This relands commit ed3636e21bc772fec35deefc90850dc5bf850775..
Original change's description:
> [heap] Ensure that OOM callback is called before OOM.
>
> This patch also fixes MaxReserved() to accound for page headers and
> adds two tests for heap size and memory allocator size near OOM.
>
> Bug: chromium:824214
> Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
> Reviewed-on: https://chromium-review.googlesource.com/973614
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52184}
TBR=machenbach@chromium.org
Change-Id: Idc3086a8b9dd30038f48cae64c9a8eb0b45ee372
Reviewed-on: https://chromium-review.googlesource.com/977913
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52200}
This is a reland of 6da438fda1
Original change's description:
> [runtime] introduced instrance type for each context type
>
> Each context type get own instance type:
> - we can make CSA checks more strict in couple places,
> - it is requires step for advanced evaluation without side effects.
>
> R=yangguo@chromium.org
>
> Bug: v8:7588
> Change-Id: I585e8b55a280a909fc3c6069ed30e34b7040d0c7
> Reviewed-on: https://chromium-review.googlesource.com/977041
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52191}
Bug: v8:7588
Change-Id: I80110ff814c0315d7ca694b7d0aef5b10df614f0
Reviewed-on: https://chromium-review.googlesource.com/978584
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52196}
This reverts commit 6da438fda1.
Reason for revert:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap%20-%20debug/builds/18287
Original change's description:
> [runtime] introduced instrance type for each context type
>
> Each context type get own instance type:
> - we can make CSA checks more strict in couple places,
> - it is requires step for advanced evaluation without side effects.
>
> R=yangguo@chromium.org
>
> Bug: v8:7588
> Change-Id: I585e8b55a280a909fc3c6069ed30e34b7040d0c7
> Reviewed-on: https://chromium-review.googlesource.com/977041
> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52191}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,kozyatinskiy@chromium.org
Change-Id: I17a24b5b99552941d7a8ec54ebf6d11d6d1a66d8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7588
Reviewed-on: https://chromium-review.googlesource.com/977974
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52193}
This reverts commit ed3636e21b.
Reason for revert: Seems to lead to several timeouts in debug mode:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20debug/builds/19780
And on windows.
Original change's description:
> [heap] Ensure that OOM callback is called before OOM.
>
> This patch also fixes MaxReserved() to accound for page headers and
> adds two tests for heap size and memory allocator size near OOM.
>
> Bug: chromium:824214
> Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
> Reviewed-on: https://chromium-review.googlesource.com/973614
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52184}
TBR=ulan@chromium.org,hpayer@chromium.org
Change-Id: I1a98c070cee4039a1ef7851fcabd32d56d0629fe
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:824214
Reviewed-on: https://chromium-review.googlesource.com/977973
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52192}
Each context type get own instance type:
- we can make CSA checks more strict in couple places,
- it is requires step for advanced evaluation without side effects.
R=yangguo@chromium.org
Bug: v8:7588
Change-Id: I585e8b55a280a909fc3c6069ed30e34b7040d0c7
Reviewed-on: https://chromium-review.googlesource.com/977041
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52191}
Background task restarting happens now in the CompilationState and not
in the AsyncCompileJob. The code in the AsyncCompileJob is dead, so I
remove it.
R=titzer@chromium.org
Change-Id: Ife52522a00ec43aa0f9ad50f8e0114c1e4da5db7
Reviewed-on: https://chromium-review.googlesource.com/978322
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52190}
This eases transition handlers caching and avoids memory overhead of
respective StoreHandler objects. In addition, it allows to use such
transition handlers on runtime side to make Object.assign implementation
a bit faster.
Bug: v8:5988
Change-Id: Iba660a11d4b300cd5f80615fb7e2608e53da8fee
Reviewed-on: https://chromium-review.googlesource.com/931701
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52187}
This flips the default value of in_process_stack_dumping from enabled
to disabled. For many embedders the V8 signal handler produces worse
stack trace than the defaul signal handler.
Change-Id: Idb5ec30dc4b3cefe243be7304d10a02f1dcda167
Reviewed-on: https://chromium-review.googlesource.com/977903
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52186}
Part of ongoing work to remove the construct_stub.
For non-constructable functions, don't use the non-constructable stub,
instead handle non-constructables explicitly in ConstructFunction.
Bug: v8:7503
Change-Id: I24aa7c2d5e934d5e80cd96afaf005342773d57af
Reviewed-on: https://chromium-review.googlesource.com/975961
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52185}
This patch also fixes MaxReserved() to accound for page headers and
adds two tests for heap size and memory allocator size near OOM.
Bug: chromium:824214
Change-Id: I5bbe00a9d6a5798cdf4481861a10dca842244a63
Reviewed-on: https://chromium-review.googlesource.com/973614
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52184}
Also add a new fast-path for String.fromCodePoint.
R=neis@chromium.org
Bug: v8:7570, v8:7340
Change-Id: I6cd6e6fc98943588ecd646f24fcda043d4033ab0
Reviewed-on: https://chromium-review.googlesource.com/978244
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52183}
This CL also cleans up some related naming in typed-optimization.
R=neis@chromium.org
Bug: v8:7531, v8:7570
Change-Id: If80e0e9642aaf6c58b164db2e1e0632cd5b0d051
Reviewed-on: https://chromium-review.googlesource.com/978066
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52182}
Removing the iterator from an array does not stop it being a fast array
(at least as far as BranchIfJSFastArray is concerned). The rest of the
code is not affected by whether the assert is false so this only
affected debug builds.
Change-Id: Iff78b8b21f3cc76a43d4251b4ba6ab078467db61
Reviewed-on: https://chromium-review.googlesource.com/976122
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52181}
This is something we already do for d8, and in general, any process
we run as part of the build.
Bug: chromium:819237
Change-Id: I8b90505a5c447c0a0311e45c4056cd2b84da4284
Reviewed-on: https://chromium-review.googlesource.com/968244
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52180}
This moves source position tables associated with WasmCode objects to be
located outside the garbage-collected heap. There now is a clear link to
the source position table from code, making the one-to-one relationship
and its lifetime explicit.
R=ahaas@chromium.org
BUG=v8:7424
Change-Id: I9d0b332732508c302ba525059ef02559f45aa2f6
Reviewed-on: https://chromium-review.googlesource.com/975565
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52178}
Moves RO_SPACE to the front of the AllocationSpace enum, so the space
pre-allocation iterations don't miss it. Being at the start of the enum
means that it continues to not be iterated over by any sweeper code,
which iterates from FIRST_GROWABLE_PAGED_SPACE to
LAST_GROWABLE_PAGED_SPACE (renamed from FIRST_PAGED_SPACE and
LAST_PAGED_SPACE).
Bug: v8:7464
Change-Id: I480ba784afbd878552d1cb7f9f5fa57c3b55e004
Reviewed-on: https://chromium-review.googlesource.com/973604
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52177}
See the referenced issue for details.
Bug: v8:7559
Change-Id: I16b5d22b484407d277fa55868429f5f11078b56d
Reviewed-on: https://chromium-review.googlesource.com/970361
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52173}
This is the V8 equivalent to https://crrev.com/2779193002 and must be landed
before //build/secondary/{gtest,gmock} are removed from Chromium. This started
out as https://crrev.com/2847693002
The changes in tools/ were authored by yangguo@chromium.org and
initially shared in http://crrev.com/2849783003.
GoogleTest (gtest) and GoogleMock (gmock) are now hosted into the same
googletest repository. In order to cope with this, the googletest
repository is now sourced at third_party/googletest.
The file/directory layout of Google Test is not yet considered stable.
To minimize disruption while Google Test stabilizes, Chromium code will
be insulated from third_party/googletest.
* testing/gtest/include/gtest/ and testing/gmock/include/gmock have
been populated with headers that forward into the appropriate
locations of third_party/googletest
* testing/BUILD.gn has been populated with the targets
//testing/gtest(:gtest_main) and //testing/gmock(:gmock_main),
which depend on the appropriate //third_party/googletest targets.
All Chromium code should keep depending on the targets and
headers in testing/{gtest,gmock} for now.
BUG=chromium:630705
Change-Id: I12b07ae78c8039aeff6ada7a3335e4e2b5d308ab
Reviewed-on: https://chromium-review.googlesource.com/639953
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52170}
First pass callbacks are required to reset the handle before entering
the second callback.
Make this a CHECK and properly document what is required to fix when
hitting this assertion.
Change-Id: I13c6b0342fca16544cec01620ac74a87c290b87d
Reviewed-on: https://chromium-review.googlesource.com/975609
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52169}
The refactoring extracts code responsible for cloning and patching
code when creating a NativeModule clone. This extraction makes it easier
to reuse the code.
Change-Id: Id4543ee07ed85c1b44472723b0bce983a97da03e
Reviewed-on: https://chromium-review.googlesource.com/975302
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52168}
Port 51ded9d3c0
Original Commit Message:
This is a reland of d8f564eac6
Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}
R=leszeks@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I86c5a46a866830a2150ff9366be12a09f111240f
Reviewed-on: https://chromium-review.googlesource.com/976624
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52165}
When using trap handlers, memory references do not get any checks inserted. This
means there is no check for a null memory as happens when the memory size is
0. Normally this would be correctly caught as an out of bounds access, since the
low memory addresses are not normally mapped. However, if they were mapped for
some reason, we would not catch the out of bounds access.
The fix is to ensure WebAssembly instances always have a guard region even if
the memory is size 0.
This is a rewrite of 5e76ff5a4a
Note that this can lead to a large amount of unnecessary address space usage,
so we share a single reservation for empty array buffers.
Bug: chromium:769637
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ia8e84be6d595e347d3d342959f2c374db1a3f683
Reviewed-on: https://chromium-review.googlesource.com/702657
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52163}
On float comparisons, we need a scratch byte register for the setcc
instruction, and if none is available, we spill. But this spilling code
is skipped if one of the operands is NaN. The cache state is updated
however, so following code assumes that the spill happened.
This CL fixes this by spilling before checking for NaN, such that the
spilling code is always executed.
R=titzer@chromium.org
Bug: v8:7582, v8:6600
Change-Id: I768d8de14e494d3ebea181c1f9f3129a4b005396
Reviewed-on: https://chromium-review.googlesource.com/973961
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52162}
This is a reland of d8f564eac6TBR=mstarzinger@chromium.org,yangguo@chromium.org,jgruber@chromium.org
Original change's description:
> Reland: Remove SFI code field
>
> Remove the SharedFunctionInfo code field, inferring the code object
> from the function_data field instead. In some cases, the function_data
> field can now hold a Code object (e.g. some WASM cases).
>
> (Reland of https://chromium-review.googlesource.com/952452)
>
> TBR=mstarzinger@chromium.org
>
> Bug: chromium:783853
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I10ea5be7ceed1b51362a2fad9be7397624d69343
> Reviewed-on: https://chromium-review.googlesource.com/970649
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52136}
Bug: chromium:783853
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I5187851b923e9a92f43daf8cb99e662786cbb839
Reviewed-on: https://chromium-review.googlesource.com/975942
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52159}
This is a follow-up for 8ed81dd.
The TSAN exception has to be in MarkObject because that is called from
two places in concurrent marking.
Bug: v8:7574
Change-Id: If36b564bce0970c9b44c029055114bb6e2a74059
Reviewed-on: https://chromium-review.googlesource.com/973526
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52157}
This changes ArrayBufferTracker to count array buffer byte length instead of
allocation length. Byte length better approximates actual memory pressure
because it refers to how many bytes are actually committed, whereas for
allocation length, these bytes may be reserved but not committed.
Note that we still need to be careful about address space exhaustion. Most
address space is used by WebAssembly's guard regions. These are now managed by
WasmMemoryTracker to ensure we do not consume too much address space.
As a side effect, this CL fixes v8:7576 because byte_length() does not need to
access the is_wasm_memory field whereas allocation_length() does.
Bug: v8:7576
Change-Id: Ib974e86ec61e170930c835f0f0ad03e89dc02854
Reviewed-on: https://chromium-review.googlesource.com/973884
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52155}
This is a reland of ed2605f040
Original change's description:
> [d8][wasm] Test wasm compilation completion
>
> d8 was recently changed to keep running until wasm compilation has
> completed. This adds a message test to test that.
>
> R=ahaas@chromium.org
>
> Change-Id: I73af53b6df4ee5f9a6afd26cf2d71a269140465f
> Reviewed-on: https://chromium-review.googlesource.com/966184
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52008}
Change-Id: Iadbd5056dfa58da454956c4e89369af8b0455b35
Reviewed-on: https://chromium-review.googlesource.com/975242
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52154}
