Commit Graph

65036 Commits

Author SHA1 Message Date
Ulan Degenbaev
a282d2e9d2 Revert "[heap] Convert WeakObjects to heap::base::Worklist"
This reverts commit 969cdfe6b5.

Reason for revert: speculative revert for crbug.com/1135472

Original change's description:
> [heap] Convert WeakObjects to heap::base::Worklist
>
> This splits WeakObjects into explicit global and local worklists.
> The latter are defined in WeakObjects::Local and are thread-local.
>
> The main thread local worklist is stored in
> MarkCompactCollector::local_weak_objects and exists during marking
> similar to local_marking_worklists. Concurrent markers create their
> own local worklists that are published at the end.
>
> Change-Id: I093fdc580b4609ce83455b860b90a5099085beac
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440607
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70317}

TBR=ulan@chromium.org,dinfuehr@chromium.org

Change-Id: I3fa3bfdcf3c359f46a3b56c19fb4e486883cde9d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2452749
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70344}
2020-10-06 14:21:55 +00:00
Omer Katz
0738b2243c cppgc: Fix in-construction object tracing
This CL fixes 2 issues:
1) Objects should be unmarked when pushed to in-construction objects
worklist by the write barrier. Otherwise tracing will bailout on them.
2) When finalizing with stack, in-construction objects may still be
unmarked.

Bug: v8:10989
Change-Id: I60707c70a221df59172596ab06ebf6a087270595
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450014
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70343}
2020-10-06 14:07:59 +00:00
Milad Fa
e2ce0adeb4 s390: include capped_offset on BE machines.
Change-Id: I52ad4cc6e41acf2be530aac521f0fa61ca35cd41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2452597
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70342}
2020-10-06 14:01:49 +00:00
Camillo Bruni
28c2e433d0 [runtime] Fix global_dictionary case in SetOrCopyDataProperties
Bug: chromium:1133210
Change-Id: Ic60e88ab3c50602a71387f7c3a1253d70a7c69fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450061
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70341}
2020-10-06 12:27:15 +00:00
Camillo Bruni
add718276e [api] Advance deprecation of ResourceConstraints API methods
V8_DEPRECATE_SOON happened in v7.7

Bug: v8:9306
Change-Id: I652b494c88534e531c2bef3a1417bfb18c594e85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450065
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70340}
2020-10-06 12:26:10 +00:00
Jakob Gruber
af118269b5 [nci] Add a --isolate-script-cache-ageing flag
The NCI cache depends on the script cache (which is essentially a
SharedFunctionInfo cache, and the SFIs contain bytecode) to
deduplicate SFIs across native contexts. NCI caching does not work
without script caching. Thus the lifetimes of both caches should
match; in particular, disabling cache ageing for NCI is only effective
if script cache ageing is also disabled.

This CL adds an --isolate-script-cache-ageing flag. It's separate from
the --turbo-nci-cache-ageing flag s.t. we can disable script cache
ageing *without NCI* for benchmarking purposes.

Future work: Good ageing heuristics for both script and nci caches.

Bug: v8:8888
Change-Id: Ia5546feeced5821a538d97db1bb8f5bb92528114
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2452471
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70339}
2020-10-06 11:51:32 +00:00
Clemens Backes
24b3c1610f [wasm] Use more GraphAssembler
This rewrites some more code to use GraphAssembler methods instead of
manually creating and adding the nodes. To this end, we add three more
methods to the GraphAssembler: UintPtrConstant, ProtectedStore, and
ProtectedLoad.

R=ahaas@chromium.org, tebbi@chromium.org

Bug: v8:10123
Change-Id: I825137d4355d117d88e29063ab2ac68340883f77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445512
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70338}
2020-10-06 11:49:20 +00:00
Michael Lippautz
930654e5f2 cppgc: Fetch test name for ForceGarbageCollectionSlow in tests
Bug: chromium:1056170
Change-Id: Ie625d34dca248cbb5980b73363c382a259538bcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2452469
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70337}
2020-10-06 11:34:20 +00:00
Vicky Kontoura
cc5498572c [wasm] Count calls to exported functions
This CL adds a call counter in the WasmExportedFunctionData. The counter
is incremented every time a call to an exported WebAssembly function is
handled through the generic js-to-wasm wrapper.

Bug: v8:10982
Change-Id: Iad40b414b0c7d2f4ab340ff4ebb7b24c60b3a974
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445873
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70336}
2020-10-06 11:09:30 +00:00
Jakob Kummerow
086eecbd96 [platform] Add Permission::kNoAccessWillJitLater enum value
This value is unused for now. This CL is part 1 of a 3-step dance.
Part 2 will be teaching Chrome's Platform implementation to accept
the new value. Part 3 will then actually use it in V8.

Bug: chromium:1117591
Change-Id: Ie3aed20d4cc58f3def3be2a3a03bba4c3a37bf44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450056
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70335}
2020-10-06 11:03:31 +00:00
Camillo Bruni
66bafce629 [api] Advance deprecation of String::isExternal
V8_DEPRECATE_SOON happened in v8.7

Bug: v8:10641
Change-Id: Ia20f89da38b1e739051d019a395ff1e7989a361b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450063
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70334}
2020-10-06 10:47:50 +00:00
Clemens Backes
cfce5cba7c [wasm][cleanup] Expose fewer methods for building constants
The API of the {WasmGraphBuilder} should provide methods for all wasm
opcodes. For constants, that is {Int32Constant}, {Int64Constant},
{Float32Constant}, {Float64Constant}, and {Simd128Constant}. The other
helpers ({Uint32Constant} and {IntPtrConstant}) were only used
internally, hence remove them from the API and call the {MachineGraph}
method directly.

R=ahaas@chromium.org

Bug: v8:10933
Change-Id: Ifeec88f30062ede468bf6b7af2d2b214547130bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445475
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70333}
2020-10-06 10:39:40 +00:00
Philip Pfaffe
afd2692564 Add more index spaces to the WebAssembly JS debug proxy
This CL adds the globals index space to the JS debug proxy as well as the
stack object. It also adds few small helpers to simplify the proxy setup
a little, since all index spaces work exaclty the same.

Bug: chromium:1127914
Change-Id: I707292ab7f44aafb73751c17fdacfef976316f39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448468
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70332}
2020-10-06 09:43:06 +00:00
Clemens Backes
82cb91c2b9 [wasm][memory64] Prepare TurboFan for 64-bit memory offsets
This CL changes the WasmGraphBuilder interface to accept 64-bit memory
offsets, and adapts the implementation to handle them correctly.

R=manoskouk@chromium.org

Bug: v8:10949
Change-Id: Ifd42edc855c9283ef69522663c735ab31c3d54f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445474
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70331}
2020-10-06 08:04:01 +00:00
Jakob Gruber
1ba58b4d71 [snapshot] Emit embedded blob code data start as function symbol
The UMA sampling profiler needs a way to detect the beginning of the
embedded builtins code range; a plain symbol is not enough, but a
function symbol should be good.

This changes (x64)

 v8_Default_embedded_blob_code_data_:

to

 v8_Default_embedded_blob_code_data_:
 .type v8_Default_embedded_blob_code_data_, @function
 .size v8_Default_embedded_blob_code_data_, 0

Bug: v8:6666
Change-Id: I5dce3aaca0f36e15ad4339e20fbbdc76282a289e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450058
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70330}
2020-10-06 07:49:41 +00:00
Ulan Degenbaev
acf5e1aabb Split v8_enable_concurrent_marking into two flags
The new flags are
- v8_enable_atomic_object_field_writes that makes field write operations
  relaxed atomic.
- v8_enable_atomic_marking_state that makes the marking state and the
  write-barrier thread-safe.

The motivation is that we want to disable atomic object fields while
keeping the marking states thread-safe. This allows us to increase
TSAN coverage for background compilation and streaming tasks while
keeping the write-barrier used by the tasks thread-safe.

Bug: v8:10988
Change-Id: I11d66954dda4bf36d24c5e6f14ee5bc7a0f86094
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448467
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70329}
2020-10-06 07:45:41 +00:00
Adam Klein
a10ec2be98 Revert "Reland^3 "[serializer] Allocate during deserialization""
This reverts commit 3f4e9bbe43, along
with the following dependent changes (reverted to make this a clean revert):
76ad3ab597 [identity-map] Change resize heuristic
77cc96aa48 [identity-map] Cache the calculated Hash
bee5b996aa [serializer] Remove Deserializer::Initialize
c8f73f2266 [serializer] Cache instance type in PostProcessNewObject
4e7c99abda [identity-map] Remove double-lookups in IdentityMap

Reason for revert: major crash spike on Canary (https://crbug.com/1135027)

Original change's description:
> Reland^3 "[serializer] Allocate during deserialization"
>
> This is a reland of c4a062a958
> which was a reland of 28a30c578c
> which was a reland of 5d7a29c90e
>
> Fixes TSAN errors from non-atomic writes in the deserializer. Now all
> writes are (relaxed) atomic.
>
> Original change's description:
> > Reland^2 "[serializer] Allocate during deserialization"
> >
> > This is a reland of 28a30c578c
> > which was a reland of 5d7a29c90e
> >
> > The crashes were from calling RegisterDeserializerFinished on a null
> > Isolate pointer, for a deserializer that was never initialised
> > (specifically, ReadOnlyDeserializer when ROHeap is shared).
> >
> > Original change's description:
> > > Reland "[serializer] Allocate during deserialization"
> > >
> > > This is a reland of 5d7a29c90e
> > >
> > > This reland shuffles around the order of checks in Heap::AllocateRawWith
> > > to not check the new space addresses until it's known that this is a new
> > > space allocation. This fixes an UBSan failure during read-only space
> > > deserialization, which happens before the new space is initialized.
> > >
> > > It also fixes some issues discovered by --stress-snapshot, around
> > > serializing ThinStrings (which are now elided as part of serialization),
> > > handle counts (I bumped the maximum handle count in that check), and
> > > clearing map transitions (the map backpointer field needed a Smi
> > > uninitialized value check).
> > >
> > > Original change's description:
> > > > [serializer] Allocate during deserialization
> > > >
> > > > This patch removes the concept of reservations and a specialized
> > > > deserializer allocator, and instead makes the deserializer allocate
> > > > directly with the Heap's Allocate method.
> > > >
> > > > The major consequence of this is that the GC can now run during
> > > > deserialization, which means that:
> > > >
> > > >   a) Deserialized objects are visible to the GC, and
> > > >   b) Objects that the deserializer/deserialized objects point to can
> > > >      move.
> > > >
> > > > Point a) is mostly not a problem due to previous work in making
> > > > deserialized objects "GC valid", i.e. making sure that they have a valid
> > > > size before any subsequent allocation/safepoint. We now additionally
> > > > have to initialize the allocated space with a valid tagged value -- this
> > > > is a magic Smi value to keep "uninitialized" checks simple.
> > > >
> > > > Point b) is solved by Handlifying the deserializer. This involves
> > > > changing any vectors of objects into vectors of Handles, and any object
> > > > keyed map into an IdentityMap (we can't use Handles as keys because
> > > > the object's address is no longer a stable hash).
> > > >
> > > > Back-references can no longer be direct chunk offsets, so instead the
> > > > deserializer stores a Handle to each deserialized object, and the
> > > > backreference is an index into this handle array. This encoding could
> > > > be optimized in the future with e.g. a second pass over the serialized
> > > > array which emits a different bytecode for objects that are and aren't
> > > > back-referenced.
> > > >
> > > > Additionally, the slot-walk over objects to initialize them can no
> > > > longer use absolute slot offsets, as again an object may move and its
> > > > slot address would become invalid. Now, slots are walked as relative
> > > > offsets to a Handle to the object, or as absolute slots for the case of
> > > > root pointers. A concept of "slot accessor" is introduced to share the
> > > > code between these two modes, and writing the slot (including write
> > > > barriers) is abstracted into this accessor.
> > > >
> > > > Finally, the Code body walk is modified to deserialize all objects
> > > > referred to by RelocInfos before doing the RelocInfo walk itself. This
> > > > is because RelocInfoIterator uses raw pointers, so we cannot allocate
> > > > during a RelocInfo walk.
> > > >
> > > > As a drive-by, the VariableRawData bytecode is tweaked to use tagged
> > > > size rather than byte size -- the size is expected to be tagged-aligned
> > > > anyway, so now we get an extra few bits in the size encoding.
> > > >
> > > > Bug: chromium:1075999
> > > > Change-Id: I672c42f553f2669888cc5e35d692c1b8ece1845e
> > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2404451
> > > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > > > Cr-Commit-Position: refs/heads/master@{#70229}
> > >
> > > Bug: chromium:1075999
> > > Change-Id: Ibc77cc48b3440b4a28b09746cfc47e50c340ce54
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440828
> > > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > > Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > > Cr-Commit-Position: refs/heads/master@{#70267}
> >
> > Tbr: jgruber@chromium.org,ulan@chromium.org
> > Bug: chromium:1075999
> > Change-Id: Iaa8dc54895866ada0e34a7c9e8fff9ae1cb13f2d
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444991
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#70279}
>
> Tbr: jgruber@chromium.org,ulan@chromium.org
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng,v8_linux64_tsan_no_cm_rel_ng,v8_linux64_tsan_isolates_rel_ng
> Bug: chromium:1075999
> Change-Id: I0b9b11644aebc4cc8b07c62a0f765b24e4d73d89
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445872
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70288}

TBR=ulan@chromium.org,jgruber@chromium.org,leszeks@chromium.org,dinfuehr@chromium.org

Bug: chromium:1075999, chromium:1135027
Change-Id: I5d0d9e49c0302d94ff7291834f5f18e7a0839eb7
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng,v8_linux64_tsan_no_cm_rel_ng,v8_linux64_tsan_isolates_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2451030
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70328}
2020-10-05 21:51:50 +00:00
Milad Fa
f29078a801 s390: [was-simd] Fix Vector pack and unpack behaviour.
Due to the lane numbering difference between Intel and IBM machines,
we need to switch the input registers when doing a vector pack.

Change-Id: I40e1fdae308e5dcd67aafab2abf099d4be0bb1a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450832
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70327}
2020-10-05 21:08:11 +00:00
Shu-yu Guo
9edcb19658 Revert "[heap] String::MakeThin can get away without NotifyObjectLayoutChange"
This reverts commit 6e621f84ba.

Reason for revert: Suspicion of GC stress failures like https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/30260

Original change's description:
> [heap] String::MakeThin can get away without NotifyObjectLayoutChange
>
> String::MakeThin doesn't need to invoke NotifyObjectLayoutChange because
> ThinString will only introduce tagged values and hence will not
> overwrite recorded slots with untagged values.
>
> Bug: v8:10315
> Change-Id: Iaff9c06cef763462eb57bf3debc5183ae8db6fa0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448792
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70321}

TBR=ulan@chromium.org,leszeks@chromium.org,dinfuehr@chromium.org

Change-Id: I11c12e25702eb816cf616593d817a6ee3f691188
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2451029
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70326}
2020-10-05 18:50:12 +00:00
Seth Brenith
73a8eded22 [torque] Generate shorter code for indexed field accesses
Currently, when accessing a field that doesn't have a constant offset,
Torque emits code to compute each preceding indexed field's length and
add them all together. This works, but such code can get super long if a
class has many indexed fields, and especially if the length expressions
of some indexed fields refer to other indexed fields. We'd like the
output of the new C++ backend to be short enough to go in inline headers
which will be included in many compilation units.

This change attempts to reorganize the code so that the computation of
each length expression can only be emitted exactly once. This only
shortens the generated C++ code; the resulting TurboFan output should be
identical. There are two main parts:
1. For each indexed field, we already generate a macro that can get a
   Slice referring to that field. Update these macros to not use the dot
   operator on that field. Using the dot operator on the predecessor
   field is allowed.
2. Update the dot operator for indexed fields to emit a call to the
   macro from step 1.

This sort of reverses the dependency added by the previous change
https://crrev.com/c/2429566 : rather than the slice macros depending on
the dot operator, this change makes the dot operator depend on the slice
macros.

The overall torque_generated directory shrinks by under 1% with this
change, but the runtime_macros.cc file (which should eventually become
inline headers) shrinks by 24%. More to the point, this change keeps
runtime_macros.cc from ballooning out of control when we add a
work-in-progress Torque definition for ScopeInfo
( https://crrev.com/c/2357758 ).

Bug: v8:7793
Change-Id: I989dda9c3666f1a49281fef03acb35baebb5b63a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2432070
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70325}
2020-10-05 18:08:10 +00:00
Leszek Swirski
76ad3ab597 [identity-map] Change resize heuristic
Change the resizing behaviour on insert to match that of the hash map
in base. Specifically, resize when hitting 80% occupancy.

Locally, I measure a ~6% improvement in serialization time from this
change.

Change-Id: I3fe84de39b2337859fe75fa6b3848198b82071ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448798
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70324}
2020-10-05 17:51:30 +00:00
Maya Lekova
95bb97bc02 [turbofan] Make OSR and stack slots compatible
Bug: chromium:1130844, v8:10973
Change-Id: I912f2cf6cedaf22dd50d456622880ea266b65dcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445509
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70323}
2020-10-05 17:41:02 +00:00
Georg Neis
e2b6fa84d6 Rename SYNCHRONIZED_ACCESSORS* to RELEASE_ACQUIRE_ACCESSORS*
... so that they match the corresponding DECL_* macros.

Change-Id: Idb26901eeb1219945a1e701dd7c28a58ce978bf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449977
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70322}
2020-10-05 17:38:10 +00:00
Dominik Inführ
6e621f84ba [heap] String::MakeThin can get away without NotifyObjectLayoutChange
String::MakeThin doesn't need to invoke NotifyObjectLayoutChange because
ThinString will only introduce tagged values and hence will not
overwrite recorded slots with untagged values.

Bug: v8:10315
Change-Id: Iaff9c06cef763462eb57bf3debc5183ae8db6fa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448792
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70321}
2020-10-05 16:48:41 +00:00
Clemens Backes
a024ea4ba7 [wasm][fuzzer] Fix data race when setting flags
Fuzzers are executed in their own process, so instead of resetting flags
after execution, we can just keep the flag values.
This CL introduces a shared function to enable all staged features,
without ever resetting the value. This fixes a data race.

R=ahaas@chromium.org

Bug: v8:10979
Change-Id: I82ea35b887841850edd8b394a3644cf8df1e3bf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449969
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70320}
2020-10-05 16:31:11 +00:00
Leszek Swirski
77cc96aa48 [identity-map] Cache the calculated Hash
In IdentityMap, explicitly pass the key's hash so that it can be cached
between Lookup and Insert.

Change-Id: Ib8a2d96cc399ae025f54c61c129dd4cd18d86c7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448795
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70319}
2020-10-05 16:20:51 +00:00
Manos Koukoutos
4d9d851899 [wasm-gc][bug] Fix signature canonicalization
We used not to emit canonical indexes for arrays and structs into
WasmModule::signature_ids, which resulted in signature_ids not referring
to the correct type indices in a WasmModule.

Changes:
- Rename signature_ids to canonical_type_ids.
- Emit trivial canonical type ids for structs and arrays.
- Add a test to catch the existing bug.
- Improve DCHECKs for module type accessors.

Bug: v8:7748
Change-Id: I67ad58865e35b459b21db12557564b652035db75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2444989
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70318}
2020-10-05 16:16:51 +00:00
Ulan Degenbaev
969cdfe6b5 [heap] Convert WeakObjects to heap::base::Worklist
This splits WeakObjects into explicit global and local worklists.
The latter are defined in WeakObjects::Local and are thread-local.

The main thread local worklist is stored in
MarkCompactCollector::local_weak_objects and exists during marking
similar to local_marking_worklists. Concurrent markers create their
own local worklists that are published at the end.

Change-Id: I093fdc580b4609ce83455b860b90a5099085beac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440607
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70317}
2020-10-05 15:40:01 +00:00
Ulan Degenbaev
defe1a0ff8 [test] Add ManualGCScope to test-spaces/SizeOfInitialHeap
The test does not expect GC to happen while it is running

Bug: v8:10988
Change-Id: Idcd30bde4ae1a7c3386a5d8c4c46e46e839e0fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449971
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70316}
2020-10-05 15:38:02 +00:00
Philip Pfaffe
ae3f94bd2a Expose a proxy object to evaluateOnCallFrame for WebAssembly
When debugging WebAssembly, calls to evaluateOnCallFrame always return
undefined. This CL enables evaluateOnCallFrame for WebAssembly and
creates a proxy object that is injected into the evaluation context.

Bug: chromium:1127914
Change-Id: I3f5cff3be2c9de45c7b1f3f7ed4fc2e1cc545ac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429265
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70315}
2020-10-05 15:12:41 +00:00
Santiago Aboy Solanes
a5024f9b4f [cleanup] Remove unused context parameters
These three wasm methods do not use the context, but were passed one:
 * WasmInt32ToHeapNumber
 * WasmFloat32ToNumber
 * WasmFloat64ToNumber

Bug: v8:6949, v8:10933
Change-Id: I55e4264f7e06f3fb8338df77d12132c938acfcff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2445934
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70314}
2020-10-05 15:02:31 +00:00
Seth Brenith
c7c5d50dee [torque] Add C++ backend for Torque compiler
This change adds a new code generator, which supports a subset of the
instructions supported by the existing CSAGenerator, and instead of
generating CSA it generates runtime C++ code. The new generator is used
to generate a set of Torque macros that return slices to indexed fields.
These new macros should be sufficient to eventually support
Torque-generated field accessors, BodyDescriptors, verifier functions,
and postmortem field inspection in debug_helper.

Bug: v8:7793
Change-Id: Ife2d25cfd55a08238c625a8b04aca3ff2a0f4c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429566
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#70313}
2020-10-05 14:48:48 +00:00
Leszek Swirski
b90717df29 [intl] Fix timezone bug in test
If we're testing printing in UTC timezone, then we have to be careful to
also input the date in UTC, else local timezone will affect the test.

Fixed: chromium:1135116
Change-Id: I49981c263e7b1fa1492b4644c5d4846fd94e5613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448793
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70312}
2020-10-05 14:41:51 +00:00
Manos Koukoutos
cdb3da7f5f [wasm-gc][bug] call_indirect should check for null table entries
This was not happening when there was no need to typecheck the entry.

Additional changes:
- Add tests with null table entries for typed and untyped function
  tables.
- Allow AddIndirectFunctionTable in wasm-run-utils to specify table
  type.
- Add possibility to define tables in test-gc.cc.
- Merge trapTableOutOfBounds with trapInvalidFunc.
- Use trapTableOutOfBounds in call_indirect as appropriate.
- Fix emission of table types in wasm-module-builder.cc.

Bug: v8:9495
Change-Id: I4a857ff4378e5a87dc0646d94b4c75635a43c55b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442622
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70311}
2020-10-05 13:08:20 +00:00
Leszek Swirski
bee5b996aa [serializer] Remove Deserializer::Initialize
Remove the separate Initialize method from Deserializer, opting instead
to pass around SnapshotData where appropriate and pass the isolate
directly into the Deserializer's constructor.

Change-Id: I0092fadd9c81f14b2ce75145fd81af37c3947c65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448466
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70310}
2020-10-05 13:00:05 +00:00
Omer Katz
f6bc6b6d0b cppgc: Thread safe JSMember
Make all writes to JSMember.val_ atomic and atomically check for
emptiness in Trace.

Bug: chromium:1056170
Change-Id: Ia7034b9318df081aa61c9b6664903dd4f73402a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2431569
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70309}
2020-10-05 11:40:46 +00:00
Ulan Degenbaev
ff61743fb0 [heap] Refactor marking weak object worklists
This CL extracts weak object worklist related code into separate files
and uses a macro to specify all weak object worklists in a generic way.

The motivation of the refactoring is twofold:
1) We can now enforce that each weak object worklist is updated after
   Scavenge. (Forgetting to define the update function causes a link
   time error.)
2) The reduced boilerplate will be useful for transitioning to the
   new ::heap::base::Worklist.

Change-Id: Ic80a7ccca010c09370d6525f43d78de24192f8ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442624
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70308}
2020-10-05 11:26:55 +00:00
Santiago Aboy Solanes
a50f54c1cd [csa][cleanup] Partly TNodify SharedArrayBuffer's AssemblerFunction
As a drive-by, rename "sanity check" to "check" in sharedarraybuffer.

Bug: v8:6949, v8:10933
Change-Id: Ifa2eac381ed309a099b018de4033816ebe3d828d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429410
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70307}
2020-10-05 11:02:28 +00:00
Santiago Aboy Solanes
c7c8472ddc [cleanup] Clean up SYNCHRONIZED_ACCESSORS macro naming and its uses
We can use tag dispatching to distinguish between the synchronized and
non-synchronized accessors. Also eliminated the need of adding explicit
"synchronized" in the name when using the macros.

As a note, we currently have one case of using both relaxed and
synchronized accessors (Map::instance_descriptors).

Cleaned up:
 * BytecodeArray::source_position_table
 * Code::code_data_container
 * Code::source_position_table
 * FunctionTemplateInfo::call_code
 * Map::instance_descriptors
 * Map::layout_descriptor
 * SharedFunctionInfo::function_data

Bug: v8:7790
Change-Id: I5a502f4b2df6addb6c45056e77061271012c7d90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424130
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70306}
2020-10-05 11:01:22 +00:00
Benedikt Meurer
215238d389 [wasm][debug] Ignore empty local names.
Other WebAssembly tools like wabt and wasmparser ignore empty strings
for local variable and parameter names, and just generate their own
names for it. Update V8 to comply with this convention.

Bug: chromium:1134531
Change-Id: Ic724482d93398feaf6b0797eec5a55f8ca508ca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448457
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70305}
2020-10-05 10:42:51 +00:00
Sathya Gunasekaran
2cf6ee0be8 [turboprop] Inline monomorphic map check
Instead of loading the map from the feedback vector for monomorphic
access, this CL directly inlines the expected map constant as a static
check.

In case this static check fails, we call out to a builtin which performs
additional dynamic map checks.

There are several dynamic map checks performed by the builtin for various
cases such as:
(a) IC is monomorphic with a map that's different from the initial
static map that we checked, in which case we perform another dynamic
map check.
(b) IC is monomorphic but incoming map is a deprecated map in which case
we call out the runtime to migrate this incoming object to a new map and
then try to handle it.
(c) IC has now transitioned to polymorphic in which we use the old
dynamic polymorphic checks to validate the map and handler.

Bug: v8:10582, v8:9684
Change-Id: Id87265ed513e4aef87b8e66c826afbf10f50a1d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429034
Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70304}
2020-10-05 10:13:08 +00:00
Jakob Gruber
9137237bc4 [nci] Add flags to configure NCI codegen and ageing
Codegen timing and cache ageing are two important parameters for NCI
performance. This adds runtime flags for them:

 --turbo-nci-cache-ageing (default: false)
 --turbo-nci-delayed-codegen (default: true)

Note the behavioral change of disabling ageing by default for now.

Bug: v8:8888
Change-Id: Id9611185566f5c4828ad48e58c42424833d3323b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2438456
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70303}
2020-10-05 09:42:18 +00:00
Zhao Jiazhong
471a8937a5 [mips32] Fix Float64 Abs operation
The lower 32 bits of output FPURegister is undefined now, this CL
copies the input FPURegister's lower 32 bits to output FPURegister.

Change-Id: I10c078fafeddd5de207ced4f7c01f35d32999733
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2449153
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#70302}
2020-10-05 09:06:28 +00:00
Leszek Swirski
c8f73f2266 [serializer] Cache instance type in PostProcessNewObject
Rather than having repeated IsFoo checks in PostProcessNewObject, which
means repeated handle accesses, map word accesses, and map pointer
decompressions, cache the instance type once and check it with
InstanceTypeChecker.

This gives a measurable 2-3% improvement in deserialization time (in my
informal local measurements).

Bug: chromium:1075999
Change-Id: I3e11588ad5d1c6ee2bbf93b82fa52c66496a325c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440578
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70301}
2020-10-05 09:05:15 +00:00
Leszek Swirski
4e7c99abda [identity-map] Remove double-lookups in IdentityMap
Remove the pattern of calling 'Find' followed by 'Set' for IdentityMap,
with a single 'FindOrInsert' that explicitly returns whether an existing
entry was found, or the entry was inserted. This replaces 'Get', which
would return either an initialised or uninitialised entry (and callers
would rely on default initialisation to check this).

Also replace 'Set' with 'Insert', which explicitly requires that the
element didn't exist before. This matches expectations where it was
used (where those weren't replaced wholesale with 'FindOrInsert'), and
makes the naming consistent with 'FindOrInsert'.

Change-Id: I8fb76f4ac14fb92b88474965aafb1ace5fb79145
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2443135
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70300}
2020-10-05 08:51:52 +00:00
Dominik Inführ
9c0e6274e3 [infra] Run tests with --stress-concurrent-allocation
Run variant stress_concurrent_allocation in debug mode and with TSAN.
Failing tests will close tree and block CQ.

Bug: v8:10315
Change-Id: I0ba2921a3718a08b88516f209364b52c8817c331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2436343
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70299}
2020-10-05 08:01:45 +00:00
v8-ci-autoroll-builder
57842b946c Update V8 DEPS.
Rolling v8/build: bfc3ca5..1cb6993

Rolling v8/tools/clang: ab5ac1c..f513a0b

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: I744a353ec4c80ccee5b63df024002bc0e77aabc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448646
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70298}
2020-10-05 03:52:09 +00:00
v8-ci-autoroll-builder
f9adb5bc72 Update V8 DEPS.
Rolling v8/build: 0f7a5f7..bfc3ca5

Rolling v8/third_party/aemu-linux-x64: L4Yg7-xN6xRY3FEAIYBqj7hMnWwvvnPYTNQr_umZm-IC..FgthknmEoQugl3GqOyqz_RsAjIMmeLsa960mZcmhE9UC

TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: If6ba34b7cc1e8cd00b9b331265ebc82c55e0294c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2447962
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#70297}
2020-10-04 16:18:49 +00:00
Michael Achenbach
c87bdbcf0d [gcmole] Fix gcmole after property change
The build location is now universally in out/build after infra change:
https://crrev.com/c/2426643

TBR=mslekova@chromium.org

Bug: chromium:1132088
Change-Id: I0d8867ed58adec79ed66f5e4dac375827e2679e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448451
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70296}
2020-10-04 15:20:18 +00:00
Michael Achenbach
c4d2ef3af0 Whitespace change to trigger builders
Change-Id: Ib879c4b1d473faa80863373d98631dfd67cfde9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2448449
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70295}
2020-10-04 14:14:17 +00:00