This removes several GetIsolate calls from Map:: methods and instead
passes the Isolate in. This is a very noisy change but mostly it is just
adding Isolate to method declarations and forwarding it on.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I159505e50a9462d01066f14da0fcc29762bd5531
Reviewed-on: https://chromium-review.googlesource.com/1075267
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53826}
This CL changes all ArraySort benchmarks to execute the setup
function for each iteration (one run call), instead of only once for
all iterations.
Even though we now also measure the time needed to copy and prepare
the array, this is needed, otherwise we would mainly measure sorting
already sorted arrays.
R=cbruni@chromium.org, jgruber@chromium.org
Change-Id: I2e0e301b52b0288b8c825c3c8401c348c4a0dee7
Reviewed-on: https://chromium-review.googlesource.com/1105045
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#53825}
TurboFan returned null handles if compilation did not succeed. This CL
changes that to a MaybeHandle to make it explicit that client code needs
to handle the error.
Bug: v8:7856
Change-Id: I6087e6263faa1150b9788213dd22c398b4a2fc2d
Reviewed-on: https://chromium-review.googlesource.com/1104688
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53824}
We want to remove GetIsolate calls, but this particular one is safe
and necessary to avoid either storing the isolate in the parser/scopes,
or passing it through as a parameter throughout the parser.
Bug: v8:7786
Change-Id: I07765f5c20b2c9925bb0b980bc9fe850c91d7811
Reviewed-on: https://chromium-review.googlesource.com/1104685
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53822}
Replace all but one Handle<T*>(T*) calls with ones that explicitly pass
in an Isolate.
Requires plumbing Isolate* through several Parser functions which
previously avoided it because of worries about accessing the heap off
the main thread. In all off-main-thread cases, isolate will be nullptr
and every such function asserts with:
DCHECK_EQ(parsing_on_main_thread_, isolate != nullptr);
Also deletes unused function ParseInfo::ReopenHandlesInNewHandleScope.
Bug: v8:7786
Change-Id: I3dd9c49dcde49fdbcb684ba73f47a30d00fc495e
Reviewed-on: https://chromium-review.googlesource.com/1087272
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53820}
This makes sure slow dchecks are part of the snapshot when the compile
time flag is set. It'll also obviate the need to set the runtime flag
in general, making configurations simpler.
It's still possible to opt out at runtime for the non-snapshot dchecks
using the negated runtime flag.
Bug: v8:7853
Change-Id: Iadfc46ed691d32e9d39717e2ea0383e784660d1d
Reviewed-on: https://chromium-review.googlesource.com/1105050
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53819}
Bump limit for isolate creation in cctest; the test started crashing recently
on nosnap.debug builds, hence we bump the limit.
Bug: v8:7856
Change-Id: I7c2396c7f112a2ed7fc189f0fa72658e0ed75050
Reviewed-on: https://chromium-review.googlesource.com/1104691
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53816}
This reverts commit 380dba0a5c.
Reason for revert: Fails gc-stress: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Mac64%20GC%20Stress/1471
Original change's description:
> [runtime][gc] Drop AllocationSite::weak_next field for sub-literals
>
> Use AllocationSite without Weaknext field for all the allocations in nested
> literal except for Root. The nested field is sufficient to link all the
> allocations in a nested literal. Only the Root is added to heap weak_alloc_list
> for GC to traverse
>
> Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
> Reviewed-on: https://chromium-review.googlesource.com/1101323
> Commit-Queue: Chandan Reddy <chandanreddy@google.com>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53813}
TBR=ulan@chromium.org,cbruni@chromium.org,chandanreddy@google.com
Change-Id: Icc87027f14f917da3033db256c2535e08e2a4a34
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1105159
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53815}
This CL adds a 'constexpr String' type to Torque, which gets compiled
to 'const char*'.
It makes it easier to pass strings around in Torque files,
especially when trying to Print() them.
Bug: v8:7793
Change-Id: I2d4feac7012f5401f2b467475f8df086e46ac18a
Reviewed-on: https://chromium-review.googlesource.com/1104466
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53814}
Use AllocationSite without Weaknext field for all the allocations in nested
literal except for Root. The nested field is sufficient to link all the
allocations in a nested literal. Only the Root is added to heap weak_alloc_list
for GC to traverse
Change-Id: I946e63292c6d168197cd2a087f697c73cc431272
Reviewed-on: https://chromium-review.googlesource.com/1101323
Commit-Queue: Chandan Reddy <chandanreddy@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53813}
This CL enables out-of-bounds checks for debug builds when loading or
storing FixedArray elements. Since "--enable-slow-asserts" is not passed
through to mksnapshot, the OOB checks were basically never executed.
Bug: v8:7853
Change-Id: I81bdd9ac04868f9ffc362c3f4fd8fa3ddd122ee1
Reviewed-on: https://chromium-review.googlesource.com/1103568
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53812}
This CL fixes a bug that allowed OOB read/stores on fastpaths when
a comparison function caused the underlying FixedArray to change
while keeping the elements kinds and size property on the original
JSArray the same.
R=jgruber@chromium.org
Bug: chromium:852592
Change-Id: I09af357d10e7f41e75241e4c87430fc9aa806f8c
Reviewed-on: https://chromium-review.googlesource.com/1104158
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53811}
This reverts commit 733b7c8258.
Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659
Original change's description:
> [wasm] Introduce jump table
>
> This introduces the concept of a jump table for WebAssembly, which is
> used for every direct and indirect call to any WebAssembly function.
> For lazy compilation, it will initially contain code to call the
> WasmCompileLazy builtin, where it passes the function index to be
> called.
> For non-lazy-compilation, it will contain a jump to the actual code.
> The jump table allows to easily redirect functions for lazy
> compilation, tier-up, debugging and (in the future) code aging. After
> this CL, we will not need to patch existing code any more for any of
> these operations.
>
> R=mstarzinger@chromium.org, titzer@chromium.org
>
> Bug: v8:7758
> Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
> Reviewed-on: https://chromium-review.googlesource.com/1097075
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53805}
TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com
Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7758
Reviewed-on: https://chromium-review.googlesource.com/1105157
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53807}
Now TFJ builtins can use their own descriptors so there's no need to
keep the hacky BuiltinDescriptor around.
Bug: v8:7754
Change-Id: Ia7f23a21fb979370fd2149fef13186b83a3d5d30
Reviewed-on: https://chromium-review.googlesource.com/1104428
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53806}
This introduces the concept of a jump table for WebAssembly, which is
used for every direct and indirect call to any WebAssembly function.
For lazy compilation, it will initially contain code to call the
WasmCompileLazy builtin, where it passes the function index to be
called.
For non-lazy-compilation, it will contain a jump to the actual code.
The jump table allows to easily redirect functions for lazy
compilation, tier-up, debugging and (in the future) code aging. After
this CL, we will not need to patch existing code any more for any of
these operations.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7758
Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
Reviewed-on: https://chromium-review.googlesource.com/1097075
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53805}
Move Slot recording to concurrent and incremental marking phase and
out of the atomic pause. Records more slots to remove
slot recording completely from the pause.
Bug: chromium:844008
Change-Id: I13ba20b4839990134dc37bd909fb0a2d66e13c64
Reviewed-on: https://chromium-review.googlesource.com/1104348
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53804}
Currently each isolate stores its own array of
{CallInterfaceDescriptorData}. This array has size 173, and each entry
has 40 bytes. That's already 7kB per isolate.
Additionally, each {CallInterfaceDescriptorData} allocates two
heap-allocated arrays, which probably add up to more than the static
size of the {CallInterfaceDescriptorData}. Note that all the
{CallInterfaceDescriptorData} instances are initialized eagerly on
isolate creation.
Since {CallInterfaceDescriptor} is totally isolate independent itself,
this CL refactors the current design to avoid a copy of them per
isolate, and instead shares them process-wide. Still, we need to free
the allocated heap arrays when the last isolate dies to avoid leaks.
This can probably be refactored later by statically initializing more
and avoiding the heap allocations all together.
This refactoring will also allow us to use {CallInterfaceDescriptor}s
from wasm background compilation threads, which are not bound to any
isolate.
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:6600
Change-Id: If8625b89951eec8fa8986b49a5c166e874a72494
Reviewed-on: https://chromium-review.googlesource.com/1100879
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53803}
For now we keep params since NewSloppyArguments uses it to figure out how to structure the arguments object. We should be able to only keep params in case we have a special case though. E.g., leaf functions with no duplicate parameters don't need special treatment. Or we simply encode the parameter index for each context slot. (I'm not sure duplicates need special treatment.)
Change-Id: Icfbb844e5331aeb93c50bc07edd58246c8aeb1d7
Reviewed-on: https://chromium-review.googlesource.com/1104420
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53802}
We currently store the {WasmModule} (generated during decoding) in a
unique_ptr and pass ownership to the {WasmModuleObject} after
compilation.
I plan to move the {Managed<NativeModule>} from {WasmCompiledModule} to
{WasmModuleObject}, which will force us to create the
{WasmModuleObject} *before* compilation, so that the {CompilationState}
is available during compilation.
This CL prepares that refactoring by storing the {WasmModule} in a
{shared_ptr} in the {AsyncCompileJob}. Note that it will eventually be
stored in a {shared_ptr} in the {Managed} anyway.
R=titzer@chromium.org
Change-Id: Iac5e3c1067af2801e938f77a455a68807801526a
Reviewed-on: https://chromium-review.googlesource.com/1104117
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53801}
This CL completely reimplements the DataView setters in Torque, and
removes the former C++ runtime implementation.
Change-Id: I66cdd35712e46f3931d6530a4512fa3c8eb3b3bf
Reviewed-on: https://chromium-review.googlesource.com/1104162
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53800}
Reading up on the bug description, this is a test
that is triggered by TurboFan execution. This can
be done with natives and does not need excessive
loop iterations. Additionally, we have a more specific
regression test for the original issue in the repo:
http://crrev.com/c/584837
Bug: v8:7783
Change-Id: Id022b515b663e6fb897acb29f43ef92b70b547b8
Reviewed-on: https://chromium-review.googlesource.com/1101018
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53799}
This adds an overload of JSGraph::Constant that takes an ObjectReference
rather than a Handle<Object>.
ObjectReference is a new superclass of HeapReference.
Also several refactorings and renaming, e.g.:
- Rename HeapReference to HeapObjectRef.
- Rename ContextHeapReference to ContextRef.
- ...
- Rename HeapReferenceType to HeapObjectType.
Bug: v8:7790
Change-Id: Id3e567cbaf7c326189b99b2fd4ced6bff02f9640
Reviewed-on: https://chromium-review.googlesource.com/1104337
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53797}
This CL also adds macros for defining JS-compatible interface descriptors that
has additional parameters.
ArrayConstructorDescriptor is redefined using the new macros.
Bug: v8:7754
Change-Id: Id39cac9f234666576f35de755d11aba198248bea
Reviewed-on: https://chromium-review.googlesource.com/1100833
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53796}
The test test-api/InitializeDefaultIsolateOnSecondaryThread1 has been
failing since at least 6.8, but our infra only recently realized that.
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
Bug: v8:7856
Change-Id: I8cbfd4ea554bb32c50c01d437efa5b18f60c2fde
Reviewed-on: https://chromium-review.googlesource.com/1104458
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53795}
This is a preliminary step before removing BuiltinDescriptor.
Bug: v8:7754
Change-Id: I752134aa29431e5773c9813361a3c6bda6f8872d
Reviewed-on: https://chromium-review.googlesource.com/1104169
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53794}
The operator<< for Signature objects in Torque incorrectly counted
the number of named parameters instead of the total number
of parameters when displaying them.
This would cause the displayed signature to be "()" when no
parameters were named, instead of the actual signature.
Change-Id: I32572da5f5a378b71749515d89429172129bbcb9
Reviewed-on: https://chromium-review.googlesource.com/1104172
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Théotime Grohens <theotime@google.com>
Cr-Commit-Position: refs/heads/master@{#53792}
We currently have a system where the protected instructions are
unregistered when the last instance dies, and registered again on the
next instantiation. This is triggered by {WasmCompiledModule::Reset}.
Since the reference to the {NativeModule} will move to the
{WasmModuleObject}, and this object stays alive even if the last
instance dies, this will become hard to maintain.
It will also make it harder to share wasm code across isolates.
This CL refactors this to register trap handler data once when the code
is added to the {NativeModule}, and releases it if the code dies.
R=mstarzinger@chromium.org
CC=eholk@chromium.org
Bug: v8:5277
Change-Id: I3f1b336095230b255f3849c271b37b62f2b96cd6
Reviewed-on: https://chromium-review.googlesource.com/1103567
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53791}
This is a step towards avoiding materializing function_ altogether if we deoptimize. Typically we only need the SharedFunctionInfo.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Idee78f02d1afe3d2cb70e93a6d96a5a33907f892
Reviewed-on: https://chromium-review.googlesource.com/1100474
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53789}
It only has one call size ({CompileToModuleObject}), which just tail
calls into {CompileToModuleObjectInternal}. Thus, merge the two.
R=titzer@chromium.org
Bug: v8:7754
Change-Id: I6344f257279f049fd6cab51114988f7e1c019272
Reviewed-on: https://chromium-review.googlesource.com/1104157
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53787}
Instead of instantiating each function multiple times, just call out to
a common function, passing the variadic number of arguments in an
initializer list.
R=tebbi@chromium.org
Bug: v8:7754
Change-Id: Idb2d77cef7cf8e590de6aa3cea02c0e0773da45f
Reviewed-on: https://chromium-review.googlesource.com/1101689
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53785}
Return the raw Object* when accessing the constant pool of bytecode
with the bytecode array accessor, to avoid needing an isolate there.
If the returned value needs to be a handle, we create the handle
later.
Bug: v8:7786
Change-Id: Ifeac2a06f0383230bf7e9bfc1b751d9750ecfb51
Reviewed-on: https://chromium-review.googlesource.com/1102334
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53784}
By now we no longer emit calls with {RelocInfo::CODE_TARGET} as part of
WebAssembly code. Hence the requirement to block sharing of code targets
disappeared and the support can be dropped.
R=jarin@chromium.org
Change-Id: I6df026cd05769ddaa6ea8df5a7b17b62e8a7c373
Reviewed-on: https://chromium-review.googlesource.com/1100889
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53782}
Current situation: When calling a macro with the wrong parameter types
the error message will say "macro not found".
This CL changes the message to "macro with parameter types not found"
and lists possible candidates.
R=tebbi@chromium.org
Bug: v8:7793
Change-Id: I6724c4030cbbf4ca1af008b33797b2dd9d18808b
Reviewed-on: https://chromium-review.googlesource.com/1101694
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53780}
The FuzzAssemble* tests rely on two CSA functions which are relatively big. And
with the --enable-slow-asserts flag they get so big that the register
allocator's memory consumption becomes a problem. Let's just override this flag.
Bug: v8:7819, v8:6848, v8:7842
Change-Id: I95db59b9c788aa665d04339892b2e0b5d92d9a89
Reviewed-on: https://chromium-review.googlesource.com/1093315
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#53779}
