Retpolines were never used for off-heap wasm code. This CL adds them.
R=titzer@chromium.org
Bug: chromium:840376, chromium:798964
Change-Id: I9f1b2150cce484f831a83663d1fb06555e7eac82
Reviewed-on: https://chromium-review.googlesource.com/1047385
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53036}
Trying to reduce use of our self-baked data structures.
Bug: v8:7570
Change-Id: I419a932b6b8904810844d40a5636e423df832197
Reviewed-on: https://chromium-review.googlesource.com/1032739
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53033}
The hard-coded timeout in the test is so near, that e.g., adding DCHECKs pushes
the test over the limit. The test is ran with dcheck_always_on=true.
We shouldn't do any performance testing with dcheck_always_on=true; this creates
the wrong incentive to not add DCHECKs (or in this case, CLs which add more
DCHECKs or cause more DCHECKs to be hit cannot land at all).
Change-Id: Ia4d1b2b17ce5a5330b929f984253c89ba273f661
Reviewed-on: https://chromium-review.googlesource.com/1046548
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53032}
The DCHECK was incorrect. This new API method can be called from any
debug mode since the embedder does not know which mode we are in.
It should only apply the side effect logic when the mode is
kSideEffects.
Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I11b0e5194b151a2b88171d6be21c3ccbba9cd408
Reviewed-on: https://chromium-review.googlesource.com/1046162
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53030}
Stubs and builtins are very similar. The main differences are that
stubs can be parameterized and may be generated at runtime, whereas
builtins are generated at mksnapshot-time and shipped with the snapshot
(or embedded into the binary).
My main motivation for these conversions is that we can generate
faster calls and jumps to (embedded) builtins callees from (embedded)
builtin callers. Instead of going through the builtins constants table
indirection, we can simply do a pc-relative call/jump.
This also unlocks other refactorings, e.g. removal of
CallRuntimeDelayed.
TBR=mlippautz@chromium.org
Bug: v8:6666
Change-Id: I4cd63477f19a330ec70bbf20e2af8a42fb05fabb
Reviewed-on: https://chromium-review.googlesource.com/1044245
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53027}
In the process, rename Boolean constants (i.e. JavaScript constants),
to 'True' and 'False'. This uncovered a bug in the internal handling
of True/False labels was fixed (they shouldn't be Values and Torque
shouldn't conflate Labels with other Declarables, throwing exceptions
when they're improperly used in the wrong context). Furthermore,
the internal labels used for True and False for if statements
have been renamed so that they can't be aliased from user Torque code.
Change-Id: I09dbd2241d2bc2f1daff53862dee1b601810060c
Reviewed-on: https://chromium-review.googlesource.com/1044370
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53026}
Define simple accessors in the header and give them lower case names.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: I2914013fdea2218189275bbaa9f98ea5de0ccd7c
Reviewed-on: https://chromium-review.googlesource.com/1046546
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53024}
These tests can be unskipped now that off-heap trampolines are packed
into the binary.
Bug: v8:6666
Change-Id: Ib8d55064a42da3b12fd940441298e5273181c601
Reviewed-on: https://chromium-review.googlesource.com/1047165
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53023}
This merges all test specs into one master-independent
builders.pyl file, which will unblock deprecating the master name as
a property on infra side.
Bug: chromium:830557
Change-Id: I0592505e77ede725ed43a26cabfd057bb0b911bd
Reviewed-on: https://chromium-review.googlesource.com/1046671
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53017}
We can save a pointer of space for each CodeEntry by removing this
field which we don't really need. Instead of concatenating the name
string on demand, concatenate the prefix eagerly.
Reduces sizeof(CodeEntry) from 136 to 128 on 64-bit.
Bug: v8:7719
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Id346a8f36794e337e8c886f8d1969431424539b0
Reviewed-on: https://chromium-review.googlesource.com/1039825
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Alexei Filippov <alph@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53014}
This CL fixes a bug where we would accidentally shrink to the same size of
the StringTable causing repeated unecessary allocations.
Bug: v8:5443, chromium:818642
Change-Id: I353b179616d5293f6d7143e7381ae6711343a835
Reviewed-on: https://chromium-review.googlesource.com/1044207
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53012}
In preparing for adding trap-based bounds checking to Windows, this
change refactors the code to separate the platform-specific portions
from that which can be shared between platforms.
Internally, we've renamed `RegisterDefaultSignalHandler` to
`RegisterDefaultTrapHandler` to more accurately represent the
difference in terminology between Linux (signals) and Windows
(exceptions). The external API is left the same so as not to break
downstream clients.
This CL is primarily to make room for Windows support. Future CLs
will begin adding support for Windows.
This is a reincarnation of https://crrev.com/c/626558.
Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa8bfd68c14cd1d17933b12c24cb8dd5ee8a21d6
Reviewed-on: https://chromium-review.googlesource.com/998829
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53006}
ProfilerListener which holds CodeEntries has been moved from Logger to
CpuProfiler. This way we can clear entries when all the profiles
produced by a particular CpuProfiler are deleted.
BUG=v8:7719
Change-Id: I31d47dc7da44648c8fb8e87b47e2e6260d3dc5c3
Reviewed-on: https://chromium-review.googlesource.com/1043050
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Alexei Filippov <alph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53004}
Creating a new instance from a v8::Function will invoke its
constructor. If it is an API callback that has not been marked as
kHasNoSideEffect, this CL introduces a way to invoke it without
throwing.
Calls within the constructor are still checked for side effects.
Bug: chromium:829571
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia4e410d487e2847bc511cb96f0be30a3563991f6
Reviewed-on: https://chromium-review.googlesource.com/1034116
Commit-Queue: Erik Luo <luoe@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53003}
This makes {Script} objects created for WebAssembly no longer reference
a concrete instance object, but a module object instead. All uses of the
field in question only require module-wide information and the script is
meant to represent the set of all instances, not just one concrete
instance.
R=clemensh@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I751d4b75c8a970cffcb1a37b6c22ff69e9ee5489
Reviewed-on: https://chromium-review.googlesource.com/1043871
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53002}
Torque expressions of type constexpr are evaluated at compile-time
rather than runtime. They are backed by C++ types rather than
TNode<X> types, so the macro functions that are called by generated
C++ code expect values to be computed when the snapshot is generated
rather than by TurboFan-generated code.
Specifically, "if" statements can have a constexpr modifier. With this
modifier, a type of "constexpr bool" is expected rather than "bool",
and in that case instead of generating a CSA BranchIf, it generates
a C++ "if (<bool expression>)" that generates code for only the true or
false path based on the bool value at torque-execution (compile time)
rather than generating both paths (including inserting phi nodes
for variables modified on either branch at the re-merge at the end
of the if) and dynamically dispatching to the true or false path
during d8/Chrome/node.js execution (runtime) using a CSA BranchIf.
Change-Id: I8238e25aaadbfc618847e04556e96a3949ea5a8d
Reviewed-on: https://chromium-review.googlesource.com/1042085
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53001}
First untrusted code mitigation in Liftoff: Mask memory accesses (loads
and stores) by the mask stored in the WasmInstanceObject.
R=titzer@chromium.org
Bug: v8:6600, chromium:798964
Change-Id: Iddf577977451444b51c42fbc2ad34430832a9e71
Reviewed-on: https://chromium-review.googlesource.com/1044215
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53000}
This method is intended for use by code caching as follows:
1. The module is compiled (and perhaps instantiated).
2. The embedder fetches and stores the module's unbound script (i.e.
the shared function info).
3. Module evaluation, maybe triggering lazy compilation.
4. Generated code for the module (which hangs off the shared function
info) is inserted into the code cache.
Subsequent module loads can load from the code cache prior to
evaluation.
Bug: v8:7685
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I80018cd921ab1a18323906a548b249e19d9f9509
Reviewed-on: https://chromium-review.googlesource.com/1041745
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52998}
* Empty string literals (e.g. "" and '') were not recognized a strings. This is
now fixed.
* return statements without expressions (e.g. for functions with void return
types) caused crashes.
Change-Id: Ied60f9abffca457a0d85c9e01e3795839fe777c9
Reviewed-on: https://chromium-review.googlesource.com/1042310
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52997}
On div and rem on ia32 and x64, we sometimes need to spill. If this
spilling code happens inside of a branch, the cache state will reflect
that the value was spilled, even though the actual spilling code might
not have executed.
R=titzer@chromium.org
Bug: v8:6600, chromium:839800
Change-Id: I93b681a23119f903feb54235d6d44a7cbd5815fe
Reviewed-on: https://chromium-review.googlesource.com/1044185
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52995}
The {baseline_compilation_units_} and {tiering_compilation_units_}
fields should only be accessed if the {mutex_} is held.
Also, the number of compilation units is already taken care of inside
of {RestartBackgroundTasks}, so no need to explicitly pass it.
R=ahaas@chromium.org
Change-Id: I8f36ed141b587ee1bea41291545f39546d8cf24e
Reviewed-on: https://chromium-review.googlesource.com/1044213
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52994}
Since address is a uintptr_t, there is no need to implement a specific
hasher.
R=mstarzinger@chromium.org
Bug: v8:7570
Change-Id: I47e652929ef201e742224541d9df4360444e3ba8
Reviewed-on: https://chromium-review.googlesource.com/1044209
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52993}
ExternalString::kShortSize is not the same as i::kShortSize, caused
incorrect reporting for code stats for two byte strings.
Bug: chromium:837659
Change-Id: Icbb39f2103aa4fa72bd5b1258cb8e1d4aee10441
Reviewed-on: https://chromium-review.googlesource.com/1044212
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit L <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52992}
macros.h already not only defines macros, but also templatized helpers
like {bit_cast} and {arraysize}. Thus {implicit_cast} also belongs
there.
R=tebbi@chromium.org
Bug: v8:7570
Change-Id: Iaea6075dad359d62498453575f22d73ca84e2323
Reviewed-on: https://chromium-review.googlesource.com/1042401
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52991}
This CL factors the parts of the JSGraph that only depend on the
machine part of JSGraph into a separate base class, MachineGraph.
This helps separate the two layers and also allows the MachineGraph
to be constructed without an Isolate, which is needed for fully
asynchronous compilation, a goal for WASM.
R=mstarzinger@chromium.orgCC=jarin@chromium.org, mvstanton@chromium.org
BUG=v8:7721
Change-Id: Ie8bc3de40159332645dcb3cadcee581e1bf9830a
Reviewed-on: https://chromium-review.googlesource.com/1043746
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52990}
Add binop tests for div and rem of i32 and i64. The test is extended to
handle traps, and to check that the value of local variables is not
affected by the operation.
R=titzer@chromium.org
Bug: v8:6600, chromium:839800
Change-Id: I1a4cbc40bd399666d9831d021afb96e0c53a9f64
Reviewed-on: https://chromium-review.googlesource.com/1044166
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52989}
In order to get more test coverage (also on ClusterFuzz), stage Liftoff
and tier up behind --future.
R=hablich@chromium.org
CC=titzer@chromium.org
Bug: v8:6600
Change-Id: I718e17957b26f60aa4c002333035f693344806e0
Reviewed-on: https://chromium-review.googlesource.com/1042385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52987}