- 11 May, 2018 2 commits
-
-
Hannes Payer authored
This reverts commit c280e7d4. Reason for revert: <INSERT REASONING HERE> Original change's description: > [heap] Clear the memory of pooled pages when allocating from the pool. > > Bug: chromium:999634 > Change-Id: Ia7a0dd6ddc2477a7656a26548e9a247470d9143f > Reviewed-on: https://chromium-review.googlesource.com/1041688 > Commit-Queue: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52948} TBR=hpayer@chromium.org,mlippautz@chromium.org Change-Id: I838d5fe1e6c6ac8b726a90a44b2eacbea9057866 Reviewed-on: https://chromium-review.googlesource.com/1054070 Commit-Queue: Hannes Payer <hpayer@chromium.org> Reviewed-by:
Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53119}
-
Kanghua Yu authored
On IA architecture, arithmetic and shifting operations set the flags according to the computation result. subl rsi,0x1 REX.W movq rbx,[rbx+0x17] cmpl rsi, 0 <-- TO BE REDUCED jnz 0x3f54d2dcef0 ==> REX.W movq rbx,[rbx+0x17] subl rsi,0x1 jnz 0x3f54d2dcef0 & orl rdx,rbx cmpl rdx,0x0 <-- TO BE REDUCED jnz 0x3f54d22b0f5 ==> orl rdx,rbx jnz 0x3f54d22b0f5 Change-Id: If69c023712212ad7b9fa8b29f4b98274f7885e35 Reviewed-on: https://chromium-review.googlesource.com/1051445Reviewed-by:Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Kanghua Yu <kanghua.yu@intel.com> Cr-Commit-Position: refs/heads/master@{#53118}
-
- 10 May, 2018 2 commits
-
-
Ivica Bogosavljevic authored
Test mjsunit/wasm/compiled-module-serialization fails on those architectures that do not support missaligned memory access. We fix this by adding padding between code header and code start in NativeModule serializer/deserializer so the code start is properly aligned. TEST=mjsunit/wasm/compiled-module-serializationx Change-Id: I4f35b78a1190194088795b6f09becc3ad4251fdb Reviewed-on: https://chromium-review.googlesource.com/1044186 Commit-Queue: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#53117}
-
Dan Elphick authored
Avoid writing NumberOfElements to HashTable when it hasn't changed as the HashTable could be in RO_SPACE and this operation will crash. Bug: v8:841592 Change-Id: Iffadd567fc10aa9cd13d953da81275464b16c6c0 Reviewed-on: https://chromium-review.googlesource.com/1052693 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/master@{#53116}
-
- 09 May, 2018 34 commits
-
-
Alexey Kozyatinskiy authored
Allocation is super slow and produce big performance regression on blink side. Bug: chromium:839567,chromium:839809 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I3e9989435515ecfaedaee60c1f0c6939b9053e95 Reviewed-on: https://chromium-review.googlesource.com/1053105 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
-
Vincent Belliard authored
Remove cp from cache register list Bug: v8:6600 Change-Id: If17d4558e4f89dd620c757e2a8288658f1489435 Reviewed-on: https://chromium-review.googlesource.com/1047645Reviewed-by:
-
Alexei Filippov authored
We cannot drop the deprecated API right away because we need to keep binary compatiblity. As a short term solution create CPU profiler lazily if the API is called. BUG=v8:7070 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I04029844895976b25db165f4fba6afbfe1681913 Reviewed-on: https://chromium-review.googlesource.com/1047848Reviewed-by:
Peter Marshall <petermarshall@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#53113}
-
Andreas Haas authored
The CompilationManager was introduced to manage the memory of AsyncCompileJobs. However, by now this can be done better by the new WasmEngine. This CL just moves the code to wasm-engine.[h,cc] and adjusts the callsites. R=titzer@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Icd2c1f19feeaa854c74e020b41e314b8ad00cea5 Reviewed-on: https://chromium-review.googlesource.com/1052109Reviewed-by:
Ben Titzer <titzer@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#53112}
-
Clemens Hammacher authored
This is a reland of e084eea6. Undefined behavious was fixed in https://crrev.com/c/1051235. Original change's description: > Fix SourcePositionInfo for wasm > > In wasm we often don't have a SharedFunctionInfo associated with a > compilation job, so we can't get a Script. Just print "unknown" in > these cases (instead of crashing). > > R=titzer@chromium.org > CC=herhut@chromium.org > > Bug: chromium:840757, v8:7738 > Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887 > Reviewed-on: https://chromium-review.googlesource.com/1049632 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53080} TBR=titzer@chromium.org Bug: chromium:840757, v8:7738 Change-Id: If04040a33766955cfed78e7c27226dd04c3f9b9f Reviewed-on: https://chromium-review.googlesource.com/1051266Reviewed-by:
-
Igor Sheludko authored
Bug: v8:7570 Change-Id: I2101a3fed996385b076352d20a2ca4d65c31a828 Reviewed-on: https://chromium-review.googlesource.com/1044374 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
The 'pause' instruction is used for implementing retpolines. It is currently being printed as 'nop', which is incorrect. R=titzer@chromium.org Change-Id: I134b6dae332103fd7f9b3c4e5520f0d5db06ba74 Reviewed-on: https://chromium-review.googlesource.com/1051789Reviewed-by:
-
Clemens Hammacher authored
As SSCA mitigation, use retpoline for each indirect call. We currently only support retpolines on ia32 and x64. R=titzer@chromium.org Bug: v8:6600, chromium:798964 Change-Id: I32472c15e149977b00bf923f4d87e259b7b54800 Reviewed-on: https://chromium-review.googlesource.com/1052113Reviewed-by:
-
Clemens Hammacher authored
Code comments are heap-allocated and never freed. We don't want to attach them to the code object via a finalizer, since that could change gc timing and heap layout when you enable code comments. They are used to testing only anyway, so leaking is acceptable here. R=bmeurer@chromium.org, jarin@chromium.org Bug: v8:7738 Change-Id: I27b0f95db1d66b57f4f113c154f23edb84e6700d Reviewed-on: https://chromium-review.googlesource.com/1051241 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Dominic Farolino authored
Implement console.countReset() from the WHATWG Console Standard R=bmeurer@chromium.org, dgozman@chromium.org, kozyatinskiy@chromium.org Bug: chromium:839947 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: I8a900e9cdf3e5b08506f709cf6497476c8c6c00b Reviewed-on: https://chromium-review.googlesource.com/1044902Reviewed-by:
Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by:
-
Andreas Haas authored
R=ulan@chromium.org CC=jbroman@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I606a182774188b953247b62e5426ee7feadd1a74 Reviewed-on: https://chromium-review.googlesource.com/1047206 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#53105}
-
Andreas Haas authored
R=ulan@chromium.org Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Iaa9968945ce8196de75b4c4a637bda9ee57c0509 Reviewed-on: https://chromium-review.googlesource.com/1047207Reviewed-by:
-
Marja Hölttä authored
Bug: v8:7308 Change-Id: I967e036dc584f585dddda0eef480389a33e45bdf Reviewed-on: https://chromium-review.googlesource.com/1046649Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/master@{#53103}
-
Igor Sheludko authored
Plus a bit of CSA typification. Bug: v8:7725 Change-Id: I43fea4a4c0739f9c24d84035816b046e742372ee Reviewed-on: https://chromium-review.googlesource.com/1051653Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#53102}
-
Simon Zünd authored
This CL adds a counter for sorting non-packed JSArrays where Object.prototype was modified, or the prototype of the instance differs from Array.prototype. This is the V8 side of the change. The Chromium-side CL: https://crrev.com/c/1051651 R=jgruber@chromium.org Bug: v8:7382 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: I3ce9789a5df4bb9af5d1bfc89681fcd112e28e83 Reviewed-on: https://chromium-review.googlesource.com/1051650 Commit-Queue: Simon Zünd <szuend@google.com> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
The {CommentOperator}, used for implementing the --code-comments flag, is not UBSan-safe. This CL fixes this and adds a test which uses code comments. R=bmeurer@chromium.org Bug: v8:7744 Change-Id: Ia6ec509e77d998df085ac7377cb24854354e3aa2 Reviewed-on: https://chromium-review.googlesource.com/1051235 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#53100}
-
Marja Hölttä authored
The previous version was correct too, since we check sminess before. But with the new check, it's easier to see it's correct. BUG=v8:7308 Change-Id: I1632353ee5dfd305479858ec4a690b17bb70e6a6 Reviewed-on: https://chromium-review.googlesource.com/1039525Reviewed-by:
-
Clemens Hammacher authored
Instead of {base::AtomicNumber<intptr_t>} use {std::atomic<size_t>}, since we really want to store a size_t in there, and only abused negative values before to avoid a compare-and-swap loop. R=mstarzinger@chromium.org Bug: v8:7570 Change-Id: Ibff0fe0550396f11b343f7e3c098ccf94f6e8dbb Reviewed-on: https://chromium-review.googlesource.com/1049067Reviewed-by:Michael Starzinger <mstarzinger@chromium.org> Reviewed-by:
-
Igor Sheludko authored
... in order to be able to use it in other constants definitions in the header. Bug: v8:7570 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Change-Id: Id5d6ae34ab401ecf063bf5897b87b6bb87c24960 Reviewed-on: https://chromium-review.googlesource.com/1032782Reviewed-by:
Yang Guo <yangguo@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#53097}
-
Dan Elphick authored
Moves all Oddballs, empty_feedback_metadata, lots of symbols and immortal heap numbers and several other empty collection objects. RO_SPACE NEW_SPACE OLD_SPACE CODE_SPACE MAP_SPACE LO_SPACE old 31800 0 241976 24032 176 0 new 35080 0 238680 24032 176 0 diff +3280 -3296 Reland of https://chromium-review.googlesource.com/c/v8/v8/+/1025996, without the empty_property_dictionary which is not read-only. Bug: v8:7464 Change-Id: I84840d86eb3e5906ddb8b4c4e9e70bfec0cf78bc Reviewed-on: https://chromium-review.googlesource.com/1049611 Commit-Queue: Dan Elphick <delphick@chromium.org> Reviewed-by: -
Dan Elphick authored
Re-enables and fixes msan test failures due to string padding being cleared only selectively in tests. This change instead makes sure it always happens in TestIsolate. Bug: v8:7746 Change-Id: I259b43ad25cb7af18bf16d29effb15772c981a67 Reviewed-on: https://chromium-review.googlesource.com/1051647Reviewed-by:
-
Clemens Hammacher authored
These tests started failing after https://crrev.com/c/1046657. R=ahaas@chromium.org Bug: v8:7748 No-Try: true Change-Id: I67b44b144e5e62c5a88cbf6683e0678e6eab1dc6 Reviewed-on: https://chromium-review.googlesource.com/1051243Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#53094}
-
Georg Neis authored
The 'generates' clause was missing (so I suppose it got mapped to JSReceiver). Change-Id: I146546921e552f17dbadf74082b31315bf868bf7 Reviewed-on: https://chromium-review.googlesource.com/1032434 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by:
Daniel Clifford <danno@chromium.org> Reviewed-by:
Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#53093}
-
Hannes Payer authored
Change-Id: I14237a71c34872e114d7e2afb73a758e011fd731 Reviewed-on: https://chromium-review.googlesource.com/1051239Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Hannes Payer <hpayer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53092}
-
Mike Stanton authored
BUG=v8:7672 Change-Id: I0c157ce88b31312dfbea7a149c1d9fbdfb398278 Reviewed-on: https://chromium-review.googlesource.com/1013524 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
-
Hannes Payer authored
Change-Id: Ia4d4211dbc8f0714dd11983ac7bc899f51ba69c5 Reviewed-on: https://chromium-review.googlesource.com/1051237Reviewed-by:
-
Clemens Hammacher authored
After closing a handle scope, and when allocating a new segment in a zone, treat that memory as uninitialized in MSan. This will hopefully catch more errors than handle zapping, which needs to be enabled explicitly. R=ahaas@chromium.org Bug: v8:7570 Change-Id: Ie3be07434bed878fb607a522787514421f397197 Reviewed-on: https://chromium-review.googlesource.com/1046657 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
Clemens Hammacher authored
The comment in {CallRuntime} was misleading. The {rsi}/{esi} register did not hold the instance, but the context instead. The generated code was correct thought. R=titzer@chromium.org Change-Id: I18020a04ac75faedf7ad5e4b07cab27ae0aedae7 Reviewed-on: https://chromium-review.googlesource.com/1051232Reviewed-by: -
Dan Elphick authored
This is a reland of 40f1aaf3 Put back padding clearing into the SerializeObject method but only when the String is not in RO_SPACE. For RO_SPACE strings, if required iterate over the space before serialization clearing the strings. Original change's description: > [heap] Mark RO_SPACE as read-only after deserialization > > Adds MarkAsReadOnly and MarkAsReadWrite to ReadOnlySpace. The latter > is only usable with ReadOnlySpace::WritableScope to avoid the space > being left writable). MarkAsReadOnly updates the high water mark and > makes several previously mutating methods into no-ops. > > Moves some writes to immutable objects out of the bootstrapper to > setup-heap-internal so they don't write to a read-only page. > > Also avoid writing hashes to strings that already have the value set as > that invariably means writing to the "0" and "1" constant strings in > RO_SPACE. > > Before serialization, it makes RO_SPACE writable again so that any > padding can be cleared before writing it. > > Bug: v8:7464 > Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng > Change-Id: I22edc20dba7dde8943991a8fcaf87244af4490a3 > Reviewed-on: https://chromium-review.googlesource.com/1014128 > Commit-Queue: Dan Elphick <delphick@chromium.org> > Reviewed-by: Hannes Payer <hpayer@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52943} Bug: v8:7464 Change-Id: Ia8386c4ff5f5df3207f584caf7a9b1ff1e405f25 Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng Reviewed-on: https://chromium-review.googlesource.com/1042145Reviewed-by:
-
Ben L. Titzer authored
This CL removes the JSGraph from WasmGraphBuilder and uses MachineGraph, which is independent of the isolate, instead. In addition to using the machine graph in the WasmGraphBuilder, this CL splits off a subclass for compiling wrappers that does have a JSGraph and encapsulates it in the .cc file. This makes the separation of WASM function graphs and WASM wrapper graphs more explicit. R=mstarzinger@chromium.org CC=ahaas@chromium.org BUG=v8:7721 Change-Id: I3c190baef2084919d22a9a89a8c9f11d2ddcf3d0 Reviewed-on: https://chromium-review.googlesource.com/1050266 Commit-Queue: Ben Titzer <titzer@chromium.org> Reviewed-by:
-
Peter Marshall authored
The handles created for each SharedFunctionInfo within SourcePosition::InliningStack live for the life of the profile, reaching 5MiB+ on an example server application for Node. This HandleScope limits their lifetime locally, given that the handles do not escape. This saves ~10% of peak memory. Bug: v8:7719 Change-Id: I97ce0fd3658be89fdd9cb9c1369ea5bfae0ce579 Reviewed-on: https://chromium-review.googlesource.com/1049647Reviewed-by:
Alexei Filippov <alph@chromium.org> Commit-Queue: Peter Marshall <petermarshall@chromium.org> Cr-Commit-Position: refs/heads/master@{#53085}
-
Michael Starzinger authored
This makes sure that the {WasmModuleObject} has been allocated before any debug events are fired. Since {WasmScript} objects reference the module object, it needs to be allocated earlier by now. R=ahaas@chromium.org TEST=debugger/regress/regress-crbug-840288 BUG=chromium:840288 Change-Id: I02783ce126c463ac953eb2192acb65f3a5d420a1 Reviewed-on: https://chromium-review.googlesource.com/1050246Reviewed-by: -
Jaroslav Sevcik authored
Bug: chromium:841117 Change-Id: I1e83dfc82f87d0b49d3cca96290ae1d738e37d20 Reviewed-on: https://chromium-review.googlesource.com/1051228Reviewed-by:
-
Michael Achenbach authored
This reverts commit e084eea6. Reason for revert: https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20UBSanVptr/builds/3163 Original change's description: > Fix SourcePositionInfo for wasm > > In wasm we often don't have a SharedFunctionInfo associated with a > compilation job, so we can't get a Script. Just print "unknown" in > these cases (instead of crashing). > > R=titzer@chromium.org > CC=herhut@chromium.org > > Bug: chromium:840757, v8:7738 > Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887 > Reviewed-on: https://chromium-review.googlesource.com/1049632 > Commit-Queue: Clemens Hammacher <clemensh@chromium.org> > Reviewed-by: Ben Titzer <titzer@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53080} TBR=titzer@chromium.org,clemensh@chromium.org Change-Id: Ib2020ea3f2b778df9fe50ccbe803938f2f4fd709 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:840757, v8:7738 Reviewed-on: https://chromium-review.googlesource.com/1051265Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#53082}
-
- 08 May, 2018 2 commits
-
-
Junliang Yan authored
Port d8131cd6 Original Commit Message: Stubs and builtins are very similar. The main differences are that stubs can be parameterized and may be generated at runtime, whereas builtins are generated at mksnapshot-time and shipped with the snapshot (or embedded into the binary). My main motivation for these conversions is that we can generate faster calls and jumps to (embedded) builtins callees from (embedded) builtin callers. Instead of going through the builtins constants table indirection, we can simply do a pc-relative call/jump. This also unlocks other refactorings, e.g. removal of CallRuntimeDelayed. R=jgruber@chromium.org, joransiu@ca.ibm.com, michael_dawson@ca.ibm.com BUG= LOG=N Change-Id: I193e4275470d492912a7d0f8523c3b8c29f1b146 Reviewed-on: https://chromium-review.googlesource.com/1050732 Commit-Queue: Junliang Yan <jyan@ca.ibm.com> Reviewed-by:
Joran Siu <joransiu@ca.ibm.com> Cr-Commit-Position: refs/heads/master@{#53081}
-
Clemens Hammacher authored
In wasm we often don't have a SharedFunctionInfo associated with a compilation job, so we can't get a Script. Just print "unknown" in these cases (instead of crashing). R=titzer@chromium.org CC=herhut@chromium.org Bug: chromium:840757, v8:7738 Change-Id: I850c6adfd9e07c9a0f6dd018f1a9314feb89d887 Reviewed-on: https://chromium-review.googlesource.com/1049632 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by:
-
