1. 09 Feb, 2021 1 commit
  2. 21 Jan, 2021 1 commit
  3. 16 Dec, 2020 3 commits
  4. 04 Dec, 2020 2 commits
  5. 03 Dec, 2020 1 commit
  6. 20 Nov, 2020 1 commit
  7. 19 Nov, 2020 1 commit
  8. 12 Nov, 2020 1 commit
  9. 05 Nov, 2020 1 commit
  10. 02 Nov, 2020 1 commit
  11. 23 Oct, 2020 1 commit
  12. 22 Oct, 2020 2 commits
    • Manos Koukoutos's avatar
      Reland "[wasm-gc] Implement call_ref on WasmJSFunction" · 40ad9116
      Manos Koukoutos authored
      This is a reland of 6227c95e
      
      Fixes compared to original landing:
      - Decode a WASM_TO_JS_FUNCTION Code object as a WASM_TO_JS frame.
      - Enable call_ref on WasmJSFunctions with arity mismatch.
      - Use builtin pointer in BuildWasmToJSWrapper, to avoid having to
        resolve the relocatable constant.
      
      Original change's description:
      > [wasm-gc] Implement call_ref on WasmJSFunction
      >
      > Changes:
      > - Introduce turbofan builtin WasmAllocatePair.
      > - Implement call_ref for WasmJSFunction in wasm-compiler.cc.
      > - Remove WasmJSFunction trap.
      > - Improve and extend call-ref.js test.
      >
      > Bug: v8:9495
      > Change-Id: I8b4d1ab70cbbe9ae37887a6241d409eec638fd28
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2463226
      > Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70535}
      
      Bug: v8:9495
      Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
      Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
      Change-Id: I294947059e612d417d92614a43cb7383cd5f3b92
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2476314
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70719}
      40ad9116
    • Seth Brenith's avatar
      [torque] Strict verification of abstract types · 50d474a2
      Seth Brenith authored
      Originally, the Torque-generated verifier for a field with type
      Undefined|Zero|NonNullForeign would check `f.IsUndefined() || f.IsZero()
      || f.IsNonNullForeign()`. At some point, we changed Torque so that it
      now generates the much weaker `f.IsOddball() || f.IsSmi() ||
      f.IsForeign()`. This change returns the verifiers to their initial
      precision. Mostly we can use the names of abstract types to build up the
      correct type check expression, but a few abstract types like
      PodArrayOfWasmValueType have no way that we can tell them apart from
      their parent type at runtime. It would be confusing to have a function
      Object::IsPodArrayOfWasmValueType which actually just checks whether the
      object is a ByteArray, so this change introduces a new annotation which
      allows abstract type declarations to state that they should use their
      parent type during verification.
      
      This change also adds new test cases to help avoid future regressions of
      this logic.
      
      Bug: v8:7793
      Change-Id: Ie5046d742fd45e0e0f6c2ba387d909e9f2ac6df1
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469960Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Cr-Commit-Position: refs/heads/master@{#70698}
      50d474a2
  13. 15 Oct, 2020 2 commits
  14. 05 Oct, 2020 2 commits
    • Manos Koukoutos's avatar
      [wasm-gc][bug] call_indirect should check for null table entries · cdb3da7f
      Manos Koukoutos authored
      This was not happening when there was no need to typecheck the entry.
      
      Additional changes:
      - Add tests with null table entries for typed and untyped function
        tables.
      - Allow AddIndirectFunctionTable in wasm-run-utils to specify table
        type.
      - Add possibility to define tables in test-gc.cc.
      - Merge trapTableOutOfBounds with trapInvalidFunc.
      - Use trapTableOutOfBounds in call_indirect as appropriate.
      - Fix emission of table types in wasm-module-builder.cc.
      
      Bug: v8:9495
      Change-Id: I4a857ff4378e5a87dc0646d94b4c75635a43c55b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2442622Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70311}
      cdb3da7f
    • Sathya Gunasekaran's avatar
      [turboprop] Inline monomorphic map check · 2cf6ee0b
      Sathya Gunasekaran authored
      Instead of loading the map from the feedback vector for monomorphic
      access, this CL directly inlines the expected map constant as a static
      check.
      
      In case this static check fails, we call out to a builtin which performs
      additional dynamic map checks.
      
      There are several dynamic map checks performed by the builtin for various
      cases such as:
      (a) IC is monomorphic with a map that's different from the initial
      static map that we checked, in which case we perform another dynamic
      map check.
      (b) IC is monomorphic but incoming map is a deprecated map in which case
      we call out the runtime to migrate this incoming object to a new map and
      then try to handle it.
      (c) IC has now transitioned to polymorphic in which we use the old
      dynamic polymorphic checks to validate the map and handler.
      
      Bug: v8:10582, v8:9684
      Change-Id: Id87265ed513e4aef87b8e66c826afbf10f50a1d0
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2429034
      Commit-Queue: Sathya Gunasekaran  <gsathya@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarMythri Alle <mythria@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70304}
      2cf6ee0b
  15. 30 Sep, 2020 1 commit
  16. 29 Sep, 2020 1 commit
  17. 24 Sep, 2020 1 commit
    • Manos Koukoutos's avatar
      [wasm-gc] Some cleanup and documentation · e241c6da
      Manos Koukoutos authored
      Changes:
      - Add dedicated exception for call_ref invoking a WasmJSFunction.
      - Small restructuring of read_value_type.
      - Change HeapType::kLastSentinel to point to the last valid type,
        update is_valid().
      - Remove redundant DCHECK from ValueType constructors.
      - Rename a few section-related macros in module-decoder-unittest.cc,
        add a small test.
      - Rename "Simd128" -> "s128" in error message.
      - Write some documentation, mostly in value-type.h and wasm-subtyping.h.
      
      Bug: v8:7748
      Change-Id: I4fc4826fbdeac50e21ef524787c2024d7aa1b3b2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2424139
      Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70118}
      e241c6da
  18. 14 Sep, 2020 1 commit
  19. 11 Sep, 2020 2 commits
  20. 07 Sep, 2020 1 commit
  21. 06 Aug, 2020 5 commits
    • Bill Budge's avatar
      Reland "[torque] Port some constructor builtins to Torque." · 83e4c8b1
      Bill Budge authored
      This is a reland of ce249dbb
      
      As it's unchanged,
      TBR=leszeks@chromium.org,tebbi@chromium.org
      
      Original change's description:
      > [torque] Port some constructor builtins to Torque.
      >
      > - FastNewFunctionContextEval
      > - FastNewFunctionContextFunction
      > - CreateEmptyLiteralObject
      > - CreateRegExpLiteral
      > - CreateEmptyArrayLiteral
      > - CreateShallowArrayLiteral
      > - CreateShallowObjectLiteral
      > - NumberConstructor
      > - ObjectConstructor
      > - GenericLazyDeoptContinuation
      >
      > Bug: v8:9891
      >
      > Change-Id: Idd4bf035d8dbeec03b9ef727e1bfb80eab4bc43c
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2311411
      > Commit-Queue: Bill Budge <bbudge@chromium.org>
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#69082}
      
      Bug: v8:9891
      Change-Id: I566d4167c02488ef6a9a1c73015af5e2f484a31d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330382
      Commit-Queue: Bill Budge <bbudge@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69281}
      83e4c8b1
    • Z Nguyen-Huu's avatar
      Add fast path for Smi and non-decimal in NumberPrototypeToString · 4882bb6a
      Z Nguyen-Huu authored
      Just a fast iteration over bytes written in Torque for Smi number and
      non-decimal radix, also only for more than one string character result.
      
      Improve following micro-benchmark by ~75%
      
      Before
      toHexString
      toHexString-Numbers(Score): 7905000
      
      After
      toHexString
      toHexString-Numbers(Score): 14419000
      
      Bug: v8:10477
      Change-Id: I366092d4d70156ad33830352c1122af8794bea76
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2330221
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69272}
      4882bb6a
    • Leszek Swirski's avatar
      [runtime] Move string table off-heap · 1546be9c
      Leszek Swirski authored
      Changes the isolate's string table into an off-heap structure. This
      allows the string table to be resized without allocating on the V8 heap,
      and potentially triggering a GC. This allows existing strings to be
      inserted into the string table without requiring allocation.
      
      This has two important benefits:
      
        1) It allows the deserializer to insert strings directly into the
           string table, rather than having to defer string insertion until
           deserialization completes.
      
        2) It simplifies the concurrent string table lookup to allow resizing
           the table inside the write lock, therefore eliminating the race
           where two concurrent lookups could both resize the table.
      
      The off-heap string table has the following properties:
      
        1) The general hashmap behaviour matches the HashTable, i.e. open
           addressing, power-of-two sized, quadratic probing. This could, of
           course, now be changed.
      
        2) The empty and deleted sentinels are changed to Smi 0 and 1,
           respectively, to make those comparisons a bit cheaper and not
           require roots access.
      
        3) When the HashTable is resized, the old elements array is kept
           alive in a linked list of previous arrays, so that concurrent
           lookups don't lose the data they're accessing. This linked list
           is cleared by the GC, as then we know that all threads are in
           a safepoint.
      
        4) The GC treats the hash table entries as weak roots, and only walks
           them for non-live reference clearing and for evacuation.
      
        5) Since there is no longer a FixedArray to serialize for the startup
           snapshot, there is now a custom serialization of the string table,
           and the string table root is considered unserializable during weak
           root iteration. As a bonus, the custom serialization is more
           efficient, as it skips non-string entries.
      
      As a drive-by, rename LookupStringExists_NoAllocate to
      TryStringToIndexOrLookupExisting, to make it clearer that it returns
      a non-string for the case when the string is an array index. As another
      drive-by, extract StringSet into a separate header.
      
      Bug: v8:10729
      Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69270}
      1546be9c
    • Tobias Tebbi's avatar
      Reland "[torque] typed context slot access" · 6647f292
      Tobias Tebbi authored
      This is a reland of 408e7240
      Change: Allow CSA load elimination accross code comments
      
      Original change's description:
      > [torque] typed context slot access
      >
      > This introduces a new type Slot<ContextType, SlotType> that is used
      > for enum values used to access context slots.
      > Together with new types for the various custom contexts used in
      > Torque, this results in fairly type-safe access to context slots,
      > including the NativeContext's slots.
      >
      > Drive-by changes:
      > - Introduce a new header file to specify headers needed for
      >   generated CSA headers, to reduce the amount of includes specified
      >   in implementation-visitor.cc
      > - Port AllocateSyntheticFunctionContext to Torque.
      >
      > Bug: v8:7793
      > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#69249}
      
      Bug: v8:7793
      Change-Id: I1fe100d8d62e8220524eddb8ecc4faa85219748d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339462Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69264}
      6647f292
    • Jakob Gruber's avatar
      Revert "[torque] typed context slot access" · a55a2447
      Jakob Gruber authored
      This reverts commit 408e7240.
      
      Reason for revert: debug builds fail
      
      is_component_build = true
      is_debug = true
      use_goma = true
      v8_enable_backtrace = true
      v8_enable_debugging_features = true
      v8_enable_fast_mksnapshot = true
      v8_enable_slow_dchecks = true
      v8_enable_snapshot_code_comments = true
      v8_enable_verify_csa = true
      v8_optimized_debug = false
      v8_use_multi_snapshots = false
      
      # Fatal error in ../../src/compiler/backend/instruction-selector.cc, line 3088
      # Expected Turbofan static assert to hold, but got non-true input:
        static_assert(nativeContext == LoadNativeContext(context)) at src/builtins/promise-resolve.tq:45:5
      
      
      Original change's description:
      > [torque] typed context slot access
      > 
      > This introduces a new type Slot<ContextType, SlotType> that is used
      > for enum values used to access context slots.
      > Together with new types for the various custom contexts used in
      > Torque, this results in fairly type-safe access to context slots,
      > including the NativeContext's slots.
      > 
      > Drive-by changes:
      > - Introduce a new header file to specify headers needed for
      >   generated CSA headers, to reduce the amount of includes specified
      >   in implementation-visitor.cc
      > - Port AllocateSyntheticFunctionContext to Torque.
      > 
      > Bug: v8:7793
      > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#69249}
      
      TBR=tebbi@chromium.org,seth.brenith@microsoft.com
      
      Change-Id: I90c014022a808449aca4a9b9b3c3b8e036beb28e
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7793
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340903Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69256}
      a55a2447
  22. 05 Aug, 2020 2 commits
  23. 03 Aug, 2020 1 commit
  24. 30 Jul, 2020 1 commit
  25. 27 Jul, 2020 3 commits
  26. 23 Jul, 2020 1 commit