Adds allocation-based heap growing strategy that triggers GC based on
some limit. The limit is computed based on previous live memory and a
constant growing factor.
For invoking GC, we support two modes: with and without conservative
stack scanning. Without conservative stack scanning, an invoker makes
sure that we schedule a GC without stack using the existing platform.
Bug: chromium:1056170
Change-Id: I1808aeb5806a6ddd5501b556d6b6b129a85b9cda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228887
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68235}
Not sure why I chose to specify temporaries in the instruction selector,
this isn't needed since arm64 has sufficient scratch registers to go
around.
Bug: v8:8460
Change-Id: I57659915e5ad79eaae79024e7a6c9e6237f49416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231594
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68234}
Object materialization did not correctly deal with a mismatch between
current representation of a field value and expected representation.
This is an attempt to repair the situation.
Bug: chromium:1084820
Change-Id: Ib337cbaf5e36a5a616b6a6cb0ddf51018d49b96a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228330
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68231}
If --turbo-nci is enabled, use binary op builtins with feedback
collection during generic lowering.
Bug: v8:8888
Change-Id: I307dc742488982bdc68006be5bcd1da8e68768f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228614
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68227}
Move expansion of the new space into the safepoint. Otherwise background
threads race with the main thread when accessing the new space capacity.
This will most likely also be required to allow the allocation of new
space objects from background threads.
Bug: v8:10315
Change-Id: Ia8ac0c9f582876b655eaf4e35082aeadfbdb830e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2235532
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68226}
Rolling v8/build: 3142ebd..8bce03b
Rolling v8/third_party/aemu-linux-x64: ij0nEFLmrqJqEp81i5YIDjeQ8epXhPrtAI0otT1OId0C..WCiGqc2IsqMVCcj8UruU8vGLvhfosP46CB3tAy6N2boC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/92c6c3e..69b4144
Rolling v8/third_party/depot_tools: 02dbd01..cf2d770
Rolling v8/third_party/googletest/src: cb44c86..4fe0180
Rolling v8/tools/clang: fab9ca5..3c04a1bTBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: If1eeb990b78e5503daafc760e1dfe23b8b112e15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2234022
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68221}
Port 2f7f90b5ee
Original Commit Message:
This reverts commit dfbbb4a531.
Reason for revert: Bitmask added post 84 cut, so it is not part of origin trial. Therefore it is still a post-mvp.
Original change's description:
> [wasm-simd] Add bitmask to SIMD MVP
>
> This removes the post-mvp flag for bitmask, since it was accepted into
> the proposal, see https://github.com/WebAssembly/simd/pull/201.
>
> Bug: v8:10308
> Change-Id: I4ced43a6484660125d773bc9de46bdea9f72b13b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216532
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67993}
R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I2076f24c2e232ca071b9dc62c9f23d3eb7acfa72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2233406
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68219}
- Uses fast path technique to speed up F64x2Min/Max on x64.
Bug: v8:8639
Change-Id: I766752ba9c515bbeb94709460429a71d9f34fd2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232940
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68217}
This reverts commit dfbbb4a531.
Reason for revert: Bitmask added post 84 cut, so it is not part of origin trial. Therefore it is still a post-mvp.
Original change's description:
> [wasm-simd] Add bitmask to SIMD MVP
>
> This removes the post-mvp flag for bitmask, since it was accepted into
> the proposal, see https://github.com/WebAssembly/simd/pull/201.
>
> Bug: v8:10308
> Change-Id: I4ced43a6484660125d773bc9de46bdea9f72b13b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2216532
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67993}
TBR=gdeepti@chromium.org,zhin@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:10308
Change-Id: I53294be4ea816f37c7cc5f545afb572538dd4770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2233183
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68216}
This change is needed to implement {struct,array}.get_{s,u}.
Some functionality in wasm-compiler was factored out to helper functions
LoadWithAlignment and StoreWithValueType.
Bug: v8:7748
Change-Id: I2a04d09d40532f2389cc82b4c9ee3d8e003c5101
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231347
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68215}
If multiple workers are sharing the same module, the DevTools frontend
will set the same breakpoints in all of them, but one after another.
This CL tries to avoid repeated recompilation of that function in most
cases. Only if we need special source positions for stack rewriting, we
need to compile a special version.
R=thibaudm@chromium.org
Bug: v8:10359
Change-Id: I06114d6feb2030b75dcbde91c62b822f1807ad6e
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231339
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68213}
When the last debugger is disabled, we tier up the module to TurboFan.
Doing this in the background creates problems with profiling, where the
debugger is disabled before starting to profile, in order to guarantee
profiling of top-tier code.
Hence this CL changes the logic such that we only return from the
{TierUpAllModulesPerIsolate} methods once tier up is complete. Since
the DevTools frontend disables all debuggers before starting a profile,
this will ensure that all new calls execute TurboFan code.
Because of this change, the {TriggerRecompilation} method is renamed to
{RecompileForTiering}.
The test cases stay unchanged (do a busy wait until tier up is done),
because in the multi-isolates tests it is not guaranteed that tier up is
complete after disabling a single debugger.
R=thibaudm@chromium.org
Bug: v8:10580
Change-Id: I75c4b97825f856f562cfa656c11293d3b964898b
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232539
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68212}
This reverts commit 81c34968a7 and also
490f3580a3 which depends on the former.
Reason for revert: Break CFI tests in chromium https://ci.chromium.org/p/chromium/builders/ci/Linux%20CFI/17438
Original change's description:
> [heap] Make ReadOnlySpace use bump pointer allocation
>
> This changes ReadOnlySpace to no longer be a PagedSpace but instead it
> is now a BaseSpace. BasicSpace is a new base class that Space inherits
> from and which has no allocation methods and does not dictate how the
> pages should be held.
>
> ReadOnlySpace unlike Space holds its pages as a
> std::vector<ReadOnlyPage>, where ReadOnlyPage directly subclasses
> BasicMemoryChunk, meaning they do not have prev_ and next_ pointers and
> cannot be held in a heap::List. This is desirable since with pointer
> compression we would like to remap these pages to different memory
> addresses which would be impossible with a heap::List.
>
> Since ReadOnlySpace no longer uses most of the code from the other
> Spaces it makes sense to simplify its memory allocation to use a simple
> bump pointer and always allocate a new page whenever an allocation
> exceeds the remaining space on the final page.
>
> Change-Id: Iee6d9f96cfb174b4026ee671ee4f897909b38418
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2209060
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68137}
TBR=ulan@chromium.org,delphick@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I68c9834872e55eb833be081f8ff99b786bfa9894
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232552
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68211}
- Use a shorter code sequence for the most likely case (no NaNs or
signed 0 errors), and use out-of-line code to handle those
cases.
- For the likely execution paths, F32x4Min goes from 8 to 6
instructions, while F32x4Max goes from 9 to 6 instructions.
- Code size increases by 2 and 3 instructions (the test and branch,
and for max, an extra move.
Bug: v8:8639
Change-Id: I7966f652c89545e840ae493f25dd652b1e079b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231653
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68209}
Free memory is marked as inaccessible, which means that it contains a
zap value and is poisoned in ASAN builds.
Before writing the unlinked sentinel, we must unpoison the memory
area in ASAN builds.
Bug: chromium:1056170
Change-Id: Ib253913cce7d62e1000d4b581bdeb13a1e19cc67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232541
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68206}
The observers can use ResetAllocatedObjectSize() to e.g. implement a
growing strategy that resets its limit on this call.
Bug: chromium:1056170
Change-Id: Ib9553e00cc530ff89f44e4258c13d47f0b70568e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228885
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68205}
The wasm interpreter was always single-threaded, and there are no plans
to change this. Still, there was a concept of threads, but with the
hard-coded constraint that there is always exactly one of them.
In order to clean up the code, and as a preparation to remove more
unneeded functionality before moving the interpreter over to the test
directory, this CL removes the concept of threads and merges the
{ThreadImpl} class into {WasmInterpreterInternals}.
Drive-by: Remove the dead {GetFrameCount} method.
R=ahaas@chromium.org
Bug: v8:10389
Change-Id: If65cdd21b34ce8debf8ba0f24dbeacec15e0a1d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231354
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68204}
This CL fixes the UnboundLocalError in unittests testsuite.
R=machenbach@chromium.org
Bug: chromium:1091200
Change-Id: I9a4e032915b2750c28e3eb9f97042b75ca547801
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2232540
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68203}
Most interface calls are preceded by a reachability check, such that we
only generate code if the current instruction is actually reachable.
This is particularly important for Liftoff (TurboFan would throw out
dead parts of the graph anyway).
In order to speed up this check, this CL introduces a boolean flag
directly on the {WasmFullDecoder}. This avoids checking whether an error
has been set *plus* checking the reachability of the top-most control
block.
This provides 5-6% speedup on Liftoff compilation locally.
R=thibaudm@chromium.org
Bug: v8:10576
Change-Id: Idcff623fb9c23473b06ebf91b3caee65cc6ca28b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230521
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68200}
Prevent deadlock on shutdown by allowing all allocations on background
threads after tear down was started. Background threads need the main
thread to perform the collection, which never happens when V8 is already
shutting down.
Bug: v8:10315
Change-Id: I5d3358229624aead7b0ebcfee7e5840315f23329
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230537
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68199}
Added display of identation, function index, function names and compiler
used when tracing function calls in wasm.
R=clemensb@chromium.org
Bug: v8:10559
Change-Id: I58b4e7b077365bdee7bae9b5ad8a50178c322147
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230532
Commit-Queue: Arnaud Robin <arobin@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68198}
1) make it possible to combine tracing logic with accounting allocator
supporting zone compression,
2) make it possible to record zone memory usage via Chrome tracing
machinery (especially, for already running process),
3) trace both allocated and actually used memory per zone,
Bug: v8:10572
Change-Id: I768e474ada1a384218af09efd0dfce2d9a43ac3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228888
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68197}
Changes:
- Unpack packed typed in arrays/structs where needed.
- i8 should have log-size 0.
- Use typed-funcref feature flag instead of gc where appropriate.
- Set argument indexes correctly for gc opcodes in
function-body-decoder.
- Remove no-longer valid TODOs.
Bug: v8:7748
Change-Id: I1a73794d0f93da6c7177e496d47df4106031f0eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230520
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68196}
Add method to make LABs in all local heaps iterable and invoke this
function in Heap::MakeHeapIterable().
Bug: v8:10315
Change-Id: I6c8b1ea2337647f68995c13e6244d5ef0673b0e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230534
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68193}
Changes:
- Remove subtyping checks from value-type.h and move them to dedicated
files. Leave a limited version in value-type.h for testing.
- Implement subtyping for struct and array types, according to the
wasm-gc proposal.
- Implement type equivalence checking.
- Introduce a subtyping relation cache in WasmModule.
- Rename IsSubTypeOf -> IsSubtypeOf.
- Fix v8 possible bug where iterator_range took two unused type
parameters.
- Add unittests for subtyping.
Bug: v8:7748
Change-Id: I0ddbda4145e0412196dcf4fc63f3c5875fb3ab5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228497
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68192}
The replacement was done using the wrong effect node.
Bug: chromium:1086890
Change-Id: I3bfc2473415f7d28fa1bcf0ff14ffe46b82bf87b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2231340
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68191}
Due to recent spec changes, We do not have to check if ref.func
instructions in global declarations only refer to declared functions.
Additionally functions referenced in exports and globals are now
considered declared.
R=ecmziegler@chromium.org
Bug: v8:10556
Change-Id: I79856c7d68155a04eb36769ceed8a58fe62a9f9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2228653
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68190}
Rolling v8/build: bdb409c..3142ebd
Rolling v8/third_party/aemu-linux-x64: t4ELE6VgcCM5v-3W7_Dv8jFHkyeEu69AW5lwrtqWBOwC..ij0nEFLmrqJqEp81i5YIDjeQ8epXhPrtAI0otT1OId0C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/15d5f65..92c6c3e
Rolling v8/third_party/depot_tools: e65444f..02dbd01
Rolling v8/tools/clang: 59c0072..fab9ca5
Rolling v8/tools/swarming_client: 90c5e17..4c095d0TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I2259439af5cd553d8176d246f7897a9616412e90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2230852
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68189}
All these functions need to do is just write the value to the memory,
but EmitHelper will do something more than this, EmitHelper will check
if it need generate trampoline code while code generating and it will
insert trampoline code at current pc offset, this means there maybe have
trampoline code between two consecutive dd()'s target memory(pc), this
is not we want.
Change-Id: I5537f133be78aabdc4d53d4de07f388fa50f4a64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2224963
Commit-Queue: Yu Yin <xwafish@gmail.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68188}
Making them private was a way to hide the functions, we can
explicitly delete them, which give a better compilation error message as
well.
Also see: https://stackoverflow.com/q/55205874
Bug: v8:10488
Change-Id: I24f70dc1f6fb227185b6f8ecb30a81e218dd2a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2223232
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68186}
