MaybeObjectHandle already has an API for making a weak pointer.
BUG=v8:7308
Change-Id: I9f8390e0dffec850a24391e7f50a455b86b217f5
Reviewed-on: https://chromium-review.googlesource.com/1125922
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54247}
In the WebAssembly fuzzers we detect infinite loops with the
interpreter: if the interpreter does not finish after a finite number
of steps, we do not execute the compiled code. However, we cannot
redirect the start function to the interpreter in the fuzzer, and
therefore we cannot detect infinite loops in the start function. With
this CL we avoid the problem completely by not instantiating a module
in the fuzzer which has a start function. Note that the module still
gets compiled.
R=clemensh@chromium.org
Bug: chromium:858914
Change-Id: Icbbe9a003544918d5267cdd1d9405b21bb681133
Reviewed-on: https://chromium-review.googlesource.com/1126766
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54246}
Replace Is<oddball>(GetIsolate()) calls with a no-parameter version
that goes through ReadOnlyRoots, and add a version that takes a
ReadOnlyRoots if that is available in the parent (but Isolate isn't).
Also opportunistically clean up a few places where ReadOnlyRoots are
available but we still pass in an Isolate parameter.
TBR=yangguo@chromium.org
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Icc0b8a7d8f9c6b84c0ec8fe771fcfb75c9dc5468
Reviewed-on: https://chromium-review.googlesource.com/1126302
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54245}
Mips and mips64 generate non-position-independent trampolines once code
exceeds 128K in size. This is a quick fix for failing bots, disabling
the ten largest builtins.
TBR=machenbach@chromium.org
Bug: v8:7882, v8:7920
Change-Id: I027ff8452f927f890773210fb99853adf4934bbc
Reviewed-on: https://chromium-review.googlesource.com/1126923
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54244}
This is a port of e5630ea9:
"[builtins,x64] pc-relative builtin-to-builtin calls".
Bug: v8:6666
Change-Id: Id53bf45c6a4fedb1c972ced72984b6673808ee96
Reviewed-on: https://chromium-review.googlesource.com/1126249
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#54243}
This is a reland of 2265a852b4
Original change's description:
> [snapshot] Reduce serialization chunk size to 4K.
>
> This change may slow down deserialization of the snapshot but may result in less fragmentation.
>
> Bug: v8:7887
> Change-Id: Id8bb9f1a561b08b7ae0f10b80aa77bc00eb23172
> Reviewed-on: https://chromium-review.googlesource.com/1125722
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54198}
TBR=hpayer@chromium.org
Bug: v8:7887
Change-Id: If03f241a80341cb053190c5bc0451fe9a032e1a8
Reviewed-on: https://chromium-review.googlesource.com/1126899
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54241}
Now that ReadOnlyRoots is used everywhere to access the read-only roots,
this makes the Heap accessors for such roots private.
It also adds tests that the roots reachable from ReadOnlyRoots are all
in RO_SPACE as well as tests that the roots still publicly accessible
from Heap are not in RO_SPACE. There's a white list in the file for
the few roots where the root pointer itself can change. (For instance
materialized_objects points to empty_fixed_array to start with before
before later pointing to a mutable array).
Also fixes up new use of heap->empty_fixed_array() in elements.cc added
since I cleaned it up.
Bug: v8:7786
Change-Id: I9ac7985c9f85910b5b22d2f9f559dfd04d43ed44
Reviewed-on: https://chromium-review.googlesource.com/1126252
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54240}
We can actually prepare everything in the background, all that remains
to do in the finisher task (on the main thread) is actually adding the
code to the {NativeModule}.
As a next step, even that should happen in the background.
R=mstarzinger@chromium.org
Bug: v8:6600
Change-Id: I570f99a9aa7dc7e324046da36cca9b4297f1bc5e
Reviewed-on: https://chromium-review.googlesource.com/1126391
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54239}
The stack of the wasm interpreter was stored in a zone. However, when
the stack grows, the previous memory of the stack cannot be reused.
With this CL we allocate the stack on the C++ heap to remove this memory
leak.
R=clemensh@chromium.org
Bug: chromium:856594
Change-Id: Idce22c5c1732f7097fc4281c73174892c95f49e2
Reviewed-on: https://chromium-review.googlesource.com/1126301
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54238}
Fixes V8 correctness failure when there's a proxy in the global object
prototype chain and unsuccessful attempt is made to access a property.
Bug: chromium:849024
Change-Id: I829e1a6c038982b7c7a77f8bdefb61facb4614f0
Reviewed-on: https://chromium-review.googlesource.com/1124446
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54237}
The code target vector is used by backends whenever initial code
creation uses immediates that cannot hold a code pointer: An index into
the vector is used instead, and the vector contains the corresponding
code object. This CL makes the code target vector available on all
platforms.
Bug: v8:6666
Change-Id: I2026acd6a77a3465fe2285b84d47866c3b794855
Reviewed-on: https://chromium-review.googlesource.com/1118885
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54236}
If the first object in the space already exceeds the target chunk size,
we would leave the first chunk empty. That violates some assumptions
later when we allocate for deserialization.
R=hpayer@chromium.org, jgruber@chromium.orgTBR=hpayer@chromium.org
Bug: v8:7887
Change-Id: Iee8147fe1205bb6b1c893d48acde1099b5032a14
Reviewed-on: https://chromium-review.googlesource.com/1126763
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54235}
This just fixes the text for the '--liftoff' and '--trace-liftoff'
flags to avoid calling Liftoff "experimental".
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Iff9032070fe0e18ee77debf376f5453d1a61480e
Reviewed-on: https://chromium-review.googlesource.com/1126114
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54233}
After a certain number of iterations in the fixpoint
iteration switch to a linear algorithm. This
algorithm uses a key-to-values map for weak collections
contents to avoid checking all EphemeronHashTables
again.
Bug: chromium:844008
Change-Id: I044fede5911e0a780d088d1ba2bb5343317d9b7a
Reviewed-on: https://chromium-review.googlesource.com/1105835
Commit-Queue: Dominik Inführ <dinfuehr@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54232}
This is just derived from is_wasm_memory.
Change-Id: I2f77fb5e32e325c51de9af4228ca33313c21abc6
Reviewed-on: https://chromium-review.googlesource.com/1126107
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54230}
Only pass around the unadulterated value identifier in the VisitResult class
until the very last moment before code generation, at which point the
declaration that was used to originally define the value is used to generate the
correct final source code string in the context of a l-value or r-value.
Bug: v8:7793
Change-Id: Ifd0c0d245b2eb65c7f3ddb1ad4c87ee235c54a82
Reviewed-on: https://chromium-review.googlesource.com/1125063
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54229}
Port 34225a6afb
Original Commit Message:
For spread calls with arrays with double elements but zero length,
we skip the box-as-heapnumber step; so in this corner case the
Call builtin sees a FixedDoubleArray, which is fine because it
doesn't read any of the raw double values from it.
This patch doesn't change the implementation, it only updates the
assert to match reality.
R=jkummerow@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Iafa52f21fb0bbee5656fdfd6c5f3a50894ff683f
Reviewed-on: https://chromium-review.googlesource.com/1126212
Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#54227}
This DCHECK does not hold for compaction spaces that may go over the limit
with large semi-spaces and small old generation size maxima.
Bug: chromium:855960
Change-Id: I39eea4c974b94c170e7314471fb1c50f9a1a2b45
Reviewed-on: https://chromium-review.googlesource.com/1126392
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54226}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Change-Id: I315e63a30ca6f3077f18eb1a5004daefba9bc673
Reviewed-on: https://chromium-review.googlesource.com/1125929
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54223}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Change-Id: Ib3c45c1023d76bec5e1f4bc8f971062880b6c53f
Reviewed-on: https://chromium-review.googlesource.com/1126240
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54221}
Changes SharedFunctionInfo to store a function_token_offset, relative
to the start_position, instead of the full function_token_position.
This enables us to reduce both FunctionTokenPosition and
ExpectedNofProperties to 16 bits each, saving 32 bits per SFI.
BUG=chromium:818642,chromium:783853
TBR=yangguo@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I45aefcec605c1da502053c23c73564ceaed6c9b5
Reviewed-on: https://chromium-review.googlesource.com/1122982
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54220}
This CL creates a new Operator called LoadDataViewElement, similar to
LoadTypedArray, for DataView getters.
This operator will be used as a wrapper around all the computations
that DataViews need to do when loading values, due to the endianness
parameter of DataView loads.
Change-Id: Ie67d63c9669142e539a5c8d7ae82dc1018ce5858
Reviewed-on: https://chromium-review.googlesource.com/1125928
Commit-Queue: Théotime Grohens <theotime@google.com>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54217}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I4a5fb4bc70169874d003d9c31f1713f52e2bba93
Reviewed-on: https://chromium-review.googlesource.com/1126118
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54216}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Change-Id: I631fa1e44d2b9998a5567c96c6977955ac86d5a1
Reviewed-on: https://chromium-review.googlesource.com/1125931
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54215}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Change-Id: I6a7fb375411e379681637469bb3fb360635e6bbe
Reviewed-on: https://chromium-review.googlesource.com/1126111
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54214}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Change-Id: I67420b74440c7620b0eb3aa7980b08c0e43a1e75
Reviewed-on: https://chromium-review.googlesource.com/1125729
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54211}
The JSCallReducer could in theory inline the default resolve and reject
functions passed to the executor in the Promise constructor. But that
inlining is almost never triggered because we don't have SFI based feedback
in the CallIC. Also the use of the Promise constructor is discouraged,
so we shouldn't really need to squeeze the last bit of performance out
of this even in the future.
Getting rid of this optimization will make significantly easier to
implement the Swallowed Rejection Hook, as there's less churn on the
TurboFan side then.
Bug: v8:7919
Change-Id: If0c54f1c6c7ce95686cd74232be6b8693ac688c9
Reviewed-on: https://chromium-review.googlesource.com/1125926
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54210}
Recent changes in SerializerReferences (see https://crrev.com/c/1113930)
opened up these minor improvements to the builtin serializer allocator,
since we now have dedicated BuiltinReferences.
R=yangguo@chromium.org
Bug: v8:7887
Change-Id: Ie76a52a88ef4075c63c5eb2eaa81382c52325688
Reviewed-on: https://chromium-review.googlesource.com/1125844
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54207}
No need to iterate over imported functions just to skip them in the
loop body anyway.
R=mstarzinger@chromium.org
Bug: v8:7754
Change-Id: I8dabf8d6ee7d0cc029b6236cef319cf8e70e4a5b
Reviewed-on: https://chromium-review.googlesource.com/1125802
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54206}
This reverts commit e438d5d4de.
Reason for revert: TSAN failures - https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Linux64%20TSAN/21357
Original change's description:
> [heap] Make objects allocated in new_lo_space look like young generation objects.
>
> The scavenger still does not handle young generation large objects correctly.
> This will be added in a follow-up CL.
>
> Bug: chromium:852420
> Change-Id: I2587509d6e7f329aeff3db246d949bb30b3a91a5
> Reviewed-on: https://chromium-review.googlesource.com/1124477
> Commit-Queue: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54197}
TBR=ulan@chromium.org,hpayer@chromium.org
Change-Id: Ief44cfd841278f2d53d51f3a21c03b70b8025a7a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:852420
Reviewed-on: https://chromium-review.googlesource.com/1125979
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54205}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Bug: v8:7786
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2f2c031c03d56d360ef940fc925e0583e6ae31dc
Reviewed-on: https://chromium-review.googlesource.com/1125720
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54202}
In future the RO_SPACE root accessors in Heap will become private, so
instead convert them all to use ReadOnlyRoots.
Splits HEAP_CONSTANT_LIST into HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST and
HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST. The CSA accessors then use the
appropiate ReadOnlyRoots or Heap accessor to get hold of the object.
Bug: v8:7786
Change-Id: I3bdf868b5e224f8794c85307e1b4569480cebd1c
Reviewed-on: https://chromium-review.googlesource.com/1125725
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54199}
This change may slow down deserialization of the snapshot but may result in less fragmentation.
Bug: v8:7887
Change-Id: Id8bb9f1a561b08b7ae0f10b80aa77bc00eb23172
Reviewed-on: https://chromium-review.googlesource.com/1125722
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54198}
