Skip to content

V
V8
Switch branch/tag
  1. 24 Oct, 2018 1 commit
  3. 23 Oct, 2018 2 commits
  5. 19 Oct, 2018 1 commit
  7. 11 Oct, 2018 1 commit
  9. 10 Oct, 2018 1 commit
  11. 09 Oct, 2018 1 commit
  13. 10 Sep, 2018 1 commit
    • Dan Elphick's avatar
      [embedded handlers] Store the handlers without gaps · 5a9f0556
      Dan Elphick authored 
      Previously the builtins table had a value for every single
OperandScale/Bytecode combination regardless of whether it was valid.
This change makes it so that only valid bytecode handlers are stored in
the builtins table. This prevents placeholders being serialized into the
snapshot (and embedded into the binary) saving 9KB in
CODE_SPACE/OLD_SPACE and 2.5KB in the embedded data as well as 66
entries in the builtins table.

To do this, it generates a new header file bytecodes-builtins-list.h
which is created from the BYTECODE_LIST and OPERAND_SCALE_LIST macros.
Since list macros cannot be used to conditionally generate elements in
the C-preprocessor, this is done by generator executable, compiled from
interpreter/generate-flat-headers.cc.

Additionally the generator creates the flat bytecode list so that it is
transposed from the previous result, i.e. the results are grouped by
bytecode and then operand scale rather than operand scale then bytecode.
This should give better locality for commonly used bytecodes and may
allow less commonly used ExtraWide bytecodes to never be mapped into
memory at all.

The cost to storing the handlers densely is that looking up a handler
now requires a binary search through the builtins table, but this should
only happen during debugging. It is also fixable at least for non-wide
handlers and could be improved for wide ones if the need arises.

Bug: v8:8068
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaad22a952e2858f508030c5ddc082f91bf59f667
Reviewed-on: https://chromium-review.googlesource.com/1209304
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55757}
      5a9f0556
  15. 07 Sep, 2018 1 commit
    • Ross McIlroy's avatar
      [Parser] Add support for Zone allocated ConsumedPreParsingScopeData. · 8da9dbbb
      Ross McIlroy authored 
      Adds support for zone allocated (off-heap) ConsumedPreParsingScopeData to
enable worker-thread access to PreParsingScopeData during parallel IIFE
compile tasks.

In order to avoid code-duplication, a templated
BaseConsumedPreParsingScopeData is added which implements the logic for
decoding the bytestream into scope data. Two implementations of this
base class are instantiated for each of the underlying serialized scope date:
  - ZoneConsumedPreParsedScopeData for exposing ZonePreParsedScopeData
  - OnHeapConsumedPreParsedScopeData for exposing on-heap PreParsedScopeData
The interface for each of these classes is the ConsumedPreParsingScopeData,
which exposes the methods required by the parser to deserialize the required
data.

As a side-cleanup, moved Ucs2CharLength and Utf8LengthHelper implementations
to cc file so that we don't get a linker error if one of them are unused by
the cc file including the header.


BUG=v8:8041

Change-Id: Id502312d32fe4a9ddb6f5d2d9d3e3a9d30b9b27d
Reviewed-on: https://chromium-review.googlesource.com/1199462
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarAdam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55711}
      8da9dbbb
  17. 05 Sep, 2018 1 commit
  19. 03 Sep, 2018 1 commit
  21. 25 Aug, 2018 1 commit
  23. 07 Aug, 2018 1 commit
    • Michael Starzinger's avatar
      [wasm] Support concurrent patching of jump table. · 7579b1e3
      Michael Starzinger authored 
      This adds initial support for concurrently patching jump table slots. It
is needed once different Isolates share code (for the --wasm-shared-code
feature). We need to ensure that instructions holding the target address
within a jump table slot do not cross cache-line boundaries. To do this,
the jump table has been split into consecutive pages.

Note that this also adds a stress test for multiple threads hammering at
a single slot concurrently. The test is currently limited to the ia32
and the x64 architecture, but will be extended to cover others. The test
reliably triggers tearing of the target address on almost every run of
the test and hence serves to prevent regressions.

R=clemensh@chromium.org
TEST=cctest/test-jump-table-assembler
BUG=v8:8018

Change-Id: Ife56bbb61ffcae5d8906ca7b8c604b195603707c
Reviewed-on: https://chromium-review.googlesource.com/1163664
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54942}
      7579b1e3
  25. 30 Jul, 2018 1 commit
  27. 26 Jul, 2018 1 commit
  29. 24 Jul, 2018 1 commit
    • Clemens Hammacher's avatar
      Reland "[turboassembler] Introduce hard-abort mode" · d324382e
      Clemens Hammacher authored 
      This is a reland of a462a785

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
      d324382e
  31. 20 Jul, 2018 2 commits
    • Sigurd Schneider's avatar
      Speculatively revert "[turboassembler] Introduce hard-abort mode" · 039c18e1
      Sigurd Schneider authored 
      This reverts commit a462a785.

Reason for revert: Breaks a TurboAssembler test:
https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Arm/7726

Original change's description:
> [turboassembler] Introduce hard-abort mode
> 
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
> 
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
> 
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
> 
> R=​mstarzinger@chromium.org
> 
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}

TBR=mstarzinger@chromium.org,clemensh@chromium.org

Change-Id: I60c011cfe262ccebbb9abf32699a9fe17e72a3c8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:863799
Reviewed-on: https://chromium-review.googlesource.com/1145431
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54597}
      039c18e1
    • Clemens Hammacher's avatar
      [turboassembler] Introduce hard-abort mode · a462a785
      Clemens Hammacher authored 
      For checks and assertions (mostly for debug code, like stack alignment
or zero extension), we had two modes: Emit a call to the {Abort}
runtime function (the default), and emit a debug break (used for
testing, enabled via --trap-on-abort).
In wasm, where we cannot just call a runtime function because code must
be isolate independent, we always used the trap-on-abort behaviour.
This causes problems for our fuzzers, which do not catch SIGTRAP, and
hence do not detect debug code failures.

This CL introduces a third mode ("hard abort"), which calls a C
function via {ExternalReference}. The C function still outputs the
abort reason, but does not print the stack trace. It then aborts via
"OS::Abort", just like the runtime function.
This will allow fuzzers to detect the crash and even find a nice error
message.

Even though this looks like a lot of code churn, it is actually not.
Most added lines are new tests, and other changes are minimal.

R=mstarzinger@chromium.org

Bug: chromium:863799
Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
Reviewed-on: https://chromium-review.googlesource.com/1142163
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54592}
      a462a785
  33. 13 Jul, 2018 1 commit
    • Michael Lippautz's avatar
      Revert "Reland "[heap] Added External Strings to external memory accounting."" · 71dddd14
      Michael Lippautz authored 
      This reverts commit 7bff339e.

Reason for revert: Breaks autoroll, see bug.

Bug: v8:7944

Original change's description:
> Reland "[heap] Added External Strings to external memory accounting."
> 
> This is a reland of 5863c0b6
> 
> Original change's description:
> > [heap] Added External Strings to external memory accounting.
> > 
> > Bug: chromium:845409
> > Change-Id: I3fe2b294f6e038d77787cf0870d244ba7cc20550
> > Reviewed-on: https://chromium-review.googlesource.com/1118164
> > Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
> > Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#54110}
> 
> Bug: chromium:845409
> Change-Id: Ied341ec6268000343d2a577b22f2a483460b01f5
> Reviewed-on: https://chromium-review.googlesource.com/1121736
> Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
> Reviewed-by: Peter Marshall <petermarshall@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54410}

TBR=ulan@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,petermarshall@chromium.org,rfbpb@google.com

Change-Id: Ie55586e84f44a2d83c7f97110d60abb86f0730c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:845409
Reviewed-on: https://chromium-review.googlesource.com/1136312Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54428}
      71dddd14
  35. 12 Jul, 2018 1 commit
  37. 05 Jul, 2018 2 commits
    • Michael Starzinger's avatar
      [wasm] First test for sharing the {WasmEngine}. · e2d7129f
      Michael Starzinger authored 
      This is a first set of test cases for sharing an {WasmEngine} and the
contained {WasmCode} between multiple Isolates. Currently this can only
be done using internal API methods on the Isolate, an external API that
is usable by embedders does not exist yet.

R=clemensh@chromium.org
TEST=cctest/test-wasm-shared-engine
BUG=v8:7424

Change-Id: I35541a76b5aceec4519e3a46e6a9ef4d01cad22b
Reviewed-on: https://chromium-review.googlesource.com/1126382Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54248}
      e2d7129f
    • Dan Elphick's avatar
      [explicit isolates] Make read-only root Heap accessors private · 59af0c3e
      Dan Elphick authored 
      Now that ReadOnlyRoots is used everywhere to access the read-only roots,
this makes the Heap accessors for such roots private.

It also adds tests that the roots reachable from ReadOnlyRoots are all
in RO_SPACE as well as tests that the roots still publicly accessible
from Heap are not in RO_SPACE. There's a white list in the file for
the few roots where the root pointer itself can change. (For instance
materialized_objects points to empty_fixed_array to start with before
before later pointing to a mutable array).

Also fixes up new use of heap->empty_fixed_array() in elements.cc added
since I cleaned it up.

Bug: v8:7786
Change-Id: I9ac7985c9f85910b5b22d2f9f559dfd04d43ed44
Reviewed-on: https://chromium-review.googlesource.com/1126252Reviewed-by: 's avatarHannes Payer <hpayer@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54240}
      59af0c3e
  39. 29 Jun, 2018 2 commits
  41. 21 Jun, 2018 3 commits
  43. 19 Jun, 2018 1 commit
  45. 05 Jun, 2018 1 commit
  47. 04 Jun, 2018 1 commit
  49. 13 May, 2018 1 commit
  51. 19 Apr, 2018 1 commit
  53. 09 Apr, 2018 1 commit
  55. 06 Apr, 2018 1 commit
  57. 04 Apr, 2018 2 commits
    • Ben Titzer's avatar
      Revert "[wasm] Merge the WasmContext into WasmInstanceObject" · 8adb94fc
      Ben Titzer authored 
      This reverts commit 57bf0bfe.

Reason for revert: <INSERT REASONING HERE>

Original change's description:
> [wasm] Merge the WasmContext into WasmInstanceObject
> 
> This change makes lifetime management of WasmCode much simpler.
> By using the WasmInstanceObject as the context for WASM code execution,
> including the pointer to the memory base and indirect function tables,
> this keeps the instance alive when WASM code is on the stack, since
> the instance object is passed as a parameter and spilled onto the stack.
> This is in preparation of sharing the code between instances and
> isolates.
> 
> Bug: v8:7424
> 
> Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
> Reviewed-on: https://chromium-review.googlesource.com/958520
> Commit-Queue: Ben Titzer <titzer@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#52361}

TBR=mstarzinger@chromium.org,titzer@chromium.org,ahaas@chromium.org,clemensh@chromium.org

Change-Id: I653e27b46dbc43ad773eda4292d521a508f42d79
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7424
Reviewed-on: https://chromium-review.googlesource.com/995418Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52364}
      8adb94fc
    • Ben L. Titzer's avatar
      [wasm] Merge the WasmContext into WasmInstanceObject · 57bf0bfe
      Ben L. Titzer authored 
      This change makes lifetime management of WasmCode much simpler.
By using the WasmInstanceObject as the context for WASM code execution,
including the pointer to the memory base and indirect function tables,
this keeps the instance alive when WASM code is on the stack, since
the instance object is passed as a parameter and spilled onto the stack.
This is in preparation of sharing the code between instances and
isolates.

Bug: v8:7424

Change-Id: Ic2e4b7bcc2feb20001d0553a615a8a9dff36317e
Reviewed-on: https://chromium-review.googlesource.com/958520
Commit-Queue: Ben Titzer <titzer@chromium.org>
Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52361}
      57bf0bfe
  59. 26 Mar, 2018 1 commit
  61. 19 Mar, 2018 1 commit
    • Georgia Kouveli's avatar
      [instruction scheduler] Fix issue with block terminators and deopts. · a33353a0
      Georgia Kouveli authored 
      Remove IsBlockTerminator and introduce InstructionScheduler::AddTerminator in
order to handle block terminator instructions.

Instead of the kBlockTerminator flags, we now rely on Instruction::IsTrap(),
Instruction::IsDeoptimizeCall() and explicitly denoting block terminators
when adding them with InstructionScheduler::AddTerminator().

IsBlockTerminator incorrectly included deopts when they were not at the end of
a block, which meant that an instruction with side effects could have been
reordered with respect to a deopt as the deopt was not identified correctly.

Since the snapshot does not contain deopts, this is not causing any problems
at the moment (the scheduler is only enabled on the snapshot).

Change-Id: I1c2dad748a9398a3355630d9a542f4ac89afaa42
Reviewed-on: https://chromium-review.googlesource.com/960501Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#52019}
      a33353a0
  63. 05 Mar, 2018 2 commits
    • Marja Hölttä's avatar
      Reland [in-place weak refs] Add in-place weak references & migrate one WeakCell to it. · 88062a2c
      Marja Hölttä authored 
      Implement in-place weak reference handling in GC.

Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
is the only in-place weak reference at this point).

(See bug for design doc.)

BUG=v8:7308
TBR=yangguo@chromium.org

Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I16d65dc768f10ed431252e23a0df07bee9063534
Reviewed-on: https://chromium-review.googlesource.com/948493
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51731}
      88062a2c
    • Sigurd Schneider's avatar
      Revert "[in-place weak refs] Add in-place weak references & migrate one WeakCell to it." · 73d6037c
      Sigurd Schneider authored 
      This reverts commit 07c1e641.

Reason for revert: Breaks TSAN build.

https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20TSAN/builds/19784

Original change's description:
> [in-place weak refs] Add in-place weak references & migrate one WeakCell to it.
> 
> Implement in-place weak reference handling in GC.
> 
> Turn FeedbackVector::optimized_code_or_smi into an in-place weak reference (this
> is the only in-place weak reference at this point).
> 
> (See bug for design doc.)
> 
> BUG=v8:7308
> 
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
> Change-Id: I0f9f992cb4ee0457c40b7c868317dfb607bfb906
> Reviewed-on: https://chromium-review.googlesource.com/873638
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#51722}

TBR=ulan@chromium.org,marja@chromium.org,yangguo@chromium.org,hpayer@chromium.org,mlippautz@chromium.org,ishell@chromium.org,bmeurer@chromium.org

Change-Id: I75a7dd99fbfd2f5922a6c4d2000bea2adfdeac11
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7308
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/948522Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51723}
      73d6037c