Background compile jobs should not keep the NativeModule alive, for two
reasons:
1) We sometimes have to wait for background compilation to finish (from
a foreground task!). This introduces unnecessary latency.
2) Giving the background compile tasks shared ownership of the
NativeModule causes the NativeModule (and the CompilationState) to
be freed from background tasks, which is error-prone (see
https://crrev.com/c/1400420).
Instead, this CL introduces a BackgroundCompileToken which is held
alive by the NativeModule and all background compile jobs. The initial
and the final phase of compilation (getting and submitting work)
synchronize on this token to check and ensure that the NativeModule is
and stays alive. During compilation itself, the mutex is released, such
that the NativeModule can die.
The destructor of the NativeModule cancels the BackgroundCompileToken.
Immediately afterwards, the NativeModule and the CompilationState can
die.
This change allows to remove two hacks introduced previously: The atomic
{aborted_} flag and the {FreeCallbacksTask}.
R=mstarzinger@chromium.orgCC=titzer@chromium.org
Bug: v8:8689, v8:7921
Change-Id: I42e06eab3c944b0988286f2ce18e3c294535dfb6
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/1421364
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59020}
This CL prepares JSON#stringify for improved error messages when
serializing circular structures. To this end, we also push the
key/index, in addition to the object itself, onto the stack that keeps
track of circular structures.
The stack itself is changed from a JSArray to a std::vector.
R=yangguo@chromium.org
Bug: v8:6513, v8:8698
Change-Id: I6dc4cb3be75a4514281411c654337f37c8798e55
Reviewed-on: https://chromium-review.googlesource.com/c/1424863
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59019}
This reverts commit 516d90685b.
Reason for revert: Breaks layout tests:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8-Blink%20Linux%2064/29444
See also:
https://v8.dev/docs/blink-layout-tests
Original change's description:
> Expose the number of microtasks from RunMicrotasks
>
> This CL adds the number of processed microtasks to the tracing marker
> of RunMicrotasks, plus let RunMicrotasks return the number.
>
> Bug: v8:7804, v8:8124
> Change-Id: Ie584e22964121fbda3a822379d760e7518fc54a7
> Reviewed-on: https://chromium-review.googlesource.com/c/1425277
> Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#59017}
TBR=bmeurer@chromium.org,tzik@chromium.org
Change-Id: I7db675dbbc496cc3c45220aa141252dd371d2780
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7804, v8:8124
Reviewed-on: https://chromium-review.googlesource.com/c/1429859
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59018}
This CL adds the number of processed microtasks to the tracing marker
of RunMicrotasks, plus let RunMicrotasks return the number.
Bug: v8:7804, v8:8124
Change-Id: Ie584e22964121fbda3a822379d760e7518fc54a7
Reviewed-on: https://chromium-review.googlesource.com/c/1425277
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59017}
Clusterfuzz generated test cases for narrow Load, CmpExchg nodes in
which the index is a word64 expression. This was not handled correctly
leading to a malformed graph. Use default lowering for all atomic
narrow operations, and add reduced test cases in wasm cctests with the
same sequence as the ones generated by binaryen for other I64Atomic
operations as well.
Change-Id: I50d63747b16a8f69289ca4e76547b325d84b22d3
Bug: chromium:921366, chromium:920120, chromium:900681
Reviewed-on: https://chromium-review.googlesource.com/c/1423177
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59012}
-5**2 now produces
SyntaxError: Unary operator used immediately before exponentiation expression.
Parenthesis must be used to disambiguate operator precedence.
Bug: v8:6894
Change-Id: I89dd034ff90ee1a49ba61e0c613da534fbf8b41b
Reviewed-on: https://chromium-review.googlesource.com/c/1418592
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59011}
Avoid the case where the application runs behind an initial limit that grows in
the case where the heap is not yet configured.
Bug: chromium:924180
Change-Id: I45184f95cb00d65469574bdc40d4596ef50d9c60
Reviewed-on: https://chromium-review.googlesource.com/c/1426960
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59010}
Now, the CodeAssembler can annotate Nodes with SourcePositions.
SourcePositions themselves get a new mode "external," in which
they get a file_id, line and column. The file_id is currently
maintained in the isolate, mapping to strings for filenames.
Additionally, inlining information is ignored at this point,
but in the long run I'd like to recognize calls to different
CSA functions as manual inlinings.
At this point, if you want to see the results in tools like GDB,
you'll need to build without clang, and use the GCC toolchain.
GN flag is_clang=false will do the trick.
Bug: v8:8418
Change-Id: I123cdc041612285fa7d0ba532a625bceeda5d338
Reviewed-on: https://chromium-review.googlesource.com/c/1322954
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59009}
Fix WebAssembly's memory/grow js-api. The argument is a unsigned long,
this change refactors most of arithmetic and bounds checks type from int64 to
uint32_t, according to the spec.
Bug: v8:8319
Change-Id: I662c704d1d50288ad68be70c72a3db7052a80014
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1351028
Commit-Queue: Sven Sauleau <ssauleau@igalia.com>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59008}
V8 implements "delete this" as "LdaTrue", but an error needs to be thrown
if done in a constructor before calling super. ThrowIfHole checks the
accumulator, so we need to load 'this' into the accumulator. The check is
inserted by the load since it has HoleCheckMode::kRequired
Bug: https://bugs.chromium.org/p/v8/issues/detail?id=6711
Change-Id: I9f2ce4439505cec4327d88d1195898782edea721
Reviewed-on: https://chromium-review.googlesource.com/c/1419084
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Matt Gardner <magardn@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#59007}
This follows the "CRTP" pattern used elsewhere in the Parser rather than
a branch on IsPreParser(). Also merge GetUnexpectedTokenMessage()
into ReportUnexpectedTokenAt().
Change-Id: I8eaa5cc3230c4660624a48c705f80d1a60a2710b
Reviewed-on: https://chromium-review.googlesource.com/c/1423094
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59006}
This is a reland of d11a0648af
Original change's description:
> [torque] Implement safe initialization of classes through hidden structs
>
> Initialization of classes now happens atomically at the end of the
> class constructor only once all of the values for the class' fields
> have been fully computed. This makes Torque constructors completely
> GC safe, e.g. hardened against allocations or exceptions in
> constructors.
>
> As part of this change, make the 'this' parameter for method calls
> explicit rather than implicit.
>
> Drive by: add validation to check for duplicate field declarations
>
> Bug: v8:7793
> Change-Id: I8b5e85980d6a103ef9fc3262b76f6514f36ebf88
> Reviewed-on: https://chromium-review.googlesource.com/c/1411252
> Commit-Queue: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58979}
Bug: v8:7793
Change-Id: Ia8c23a36a661a73b5dc34437efd514a7c13a1ae8
Reviewed-on: https://chromium-review.googlesource.com/c/1426840
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59005}
Fix some by removing (unnecessarily) implicitly declared constructors
and assignment operators.
String16 constructors and assignment operators can just be defaulted,
and declared in the header.
This fixes the last complaints of the new presubmit check.
R=mlippautz@chromium.org, yangguo@chromium.org, leszeks@chromium.org
Bug: v8:8616
Change-Id: Idae7031b88b793253b63488c52f757513711ed73
Reviewed-on: https://chromium-review.googlesource.com/c/1417173
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59004}
Some includes in log.h were only needed by log.cc so move them there.
Some were not needed at all, so remove them completely.
Drive-by cleanup FunctionEvent(), which was never called without args
for the last parameters which had default values.
Change-Id: Id8b0c634c4d39d3c278ab3d932ed7af4142fd9c9
Reviewed-on: https://chromium-review.googlesource.com/c/1425914
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59003}
The main fix is to ensure that the recently allocated object is marked
black in StressMarkingObserver::Step. Otherwise, the concurrent marker
can observe an uninitialized white object in the old generation.
This patch also removes the --black-allocation flag.
Bug: v8:8676
Change-Id: Iba8f00330eabc4847eaef2cd3dfb2884d62a48b4
Reviewed-on: https://chromium-review.googlesource.com/c/1425915
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59002}
This is a reland of f5729f1cdaTBR=ulan@chromium.org
Original change's description:
> [GC] Ensure JSFunctions with flushed bytecode are flushed during GC.
>
> When bytecode is flushed from a SFI, the JSFunctions still retain their
> FeedbackVector's and point to the interpreter entry trampoline. They are
> reset if re-executed, however if not they could hold onto the feedback
> vector indefinetly. This CL adds a pass the GC to detect JSFunctions that
> need to be reset, and performs the reset at the end of GC.
>
> BUG=v8:8395
>
> Change-Id: I3de8655aff9ff80f912b4fd51dee43eb98cfd519
> Reviewed-on: https://chromium-review.googlesource.com/c/1393292
> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58775}
Bug: v8:8395
Change-Id: If9580b25ba32e4065e20d86cb8ed22a3280d59e9
Reviewed-on: https://chromium-review.googlesource.com/c/1424860
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59001}
The test was originally testing the max string length limit, but due to
refactoring of Array.join started consuming too much memory, resulting in
OOMs on TSAN builds. The new implementation still checks for the limit,
while reducing the memory consumption drastically.
R=jarin@chromium.org
Bug: v8:8504, chromium:336820
Change-Id: I4db9001541103d5908149e623ce4a4beee551e6c
Reviewed-on: https://chromium-review.googlesource.com/c/1426839
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59000}
This CL enables the pre-processing step of copying from the
prototype chain for JSArrays. Previously, this was done for everything
BUT JSArrays. This brings Array#sort more in line with other engines
in the case of undefined behavior.
R=jgruber@chromium.org
Bug: v8:8666
Change-Id: I832d470dc02111b64dc4919e84e7e3e47c8fdd47
Reviewed-on: https://chromium-review.googlesource.com/c/1426119
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58999}
In wasm code, we sometimes see the pattern
<some 64 bit expression>
i32.wrap/i64
i32.load
where we generate an instruction to extend the 32 bit offset into a zero
extended 64 bit value for the actual load. However, the preceeding
truncate already yields a zero extended 32 bit value, so the extra
instruction is not needed. Even more, it might get in the way of
munching more computation into the final load.
This change adds information about the zero extending behavior to
the existing optimization that avoids the zero extension.
Bug: chromium:853685
Change-Id: Iab9179379923ecb88651df6091b3d9408341cf4c
Reviewed-on: https://chromium-review.googlesource.com/c/1421839
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58998}
{Isolate::per_isolate_thread_data_key()} is not even defined, and
{Isolate::isolate_key()} is unused.
R=mstarzinger@chromium.org
Bug: v8:8562
Change-Id: I490989510865903c702158e33621c9990052c2a8
Reviewed-on: https://chromium-review.googlesource.com/c/1425907
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58997}
The decision as to whether to optimize an IIFE as oneshot depends on
whether it's outer scope is the script scope. During lazy compile, we
might have discarded scopes which don't need a context between the IIFE
and the script scope, which means we might treat an IIFE as oneshot,
even though initial eager compile treated it as non-oneshot. Both
bytecode flushing and lazy source positions rely on us generating the
same bytecode during lazy compile as eager compile, so we move the
decision into the parser where it happens once and is then stored in
the SFI for any future lazy compiles.
BUG=v8:8395,v8:8510
Change-Id: I88f1e74ad95d47a2636c393ceb1318d7d610055d
Reviewed-on: https://chromium-review.googlesource.com/c/1421841
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58996}
This adds missing cases for exception handling opcodes to the stack
effect helper {WasmDecoder::StackEffect}. It is a first step towards
adding exception handling support to the {WasmInterpreter}.
R=clemensh@chromium.org
BUG=v8:8091
Change-Id: Idacf440a894e5c71a180502c1d2f10fa15c8f5fa
Reviewed-on: https://chromium-review.googlesource.com/c/1425911
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58995}
Reworking and adding a node type would require also adding
parallelization support for minor mc. Since this is unused and not
benchmarked right now, just remove it.
Bug: chromium:923361
Change-Id: Iaf67a743d76d2b37ffff9961b510bfd8a1bd15ff
Reviewed-on: https://chromium-review.googlesource.com/c/1425900
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58993}
This saves about 80,000 LoC after preprocessor expansion.
Bug: v8:8562
Change-Id: I67b20edb73b801ddcc2937b84468241e3076535f
Reviewed-on: https://chromium-review.googlesource.com/c/1425906
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58989}
This is part of an effort to improve the performance of TA#subarray.
Bug: v8:7161
Change-Id: I6f4b0f01e498d48e0fce11fbf7dcd7a0ad1ae748
Reviewed-on: https://chromium-review.googlesource.com/c/1425002
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58988}
This prevents the bytecode generator generating loads that look for
extensions in the global context, which can never succeed and means
that lazy and eager bytecode compilation will match.
Bug: v8:8510
Change-Id: I51dca62b5d1ee34f8dea82260cf27295ddf427d9
Reviewed-on: https://chromium-review.googlesource.com/c/1425520
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58983}
Currently the memory reducer is activated only after the first mark-
compact GC, which triggered after the old generation reaches 8 MB.
That threshold is too large for mobile. This patch adds a heuristic
to activate the memory reducer if the old generation expands by more
than 1 MB after the bootstrap.
Change-Id: Ic38bc6e2fe8887677f764246c45e38d237e49a94
Reviewed-on: https://chromium-review.googlesource.com/c/1425898
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58982}
Everything was including log.h through heap-inl.h, so remove that
include by moving the one user into heap.cc, and then fix all the
include errors.
This reduces the log.h include ball from ~550 to ~100.
Change-Id: I6d09bc2f365b48645fcfdc695a68ea12539a745d
Reviewed-on: https://chromium-review.googlesource.com/c/1424198
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58981}
This reverts commit d11a0648af.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [torque] Implement safe initialization of classes through hidden structs
>
> Initialization of classes now happens atomically at the end of the
> class constructor only once all of the values for the class' fields
> have been fully computed. This makes Torque constructors completely
> GC safe, e.g. hardened against allocations or exceptions in
> constructors.
>
> As part of this change, make the 'this' parameter for method calls
> explicit rather than implicit.
>
> Drive by: add validation to check for duplicate field declarations
>
> Bug: v8:7793
> Change-Id: I8b5e85980d6a103ef9fc3262b76f6514f36ebf88
> Reviewed-on: https://chromium-review.googlesource.com/c/1411252
> Commit-Queue: Daniel Clifford <danno@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58979}
TBR=danno@chromium.org,tebbi@chromium.org
Change-Id: Id6c46c175f53c5a77db1e6ca242586fba34cd02e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7793
Reviewed-on: https://chromium-review.googlesource.com/c/1426121
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58980}
Initialization of classes now happens atomically at the end of the
class constructor only once all of the values for the class' fields
have been fully computed. This makes Torque constructors completely
GC safe, e.g. hardened against allocations or exceptions in
constructors.
As part of this change, make the 'this' parameter for method calls
explicit rather than implicit.
Drive by: add validation to check for duplicate field declarations
Bug: v8:7793
Change-Id: I8b5e85980d6a103ef9fc3262b76f6514f36ebf88
Reviewed-on: https://chromium-review.googlesource.com/c/1411252
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58979}
This includes generalizing the notion of hints to allow for
unallocated functions, represented by a pair of SFI and FeedbackVector.
Bug: v8:7790
Change-Id: I7887665e1981b2039ecd626b82aebd5b5b64263c
Reviewed-on: https://chromium-review.googlesource.com/c/1424946
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58978}
When inlining based on CreateClosure, we don't have a JSFunction but
only the SharedFunctionInfo and FeedbackVector.
Bug: v8:7790
Change-Id: I7a3cf50710273c7175e43e969d2364cff11c3d93
Reviewed-on: https://chromium-review.googlesource.com/c/1421357
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58977}
Many values stored in the preparse data for the skippable functions
fit in one byte most of the time. The varint encoding uses a single
continue bit per byte to tell whether there is a following byte.
Change-Id: Ia0a622ba42a338fc91eea1e0c1a72d2582d9f867
Reviewed-on: https://chromium-review.googlesource.com/c/1400842
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58972}
