This was causing GC stress failures. Garbage collections can happen during
runtime calls, such was WasmStackGuard. If the collection cleans up Wasm
objects, then they will have to modify the trap handler data structures, which
requires taking a lock. This lock can only be taken if the thread-in-wasm flag
is clear. We were getting crashes because this flag was not clear.
This change fixes the issue by making sure any runtime calls from Wasm clear the
thread-in-wasm flag and then restore it upon return. In addition, it cleans up
the code by adding a helper function that generates the code to modify the flag.
BUG= v8:6132
Change-Id: I95d43388dff60ba792c57fe13448a40a02ed4802
Reviewed-on: https://chromium-review.googlesource.com/458698
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44165}
Currently, V8 uses the same counter to count both wasm and and asm js. This
splits the counters into two separate counters, and then uses the appropriate
counter when instantiating the module.
BUG=chromium:704922
R=bbudge@chromium.org,bradnelson@chromium.org
Review-Url: https://codereview.chromium.org/2777073003
Cr-Commit-Position: refs/heads/master@{#44164}
Currently, V8 uses the same counter to collect decoding time for both asm.js and
WASM. This separates that counter into two separate counters, and then uses the appropriate counter when instantiating a module.
BUG=chromium:704922
R=bbudge@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2780563002
Cr-Commit-Position: refs/heads/master@{#44163}
Previously we threw a generic error meesage on failing hole check for
accessing 'this'. But 'this' can be a hole only if the super() has not
been called so we change the error message.
BUG=v8:5957
Change-Id: I2f0e3d813f16919645d8a5efa7d26e73bd2d83fe
Reviewed-on: https://chromium-review.googlesource.com/459085
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44162}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: I977eec8faecc8a112506f219994b4e4ec388b180
Reviewed-on: https://chromium-review.googlesource.com/458004
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44160}
Previously this test was flaky, but it seems to have been fixed
upstream and it now consistently passes locally for 100 runs.
BUG=v8:4253
Change-Id: I583d6d7848ddbb9bcdacdbe7bf4374b01ba569af
Reviewed-on: https://chromium-review.googlesource.com/459739
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44159}
The SerializeGeneric method assumes that the object was not serialized
before. Hence, we should not call it repeatedly for the same builtin.
This CL now exposes SerializeBuiltin, and calls that directly.
We also serialize the Illegal builtin for wasm interpreter entries,
which are never reused across instantiations anyway.
R=ahaas@chromium.org, yangguo@chromium.org
BUG=v8:5822
Change-Id: Id74b86fe29171908ed35ddbc06c93f0d241e4917
Reviewed-on: https://chromium-review.googlesource.com/458380
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44155}
A std::deque interacts badly with zone memory in that it allocates chunks
of memory for the back of the queue and frees memory from the front of the
queue. As such we never reuse zone memory for the queue. Implement a very
simple RecyclingZoneAllocator which keeps a single block of memory from
deallocation that can be reused on allocation.
Also clean up zone-allocator a bit and make it use proper Chromium coding
style.
BUG=chromium:700364
Change-Id: I19330a8a9ec6d75fe18d8168d41f1a12030a6c4d
Reviewed-on: https://chromium-review.googlesource.com/458916
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44154}
When node splitting is enabled new nodes could be created during scheduling.
The Scheduler::node_data_ and Schedule::nodeid_to_block_ zone vectors
reserve enough space for the node count before splitting, however will
have to reallocate space when node splitting occurs. The vectors double
in space by default, meaning the peak zone usage is 3x the required amount
for these vectors as soon as a single node is split. Avoid this in the
common case by reserving 10% extra space for split nodes. The value
10% was choosen since it covers 98.7% of the optimized functions in Octane.
BUG=chromium:700364
Change-Id: Ibabd8d04cffd1eb08cc3b8a12b76892208ef3288
Reviewed-on: https://chromium-review.googlesource.com/458425
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44153}
The scheduled_nodes_ vector is used to maintain a per-block list of
non-fixed nodes. For most blocks this list remains empty, so lazily
initialize it instead of pre-allocating to save memory.
Also pre-reserve an extra 10% of blocks to avoid reallocting space in the
vector when fusing floating control creates new basic blocks.
BUG=chromium:700364
Change-Id: I9876e6a42bc90c9bff5838620365c18609ed1ee9
Reviewed-on: https://chromium-review.googlesource.com/458919
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44152}
These aren't used thanks to new implementation in CSA.
BUG=v8:5977
Change-Id: Ia4acfa0d1a925eba305a818913cbeff479b27792
Reviewed-on: https://chromium-review.googlesource.com/458477
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44151}
The Control Equivalance phase was taking a lot of memory by allocating a
large datastructure for every node even if the nodes were dead or wouldn't
participate in the control equivalence algorithm. Instead allocate the
data on-demand, and use the presense of the data as the flag for whether
the node participates in the algorithm.
Also remove DFS number field as it was unused.
This reduces the amount of memory used for a 10,000 node graph in the linked
bug from ~450KB to ~70KB. It also seems to reduce scheduling time by around
10% for local runs of Octane.
BUG=chromium:700364
Change-Id: Iedfdf4dff0a01463c5b6471513e6b69ef010b02d
Reviewed-on: https://chromium-review.googlesource.com/458219
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44150}
If used, the TypeProfileSlot is always added as the first slot and its
index is constant. If other slots are added before the TypeProfileSlot,
this number changes.
BUG=v8:5933
Change-Id: I57bc6bea3c48804af28c2d1dafe6a52bdd7d12e3
Reviewed-on: https://chromium-review.googlesource.com/459511
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Franziska Hinkelmann <franzih@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44149}
This patch adds support for MIPS SIMD (MSA) instructions in Assembler
and Decoder (disassembler) classes. MSA instructions are implemented for
both mips32 and mips64 architectures.
BUG=
Review-Url: https://codereview.chromium.org/2740123004
Cr-Commit-Position: refs/heads/master@{#44148}
Remove deep nesting and repeated code by using a switch-based structure
(instead of if-based), use clearer variable names, and separate cleanly between
immutable and mutable variables.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2776123002
Cr-Commit-Position: refs/heads/master@{#44147}
This reverts commit 6ad5ca59c9.
Reason for revert: Breaks on noi18n bot, needs fix in the new regression test
Original change's description:
> [wasm] Check the result of Promise::Resolver
>
> We check that if we do not get a result, or if we get a negative result,
> then there has to be a scheduled exception.
>
> R=clemensh@chromium.org
> TEST=mjsunit/regress/wasm/regression-704127
> BUG=chromium:704127
>
> Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5
> Reviewed-on: https://chromium-review.googlesource.com/458282
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#44144}
TBR=ahaas@chromium.org,clemensh@chromium.org,v8-reviews@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:704127
Change-Id: Ibf6d27929c88064bc2755688358998640092e31a
Reviewed-on: https://chromium-review.googlesource.com/459512
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44145}
We check that if we do not get a result, or if we get a negative result,
then there has to be a scheduled exception.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regression-704127
BUG=chromium:704127
Change-Id: I3fef3cc02f685a9cbc3f10203e2a59b61b3702d5
Reviewed-on: https://chromium-review.googlesource.com/458282
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44144}
This implements support for named captures in
RegExp.prototype[@@replace] for when the replaceValue is callable.
In that case, the result.groups object is passed to the replacer
function as the last argument.
BUG=v8:5437
Review-Url: https://codereview.chromium.org/2764343004
Cr-Commit-Position: refs/heads/master@{#44142}
Since we no longer support the ignition-staging configuration
any longer, we can retire the three tier pipeline and the
CompileBaseline functionallity.
We still need support for JSFunction self healing due to
liveedit (which for --no-turbo might end up replacing a
forced Ignition function with a FCG function) - we can
remove this once we remove --no-turbo support.
BUG=v8:4280
Change-Id: I5482abd17785324654e022affd6bdb555b19b181
Reviewed-on: https://chromium-review.googlesource.com/452620
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44141}
A step towards removing isolate from ParseInfo.
Removing isolate from ParseInfo will make it easier to create and
execute parse tasks on background threads.
BUG=v8:6093
Change-Id: I25b23b3bf64502f84c28ce688ad2997c9665a069
Reviewed-on: https://chromium-review.googlesource.com/458003
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Commit-Queue: Wiktor Garbacz <wiktorg@google.com>
Cr-Commit-Position: refs/heads/master@{#44140}
Previously the Boyer-Moore-Horspool optimization gave up in the presence of a
submatch. A submatch is where we record the current position so that we can go
back to it, which is an essential part of the semantics of lookarounds
(lookaheads and lookbehinds). This has been the case since
Boyer-Moore-Horspool was implemented, but it was overly cautious.
* For positive lookahead it is OK to use the patterns inside the lookahead to
guide the BMS optimization.
* For positive lookbehind we harmlessly fail to optimize when the patterns
inside the lookbehind go backwards because TextNode::EatsAtLeast returns 0.
* For negative lookarounds, the NegativeLookaroundChoiceNode::FillInBMInfo method
(in jsregexp.h) knows to only look at the following pattern.
This is in response to disappointing lookbehind performance in Atom.
See https://github.com/atom/find-and-replace/issues/571R=yangguo@chromium.org
BUG=
Review-Url: https://codereview.chromium.org/2777583003
Cr-Commit-Position: refs/heads/master@{#44139}
In code generator, DEXTM instruction will be emitted for intervals
position=[0,31] and size=[33,64]. In simulator, mask for DEXTM will be
calculated on correct way for size = 64. Disassembler has now possibility
to disassemble instructions DEXTM and DEXTU.
TEST=cctest/test-run-machops/Regression6122
BUG=
Review-Url: https://codereview.chromium.org/2769403002
Cr-Commit-Position: refs/heads/master@{#44137}
The goal of this commit is to add the equivalent to gdbinit but
for lldb. I've tried to replicate the commands as close as possible
but I'm unsure about the jss command and hoping to get some feedback
on it in addition to the bta command which I'm not sure how/when this
could be used. This is probably just inexperience on my part.
The lldbinit file can be placed into a directory prefixed with dot
(.lldbinit) and the python script is currently expected to be in the
same directory. The path to the script can be changed manually if needed
as well.
NOTRY=true
Review-Url: https://codereview.chromium.org/2758373002
Cr-Commit-Position: refs/heads/master@{#44136}
- Implement %TypedArray%prototype.reverse in builtins and
ElementsAccessor to use std::reverse
- Remove TypedArrayReverse in src/js/typedarray.js
- Fix typo in comments
BUG=v8:5929
Review-Url: https://codereview.chromium.org/2761453002
Cr-Commit-Position: refs/heads/master@{#44132}
Besides adding accessors get_origin() and set_origin(), it creates easier test
accessors is_wasm() and is_asm_js().
This allows the possibility of caching boolean flags for is_wasm() and
is_asm_js() without having to change any code except for the files containing
the class definition for WasmModule.
BUG= v8:6152
R=bbudge@chromium.org,mtrofin@chromium.org
Review-Url: https://codereview.chromium.org/2771803005
Cr-Commit-Position: refs/heads/master@{#44130}
ToNumber for Oddball/String has no side-effect, no need to go
through %Typearray%.prototype.fill slow path.
BUG=v8:5929,chromium:702902
Review-Url: https://codereview.chromium.org/2769673002
Cr-Commit-Position: refs/heads/master@{#44129}
TBR=yangguo@chromium.org
Change-Id: Iaed993ed1a61003e35bb40d1f9e0d78864979b2c
Reviewed-on: https://chromium-review.googlesource.com/459443
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44127}
Currently, v8 uses the same flag to collect time for compiling wasm modules from js asm and wasm. This separates the v8 counter into two separate counters, and then uses the appropriate counter when compiling a module.
Note: This CL doesn't separate the corresponding Chromium counter. Rather that is intenionally being delayed until v8 code has separated all appropriate counters for js asm and wasm. That way, the installation into chrome can be done at once.
BUG=chromium:704922
R=bradnelson@chromium.org,bbudge@chromium.org
Review-Url: https://codereview.chromium.org/2778493002
Cr-Commit-Position: refs/heads/master@{#44126}
CQ_INCLUDE_TRYBOTS=master.tryserver.v8:v8_linux_noi18n_rel_ng
Change-Id: Iff5ff2e73d598ecae1be30a61856c1292f2fd6da
Reviewed-on: https://chromium-review.googlesource.com/456646
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44125}
Require the use of MarkingState when going through ObjectMarking
and friends.
BUG=chromium:651354
Review-Url: https://codereview.chromium.org/2770253002
Cr-Commit-Position: refs/heads/master@{#44123}
Currently, v8 uses the same flag to collect time for instantiating wasm modules
from js asm and wasm. This separates the v8 counter into two separate counters,
and then uses the appropriate counter when instantiating a module.
BUG=chromium:704922
R=aseemgarg@chromium.org,bradnelson@chromium.org,bbudge@chromium.org
Review-Url: https://codereview.chromium.org/2772773004
Cr-Commit-Position: refs/heads/master@{#44122}
V8 side mechanism for overriding the wasm js APIs.
We will use these to:
- implement the Chrome-side constraints on module size, and throw with more
actionable error messages, while preserving layering.
The old mechansms will be deleted once we update the Chrome side with
this new mechanism.
- implement Chrome-side .compile and .instantiate overrides accepting
Response objects.
We may want to evolve this mechanism into something more general, not
requiring V8 preparation, by replacing the v8-definition with embedder
provided definitions. We're currently exploring if we can expand
"Extras", for instance.
BUG=
Review-Url: https://codereview.chromium.org/2773063002
Cr-Commit-Position: refs/heads/master@{#44119}
