Skip to content

V
V8
Switch branch/tag
  1. 29 Jun, 2016 31 commits
  3. 28 Jun, 2016 9 commits
    • bradnelson's avatar
      [wasm] Making compare and conditionals more correct. · e42983d1
      bradnelson authored 
      Comparisons were allowing asm 'int' values in places
that require strict 'signed' or 'unsigned' but not both.

Fixes crash when these make it to asm-wasm.

BUG=599413
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2106683003
Cr-Commit-Position: refs/heads/master@{#37353}
      e42983d1
    • mtrofin's avatar
      Revert "Revert "[wasm] Complete separation of compilation and instantiation"" · 9d6014ad
      mtrofin authored 
      This reverts commit 1eb1dfab.

The original compilation separation change avoided associating a heap
for the wasm instance if memory was not provided, nor needed. The
grow memory CL assumed the old behavior, where a memory buffer was
always present, but may have had a zero size.

The 2CLS  landed shortly after one another. We decided to treat the
grow memory as the race condition winner, so this CL here re-lands
compilation separation, plus adjusts grow memory to deal with
the undefined mem buffer.

BUG=

Review-Url: https://codereview.chromium.org/2102193003
Cr-Commit-Position: refs/heads/master@{#37352}
      9d6014ad
    • mtrofin's avatar
      Revert "[wasm] Complete separation of compilation and instantiation" · 1eb1dfab
      mtrofin authored 
      This reverts commit 0c7ee927.

BUG=

Review-Url: https://codereview.chromium.org/2103983003
Cr-Commit-Position: refs/heads/master@{#37351}
      1eb1dfab
    • bradnelson's avatar
      [wasm] Forbid sign mismatch in asm typer. · c5856779
      bradnelson authored 
      asm.js forbids mixing signed and unsigned % or /.
We had been allowing these.

Fixes crash.

BUG=618602
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2107683002
Cr-Commit-Position: refs/heads/master@{#37350}
      c5856779
    • bradnelson's avatar
      [wasm] Require wasm explicit asm instantiation to be of a function. · 58920e04
      bradnelson authored 
      We were not checking that the string passed to instantiateFromAsm
contains a function declaration (any declaration was allowed).

Fixes crash.

BUG=620649
BUG=v8:4203
R=aseemgarg@chromium.org

Review-Url: https://codereview.chromium.org/2109533002
Cr-Commit-Position: refs/heads/master@{#37349}
      58920e04
    • mtrofin's avatar
      [wasm] Complete separation of compilation and instantiation · 0c7ee927
      mtrofin authored 
      Support for serializing/deserializing the compiled wasm module.

We want to reuse the javascript snapshotting mechanics, at least in the
short term, when we still use the JS heap for the compiled wasm code.
Given that a module may be compiled in one v8 instance and then
instantiated later, in a different instance, whatever information we need
at instantiation time must also be serializable.

We currently hold on to the un-decoded wasm bytes, for enabling
debugging scenarios. This imposes a ~20% penalty on the memory
requirements of the wasm compiled code. We do not need this data
otherwise, for runtime, and it is sensible to consider eventually loading it
on demand. Therefore, I intentionally avoided relying on it and re-
decoding the wasm module data, and instead saved the information
necessary to support instantiation.

Given how whatever we need to persist must be serializable, the CL
uses a structure made out of serializable objects (fixed arrays mostly)
for storing this information. I preferred going this route rather than
adding more wasm-specific support to the serializer, given that we want
to eventually move off the JS heap, and therefore the serializer.

Additionally, it turns out this extra information is relatively not complex:
minimal structure, little nesting depth, mostly simple data like numbers
or byte blobs, or opaque data like compiled functions.

This CL also moves export compilation ahead of instantiation time.

This change added a helper getter to FixedArray, to make typed retrieval
of elements easier.

BUG=

Review-Url: https://codereview.chromium.org/2094563002
Cr-Commit-Position: refs/heads/master@{#37348}
      0c7ee927
    • hpayer's avatar
      Revert of [heap] Reland uncommit unused large object page memory. (patchset #1... · f99f6333
      hpayer authored 
      Revert of [heap] Reland uncommit unused large object page memory. (patchset #1 id:1 of https://codereview.chromium.org/2101383002/ )

Reason for revert:
Crashes unbox-double-arrays

Original issue's description:
> [heap] Reland uncommit unused large object page memory.
>
> BUG=
>
> Committed: https://crrev.com/dd0ee5fd11653ba41a292641ccd66ae7cc5a8398
> Cr-Commit-Position: refs/heads/master@{#37341}

TBR=ulan@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=

Review-Url: https://codereview.chromium.org/2106933003
Cr-Commit-Position: refs/heads/master@{#37347}
      f99f6333
    • bjaideep's avatar
      PPC/s390: Reland [heap] Avoid the use of cells to point from code to new-space objects. · 85cebe73
      bjaideep authored 
      Port 5e058540

Original commit message:

    The reason for reverting is: This breaks gc-stress bot:
    https://chromegw.corp.google.com/i/client.v8/builders/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot

    Abortion of compaction could cause duplicate entries in the typed-old-to-new remembered set.
    These duplicates could cause a DCHECK to trigger which checks that slots recorded in the
    remembered set never point to to-space. This reland-CL allows duplicates in the remembered
    set by removing the DCHECK, and additionally clears entries in the remembered set if objects are moved.

    Original issue's description:

    Cells were needed originally because there was no typed remembered set to
    record direct pointers from code space to new space. A previous
    CL (https://codereview.chromium.org/2003553002/) already introduced
    the remembered set, this CL uses it.

    This CL
    * stores direct pointers in code objects, even if the target is in new space,
    * records the slot of the pointer in typed-old-to-new remembered set,
    * adds a list which stores weak code-to-new-space references,
    * adds a test to test-heap.cc for weak code-to-new-space references,
    * removes prints in tail-call-megatest.js

R=ahaas@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com, mbrandy@us.ibm.com

BUG=
LOG=N

Review-Url: https://codereview.chromium.org/2108673003
Cr-Commit-Position: refs/heads/master@{#37346}
      85cebe73
    • epertoso's avatar
      [ia32] Fixes a bug in cmpw. · 588e15c0
      epertoso authored 
      The opcodes for 'cmpw r/m16, r16' and 'cmpw r16, r/m16' were swapped, causing a few issues when less than/greater than comparison were performed.

Adds a regression test.

BUG=621926

Committed: https://crrev.com/efa7095e3e360fbadbe909d831ac11b268ca26b0
Review-Url: https://codereview.chromium.org/2103713003
Cr-Original-Commit-Position: refs/heads/master@{#37339}
Cr-Commit-Position: refs/heads/master@{#37345}
      588e15c0