The provided page allocator will serve all the memory requests done by the virtual
memory object.
This is a necessary cleanup before introducing BoundedPageAllocator.
Bug: v8:8096
Change-Id: I95477d67e5f532013322a991db3ee1a1f2e821e6
Reviewed-on: https://chromium-review.googlesource.com/1210122
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55703}
Since https://crrev.com/c/1112003, the memory size is stored as size_t
instead of uint32_t in order to support 4GB memories.
This CL fixes Liftoff to load and handle that field as ptrsized field
instead of 32 bit integer.
Drive-by: Fix wrong machine type on Phi in TF wasm compiler.
R=titzer@chromium.org
Bug: v8:8130
Change-Id: I40a92a2c24f6311e05b5e2608a0902674a2ce411
Reviewed-on: https://chromium-review.googlesource.com/1206008
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55702}
The functionality of "FillFixedArrayWithSmiZero" got merged into
"AllocateZeroedFixedArray", making these calls superfluous.
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I5453ea4b16a1446717517fe1676d611d987ad0a3
Reviewed-on: https://chromium-review.googlesource.com/1212842
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55699}
- Removes workarounds in test-run-native_calls for ARM and
adds ARM 32-bit aliasing-aware register allocation.
- Uses wasm::LinkageAllocator instead of custom allocator to avoid
duplication of this logic.
- Fixes a problem in wasm::LinkageAllocator with high 16 VFP regs,
and makes member variable naming consistent.
Bug: v8:8015
Change-Id: Ie8bb8bad06bebce2cef3da0f6ad5c59d5f3b3b36
Reviewed-on: https://chromium-review.googlesource.com/1199907
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55696}
These methods were deprecated in 7.0, now we can remove them.
R=adamk@chromium.org
Bug: v8:7868
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I60badb378a055152bdd27aed67d11ddf74fce174
Reviewed-on: https://chromium-review.googlesource.com/1209283
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55695}
Previously explicit calls to external memory adjustment could yield in lowering
the limit below the initial default limit. The consequence is repeated useless
garbage collections when e.g. passing around ArrayBuffers.
Bug: chromium:880036
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I429f5adcd9ae523e5ac7621cf7976686b0dec71b
Reviewed-on: https://chromium-review.googlesource.com/1209784
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55694}
This CL adds CheckRange() which will be used in DCHECKs in BoundedPageAllocator
and renames "min_region_size" to "page_size" for better readability.
Bug: v8:8096
Change-Id: I62cf7a92e50d0a11d462a9fbc34ddc5eda5456e1
Reviewed-on: https://chromium-review.googlesource.com/1209284
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55692}
... like AllocatePage[s](), FreePages() and SetPermissions().
This CL also changes base::PageAllocator to cache AllocatePageSize and CommitPageSize
values returned by the OS.
This is a necessary cleanup before introducing BoundedPageAllocator.
Bug: v8:8096
Change-Id: Ifb7cdd2caa6a1b029ce0fca6545c61df9d281be2
Reviewed-on: https://chromium-review.googlesource.com/1209343
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55690}
If a web worker terminates while a wasm finisher task is scheduled, we
try to cancel that task even though the platform already deleted it.
This results in UBSan failures, ASan failures or crashes.
This CL fixes this by deregistering the foreground task when it is
deleted before being executed.
A layout test for this will be added to chromium in
https://crrev.com/c/1209602.
R=ahaas@chromium.org
Bug: chromium:875579
Change-Id: Icae43a9dcc6dc16c872851961894bf8bc0872de8
Reviewed-on: https://chromium-review.googlesource.com/1209344
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55689}
Also changes occurrences of 'length' with kLengthString.
R=mvstanton@chromium.org
Bug: v8:8015
Change-Id: Ida205a7d69939d7d3473e1ab8e82d0cdba4c8668
Reviewed-on: https://chromium-review.googlesource.com/1209302
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55686}
This reverts commit 34625fdb5a.
Reason for revert: Test caused timeout, investigating.
Original change's description:
> [Builtins] Array.prototype.forEach perf regression on dictionaries.
>
> An unnecessary call to ToString() on the array index caused trips to
> the runtime. The fix also includes performance micro-benchmarks so
> we'll have a harder time regressing this case in future.
>
> Bug: v8:8112
> Change-Id: Iada5bd2e3c6d2246fb1225e7094f3d9c66ddafbd
> Reviewed-on: https://chromium-review.googlesource.com/1206355
> Commit-Queue: Michael Stanton <mvstanton@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#55653}
TBR=mvstanton@chromium.org,tebbi@chromium.org
Change-Id: I21de9b9b33edf03f2173f579c4ba0fc3dfd8ff88
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8112
Reviewed-on: https://chromium-review.googlesource.com/1209288
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55681}
This adds the ability to add exception types to the export section of a
module and reference them via the local exception index. Currently the
export object then just contains the local index as a number, which is
only temporary until we have proper export wrappers for exceptions.
Also note that this tightens the restriction for the modules exception
section to be located in between the import and the export section.
R=clemensh@chromium.org
TEST=mjsunit/wasm/exceptions-export
BUG=v8:8091
Change-Id: Ie26081c3f94e71cb576057db7e45ec5bd0e112f9
Reviewed-on: https://chromium-review.googlesource.com/1206873
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55679}
Some helpers in array.js are now dead code after the recent changes
to array builtins (splice/unshift).
R=jgruber@chromium.org
Bug: v8:8015
Change-Id: I3e0c0280516b539533bcc3b21d84e448112e4ec7
Reviewed-on: https://chromium-review.googlesource.com/1208632
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#55678}
In jumbo builds, many files are compiled in the same translation
unit and share the same anonymous namespace. Now both gap_resolver.cc and
register-allocator.cc defined kFloat32Bit (a mask representation
of MachineRepresentation::kFloat32) which clashed if those
files were compiled together.
This patch inlines and removed one of the constants.
Change-Id: Ic79e077e62ce9866b6201ec61a9df1e66d5e4a13
Reviewed-on: https://chromium-review.googlesource.com/1206572
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Daniel Bratell <bratell@opera.com>
Cr-Commit-Position: refs/heads/master@{#55677}
This optional trybot runs all tests not run by the CQ bot, but run by
the CI release or debug bot.
TBR=sergiyb@chromium.org
NOTRY=true
Bug: v8:7285
Change-Id: Ifda294448ba92b8055a633ef1e26b4045a38f718
Reviewed-on: https://chromium-review.googlesource.com/1207852
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55676}
We use signed comparison when we compare the difference
between SP and stack limit to the size we are going to push,
but need to use unsigned comparison when we compare SP and
stack limit directly.
R=mvstanton@chromium.org
Bug: chromium:876210
Change-Id: I3ca5233677c42aebadb78920592a7c6d8e33a825
Reviewed-on: https://chromium-review.googlesource.com/1206870
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55675}
Currently, neither IsSharedCrossOrigin nor IsOpaque is set for an empty
script. Hence an exception thrown from it (e.g., an exception thrown
from native promise implementation) is treated as an error with
blink::kNotSharableCrossOrigin. On the other hand, as the script is
empty, there is no meaningful URL attached, which means the
ExecutionContext's URL is used as the script's name in
blink::SourceLocation::FromMessage. In other words, it works virtually
as same as blink::kSharableCrossOrigin corresponding to
ScriptOriginOptions with IsSharedCrossOrigin set and IsOpaque unset.
With this CL, a ScriptOriginOptions with IsSharedCrossOrigin is set
and IsOpaque is not set is attached to the empty script, as a
preliminary step to deprecate kNotSharableCrossOrigin.
Bug: chromium:875153,chromium:876248
Change-Id: I39279a43994337329b8bd9d28b6ca29f0ac30d9c
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1201689
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55673}
This CL implements a generic baseline version of Array.p.unshift
in Torque, enabling us to remove the JS fall-back.
The elements-accessor fast-path is still used, but the check whether
to use it is also moved to Torque.
Support for sparse JSArrays is removed.
Drive-by change: Small refactoring in builtins-array that will
get extended to other array builtins in a follow-up CL.
R=cbruni@chromium.org, jgruber@chromium.org
Bug: v8:7624
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7b23ce15e7b922eb333f61a408050dedec77c95a
Reviewed-on: https://chromium-review.googlesource.com/1189902
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55670}
Previously in the JS implementation, this would throw (on property
access) but this new behavior is more in line with how all the other
intl objects work.
Bug: v8:5751, chromium:880697
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I0bd073b2a0a6fc1eacd686083d8f1a72252cea53
Reviewed-on: https://chromium-review.googlesource.com/1207579
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55664}
Use pc relative code on poisoning to allow
relocation of bytecode handler. This is allow
v8_enable_embedded_bytecode_handlers on ppc.
Bug: v8:8068
Change-Id: I6e0a1e961e7e903f0935131cfc190c89c404cf67
Reviewed-on: https://chromium-review.googlesource.com/1205610
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Muntasir Mallick <mmallick@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#55660}
The Math.expm1() function can actually return -0, for example in the
case that -0 is passed to it.
Bug: chromium:880207
Change-Id: If3a7a3a1fb6a18075ba0d7816687dfd831ebe293
Reviewed-on: https://chromium-review.googlesource.com/1205072
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55657}
Allow mocking the limits for ArrayBuffer allocation to simulate operating
system OOM.
Fixes:
- Ensure OS limit > hard limit for external memory. This is necessary as
any processing below the hard limit is opportunistic. E.g. a running
sweeper may stall the current marking (GC) round.
- Immediately process AB allocations when under memory pressure. Otherwise,
the allocations may be stuck in a stalled task. Freeing them upon
adding them to the collector still enables parallelism if possible.
This reverts commit f3ad6cdb9c.
Bug: chromium:845409
Change-Id: Ic3e458f2af231bae3d53afcfd6002a0347d3f12b
Reviewed-on: https://chromium-review.googlesource.com/1206872
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55656}
This switches on a restricted register allocation for all
CSA-generated builtins on ia32, which treats the kRootRegister (=ebx)
as unallocatable.
A few builtins are explicitly excluded. These still need to be fixed
in follow-up CLs. But I'd like to bake this in now to ensure we don't
add more code that cannot handle restricted allocation.
All of this is still behind the (disabled-by-default on ia32)
v8_embedded_builtins configuration.
Bug: v8:6666
Change-Id: If5268aa00439406e1f4e0f7ee18496715a95fdd2
Reviewed-on: https://chromium-review.googlesource.com/1206874
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55654}
