This ensures that we have gatekeepers for API changes.
R=adamk@chromium.org
Change-Id: I7a78f9590dfc444a20044fe323b9470f4f9004a3
Reviewed-on: https://chromium-review.googlesource.com/986267
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52318}
When we know that the imported JavaScript function, and we cannot
generate a direct call because the parameter count does not match, then
we can call directly to the ArgumentsAdaptor instead of the Call
builtin.
R=bmeurer@chromium.org
Change-Id: I72882c2edf170d88135d12352852302d56cc54a5
Reviewed-on: https://chromium-review.googlesource.com/986095
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52316}
When peeking into descriptor arrays (for Function.prototype.bind
inlining), we need to check the number of descriptors rather than
the length of the DescriptorArray.
Bug: chromium:825045
Change-Id: I55dbe1544e5e4cb8e23d873961c71ed12294d89c
Reviewed-on: https://chromium-review.googlesource.com/991812
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52315}
Remove a call to `icu::toUCharPtr()` that wasn't present in other
similar looking call sites either, just reinterpret_cast directly.
Fixes https://github.com/nodejs/node/issues/19656.
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: If281ce0a39356aa8bd20efb24c3e4b52b06841a3
Reviewed-on: https://chromium-review.googlesource.com/987953
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl>
Cr-Commit-Position: refs/heads/master@{#52311}
This change makes full 8 GiB guard regions always enabled on 64-bit
platforms.
Additionally, since all Wasm memory allocation paths have some form of
guard regions, this removes and simplifies most of the logic around
whether to enable guard regions.
R=gdeepti@chromium.org
Change-Id: Idf3fbcc11ac70ea2ee7eb88c2173d6a1410395e1
Reviewed-on: https://chromium-review.googlesource.com/985142
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52310}
crtdbg.h provides the declarations for _CrtSetReportMode and the _CRT_*
constants. It should have moved in
https://chromium-review.googlesource.com/968244, but the MSVC C++
headers appear to include crtdbg.h transitively, so we only noticed this
on the libc++ Windows buildbot.
Tbr: mlippautz@chromium.org
Bug: chromium:801780
Change-Id: Ia07f6136e4b8d1f25014e00b0b9f662029ab5a2b
Reviewed-on: https://chromium-review.googlesource.com/981399
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52309}
Because the GC is not aware of address space usage, this CL causes Wasm to
explicitly trigger a GC when its address space limit is reached in hopes of
being able to successfully allocate memory.
R=mlippautz@chromium.orgR=gdeepti@chromium.org
Change-Id: I2dcc560dd3d351dbfc4dda2f7c321c470a4d9fff
Reviewed-on: https://chromium-review.googlesource.com/985103
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52305}
Register x25 is not reserved for anything else, so return it to the
Turbofan register allocator.
Change-Id: Ic905831683a825a1e1dd682552fd459dfc2323fe
Reviewed-on: https://chromium-review.googlesource.com/980976
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#52301}
Properly print the new context types in HeapObjectShortPrint() so we see
what kind of context it is, and the number of context slots.
Bug: v8:7570, v8:7588
Change-Id: I43414996fd953f77e140e8750b2dc4923c9bce95
Reviewed-on: https://chromium-review.googlesource.com/986135
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52297}
For the wasm2js wrappers we have an optimization to call a JavaScript
function directly if the signature of the JavaScript function matches
the signature of the WebAssembly import. However, we are not supposed
to do this optimization if the imported function is a constructor,
because constructors can only be called with `new`. With this CL we
do not apply this optimization when the imported function is a
constructor.
R=titzer@chromium.org
Bug: chromium:824859
Change-Id: I1722367bd865d0b129eadf7d4849182410447179
Reviewed-on: https://chromium-review.googlesource.com/985974
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52296}
Original description:
Code in Isolate::Deinit may trigger a GC, e.g. wasm_engine()->TearDown.
However, the gin platform in Chrome does not allow to post tasks within
Isolate::Deinit. By initializing heap tear down at the beginning of
Isolate::Deinit, we can make that no tasks are posted anymore within
Isolate::Deinit.
R=ulan@chromium.org
Bug: chromium:826105
Change-Id: I28c4d40b3ce3bc58e42acec14e350e04379c0006
Reviewed-on: https://chromium-review.googlesource.com/984534
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52295}
This way we can teach the debugger to disable liveness analysis when
running with (potential) breakpoints, so that the developers always
have (read) access to all scoped variable values.
Bug: v8:7608, chromium:826613
Change-Id: I7e6cea105f111c99d2620546144201624dfe1d8b
Reviewed-on: https://chromium-review.googlesource.com/985838
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52293}
Just a simple cleanup CL. TryAllocateBackingStore function is only needed in
wasm-memory.cc, so this makes that stronger by putting it in an anonymous
namespace. Additionally, the whole function is moved to the top of the file.
No functional change.
R=gdeepti@chromium.org
Change-Id: I0c5ea07c1ab81f3083eb75f0a6177c503fc827b5
Reviewed-on: https://chromium-review.googlesource.com/985023
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52290}
This relands commit 496d05967c.
Original change's description:
> [heap] Detect ineffective GCs near the heap limit.
>
> Currently V8 can enter CPU thrashing GC loop near the heap limit. In
> such cases it is better to trigger an out-of-memory failure earlier to
> avoid wasting CPU time and to avoid unresponsiveness.
>
> This patch adds a mechanism for tracking consecutive ineffective GCs.
> A GC is considered ineffective if the heap size after the GC is still
> close to the heap limit and if the average mutator utilization dropped
> below a fixed threshold.
>
> V8 execution is aborted after four consecutive ineffective GCs.
>
> Bug: chromium:824214
TBR: hpayer@chromium.org
Change-Id: Ib09d24d6280078ce6c33519309a2563c70fb68e1
Reviewed-on: https://chromium-review.googlesource.com/980555
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52286}
This reverts commit 3f6686c2c5.
Reason for revert: https://luci-milo.appspot.com/buildbot/client.v8/V8%20Mac64%20GC%20Stress/196
Original change's description:
> [heap] Initialize the heap tear down at the beginning of Isolate::Deinit
>
> Code in Isolate::Deinit may trigger a GC, e.g. wasm_engine()->TearDown.
> However, the gin platform in Chrome does not allow to post tasks within
> Isolate::Deinit. By initializing heap tear down at the beginning of
> Isolate::Deinit, we can make that no tasks are posted anymore within
> Isolate::Deinit.
>
> R=ulan@chromium.org
>
> Bug: chromium:826105
> Change-Id: I246c324aa23efe82cc8e7059a1cae5efca33a1b0
> Reviewed-on: https://chromium-review.googlesource.com/983598
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52283}
TBR=ulan@chromium.org,ahaas@chromium.org
Change-Id: I98461449b16ae8dcf3b03c51daec92df9f5f6366
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:826105
Reviewed-on: https://chromium-review.googlesource.com/984193
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52284}
Code in Isolate::Deinit may trigger a GC, e.g. wasm_engine()->TearDown.
However, the gin platform in Chrome does not allow to post tasks within
Isolate::Deinit. By initializing heap tear down at the beginning of
Isolate::Deinit, we can make that no tasks are posted anymore within
Isolate::Deinit.
R=ulan@chromium.org
Bug: chromium:826105
Change-Id: I246c324aa23efe82cc8e7059a1cae5efca33a1b0
Reviewed-on: https://chromium-review.googlesource.com/983598
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52283}
We need to bypass shortcuts when executing accessors defined via FunctionTemplate
if we have break points at function entry.
R=ishell@chromium.org, jgruber@chromium.org
Bug: v8:7596
Change-Id: I0e1bdbbba0f7dcd0fb7fe90d35b18234d073fe94
Reviewed-on: https://chromium-review.googlesource.com/980316
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52276}
Since embedded builtins will be disabled by default until after the
M67 branch point, let's enable them on two specific bots to at least
have some continued coverage.
release_x64_internal is a release build (with an internal snapshot).
release_x64_verify_csa is a pseudo-debug build with DEBUG set.
Bug: v8:6666
Change-Id: I7e81c24e3cefc6eeba5d6e5823d47ab52f3e5941
Reviewed-on: https://chromium-review.googlesource.com/983597
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52274}
Removes the deferred handle reference to the native context that
caused a cyclic dependency, which resulted in a memory leak. Instead of
keeping a reference to the native context, we use a phantom reference
to the WasmCompiledModule in order to get the context.
All foreground tasks are now registered in its own foreground task
manager, in order to make sure that we cancel all scheduled
foreground tasks as soon as the CompilationState is collected.
Bug: chromium:825741
Also-by: ahaas@chromium.org
Change-Id: Id69426a15280a14a1dc3ecd035415e7cfa61780b
Reviewed-on: https://chromium-review.googlesource.com/982622
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52270}