to the parent stack (which may be
different than the original stack, but has a compatible stack frame
layout).
If the stack suspends during the call, control-flow jumps right before
we deconstruct and leave the frame, and returns the Promise as an
externref in the return register.
R=ahaas@chromium.org,jkummerow@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: If3f8eaba8edebe6e98d4738f79f895fdb5322adc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460410
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79148}
Using shm_open with a constant name can lead to race conditions with
other V8 instances using (and unlinking) the same shared memory object.
Bug: v8:12636
Change-Id: Ic2d2317f99c1df7aedec2dc52b187c64eea11d2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468899
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79146}
For large modules, the current limit of 100k bytes create a large amount
of batches to be processed by the concurrent tasks. Choosing the batch
size larger removes communication overhead.
R=ahaas@chromium.org
Bug: v8:11974, chromium:1297999
Change-Id: Ia03f42895cb0e6bab8fdc52b82ff2ed59869b749
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468904
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79144}
There's only a single callsite that performs retries after allocations
which already can determine the proper GC to invoke without requiring
threading the space backwards.
Bug: v8:12615
Change-Id: I5d5d886162b3eca33eb2fe7bde1e113cd08a094c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468905
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79143}
Avoiding handles in tight loops and setup code improves performance
and reduces code size.
This CL also makes more non-allocating mode more explicit by adding
more DisallowGarbageCollection scopes.
Change-Id: I95b5b1a29204c27a23c42ccd67fff150b3fa4a3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460740
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79142}
Outside of unittests, if someone tried to delete a GCed object manually
they would get a silent crash without a stacktrace or any error
messages. This CL replaces the silent crash with an informative message.
Change-Id: Ied8895dab43ce7e3a9bf778b13e77d377d269fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468346
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79141}
In order to create less tasks that each need to swap permissions for
writing to the code space, merge the two {CopyAndRelocTask} and
{PublishTask} into a single {DeserializeCodeTask}.
This also makes the code a lot shorter, and removes stress from the
scheduler.
R=ahaas@chromium.org
Bug: v8:11974, chromium:1297999
Change-Id: I8866bf7225b0bc2dd4caef79e64cacca9de15519
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468902
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79139}
Avoid the lookup via heap()->incremental_marking() and instead cache
the marking state on GlobalHandles itself.
Change-Id: I2665681ad38983bf16d22e0a82dd10743877e520
Bug: chromium:1294661
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468903
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79138}
Publishing Wasm code often happens in a loop (in particular for
deserialization), so hold the {CodeSpaceWriteScope} outside that loop to
avoid repeated switching between writable and executable.
R=ahaas@chromium.org
Bug: v8:11974, chromium:1297999
Change-Id: Ic4bf859685e66c4ba297fed968d0df6ae7d24cba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468896
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79135}
Historically the tool only combined files where the run number was
separate by a hash: domain#1.txt , domain#2.txt...
Fix this to allow for underscores and/or abitrary number suffixes.
Change-Id: I85253a1b871eb75fce60fef9a61b7d50afe72abd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468900
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79134}
Rolling v8/build: 62a6377..996f747
Rolling v8/buildtools: 169eef5..f413334
Rolling v8/buildtools/third_party/libunwind/trunk: b323ac8..1e0047c
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6fbe580..7504934
Rolling v8/third_party/depot_tools: d6a3040..e293d3d
Rolling v8/third_party/zlib: 9538f41..901a5d9
Rolling v8/tools/clang: 62e2cd9..0a9dd77
Rolling v8/tools/luci-go: git_revision:c4791d15e395b201e6a85336f7d8a21cce973dfa..git_revision:b32c149b6abb5e4e9aead1651c7a65562a956858
Rolling v8/tools/luci-go: git_revision:c4791d15e395b201e6a85336f7d8a21cce973dfa..git_revision:b32c149b6abb5e4e9aead1651c7a65562a956858
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Icd4bf05c19d156a1266ce51b4b8ab9af0d4782ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468735
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79133}
The new shared memory API should only be used on macOS, but
platform-macos.cc was also included on iOS, causing build failures. This
CL splits platform-macos.cc into platform-xnu.cc (common code for macOS
and iOS) and platform-macos.cc (the macOS specific parts)
Bug: chromium:1218005
Change-Id: Iab332865ffd8990ddd246bb9c08802909464d7e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468895
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79131}
This is a reland of 9ae463bc43
- Don't run the heap stats during bootstrapping
Original change's description:
> [heap-stats] Fix heap-stats with ptr-cage
>
> - Heap-stats was trying to load the map without explicitly passing in
> the PtrComprBase causing failures with Code objects in external code
> space
> - Extend the debugPrint.js tests to run with some more debugging and
> testing flags to prevent future regressions
>
> Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78919}
Bug: chromium:1297436
Change-Id: Ib42ae7b8c5f4a427abbce633a1b3ac36ad32994b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437046
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79127}
The flag is required to allow passing in more debug information when
necessary.
Change-Id: I34e407ba57786c242aac8b6f6af258969de43efd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468894
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79126}
Allow Wasm to generate calls directly to Fast API C functions.
Also fixes a problem when calling a Fast Api C function with no
FastApiCallbackOptions from JS.
This is a rebase of
https://chromium-review.googlesource.com/c/v8/v8/+/3364356,
which was a rebase of the work originally done by devsnek in:
https://chromium-review.googlesource.com/c/v8/v8/+/2718666.
Bug: chromium:1052746, chromium:1292333
Change-Id: Ic56268e7723f80f7ea9e6799e777786d3a50222f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440694
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79125}
This API allows allocating shared memory mappings inside a virtual
address space from a platform-specific handle to a shared memory object.
This will make it possible to allocate shared memory inside the sandbox,
for example as backing memory for ArrayBuffers.
Bug: chromium:1218005
Change-Id: I4f1f50baec50734e846496cff78046e4fffe75c5
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383777
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79123}
The information was previously kept heap-global but is really only
used by spaces when refilling their LABs.
Bug: v8:12615
Change-Id: Iee256d35ffa0112c93ec721bc3afdc2881c4743b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3465898
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79122}
These should not be allowed inside the sandbox as they could be
corrupted by an attacker, thus posing a security risk. Furthermore,
executable pages require MAP_JIT on macOS, which causes fork() to become
excessively slow, in turn causing tests to time out.
Due to this, the sandbox now requires the external code space.
In addition, this CL adds a max_page_permissions member to the
VirtualAddressSpace API to make it possible to verify the maximum
permissions of a subspace.
Bug: v8:10391
Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79119}
Now that different tiers use dedicated interrupt_budgets (which
determine how often the runtime profiler (now tiering manager) is
called), I don't see a meaningful way to use results from this counter.
Bug: v8:7700
Change-Id: I2ec2242d3c7f6c2b9deab075a6f0500cc1350e96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3467595
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79117}
TierUpCheck and UpdateInterruptBudget were only used by Turboprop
(likewise feedback_cell_node).
Bug: v8:12552
Change-Id: Ic73d44a5734e183bc1a2eda58cdf85163220e4d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463954
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79116}
This predicate is just confusing - it's a renamed version of
HasBytecodeArray; but HasBytecodeArray also returns true if the SFI
has attached Sparkplug code - and is thus not interpreted.
Simply replace it by HasBytecodeArray.
Bug: v8:7700
Change-Id: Id4be2048a625142ade1096044133d9cd2896b51d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461935
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79115}
Rolling v8/build: d5f9249..62a6377
Rolling v8/buildtools/third_party/libc++abi/trunk: 01efcb5..738dc10
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7bede42..6fbe580
Rolling v8/third_party/depot_tools: 4e4a2b8..d6a3040
Rolling v8/third_party/zlib: 03f3212..9538f41
Rolling v8/tools/clang: ad74e59..62e2cd9
Rolling v8/tools/luci-go: git_revision:fbbb5b9748a05dd16fe621f7ea48a4ece1913874..git_revision:c4791d15e395b201e6a85336f7d8a21cce973dfa
Rolling v8/tools/luci-go: git_revision:fbbb5b9748a05dd16fe621f7ea48a4ece1913874..git_revision:c4791d15e395b201e6a85336f7d8a21cce973dfa
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I7ac51800087314d5c0bf5e6a186c63b059305f3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3465720
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79110}
Even though this is not a perfect protection, it will make it harder to
write to the wasm code space because it's not permanently RWX.
After optimizations (see https://crbug.com/v8/11974) the performance is
good enough that it's worth just enabling it.
R=ahaas@chromium.org
Bug: v8:11974
Change-Id: I82786e932387732863c3c5e3aa743f7836cc45e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3464035
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79109}
This was mostly unused. We should simply be able to use CodeKind plus
related predicates instead.
Replace FeedbackVector::optimization_tier with
maybe_has_optimized_code, which states whether the optimized code
cache is filled. The value is updated lazily and may lag behind the
actual code cache state. We only use this field for quick cache-empty?
checks from generated code.
Bug: v8:7700,v8:12552
Change-Id: Ibfc5c0128eac56167a68ecba5690eab2e9369640
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460741
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79107}
Data segments were missing in the output of --wasm-fuzzer-gen-test.
R=manoskouk@chromium.org
Bug: v8:11863
Change-Id: I40e60ef8626125ca9df6bead688607215d9e5b58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461932
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79106}
Split small chunks of assembly instructions into separate functions.
This makes the code easier to follow and to maintain, especially for
register allocation.
Drive-by: simplify stack-switching test.
R=ahaas@chromium.org
Bug: v8:12191
Change-Id: Id7544a3b2d16085540d9f1863a0eabd1f72f22bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461929
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79105}
LocalAllocator was already renamed to EvacuationAllocator some time ago.
Rename files now as well.
Bug: v8:10315
Change-Id: I337f693998aaf5187a5ba05842cdb2474837b68d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463719
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79104}
Both stability and performance looks good on Linux and ChromeOS, which
is the only operation systems that currently support PKU.
Hence enable the feature by default before launching via finch.
R=ahaas@chromium.org
Bug: v8:11974, chromium:1204982
Change-Id: I2c1e7e7bb70ba73218d4db630219870b198ba6e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461934
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79103}
Instead of using runtime lookups of various bytecode properties (like
whether they read/write the accumulator, what their operands do to
registers, etc), do a switch over the bytecode itself once and dispatch
to update methods that are templated on the bytecode and statically know
everything about it.
Change-Id: I0ae111af54277c26c7d0d67a404a2ef75f81fcf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455826
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79102}
.. to resolve the overloaded 'runtime' term and overall pick a more
meaningful name for this class. It's neither very related to runtime
(instead it's called periodically when the bytecode interrupt budget is
exhausted); nor is profiling its main purpose.
This class is responsible for controlling tiering decisions, hence the
new name 'TieringManager'.
Bug: v8:7700
Change-Id: Id6f1edf4ebe016d0d81903d0a13e0e1fe6e02142
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463716
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79101}
Now that all known correctness issues with map space compaction are
fixed, add more test coverage by enabling it with --future.
Bug: v8:12578
Change-Id: I23d04a162f742480c4e83de1f3980509543e5a97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460409
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79100}
This CL replaces evacuation in MinorMC with always promoting pages.
Pages in new space are promoted first within new space and then to old
space upon a second GC.
This implementation should not yet be used in production and is guarded
behind a runtime flag.
In case all pages in new space have at least one live object on them,
all pages will be promoted and new space will still be out of memory,
thus immediately triggering a second young gen GC that will promote all
objects to old space.
Further CLs will mitigate this issue.
Bug: v8:12612
Change-Id: I329ea01d6d15c0942db2eeeea87c5cefcac75502
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448385
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79099}
