These safepoints weren't needed and weren't even valid
(e.g. pointing to the wrong instruction). The exception are
Wasm C API functions, where we do need a safepoint (and can
work around the invalid address).
Bug: v8:10037
Change-Id: I597c33dbd542394990fbd006ba8c16ccff7e260e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002530
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65806}
... and remove a related, unused function.
Bug: v8:7790
Change-Id: I803f4b747220a1722e096ef77fcc6c8a9e18fe1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002534
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65805}
Changes FastCheck failures to just call Unreachable (which in turn
calls DebugBreak) instead of DebugBreak and then returning to just
after the check. FastCheck is only called in release builds so this
does not affect debug builds.
This reduces the embedded instruction size from 1249720 to 1246812
(2908 bytes) for ARM.
Change-Id: If4b9b6810a53d64262a0fa9c2a1903e022748a22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002538
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65803}
DebugBreak allows you to put break points into generated code. When
executed in gdb, the execution will stop in the generated code at the
break point.
R=clemensb@chromium.org
Change-Id: I5607d7ec45d4910412c7adff5ae9bea2c9498909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002536
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65802}
Add missing disasm tests for vroundss and vpalignr.
Fix disasm for vinsertps and vpinsrq.
Change-Id: I0f3907761b998d27ec00435a569084724af54ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1990140
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65799}
Most of the implementation work has been done as part of previous
patches, this finishes it by adding a new case for LoadType, and also
adding a test. The arm and arm64 implementation is new, and wasn't
required, since the Liftoff tests (in nooptimization variants) are
skipped on arm and arm64, and hence did not fail.
Bug: v8:9909
Change-Id: I01bd86d2e46de852bc067f44c802f66ac9e9b029
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2001561
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65798}
This reverts commit 3352fcc900.
Reason for revert: Causing wasm/tier-down-to-liftoff.js to be flaky, https://crbug.com/v8/10086
Original change's description:
> [wasm] Perform NativeModule tier down in parallel.
>
> Reuse logic in {CompileNativeModule} function in module-compiler.cc:
> initialize parallel compile jobs, then wait for them to finish while
> taking part in this compilation.
>
> Bug: v8:9654
> Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#65763}
TBR=rmcilroy@chromium.org,clemensb@chromium.org,duongn@microsoft.com
Change-Id: Ie3a0a3b2315879b6c19ef25f435fdc83c297b23b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002692
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65797}
Rename ToNumber to PlainPrimitiveToNumber since it must only be used on
primitives, as we assume that it never throws and has no side effects.
Change-Id: I78880545e58e46d38712f5ab75fe0b627ad178c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002394
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65796}
Port ba14c2f354
Original Commit Message:
Add kWasmS128 to the list of supported types, and implement Fill for all
the architectures so that LocalGet works.
Add a new test file to contain tests that run only on Liftoff, and
assert that the code is indeed compiled by Liftoff.
We cannot rely on the nooptimization variant for testing
because by default, if Liftoff compilation fails, it will fall back to
Turbofan, and we accidentally get a test passing.
We skip these tests on mips architecture that don't support SIMD, since
there is no way to implement these, and we don't have a "lowering" phase
for Liftoff.
As we implement more of SIMD in Liftoff, we can add more
tests to this file and ensure correctness. Future patches will introduce
support for globals and params.
R=zhin@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I776b3d93dd4dc53641650ac30b26661e52142287
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002688
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#65792}
Without the type check, Bytecode() may read OOB. Note that this is an
internal, test-only runtime function.
Bug: chromium:1041316
Change-Id: Id9898400605719df2a294e7654cf36ddeec23af1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002395
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65790}
This extends the debug side table to track stack offsets of locals and
operand stack slots, and uses this to read spilled value from the
physical stack frame when inspecting Liftoff frames.
R=jkummerow@chromium.org
Bug: v8:10019
Change-Id: Ida7ab5256fcc1e9d408201f4eafe26919f1432a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000739
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65789}
Add decoding of ref.null as a valid argument for references in
TurboFan, LiftOff and the interpreter.
R=ahaas@chromium.orgR=jkummerow@chromium.org
Bug: chromium:10063
Change-Id: I1e2d9c76f616dacb3aa06f8b535543bdcdcf0783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1991485
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65788}
Introduce OffThreadFactory with initial string construction support.
The OffThreadFactory shares with Factory a new CRTP base class, called
FactoryBase. Methods in FactoryBase return a FactoryHandle<Factory, T>
alias, which is Handle<T> for normal Factory and a new OffThreadHandle<T>
for OffThreadFactory. OffThreadHandle<T> behaves like Handle<T>, except
it stores the object in-line rather than needing external storage.
Any shared factory methods are moved into FactoryBase, which uses CRTP
to call the sub-class's AllocateRaw method (plus a few more customization
points which need Isolate access on the main thread).
Methods that used to take an Isolate or Factory, and are needed off the
main thread, are now expected to be templated on the factory type and
to use the appropriate handle.
Once an OffThreadFactory has finished being used (e.g. off-thread
compilation completed) its pages are "Published" into the main-thread
Heap. To deal with string internalization without creating a bunch of
ThinStrings, this is done in two stages:
1. 'FinishOffThread': The off-thread pages are walked to
collect all slots pointing to "internalized" strings. After this is
called it is invalid to allocate any more objects with the factory.
2. 'Publish': On the main thread, we transform these slots into
<Handle to holder, offset> pairs, then for each saved slot
re-internalize its string and update the slot to point to the
internalized string.
Bug: chromium:1011762
Change-Id: I008a694da3c357de34362bd86fe7e1f46b535d5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1992434
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65787}
The DCHECKs ensured that all on-stack handles removed when the embedder
notifies V8 of an empty stack are indeed below the current stack limit.
This is brittle, as the calls that are guaranteed to have no stack
above, e.g., non-nestable tasks executing GC, sometimes have larger
stack depth then previously registered on-stack handles. Resetting the
slot to avoid UAF is not possible/needed as it is guaranteed in such
cases that the stack is indeed different from the stack that was used
when registering an on-stack handle.
This CL removes the DCHECKs and trust the embedder on such calls,
similar to when the embedder tells V8 that there's no interesting C++
stack on top of a call to avoid conservative stack scanning.
Bug: chromium:1040038
Change-Id: I2e8c77d8080f2d888f773984646998bede59e19c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000753
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65786}
When reserving the requested virtual memory fails (due to address space
exhaustion), simply return nullptr to indicate allocation failure, which
callers must be prepared to handle anyway. That way, ClusterFuzz will
correctly classify OOM situations.
Bonus change: skip demo test on simulators to save time.
Drive-by cleanup: add a 'simulator_run' section to mjsunit.status
Bug: chromium:1042151,chromium:1042173
Change-Id: I8569f3c0d2a681fbf6f91b665dcb88a4ac3b901e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2002391
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65785}
This moves first parts of the wrapper generation to the GraphAssembler.
We should migrate more code in follow-up CLs, and think about also
computing the schedule in the GraphAssembler (once everything is
migrated).
This also removes the only uses of the controversial {HalfDiamond}
construct, hence this is also removed in this CL.
Plus a bug fix in the GraphAssembler::Call method, and a new method
in GraphAssembler to load heap number values.
R=jkummerow@chromium.org, tebbi@chromium.org
Bug: v8:10123
Change-Id: Iac4661cdd50049cb73a2f305e280c1af6200729a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000756
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65784}
This CL adds optimizations for Word64And, Word64Or and Word64Xor
to the MachineOperatorReducer. Some of these (esp. constant folding)
have previously been removed from CodeAssembler to streamline
the optimization pipeline.
Bug: v8:10021
Change-Id: I679f0b60589a84b2d92ca6d9083efaddfe0b6423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1997131
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65781}
Some architectures used {kConstantStackSpace}, others used
{kInstanceOffset}. This CL unifies it to {kInstanceOffset} and uses that
constant consistently (in {GetInstanceOperand}).
R=zhin@chromium.org
Bug: v8:10019
Change-Id: Ia2b6908e289591e2dbc48e559e11407877b7c4ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000146
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65780}
This CL attempts to fix a chrome crash seen in the wild. Without a
reproducer, the current working theory is that we hit a 'null' context
in some edge case, causing us to access an empty handle. This CL
prevents the empty context handle to be dereferenced.
TBR=yangguo@chromium.org
Bug: chromium:1038747
Change-Id: Icd6f4853a22ddbf1e504f0f0f90c065b3437f8ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000752
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65776}
Without the type check, Code() may read OOB. Note that this is an
internal, test-only runtime function.
Bug: chromium:1041316
Change-Id: I8c0b21ce3c2aea8aa3d065b99d8ab45a8c9e754f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000749
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65775}
Native C++ arrays cannot have size 0 and thus need a dummy element
when filled with variadic template args. std::array does not have this
limitation and makes related code easier to read.
Bug: v8:9972
Change-Id: I70304b55525bd67d966fa69c663a71c202245d14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000751
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65774}
With --stress-opt, the second run will share the NativeModule with the
first run, hence it's in a nondeterministic state and the test
expectations fail.
TBR=ahaas@chromium.org
CC=duongn@microsoft.com
No-Try: true
Bug: v8:10086, v8:9654
Change-Id: I74cf5e841ae2330b3b846ee742cc022305ec9636
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000750
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65773}
blendvpd should not be defined in the macro list, since the AVX version
has 4 operands, not 3.
Change-Id: Id020b460fa1a3510a91490f3b2286024cc6c5994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1990139
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65771}
Add kWasmS128 to the list of supported types, and implement Fill for all
the architectures so that LocalGet works.
Add a new test file to contain tests that run only on Liftoff, and
assert that the code is indeed compiled by Liftoff.
We cannot rely on the nooptimization variant for testing
because by default, if Liftoff compilation fails, it will fall back to
Turbofan, and we accidentally get a test passing.
We skip these tests on mips architecture that don't support SIMD, since
there is no way to implement these, and we don't have a "lowering" phase
for Liftoff.
As we implement more of SIMD in Liftoff, we can add more
tests to this file and ensure correctness. Future patches will introduce
support for globals and params.
Bug: v8:9909
Change-Id: I7fc911f2d588d60c709ddb258b2efc1f22805fab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1999470
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65768}
I also fixed one issue in the wasm interpreter.
R=clemensb@chromium.org
Bug: v8:10180
Change-Id: Ie30e908ad051a27fa611e8d36134b67aaf4c830c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000741
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65764}
Reuse logic in {CompileNativeModule} function in module-compiler.cc:
initialize parallel compile jobs, then wait for them to finish while
taking part in this compilation.
Bug: v8:9654
Change-Id: I9974d9f8b516e9faec716a592c7c0ee9c7077d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1977041
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65763}
This Tnodifies the CombineFeedback and OverwriteFeedback methods and
changes the TaggedToWord32OrBigInt* ann TaggedToNumeric methods to take
TVariables.
Additionally it refactors bitwise binary operators in
intepreter-generator.cc and builtins-number-gen.cc and puts the common
code in NumberBuiltinsAssembler.
Bug: v8:10021
Change-Id: I3b15ecfadb42b50ffbfd0bd1114197e0fef42e99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1995387
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65762}
The DCHECK was not correct in pointer compression mode.
Change-Id: Ifc00478df10962a8114f2d9cd1596ddaedc60d97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000742
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65761}
This just removes the flag if it is not supported anyway. This avoids
fuzzers trapping over this.
The same was done for the --perf-prof flag in
https://crrev.com/c/1993969.
R=ahaas@chromium.org
Bug: chromium:1035233
Change-Id: I7b4b8fdd141df717cc62d795534f30435f7b38c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1998083
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65760}
Tests which set the --perf-prof flag leave behind a file in the current
working directory every time they execute.
In order to avoid this, this CL introduces a --perf-prof-delete-file
flag, which removes this file right after creating it. This still allows
the process to write to it via the open handle, but the file will be
gone afterwards, even if the process crashes or gets killed while
executing.
R=ahaas@chromium.org
Bug: v8:10121
Change-Id: I99b159bb6d94255f77095ac78d98ba55106e94fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2000738
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65759}
- Introduces a API to set top of the stack through
EmbedderHeapTracer::SetStackTop.
- Introduces a new API to inform V8 about an empty embedder stack.
- Switch internal representation of TracedReference
for on-stack handles to a proper stack that considers all
contained handles as roots.
- Handle garbage is avoided by cleaning up on handle creation or
GC.
Design doc: https://bit.ly/on-stack-traced-reference
Bug: chromium:1040038
Change-Id: I927ef0abb268fdb5853c9e17b1bc96e2491cf101
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1993973
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65757}
