As with other code size stats, this doesn't distinguish between live and
dead objects, and doesn't scan the young generation.
Also make ExternalString::is_short() const.
Bug: chromium:837659
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I72815edb719ba61d9727e226ff1da0fc4af22a24
Reviewed-on: https://chromium-review.googlesource.com/1032994
Commit-Queue: Benoit L <lizeb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52955}
There are likely cleanups that can be done after this CL:
- context-related functions in the interpreter and compiler take ScopeInfo as
well as ScopeType and slot-count as input. The latter 2 should be directly
derived from the former. We should be able to drop FunctionContextParameters.
- ContextExtension is probably not needed anymore, since we now always have the
correct scope_info directly in the SCOPE_INFO_INDEX slot.
Bug: v8:7066
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ie1f6134c686a9f2183e54730d9cdd598a9e5ab67
Reviewed-on: https://chromium-review.googlesource.com/785151
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52952}
This reverts commit a0c57368a9.
Reason for revert: Speculative revert due to failures with custom
snapshot:
https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/builds/19061
Local bisect also points to this change:
http://shortn/_IhVxU2FKLu
Original change's description:
> [wasm] Maintain link from Instance to Module.
>
> This moves the link from a {WasmInstanceObject} to its corresponding
> {WasmModuleObject} into the right place and also makes it strong. This
> ensures that an instance always keeps the underlying module alive and
> hence removes the situation of an "orphaned instance".
>
> R=clemensh@chromium.org
>
> Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
> Reviewed-on: https://chromium-review.googlesource.com/1041691
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52942}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I1830e6ce14314f06f918a0c428182bfd68354ad9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/1041968
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52949}
This is a preparatory step for implementing generics. Along the way, clean up
and encapsulate a bunch of code, including:
* Fully encapsulate Scope by adding the new class ScopeChain that provide an
abstraction for creating and activating scopes.
* Untangle Modules and Scopes.
* Unify scope activation so that it is always associated with an AST node
and triggered by a RAII helper class.
* Unify (somewhat) how builtins and macros are created, fixing a few
inconsistencies with when and how parameters and their types are declared.
* Create a new Declarations class that brokers between the visitor classes and
the ScopeChain. This moves handling of declaration-related errors out of the
visitors but also makes it possible to do so without polluting Scope and
ScopeChain with details about resolving SourcePositions in error cases.
Change-Id: I180017d4cf39ccf5ef1d20b84f53284c252f8d87
Reviewed-on: https://chromium-review.googlesource.com/1038504
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52947}
This reverts commit 40f1aaf330.
Reason for revert:
https://luci-milo.appspot.com/buildbot/client.v8/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/21000
Original change's description:
> [heap] Mark RO_SPACE as read-only after deserialization
>
> Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
> is only usable with ReadOnlySpace::WritableScope to avoid the space
> being left writable). MarkAsReadOnly updates the high water mark and
> makes several previously mutating methods into no-ops.
>
> Moves some writes to immutable objects out of the bootstrapper to
> setup-heap-internal so they don't write to a read-only page.
>
> Also avoid writing hashes to strings that already have the value set as
> that invariably means writing to the "0" and "1" constant strings in
> RO_SPACE.
>
> Before serialization, it makes RO_SPACE writable again so that any
> padding can be cleared before writing it.
>
> Bug: v8:7464
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
> Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
> Reviewed-on: https://chromium-review.googlesource.com/1014128
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52943}
TBR=yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,delphick@chromium.org
Change-Id: Id4770c0fdb21cd9eea2f62a019f44a6bdea8f0a7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1041948
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52944}
Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter
is only usable with ReadOnlySpace::WritableScope to avoid the space
being left writable). MarkAsReadOnly updates the high water mark and
makes several previously mutating methods into no-ops.
Moves some writes to immutable objects out of the bootstrapper to
setup-heap-internal so they don't write to a read-only page.
Also avoid writing hashes to strings that already have the value set as
that invariably means writing to the "0" and "1" constant strings in
RO_SPACE.
Before serialization, it makes RO_SPACE writable again so that any
padding can be cleared before writing it.
Bug: v8:7464
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3
Reviewed-on: https://chromium-review.googlesource.com/1014128
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52943}
This moves the link from a {WasmInstanceObject} to its corresponding
{WasmModuleObject} into the right place and also makes it strong. This
ensures that an instance always keeps the underlying module alive and
hence removes the situation of an "orphaned instance".
R=clemensh@chromium.org
Change-Id: Id59f6a49740af8ef0248679c3d2c696bb9776944
Reviewed-on: https://chromium-review.googlesource.com/1041691
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52942}
Now that wasm-linkage.h is split off, we can easily implement
{MoveToReturnRegister} in platform independent code.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: I072a0ee48d58ed29e0df489016f838915c3f2cb2
Reviewed-on: https://chromium-review.googlesource.com/1041690
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52939}
This CL changes how TypedArray.p.sort is implemented in Torque, mainly
to address the binary memory size of the builtin.
With this CL the memory comes down from 53611 to 4215 (as reported
by --print-builtin-size on a x64.release build).
With the following performance impact
on the relevant benchmarks:
Benchmark Original (JS) Torque (initial) This CL
IntTypes 83.9 263.7 202.3
BigIntTypes 32.1 54.6 47.2
FloatTypes 99.3 138.7 109.3
This is achieved by pushing the Load/Store dispatch based on
the elements kind into separate builtins that are executed
for each load/store. This results in only one version of the
sorting algorithm instead of one version per elements kind.
R=jgruber@chromium.org
Bug: chromium:837282
Change-Id: I7fe2da3cbfd01531d070128126a0d56d3dd6bdcc
Reviewed-on: https://chromium-review.googlesource.com/1033744
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52937}
With the exception of the InterpreterEntryTrampoline, all builtins are
now isolate-independent and can be embedded into the binary.
This CL updates the corresponding list and also contains a few smallish
tweaks to support having these builtins off the heap:
* wasm: copy the off-heap builtin, not its trampoline.
* Code::contains: support off-heap builtins.
* JSFunction::is_compiled: compare builtin index instead of identity
(this is relevant during mksnapshot when we transition from the
on-heap builtin to its off-heap representation + the trampoline).
* Remove old DCHECKs.
* A few tweaks in macro-assembler ports that have snuck in recently.
Bug: v8:6666
Change-Id: Iabf5b47ade3826a4da35b6b75a4e61614f0158b0
Reviewed-on: https://chromium-review.googlesource.com/1032777
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52935}
If there is more then one agent accepts current pause, we should resume
only when last agent is disabled.
R=dgozman@chromium.org
Bug: chromium:834056
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2904b3f4ab76117511e16450dd575ebf3e20a068
Reviewed-on: https://chromium-review.googlesource.com/1041207
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52931}
SetPermissions causes memory that was previously reserved but uncommitted to be
committed. This could put us over the committed memory limit for the process,
causing SetPermissions to fail. In this case, we should report this as an out of
memory error rather than a crash.
Bug: chromium:838880
Change-Id: I2785aa9f5608fa04196fee2b280e0c6df2f56ca8
Reviewed-on: https://chromium-review.googlesource.com/1040657
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52928}
The tracker needs to maintain the byte length as there is no order guarantee
when sweeping pages and the byte length may be a HeapNumber that is stored on a
different page.
The abstraction for ArrayBuffers is left untouched. We distinguish between the
following cases:
1. Regular AB (backing_store and bye_length should be used)
2. AB allocated using kReservation but not part of wasm
3. AB allocated using kReservation and part of wasm
In practice, 2. does not exist, but we still maintain "allocation_base" and
"allocation_length" which fall back to backing_store and byte_length in this
case. The problematic part is that they look like innocent getters on the
object but actually refer to different data structures or on-heap objects.
Since 2. does not exist, and 3. looks up the bounds in its own tracker, it is
fine for ArrayBufferTracker to pass backing_store and tracked byte_length.
Bug: v8:7701
Change-Id: Ib89d5fe94fce5cef8e5d8343a5415a3b9ad0deba
Reviewed-on: https://chromium-review.googlesource.com/1039385
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52923}
This is a reland of ad221d144a
Original change's description:
> [wasm] Always enable guard regions on 64-bit platforms
>
> This change makes full 8 GiB guard regions always enabled on 64-bit
> platforms.
>
> Additionally, since all Wasm memory allocation paths have some form of
> guard regions, this removes and simplifies most of the logic around
> whether to enable guard regions.
>
> This is a reland of https://crrev.com/c/985142.
>
> Bug: v8:7619
> Change-Id: I8bf1f86d6f89fd0bb2144431c7628f15a6b00ba0
> Reviewed-on: https://chromium-review.googlesource.com/996466
> Reviewed-by: Brad Nelson <bradnelson@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52412}
Bug: v8:7619
Change-Id: I0f311305472ca2305ad2fa9163560ff54c1422c2
Reviewed-on: https://chromium-review.googlesource.com/999872
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52921}
These DCHECKs involve reading and comparing two variables that may be modified
on a separate thread. Thus, there is no way to ensure these comparisons happen
atomically. This leads to runtime failures that are otherwise benign.
The other option would be to take the memory tracker mutex, but this seems
unnecessary given that two atomic counters is sufficient and these checks are
only used during debug builds.
Bug: chromium:838043
Change-Id: I1b87698c46c550bd2d58bfef956b5a07cb2ec52c
Reviewed-on: https://chromium-review.googlesource.com/1038886
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52920}
This reverts commit 2df5e7a7b6.
Reason for revert: Mystery crashes https://bugs.chromium.org/p/chromium/issues/detail?id=838805
Original change's description:
> [parser] Slice the source string where possible
>
> When internalizing string literals (for quoted strings or property names),
> try to create a sliced string of the source string rather than allocating
> a copy of the bytes.
>
> This will not work for string literals that contain escapes (e.g. unicode
> escapes), and currently does not support two-byte strings.
>
> Bug: chromium:818642
> Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
> Reviewed-on: https://chromium-review.googlesource.com/1010282
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52898}
TBR=marja@chromium.org,yangguo@chromium.org,jarin@chromium.org,mlippautz@chromium.org,leszeks@chromium.org,verwaest@chromium.org
Change-Id: I598b6668c43a3e843e2dd8e60852b2b2f3461954
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:818642
Reviewed-on: https://chromium-review.googlesource.com/1039885
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52919}
The first element of a given iterable argument can be a hole. Thus,
normalize the first element so that we can correctly format the
exception message with "undefined" for a hole element, instead of "NaN".
Bug: v8:7715
Change-Id: I62edd09e361ebeebab642bb82db29b73a2c7b193
Reviewed-on: https://chromium-review.googlesource.com/1038951
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52917}
Original CL: https://crrev.com/c/1018468
During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.
This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.
TBR=yangguo@chromium.org,mlippautz@chromium.org
Bug: v8:6666
Change-Id: I3fa422c57de99c9851dc7a86394a8387c7c2b397
Reviewed-on: https://chromium-review.googlesource.com/1039366
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52916}
We incorrectly used a TurboFan typer check for {0,10,undefined} on the
radix argument on Number.parseInt, which was internally widened to the
checking whether radix is in range 0-10 or undefined. This CL introduces
two separate checks.
Bug: chromium:838766
Change-Id: I5ebfc1c82bad5b9794b4f844e79e4df01f541a83
Reviewed-on: https://chromium-review.googlesource.com/1039197
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52914}
This fixes a bug where we didn't run before/after hooks for await when
the debugger is not active, as reported downstream in
https://github.com/nodejs/node/issues/20274
Change-Id: I1948d1884c591418d87ffd1d0ccb2bebf4e908f1
Reviewed-on: https://chromium-review.googlesource.com/1039386
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52909}
If we add new properties by assigning JSFunction values, properties
array was not changed into a dictionary map.
Bug: v8:7461
Change-Id: Ie16f974502d0ba362e3650a409c27cdc5856a373
Reviewed-on: https://chromium-review.googlesource.com/1028110
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52907}
In order to keep track of where the return address is stored in each block, the
UnwindingInfoWriter needs to know if a block exits the current function.
However, we would only mark returns and tail-calls as exists, while we also have
kArchDebugAbort, kArchThrowTerminator and kArchDeoptimize. This would lead to
assertions when generating the snapshot in debug mode with
`v8_perf_prof_unwinding_info = true`.
Bug: v8:7660
Change-Id: Iee2ab222251f6922dd21442e12cbb6b56534bf54
Reviewed-on: https://chromium-review.googlesource.com/1019504
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/master@{#52906}
This is a leftover of the time where the memory size was stored as
64 bit value. Now it is stored as 32 bit value, so no need to truncate.
R=ahaas@chromium.org
Change-Id: I44a1505ebd564aee53e4c9a7168738fcb855264b
Reviewed-on: https://chromium-review.googlesource.com/1034883
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52905}
This CL also adds types to a user and three builtins that make use
of CreateArrayIterator.
R=petermarshall@chromium.org
Bug: v8:7570
Change-Id: I96b647a9a57e825db717b40ecec2340b0a3d367d
Reviewed-on: https://chromium-review.googlesource.com/1032779
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52904}
In b49206ded9 I changed thread_data_table_ and thread_data_table_mutex_ from
static members to regular class member variables. To do this, I only deleted
the `static` keyword and left the declarations where they were. This was a
little odd in that all of the dynamic class members are declared together in
one place, but now these two new members weren't next to the rest. Making it
a little bit weirder is the fact that these two new members actually ended up
being the first members of the class, since the exsiting dynamic members were
declared later.
This change merely moves these two members down to the end of the dynamic
member variable list, where they probably should have gone.
Bug: chromium:837477
Change-Id: If993935cc56c8026bb7331493ed657c42ba06ac7
Reviewed-on: https://chromium-review.googlesource.com/1036478
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52902}
On s390, size_t is defined to be long unsigned int, while Address is unsigned
int. Therefore, GCC is complaining conflicting types for parameter 'T'
('long unsigned int' and 'unsigned int') for the Min function.
R=ofrobots@google.com, hpayer@chromium.org, mstarzinger@chromium.org, mlippautz@chromium.org
Change-Id: Ib04edebad24da694ccd06ff572ee50d3db7f87ff
Reviewed-on: https://chromium-review.googlesource.com/1035542
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52900}
When internalizing string literals (for quoted strings or property names),
try to create a sliced string of the source string rather than allocating
a copy of the bytes.
This will not work for string literals that contain escapes (e.g. unicode
escapes), and currently does not support two-byte strings.
Bug: chromium:818642
Change-Id: I686e5ad36baecd1a84ce5e124118431249b6c980
Reviewed-on: https://chromium-review.googlesource.com/1010282
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52898}
GetWorkerThreadsTaskRunner() was about to be phased out [1] but v8
r52818 landed ahead of it.
Add CallDelayedOnWorkerThread() to the new worker thread API to support
this use case before phasing out GetWorkerThreadsTaskRunner()
[1] https://chromium-review.googlesource.com/c/v8/v8/+/978443
Implemented it in d8+cctest+default-platform right away to avoid
requiring a non-null Isolate* (and yet another transitional API).
R=ahaas@chromium.org, kozyatinskiy@chromium.org
Bug: chromium:817421
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2bee08fee08cf15a664d31cc6817e21cebe1d140
Reviewed-on: https://chromium-review.googlesource.com/1033584
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52892}
A stack overflow can be thrown by JSEntryStub, which means the
thread-in-wasm flag will not have the expected value. To accommodate
this, we now clear the flag during exceptional returns if it is set.
Bug: chromium:834624
Change-Id: I8359af79886ab98dfecc2fb39ca19118b7fa38eb
Reviewed-on: https://chromium-review.googlesource.com/1019570
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52891}
The predicate in question is specific to the code generated for a given
module, hence specific to the {NativeModule} and independent of the
instance.
R=ahaas@chromium.org
Change-Id: I108ee8126897ed732e8c52b549de170339a125a8
Reviewed-on: https://chromium-review.googlesource.com/1033741
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52886}
This includes the following changes:
- Limit code space to 128 MB.
- Use direct branches wherever possible.
- Where not possible, continue using load literal followed by an indirect
branch.
- Sort RelocInfo by target_address_address for the serializer, since mixing
load literal instructions and branch instructions messes up that order.
- Ensure we always wipe out targets in the serializer (not just for the
snapshot) in order to be able to distinguish between constant pool entries
and branch instructions.
Change-Id: I1a1029ce2a5f72a3a94802daf267d14a42c7c790
Reviewed-on: https://chromium-review.googlesource.com/939175
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52885}
Fix 3f99a376dd
A typo in the port caused failuire of about 300 tests. This CL
fixes it.
TEST=cctest/test-api/CatchExceptionFromWith,cctest/test-api/MessageHandler1
Change-Id: Ia2f4c9502d00fe1a6ee581f8a9b41a574b688dab
Reviewed-on: https://chromium-review.googlesource.com/1033735
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52884}
The idea is to mark all the branches and loads participating in array
bounds checks, and let them contribute-to/use the poisoning register.
In the code, the marks for array indexing operations now contain
"Critical" in their name. By default (--untrusted-code-mitigations),
we only instrument the "critical" operations with poisoning.
With that in place, we also remove the array masking approach based
on arithmetic.
Since we do not propagate the poison through function calls,
we introduce a node for poisoning an index that is passed through
function call - the typical example is the bounds-checked index
that is passed to the CharCodeAt builtin.
Most of the code in this CL is threads through the three levels of
protection (safe, critical, unsafe) for loads, branches and flags.
Bug: chromium:798964
Change-Id: Ief68e2329528277b3ba9156115b2a6dcc540d52b
Reviewed-on: https://chromium-review.googlesource.com/995413
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52883}
Now that we no longer clone {WasmCode} objects, the referenced protected
instructions became unique to each such object. We no longer need to
maintain a reference count on the protected instructions.
R=clemensh@chromium.org
Change-Id: Iaa5b9cd4b56cc06d75f7d0b71429b6147378c2ca
Reviewed-on: https://chromium-review.googlesource.com/1034061
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52881}
Since the switch of Address from byte* to uintptr_t, we technically
cannot differentiate between constant field addresses and non-constant
ones.
Thus remove the FIELD_ADDR_CONST macro, and use the identical
FIELD_ADDR instead.
R=jkummerow@chromium.org
Bug: v8:7570
Change-Id: Iea4dde36b42c6d0f0ea80a965806f1dbd7adcd39
Reviewed-on: https://chromium-review.googlesource.com/1032746
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52879}
This removes Type::operator-> which was used to split the change that
removed undefined misuse of Type* to represent integers.
Bug: v8:3770
Change-Id: I9a5bce5ccdc75461a7b939b4070cb58fe6040d99
Reviewed-on: https://chromium-review.googlesource.com/1033736
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52878}
This shares {NativeModule} and associated {WasmCode} objects across
multiple WebAssembly instances in the same Isolate. It also removes
support for cloning the aforementioned objects.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: I35334bd68f87e5871c244ee33dfcecb9da326b9f
Reviewed-on: https://chromium-review.googlesource.com/1032780
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52877}
Without this change, we could disable slow paths required when symbols
such as toStringTag are present on a receiver, but accessors or
interceptors are not (added in 31800120cc)
This change modifies this behaviour to not unset the previously set bit
if these forced slow path conditions are not met.
BUG=v8:7706
R=bmeurer@chromium.org
Change-Id: Id7bceb0e749da52e2dbcde0a310a865a89f24066
Reviewed-on: https://chromium-review.googlesource.com/1034210
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Caitlin Potter <caitp@igalia.com>
Cr-Commit-Position: refs/heads/master@{#52874}
This is part of the effort to decrease the amount of undefined behavior.
that v8 relies on.
The main change here is to represent types with class Type rather than
with pointer Type*. To make the CL smaller, I used an operator overload
hack to separate the change from `->` to `.`. I am working on a CL that
will remove the operator and change all those arrows to dots.
Bug: v8:3770
Change-Id: I71a197cb739a1467937bc95c2a757fab0469aa22
Reviewed-on: https://chromium-review.googlesource.com/1032551
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52872}
* If the mutability of the global object doesn't match the module, then
it should throw a LinkError.
* There was a missing `return` when importing a Number as a mutable
global.
* All globals were being exported as immutable.
* Attempting to set the value of an immutable global should throw a
TypeError.
* The length of the setter function should be 1.
Bug: v8:7625
Change-Id: I08d6a428506a18db15eecadf4cbcee89e0658924
Reviewed-on: https://chromium-review.googlesource.com/1031626
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52865}
- Alignment of code sections is only relative to start of header. Code
should be aligned in the buffer.
- Rewrites Reader/Writer classes to make global alignment easier.
- Rewrites the native serialization to simplify things in preparation
for switch to streaming serialization APIs.
Bug: chromium:719007
Change-Id: I0397bc84a8d009b4fd7f5286bb5abc527bb0db95
Reviewed-on: https://chromium-review.googlesource.com/1027433
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52860}
When WebAssembly.instantiate or WebAssembly.instantiateStreaming is
called in JavaScript, internally we transfrom it into
WebAssembly.compile(buffer).then(WebAssembly.instantiate). However,
modifying the prototype of WebAssembly.Module can change the result of
WebAssembly.compile(buffer). With this CL we make sure that even if the
result of WebAssembly.compile is modified, there is still no type
confusion. In the long term we have to do a refactoring and remove
this internal transformation.
R=mstarzinger@chromium.org
Bug: chromium:837417
Change-Id: I376068b8b8b01b991ec450162da6a62ae7030c62
Reviewed-on: https://chromium-review.googlesource.com/1032392
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52859}
This reverts commit 6379e2a464.
Reason for revert:
https://logs.chromium.org/v/?s=chromium%2Fbb%2Fclient.v8%2FV8_Win64%2F23855%2F%2B%2Frecipes%2Fsteps%2FCheck%2F0%2Flogs%2Fmkgrokdump%2F0
Original change's description:
> [builtins] Patch self-references in constants table
>
> During code generation, we generate self-references (i.e. references to
> the Code object currently being generated) as references to a temporary
> handle. When the final Code object has been allocated, the handle's
> location is fixed up and RelocInfo iteration fixes up all references
> embedded in the generated code.
>
> This adds support for this mechanism to the builtins constants table
> builder. CodeObject() is now a new handle pointing to a dedicated
> self-reference marker in order to distinguish between self-references
> and references to undefined. In Factory::NewCode, we patch up
> the constants table.
>
> Bug: v8:6666
> Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511
> Reviewed-on: https://chromium-review.googlesource.com/1018468
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52854}
TBR=yangguo@chromium.org,mlippautz@chromium.org,jgruber@chromium.org
Change-Id: I8cf8c4b43f51285ea913c6c8fdd339bd9ea645df
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:6666
Reviewed-on: https://chromium-review.googlesource.com/1033092
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52856}
Port 3f99a376dd
Original Commit Message:
This is a reland of f5d308510a
Original change's description:
> [builtins] Introduce further constant & external reference indirections
>
> This introduces further indirections for embedded constants and
> external references for builtins generated by the macro-assembler.
> The used mechanisms (LookupConstant and LookupExternalReference) are
> identical to what we already use in CSA.
>
> Almost all builtins are now isolate-independent in both release and
> debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
> builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
>
> Bug: v8:6666
> Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
> Reviewed-on: https://chromium-review.googlesource.com/1006581
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52810}
R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: I037faebce37a866091dc35e04500790591292622
Reviewed-on: https://chromium-review.googlesource.com/1031397
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Junliang Yan <jyan@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#52855}
During code generation, we generate self-references (i.e. references to
the Code object currently being generated) as references to a temporary
handle. When the final Code object has been allocated, the handle's
location is fixed up and RelocInfo iteration fixes up all references
embedded in the generated code.
This adds support for this mechanism to the builtins constants table
builder. CodeObject() is now a new handle pointing to a dedicated
self-reference marker in order to distinguish between self-references
and references to undefined. In Factory::NewCode, we patch up
the constants table.
Bug: v8:6666
Change-Id: If74ed91bb1c3b8abb20ff2f0a87d1bcd9a1b0511
Reviewed-on: https://chromium-review.googlesource.com/1018468
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52854}
This removes the last reference from {NativeModule} that made it
specific to a concrete WebAssembly instance, by only referencing the
{WasmSharedModuleData} instead of a {WasmCompiledModule}. Note that
eventually we want to remove this reference completely to become even
independent of the underlying Isolate soon.
R=clemensh@chromium.org
BUG=v8:7424
Change-Id: I29b8cde8beadeef75c90e90fbff1830f2bf4e636
Reviewed-on: https://chromium-review.googlesource.com/1032433
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52853}
- Refine the type of 'hole'.
- Remove the mysterious 'receiver' definition.
- Remove the declaration of a non-existing Print function.
Bug: v8:7570
Change-Id: If093b456a9bc31c5673ada87f262c0cfcadf11ad
Reviewed-on: https://chromium-review.googlesource.com/1032737
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52851}
Linkage-related methods were declared in wasm-compiler.h and
implemented in wasm-linkage.cc. This required all users of e.g. wasm
call descriptors to include the whole wasm compiler header. Also, some
wasm linkage information is independent of turbofan and also used
outside of the compiler directory.
This CL splits off wasm-linkage.h (with minimal includes) and puts it
in src/wasm. This allows to use that information without including
compiler headers (will clean up several uses in follow-up CLs).
R=mstarzinger@chromium.org, titzer@chromium.org
Bug: v8:7570
Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
Reviewed-on: https://chromium-review.googlesource.com/1013701
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52849}
Allocates almost all maps found in the start up snapshot into RO_SPACE.
There are 2 JSObject maps that are excluded as they contain a mutable cell.
Also updates VerifyReadOnlyPointers to check that RO_SPACE objects' maps are
also in RO_SPACE. Previously the invariant did not hold for Strings which still
had their maps in MAP_SPACE.
Also moves invalid_prototype_validity_cell to RO_SPACE.
RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE
old 22024 0 229184 32928 8184 0
new 31488 0 229184 32928 176 0
Bug: v8:7464
Change-Id: I870d22cc5234ba60b3ef8a2ada590ee6ae426c9f
Reviewed-on: https://chromium-review.googlesource.com/1013494
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52848}
Removes new_target member and getter since none of the Array builtins in
builtins-array-gen.* use it (since none of them are constructors).
delete new_target getter and member variable
Bug: v8:7570
Change-Id: Ia23af014750278d64447bb58171955d909fdb5a8
Reviewed-on: https://chromium-review.googlesource.com/1032556
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52845}
Temporary register at was rewritten. We use different register.
Change-Id: If3a162765ee29eb1d03d3f29345328cf79244e41
Reviewed-on: https://chromium-review.googlesource.com/1032616
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52843}
Trying to reduce use of our self-baked data structures.
Bug: v8:7570
Change-Id: I3c8598ece74b6434c8baa69810a384b5209dd107
Reviewed-on: https://chromium-review.googlesource.com/1032442
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52842}
Trying to reduce use of our self-baked data structures.
Bug: v8:7570
Change-Id: Ie4257911b388d320e4c5da5108cd763d3ab9299f
Reviewed-on: https://chromium-review.googlesource.com/1032555
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52840}
This adds support for f64.min and f64.max, implemented on ia32, x64,
mips and mips64.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: Ib4383df08692c76df5861fe71a96c4354fdf10c1
Reviewed-on: https://chromium-review.googlesource.com/1028235
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52838}
In the case of an indirect call to an imported function, the target
instance stored in the IFT was actually wrong.
Bug: chromium:834619
Change-Id: Id2ac4158335ecf2b58e1983ce37df852a9ebd1b2
Reviewed-on: https://chromium-review.googlesource.com/1030174
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52831}
Calls a function defined in map-inl.h which mark-compact.h is not allowed to
include.
BUG=v8:7490,v8:5402,v8:7570
Change-Id: I51cef646fc2b650208d4e59b92bcd1e406ddd7fd
Reviewed-on: https://chromium-review.googlesource.com/1032332
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52829}
When collecting the values of an object with Smi or Object elements
kind, there are no allocations, so we don't need to create a short-
lived handle for each value. This gives a small performance benefit
in general, and in particular on ia32 by reducing register pressure
causes clang to spill less, which fixes the regression in the issue
mentioned below.
Bug: chromium:833591
Change-Id: I5eb0c6164b2972306ce965ec101687cab486bf0d
Reviewed-on: https://chromium-review.googlesource.com/1029417
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52825}
There is no need to remove an object pointer's heap object
tag when all we want is the Page that it's on. Also, apply
to IncrementalMarking's writebarrier the optimization that
crrev.com/e570e67383577c7f5ab6da7beb68631bab4ba75d brought
to the old-to-new barrier.
Change-Id: Ic9328d7d6f5c01073288a3e87931ea6095750740
Reviewed-on: https://chromium-review.googlesource.com/1029413
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52824}
Not all 2 or 3 letter language codes are canonical. Some of them need
to be canonicalized.
Specifically, exclude {jw,ji,iw,in} and all three-letter codes from the
fast path except for 'fil'.
{jw,ji,iw,in} are deprecated ISO 639 codes for
{Javanese, Yiddish, Hebrew, Indonesian}. They should be
canonicalized to {jv,yi,he,id}. So, do not return early
in the fast path, but pass it down to the full canonicalization.
In addition, there are 70+ deprecated 3-letter codes that need to be
replaced by their modern equivalents. Instead of checking and replacing
in v8, just pass them to ICU to handle.
Along with the following ICU change, two more tests will pass.
https://chromium-review.googlesource.com/c/chromium/deps/icu/+/1026797
These two tests still fail because of the disagreement between ICU and the test
expectations about 5 grandfathered tags with no preferred value (e.g.
i-default, zh-min, cel-gaulish).
'intl402/Intl/getCanonicalLocales/canonicalized-tags'
'intl402/Intl/getCanonicalLocales/preferred-grandfathered'
Bug: v8:5693, v8:7669
Test: test262/intl402/language-tags-canonicalized.js
Test: test262/intl402/Intl/preferred-variants.js
Test: intl/general/language_tags_with_preferred_values.js
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Ide7e9c90ac046859604c7b71c641f84ce9c64be5
Reviewed-on: https://chromium-review.googlesource.com/1023379
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52823}
The new spec has two arguments, the first is the global descriptor, and
the second is the initial value:
new WebAssembly.Global({type: i32}, 42);
If the initial value argument is omitted, the value is set to 0.
Bug: v8:7625
Change-Id: I679d4b7c49c69ec7ffcdfeb8ae506fa7ab9bba95
Reviewed-on: https://chromium-review.googlesource.com/1028847
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52822}
This CL simplifies and extends the implementation of Managed<T>
and now uses a std::shared_ptr<T> underneath in order to offer
cross-isolate management of C++ allocated memory.
R=mstarzinger@chromium.orgCC=ulan@chromium.org
Bug: v8:7424
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Id43a26f565677e8c9cdfd73810568d4f2b1871fe
Reviewed-on: https://chromium-review.googlesource.com/1028190
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52820}
This is a reland of f5d308510a
Original change's description:
> [builtins] Introduce further constant & external reference indirections
>
> This introduces further indirections for embedded constants and
> external references for builtins generated by the macro-assembler.
> The used mechanisms (LookupConstant and LookupExternalReference) are
> identical to what we already use in CSA.
>
> Almost all builtins are now isolate-independent in both release and
> debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
> builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
>
> Bug: v8:6666
> Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
> Reviewed-on: https://chromium-review.googlesource.com/1006581
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52810}
TBR=mstarzinger@chromium.org
Bug: v8:6666
Change-Id: I73dfe207f2c5f79a9a06c165c75f5619e88a5a17
Reviewed-on: https://chromium-review.googlesource.com/1030550
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52819}
When a liftoff function bails out after generating some constant pool,
this avoids to trigger a check in the Assembler destructor.
Bug: v8:6600
Change-Id: I79c595605bc0add1f3f5617ac7feedf162081d8a
Reviewed-on: https://chromium-review.googlesource.com/1026647
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Vincent Belliard <vincent.belliard@arm.com>
Cr-Commit-Position: refs/heads/master@{#52815}
In liftoff, call to PrepareCallCFunction was using at as scratch
register. This is a very bad idea, since at is later used in
underlying macro assembler
TEST=cctest/test-run-wasm-64/RunWasmLiftoff_Regression_6858
Change-Id: Ifbc43678731d2833d2faa2f20fe79ea9e3089002
Reviewed-on: https://chromium-review.googlesource.com/1030430
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Sreten Kovacevic <sreten.kovacevic@mips.com>
Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52814}
This introduces further indirections for embedded constants and
external references for builtins generated by the macro-assembler.
The used mechanisms (LookupConstant and LookupExternalReference) are
identical to what we already use in CSA.
Almost all builtins are now isolate-independent in both release and
debug modes. snapshot_blob.bin is roughly 670K smaller in embedded
builds vs. non-embedded builds, while libv8.so is roughly 280K larger.
Bug: v8:6666
Change-Id: I7a6c2193ef5a763e6cf7543dd51597d6fff6c110
Reviewed-on: https://chromium-review.googlesource.com/1006581
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52810}
This should fix the recent frequent pause-on-oom failures.
The callback attempted to create a handle without a HandleScope.
Bug: v8:7631
Change-Id: Id15ba287896d62d3205585d14204f0c92a8823f8
Reviewed-on: https://chromium-review.googlesource.com/1030211
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52809}
This adds support for the I32AtomicCompareExchange operations in the
interpreter. Also, the interpreter will now fail if it encounters
an unknown opcode from the atomic prefix.
Bug: chromium:826069
Change-Id: Iec1742271f4fdd83fcaa09ca72c24d1cf8c58835
Reviewed-on: https://chromium-review.googlesource.com/1029867
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52807}
Implement float to i32/u32 conversion on mips. Also, fix order
of arguments in some macro-assembler instructions used for these
conversions.
Bug: v8:6600
Change-Id: I94c91f8ac7796ac66fb3cf0129a2a27c1a6ec336
Reviewed-on: https://chromium-review.googlesource.com/1028232
Commit-Queue: Sreten Kovacevic <sreten.kovacevic@mips.com>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#52806}
This adds support for f32.min and f32.max, implemented on ia32, x64,
mips and mips64.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: If73abf3cf46011ba84158ed2ec02d074adcf4ba2
Reviewed-on: https://chromium-review.googlesource.com/1027841
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52803}
For wasm memory buffers, we normally require the memory to be allocated
via WebAssembly.Memory, which will set a is_wasm_memory flag and
register the memory with the wasm allocation tracker. This CL weakens
that requirement in a DCHECK to allow for running experimental threaded
applications even though the is_wasm_memory flag is not currently
propagated via postMessage.
Bug: chromium:836800
Change-Id: I4613b8651423307ce4cd466c0df28fc43244ec4f
Reviewed-on: https://chromium-review.googlesource.com/1027813
Commit-Queue: Stephan Herhut <herhut@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52801}
This CL also removes the JSBuiltinReducer, which is no longer needed.
Bug: v8:7340, v8:7250
Change-Id: I28896f6ce0d352047ea1cb7ea6de490818840faf
Reviewed-on: https://chromium-review.googlesource.com/1027853
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52799}
https://github.com/tc39/ecma402/pull/194 requires that
TimeClip be called before formatting in Intl.DateTimeFormat.
Bug: v8:7471
Test: test262/intl402/DateTimeFormat/prototype/format/time-clip*
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: Iad80376ae7598aab3e4df84a6cbbcd8691e16e09
Reviewed-on: https://chromium-review.googlesource.com/1027442
Reviewed-by: Daniel Ehrenberg <littledan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jungshik Shin <jshin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52796}
The WasmInstanceObject stores two new arrays:
- imported_mutable_globals_buffers_: a FixedArray of all the imported
globals' array buffers.
- imported_mutable_globals: a calloc'd array of Addresses pointing to
the mutable global in its array buffer.
When accessing the global, the generated code looks up the address in
imported_mutable_globals to find where to load/store.
Bug: v8:7625
Change-Id: I60844c21a788fce28f346455f10f2283d1c152e9
Reviewed-on: https://chromium-review.googlesource.com/1020602
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52794}
When only_terminate_in_safe_scope flag is passed as CreateParams for
v8::Isolate, V8 does not trigger intrruption for termination if there
is no explicit SafeForTerminationeScope.
Scope enables termination only in direct v8 calls, any recursive calls
require explicit SafeForTerminationScope.
R=yangguo@chromium.org
Bug: chromium:820640
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iac17e30a4b47aa84e70e9218ca0adca9d07f726e
Reviewed-on: https://chromium-review.googlesource.com/1025390
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52793}
By using memmove for SMI elements we get a roughly 3x speedup over the slower
iterative copying with write barriers.
Bug: chromium:835558
Change-Id: I73da07a1648a3495ff78212ffa1ed949d205a7d2
Reviewed-on: https://chromium-review.googlesource.com/1028236
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52792}
This is is a preparatory CL to detach the JSFunction from the Context.
We mainly rewrite the DebugScopeInterator to no longer rely on the a
JSFunction to be around. Additionally the empty_function needs to have
a proper ScopeInfo now.
Drive-by-fix: Improve ScopeInfo debug printing
Bug: v8:7066
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I2f2fa0e78914a12e076384e0e1234c2322ad1ee8
Reviewed-on: https://chromium-review.googlesource.com/918721
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52791}
The mutable-globals proposal spec allows importing as Numbers or
WebAssembly.Global values, but always exports as WebAssembly.Global.
Since the value is always boxed, we can also import/export i64 values.
This CL also includes support for export of mutable globals. Since the
underlying ArrayBuffer that stores the global's value is shared between
the module and the WebAssembly.Global object, all that needs to be done
is remove the validation check.
Bug: v8:7625
Change-Id: I24d763e3bc193d229a7cc33b2f2690a473c6f2bc
Reviewed-on: https://chromium-review.googlesource.com/1018406
Commit-Queue: Ben Smith <binji@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52789}
Statistics need to be updated after top-tier code is added to
the native module.
Change-Id: Ie3a76caf233a2c3929b40fd0371c3069724b5289
Reviewed-on: https://chromium-review.googlesource.com/1027854
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52787}
Iterate over all descriptors instead of bailing out early and missing
enumerable properties later.
Bug: chromium:836145
Change-Id: I104f7ea89480383b6b4b9204942a166bdf8e0597
Reviewed-on: https://chromium-review.googlesource.com/1027832
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52786}
This adds support for i64.div_s, i64.div_u, i64.rem_s, and i64.rem_u.
R=ahaas@chromium.org
Bug: v8:6600
Change-Id: I37e564684b278c8d2f664a859851c67f4bd83190
Reviewed-on: https://chromium-review.googlesource.com/1027612
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52785}
We want to ensure that all runtime objects are created as soon as
compilation finishes. Instead of scheduling another foreground thread
to create these runtime objects, we now call it directly from the already
executing foreground thread.
Change-Id: I9e8f47dba237de16e0bac119f1649496c8525b37
Reviewed-on: https://chromium-review.googlesource.com/1027712
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@google.com>
Cr-Commit-Position: refs/heads/master@{#52779}
I missed one required change which was hidden behind an #if. The fix is in
the diff between Patch 1 and Patch 3.
Original message:
In this CL I remove the isolate from signatures of ExternalReference
accessor functions where the isolate is not used. The uses of the
isolate were already removed in previous CLs.
Changes:
* I split the ExternalReference list in external-reference.h into
those which need the isolate for initialization and those which do not.
* I removed the public constructors and replaced them by
ExternalReference::Create(). The reason is to separate external
creation more clearly from internal creation, because externally
created ExternalReferences sometimes need redirection, whereas
internally created ExternalReferences are just stored as they are.
In addition, by removing the isolate from the signature of the
public constructors, they suddenly exactly matched the interal
constructor.
* Replace all uses of the public constructors with
ExternalReference::Create().
* Remove the isolate from all call sites where necessary.
This is a step towards making WebAssembly compilation independent of
the isolate.
R=mstarzinger@chromium.org
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I750c162f5d58ed32e866722b0db920f8b9bd8057
Reviewed-on: https://chromium-review.googlesource.com/1026673
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52777}
This CL implements TypedArray.p.sort in Torque. The Torque
version works basically the same as the existing JS builtin:
When no comparison function is provided, the C++ fast path builtin
is used. Otherwise a quicksort written in Torque is used, with
a InsertionSort fallback for smaller arrays.
The JS quicksort implementation also containes a more elaborate
third pivot calculation for larger arrays. This is currently not done.
Reported benchmark results are only for those, where a custom
comparison function is provided. The numbers for the C++ path stayed
the same.
Benchmark Current (JS) Torque Speedup
IntTypes 83.9 263.7 3.1
BigIntTypes 32.1 54.6 1.7
FloatTypes 99.3 138.7 1.4
R=danno@chromium.org, jgruber@chromium.org
Bug: v8:7382
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Change-Id: I7abe7ceff525bab24f302d2f06b5961cca770d24
Reviewed-on: https://chromium-review.googlesource.com/1021691
Commit-Queue: Simon Zünd <szuend@google.com>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52776}
This CL changes the DECIMAL_LITERAL lexer rule to allow
negative decimal literals as well.
This could also be achieved by using the unary minus operation,
which would occur an runtime overhead and feel counter-intuitive
for literals (imho).
R=tebbi@chromium.org
Change-Id: Ib01aa1930254bcd85a161de385b0fd4f176feb46
Reviewed-on: https://chromium-review.googlesource.com/1027473
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Simon Zünd <szuend@google.com>
Cr-Commit-Position: refs/heads/master@{#52773}
This is just code reshuffling to enable changing Type* to Type.
Bug: v8:3770
Change-Id: I8ed4ff41b480cab377d115c57c49d6f6c0c46d6d
Reviewed-on: https://chromium-review.googlesource.com/1025897
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52772}
This expands the SideEffectType flag to cover whitelisting embedder
callbacks that are setup with Template accessors.
- v8::ObjectTemplate::SetNativeDataProperty
- v8::ObjectTemplate::SetLazyDataProperty
- v8::ObjectTemplate::SetAccessor
Bug: v8:7515
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Ieda6c793141ab249c4f41d00e6572fe2a29ac629
Reviewed-on: https://chromium-review.googlesource.com/1015896
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Erik Luo <luoe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52770}
This reverts commit 44ea425ab1.
Reason for revert: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Arm%20-%20debug%20builder/13575
Original change's description:
> [refactoring] Remove the isolate from signatures of ExternalReferences
>
> In this CL I remove the isolate from signatures of ExternalReference
> accessor functions where the isolate is not used. The uses of the
> isolate were already removed in previous CLs.
>
> Changes:
> * I split the ExternalReference list in external-reference.h into
> those which need the isolate for initialization and those which do not.
>
> * I removed the public constructors and replaced them by
> ExternalReference::Create(). The reason is to separate external
> creation more clearly from internal creation, because externally
> created ExternalReferences sometimes need redirection, whereas
> internally created ExternalReferences are just stored as they are.
> In addition, by removing the isolate from the signature of the
> public constructors, they suddenly exactly matched the interal
> constructor.
>
> * Replace all uses of the public constructors with
> ExternalReference::Create().
>
> * Remove the isolate from all call sites where necessary.
>
>
> This is a step towards making WebAssembly compilation independent of
> the isolate.
>
> Bug: v8:7570
> R=mstarzinger@chromium.org
>
> Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
> Change-Id: I14f511fc6acc50ab2d6a6641299f5ddbeabef0da
> Reviewed-on: https://chromium-review.googlesource.com/1018982
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52768}
TBR=mstarzinger@chromium.org,ahaas@chromium.org
Change-Id: I7c0d8d420f815cede23d550dee8942ac4d7791cc
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7570
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/1026570
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52769}
