This is the v8 side of changes; blink changes are at https://chromium-review.googlesource.com/c/chromium/src/+/809228
BUG=chromium:716320
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ia77764aed09dd609bf2304fe3c392a0e8ee16334
Reviewed-on: https://chromium-review.googlesource.com/847337
Reviewed-by: v8 autoroll <v8-autoroll@chromium.org>
Cr-Original-Commit-Position: refs/heads/6.5.123@{#1}
Cr-Original-Branched-From: 2a8e1e4a9470bc3a92c58fde069901497a3f3fed-refs/heads/master@{#50331}
Reviewed-on: https://chromium-review.googlesource.com/854395
Commit-Queue: Malcolm White <malcolmwhite@google.com>
Reviewed-by: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50699}
Remove final csp instances, missed in the earlier patch due to being outside
the arm64 tree.
Bug: v8:6644
Change-Id: I2b5a2716568949740991c368b64c0a06105e4ff2
Reviewed-on: https://chromium-review.googlesource.com/874310
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#50698}
This prepares to add the stress-marking flag on the infra side.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:6972
Change-Id: Ibee30beadb167d06fd7965dfd3cc05fb523158cb
Reviewed-on: https://chromium-review.googlesource.com/874350
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50697}
Remove an unused constructor and an unused field, and compute a more
tight {kMaxSize}.
Beside being a cleanup, this might sometimes allow us to allocate a
little bit less memory on 32 bit systems.
R=mstarzinger@chromium.org
Change-Id: Ibf8fef231325f1b9047e2c7f4c66430797729fc1
Reviewed-on: https://chromium-review.googlesource.com/873534
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50696}
It took me a while to understand that the {index} is actually a
signature index. This CL changes the name to {sig_index} to make this
more clear.
Drive-by: Fix a CHECK to check the canonical signature index instead of
the original index. This ensures that there is a canonical signature
index in the signature map.
Drive-by^2: Un-templatize a method.
R=titzer@chromium.org
Change-Id: Ifdaec59806c4d5c976170807596503d2874f04e4
Reviewed-on: https://chromium-review.googlesource.com/871190
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50695}
Fix 45833d9bb8
The original CL introduced new define V8_ENABLE_ALLOCATION_TIMEOUT
but this change hasn't been ported to GYP. This CL fixed this.
Change-Id: I37f9e958c704f12d5997034f25d216f269cbd25f
Reviewed-on: https://chromium-review.googlesource.com/873913
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50693}
This prepares a reland of https://crrev.com/c/869468.
Drive-by: Add a static_assert, also to document why
kV8MaxWasmMemoryPages was chosed to be slightly below 2GB.
R=titzer@chromium.orgCC=bradnelson@chromium.org
Bug: v8:6600
Change-Id: I6417bec191803c791fa5b218024ebcfde27e2aea
Reviewed-on: https://chromium-review.googlesource.com/873912
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50692}
- Add Map, WeakMap, Set, and WeakSet initial prototype maps to native context.
- Set and WeakSet constructors check whether prototype map differs from initial
before choosing the fast path.
Bug: chromium:798026
Change-Id: I5f9cc2463f89e17f06a66b565c625fce133d01fb
Reviewed-on: https://chromium-review.googlesource.com/853698
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50691}
On mips64, all arguments must be sign-extended, even unsigned types.
R=mstarzinger@chromium.org
CC=sreten.kovacevic@mips.com, ivica.bogosavljevic@mips.com
Change-Id: If5229d34e1da684928f54bbcf389bb8e472d7d61
Reviewed-on: https://chromium-review.googlesource.com/868651
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50689}
This adds a test-preparser cctest corresponding to the regression test added in
https://chromium-review.googlesource.com/865900
BUG=chromium:801772
Change-Id: I33d74e242fd765b91b7c148b9a0af4960a7b05ea
Reviewed-on: https://chromium-review.googlesource.com/870311
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50688}
Merge all of them to a single implementation, getting rid of all the
duplication.
R=marja@chromium.org
Change-Id: I5201e81ec64f3d7789df5e72bf58c85231cb348c
Reviewed-on: https://chromium-review.googlesource.com/868133
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50685}
This works around a bug in the libc++ implementation of bitset
(https://bugs.llvm.org/show_bug.cgi?id=35438) resulting in high
bits outside the bitset leaking through, breaking the ordering
invariant of PersistentMap::iterator. This did not surface so far
because the hash values used in escape analysis so far all only used
32 bits.
Bug:
Change-Id: I18ce703020bf1fb3e1b412edaa899fa1afe0bba0
Reviewed-on: https://chromium-review.googlesource.com/793613
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50684}
This removes the Javascript version of Array.of in js/array.js and adds
a CodeStubAssembler version in src/builtins/builtins-array-gen.cc.
Mostly this change is for code-health reasons but it also gives
performance improvements for nearly all cases with the exception of
"transplanted" arrays. E.g.
function ArrayLike {}
ArrayLike.of = Array.of
ArrayLike.of(...) is now slower in the perf tests. Most of this change
can be attributed to using CallRuntime(kSetProperty,...) to set the
length. The JS version can do better due to inline caches trained on
the same datatype for 1000s of iterations, but this kind of workload is
unlikely.
Change-Id: I18e5b19b185257e9e0d553e1183b40ba4a5d3289
Reviewed-on: https://chromium-review.googlesource.com/863625
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50680}
This is a further step to separate the implementation of the JavaScript
API from the internals of the WASM implementation. Now, wasm-js.cc
only needs to interact with the WASM engine and is (almost) independent
of module-decoder.h and module-compiler.h.
Also, move SyncCompileAndInstantiate() into wasm-module-runner.cc.
Bug: v8:7316
R=clemensh@chromium.org, mstarzinger@chromium.org
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I7765af54ac16f53a5ff88c17a22c5d36bacaf926
Reviewed-on: https://chromium-review.googlesource.com/870871
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50679}
With the current attempt, trying to iterate a const ZoneChunkList doesn't even
compile. See the bug for more info.
R=marja@chromium.org
Bug: v8:6473
Change-Id: I8de7e887398be7ba5da14dc540dd40b30df2c3fe
Reviewed-on: https://chromium-review.googlesource.com/868332
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50675}
This reverts commit db129b6525.
Reason for revert: blocks roll: https://chromium-review.googlesource.com/c/chromium/src/+/873150
Original change's description:
> [turbofan] Speculate on bounds checks for String#charAt and String#charCodeAt.
>
> With the new builtin optimization guard we can just speculatively assume
> that the index passed to String#charAt and String#charCodeAt (in optimized
> code) is going to be within the valid range for the receiver. This is
> what Crankshaft used to do, and it avoids Smi checks on the result for
> String#charCodeAt, since it can no longer return NaN.
>
> This gives rise to further optimizations of these builtins (i.e. to
> completely avoid the tagging of char codes), and by itself already
> improves the regression test originally reported from 650ms to
> 610ms.
>
> Bug: v8:7127, v8:7326
> Change-Id: Ia25a555c5c1a48d229c094b1ecd2487eec81e390
> Reviewed-on: https://chromium-review.googlesource.com/872850
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50667}
TBR=yangguo@chromium.org,bmeurer@chromium.org
Change-Id: I6d393a0797cac2fdfd67487a26ac1b178bd52813
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7127, v8:7326
Reviewed-on: https://chromium-review.googlesource.com/873355
Reviewed-by: Michael Hablich (vacation) <hablich@chromium.org>
Commit-Queue: Michael Hablich (vacation) <hablich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50672}
This is needed to easily port the constructor dispatcher to CSA.
Bug: v8:7102
Change-Id: I9672416495940ca12088a2980a9ecc61364aef9d
Reviewed-on: https://chromium-review.googlesource.com/785630
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50671}
This fuzzer randomly generates calls to regexp builtins, runs each on
the slow and fast path, and verifies that their result is the same.
Change-Id: Ia91b0c8afcdaf64835a9bb7b9a470610fbb75fc8
Reviewed-on: https://chromium-review.googlesource.com/833922
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50670}
With the new builtin optimization guard we can just speculatively assume
that the index passed to String#charAt and String#charCodeAt (in optimized
code) is going to be within the valid range for the receiver. This is
what Crankshaft used to do, and it avoids Smi checks on the result for
String#charCodeAt, since it can no longer return NaN.
This gives rise to further optimizations of these builtins (i.e. to
completely avoid the tagging of char codes), and by itself already
improves the regression test originally reported from 650ms to
610ms.
Bug: v8:7127, v8:7326
Change-Id: Ia25a555c5c1a48d229c094b1ecd2487eec81e390
Reviewed-on: https://chromium-review.googlesource.com/872850
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50667}
The calls in Chromium were removed in https://crrev.com/c/865160.
Bug: v8:7269, v8:7273, v8:7274
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Id68649c479483679bf97bc66c14ce8dfa3f7d05c
Reviewed-on: https://chromium-review.googlesource.com/868459
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50663}
This patch does not add any functionality, it just parses the private
fields. Adds a new harmony flag as well.
Bug: v8:5368
Change-Id: I71ce11868f458571eb57a4bc922223931ce5baa8
Reviewed-on: https://chromium-review.googlesource.com/862526
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50662}
We need to maintain TypeGuard nodes until the EffectControlLinearizer, because they can protect partial operations from floating above a check. In the linked bug, it was a DeadValue node that got scheduled too early.
In LoadElimination and EscapeAnalysis, the inserted TypeGuard nodes might depend on map checks on the effect chain. Thus TypeGuard has to be an effect chain node too.
Bug: chromium:800929
Change-Id: Icdcff96a2273d96b7f8cd6f85511ad62c1cb129a
Reviewed-on: https://chromium-review.googlesource.com/860405
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50661}
This is the first in a series of CLs that will separate the JS API
from the implementation of WebAssembly by bottlenecking interactions
through the WasmEngine. In the long run, the JS API and much of V8
should rely only on the WasmEngine interface, which will represent
the "public interface" for embedding WebAssembly.
Next: hide compilation-related methods behind WasmEngine.
Bug: v8:7316
Change-Id: I93404f0dc8a201ae99d30b4c1ca34606e3dddbca
Reviewed-on: https://chromium-review.googlesource.com/868590
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50660}
This will switch on various testing features in sanitizer builds and
for correctness fuzzer builds.
Currently we group enabling the slow-path runtime flag and allocation
timeout for atomic gc stress, but more features could be added in the
future.
This will enable gc fuzzer, clusterfuzz and correctness fuzzer to use
both slow-path and atomic gc stress in release sanitizer builds.
Bug: v8:6972
Change-Id: I5cade68241a8a0711f8a388be7e1543aab0035fa
Reviewed-on: https://chromium-review.googlesource.com/869932
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50656}
For memory tracing, output a 'T' for Turbofan code and an 'L' for
Liftoff code. To do this, the WasmCodeWrapper now has some dispatch
functions which work for both on-the-heap and off-the-heap code.
We can probably refactor more code by having this mechanism.
Since the output of --wasm-trace-memory differs now between Turbofan
and Liftoff, the message test is split in two.
R=titzer@chromium.orgCC=mstarzinger@chromium.org
Bug: v8:6600
Change-Id: Ic5fd18c631f5c8aaad19d639df75b18098895b5a
Reviewed-on: https://chromium-review.googlesource.com/868214
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50655}
This is a workaround for false positive race reported by TSAN.
Bug: v8:7315
Change-Id: I55712010dc5386a58b5ef7d48043e474f4b89bb9
Reviewed-on: https://chromium-review.googlesource.com/869672
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50654}
This adds support for tracing memory operations in code compiled with
Liftoff. This is the first runtime call we emit from Liftoff code, so
part of this code can be reused for other runtime calls.
Drive-by: Reuse outer compilation zone (avoid one Zone allocation).
Bug: v8:6600, v8:7210
Change-Id: I8b22088d0685338d533d328cb371384210e0ed22
Reviewed-on: https://chromium-review.googlesource.com/864663
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50652}
