This reverts commit 1f0b0ed0e4.
Reason for revert: still crashing https://ci.chromium.org/ui/p/chromium/builders/try/android-marshmallow-arm64-rel/877258/test-results
Original change's description:
> Reland "heap: Fix initial GC configuration for C++-only heaps"
>
> This is a reland of 7ef67b2e9e
>
> Manually checked that the CL was not the culprit breaking
> media_blink_unittests --gtest_filter=WebMediaPlayerImplTest.MemDumpReporting
>
> Original change's description:
> > heap: Fix initial GC configuration for C++-only heaps
> >
> > Heaps in V8 start with a large limit that is shrunk upon young
> > generation GCs, based on some liveness estimate. This provides best
> > throughput during startup while at the same time finding a reasonable
> > first limit.
> >
> > For C++ (embedder memory) there is no estimate which is why it was
> > piggy-backing on V8. This breaks in scenarios where no JS memory is
> > allocated.
> >
> > In this fix we start a memory reducer after embedder memory has hit
> > the activation threshold if no GC happened so far. As soon as a single
> > Scavenger has happened, we leave it up to the JS estimate to figure
> > out a limit. Memory reducing GCs will then find a regular limit based
> > on the initial live size.
> >
> > Drive-by: Give embedders the same activiation threshold of 8MB as JS.
> >
> > Bug: chromium:1217076
> > Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#75012}
>
> Bug: chromium:1217076
> Change-Id: I482d8525379e33095834d5b41be8bb49bdd8a5d4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949094
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75048}
Bug: chromium:1217076
Change-Id: Ia409d7a3a22127af749cff5eb5db1ff508b969e4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2951468
Auto-Submit: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75068}
This change addresses inconsistencies wrt. to stepping into generator
functions and breaking on the implicit initial yield. The new behavior
is the following:
1. Stepping into a generator function doesn't trigger "generator
stepping", but rather pauses right before the initial yield
(assuming there a no non-simple parameters in between).
2. When paused on the initial yield and stepping into or over, we also
don't turn on "generator stepping" immediately, but rather return to
the caller and only enter "generator stepping" on SuspendGenerator
bytecodes that correspond to `yield`s or `await`s in the source
code.
This matches the stepping behavior of regular functions more closely and
seems like a good compromise.
Fixed: chromium:901814
Change-Id: Ifc6c174011df1afea183e2c6ec21de27d72b17a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949099
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75066}
.. when concurrent inlining is on.
SerializeBackPointer
SerializeForElementLoad
SerializeRootMap
For SerializeRootMap: Due to changed root map access timing, it
is now possible to see an abandoned prototype map - added logic
for that in RemoveImpossibleMaps.
Bug: v8:7790
Change-Id: Icdb3fff12536bfdc84923e7cd40bad9978a2a401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948658
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75065}
In fond memory of kPossiblyBackgroundSerialized, this CL adds a new
subtype of kNeverSerialized called NeverEverSerialized. Such refs are
never ever serialized, i.e. not even when concurrent inlining is
disabled.
The first Ref in this category is RegExpBoilerplateDescriptionRef.
The intent is to gradually transition all kNeverSerialized refs to
NeverEverSerialized and then remove NeverEverSerialized (making it the
default behavior).
Bug: v8:7790
Change-Id: I8741a94212426a773ec3dc20758a41cb89f13368
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947415
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75064}
Pass along the intended atomicity parameter for a getter in a DCHECK.
Bug: chromium:1218072
Change-Id: Ib83c8f548d3de9c944546c74291cd148643e185c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2950242
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75060}
And also make sure that even long names don't get truncated.
Fixed: chromium:1216284
Change-Id: I2792b60ddeb40a87816cb54fb0414ef0dea45da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947409
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75059}
For tail calls, we already set the flag kCallTail on CallBufferFlags,
the bool is_tail_cal always matches the flag (and there is only one call
site (L3037).
Drive-by clean up to get SaveFPRegsMode once, this is used when we need
to save and restore caller-saved registers.
Change-Id: Id175922c4cb5162d38b5ab61b84e151aaf2083e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945536
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75056}
By moving this out of counters.h, counters.h no longer needs to depend
on isolate.h.
Change-Id: Ic5272e3b3a729c0a438124dc5cdc1835817f3341
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949098
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75055}
IsPendingAllocation will now load the space from the object's page
header first and then only check the object against the current LAB
of that particular space. Previously we were looking up that object
in the LABs of all spaces.
This new design also makes it feasible to have one dedicated mutex for
original_top/original_limit (respectively pending_object) for each
space. This will reduce contention on the mutexes.
Change-Id: I8e7636410259fd03b7970084bfbbaeadb2d8ba61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2936606
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75054}
Better explain why internalized strings have to be in old space. The
scavenger doesn't need to iterate and update references in the string
table and the stub cache.
Change-Id: I93c3e0b743f85fbf4de2ad877f3667abb2e0ae53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949101
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75052}
This is a reland of 7ef67b2e9e
Manually checked that the CL was not the culprit breaking
media_blink_unittests --gtest_filter=WebMediaPlayerImplTest.MemDumpReporting
Original change's description:
> heap: Fix initial GC configuration for C++-only heaps
>
> Heaps in V8 start with a large limit that is shrunk upon young
> generation GCs, based on some liveness estimate. This provides best
> throughput during startup while at the same time finding a reasonable
> first limit.
>
> For C++ (embedder memory) there is no estimate which is why it was
> piggy-backing on V8. This breaks in scenarios where no JS memory is
> allocated.
>
> In this fix we start a memory reducer after embedder memory has hit
> the activation threshold if no GC happened so far. As soon as a single
> Scavenger has happened, we leave it up to the JS estimate to figure
> out a limit. Memory reducing GCs will then find a regular limit based
> on the initial live size.
>
> Drive-by: Give embedders the same activiation threshold of 8MB as JS.
>
> Bug: chromium:1217076
> Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75012}
Bug: chromium:1217076
Change-Id: I482d8525379e33095834d5b41be8bb49bdd8a5d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949094
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75048}
Changes:
- Implement a single function
WriteGlobalValue(const WasmGlobal&, const WasmValue&). Compute an
intermediate WasmValue when needed.
- Add WasmValue::CopyTo() to avoid reading little endian values in
WasmValue, and then transforming back to little endian.
- Add WasmValue::to_string() for tracing.
Change-Id: Ia7d9b9cddc7b8f77ae35fc588fe34c41ef444a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948664
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75047}
Previously, for generating the snapshot, ephemerons containers were just
traced strongly, without handling their ephemeron pairs. This resulted
in the snbapshot missing out on all the value objects (as keys were
traced through regular Visit()).
The fix here
a) Adds ephemeron tracing;
b) Adds a flag to avoid showing the key being retained by the
ephemeron collection;
Bug: chromium:1056170
Change-Id: I45cc95bf4876879fa78b83154b13f20751b262b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948889
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75044}
Loop fallthroughs should leave values according to their out-type on the
stack, even when the stack is polymorphic.
Bug: chromium:1217470
Change-Id: I0a7e0569fa24fc16fcac76569a5ba14b6c7b0a9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2949090
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75043}
This CL adds a new method intended for tests or lab settings to
cleanup V8 caches. The synchronous nature of the method greatly reduces
flakiness of blink leak detection in many cases.
Bug: chromium:1217831
Change-Id: I107eddc8b88d91aa7e69430ecfc135fe39538a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948666
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75041}
These can now be implemented with EvaluateInitExpression
Change-Id: I891e0ef91627eaac1af85af10748ada5f032e5c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948663
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75040}
It was added years ago and in 2017 it was enabled by default[1], which
means enough time has passed and we can remove the flag.
[1]: https://chromium-review.googlesource.com/c/v8/v8/+/528076/
Change-Id: I059417d4683910e86ebfddd93f504006094fa342
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947406
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75039}
... and add regression test for contextual stores to JSGlobalObject
with interceptor in the prototype chain.
Bug: chromium:1216437
Change-Id: Ibd344288c6327b35f3276f59517995d591acb967
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944895
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75038}
This reverts commit 7ef67b2e9e.
Reason for revert: Speculative revert for a blocked roll - https://chromium-review.googlesource.com/c/chromium/src/+/2947365
Original change's description:
> heap: Fix initial GC configuration for C++-only heaps
>
> Heaps in V8 start with a large limit that is shrunk upon young
> generation GCs, based on some liveness estimate. This provides best
> throughput during startup while at the same time finding a reasonable
> first limit.
>
> For C++ (embedder memory) there is no estimate which is why it was
> piggy-backing on V8. This breaks in scenarios where no JS memory is
> allocated.
>
> In this fix we start a memory reducer after embedder memory has hit
> the activation threshold if no GC happened so far. As soon as a single
> Scavenger has happened, we leave it up to the JS estimate to figure
> out a limit. Memory reducing GCs will then find a regular limit based
> on the initial live size.
>
> Drive-by: Give embedders the same activiation threshold of 8MB as JS.
>
> Bug: chromium:1217076
> Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75012}
Bug: chromium:1217076
Change-Id: Ic1530162e846c2a767ea5ea902a01a21967d8e35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947419
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75034}
This is a step towards making JSObjectRef non-serialized.
Change JSObjectRef::RawFastPropertyAt to use a direct load with
relaxed semantics. Special handling of `uninitialized` sentinel values
is moved to the only use-site.
A new lock `boilerplate_migration_access` protects against concurrent
boilerplate migrations while we are iterating over properties.
Bug: v8:7790
Change-Id: Ic9de54ca16c1f3364d497a77058cfa33d48dd4a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928184
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75033}
In issue 11290, we disabled the propagation of EAL data out of
lookarounds, because it was incorrect for lookahead nodes in
loops. This caused performance regressions: for example,
`/^\P{Letter}+$/u` (matching only characters that are not in Unicode's
Letter category) uses negative lookahead when matching lone
surrogates, and became about 2x slower. I spent some time looking into
fixes, and this is what I've settled on.
Some background: the implementation of lookarounds in irregexp is
split between positive and negative lookaheads. (Lookbehinds aren't
relevant here, because backwards matches always have EAL=0.) Positive
lookaheads are wrapped in BEGIN_SUBMATCH and POSITIVE_SUBMATCH_SUCCESS
ActionNodes. BEGIN_SUBMATCH saves the current state.
POSITIVE_SUBMATCH_SUCCESS restores the necessary state (while leaving
any captures that occurred during the lookaround intact).
Negative lookaheads also begin with a BEGIN_SUBMATCH node, but follow
it with a NegativeLookaroundChoiceNode. This node has two successors:
a lookaround node, and a continue node. It only executes the continue
node if the lookaround node backtracks, which automatically restores
the previous state. Negative lookarounds also can't update captures.
This affects EAL calculations. It turns out that negative lookaheads
are already doing the right thing: EatsAtLeastPropagator only
propagates information from the continue node, ignoring the lookaround
node. The same is true for quick checks (see the comment in
RegExpLookaround:Builder::ForMatch). A BEGIN_SUBMATCH for a negative
lookahead can simply propagate the EAL data from its successor like
any other ActionNode, and everything works.
Positive lookaheads are harder. I tried saving a pointer to the
successor in BEGIN_SUBMATCH, but ran into problems in FillInBMInfo,
because the EAL value corresponded to the nodes after the lookahead,
but the analysis was still looking at the nodes inside. I fell back
to a more modest approach: split BEGIN_SUBMATCH in two, and propagate
EAL info for BEGIN_NEGATIVE_SUBMATCH while keeping the current
behaviour for BEGIN_POSITIVE_SUBMATCH. This fixes the performance
regression at hand.
Two potential approaches for fixing EAL for positive lookahead are:
1. Handling positive lookahead with its own dedicated choice node,
like NegativeLookaroundChoiceNode.
2. Adding an eats_at_least_inside_loop field to EatsAtLeastInfo,
which is <= eats_at_least_from_possibly_start, and using that
value in EatsAtLeastFromLoopEntry.
Both of those approaches are more complex than I want to tackle
right now, though.
Bug: v8:11844
Change-Id: I2a43509c2c21194b8c18f0a587fa21c194db76c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2934858
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75031}
Due to the limits of ia32's calling convention, being able to
avoid construction of "Digits" objects (thanks to inlining)
helps a lot for microbenchmarks.
Fixed: chromium:1192133
Change-Id: I5676640d96a99dc6422f3946c608bcc93ef222ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2947410
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75028}
Add a new testing tier based on Liftoff. In this tier, the Liftoff
compiler takes an address to a counter, and decrements that counter at
every instruction. When the counter reaches 0, execution aborts.
R=clemensb@chromium.org
Bug: v8:11856
Change-Id: I20970e323ff19f7cb6ab6855377c678ca391421e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944440
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75022}
This CL updates Realm.eval() to also handle reading source code as a
JavaScript function or from a file. To distinguish between different
argument types, an additional options bag needs to be provided. If no
options bag is provided, the behavior defaults to the current one,
which is reading source code from a string.
Bug: v8:11525, v8:11706
Change-Id: I68238335eb91171041dca2c83db211c40dd68359
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944435
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#75021}
Currently, the serializer and deserializer assume that all top-level
declarations to be serialized will be objects.
This CL removes this assumption.
Bug: v8:11525, v8:11706
Change-Id: I5acf5e7a3b73aba5ffc5b1d5eb9cb51b3804a4af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945178
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#75020}
This is needed for JSCallReducer.
Bug: chromium:1217562
Change-Id: I1f06040a74c393598c134301ba0cf04a46380107
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945184
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75019}
Port f68e1be795
Original Commit Message:
Directly use the correct registers for calling the RecordWrite stubs
in sparkplug. To keep changes to existing builtins minimal there are
certain register requirements which are now made explicit in
WriteBarrierDescriptor::Verify.
R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Id01f936f96cf231dcfc599b4f2662124bc1a7744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2945832
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75018}
The initial CL is suspected to break the --predictable CI.
But looks like the CI is still crashing and also flaky after the
revert. So reland it again.
This is a reland of 59d58d722e
Original change's description:
> [csa] Remove InnerAllocate and replace with non-folded allocations
>
> This CL removes all uses of InnerAllocate (except memento allocations)
> and replace with non-folded allocations. The change is based on the
> fact that 1. Those InnerAllocates are not guarded by --allocation-folding
> flag. 2. Hopefully the MemoryOptimizer can handle the folding and no
> performance regression will happen.
>
> Two special versions of InnerAllocate is still kept:
> * One for memento allocations (renamed to InnerAllocateMemento).
> * One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements).
>
> Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767
> Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74899}
Change-Id: I540c3a6b6e3f7c70c048f8ad1e5f702287fb086b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2946667
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75015}
Heaps in V8 start with a large limit that is shrunk upon young
generation GCs, based on some liveness estimate. This provides best
throughput during startup while at the same time finding a reasonable
first limit.
For C++ (embedder memory) there is no estimate which is why it was
piggy-backing on V8. This breaks in scenarios where no JS memory is
allocated.
In this fix we start a memory reducer after embedder memory has hit
the activation threshold if no GC happened so far. As soon as a single
Scavenger has happened, we leave it up to the JS estimate to figure
out a limit. Memory reducing GCs will then find a regular limit based
on the initial live size.
Drive-by: Give embedders the same activiation threshold of 8MB as JS.
Bug: chromium:1217076
Change-Id: I8469696002ac2af8d75d6b47def062d2608387a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944935
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75012}
This is a reland of 79d63a5ef3. Some fixes
landed already, and two tests need to be skipped now (one with a tracking
bug).
Original change's description:
> [wasm] Remove all implications from --predictable
>
> In predictable mode, we want to execute the same code as otherwise,
> modulo timing. Hence remove any implications which change behaviour
> (like tier-up or asynchronous compilation).
> Note that --predictable is a debugging flag, so the configurations does
> not need to "make sense" in production.
>
> R=ahaas@chromium.org
>
> Bug: v8:11848
> Change-Id: If74fbacadeb087d977922c41f33fd18738b50ded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940898
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74973}
Bug: v8:11848
Change-Id: I3564e4351d6545bb9643d1ae44722eb2606b8961
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944936
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75009}
The predictable platform only executed background tasks if at least one
foreground task was executed. Async compilation in Wasm only spawns a
background task though, so that one could be missed.
This CL fixes the loop to also execute background tasks if no foreground
task was executed.
R=ahaas@chromium.org
Bug: v8:11848
Change-Id: Ia0b32427c24a79d5710c784b98528bf431471528
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944833
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75007}
Changes:
- Add struct.new_with_rtt as a new WasmInitExpr. Parse it in
consume_init_expr(). Add it to
InstanceBuilder::EvaluateInitExpression().
- Change WasmInitExpr::operand_ to vector operands_.
- In consume_init_expr(), use parsed over hard-coded opcode length.
- Improve WasmStruct::WasmStructPrint slightly.
- Add Factory::NewWasmStruct().
- Add WasmValue::CopyToWithSystemEndianness.
- In wasm-module-builder.js, generalize emit_init_expr for expressions
with operands. Add missing init. expression types.
- Add tests.
Bug: v8:7748
Change-Id: Ica12378d202730aff1b57c7d4240aa00ef124f8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940893
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75006}
This reverts commit febfbb21b9.
Reason for revert: Introduced new bugs:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/34472/overview
Original change's description:
> [sparkplug] Adjust compare and jump function in sparkplug
>
> Mips and risc-v do not have the flag register and can not decide
> whether to jump through flags in JumpIf();
>
> Therefor, we merge the comparison with the jump;
>
> Bug: v8:11803
>
> Change-Id: If53752da93b97e8ff65affdfe99e5de8e1a1493f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2921034
> Auto-Submit: Liu yu <liuyu@loongson.cn>
> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75001}
Bug: v8:11803
Change-Id: Ic982564ccdef9a07bf3a5fb4745a11cfa178cc0e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2946818
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#75005}
This commit adds a TryGetCurrent() method to the v8::Isolate class.
The motivation for adding this method this is that in Node.js we've run
into situations where we need to check if there is a current
Isolate and we are using GetCurrent() for this. The issue is that for a
debug build of Node.js, the debug check in GetCurrent() will cause a
failure.
The suggestion in this changeset is to allow getting the current
Isolate, or null if one does not exist, without any checks.
Change-Id: I01676e4bcdbe86da0496f5df1982d14eb1c9ebf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910630
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75004}
Jobs were still being posted on the underlying default platform, which
caused concurrent execution. By directly returning a
{NewDefaultJobHandle} with a pointer to the {PredictablePlatform}, we
force execution of all posted tasks via that platform.
R=ahaas@chromium.org, cbruni@chromium.org
Bug: v8:11848
Change-Id: Ie10519583341b427776ca428f85641e96f821367
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944808
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75002}
Mips and risc-v do not have the flag register and can not decide
whether to jump through flags in JumpIf();
Therefor, we merge the comparison with the jump;
Bug: v8:11803
Change-Id: If53752da93b97e8ff65affdfe99e5de8e1a1493f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2921034
Auto-Submit: Liu yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75001}
Directly use the correct registers for calling the RecordWrite stubs
in sparkplug. To keep changes to existing builtins minimal there are
certain register requirements which are now made explicit in
WriteBarrierDescriptor::Verify.
Bug: v8:11420
Change-Id: I3a0c500fbe26f82ee2243a61dbf574fd31656982
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910313
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74998}
- Add new Builtin enum
- Move Builtins::Name:kXXX to Builtin::kXXX
- Update existing code
Follow CLs will unify the mix of using int builtin-ids and
Builtins::Name to only use the new Builtin enum and changing it to
an enum class.
Change-Id: Ib39aa45a25696acdf147f46392901b1e051deaa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905592
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74995}
The flag --trace-ignition-dispatches has been broken for a long time,
since it was not designed to work with bytecode handlers that are
generated ahead of time by mksnapshot. This splits the existing
--trace-ignition-dispatches logic into two separate parts:
1. A gn argument which instructs mksnapshot to include dispatch counting
in the bytecode handlers, and ensures that the Interpreter allocates
the array of counters, and
2. A runtime flag which enables the ignition-statistics extension which
implements the JS-accessible function getIgnitionDispatchCounters().
Change-Id: I89323425697f5641451f67b9ddcc0303b8ca209f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2937564
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74992}
xmm0 and xmm1 are used to save/restore values in asm builtins, but they
were not saved before calling RecordWrite, which calls C++ code.
Instead of passing SaveFPRegsMode::kSave to RecordWriteField, which
would save/restore all FP-regs, this CL explicitly saves/restores the
FP-regs we rely on beyond the C-Call.
Bug: chromium:1216295
Change-Id: Ifcc7ce4e8819303ffb79576a88304df2e3a6cc4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944427
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74991}
Left-trimming only works when there is a single reference to the
backing store from the JS object. Main thread handles are an exception
to this rule because it is not feasible to ensure that no such
leftover handles may store such stale pointers.
FixStaleLeftTrimmedHandlesVisitor clears such references
in main thread handles, such that the GC never tries to visit them. This
CL renames this class to ClearStaleLeftTrimmedHandlesVisitor to
emphasize that such slots are cleared rather than "fixed up" to point
to the new object start.
Previously ClearStaleLeftTrimmedHandlesVisitor was used for local
and persistent handles as well. Starting with this CL, stale references
to left-trimmed objects are only allowed in main thread handles.
https://crrev.com/c/2928502 enabled us to be more restrictive here.
Change-Id: If4db0630f1df2d6c3fe5f242bf866c57a8ae2969
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944807
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74989}
We have recursive calls such ThinStrings where we go String::Get into
ThinString::Get into String::Get again for the internalized string. If
we need to, we would acquire the StringAccessGuard in the first
String::Get and it wouldn't be needed to be re-acquired for the second
String::Get. Trying to re-acquire it would in fact be an error since we
are already holding the lock.
The code, however, didn't know if we acquired it or not. It was working
correctly due to the way the methods were defined and called. By passing
down the access guard through the Get() calls we make this interaction
explicit.
Also add some thin string tests to test the interaction.
Bug: v8:7790
Change-Id: I1181edec1e802cb754c4d1d1ac268577257b92f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2936598
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74984}
A spec test (wasm-js/global/value-get-set) requires
WebAssembly.Global.value.set to throw an exception if it is called with
0 arguments. The implementation in V8, however, just checked if the
first parameter is `undefined`. This implementation indeed threw an
exception if 0 arguments were provided, but it also threw an exception
when `undefined` is provided as a parameter. This, however, violates
the spec, because globals can be reset to `undefined`.
With this CL we replace the checking for `undefined` by checking the
length of the arguments that get provided.
R=ecmziegler@chromium.org
Bug: chromium:1211342
Change-Id: Ic87a0b369dea3e49eddb8f71f2c29dc6a8f5f558
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940901
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74982}
instead of recursive. JS code can construct very long chains of
nested bound functions or proxies, where the previous recursive
implementation could run out of stack space.
Fixed: chromium:1214616
Change-Id: I764718f03030d22c0873b3ed05277d4317789093
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933668
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74981}
When growing a memory without a maximum, we should still check against
the spec'ed limit, to avoid an overflow when computing the new number of
pages.
R=ahaas@chromium.org
Bug: chromium:1215808
Change-Id: I476b954268277e7dce1106a9b8c3c713b0d1a560
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944433
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74980}
While no scavenger thread reads the content of an object copied by
another thread, we still need memory ordering in order to read the page
flags for a forwarded object.
Change-Id: I831e9dccb03d32daf3c4847613614d26533ba825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944436
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74979}
.. and replace them by elements read directly from the heap object.
With this change, consistency between `map` and `elements` is
no longer guaranteed. Users were updated, when necessary, to deal
with this, e.g. by being more careful not to read out of bounds,
by inserting new `actual_elements == elements_constant` runtime
checks, or through a new compilation dependency that verifies
unchanged elements at finalization time.
Drive-by: inline GetElementsKind into callsites.
Bug: v8:7790
Change-Id: Ifba78182e185ff0d4e954e3be52f0eb24328c853
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909655
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74977}
We currently take the sample at the moment the isolate is created. At
that point, the embedder callback for taking samples is not installed
yet. Hence delay taking the sample until the first module is created.
This will only take samples for isolates that actually use wasm, which
will reduce the overall number of samples, but will give a better
picture of PKU support for Wasm.
R=jkummerow@chromium.orgCC=dlehmann@google.com
Bug: v8:11714
Change-Id: I8a4163961c06076efd6c5dde5751682b53863c2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944429
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74975}
This reverts commit 79d63a5ef3.
Reason for revert: Breaks predictable: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20predictable/36887/overview
Original change's description:
> [wasm] Remove all implications from --predictable
>
> In predictable mode, we want to execute the same code as otherwise,
> modulo timing. Hence remove any implications which change behaviour
> (like tier-up or asynchronous compilation).
> Note that --predictable is a debugging flag, so the configurations does
> not need to "make sense" in production.
>
> R=ahaas@chromium.org
>
> Bug: v8:11848
> Change-Id: If74fbacadeb087d977922c41f33fd18738b50ded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940898
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74973}
Bug: v8:11848
Change-Id: I20eaf665e8ce63af8aeffe3bac7a45372ad6ab7b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2944434
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74974}
In predictable mode, we want to execute the same code as otherwise,
modulo timing. Hence remove any implications which change behaviour
(like tier-up or asynchronous compilation).
Note that --predictable is a debugging flag, so the configurations does
not need to "make sense" in production.
R=ahaas@chromium.org
Bug: v8:11848
Change-Id: If74fbacadeb087d977922c41f33fd18738b50ded
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940898
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74973}
Introduce EmitTSANStoreOOLIfNeeded methods which make it easier on the
eyes in code-generator.cc.
Also pass along the size, which lays the groundwork for the other
instructions e.g. kX64Movq since we don't require the store to be a
Tagged one. This creates new builtins (since we now have a version with
32 bits and another one for 64 bits stores). We can extract the common
code in builtins-internal-gen.cc to de-duplicate the common code.
Bug: v8:7790, v8:11600
Change-Id: I81d80b852ec96b94d170a20f6d61621743b74b32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933664
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74971}
This is a reland of 5fd3858258. It adds
back all recursive implications (via --single-threaded), such that we
can remove them individually in follow-up CLs and watch the state of
the predictable bot.
Original change's description:
> [flags] Predictable should not imply single-threaded
>
> The --predictable flag is often used to reproduce issues, and having it
> imply --single-threaded can change decisions like which compiler(s) to
> use. This is because --single-threaded is meant to be set by embedders
> (hence we do our best to support single-threaded execution), whereas
> --predictable is a testing-only flag which should not change semantics
> too much. The fact that --predictable executes everything in a single
> thread is already implied by the PredictablePlatform.
>
> R=ahaas@chromium.org, machenbach@chromium.org
> CC=jkummerow@chromium.org
>
> Change-Id: Ic174dd59dfdbd6aa1a410f983db05db26c944cd5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919828
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74822}
Change-Id: I7a060826761781727870dd96fffc42ced4675e76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933143
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74970}
This is a reland of 81dd3f42be,
which was a reland of 59eff3bfaa
Original change's description:
> [bigint] Karatsuba multiplication
>
> The Karatsuba algorithm is used for BigInts with 34 or more internal
> digits, and thanks to better asymptotic complexity provides greater
> speedups the bigger the inputs.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782283
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74916}
Bug: v8:11515
Change-Id: I08f7d59dfa39fb3b532684685afd9fa750e0e84e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933666
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74969}
Since there is only a single thread in predictable mode, we should never
wait for more work. That would be an immediate deadlock.
This CL adds code to never wait, and instead checks after processing all
messages that we would not need to wait (i.e. that all work was
completed). This turns deadlocks into FATAL errors.
R=ahaas@chromium.org
Bug: v8:11848
Change-Id: If61305d634803fc43678238dc6e9d3a2f35793c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940886
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74966}
Strict equality checking of ValueTypes only made sense before
reference types came along.
Change-Id: I632f541328cb27ae87a5e3daccd4ffb9cfc8a502
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928513
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74965}
Prepare method by taking an object as argument. In the future we can
optimize this method by only sweeping the object's page.
Bug: v8:11837
Change-Id: Ife1ee7949bfaf590dcc305cc4d03aa1813c07b76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940888
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74963}
This fixes a little mistake from https://crrev.com/c/2182453. In
predictable mode (where we do not have any threads for executing
background work) we are executing everything on the main thread, but we
should never wait for background work to be spawned. Otherwise we can
deadlock if the last background task spawned new foreground work, but we
keep waiting for more background work to arrive.
Generally, any blocking in predictable mode will block forever, because
there is no one to spawn any work concurrently (foreground or
background). But the blocking for foreground work has to be there for
non-predictable mode, thus keep it for now, and only remove waiting for
background work.
R=ahaas@chromium.org
Bug: v8:11848
Change-Id: I51c976f6858db8120baa4c47d28840a1041d7fea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940885
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74962}
This aids debugging as it gives the root set a name.
Bug: chromium:1164553, chromium:1186901
Change-Id: I2c2aed369823b059629b35bb170b4966b47156d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933661
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74960}
This is a reland of b0c70710a4
The first CL got reverted because of build errors. This CL replaces the
remaining usage of is_local_space() with is_compaction_space().
Supposedly this was a leftover because https://crrev.com/c/2928189
landed at roughly the same time.
Original change's description:
> [heap] Remove unused LocalSpace class
>
> LocalSpace was introduced for off-heap spaces with concurrent bytecode
> compilation finalization. However, finalization ended up using
> LocalHeap for concurrent allocations. LocalSpace is therefore unused
> and can be removed.
>
> This CL removes LocalSpace and renames all mentions of local space to
> compaction space. Compaction space was the only local space left.
>
> Change-Id: I12a8a2724f777a77ddb9957fe2d8e89febfebbaf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930169
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74914}
Change-Id: I993c47fe85f4140f5d6137afde2653a48047cafb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2939983
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74957}
The two instructions are fused into a single Sadalp instruction,
improving performance of quantized neural network operator
implementations such as XNNPACK.
This change also includes some formatting changes to the unit
tests that were made automatically by clang-format, which I am
happy to revert if preferred.
Bug: v8:11546
Change-Id: I2afc8940a52186617cffd276c82733ad3020b728
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878742
Commit-Queue: Daan de Graaf <daagra@google.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74952}
ReadLittleEndianValue needs to be used to assure ptrs
are dereferenced correctly on BE machines.
Change-Id: I420f863de1b98d5d68688614ead4847258779c9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2941022
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74951}
So far, initializer-expression evaluation was tied to setting global
values. We now need it to operate independently of globals, so that we
can implement new constant expressions like struct.new, which need their
arguments to be computed before they can be initialized.
Changes:
- Move type computation of WasmInitExpr into WasmInitExpr::type.
- Fix WasmInitExpr::type kRttSub case for rtts without depth.
- Introduce InstanceBuilder::EvaluateInitExpression().
- Rename InstanceBuilder::GetRawGlobalPointer() ->
GetRawUntaggedGlobalPointer().
- Simplify InstanceBuilder::InitGlobals using EvaluateInitExpression().
- Introduce ValueType::is_numeric.
- Add Simd128(byte*) constructor.
- Introduce WasmValue::CopyTo() for numeric types.
Change-Id: Ic502b611f3998187abd9fc6ec377c2954c27abdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2939982
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74949}
Changes:
- Merge all immediates which read a u32_v index into IndexImmediate.
Refactor overloaded Validate(const byte*, [Type]Immediate) functions
to Validate[Type](const byte*, IndexImmediate).
- Move MemoryIndexImmediate/MemoryAccessImmediate validation into their
own Validate functions. Remove CheckHasMemory(), move its
functionality into these Validate() functions.
- Refactor MemoryInitImmediate, TableInitImmediate and
CallIndirectImmediate as composite immediates.
- Change field initializations for some Immediates to constructor
initializers. This helps us drop some useless default constructors.
- Use the correct pc in StackEffect for struct.new_default.
Bug: v8:11831
Change-Id: I878f69a33f8473dc275184995b3b7b88fe0dfc8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928498
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74948}
Change-Id: I9a3c43418b17447741b5886d4706ccd1db9b38e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933662
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74943}
vcgd/vcdg with 32-bit FP inputs are only supported
on z15 and above. For older machines we need to use scalar
instructions.
This is a partial revert of this CL: https://crrev.com/c/2697389
Change-Id: I61deb9357efd424c3b94dddc8be37e7e4c42d334
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2936640
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74939}
Clean up 32 bit Load/Store
Change-Id: I5bab0d33830039d3c4a501eba6e7cf95f4b9559e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933597
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74927}
The concurrent marker needs to first read the object's content into a
buffer. Only then the marker can try to mark the object black, if this
succeeds the content in the snapshot is valid. If not, the main thread
has changed the layout of the object concurrently.
Change-Id: Ia8bb26953ee78771baf6d4e67af5f86ee3fe8095
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933142
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74924}
This CL fixes WebSnapshotDeserializer::DeserializeFunctions(), so that
the new Script is created after both the SharedFunctionInfoTable and
SharedFunctionInfo are allocated.
Also, this CL re-enables mjsunit tests for web snapshots (disabled in
https://chromium-review.googlesource.com/c/v8/v8/+/2931806).
Bug: v8:11842, v8:11525, v8:11706
Change-Id: I13503eab3fa70b128ba1faae75eed62b6c5bb636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933145
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74923}
This is a reland of 59eff3bfaa
Original change's description:
> [bigint] Karatsuba multiplication
>
> The Karatsuba algorithm is used for BigInts with 34 or more internal
> digits, and thanks to better asymptotic complexity provides greater
> speedups the bigger the inputs.
>
> Bug: v8:11515
> Change-Id: I5ab0e318173ea4a02ced3f156d3c17e0259c5036
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782283
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74916}
Bug: v8:11515
Change-Id: I5ece2ff29ef11ea304980c053887d9746cfc80bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933497
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74922}
Few of the changes added under https://crrev.com/c/2891656
do not compile if sparkplug is not implement on a platform.
Bug: v8:11790, v8:11421
Change-Id: Iec40e89ab56a6923b30a5567e4a49e4f1763eece
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933656
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74921}
This instruction is a non-standard V8-only experiment for now,
hidden behind the --experimental-wasm-gc-experiments flag.
The motivation is to provide a way to set up non-canonicalized
RTT hierarchies, to enable expressing the type system of Java-like
languages in terms of WasmGC constructs.
Bug: v8:7748
Change-Id: Idf1c18e9944c983f40f1e01b2032ee5fdc2fd81b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930478
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74920}
Since we always call the out-of-line Prologue, we can preload the
accumulator in there with undefined instead of having to emit an
undefined load in every Sparkplug code header.
Change-Id: Ie0385316b0ee8bf96cd0069cda0496d05a4fb1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933144
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74919}
Different platforms have different limits for growing memory, thus the
correctness fuzzer should crash instead of failing to grow. This will
make the fuzzer ignore the test case.
Instead of using the minimum of {wasm::max_mem_pages()} and the declared
maximum as the limit for growing, we can just use the declared limit.
{wasm::max_mem_pages()} will already be checked in the called methods.
All we need is a check for the --correctness-fuzzer-suppressions flag if
growing actually fails (either because of the platform-specific limit,
or because of an actual OOM).
Drive-by: unify the duplicated call to
{BackingStore::GrowWasmMemoryInPlace}.
R=ahaas@chromium.org
Bug: chromium:1213320
Change-Id: I7f219e1f93824225946d8a2136f15874c091e234
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2931815
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74917}
The Karatsuba algorithm is used for BigInts with 34 or more internal
digits, and thanks to better asymptotic complexity provides greater
speedups the bigger the inputs.
Bug: v8:11515
Change-Id: I5ab0e318173ea4a02ced3f156d3c17e0259c5036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2782283
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74916}
This reverts commit b0c70710a4.
Reason for revert: Lots of compile errors.
Original change's description:
> [heap] Remove unused LocalSpace class
>
> LocalSpace was introduced for off-heap spaces with concurrent bytecode
> compilation finalization. However, finalization ended up using
> LocalHeap for concurrent allocations. LocalSpace is therefore unused
> and can be removed.
>
> This CL removes LocalSpace and renames all mentions of local space to
> compaction space. Compaction space was the only local space left.
>
> Change-Id: I12a8a2724f777a77ddb9957fe2d8e89febfebbaf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930169
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74914}
Change-Id: I3a654da0ddb556c1fb8767f8401ecd3b46786bea
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2933140
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74915}
LocalSpace was introduced for off-heap spaces with concurrent bytecode
compilation finalization. However, finalization ended up using
LocalHeap for concurrent allocations. LocalSpace is therefore unused
and can be removed.
This CL removes LocalSpace and renames all mentions of local space to
compaction space. Compaction space was the only local space left.
Change-Id: I12a8a2724f777a77ddb9957fe2d8e89febfebbaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930169
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74914}
Instead of compiling a function with baseline immediately when the
interrupt budget is hit, we compile functions in batches to save some
memory protection flips on code pages.
This CL introduces batch compilation behind --baseline-batch-compilation
(enabled on future) and adds a flag
--baseline-batch-compilation-threshold to control the size of batches.
Bug: v8:11790
Change-Id: I3efc360424a14e4b07c6570e48860509ae59e591
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2891656
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74913}
- Maintain the correct stack in unreachable code for all type casts.
- Compute the correct type for the pushed stack value for ref.cast.
- Check if current_code_reachable_and_ok_ instead of checking the
popped values' types against bottom.
- Add unit tests.
Bug: v8:7748
Change-Id: I02c26f526060f40884c4ff1e541315f71d8ad90a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928191
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74912}
After https://crrev.com/c/2910080 we can define the histogram as a
proper boolean histogram with minimum 0, maximum 1, and 2 buckets.
This will map to a chromium histogram with maximum 2, and 3 buckets, but
that conversion will happen on chromium's side.
R=jkummerow@chromium.org
Bug: chromium:1207318
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Change-Id: I176cf2467949591bcc3aa5ad0635cb8b12f20e9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930479
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74911}
This interface allows associating meta information to
exceptions. This meta information can be used by debugging
tools, like DevTools, to learn about e.g. a network request
or a DevTools issue that is associated with the exception.
To do so the inspector client (i.e. embedder) has to provide
the data.
Bug: chromium:1213393
Change-Id: Ia86221f4f04b21024d592bafb2f74886ead8a6a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928496
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74909}
Similar to https://crrev.com/c/2912786, this fixes a high number of
page permission switches (incuring mprotect syscall and lock contention
overhead) by pulling a {NativeModuleModificationScope} outside of a
loop (and across a function boundary).
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:11663, chromium:932033
Change-Id: I2ec47f3eeeb2ab9624d2eaea9b4e776738871c97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928504
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74906}
This fixes a bug introduced in crrev.com/c/2717308. For JSArray
holders, we must observe JSArray::length for bounds checks (in
addition to elements.length).
JSArray::length cannot reliably be read from the background thread;
thus we do a best-effort read there, and verify the result during
finalization through a new ArrayIndexIsInBoundsDependency.
Bug: v8:7790,chromium:1209444
Change-Id: I189df9f58043411ada62f32fe741d4729874d357
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928509
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74904}
This reverts commit 59d58d722e.
Reason for revert: This CL breaks --predictable
Original change's description:
> [csa] Remove InnerAllocate and replace with non-folded allocations
>
> This CL removes all uses of InnerAllocate (except memento allocations)
> and replace with non-folded allocations. The change is based on the
> fact that 1. Those InnerAllocates are not guarded by --allocation-folding
> flag. 2. Hopefully the MemoryOptimizer can handle the folding and no
> performance regression will happen.
>
> Two special versions of InnerAllocate is still kept:
> * One for memento allocations (renamed to InnerAllocateMemento).
> * One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements).
>
> Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767
> Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74899}
Change-Id: If6a1836634670eff3342f6df1d2a5b76afbdc0ac
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2932796
Auto-Submit: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74903}
This is a reland of ed7e4554db:
- fixing platform names for tickprocessor
- UnixCppEntriesProvider => LinuxCppEntriesProvider
- MacCppEntriesProvider => MacOSCppEntriesProvider
Original change's description:
> [mjsunit][tools][d8] Full roundtrip tickprocessor test
>
> - Add os.d8Path property
> - Add os.name property
> - Change tickprocssor test to use command line arguments for testing
> various configurations
> - Change tickprocessor test to create a temporary v8.log and read it
> back in on linux only
> - Rearrange code in tickprocessor.mjs to allow instantiating the
> CppEntriesProvider directly
> - Drop complete symbol-list for tickprocessor-test-large.log for better
> code searching in V8
>
> Change-Id: Ib56dd0a1ba5377282c84c4de6f17e2fd69ee8123
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929120
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74892}
Change-Id: I5e121ba11f407af50108a2712d27c32867a22eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929382
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74902}
... as these jobs may have references to the array backing store and
expect them to stay valid.
Bug: chromium:1211215
Change-Id: Ia48519e993306223afab8d11a94d6d8fc150a11d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928502
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74901}
This CL removes all uses of InnerAllocate (except memento allocations)
and replace with non-folded allocations. The change is based on the
fact that 1. Those InnerAllocates are not guarded by --allocation-folding
flag. 2. Hopefully the MemoryOptimizer can handle the folding and no
performance regression will happen.
Two special versions of InnerAllocate is still kept:
* One for memento allocations (renamed to InnerAllocateMemento).
* One for AllocateUninitializedJSArrayWithElements (renamed to InnerAllocateElements).
Change-Id: Ie77da6b2fba31b048241f7b7d927065305a01c27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873767
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74899}
CompactionSpaces are only used during GC, so there is no need to
lock pending_allocation_mutex_ for them. Locking for GC allocations
actually caused multiple regressions.
Bug: chromium:1214765
Change-Id: I6db4ed96deced41dc52f04b2917ec944b4ccc674
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928189
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74896}
This reverts commit ed7e4554db.
Reason for revert: new test fails on Mac: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/40407/overview
Original change's description:
> [mjsunit][tools][d8] Full roundtrip tickprocessor test
>
> - Add os.d8Path property
> - Add os.name property
> - Change tickprocssor test to use command line arguments for testing
> various configurations
> - Change tickprocessor test to create a temporary v8.log and read it
> back in on linux only
> - Rearrange code in tickprocessor.mjs to allow instantiating the
> CppEntriesProvider directly
> - Drop complete symbol-list for tickprocessor-test-large.log for better
> code searching in V8
>
> Change-Id: Ib56dd0a1ba5377282c84c4de6f17e2fd69ee8123
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929120
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74892}
Change-Id: I7d7506b370f96365552a21fa767b1c5c608ebb1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929380
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74894}
- Add os.d8Path property
- Add os.name property
- Change tickprocssor test to use command line arguments for testing
various configurations
- Change tickprocessor test to create a temporary v8.log and read it
back in on linux only
- Rearrange code in tickprocessor.mjs to allow instantiating the
CppEntriesProvider directly
- Drop complete symbol-list for tickprocessor-test-large.log for better
code searching in V8
Change-Id: Ib56dd0a1ba5377282c84c4de6f17e2fd69ee8123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929120
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74892}
GCC build fails trying to use a non constexpr function from a
constexpr function.
../chromium-92.0.4503.0/v8/src/wasm/baseline/liftoff-register.h: In member function 'constexpr v8::internal::DoubleRegister v8::internal::wasm::LiftoffRegister::fp() const':
../chromium-92.0.4503.0/v8/src/wasm/baseline/liftoff-register.h:286:71: error: call to non-'constexpr' function 'static v8::internal::VRegister v8::internal::VRegister::from_code(int)'
286 | return DoubleRegister::from_code(code_ - kAfterMaxLiftoffGpRegCode);
| ^
In file included from ../chromium-92.0.4503.0/v8/src/codegen/register-arch.h:16,
from ../chromium-92.0.4503.0/v8/src/deoptimizer/translation-array.h:8,
from ../chromium-92.0.4503.0/v8/src/objects/code.h:10,
from ../chromium-92.0.4503.0/v8/src/codegen/reloc-info.h:10,
from ../chromium-92.0.4503.0/v8/src/codegen/assembler.h:47,
from ../chromium-92.0.4503.0/v8/src/codegen/assembler-arch.h:8,
from ../chromium-92.0.4503.0/v8/src/codegen/turbo-assembler.h:12,
from ../chromium-92.0.4503.0/v8/src/codegen/macro-assembler.h:8,
from ../chromium-92.0.4503.0/v8/src/wasm/baseline/liftoff-assembler.h:13,
from ../chromium-92.0.4503.0/v8/src/wasm/baseline/liftoff-assembler.cc:5:
../chromium-92.0.4503.0/v8/src/codegen/arm64/register-arm64.h:416:20: note: 'static v8::internal::VRegister v8::internal::VRegister::from_code(int)' declared here
416 | static VRegister from_code(int code) {
| ^~~~~~~~~
Bug: chromium:819294
Change-Id: Ia19ea90f3f666702d32c90e147af17dcda7e08a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929805
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/master@{#74889}
Port 2b77ca200c
Original Commit Message:
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ife3ae4f93b85fe1b2c76fe4b98fa408b5b51ed71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2929661
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74886}
The split between "Complete" methods and "Validate" methods is subtle
and undocumented. The "Complete" methods are only used in places where
we know that the function is valid anyway: Printing wasm code and
getting stack effects of an instruction (for the interpreter). Both are
also not performance critical.
Hence this CL merges the "Complete" methods in the respective "Validate"
methods and just call the latter instead of the former.
R=jkummerow@chromium.org
Bug: v8:11831
Change-Id: Id9591c73587262c30b8c56770b090f2b0d2d45b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922118
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74882}
The upper 32 bits of the 64 bit offset register are not guaranteed to be
cleared, so a zero-extension is needed. We already do the zero-extension
in the case of explicit bounds checking, but this should also be done if
the trap handler is enabled.
R=clemensb@chromium.orgCC=jkummerow@chromium.org
Bug: v8:11809
Change-Id: I21e2535c701041d11fa06c176fa683d82db0a3f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917612
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74881}
This CL fixes the deserialization of the map for empty objects, so that
the initial empty map is used.
Bug: chromium:1213851, v8:11525, v8:11706
Change-Id: I37de0b147b9c89ead9c96f776e5fbf88da4630cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928192
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74880}
This CL adds a v8_allocation_site_tracking flag to control the allocation and
tracking of memento objects.
Disables FLAG_allocation_site_pretenuring if v8_allocation_site_tracking
is disabled.
v8_enable_single_generation implies !v8_allocation_site by default.
Change-Id: Ib07528bd37d91de6bb6ea0bfea1699be4e17fae9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897326
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74879}
NotifyIncrementalMarkingStart() was using a different timer in the
default configuration to set incremental_marking_start_time_.
Bug: v8:11801
Change-Id: I1551bcc659d025bf8c46c865f5d2bd429934f628
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2930158
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74878}
In the Chrome DevTools Protocol, the step actions are named StepOut,
StepOver, and StepInto, but internally we used StepOut, StepNext, and
StepIn instead. This change adjusts the naming to be consistent.
Bug: chromium:901814, chromium:1162229
Change-Id: Id3502a1b0a4aadd94734ec3d1fef73c1782fa220
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928510
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74877}
Various behaviour preserving changes that make it easier to switch on
callee-saved registers without having to land refactoring code at the
same time.
- Use MaybeStoreRegisters / MaybeRestoreRegisters
- Use CallRecordWriteStubSaveRegisters everywhere for now. Eventually
this will be replaced by CallRecordWriteStub in places with fixed
registers.
- Use WriteBarrierDescriptor::ComputeSavedRegisters, which for now
returns the same as allocatable_registers
Full x64 implementation: https://crrev.com/c/2922604
Bug: v8:11420
Change-Id: I04e6ac2f6333edc91cb1030a0217f59ad441a1d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922250
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74876}
This CL would finish adding TSAN support for the generated tagged
stores.
Bug: v8:7790, v8:11600
Change-Id: Icaadc06ea740089dadf3d9f86da56d84dad1d4b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922113
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74872}
So far, units compiled with TurboFan were published one-by-one as soon
as they were ready, which reduces the latency until the faster code is
available. However, especially when write-protecting code with mprotect,
this yielded a lot of page protection switches, which incurs syscall and
lock contention overhead. Thus, https://crrev.com/c/2922114 already
introduced TurboFan batching when using write-protection.
During experiments, we found this could even be beneficial in the
default configuration, i.e., without write-protection enabled. This CL
changes to always do the publishing in batches. This choice should be
revisited once the tier-up strategy changes, e.g., with lazy compilation
or dynamic tier-up.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Change-Id: I0ba792c969f7e017ac57103d2bbfe9a142cf302d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928186
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Cr-Commit-Position: refs/heads/master@{#74871}
This is a reland of 17915002fc with an
added fix for TurboAssembler::CallTSANRelaxedStoreStub.
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: Ibac3e6f0360d35579ee0b0dc5d698f8cdab93260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922604
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74870}
All our Simd load/store opcodes are using MRR format.
Added DCHECKs will make sure the passed MemOperands are using
2 registers and not an Immediate value.
Change-Id: Ife470d3c80a10853bbb8365f8c00350ebdc98b2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2927208
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74868}
This will be thrown during array allocations if the requested size is
larger than kV8MaxWasmArrayLength.
Additional changes:
- In test-gc.cc, add the possibility to check against the trap message
in CheckHasThrown.
- Small reorganization of WasmGCTester in test-gc.cc.
Bug: v8:7748
Change-Id: I6f74b525bd7087fcc66f43c451ef130df022b0f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922247
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74867}
AllocationSites are strongly rooted in various places.
AllocationMementos, small heap objects immediately behind the
objects which AllocationSites tracks, are purposely left
unrooted. They do however, point to AllocationSites.
This leads to a situation where an AllocationSite may no longer
be seen to have strong roots at gc time, and yet new space is
still repleat with AllocationMementos which point to it.
The GC recognizes this, and marks the AllocationSite as a
"zombie," that is, an object which should be kept alive for
one more GC cycle because of the existence of those mementos
which point to it.
Change-Id: Ifa720c28f216dee2eaf7edd6f489b5c7427d4353
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928500
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74866}
Bug: chromium:1212583
Change-Id: I6cce7e419b108a0d30cf4d9d9bb0ba304fb0803e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922249
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74864}
Prior to this patch, regular expression objects with a monkeypatched
`toString` were printed using the `toString` result value, rather than
actually representing the regular expression’s contents.
const re = /./;
re.toString = () => 'whoops!';
console.log(re);
// → logs 'whoops!'
Now that `v8::RegExp::GetSource` properly escapes special characters in
the source pattern [1], just like `RegExp#toString`, there is no longer
any reason to avoid it.
[1]: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Bug: v8:11693
Change-Id: I9a69cdb6813f76b669bdc24e4823c6d261f2ae73
Fixed: v8:11836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928188
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74862}
We must ensure that the sweeper is not running or has already swept
mutable_double_buffer. Otherwise the GC can add it to the free list.
Bug: v8:11837
Change-Id: Ifd9cf15f1c94f664fd6489c70bb38b59730cdd78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928181
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74859}
When this flag is enabled, allocation folding behaviour depends
on the --turbo-allocation-folding runtime flag.
When it's disabled, --turbo-allocation-folding is ignored.
This flag will be used later to control the
CodeStubAssembler::InlineAllocate behaviour.
Change-Id: Iea7bbafd8454571dda7d56349b3dc63d3b54ba99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878754
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#74858}
This CL enhances the interface of the fast C API with constants and
structs necessary for supporting JSArrays, TypedArrays and ArrayBuffers.
It also adds checks for incompatible combinations of argument type/flags.
Bug: chromium:1052746
Change-Id: I032167d0739d33f8151f78574c89d565cb9bd821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74857}
Change API RegExp::GetSource to return a string identical to ToString()
and RegExp.prototype.source.
Bug: v8:11693
Change-Id: I3d148883fe6f8a3ff49e552ddd72b1e92f52baf3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900737
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74854}
Use Relaxed_Memcpy when making a new TypedArray that copies from a
SharedArrayBuffer.
Bug: chromium:1209639
Change-Id: Iaa1f069552f0aa42a1f423e5ee0a913b3330153c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2923274
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74842}
And add s10 to scratch_register_list. Clean up t* register used in macroassembler
Bug: v8:7703
Change-Id: Ib8477cd7528b8c2a2297da3f46659f30af45286e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914246
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#74841}
The refactoring makes it explicit that a v8::Array results in a
protocol::ListValue, and a v8::Object in a protocol::DictionaryValue,
which will be useful in a follow-up.
Bug: chromium:1213393
Change-Id: I0d6e5b013a828e12cb3200672d4fd9b14a14a807
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919831
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74839}
To support Fast API calls with overloads, implement compile-time
function resolution based on the number of arguments passed to the JS
function.
Bug: v8:11739
Change-Id: I96839dc0b6fc540eff94573ac9e77f678908fc3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901249
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74837}
The counter as size_t can legitimately overflow on 32-bit systems, since
decreasing the counters is performed after all backing stores were
freed on a background thread. Before sweeping is finished a new backing
store could already be allocated which then leads to the overflow.
Bug: v8:11788, chromium:1211437
Change-Id: Id9f3e58b0e84e831fe47109f7deb3a05ae7e489c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922242
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74836}
This reverts commit 17915002fc.
Reason for revert: Breaks TSAN builds (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20builder/19166/overview)
Original change's description:
> [builtins][x64] Use callee-saved registers for write barrier stubs
>
> Calls to the record write stub are quite frequent and the caller has to
> save all registers used by the builtin.
>
> This CL moves the register saving to the builtin itself, reducing the
> call-site code size significantly in many cases and thus improving
> compilation speed of sparkplug.
>
> Follow-up CLs with introduce the same behaviour to other platforms.
>
> - CallRecordWriteStubSaveRegisters preserves the existing behaviour and
> saves clobbered registers.
> - CallRecordWriteStub expects the registers to match the ones specified
> in the WriteBarrierDescriptor for more compact code.
>
> Bug: v8:11420
> Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
> Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74831}
Bug: v8:11420
Change-Id: I20f239e64ec2834acd651341634974291992add5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922316
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74832}
Calls to the record write stub are quite frequent and the caller has to
save all registers used by the builtin.
This CL moves the register saving to the builtin itself, reducing the
call-site code size significantly in many cases and thus improving
compilation speed of sparkplug.
Follow-up CLs with introduce the same behaviour to other platforms.
- CallRecordWriteStubSaveRegisters preserves the existing behaviour and
saves clobbered registers.
- CallRecordWriteStub expects the registers to match the ones specified
in the WriteBarrierDescriptor for more compact code.
Bug: v8:11420
Change-Id: Ib1260cf972712bb9ba879beacd34b06a7fa347f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922103
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74831}
This CL does 2 things:
1) Implements forwarding of histogram reporting from cppgc to v8 via
CppHeap.
2) Establishes the pipeline in GCTracer for sending the histograms to
the embedder.
Currently only cppgc histograms are populated.
See crrev.com/c/2916956 for usage.
Bug: chromium:1154636
Change-Id: I8150116f757e105d0dfac96a3f6e7dd95717f5bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917033
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74830}
With mprotect-based write protection of the WebAssembly code space,
we switch page protection flags each time (at least) one compilation
thread needs write access. Two such switches happen when TurboFan
compilation results are available in {ExecuteCompilationUnits}: One
switch happens when calling {NativeModule::AddCompiledCode} and one more
when calling {NativeModule::PublishCode} via
{SchedulePublishCompilationResults} and {PublishCompilationResults}.
So far, each TurboFan result was published eagerly, i.e., as soon as it
became available. This has the benefit that faster code is available
immediately, and had no large cost or downside without write protection.
However, with write protection switching permissions is expensive (an
mprotect syscall) and needs to lock the
{WasmCodeAllocator::allocation_mutex_} (which causes lock contention and
under Linux many futex syscalls). Thus, immediately publishing each
TurboFan result when using write protection can cause up to 10x slower
compilation compared with not using write protection. In terms of
syscalls we measured (non scientifically) with
{sudo perf stat -e 'syscalls:sys_enter*' d8 ...} on the Unity benchmark:
- mprotect: 10k vs. 44k syscalls (baseline vs. write protection)
- futex: 31k vs. 112k syscalls (baseline vs. write protection)
- sys time: 1.6s vs. 10s (baseline vs. write protection)
All of those are clearly to high.
The fix here is simply to batch togther multiple TurboFan functions into
one publishing step when using write protection. The batching logic
already exists for Liftoff, so we can just disable eager publishing for
TurboFan when using write protection. Additionally, we publish once when
all Liftoff results are available (even if the batch is not complete),
such that time-to-execute is not regressed.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Bug: v8:11663, chromium:932033
Change-Id: Ibf6f28ecf4733b40322e62761e66046dec60a125
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922114
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74829}
This reverts commit 5fd3858258.
Reason for revert: Failures on the predictable bot: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20predictable/36749/overview
Original change's description:
> [flags] Predictable should not imply single-threaded
>
> The --predictable flag is often used to reproduce issues, and having it
> imply --single-threaded can change decisions like which compiler(s) to
> use. This is because --single-threaded is meant to be set by embedders
> (hence we do our best to support single-threaded execution), whereas
> --predictable is a testing-only flag which should not change semantics
> too much. The fact that --predictable executes everything in a single
> thread is already implied by the PredictablePlatform.
>
> R=ahaas@chromium.org, machenbach@chromium.org
> CC=jkummerow@chromium.org
>
> Change-Id: Ic174dd59dfdbd6aa1a410f983db05db26c944cd5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919828
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74822}
Change-Id: Id312cd2b3a150fa3e61daf6550651dc252264ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922248
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74828}
When 'beforeScriptExecution' is enabled, a pause event may be generated
with a reason of 'instrumentation' rather than 'other.' This patch
ensures that in the case of a schedule-break, both an 'instrumentation'
and 'other' pause event is generated.
This is important for debuggers that rely on getting 'other' breakpoints
to determine if they should actually break, or continue executation.
Change-Id: I73613f4df6fa7942e7ca2be58853e5420589ba0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2915680
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74827}
This adds detection for constant memory indexes which can statically be
proven to be in-bounds (because the effective offset is within the
minimum memory size). In these cases, we can skip the bounds check and
the out-of-line code for the trap-handler.
This often saves 1-2% of code size.
R=ahaas@chromium.org
Bug: v8:11802
Change-Id: I0ee094e6f1f5d132af1d6a8a7c539a4af6c3cb5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919827
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74825}
This function broke abstraction and as a result became incorrect when
the call feedback was extended with the CallFeedbackContent flag.
Bug: v8:11821, v8:9974
Change-Id: Ic40dc45440a697a554d015dd50f0178e79963920
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919820
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74823}
The --predictable flag is often used to reproduce issues, and having it
imply --single-threaded can change decisions like which compiler(s) to
use. This is because --single-threaded is meant to be set by embedders
(hence we do our best to support single-threaded execution), whereas
--predictable is a testing-only flag which should not change semantics
too much. The fact that --predictable executes everything in a single
thread is already implied by the PredictablePlatform.
R=ahaas@chromium.org, machenbach@chromium.org
CC=jkummerow@chromium.org
Change-Id: Ic174dd59dfdbd6aa1a410f983db05db26c944cd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919828
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74822}
This CL renames the --d8-web-snapshot-api flag to explicitly mark it as
experimental, so that it is ignored by fuzzers.
Bug: v8:11525, v8:11706
Change-Id: Iff8a9d5697b60d0ade841773d1f0b537fcb19b70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2922109
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74820}
Use a read-write lock for protecting original_top, original_limit and
pending_object for all spaces. This way Heap::IsPendingAllocation is
always guaranteed to read a consistent top/limit-pair and also the
last values for those fields.
The main thread will acquire an exclusive lock to update those fields.
Concurrent Turbofan threads will use shared locks to read them.
This may be quite expensive on the Turbofan-side, so landing this CL
should help us figure out how big of a regression this simple fix would
be. For main thread execution performance is supposed to be okay, since
this is only used on the allocation slow path.
Bug: v8:11778, chromium:1213266
Change-Id: I9464f53fd50057ec2540ab5b79f74ee52a5d7500
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903143
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74814}
Based on an analysis of auto-generated code, based on
browser_protocol.pdl and js_protocol.pdl:
https://goreportcard.com/report/github.com/daabr/chrome-vision#misspell
Bug: chromium:1213460
Change-Id: Ib96b2d2700d0bf1ac90e88accd0bc15eccbb9d7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848874
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74810}
The timer might not be started when the main thread starts shutdown
between a background thread invoking RequestGC() and
AwaitCollectionBackground().
Add early bailout to AwaitCollectionBackground() in case shutdown
was already initiated.
Bug: v8:11823
Change-Id: Id646cdefa99adb04553c21337ad19538071ee3d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919957
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74808}
As is, the DCHECK() has a #if inside, and MSVC has trouble
pre-processing that. Fix this by moving the conditional inside the
DCHECK() into a separate helper function.
Bug: v8:11760
Change-Id: Ib4ae0fe263029bb426da378afa5b6881557ce652
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919421
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74807}
Changes:
- Add --experimental-wasm-gc-experiments flag.
- Add array.copy opcode. Implement it in decoding and code generation
behind the new flag.
- Add WasmCodeBuilder::BoundsCheckArrayCopy. Move BoundsCheckArray to
the private section.
- Add WasmArrayCopy and WasmArrayCopyWithChecks builtin.
- Add WasmArrayCopy runtime function.
- Add WasmArray::ElementSlot.
- Always print two hex digits in CHECK_PROTOTYPE_OPCODE.
- In test-gc, print the thrown-error message if the function should not
throw.
- In test-gc, add GetResultObject with one argument.
Bug: v8:7748
Change-Id: I58f4d37e254154596cdef5e78482b55260dd3782
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912729
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74806}
Use compile-time DCHECK instead of Unreachable().
GenerateRecordWrite is disabled to prevent the use of PageFromAddress
when TPH is enabled.
Another user of PageFromAddress is TrapAllocationMemento, this will
be disabled in https://chromium-review.googlesource.com/c/v8/v8/+/2897326.
Bug: v8:11641
Change-Id: I1393d5ad52695a79750be00f2205648458f9c79d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2909216
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74805}
This is a reland of 916eb86952
Change compared to original:
Remove ternary operator from lambda, as this triggers a gcc bug.
Original change's description:
> Reland "[wasm][bug] Fix a couple of bugs in validation of unreachable code"
>
> This is a reland of 4a037f871e
>
> Changes compared to original change: None. This seems not to create
> problems after all.
>
> Original change's description:
> > [wasm][bug] Fix a couple of bugs in validation of unreachable code
> >
> > Changes:
> > - SetBlockType now instantiates the block's start merge with values of
> > the correct type in unreachable code.
> > - EnsureStackArguments now keeps the existing stack values and moves
> > them over the new bottom values.
> > - Drop stack size validation in Drop().
> > - Add new tests in unreachable-validation.js.
> >
> > Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74650}
>
> Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74677}
Bug: v8:11819
Change-Id: I9b8d915547ec9aee7cb5233937089d431db54c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919833
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74797}
They check for AVX and uses the AVX instruction if available. This is a
follow-up CL to https://crrev.com/c/v8/v8/+/2912778
Change-Id: Ib53f06f03ac1067366b76b9193d8db98c394ce50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919853
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74795}
Build with single generation mode failed because
new_space_allocation_top() and new_space_allocation_limit() both return
nullptr now without a new space. Previously the DCHECK succeeded because
both methods would call the NewSpace methods with null as this pointer.
Bug: v8:11708
Change-Id: I74babded2c790642e74722ed53794aecebec4344
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917604
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74794}
When BranchElimination has to find the common prefix of a set of
BranchConditions in a Merge, it has to traverse a number of linked lists
of individual conditions, which is inefficient.
This CL improves its performance by grouping conditions between an
IfTrue/IfFalse and a Merge in a single entry of BranchConditions.
Additional change: Improve documentation of FunctionalList.
Change-Id: I93a58886151f6831cafb483aafb48e8e6c2433e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917600
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74793}
Without the explicit constexpr keyword, Clang seems to be able to treat
these methods as constexpr, whereas MSVC will not.
Bug: v8:11760
Change-Id: I9f6492f38fb50dcaf7a4f09da0bd79c0da6a50eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912916
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74791}
The new functionality is hidden behind the --wasm-gc-js-interop flag.
Bug: v8:11804
Change-Id: I9dd779efe3dbf3c773948b6fd8872e3aea8cd7a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912784
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74790}
This fixes a compile error in no-wasm / jitless builds introduced in
https://crrev.com/c/2912779.
R=neis@chromium.orgCC=manoskouk@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Cq-Include-Trybots: luci.v8.try:v8_linux_arm_lite_rel_ng
Change-Id: Ia256679dba5093b30821859376aba81b4900efed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919829
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74787}
This is no longer supported and currently fails later when V8 is
executed if taken, so remove it and fail early during initialization.
BUG=chromium:1208472
Change-Id: I0a1fe947facef0128c6695a4091c5fe8d4c56cc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2919668
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74786}
ThinStrings are essentially a pointer to an InternalizedString. Read
them concurrently in places where we read InternalizedStrings.
Bug: v8:7790, v8:11791
Change-Id: I3be4dd27336f58706c9c57d5042f96cb8f56bcaa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905608
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74785}
This CL adds support for testing web snapshots through mjsunit tests.
To allow for taking and using web snapshots from JavaScript, two
methods, Realm.takeWebSnapshot() and Realm.useWebSnapshot(), are
introduced in d8.
Both of these methods accept a Realm as a parameter, allowing for
mjsunit tests to create and use the snapshot in different realms.
To return the snapshot data, Realm.takeWebSnapshot() creates and
returns a snapshot object with the snapshot data stored as an embedder
field.
Bug: v8:11525, v8:11706
Change-Id: I6e514e10eabf5bdb96d81e2697d4ddc49d92de73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905610
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Vicky Kontoura <vkont@google.com>
Cr-Commit-Position: refs/heads/master@{#74783}
Inline the SaveFPMode flag directly into the TSANRelaxedStore stubs:
- Saves one register for input arguments
- Avoid branches in the TSANRelaxedStore stubs
Bug: v8:7790, v8:11600
Change-Id: Ib1083f8c1a7e856028ff606ba8c2a93efb10db69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917037
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74781}
BranchElimination and CsaLoadElimination interracted badly and created
quadratic behavior when run together. This happened when
CsaLoadElimination kept updating arguments of a Merge, and
BranchElimination kept going through all of them to find the common
prefix of all path conditions. Therefore, we separate BranchElimination
and CsaLoadElimination in the csa and wasm optimization pipelines.
Additional changes:
- Split WasmOptimizationPhase from CsaOptimizationPhase.
- Remove now-redundant argument from CsaOptimizationPhase::Run.
- Fine-grain how statistics are measured in the wasm pipeline.
Change-Id: Id166f4f7d1ea69a1a7b7ca108af4ffedbcda8abb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912779
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74779}
.. when concurrent-inlining, use direct reads instead.
Two fields were changed to have a non-atomic getter and acq-rel
accessors:
- Map::prototype_info
- PrototypeInfo::object_create_map
Bug: v8:7790
Change-Id: I05e888240d73ab6e961b1048a25713ec45fb0305
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876852
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74777}
For memory accesses that are statically known to be in bounds, avoid the
out-of-line code for the trap handler. This makes trap handler metadata
smaller, reduces code size (by avoiding OOL code), and enables more
optimizations at later phases, because unprotected memory loads can be
reordered and reused.
Drive-by: Use {GetMemoryAccessKind} consistently.
R=ahaas@chromium.org
Bug: v8:11802
Change-Id: Ia824d3355a95f446a796c5b06f69ecaa1500709b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912585
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74776}
This is a reland of 6d99f9334b
No changes since revert.
Original change's description:
> [compiler] Replace EnsureElementsTenured by IsElementsTenured
>
> We can't mutate heap state from the compiler thread; turn this into a
> predicate and emit generic code if it returns false.
>
> Bug: v8:7790
> Change-Id: I6186a87e178d0c0206b6e7659fa2a41bf65fd835
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876845
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74596}
Tbr: neis@chromium.org
Bug: v8:7790
Change-Id: I9cfdcf9929870a8314486292bab91e83cb448410
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917605
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74775}
This is a reland of 5258364e23
No changes since revert.
Original change's description:
> [compiler] Make NativeContextRef never-serialized
>
> Most NativeContext elements are immutable after initialization;
> additionally, we now use acquire-release semantics to load/store
> elements when possible. Reading and constructing Refs for elements
> is thus possible from the background.
>
> A few notes:
>
> - A few elements are not immutable; if read from the background
> thread, these must use acquire-release semantics.
> - Elements can be stored from generated code; these are not compatible
> with bg-thread accesses.
> - While elements can be read safely from the native context, the
> elements themselves may still require serialization; this is done in
> NativeContextRef::Serialize.
>
> Bug: v8:7790
> Change-Id: I12e9611a292e7dd912438c712390731a5422407d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897254
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74604}
Tbr: neis@chromium.org
Bug: v8:7790
Change-Id: Ica736a4afda2be7276508fe2f734293d0b9eeaf1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917606
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74774}
... to get better error messages.
Bug: v8:7790
Change-Id: I2296e78804e243177a7e984a0284561cd41c61bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917602
Commit-Queue: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74772}
This reverts commit 916eb86952.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20gcc/11805/overview
Original change's description:
> Reland "[wasm][bug] Fix a couple of bugs in validation of unreachable code"
>
> This is a reland of 4a037f871e
>
> Changes compared to original change: None. This seems not to create
> problems after all.
>
> Original change's description:
> > [wasm][bug] Fix a couple of bugs in validation of unreachable code
> >
> > Changes:
> > - SetBlockType now instantiates the block's start merge with values of
> > the correct type in unreachable code.
> > - EnsureStackArguments now keeps the existing stack values and moves
> > them over the new bottom values.
> > - Drop stack size validation in Drop().
> > - Add new tests in unreachable-validation.js.
> >
> > Change-Id: Ie68b3d9abb0a41d1623d4a123fb526e71941c4e7
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2902733
> > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#74650}
>
> Change-Id: Id620f7fb6677b772b0dcfd38108256384db44439
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905598
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74677}
Tbr: manoskouk@chromium.org
Change-Id: Ia24aa453735464bdd3aafca4617beabb0cbf8823
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917601
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74771}
In commit 4a5adb43ac, mips may allocate a
bit more memory than actually needed, and move the beginning of the
StackSlot in order to have it aligned.
After commit e639eafea3, we allocated
the memory that was actually needed, so we do not need extra alignment
anymore.
Change-Id: I4c4c01794ed1d2cc5b8c89196eae6834f0da0b6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917578
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#74770}
This CL assures builds with "v8_enable_webassembly = false"
compile successfully.
It is an addition on top of this original port:
e73c7b2199
Change-Id: Ic27b3006087e4d4de6fe599a9f469d1f80cf8a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2918136
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74769}
Implementation copied from d8. Gated behind a build-time flag.
Can be useful for debugging issues.
Change-Id: I444d625242b1fb8fe9139472a06cb1a90269401a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2906233
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74767}
For mprotect-based write protection of WebAssembly code memory, we open
{NativeModuleModificationScope}s each time a thread needs write-access
to the code space. While fine-grained switching is good for security
(the permission should only be granted for as short as possible,
especially since it is process-wide), this can degrade performance
considerably for two reasons (we measured up to 10x slower Liftoff
compilation time cf. having no write protection):
1. Switching permissions with mprotect() (and likely with similar
functions on non-POSIX platforms) is just inherently expensive due to
the syscall, modifying page tables, and potentially subsequent TLB
flushes. For a simple benchmark (compiling Unity with --liftoff-only)
--wasm-write-protect-code-memory increases the number of mprotect
syscalls from ~2.6-2.8k to 6-8k (!).
2. Modifying the permissions in {SetWritable()} is synchronized
across threads via the {NativeModule::allocator_mutex_}. With many fine-
grained permission switching requests, lock contention on this mutex
incurs a very high number of futex syscalls (measured on Linux only,
but the problem is likely a general one). For the same simple benchmark
as above (compiling Unity), --wasm-write-protect-code-memory increases
the number of futex syscalls from ~1k to 20-40k (!).
Both problems are fixed in the CL here, following this simple recipe
(in case we get more of these issues in the future):
1. Identify the hot syscall either via sampling-based profiling with
`sudo perf record -g -F10000 d8 ...` (needs sudo for kernel stacks) and
then looking into the record or a flamegraph, or with event-based
profiling with `sudo perf stat -g -e 'syscalls:sys_enter*' d8 ...`.
In particular, if {NativeModuleModificationScope}s are repeatedly
opened (behind a function) in a loop, this can be a problem.
2. Add a scope object outside of the loop, potentially to a function
upwards in the call hierarchy of the hot loop/function.
3. Remove the scope object in the innermost function/hot loop.
4. Check all callers of the hot function (which now no longer has a
scope object), whether additional scopes need to be added there for
correctness.
The following two offenders were especially visible in the profile:
- Most of the mprotect calls were coming from {PatchJumpTablesLocked}.
Pulled the scope object up into {PublishCode}.
- Most of the lock contention was caused by {AddCodeWithCodeSpace}.
There already was a scope object up the call chain in {AddCompiledCode}.
- Fixed scope inside the loop in {FreeCode} for good measure as well.
R=clemensb@chromium.org
CC=jkummerow@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng
Bug: v8:11663, chromium:932033
Change-Id: I89e4a1f0998f06e4d4b5e360e0bf81836d4240f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912786
Commit-Queue: Daniel Lehmann <dlehmann@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74763}
This patch constantize the table size, both for primary and secondary tables, whenever the table size
is known to never change.
By default WebAssebly tables can be grown indefinitely, but producers can specify a maximal limit.
In particular, producers can specify that the initial size of the table also correspond to the
maximum size, in which case the table cannot be grown and the size is constant.
This is a common case, for example when generating WebAssembly from a C++ codebase the list
of indirectly called function does not need, in general, to change at runtime.
Change-Id: I7f6bab60841ee8eb8bdfd996c34513f69b74d5d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912586
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74760}
Note: OutOfLineRecordWrite on arm/arm64 only takes "object" and "value"
as arguments. The currently can be the same and thus we don't add any
additional DHCECKs there.
Change-Id: I757d1f3ba9c0d0c5994ecedf26728454e32f41a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2916813
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74758}
This reland is a manual revert of the previous revert
(commit 815bab9faa). Manual
due to merge conflicts. No other changes.
Original change's description:
> [compiler] Remove one ObjectRef constructor
>
> Remove the handle-taking ObjectRef constructor in favor of
> (Try)MakeRef as bottleneck.
>
> Bug: v8:7790
> Change-Id: I3cc3a1dcef4bac53a91c573d1a532332b88c6eb4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883664
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74593}
Bug: v8:7790
Tbr: jgruber@chromium.org
Change-Id: Iafc68f68df06ca9f404427d272b663c218d6550a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917039
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74757}
Switches internals of BasePage and some getters to references that are
guaranteed non-null.
Bug: v8:11822
Change-Id: I484c4451720dc7e04f8b89dbe4fef03a3eaf817e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917038
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74756}
The spec uses the CreateDataProperty abstract operation to add
properties to the result object of Object.fromEntries.
Confusingly, the FastCreateDataProperty Torque macro is special-cased
for adding array element properties instead of generic keyed properties.
The slow path for FastCreateDataProperty goes to runtime, which was
being hit everytime in Object.fromEntries since the result object is not
an array.
This CL switches to using StorePropertyInLiteral instead, which
corresponds to the CreateDataProperty spec operation, and also has fast
paths that stay in CSA.
Bug: v8:11814
Change-Id: I72a6809bde556f0888806307816e200bd47edf8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2915755
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74755}
After https://crrev.com/c/2905605, input type might
also be a register in which case different number of instructions
get emitted. The number also changes if constant pool is
disabled.
Port: 54d84cf385
Change-Id: I9a7adb02de55caebaad552c1e15440c97b4384b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914055
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74754}
This was missing for transitioning stores.
Bug: chromium:1209558
Change-Id: Ib75d919ef748cffd12f0add09ac2718f434eb684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2916815
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74753}
ResetLinearAllocationBuffer() must be called as part of the marking
phase as it may free the current LAB which decreases live bytes which
previously could have caused an underflow.
Bug: chromium:1056170
Change-Id: I8a641fe340f5faf0dfad32cda84f796d0537134b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2917034
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74752}
This is a reland of 50cbeca9ac
Relanding as-is, only rebase-related changes. Reason for reland: was
speculatively reverted.
Original change's description:
> [codegen] Use builtin calls for TSANRelaxedStore
>
> Instead of calling the C function directly from codegen, we call a
> builtin that calls the C function. This is done to encapsulate the
> push/pop registers in the code in the builtin.
>
> Bug: v8:7790, v8:11600
> Change-Id: I4c77a80803d4eb44526b716901afe0e8ccbe077d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2892663
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74599}
Bug: v8:7790, v8:11600
Change-Id: Ide78ca82f38ee84bb7d24f5da2b4e8a8bd26621a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2914877
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74751}
This is a first step towards supporting unwrapped WasmObject objects on
JavaScript side.
In addition this CL
1) introduces Representation::WasmValue which is used for all WasmObject
fields exposed to JavaScript side.
2) adds creation of meaningful DescriptorArrays for WasmObject's Maps.
Bug: v8:11804
Change-Id: I4afcd39da5cb77b659943da54a2ca34d13bcc9bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912776
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74744}
