Skip to content

V
V8
Switch branch/tag
  1. 31 Jul, 2019 14 commits
    • Francis McCabe's avatar
      Revert ""Reland x3 [arraybuffer] Rearchitect backing store ownership"" · 195679de
      Francis McCabe authored 
      This reverts commit df8e6177.

Reason for revert: Multiple flakes in apparently related areas:

https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8906409837768155568/+/steps/Check__flakes_/0/logs/BackingStoreTest.RacyGrowWasmMem.../0

Original change's description:
> "Reland x3 [arraybuffer] Rearchitect backing store ownership"
> 
> This is a reland of bc33f5ae
> 
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
> 
> R=​mlippautz@chromium.org
> BUG=v8:9380,v8:9221,chromium:986318
> TBR=ulan@chromium.org
> 
> Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191
> Reviewed-by: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63007}

TBR=mstarzinger@chromium.org,titzer@chromium.org,mlippautz@chromium.org

Change-Id: If0266e5893b1325a332d5986337fa7ece2cb6943
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9380, v8:9221, chromium:986318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1729549Reviewed-by: 's avatarFrancis McCabe <fgm@chromium.org>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63011}
      195679de
    • Clemens Hammacher's avatar
      Skip broken test on TSan · a48f88ec
      Clemens Hammacher authored 
      R=ulan@chromium.org

Bug: v8:9380
No-Try: true
Change-Id: I319bbc607a738d78cb797691bcfcb9484f416324
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728619
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63010}
      a48f88ec
    • Seth Brenith's avatar
      Reland "[regexp] Better quick checks on loop entry nodes" · bea0ffd0
      Seth Brenith authored 
      This is a reland of 4b15b984

Updates since original: fix an arithmetic overflow bug, remove an invalid
DCHECK, add a unit test that would trigger that DCHECK.

Original change's description:
> [regexp] Better quick checks on loop entry nodes
>
> Like the predecessor change https://crrev.com/c/v8/v8/+/1702125 , this
> change is inspired by attempting to exit earlier from generated RegExp
> code, when no further matches are possible because any match would be
> too long. The motivating example this time is the following expression,
> which tests whether a string of Unicode playing cards has five of the
> same suit in a row:
>
> /([🂡-🂮]{5})|([🂱-🂾]{5})|([🃁-🃎]{5})|([🃑-🃞]{5})/u
>
> A human reading this expression can readily see that any match requires
> at least 10 characters (5 surrogate pairs), but the LoopChoiceNode for
> each repeated option reports its minimum distance to the end of a match
> as zero. This is correct, because the LoopChoiceNode's behavior depends
> on additional state (the loop counter). However, the preceding node, a
> SET_REGISTER action that initializes the loop counter, could confidently
> state that it consumes at least 10 characters. Furthermore, when we try
> to emit a quick check for that action, we could follow only paths from
> the LoopChoiceNode that are possible based on the minimum iteration
> count. This change implements both of those "could"s.
>
> I expect this improvement to apply pretty broadly to expressions that
> use minimum repetition counts and that don't meet the criteria for
> unrolling. In this particular case, I get about 12% improvement on the
> overall UniPoker test, due to reducing the execution time of this
> expression by 85% and the execution time of another similar expression
> that checks for n-of-a-kind by 20%.
>
> Bug: v8:9305
>
> Change-Id: I319e381743967bdf83324be75bae943fbb5dd496
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1704941
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62963}

Bug: v8:9305
Change-Id: I992070d383009013881bf778242254c27134b650
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726674Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63009}
      bea0ffd0
    • Seth Brenith's avatar
      Reland "Add postmortem debugging helper library" · 0921e8f2
      Seth Brenith authored 
      This is a reland of 517ab73f

Updates since original: now compressed pointers passed to the function
GetObjectProperties are required to be sign-extended. Previously, the
function allowed zero-extended values, but that led to ambiguity on
pointers like 0x88044919: is it compressed or is the heap range actually
centered on 0x100000000?

Original change's description:
> Add postmortem debugging helper library
>
> This change begins to implement the functionality described in
> https://docs.google.com/document/d/1evHnb1uLlSbvHAAsmOXyc25x3uh1DjgNa8u1RHvwVhk/edit#
> for investigating V8 state in crash dumps.
>
> This change adds a new library, v8_debug_helper, for providing platform-
> agnostic assistance with postmortem debugging. This library can be used
> by extensions built for debuggers such as WinDbg or lldb. Its public API
> is described by debug-helper.h; currently the only method it exposes is
> GetObjectProperties, but we'd like to add more functionality over time.
> The API surface is restricted to plain C-style structs and pointers, so
> that it's easy to link from a debugger extension built with a different
> toolchain.
>
> This change also adds a new cctest file to exercise some basic
> interaction with the new library.
>
> The API function GetObjectProperties takes an object pointer (which
> could be compressed, or weak, or a SMI), and returns a string
> description of the object and a list of properties the object contains.
> For now, the list of properties is entirely based on Torque object
> definitions, but we expect to add custom properties in future updates so
> that it can be easier to make sense of complex data structures such as
> dictionaries.
>
> GetObjectProperties does several things that are intended to generate
> somewhat useful results even in cases where memory may be corrupt or
> unavailable:
> - The caller may optionally provide a type string which will be used if
>   the memory for the object's Map is inaccessible.
> - All object pointers are compared against the list of known objects
>   generated by mkgrokdump. The caller may optionally provide the
>   pointers for the first pages of various heap spaces, to avoid spurious
>   matches. If those pointers are not provided, then any matches are
>   prefixed with "maybe" in the resulting description string, such as
>   "maybe UndefinedValue (0x4288000341 <Oddball>)".
>
> Bug: v8:9376
>
> Change-Id: Iebf3cc2dea3133c7811bcefcdf38d9458b02fded
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1628012
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Michael Stanton <mvstanton@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#62882}

Bug: v8:9376
Change-Id: I866a1cc9d4c34bfe10c7b98462451fe69763cf3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1717090Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
Reviewed-by: 's avatarMichael Stanton <mvstanton@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#63008}
      0921e8f2
    • Ben L. Titzer's avatar
      "Reland x3 [arraybuffer] Rearchitect backing store ownership" · df8e6177
      Ben L. Titzer authored 
      This is a reland of bc33f5ae

Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.

R=mlippautz@chromium.org
BUG=v8:9380,v8:9221,chromium:986318
TBR=ulan@chromium.org

Change-Id: I6c49e2425029b5664ef1c68dab8b5146f4ed0ff2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1719191Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63007}
      df8e6177
    • Milad Farazmand's avatar
      PPC/s390: [deoptimizer, cleanup] Don't store values of single precision fp registers · 9ed91576
      Milad Farazmand authored 
      Port 556e4859

Original Commit Message:

    Instead of storing the values of the single precision floating point registers,
    get their values from the aliased double precision registers.

    This saves, on arm64, 184 bytes per deoptimisation kind function (552 in total)
    and 128 bytes in the RegisterValues class.

R=joey.gouly@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N

Change-Id: If38a721cfaefb7980902f4f963119cb88061e342
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726857Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63006}
      9ed91576
    • Georg Schmid's avatar
      [torque] Generalize type argument inference for generic calls · d4e65258
      Georg Schmid authored 
      With the arrival of generic structs (https://chromium-review.googlesource.com/c/v8/v8/+/1714868) the existing type inference procedure for generic calls became incomplete, since it could not infer types that were only constrained as part of generic types. For instance, given

  struct Box<T: Type> { ... }

  macro unbox<T: type>(box: Box<T>): T

the type argument (Smi) at the following call site

  const box: Box<Smi> = ...;
  unbox(box);

could not be inferred.

This CL re-implements the inference procedure and documents the semantics of type argument inference in Torque a bit more clearly.

R=tebbi@chromium.org

Change-Id: I868f16afbd9864b9c810ac49bc1639b467df939c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1720812
Commit-Queue: Georg Schmid <gsps@google.com>
Reviewed-by: 's avatarTobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63005}
      d4e65258
    • Dan Elphick's avatar
      [cleanup] Remove redundant static modifiers · 3a1bb751
      Dan Elphick authored 
      Removes static modifier from global inline functions defined in
globals.h.

R=rmcilroy@chromium.org

Bug: v8:9396
Change-Id: Ieacbcbf592d219fb50ab2d23dfbaba27246fb7ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728610Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63004}
      3a1bb751
    • Michael Achenbach's avatar
      Whitespace change to trigger bots · f3764354
      Michael Achenbach authored 
      Change-Id: Ica3d8ca233278e50e390aad37138942d23b5b8b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728612Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63003}
      f3764354
    • Tom Tan's avatar
      Unwind V8 frames correctly on Windows ARM64 · 3f1f001a
      Tom Tan authored 
      On Windows ARM64, OS stack walking does not work because the V8 ARM64 backend
doesn't emit unwinding info and also because it doesn't emit ABI compliant
stack frames. This was fixed for Windows X64 (https://crrev.com/c/1469329) and
documented below:

https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0

This problem can be fixed similarly for Windows ARM64 by observing that V8
frames usually all have the same prolog which maintains a chain via frame
pointer (fp or x29 register).

stp fp, lr, [sp, ...]

One exception is JSEntry which stops fp pointer chain and needs to be handled
specially.

So it is possible to define XDATA with UNWIND_CODE which specify how Windows
should walk through V8 dynamic frames. The same as X64, since V8 Code objects
are all allocated in the same code-range for an Isolate, it is possible to
register at most 2 XDATA and a group of PDATA entries to cover stack walking
for all the code generated inside that code-range. This is more than 1
PDATA/XDATA because according to the Windows ARM64 exeption handling document,
1 PDATA can cover less than 1MB code range (see below doc).

https://docs.microsoft.com/en-us/cpp/build/arm64-exception-handling

This PR implements stackwalk for Windows ARM64 to be on par with X64, including
embedded builtins, jitted code and wasm jitted code, but not including register
handler for handling exception only, because there is no backward compatibility
to maintain for Windows ARM64 which was released since 1709 windows build.

Bug: chromium:893460
Change-Id: Ic74cbdad8af5cf342185030a4c53796f12ea5429
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701133Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63002}
      3f1f001a
    • v8-ci-autoroll-builder's avatar
      Update wasm-spec. · 84748f5b
      v8-ci-autoroll-builder authored 
      Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/b0c936c..a221f25

[spec] Upgrade to IEEE 754-2019 (#1050) (Andreas Rossberg)
https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/a221f25

TBR=ahaas@chromium.org,clemensh@chromium.org

Change-Id: Id90c6e3228c4e5943e8bb49bc82fd4a9b01c424f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726578Reviewed-by: 's avatarv8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63001}
      84748f5b
    • v8-ci-autoroll-builder's avatar
      Update V8 DEPS. · b22be3ce
      v8-ci-autoroll-builder authored 
      Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/a9a0d9b..496479d

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ff7e2eb..2568b37

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/57e1363..8215b08

TBR=machenbach@chromium.org,tmrts@chromium.org

Change-Id: I54127742991c381ebbac0e8688f7dafe50621ac2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726577Reviewed-by: 's avatarv8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#63000}
      b22be3ce
    • Joran Siu's avatar
      S390: Guard auvx.h include with V8_HOST_ARCH_S390 · 775148b8
      Joran Siu authored 
      The s390 port uses the auxvector APIs to detect hardware/OS
support for various z/Architecture features.  These checks
only make sense if we are running native, non-simulator mode.

Moving the include<auxv.h> under V8_HOST_ARCH_S390 enables
compilation of s390 simulation on platforms that do not have auxv.h
header available.

R=miladfar@ca.ibm.com,jyan@ca.ibm.com

Change-Id: I685681a4f8786509beb181d8ae63876b3a4235b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726844Reviewed-by: 's avatarMilad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#62999}
      775148b8
    • Yu Yin's avatar
      [mips][deoptimizer][cleanup] Don't store values of single precision fp registers · c2f18318
      Yu Yin authored 
      port 556e4859 https://crrev.com/c/1669687

Original Commit Message:

    Instead of storing the values of the single precision floating point registers,
    get their values from the aliased double precision registers.

    This saves, on arm64, 184 bytes per deoptimisation kind function (552 in total)
    and 128 bytes in the RegisterValues class.

Change-Id: Ic178de717d27a63b3f510b3a93e8f33a1730dc8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725669Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#62998}
      c2f18318
  3. 30 Jul, 2019 26 commits