1. 06 Aug, 2020 16 commits
    • Leszek Swirski's avatar
      [runtime] Move string table off-heap · 1546be9c
      Leszek Swirski authored
      Changes the isolate's string table into an off-heap structure. This
      allows the string table to be resized without allocating on the V8 heap,
      and potentially triggering a GC. This allows existing strings to be
      inserted into the string table without requiring allocation.
      
      This has two important benefits:
      
        1) It allows the deserializer to insert strings directly into the
           string table, rather than having to defer string insertion until
           deserialization completes.
      
        2) It simplifies the concurrent string table lookup to allow resizing
           the table inside the write lock, therefore eliminating the race
           where two concurrent lookups could both resize the table.
      
      The off-heap string table has the following properties:
      
        1) The general hashmap behaviour matches the HashTable, i.e. open
           addressing, power-of-two sized, quadratic probing. This could, of
           course, now be changed.
      
        2) The empty and deleted sentinels are changed to Smi 0 and 1,
           respectively, to make those comparisons a bit cheaper and not
           require roots access.
      
        3) When the HashTable is resized, the old elements array is kept
           alive in a linked list of previous arrays, so that concurrent
           lookups don't lose the data they're accessing. This linked list
           is cleared by the GC, as then we know that all threads are in
           a safepoint.
      
        4) The GC treats the hash table entries as weak roots, and only walks
           them for non-live reference clearing and for evacuation.
      
        5) Since there is no longer a FixedArray to serialize for the startup
           snapshot, there is now a custom serialization of the string table,
           and the string table root is considered unserializable during weak
           root iteration. As a bonus, the custom serialization is more
           efficient, as it skips non-string entries.
      
      As a drive-by, rename LookupStringExists_NoAllocate to
      TryStringToIndexOrLookupExisting, to make it clearer that it returns
      a non-string for the case when the string is an array index. As another
      drive-by, extract StringSet into a separate header.
      
      Bug: v8:10729
      Change-Id: I9c990fb2d74d1fe222920408670974a70e969bca
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339104
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69270}
      1546be9c
    • Georg Neis's avatar
      Make VERIFY_HEAP-enabled verification depend on --verify-heap · 1a4b5ed9
      Georg Neis authored
      There were a few places where we would do such verification even
      without --verify-heap. The CL changes these to be in line with all
      the rest.
      
      Change-Id: Ia43708104c7d7818dc8d41d645a84f9b5e7446a8
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336796
      Auto-Submit: Georg Neis <neis@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Commit-Queue: Hannes Payer <hpayer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69269}
      1a4b5ed9
    • Omer Katz's avatar
      cppgc: Establish marking invariants · e072615c
      Omer Katz authored
      This is a revival of https://chromium-review.googlesource.com/c/v8/v8/+/2228332
      
      The CL establishes the following:
      *) Objects are marked before being pushed to the worklists.
      *) Live bytes are always accounted after tracing an object (i.e. move
         from Gray to Black below).
      *) Previously not fully constructed objects are traced immediately
         instead of pushed to the marking worklist.
      
      This establishes the following invariants for all marking worklists:
      1) White = !object.is_marked() && !worklist.contains(object)
      2) Gray = object.is_marked() && worklist.contains(object)
      3) Black = object.is_marked() && !worklist.contains(object)
      
      Bug: chromium:1056170
      Change-Id: I821573b3fbc057e6ffb836154271ff986ecb4d2b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336797Reviewed-by: 's avatarAnton Bikineev <bikineev@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Omer Katz <omerkatz@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69268}
      e072615c
    • Andreas Haas's avatar
      [wasm] Check size of tables dynamically · 47434265
      Andreas Haas authored
      We used to check the size of tables at compile time, and threw a
      CompilationError if a given size exceeded the implementation-defined
      limit. However, the spec defines that an error should only be thrown
      when the implementation-defined limit is reached, which is either at
      instantiation time of during runtime at a table.grow.
      
      With this CL the V8 implementation becomes spec compliant in this
      regard.
      
      R=jkummerow@chromium.org
      
      Bug: v8:10556
      Change-Id: I7d0e688b385a65e4060a569e5ab1dec68947ceea
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2326331
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69267}
      47434265
    • Marja Hölttä's avatar
      [Atomics.waitAsync] More fixes to timeout handling · fd9c0d12
      Marja Hölttä authored
      Bug: v8:10239, v8:10775
      Change-Id: I0189dd8a71ef82d7c863f26511790a1ca426f72d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340906Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Marja Hölttä <marja@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69266}
      fd9c0d12
    • Clemens Backes's avatar
      [platform] Use more tasks for jobs · 044ddd31
      Clemens Backes authored
      Wasm recently switched from spawning a number of background tasks for
      compilation to just using a single job (via the pretty new
      {Platform::PostJob} API). This caused major regressions in several
      benchmarks running in d8, because the {DefaultPlatform} is only using
      half of the available worker threads for executing jobs with "user
      visible" priority.
      
      This CL changes this to use all available worker threads for "user
      blocking" or "user visible" jobs, and two threads for "best effort"
      jobs. The limit of two threads for best effort is identical to what
      chromium does with best effort *tasks*. For user blocking and user
      visible, chromium does not impose any limit, so we also remove the
      limitation to half of the threads from d8.
      
      Drive-by: Use {NewDefaultJobHandle} for constructing {DefaultJobHandle}.
      
      R=mlippautz@chromium.org
      CC=ahaas@chromium.org, gab@chromium.org, etiennep@chromium.org
      
      Bug: chromium:1113234, chromium:1101340
      Change-Id: I9280e649a1cf3832c562ff7251e8bda0103af111
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339481Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
      Commit-Queue: Hannes Payer <hpayer@chromium.org>
      Auto-Submit: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69265}
      044ddd31
    • Tobias Tebbi's avatar
      Reland "[torque] typed context slot access" · 6647f292
      Tobias Tebbi authored
      This is a reland of 408e7240
      Change: Allow CSA load elimination accross code comments
      
      Original change's description:
      > [torque] typed context slot access
      >
      > This introduces a new type Slot<ContextType, SlotType> that is used
      > for enum values used to access context slots.
      > Together with new types for the various custom contexts used in
      > Torque, this results in fairly type-safe access to context slots,
      > including the NativeContext's slots.
      >
      > Drive-by changes:
      > - Introduce a new header file to specify headers needed for
      >   generated CSA headers, to reduce the amount of includes specified
      >   in implementation-visitor.cc
      > - Port AllocateSyntheticFunctionContext to Torque.
      >
      > Bug: v8:7793
      > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#69249}
      
      Bug: v8:7793
      Change-Id: I1fe100d8d62e8220524eddb8ecc4faa85219748d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339462Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69264}
      6647f292
    • Zeynep Cankara's avatar
      [tools][system-analyzer] Sync Timeline Track Scrolling · 54fd0626
      Zeynep Cankara authored
      This CL sync the timeline-tracks positions
      upon receiving a horizontal scrolling event.
      
      Bug: v8:10644
      
      Change-Id: I69bc1066a3f5da6ddc978ad71fe77820df8066bd
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2336806
      Commit-Queue: Zeynep Cankara <zcankara@google.com>
      Reviewed-by: 's avatarCamillo Bruni <cbruni@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69263}
      54fd0626
    • Jakob Gruber's avatar
      [nci] Allow OSR to NCI code in testing modes · febd37b1
      Jakob Gruber authored
      In the --turbo-nci-as-highest-tier testing mode, allow NCI codegen for
      OSR to increase coverage and simplify logic.
      
      Bug: v8:8888
      Change-Id: I254939928f92bf675dbf2b78cdd5b5dce802d972
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339460
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69262}
      febd37b1
    • Dominik Inführ's avatar
      Revert "[heap] Add safepoints in Heap GC methods" · 850739bb
      Dominik Inführ authored
      This reverts commit 1742d256.
      
      Reason for revert: Longer safepoint can cause deadlocks with global handles.
      
      Original change's description:
      > [heap] Add safepoints in Heap GC methods
      > 
      > Add safepoints to GC methods in Heap. There is still stuff in
      > Heap::CollectGarbage which might work better or more precise in a global
      > safepoint. Be conservative here and move everything into the safepoint,
      > eventually we can start to move code out that is fine to run outside
      > the safepoint.
      > 
      > Bug: v8:10315
      > Change-Id: I656dfd72f032eff6f386cec63a02777506650aa7
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335192
      > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#69228}
      
      TBR=ulan@chromium.org,dinfuehr@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: v8:10315
      Change-Id: Idaf575911b34674c16d46b41c2ebee9f56dbac6d
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2339617Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69261}
      850739bb
    • Clemens Backes's avatar
      [wasm] Remove ExecutionTier::kInterpreter · 0c918bd8
      Clemens Backes authored
      The interpreter is not an execution tier in production any more. It's
      only used in tests.
      Thus, remove {ExecutionTier::kInterpreter} and instead add a
      {TestExecutionTier} that still has {kInterpreter}.
      
      If needed (in {TestingModuleBuilder::execution_tier()}), we translate
      back from {TestExecutionTier} to {ExecutionTier} (for {kLiftoff} and
      {kTurboFan} only).
      
      The {TraceMemoryOperation} method, which is shared between interpreter
      and production code, now receives a {base::Optional<ExecutionTier>}, and
      we will just pass en empty optional if called from the interpreter.
      
      R=thibaudm@chromium.org
      
      Bug: v8:10389
      Change-Id: Ibe133b91e8dca6d6edbfaee5ffa0d7fe72ed6d64
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335186Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69260}
      0c918bd8
    • Marja Hölttä's avatar
      [Atomics.waitAsync] Fix removing multiple nodes when Isolate deinits · 28ead054
      Marja Hölttä authored
      RemoveNode already nullifies the next_ pointer of FutexWaitListNode,
      and DeleteAsyncNode was trying to retrieve it.
      
      Bug: v8:10239
      Change-Id: I595885de87f433d263eeacfc825a689efd467f5e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2332812
      Commit-Queue: Marja Hölttä <marja@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarShu-yu Guo <syg@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69259}
      28ead054
    • Anna Henningsen's avatar
      [api] Fix empty Maybe crash in GetRealNamedPropertyAttributes · e06ace6b
      Anna Henningsen authored
      `Object::GetRealNamedPropertyAttributes()` can crash if an empty
      `Maybe` is returned by `JSReceiver::GetPropertyAttributes()` because
      it was not checking for that. Fix that.
      
      Refs: https://github.com/nodejs/node/issues/34606
      Change-Id: Ic83f904ba7134786bcd8f786eb2ce98adb4fea1e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335057
      Commit-Queue: Leszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69258}
      e06ace6b
    • Marja Hölttä's avatar
      [Atomics.waitAsync] Fix: mark timeout task as cancelled properly · 6315167f
      Marja Hölttä authored
      Bug: v8:10239, v8:10775
      Change-Id: Ic12f9da7f8bb10f83c9e3c00f39a26412e058943
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340904Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
      Commit-Queue: Marja Hölttä <marja@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69257}
      6315167f
    • Jakob Gruber's avatar
      Revert "[torque] typed context slot access" · a55a2447
      Jakob Gruber authored
      This reverts commit 408e7240.
      
      Reason for revert: debug builds fail
      
      is_component_build = true
      is_debug = true
      use_goma = true
      v8_enable_backtrace = true
      v8_enable_debugging_features = true
      v8_enable_fast_mksnapshot = true
      v8_enable_slow_dchecks = true
      v8_enable_snapshot_code_comments = true
      v8_enable_verify_csa = true
      v8_optimized_debug = false
      v8_use_multi_snapshots = false
      
      # Fatal error in ../../src/compiler/backend/instruction-selector.cc, line 3088
      # Expected Turbofan static assert to hold, but got non-true input:
        static_assert(nativeContext == LoadNativeContext(context)) at src/builtins/promise-resolve.tq:45:5
      
      
      Original change's description:
      > [torque] typed context slot access
      > 
      > This introduces a new type Slot<ContextType, SlotType> that is used
      > for enum values used to access context slots.
      > Together with new types for the various custom contexts used in
      > Torque, this results in fairly type-safe access to context slots,
      > including the NativeContext's slots.
      > 
      > Drive-by changes:
      > - Introduce a new header file to specify headers needed for
      >   generated CSA headers, to reduce the amount of includes specified
      >   in implementation-visitor.cc
      > - Port AllocateSyntheticFunctionContext to Torque.
      > 
      > Bug: v8:7793
      > Change-Id: I509a128916ca408eeeb636a9bcc376b2cc868532
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335064
      > Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
      > Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
      > Cr-Commit-Position: refs/heads/master@{#69249}
      
      TBR=tebbi@chromium.org,seth.brenith@microsoft.com
      
      Change-Id: I90c014022a808449aca4a9b9b3c3b8e036beb28e
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7793
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340903Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69256}
      a55a2447
    • Michael Achenbach's avatar
      Revert "Override _runner_flags for num_fuzzer.py" · fe850a80
      Michael Achenbach authored
      This reverts commit 3927c9c4.
      
      Reason for revert:
      https://ci.chromium.org/p/v8/builders/ci/V8%20NumFuzz%20-%20debug/10732
      
      Original change's description:
      > Override _runner_flags for num_fuzzer.py
      > 
      > This CL ensures that we add the
      > '--fuzzing' flag to the num_fuzzer script.
      > Please note that NumFuzzer does not inherit the
      > StandardTestRunner class but it inherits
      > BaseTestRunner so we had to override _runner_flags.
      > 
      > Bug: v8:10755
      > Change-Id: Ifb779ba402106b8f2ce4d0e13090ef2db468a6ae
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2335185
      > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
      > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
      > Reviewed-by: Liviu Rau <liviurau@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#69241}
      
      TBR=machenbach@chromium.org,liviurau@chromium.org,almuthanna@chromium.org
      
      Change-Id: Ie39fb87a0e53c5cbbc276f8efb6e4a89ce44bb74
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:10755
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2340902Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69255}
      fe850a80
  2. 05 Aug, 2020 19 commits
  3. 04 Aug, 2020 5 commits