1. 13 Sep, 2018 3 commits
  2. 20 Aug, 2018 1 commit
  3. 13 Aug, 2018 1 commit
  4. 07 Aug, 2018 1 commit
    • Michael Starzinger's avatar
      [wasm] Support concurrent patching of jump table. · 7579b1e3
      Michael Starzinger authored
      This adds initial support for concurrently patching jump table slots. It
      is needed once different Isolates share code (for the --wasm-shared-code
      feature). We need to ensure that instructions holding the target address
      within a jump table slot do not cross cache-line boundaries. To do this,
      the jump table has been split into consecutive pages.
      
      Note that this also adds a stress test for multiple threads hammering at
      a single slot concurrently. The test is currently limited to the ia32
      and the x64 architecture, but will be extended to cover others. The test
      reliably triggers tearing of the target address on almost every run of
      the test and hence serves to prevent regressions.
      
      R=clemensh@chromium.org
      TEST=cctest/test-jump-table-assembler
      BUG=v8:8018
      
      Change-Id: Ife56bbb61ffcae5d8906ca7b8c604b195603707c
      Reviewed-on: https://chromium-review.googlesource.com/1163664
      Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54942}
      7579b1e3
  5. 02 Aug, 2018 1 commit
    • Ben L. Titzer's avatar
      [cleanup] Remove redundant wasm:: namespace prefixes · 99de47f1
      Ben L. Titzer authored
      The wasm/ directory is inconsistent in many places, often within the
      same file. For all code that exists in a v8::internal::wasm namespace,
      this CL removes any wasm:: qualifiers, which is especially helpful
      since most types are already Wasm-named, such as WasmCode, WasmModule,
      etc. Namespace qualifiers are redundant inside the wasm:: namespace and
      thus go against the main point of using namespaces. Removing the
      qualifiers for non Wasm-named classes also makes the code somewhat more
      future-proof, should we move some things that are not really WASM-specific
      (such as ErrorThrower and Decoder) into a higher namespace.
      
      R=clemensh@chromium.org,mstarzinger@chromium.org
      
      Change-Id: Ibff3e1e93c64c12dcb53c46c03d1bfb2fb0b7586
      Reviewed-on: https://chromium-review.googlesource.com/1160232
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54862}
      99de47f1
  6. 31 Jul, 2018 1 commit
    • Andreas Haas's avatar
      [wasm] Add estimate size for the WasmInterpreter · bfbaefd8
      Andreas Haas authored
      The lifetime of the WasmInterpreter is managed by the GC. However, we
      did not tell the GC the amount of memory consumed by the interpreter.
      Therefore it was possible to fill up memory with instances of the
      interpreter without triggering a GC to free memory. With this CL we pass
      the size of the stack as an estimate for the size of the interpreter. At
      least in the fuzzer the stack is the dominating factor for memory
      consumption.
      
      R=clemensh@chromium.org
      
      Bug: chromium:863198
      Change-Id: Ic5cb0bd364500bcff793a1fd53d2d0113196dfe2
      Reviewed-on: https://chromium-review.googlesource.com/1156385Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Andreas Haas <ahaas@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#54810}
      bfbaefd8
  7. 12 Jul, 2018 1 commit
  8. 05 Jul, 2018 2 commits
  9. 28 Jun, 2018 1 commit
  10. 23 Jun, 2018 1 commit
  11. 22 Jun, 2018 1 commit
  12. 20 Jun, 2018 1 commit
  13. 19 Jun, 2018 2 commits
    • Clemens Hammacher's avatar
      Reland "[wasm] Introduce jump table" · 5f56641b
      Clemens Hammacher authored
      This is a reland of 733b7c82.
      The arm64 bug was fixed in https://crrev.com/c/1105051.
      
      Original change's description:
      > [wasm] Introduce jump table
      >
      > This introduces the concept of a jump table for WebAssembly, which is
      > used for every direct and indirect call to any WebAssembly function.
      > For lazy compilation, it will initially contain code to call the
      > WasmCompileLazy builtin, where it passes the function index to be
      > called.
      > For non-lazy-compilation, it will contain a jump to the actual code.
      > The jump table allows to easily redirect functions for lazy
      > compilation, tier-up, debugging and (in the future) code aging. After
      > this CL, we will not need to patch existing code any more for any of
      > these operations.
      >
      > R=mstarzinger@chromium.org, titzer@chromium.org
      >
      > Bug: v8:7758
      > Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
      > Reviewed-on: https://chromium-review.googlesource.com/1097075
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#53805}
      
      TBR=titzer@chromium.org,mstarzinger@chromium.org
      
      Bug: v8:7758
      Change-Id: I68555230c6db97e70f0b8fef784188f55ee04794
      Reviewed-on: https://chromium-review.googlesource.com/1105158
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53829}
      5f56641b
    • Sigurd Schneider's avatar
      [TurboFan] Return MaybeHandle from TurboFan compiler · 0db5e7b8
      Sigurd Schneider authored
      TurboFan returned null handles if compilation did not succeed. This CL
      changes that to a MaybeHandle to make it explicit that client code needs
      to handle the error.
      
      Bug: v8:7856
      Change-Id: I6087e6263faa1150b9788213dd22c398b4a2fc2d
      Reviewed-on: https://chromium-review.googlesource.com/1104688
      Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53824}
      0db5e7b8
  14. 18 Jun, 2018 2 commits
    • Clemens Hammacher's avatar
      Revert "[wasm] Introduce jump table" · 33f6c3e1
      Clemens Hammacher authored
      This reverts commit 733b7c82.
      
      Reason for revert: breaks arm64 gc-stress: https://ci.chromium.org/buildbot/client.v8.ports/V8%20Linux%20-%20arm64%20-%20sim%20-%20gc%20stress/11659
      
      Original change's description:
      > [wasm] Introduce jump table
      > 
      > This introduces the concept of a jump table for WebAssembly, which is
      > used for every direct and indirect call to any WebAssembly function.
      > For lazy compilation, it will initially contain code to call the
      > WasmCompileLazy builtin, where it passes the function index to be
      > called.
      > For non-lazy-compilation, it will contain a jump to the actual code.
      > The jump table allows to easily redirect functions for lazy
      > compilation, tier-up, debugging and (in the future) code aging. After
      > this CL, we will not need to patch existing code any more for any of
      > these operations.
      > 
      > R=​mstarzinger@chromium.org, titzer@chromium.org
      > 
      > Bug: v8:7758
      > Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
      > Reviewed-on: https://chromium-review.googlesource.com/1097075
      > Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      > Reviewed-by: Ben Titzer <titzer@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#53805}
      
      TBR=mstarzinger@chromium.org,titzer@chromium.org,clemensh@chromium.org,sreten.kovacevic@mips.com
      
      Change-Id: Iea358db2cf13656a65cf69a6d82cbbc10d3e7e1c
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:7758
      Reviewed-on: https://chromium-review.googlesource.com/1105157Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53807}
      33f6c3e1
    • Clemens Hammacher's avatar
      [wasm] Introduce jump table · 733b7c82
      Clemens Hammacher authored
      This introduces the concept of a jump table for WebAssembly, which is
      used for every direct and indirect call to any WebAssembly function.
      For lazy compilation, it will initially contain code to call the
      WasmCompileLazy builtin, where it passes the function index to be
      called.
      For non-lazy-compilation, it will contain a jump to the actual code.
      The jump table allows to easily redirect functions for lazy
      compilation, tier-up, debugging and (in the future) code aging. After
      this CL, we will not need to patch existing code any more for any of
      these operations.
      
      R=mstarzinger@chromium.org, titzer@chromium.org
      
      Bug: v8:7758
      Change-Id: I45f9983c2b06ae81bf5ce9847f4542fb48844a4f
      Reviewed-on: https://chromium-review.googlesource.com/1097075
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53805}
      733b7c82
  15. 13 Jun, 2018 1 commit
    • Clemens Hammacher's avatar
      [wasm] Merge {WasmSharedModuleData} with {WasmModuleObject} · b9b4b879
      Clemens Hammacher authored
      The {WasmSharedModuleData} struct was introduced to hold data common to
      all wasm instances belonging to the same module. The idea was to keep
      "internal state" separate from the JS-facing {WasmModuleObject}. Since
      this objective has no real value, and we already store some internal
      data on the {WasmModuleObject}, this CL merges these two objects.
      
      R=titzer@chromium.org, mstarzinger@chromium.org
      
      Bug: v8:7754
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
      Change-Id: I04f6d07bf5d812bc4717af26f0f64231345861f9
      Reviewed-on: https://chromium-review.googlesource.com/1097491
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#53698}
      b9b4b879
  16. 12 Jun, 2018 1 commit
  17. 11 Jun, 2018 1 commit
  18. 04 Jun, 2018 1 commit
  19. 30 May, 2018 1 commit
  20. 18 May, 2018 1 commit
  21. 15 May, 2018 1 commit
  22. 14 May, 2018 1 commit
  23. 11 May, 2018 1 commit
  24. 07 May, 2018 3 commits
  25. 30 Apr, 2018 1 commit
  26. 27 Apr, 2018 1 commit
    • Clemens Hammacher's avatar
      [wasm] Split off wasm-linkage.h · 8466b71a
      Clemens Hammacher authored
      Linkage-related methods were declared in wasm-compiler.h and
      implemented in wasm-linkage.cc. This required all users of e.g. wasm
      call descriptors to include the whole wasm compiler header. Also, some
      wasm linkage information is independent of turbofan and also used
      outside of the compiler directory.
      
      This CL splits off wasm-linkage.h (with minimal includes) and puts it
      in src/wasm. This allows to use that information without including
      compiler headers (will clean up several uses in follow-up CLs).
      
      R=mstarzinger@chromium.org, titzer@chromium.org
      
      Bug: v8:7570
      Change-Id: Ifcae70b4ea7932cda30953b325c2b87c4176c598
      Reviewed-on: https://chromium-review.googlesource.com/1013701Reviewed-by: 's avatarBen Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52849}
      8466b71a
  27. 26 Apr, 2018 1 commit
  28. 16 Apr, 2018 1 commit
  29. 14 Apr, 2018 1 commit
    • Jakob Kummerow's avatar
      [ubsan] Change Address typedef to uintptr_t · 2459046c
      Jakob Kummerow authored
      The "Address" type is V8's general-purpose type for manipulating memory
      addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
      are undefined behavior except within the same array; since we generally
      don't operate within a C++ array, our general-purpose type shouldn't be
      a pointer type.
      
      Bug: v8:3770
      Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
      Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
      Reviewed-on: https://chromium-review.googlesource.com/988657
      Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52601}
      2459046c
  30. 09 Apr, 2018 2 commits
  31. 06 Apr, 2018 2 commits
    • Ben L. Titzer's avatar
      [wasm] Merge the WasmContext into WasmInstanceObject · a6d974fe
      Ben L. Titzer authored
      This change makes lifetime management of WasmCode much simpler.
      By using the WasmInstanceObject as the context for WASM code execution,
      including the pointer to the memory base and indirect function tables,
      this keeps the instance alive when WASM code is on the stack, since
      the instance object is passed as a parameter and spilled onto the stack.
      This is in preparation of sharing the code between instances and
      isolates.
      
      Bug: v8:7424
      
      R=mstarzinger@chromium.org
      
      Change-Id: Ia35a3ce91a8f6135767fa764e185cde8bbc889f4
      Reviewed-on: https://chromium-review.googlesource.com/997932
      Commit-Queue: Ben Titzer <titzer@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52436}
      a6d974fe
    • Michael Achenbach's avatar
      Revert "[cleanup] Refactor the Factory" · 503e07c3
      Michael Achenbach authored
      This reverts commit f9a2e24b.
      
      Reason for revert: gc stress failures not all fixed by follow up.
      
      Original change's description:
      > [cleanup] Refactor the Factory
      > 
      > There is no good reason to have the meat of most objects' initialization
      > logic in heap.cc, all wrapped by the CALL_HEAP_FUNCTION macro. Instead,
      > this CL changes the protocol between Heap and Factory to be AllocateRaw,
      > and all object initialization work after (possibly retried) successful
      > raw allocation happens in the Factory.
      > 
      > This saves about 20KB of binary size on x64.
      > 
      > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      > Change-Id: Icbfdc4266d7be8b48d2fe085f03411743dc6a0ca
      > Reviewed-on: https://chromium-review.googlesource.com/959533
      > Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
      > Reviewed-by: Hannes Payer <hpayer@chromium.org>
      > Reviewed-by: Yang Guo <yangguo@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#52416}
      
      TBR=jkummerow@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,hpayer@chromium.org
      
      Change-Id: Idbbc53478742f3e9525eee83342afc6aedae122f
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng
      Reviewed-on: https://chromium-review.googlesource.com/999414Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#52420}
      503e07c3