- 02 Dec, 2020 26 commits
-
-
Manos Koukoutos authored
read_heap_type did not have knowledge of the module for which the heap type was being decoded. As a result, callers of read_heap_type (or read_value_type, which in turn calls read_heap_type) had to check after the fact that a decoded indexed type (ref, ref null, or rtt) references a type index within the module's bounds. This was not done consistently, and was missing (at least) in DecodeLocals. To avoid such problems in the future, this CL refactors read_heap_type to accept a module and check the decoded index against it. Changes: - Add WasmModule argument to read_heap_type. Do so accordingly to all its transitive callers (read_value_type, immediate arguments, DecodeLocalDecls, DecodeValue/HeapType in unittests). - Add index check to read_heap_type and emit an error for an out-of-bounds index. - Remove all other now-redundant index validations. Replace them with decoder->ok() if needed (since read_heap_type will now emit an error). - Fix error message in Validate for BlockTypeImmediate. - In DecodeLocalDecls in unittests, pass an empty module to DecodeLocalDecls in the main code. - Add a unit test with an invalid index in local type declarations. Bug: v8:9495 Change-Id: I4ed1204847db80f78b6ae85fa40d300cd2456295 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569757Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71572}
-
Milad Fa authored
Port b6643320 Original Commit Message: In order to reduce the codegen size of dynamic map checks, add the ability to have an eager with resume deopt point, which can call a given builitin to perform a more detailed check than can be done in codegen, and then either deoptimizes itself (as if the calling code had performed an eager deopt) or resumes execution in the calling code after the check. In addition, support for adding extra arguments to a deoptimization continuation is added to enable us to pass the necessary arguments to the DynamicMapChecks builtin. Finally, a trampoline is added to the DynamicMapChecks which saves the registers that might be clobbered by that builtin, to avoid having to save them in the generated code. This trampoline also performs the deoptimization based on the result of the DynamicMapChecks builtin. In order to ensure both the trampoline and DynamicMapChecks builtin have the same call interface, and to limit the number of registers that need saving in the trampoline, the DynamicMapChecks builtin is moved to be a CSA builtin with a custom CallInterfaceDescriptor, that calls an exported Torque macro that implements the actual functionality. All told, this changes the codegen for a monomorphic dynamic map check from: movl rbx,<expected_map> cmpl [<object>-0x1],rbx jnz <deferred_call> resume_point: ... deferred_call: <spill registers> movl rax,<slot> movq rbx,<object> movq rcx,<handler> movq r10,<DynamicMapChecks> call r10 cmpq rax,0x0 jz <restore_regs> cmpq rax,0x1 jz <deopt_point_1> cmpq rax,0x2 jz <deopt_point_2> int3l restore_regs: <restore_regs> jmp <resume_point> ... deopt_point_1: call Deoptimization_Eager deopt_point_2: call Deoptimization_Bailout movl rcx,<expected_map> movq rdx,<handler> cmpl [<object>-0x1],rcx jnz <deopt_point> resume_point: ... deopt_point: call DynamicMapChecksTrampoline jmp <resume_point> R=rmcilroy@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG=v8:10582 LOG=N Change-Id: I0739c1b40ed06bb22b73ebe1833ea648b540882a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569359Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#71571}
-
Dominik Inführ authored
This reverts commit 2afb00c0. Reason for revert: Some tests started to timeout. Original change's description: > [heap] Remove SWEEPING phase in incremental marking > > The SWEEPING phase in incremental marking was used to finish sweeping > of the last GC cycle concurrently before starting incremental marking. > This avoids potentially long pauses when starting incremental marking. > However this shouldn't be necessary in most cases where sweeping is > already finished when starting the next cycle. The implementation also > didn't cleanly separate the GC cycles. > > In case the sweeping phase is necessary for pause times, we can > introduce a "CompleteSweep" phase which runs right before starting > incremental marking. > > Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71555} TBR=ulan@chromium.org,dinfuehr@chromium.org Change-Id: I9adea60c21ff7cdfa7bbac3e6a4a240640fa5ea9 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569766Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#71570}
-
Maya Lekova authored
This reverts commit 3238162d. Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64/40411/overview, causing SEGV_ACCERR on test/mjsunit/harmony/promise-any-overflow-2.js and other failures in minor_mc variant Original change's description: > Reland "[heap] Add epoch to GC tracing events" > > This is a reland of be52501d > > Fix data race by not emitting the epoch for sweeper background jobs > at them moment. > > Original change's description: > > [heap] Add epoch to GC tracing events > > > > This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute > > to the trace event. Use TRACE_GC_EPOCH for top-level events, nested > > events can get the information from its parent. > > > > V8's GC needs an epoch for young and full collections, since scavenges > > also occur during incremental marking. The epoch is also process-wide, > > so different isolates do not reuse the same id. > > > > Change-Id: I8889bccce51e008374b4796445a50062bd87a45d > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247 > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#71521} > > Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71567} TBR=ulan@chromium.org,dinfuehr@chromium.org Change-Id: I29a131f798c3536d16e4b4c44c0fcb8b35dd0051 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569764Reviewed-by: Maya Lekova <mslekova@chromium.org> Commit-Queue: Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#71569}
-
Zhi An Ng authored
Bug: v8:11074 Change-Id: Ifdd52d501a1d55a2fe176f0995f8c0e7f71ca1fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2569131 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71568}
-
Dominik Inführ authored
This is a reland of be52501d Fix data race by not emitting the epoch for sweeper background jobs at them moment. Original change's description: > [heap] Add epoch to GC tracing events > > This CL adds the TRACE_GC_EPOCH macro, which adds the epoch as attribute > to the trace event. Use TRACE_GC_EPOCH for top-level events, nested > events can get the information from its parent. > > V8's GC needs an epoch for young and full collections, since scavenges > also occur during incremental marking. The epoch is also process-wide, > so different isolates do not reuse the same id. > > Change-Id: I8889bccce51e008374b4796445a50062bd87a45d > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565247 > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71521} Change-Id: Ib8f4bfdc01c459955eb6db63bb6e24a8aa068f09 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567702 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71567}
-
Manos Koukoutos authored
If DecodeLocals exits early, num_locals_ is left in an inconsistent state. This CL fixes this issue by updating num_locals_ as the local_types_ are updated. Bug: chromium:1154439 Change-Id: I02328a050df8b2827a42f59443e994f535d3c826 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567954Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71566}
-
Camillo Bruni authored
- Don't print normalize transition for cached maps - Avoid printing two transitions in Map::CopyReplaceDescriptor - Harden processor.mjs existing existing broken logs by skipping double entries and avoiding mutliple edges to the same target map Bug: v8:10644 Change-Id: I561a0f888c8835a40a289baa50d65ff69e368bad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565123Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71565}
-
Clemens Backes authored
The {ParallelRegisterMove} at the end of {AtomicLoad} might need a temporary scratch register for spilling values to the stack. Make sure that one is available by giving up the scratch register used for the address of the atomic access. R=ahaas@chromium.org Bug: chromium:1153442 Change-Id: I267c43e2193662c420f96f6683ebd4bbb0e1bca3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566759Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71564}
-
Clemens Backes authored
From reading the code it was totally unclear what the purpose of the "offset" parameter at ProcessCodeSectionHeader and CheckFunctionsCount is. Actually, it's just there for setting an error position. Thus this CL renames the field, and a related local variable to make the use more clear. Drive-by: Remove a confusing and unnecessary Decoder::Reset call. R=ahaas@chromium.org Change-Id: Iccde5ccb3b9e7e52976c47724157c184fd345ec4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567709Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71563}
-
Georg Neis authored
Change-Id: Iec5bf3e3fa238e4dce4ec89840cfd6c39a6726a9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568273Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#71562}
-
Mythri A authored
MarkCandidatesForOptimizationFromBytecode/ MarkCandidatesForOptimizationFromCode are called when bytecode budget interrupt occurs from interpreted / optimized code. The logic in these two functions is very similar. This cl merges this logic into one function. This cl also removes FLAG_frame_count which specifies the number of frames we need to look at for tiering up on a bytecode budget interrupt. The default value is set to 1 and in its current form it isn't very useful. Bug: v8:9684 Change-Id: I9f56034f2857672921673b9b68b3615765c0ccfe Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565514 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#71561}
-
Liu Yu authored
Port: b6643320 Bug: v8:10582 Change-Id: I3efdd840a4f3f2eeb6156f8b446478311a2ccd26 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568569Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn> Auto-Submit: Liu yu <liuyu@loongson.cn> Cr-Commit-Position: refs/heads/master@{#71560}
-
Ross McIlroy authored
Unifies various operators for dynamic map checks with the naming scheme of DynamicCheckMaps (to be similar to CheckMaps. BUG=v8:10582 Change-Id: I8ac842f55fe31cdc7b84968d077017a86ddf4442 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567952 Auto-Submit: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71559}
-
Camillo Bruni authored
Bug: v8:10644 Change-Id: I727f844f3796f37e92c8855e02d519abeee73dc1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566760 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#71558}
-
Clemens Backes authored
This reverts commit 83d289b8. Reason for revert: lock order inversion, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/12584/overview Original change's description: > Reland [wasm] Reduce job priority once baseline compilation finishes > > ReduceCompilationPriority takes a lock now. > > Original message: > This Cl changes the priority of baseline compilation from kUserVisible > to kUserBlocking. Once baseline compilation finishes, the priority is > reduced to kUserVisible. The reason for using kUserBlocking is that > thereby TurboFan compilation cannot block Liftoff compilation anymore. > Additionally, kUserBlocking is quite appropriate, as the initial > compilation does block a whole section of a web app from execution. > > R=clemensb@chromium.org > > Bug: v8:11088 > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng > Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng > Change-Id: I6e1bcc809148198a4b4f88bfd4f2e62b1b061439 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563675 > Commit-Queue: Andreas Haas <ahaas@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71546} TBR=ahaas@chromium.org,clemensb@chromium.org Change-Id: I62e4e3d0663dbd181b14f77f0c1586d5e503f324 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11088 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567953Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71557}
-
Camillo Bruni authored
- Add FLAG_log_code_disassemble - Add code-disassamble log entries for Code and BytecodeArray - Add basic code-panel to system-analyzer Bug: v8:10644 Change-Id: I1abb339a42b55df01265d63d0f0d8c1ac2e041dc Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565517Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71556}
-
Dominik Inführ authored
The SWEEPING phase in incremental marking was used to finish sweeping of the last GC cycle concurrently before starting incremental marking. This avoids potentially long pauses when starting incremental marking. However this shouldn't be necessary in most cases where sweeping is already finished when starting the next cycle. The implementation also didn't cleanly separate the GC cycles. In case the sweeping phase is necessary for pause times, we can introduce a "CompleteSweep" phase which runs right before starting incremental marking. Change-Id: Iaff8c06d5691e584894f57941f181d0424051eec Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567707 Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#71555}
-
Sathya Gunasekaran authored
This reverts commit e2aa734a. Reason for revert: speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/31901/blamelist Original change's description: > [wasm-simd][arm] Prototype i8x16.popcnt > > Bug: v8:11002 > Change-Id: Ib97e51ed52249a1af7a4b879396b70a016991719 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567534 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71552} TBR=bbudge@chromium.org,jkummerow@chromium.org,v8-arm-ports@googlegroups.com,zhin@chromium.org Change-Id: Id1ae2dbaae52d45eb81ba8636178236ca8e9f7e0 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:11002 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568925Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org> Cr-Commit-Position: refs/heads/master@{#71554}
-
Jakob Gruber authored
This reverts commit 3599cce1. Originally landed in https://chromium-review.googlesource.com/c/v8/v8/+/2531775 Work on NCI is suspended, remove unused complexity. We may want to share native-context-independent feedback in the future, but probably through other means. Bug: v8:8888 Change-Id: I23dfb67f6f01b4891af87bc42a9e62f99d0bf044 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567701Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71553}
-
Zhi An Ng authored
Bug: v8:11002 Change-Id: Ib97e51ed52249a1af7a4b879396b70a016991719 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567534 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#71552}
-
Zhi An Ng authored
Prototype v128.{load,store}{8,16,32,64}_lane on arm64. All the required assembler, disassembler, and simulator changes are already available. The biggest changes here are in the instruction-selector. ld1 and st1 only supports no-offset or post-index addressing, so we have to do our own addition (base + index) to construction the actual memory address to load/store from. Bug: v8:10975 Change-Id: I026e3075003ff5dece7cd1a590894b09e2e823db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2558268 Commit-Queue: Zhi An Ng <zhin@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#71551}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b031112..6ca160d Rolling v8/third_party/aemu-linux-x64: jfuzh1KU9b_qTmPrfQ2v7GW8FB2tUz0uUUjeyB_2LdQC..DQxYsB8PVOoG7iQxYf01AM0DSgvbu3DKEyrTvcT79zAC Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/6d2a0fe..80cea4f Rolling v8/tools/swarming_client: https://chromium.googlesource.com/infra/luci/client-py/+log/d46ea76..1a07271 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: I844e9927c1ace1820c2af0da886e0f33d53f2c6d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568501Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71550}
-
Zhi An Ng authored
Bug: v8:11215 Change-Id: If6e9cb252176230815c7509ecf2a6e3e2269e601 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567532Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71549}
-
Zhi An Ng authored
Bug: v8:11074 Change-Id: I26969322948c1d062b1bc5478f547d52cba3f1b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567312Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71548}
-
Zhi An Ng authored
This is a reland of a69b7ef2 Original change's description: > [wasm-simd][ia32] Prototype store lane > > Prototype v128.store{8,16,32,64}_lane on IA32. > > Drive by fix for wrong disassembly of movlps. > > Also added more test cases for StoreLane, test for more alignment and offset. > > Bug: v8:10975 > Change-Id: I0e16f1b5be824b6fc818d02d0fd84ebc0dff4174 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557068 > Commit-Queue: Zhi An Ng <zhin@chromium.org> > Reviewed-by: Bill Budge <bbudge@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71511} Bug: v8:10975 Change-Id: I2c9b219b9ab9d78a83d1bf32ad1271d717471c19 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567317Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Zhi An Ng <zhin@chromium.org> Cr-Commit-Position: refs/heads/master@{#71547}
-
- 01 Dec, 2020 14 commits
-
-
Andreas Haas authored
ReduceCompilationPriority takes a lock now. Original message: This Cl changes the priority of baseline compilation from kUserVisible to kUserBlocking. Once baseline compilation finishes, the priority is reduced to kUserVisible. The reason for using kUserBlocking is that thereby TurboFan compilation cannot block Liftoff compilation anymore. Additionally, kUserBlocking is quite appropriate, as the initial compilation does block a whole section of a web app from execution. R=clemensb@chromium.org Bug: v8:11088 Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng Change-Id: I6e1bcc809148198a4b4f88bfd4f2e62b1b061439 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563675 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71546}
-
Ross McIlroy authored
In order to reduce the codegen size of dynamic map checks, add the ability to have an eager with resume deopt point, which can call a given builitin to perform a more detailed check than can be done in codegen, and then either deoptimizes itself (as if the calling code had performed an eager deopt) or resumes execution in the calling code after the check. In addition, support for adding extra arguments to a deoptimization continuation is added to enable us to pass the necessary arguments to the DynamicMapChecks builtin. Finally, a trampoline is added to the DynamicMapChecks which saves the registers that might be clobbered by that builtin, to avoid having to save them in the generated code. This trampoline also performs the deoptimization based on the result of the DynamicMapChecks builtin. In order to ensure both the trampoline and DynamicMapChecks builtin have the same call interface, and to limit the number of registers that need saving in the trampoline, the DynamicMapChecks builtin is moved to be a CSA builtin with a custom CallInterfaceDescriptor, that calls an exported Torque macro that implements the actual functionality. All told, this changes the codegen for a monomorphic dynamic map check from: movl rbx,<expected_map> cmpl [<object>-0x1],rbx jnz <deferred_call> resume_point: ... deferred_call: <spill registers> movl rax,<slot> movq rbx,<object> movq rcx,<handler> movq r10,<DynamicMapChecks> call r10 cmpq rax,0x0 jz <restore_regs> cmpq rax,0x1 jz <deopt_point_1> cmpq rax,0x2 jz <deopt_point_2> int3l restore_regs: <restore_regs> jmp <resume_point> ... deopt_point_1: call Deoptimization_Eager deopt_point_2: call Deoptimization_Bailout To: movl rax,<slot> movl rcx,<expected_map> movq rdx,<handler> cmpl [<object>-0x1],rcx jnz <deopt_point> resume_point: ... deopt_point: call DynamicMapChecksTrampoline jmp <resume_point> BUG=v8:10582 Change-Id: Ica4927b9acc963b9b73dc62d9379a7815335650f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2560197 Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71545}
-
Michael Achenbach authored
Follow up on renamed configurations, porting: https://crrev.com/c/2565170 TBR=gsathya@chromium.org Bug: v8:10619,chromium:1097270 Change-Id: Ibfeb6ee817642b16d79e673b2d91d4142a2b6cd4 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566761Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#71544}
-
Milad Fa authored
In this CL we fix the emitted code for Load Splat and Load Extend. Load Splat loads a byte, half word, word or double word based on the specific opcode. Load Extend always loads a double word and then unpacks it accordingly. Change-Id: Ic1619c81a58f4997d69612f08edb6975d17e8bb3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2568132Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/master@{#71543}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4fd0dec..b031112 TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ic9a9082919cc7de8c816c33dcc62d219440a342c Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567562Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71542}
-
Camillo Bruni authored
This CL extends the existing optimization markers: - "~" for interpreted code - "-" for native context independent code (new) - "+" for turboprop code (new) - "*" for turbofan code Bug: v8:10644 Change-Id: If8940a8c3f32c6f347f61a901be101078df66331 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567693 Commit-Queue: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#71541}
-
Sathya Gunasekaran authored
Bug: v8:10644 Change-Id: I8c81e1f9d6f1f766af07905928ea7b437771e1ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567201Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/master@{#71540}
-
Manos Koukoutos authored
This is a reland of 535fd785. This CL was not the culprit, thus landing unmodified. Original change's description: > [wasm] Make DecodeLocals return the number of decoded locals > > Currently, when the new locals are not appended to the existing ones, > there is no way to know how many new locals were defined. This CL > addresses this issue. > > Drive-by: Fix the pc passed to DecodeLocals in OpcodeLength. > Change-Id: Id9de561a6380b52dcce398301727aa12196c0677 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567695 > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71526} TBR=manoskouk@chromium.org Change-Id: I1b2fbe9f6d0a19da9d73202de9f488870e79cd30 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567704Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71539}
-
Michael Achenbach authored
This is a reland of 4ad08c82 The reland organizes the different error types in separate functions for separate call stacks. Error simulation is also guarded by a minimum file size to prevent Clusterfuzz from getting stuck with its bad-build check. Original change's description: > Enable simulating errors to test fuzzer reliability > > This adds a d8 flag --simulate-errors, which on shutdown will cause > certain errors. This enables testing the reliability of sanitizers. > > This will cause a fatal error, a dcheck (if available) or a > violation that can be detected with one of the following sanitizers: > ASAN, UBSAN, MSAN, CFI. > > The same flag used in differential fuzzing will cause an error > subsumed with the error state "fake_difference". > > Bug: chromium:1152412 > Change-Id: I4b36c6fe716797004d634263617d22ca67b05600 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554999 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Clemens Backes <clemensb@chromium.org> > Cr-Commit-Position: refs/heads/master@{#71430} Bug: chromium:1152412 Change-Id: I604258b4c1ebd215c26b1de6b2822663f857bf64 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565125 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71538}
-
Clemens Backes authored
The wasm fuzzer corpus is pretty outdated. The script that was used to generate it did not work any more. This CL updates the script, and runs it. This generates a fuzzer corpus of 42011 wasm modules, compared to 15290 before. The new modules will contain new features like SIMD and multi-value, which will be interesting fuzzer inputs. R=ahaas@chromium.org Change-Id: Ic3df26930cb8c1c6e8d521597ceb06cc338c02ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565512Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#71537}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/23fe346..4fd0dec Rolling v8/third_party/aemu-linux-x64: uQdbvtcP840HCVMjrZtUTrYeUgSD_J2rxG1WcyDUbvMC..jfuzh1KU9b_qTmPrfQ2v7GW8FB2tUz0uUUjeyB_2LdQC Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/1af7968..6d2a0fe TBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com Change-Id: Ie69bc3b89d25bbe914fd1359077902b16ecc0565 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567493Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#71536}
-
Shu-yu Guo authored
Await is a unary operator and should be disallowed on the LHS of exponentiation like all other unary operators. Bug: v8:11213 Change-Id: I9c51e33cb37660627748cd926ec222ac0ac246de Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2566442Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#71535}
-
Dominik Inführ authored
So far the main thread can have two different kinds of local handles, regular main thread handles and local handles in its LocalIsolate. This is both confusing and error-prone. This CL retargets local handles creation for the LocalIsolate on the main thread to always create regular main thread handles instead. Bug: v8:10315 Change-Id: I4df509a0fc1bd630ba956b5eaacacbe706ddb4ef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527062Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/master@{#71534}
-
Manos Koukoutos authored
Add support for array and struct definitions and the rest of gc-related opcodes. Drive-by: Remove obsolete kWasmAnyFunctionTypeForm, replace it with kWasmFuncRef. Bug: v8:7748 Change-Id: I9512ff22d661fead5ad86767871632ae94346465 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567691Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org> Cr-Commit-Position: refs/heads/master@{#71533}
-