For checks and assertions (mostly for debug code, like stack alignment
or zero extension), we had two modes: Emit a call to the {Abort}
runtime function (the default), and emit a debug break (used for
testing, enabled via --trap-on-abort).
In wasm, where we cannot just call a runtime function because code must
be isolate independent, we always used the trap-on-abort behaviour.
This causes problems for our fuzzers, which do not catch SIGTRAP, and
hence do not detect debug code failures.
This CL introduces a third mode ("hard abort"), which calls a C
function via {ExternalReference}. The C function still outputs the
abort reason, but does not print the stack trace. It then aborts via
"OS::Abort", just like the runtime function.
This will allow fuzzers to detect the crash and even find a nice error
message.
Even though this looks like a lot of code churn, it is actually not.
Most added lines are new tests, and other changes are minimal.
R=mstarzinger@chromium.org
Bug: chromium:863799
Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
Reviewed-on: https://chromium-review.googlesource.com/1142163
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54592}
The most important point of IWYU (include-what-you-use) is that each
header includes everything it is using, so that whoever includes that
header does not need to additionally include other things.
This CL adds a script which generates files to automatically check this.
It is automatically invoked during "gclient runhooks" if the
"check_v8_header_includes" variable is set. This script generates a
number of .cc files in the "check-header-includes" directory, together
with a "sources.gni" file which lists all the generated cc files. Each
file includes one header.
If additionally the gn args "v8_check_header_includes" is set, this gni
file is included, and all the generated CC files will be compiled. This
will detect violations of the aforementioned IWYU rule.
R=titzer@chromium.org, machenbach@chromium.org
Bug: v8:7754, v8:7965
Change-Id: Id1cf256507052c3a9ea82f8c80ea1c0385457e31
Reviewed-on: https://chromium-review.googlesource.com/1145199
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54590}
string-builder.h was using functions defined in *-inl.h and that's not allowed.
BUG=v8:7754,v8:7490
Change-Id: I442ff761f3a5799b60c0d02f7130bf694dca9b1b
Reviewed-on: https://chromium-review.googlesource.com/1145185
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54589}
Adds an Isolate::FromWritableHeapObject method, with a bool return value
and Isolate* out parameter, and replace most accesses to Isolate via
MemoryChunk (which handle objectsin ROSpace rather than just failing) to
use that instead.
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idb472a3d6037deed92e6fa8c8a7a1a14293e2462
Reviewed-on: https://chromium-review.googlesource.com/1144933
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54579}
This function has been deprecated for month by now.
R=ulan@chromium.org
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I19d1b41bad2849b7f3d4d6684dc6f0f80af081f0
Reviewed-on: https://chromium-review.googlesource.com/1144922
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54575}
This is a reland of 0f2d22dd22
Original change's description:
> [wasm] Improve module code size sampling approach.
>
> This samples module code sizes at GC time instead of during destruction.
> It hence makes sure that we also receive samples for long-lived modules
> which would otherwise die with the Isolate and never be finalized. Note
> that this approach is still biased and just a stop-gap until we have a
> sampling tick based on actual wall-clock time.
>
> R=clemensh@chromium.org
>
> Change-Id: I9558d383a5aada8876bc9cbf63baca771dbe5c28
> Reviewed-on: https://chromium-review.googlesource.com/1141866
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54554}
Change-Id: I1863e94bbe91c89c248ddf8fc700ff91bc3593b2
Reviewed-on: https://chromium-review.googlesource.com/1143344
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54572}
Chrome-crash tells me that occasionally a function gets stripped of an
initial map entirely (e.g. report 917de3c31d0e0d9b).
R=jarin@chromium.org
Change-Id: Ie0103695c4801a4c2cbc488af91c3d580efe4eab
Reviewed-on: https://chromium-review.googlesource.com/1143483
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54568}
This will simplify the optimizing compiler (no need to pretenure
COW arrays when compiling).
Bug: v8:7790
Change-Id: I7502f43c6b6f7e10bce8536352462731083b5bef
Reviewed-on: https://chromium-review.googlesource.com/1143466
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54566}
Currently AtomicStores use AtomicExchange to store to memory, but
AtomicExchange produces an output that is ignored by the AtomicStore
visitor, a side effect of this is that a register already in use gets
overwritten by the output of the exchange.
BUG:v8:7602
Change-Id: I4ec3107a0a27503611e349e6f56ca9492d05d9f8
Reviewed-on: https://chromium-review.googlesource.com/1134576
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54565}
Uses the new Isolate version of methods.
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I1a38dd61d10899ae33ef796f4f443b11640315c2
Reviewed-on: https://chromium-review.googlesource.com/1143861
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54563}
CHECK is accessing 1 byte across object boundary because
*expect and *actual will return the object address with
tag. And memcmp should return 0 if we expect (expected == actual)
R=cbruni@chromium.org, gsathya@chromium.org, ishell@chromium.org
Bug: v8:6443, v8:7569
Change-Id: I316e450a80400cea4c9394dbe470932a1f30cea5
Reviewed-on: https://chromium-review.googlesource.com/1142351
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#54561}
This CL changes Array.p.fill to use the baseline implementation
for everything other than JSArray.
One of the reasons is that shadowing the length property on
TypedArrays (and other ElementsKinds) is allowed and should be
respected by Array.p.fill. The fast-path for fill for TypedArrays
expects the indices to be clamped to the actual length of the
underlying backing store and not to some length property.
While this mismatch (and others) could probably be handled properly,
we do the conservative thing and only use the fast-path for specific
JSArrays.
R=jgruber@chromium.org
Bug: chromium:865312
Change-Id: Ib3050e3bfc22d47ca8597b6df34788dc2b59b6e1
Reviewed-on: https://chromium-review.googlesource.com/1142772
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54558}
This reverts commit 0f2d22dd22.
Reason for revert: Caused a race discovered by TSAN.
Original change's description:
> [wasm] Improve module code size sampling approach.
>
> This samples module code sizes at GC time instead of during destruction.
> It hence makes sure that we also receive samples for long-lived modules
> which would otherwise die with the Isolate and never be finalized. Note
> that this approach is still biased and just a stop-gap until we have a
> sampling tick based on actual wall-clock time.
>
> R=clemensh@chromium.org
>
> Change-Id: I9558d383a5aada8876bc9cbf63baca771dbe5c28
> Reviewed-on: https://chromium-review.googlesource.com/1141866
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54554}
TBR=ulan@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: Ie1fc99ad0ef36b30a73cc464808ce7679a0f15df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1143284
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54557}
This reverts commit 941d5f960e.
Reason for revert: Regressed performance tests https://bugs.chromium.org/p/chromium/issues/detail?id=864540
Original change's description:
> [turbofan] Remove optimization for Cons strings
>
> We used to have an optimized version for nodes that are concatenating
> two strings which was allocating an object on the heap, therefore
> preventing this code from being executed on the compiler thread.
> Octane benchmark results show insignificant increase in performance
> (< 0.5%) without this optimization - see
> https://docs.google.com/spreadsheets/d/1MC5NrMoMSsqxZqw0ojoZvomBb7q2EOt1S0sFoJ8ld2c/edit?usp=sharing
> which leads to the conclusion we can safely remove the optimization for now.
>
> Bug: v8:7790
> Change-Id: I6492c6a76118cac568d28805995d55c5360bb123
> Reviewed-on: https://chromium-review.googlesource.com/1138246
> Reviewed-by: Georg Neis <neis@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54467}
TBR=jarin@chromium.org,neis@chromium.org,mslekova@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7790
Change-Id: I20a8a11e40bcd2bcfaf58154a1ab5e4daa7a25e4
Reviewed-on: https://chromium-review.googlesource.com/1143144
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54556}
This samples module code sizes at GC time instead of during destruction.
It hence makes sure that we also receive samples for long-lived modules
which would otherwise die with the Isolate and never be finalized. Note
that this approach is still biased and just a stop-gap until we have a
sampling tick based on actual wall-clock time.
R=clemensh@chromium.org
Change-Id: I9558d383a5aada8876bc9cbf63baca771dbe5c28
Reviewed-on: https://chromium-review.googlesource.com/1141866
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54554}
Instead of repeating it in every configuration, just add it to the
common FLAGS.
R=machenbach@chromium.org
Change-Id: I93e7ef0f0ad55bfe0a0e24f50d5a73d4658d7554
Reviewed-on: https://chromium-review.googlesource.com/1141733
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54552}
The data of an ArrayBuffer lives at backing_store(), not at
allocation_base(), which is just used as the pointer to free when the
buffer is unreachable.
Change-Id: Id6157ec4cf5b42631461327b3e6078fe25d20c57
Reviewed-on: https://chromium-review.googlesource.com/1143189
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54551}
Change many uses of deprecated methods returning Locals to use the
MaybeLocal versions.
Also fix uses of Utf8Length to use the Isolate versions.
Bug: v8:7754
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib89df12e6cc5ca50296d21b2bb51a3f3ed065dd4
Reviewed-on: https://chromium-review.googlesource.com/1142779
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54550}
Instead of having a separate liftoff config, which is tested against
the default (which currently means tier-up from liftoff to turbofan),
just choose reasonable liftoff configs for the existing configs.
'ignition' now implies pure liftoff execution.
'ignition_turbo_opt' always compiles with turbofan.
Other configs use the default (tier up).
R=machenbach@chromium.org
Bug: chromium:824098, v8:6600
Change-Id: I92c008fc1b1fa54d3161fb5695a095127d6ac263
Reviewed-on: https://chromium-review.googlesource.com/1141731
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54548}
This CL replaces all std::endl in implementation-visitor
since std::endl flushes the stream (which is not necessary).
R=tebbi@chromium.org
Bug: v8:7754, v8:7793
Change-Id: Ic4b43905280020a99cb405cc90440b2adb679839
Reviewed-on: https://chromium-review.googlesource.com/1142780
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#54546}
This reverts commit 9eca23e9ed.
Reason for revert: Clusterfuzz correctness issue
Original change's description:
> [turbofan] Inline Number constructor in certain cases
>
> This CL adds inlining for the Number constructor if new.target is not
> present. The lowering is BigInt compatible, i.e. it converts BigInts to
> numbers.
>
> Bug: v8:7904
> Change-Id: If03b9f872d82e50b6ded7709069181c33dc44e82
> Reviewed-on: https://chromium-review.googlesource.com/1118557
> Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54454}
TBR=jarin@chromium.org,neis@chromium.org,sigurds@chromium.org,bmeurer@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7904
Change-Id: Ie5fa6c1262b8acc33edb672a0124f4458fcded86
Reviewed-on: https://chromium-review.googlesource.com/1142777
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54544}
Remove the function identifier field from SharedFunctionInfo. This field
would store one of a) the function's inferred name, b) the "builtin
function id", or c) debug info. We remove these in turn:
a) The function's inferred name is available on the ScopeInfo, so like
the start/end position we read it off either the ScopeInfo (for
compiled functions) or the UncompiledData (for uncompiled functions).
As a side-effect, now both UncompiledData and its subclass,
UncompiledDataWithPreparsedScope, contain a pointer field. To keep
BodyDescriptors manageable, we introduce a SubclassBodyDescriptor
which effectively appends two BodyDescriptors together.
b) The builtin function id is < 255, so we can steal a byte from
expected no. of properies (also <255) and store these together.
Eventually we want to get rid of this field and use the builtin ID,
but this is pending JS builtin removal.
As a side-effect, BuiltinFunctionId becomes an enum class (for better
storage size guarantees).
c) The debug info can hang off anything (since it stores the field it
replaces), so we can attach it to the script field instead.
This saves a word on compiled function (uncompiled functions
unfortunately still have to store it in UncompiledData).
Bug: chromium:818642
Change-Id: I8b4b3a070f0fe328aafcaeac58842d144d12d996
Reviewed-on: https://chromium-review.googlesource.com/1138328
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54543}
