This is a reland of 9afde91b94
Original change's description:
> [builtins] Load external references from the external-reference-table
>
> Off-heap code cannot embed external references. With this CL, we load
> from the external reference table (reached through the root pointer)
> instead.
>
> In a follow-up, the table could be stored within the isolate itself,
> removing one more level of indirection.
>
> Bug: v8:6666
> Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> Reviewed-on: https://chromium-review.googlesource.com/970468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52073}
TBR=mstarzinger@chromium.org
Bug: v8:6666, v8:7580
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I30639fe17ea345119d38a176a29d521c4b1904cb
Reviewed-on: https://chromium-review.googlesource.com/975241
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52141}
The tagging logic used for serializing and deserializing WasmCode
objects is by now only used in the "wasm-serialization.cc" unit.
R=clemensh@chromium.org
Change-Id: I31bd82e7dbd17f713c5e51073dfd9836f1ddaed7
Reviewed-on: https://chromium-review.googlesource.com/975303
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52140}
See referenced bug: Async compilation can deadlock if a background task
queues the last compilation unit to be finished while the finisher
is already exiting because there was no more work.
This CL fixes this by making the finisher task check for new work after
setting the finisher_is_running_ flag to false.
R=ahaas@chromium.orgCC=kimanh@google.com
Bug: chromium:824681
Change-Id: If1f5700a9fdd5d150b36e37a5d14b692c2b0f3fb
Reviewed-on: https://chromium-review.googlesource.com/975301
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52139}
Mostly cosmetic changes. The biggest change is to encode block result
types using symbolic names instead of hex numbers.
R=ahaas@chromium.org
Change-Id: Ic0e6eccf687338e68508094168ddd70734cef301
Reviewed-on: https://chromium-review.googlesource.com/973527
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52138}
Remove the SharedFunctionInfo code field, inferring the code object
from the function_data field instead. In some cases, the function_data
field can now hold a Code object (e.g. some WASM cases).
(Reland of https://chromium-review.googlesource.com/952452)
TBR=mstarzinger@chromium.org
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
Reviewed-on: https://chromium-review.googlesource.com/970649
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52136}
Split the OnFinishedUnit method in two, one for the error case
(OnError), one for the non-error case.
OnError now receives a handle to the error instead of the ErrorThrower,
such that the ErrorThrower is cleared independent of the registered
callbacks.
R=ahaas@chromium.orgCC=kimanh@google.com
Change-Id: Ia4ad81e0c12a42dbccc7fc5528438075c4ca9d58
Reviewed-on: https://chromium-review.googlesource.com/975183
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52135}
In Promise.all we used to allocate a fresh closure plus a fresh context
for each individual element, which is quite a lot of overhead, especially
since this could be shared in a single context for all elements. The only
bit of information that is needed for each resolve element closure is the
index under which to store the resulting value. With this change we move
this index to the "identity hash" field of the JSFunction, which doesn't
care about the concrete value anyways, as long as it's not zero (the "no
hash" sentinel), and share the rest of the fields in a single outer
context for all resolve element closures.
This limits the maximum number of elements for Promise.all to 2^21 for
now, but that should be fine. Shall we ever see the need for more than
this, we can add machinery to overflow to separate context for indices
larger than 2^21.
This significantly reduces the overhead due to Promise.all on the
parallel-async-es2017-native test, with execution time dropping from
around 148ms to 133ms, so overall a steady 10% improvement on this
benchmark.
Bug: v8:7253
Change-Id: I1092da771c4919f3db7129d2b0a244fc26a7b144
Reviewed-on: https://chromium-review.googlesource.com/973283
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52134}
The FuzzAssembleSwap test was failing with "--arm-arch=armv6". The reason was
that we were assuming we always had 2 D registers available as scratches, which
isn't the case if VFP32DREGS isn't enabled.
Change-Id: Ie97b48fd36fcbdbc6e137412c148a0bf58b498a6
Reviewed-on: https://chromium-review.googlesource.com/957733
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52132}
... and some more cleanup.
The main change is that NativeModule::CloneCode does not relocate the
new code. Wasm functions can only call other trampolines or stubs, or
other wasm functions. Both of these targets are patched later anyway.
This also fixes a bug on arm architectures, where the new call target
(after RelocInfo::apply) could not be encoded in the instruction
correctly. Now the relocation and the patching happen in one step,
avoiding this problem.
R=mstarzinger@chromium.org
Bug: v8:7578
Change-Id: I99a31f9789e7ac811d9b9c0b09bf02b5953d7108
Reviewed-on: https://chromium-review.googlesource.com/971141
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52131}
Also update some old email addresses in TODO notes.
Bug: v8:7441
Change-Id: I33b88635b3e0bc56cf1679fade1484cfd53ce184
Reviewed-on: https://chromium-review.googlesource.com/974402
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52130}
This CL also deprecates V8::RegisterDefaultSignalHandler. Now instead of
using the old API, clients should call V8::EnableWebAssemblyTrapHandler.
Just setting the --wasm-trap-handler flag will no longer have any
effect.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idd862185af9abcd4a3c845c02f9e916e8b56f114
Reviewed-on: https://chromium-review.googlesource.com/965005
Reviewed-by: Karl Schimpf <kschimpf@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52126}
Using a 256-byte buffer avoids 99% of allocations across v8's top25
benchmark. This also leads to a significant performance increase on
speedometer, with a ~1.2% improvement on jQuery, ~1.3% on VanillaJS
and an overall ~0.4% improvement on the score.
Bug: v8:7555
Change-Id: Icd6fa07341eb989892431cb1e4995557e35c7a67
Reviewed-on: https://chromium-review.googlesource.com/971837
Commit-Queue: Lucas Gadani <lfg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52125}
This introduces masking of loads with speculation bit during code generation.
At the moment, this is done only under the
--branch-load-poisoning flag, and this CL enlarges the set of supported
platforms from {x64, arm, arm64} to {x64, arm, arm64, mips, mips64}.
Overview of changes:
- new register configuration configuration with one register reserved for
the speculation poison/mask (kSpeculationPoisonRegister).
- in codegen, we introduce an update to the poison register at the starts
of all successors of branches (and deopts) that are marked as safety
branches (deopts).
- in memory optimizer, we lower all field and element loads to PoisonedLoads.
- poisoned loads are then masked in codegen with the poison register.
(In this CL, this last step is left as a TODO. You can run with the flag,
though mitigations will just not be effective at this time).
* only integer loads are masked at the moment.
TBR=mstarzinger@chromium.org
Change-Id: Ie6eb8719bf85d49c03b4a28e2f054480195a1471
Reviewed-on: https://chromium-review.googlesource.com/973616
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52123}
The tick-processor expects a certain format for functions in d8's
cpu profile log (--prof). To make wasm functions look like js functions,
this change adds a fake address to the log output that can be used as
key for the wasm function. This enables basic profiling of wasm code
using the --prof flag and the tick-processor.
Change-Id: Iaeed575499b2d58d0f937c109a047b17615a01d1
Reviewed-on: https://chromium-review.googlesource.com/973373
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52122}
This reverts commit f81847388c.
Reason for revert: arm is still unhappy https://build.chromium.org/p/client.v8.ports/builders/V8%20Arm%20GC%20Stress/builds/6633
Original change's description:
> Reland "[builtins] Load external references from the external-reference-table"
>
> This is a reland of 9afde91b94
>
> Original change's description:
> > [builtins] Load external references from the external-reference-table
> >
> > Off-heap code cannot embed external references. With this CL, we load
> > from the external reference table (reached through the root pointer)
> > instead.
> >
> > In a follow-up, the table could be stored within the isolate itself,
> > removing one more level of indirection.
> >
> > Bug: v8:6666
> > Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> > Reviewed-on: https://chromium-review.googlesource.com/970468
> > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> > Reviewed-by: Yang Guo <yangguo@chromium.org>
> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#52073}
>
> TBR=mstarzinger@chromium.org
>
> Bug: v8:6666, v8:7580
> Change-Id: I163cfc15605c1183b79ead77df0e37d71d60b6f7
> Reviewed-on: https://chromium-review.googlesource.com/972821
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52118}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,jgruber@chromium.org
Change-Id: I5bcd1a1c84c6e9a6a24364390c9359d43c77120d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666, v8:7580
Reviewed-on: https://chromium-review.googlesource.com/973782
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52121}
Fix up disassembly triggered by --print-*-code to print to the trace
file specified by --redirect-code-traces-to rather than unconditionally
to stdout.
Change-Id: I80a8772361e8fb0550efcbbab6a7b7d822385303
Reviewed-on: https://chromium-review.googlesource.com/973167
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52119}
This is a reland of 9afde91b94
Original change's description:
> [builtins] Load external references from the external-reference-table
>
> Off-heap code cannot embed external references. With this CL, we load
> from the external reference table (reached through the root pointer)
> instead.
>
> In a follow-up, the table could be stored within the isolate itself,
> removing one more level of indirection.
>
> Bug: v8:6666
> Change-Id: I4c612ad3d4112ec03c3b389f5bfb9cdc3dc8a671
> Reviewed-on: https://chromium-review.googlesource.com/970468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52073}
TBR=mstarzinger@chromium.org
Bug: v8:6666, v8:7580
Change-Id: I163cfc15605c1183b79ead77df0e37d71d60b6f7
Reviewed-on: https://chromium-review.googlesource.com/972821
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52118}
On ia32, the upper "half stack slot" must be located above the lower
half stack slot (in absolute address), hence the index is
"2 * index - 1" instead of "2 * index + 1". Note that the index
describes the negative offset from the stack pointer.
R=titzer@chromium.org
Bug: v8:7579
Change-Id: If207af405b126ab30043432d7934273e6e2a5330
Reviewed-on: https://chromium-review.googlesource.com/973301
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52116}
This method always calls the FATAL macro, which is also marked
[[noreturn]]. The documentation already mentioned this, but now it's
actually enforced by the compiler.
R=adamk@chromium.org
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I2e331c9826fad6aad9c22929a0d5f890a508d0d9
Reviewed-on: https://chromium-review.googlesource.com/966561
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52115}
This adds 5% testing of 'ignition' vs 'liftoff', which tests Turbofan vs
Liftoff for wasm code, and tests Ignition vs Turbofan for javascript
code.
It also adds 3% testing of 'liftoff' (x64) vs 'liftoff' (ia32), which
does standard x64 vs ia32 testing for javascript code.
R=machenbach@chromium.org
Bug: chromium:824098, v8:6600
Change-Id: I6a6afae0300efc33f3535541a11695a7bb32dcc5
Reviewed-on: https://chromium-review.googlesource.com/973161
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52111}
This CL renames InterpreterPushArgsMode::kJSFunction to kArrayFunction
because we only ever use it for the array function.
We never use PushArgsThenCall with kArrayFunction mode, so remove the
unused helpers that provide the plumbing there.
This is in preparation for changes to PushArgsThenConstruct, where we
will no longer pass the allocation site as undefined for modes other
than kArrayFunction.
Bug: v8:7503
Change-Id: I86e3333e2ebd912fc8f9b0e4248282330af4b9e2
Reviewed-on: https://chromium-review.googlesource.com/972047
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Mythri Alle <mythria@google.com>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52109}
This is a reland of 25207bf8cb
Original change's description:
> Remove isolate.h include from external-reference.h
>
> This triggers a bunch of other necessary include tweaks for files that
> used to work until now because they indirectly included isolate.h
> through external-reference.h.
>
> Bug: v8:6666
> Change-Id: I8d48db44dcc321fa32a6279f3ddacb41ab58f975
> Reviewed-on: https://chromium-review.googlesource.com/972042
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52103}
TBR=petermarshall@chromium.org
Bug: v8:6666
Change-Id: Ibbcf2c116dc3b202d325fd7644e8755ffe583ef1
Reviewed-on: https://chromium-review.googlesource.com/973062
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52108}
Some debugging tests relied on the following anti-pattern:
let exception = false;
try {
/* ... some code that may throw on test failure ... */
} catch (e) {
exception = e;
}
assertFalse(exception);
This may be problematic if a falseish value is thrown.
Change-Id: I02eace4cc656fc9581928a90ac53cda4dc72b30c
Reviewed-on: https://chromium-review.googlesource.com/972822
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52105}
This reverts commit 25207bf8cb.
Reason for revert: Mips compile failure: https://build.chromium.org/p/client.v8.ports/builders/V8%20Mips%20-%20builder/builds/16061
Original change's description:
> Remove isolate.h include from external-reference.h
>
> This triggers a bunch of other necessary include tweaks for files that
> used to work until now because they indirectly included isolate.h
> through external-reference.h.
>
> Bug: v8:6666
> Change-Id: I8d48db44dcc321fa32a6279f3ddacb41ab58f975
> Reviewed-on: https://chromium-review.googlesource.com/972042
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52103}
TBR=jgruber@chromium.org,petermarshall@chromium.org
Change-Id: I2e867d3c82b020b4fd5201aaa5cf6ed65b081ca2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/973061
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52104}
This triggers a bunch of other necessary include tweaks for files that
used to work until now because they indirectly included isolate.h
through external-reference.h.
Bug: v8:6666
Change-Id: I8d48db44dcc321fa32a6279f3ddacb41ab58f975
Reviewed-on: https://chromium-review.googlesource.com/972042
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52103}
Code is often being patched after creating, thus we don't need to flush
the icache right away.
This CL introduces a new enum to specify whether the icache should be
flushed or not, and uses this in all methods which don't always need to
flush.
Drive-by: Fix a but where SKIP_ICACHE_FLUSH was interpreted as boolean
value.
R=mstarzinger@chromium.org
Change-Id: I13ac71d2a7168a065b8a4a1086c590816de8ca28
Reviewed-on: https://chromium-review.googlesource.com/971881
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52102}
The multi-return tests and fuzzer used a custom call descriptor which
was based on the default RegisterConfiguration. This meant that for the
tests, all available registers could be used to pass parameters and to
return values. This caused a problem, because in some cases we need a
scratch register in the frame deconstruction.
With this CL I change both the tests and the fuzzer to use the
WebAssembly call descriptor. Thereby we only use 2 registers for
returns, and one of the other registers can be used as scratch
register.
WebAssembly is the only use case at the moment which wants to return
values not only through registers but also over the stack. Therefore
I think it's acceptable to only test the WebAssembly usecase.
R=mstarzinger@chromium.org
Bug: chromium:813288
Change-Id: I31bed757af5f3e8589d2b3dfb6f0112ddecd1a20
Reviewed-on: https://chromium-review.googlesource.com/970656
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52099}
Liftoff does not need to reference its own code object, so don't
allocate a handle for that purpose.
This also allows to create LiftoffAssembler instances in background
tasks where no handle scope is available.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I2911aebd14aaa8450456cb8eea16cea547e0b671
Reviewed-on: https://chromium-review.googlesource.com/972081
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52098}
Continuations are called directly from the deoptimizer, and thus cannot
be lazy. This also changes the corresponding assertion to an
unconditional CHECK in order to catch this type of mistake early.
Drive-by: Sort Builtins::IsLazy.
Bug: chromium:823292
Change-Id: I739429ef574e40d7b9ba40cd209175054eb73349
Reviewed-on: https://chromium-review.googlesource.com/972282
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52094}
