- 29 Apr, 2019 19 commits
-
-
Mike Stanton authored
New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support compressed pointers in generated code. Enum name EMBEDDED_OBJECT changed to FULL_EMBEDDED_OBJECT. RelocInfo::[set_]target_object() abstract away the difference between FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT. Compressed embedded objects can only be created at this time on x64 with pointer compression turned on. Arm64 constant pools don't support compressed objects at this time. Bug: v8:7703 Change-Id: I03bfd84effa33c65cf9bcefa5df680ab7eace9dd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547661 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61076}
-
Clemens Hammacher authored
This adds a flag to print a message on important GC events, like triggering a GC, reporting live code per isolate, and finally deleting dead code. This helps debugging issues with wasm code gc. R=mstarzinger@chromium.org Bug: v8:8217 Change-Id: I901199bc19b2a8718728a9e4918c30e295e0e92a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585842 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61075}
-
Michael Starzinger authored
R=clemensh@chromium.org Change-Id: I76f9f5dd8c4faef3e33dde96c7bb7f81448d8e79 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585848Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61074}
-
Clemens Hammacher authored
One fundamental assumption of the wasm code GC is that code becomes "potentially dead" at most once; if the ref counts drops to zero later, it should be freed for real. In the current implementation, it happens that code becomes potentially dead, then becomes dead for real (it's removed from the set of potentially dead code), and then we remove the last reference. At that point, we re-add the code to the potentially dead code, considering it for garbage collection again. This can lead to an endless loop. This CL fixes that by remembering which code was already detected as dead, and does not consider this code for another GC. This requires freeing code via the {WasmEngine} such that the set of dead code can be cleaned up. R=mstarzinger@chromium.org Bug: v8:8217 Change-Id: If6a95a7918db2ad82edfad5447c536593243db7d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585845Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61073}
-
Georg Neis authored
- Rename (and negate) "stack_check" to the more descriptive "skip_first_stack_check". - Pass call frequency by value rather than mutable(!) reference. - Embed some things directly into BytecodeGraphBuilder, instead of stack-allocating them and then storing a pointer. - Don't pass things to OsrIteratorState that it can already access via the graph builder parameter. Change-Id: Id852df1ce521a6eefb6047cf76a0882a4c6e95b3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587375 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61072}
-
Dan Elphick authored
Remove Isolate versions of Value::ToNumber/ToString/ToObject/ToInteger/ToInt32 and Context versions of ToBoolean and BooleanValue (which could never throw anyway). Bug: v8:7279, v8:9183 Change-Id: Ib144f8894a2b37c44216ba2d0cb298e8f0c72a3e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585735Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#61071}
-
Sigurd Schneider authored
This CL removes the flag '--turbo-preprocess-ranges' and enables it by default. If FLAG_turbo_control_flow_aware_allocation is set, --turbo-preprocess-ranges is disabled and control flow aware allocation is enabled instead. Bug: v8:9088 Change-Id: I81d56f15efc8f765e317aa828d27f415f8b7fd40 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585725 Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61070}
-
Simon Zünd authored
This CL removes a build script that was used to create ANTLR visitors for Torque parsing. As Torque rolls its own parser now, this script can safely be removed. R=tebbi@chromium.org Bug: v8:9183 Change-Id: Id56ee590d79e5c849ac111e8825cd3733cd55d90 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587379Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#61069}
-
Georg Neis authored
All we really need to expose is a single function that builds the graph. This change drastically simplifies the header file. Change-Id: If185687b8220bdd253f967be9ab2ea3b088e5423 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585856Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#61068}
-
Sigurd Schneider authored
This CL fixes an issue where a comment was not highlighted correctly after a class definition. Bug: v8:7793 Notry: true Change-Id: I378a1373c8f4a6c8d48c4bb2ee4a4c3b39b2341f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585733Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Auto-Submit: Sigurd Schneider <sigurds@chromium.org> Cr-Commit-Position: refs/heads/master@{#61067}
-
Deepti Gandluri authored
Previously it was possible for this function to fall back to the ArrayBuffer methods to free the memory in the cases where the is_wasm_memory flag on the JSArrayBuffer is not propagated. This is no longer the case, as we check for the actual allocation so all memory allocated by the WasmMemoryTracker should be freed by it as well. Rename the method to match the existing implementation. Change-Id: I50c9844bfdae1c378812df5add2253752532d0ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587795 Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61066}
-
Andreas Haas authored
R=clemensh@chromium.org Change-Id: I6a70bc5b0e9dd992ad668e93c98baaf75e86c1d0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587378Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61065}
-
Deepti Gandluri authored
Change-Id: Ia9b5fd1e5247e4452e18a9212b041891d3ee44ea Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1586839Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#61064}
-
Jakob Gruber authored
This tests calling Debugger.getPossibleBreakpoints on a user function embedded into the startup snapshot. Currently, this fails because inspector does not know how to handle scripts without an associated context. The test should be updated once we have a fix. Bug: v8:9029 Change-Id: Id2391a2df203fa7f119f39ea1c34da6a7c54206f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581643Reviewed-by: Peter Marshall <petermarshall@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61063}
-
Jakob Gruber authored
This is a reland of 4f9d7a94 Original change's description: > [snapshot] Align internal snapshot data > > When the snapshot blob is not aligned properly, loading it can cause a > crash on platforms such as arm. > > This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing > the blob_data symbol (declared as a byte array) through a reinterpret > cast to uintptr_t in an internal snapshot build. > > Thanks to florian.dold@gmail.com for the initial patch. > > Bug: v8:9171 > Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402 > Commit-Queue: Dan Elphick <delphick@chromium.org> > Auto-Submit: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61000} Tbr: delphick@chromium.org Bug: v8:9171 Change-Id: I36f53647ff5c45bcc512147f082fdd069723175d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587377Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#61062}
-
Frank Tang authored
Implement ECMA402 PR https://github.com/tc39/ecma402/pull/175 Add numberingSystem option to NumberFormat And numberingSystem and calendar option to DateTimeFormat Bug: v8:9154 Change-Id: Ic4e85a232a9ad26c17ee20385f839b0e09a56c77 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575919Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/master@{#61061}
-
Dan Elphick authored
Bug: v8:7283, v8:9183 Change-Id: Idf7ddc20d0cb7da69f3458cf96935e426f454f34 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1569440Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Yang Guo <yangguo@chromium.org> Auto-Submit: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/master@{#61060}
-
v8-ci-autoroll-builder authored
Rolling v8/test/wasm-js/data: https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+log/43898ad..6281d0d [interpreter] Group digits with '_' when printing numbers (#1006) (Andreas Rossberg) https://chromium.googlesource.com/external/github.com/WebAssembly/spec/+/6281d0d TBR=ahaas@chromium.org,clemensh@chromium.org Change-Id: Ic4c30ff940d0408cab6764b0f097c7926771d888 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587479Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61059}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/4b579b0..c185a34 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I71588a5f3a6f856b07c67b07b99cdb1557cbbd8f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587478Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61058}
-
- 28 Apr, 2019 2 commits
-
-
Jaroslav Sevcik authored
This CL just updates the map to its non-deprecated counterpart before adding the integrity level transition. Bug: chromium:956426 Change-Id: I0aaaeb0451aed28c8893968bbcd9f6eb327da18b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585858Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61057}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/70dcfa3..4b579b0 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ffa3433..d235eb2 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: Id70efb2a0e0e2460e1624816aa074c4de90b1cda Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1586817Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61056}
-
- 27 Apr, 2019 2 commits
-
-
Jaroslav Sevcik authored
This enables constant field tracking unconditionally. TBR=jgruber@chromium.org Bug: v8:8361 Change-Id: I02f35827d860c3e0f18a3d55cb156c088d48bc94 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585730 Commit-Queue: Jaroslav Sevcik <jarin@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#61055}
-
v8-ci-autoroll-builder authored
Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/d1791e1..70dcfa3 Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ed59989..ffa3433 Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/7491399..6837707 TBR=machenbach@chromium.org,hablich@chromium.org,sergiyb@chromium.org Change-Id: I60cf8d78af51203f77272e5077e8440db4d03194 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1586778Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#61054}
-
- 26 Apr, 2019 17 commits
-
-
Dave Tapuska authored
This is a reland of 2974a184 Added expectation for the case that caused the revert in: https://chromium-review.googlesource.com/c/chromium/src/+/1585814 Original change's description: > [Inspector] Adjust the length of some of the console functions. > > The function lengths on a number of the console methods was set to 1. > The arguments to these functions are either variadic or optional so they > should have length of 0. > > R=dgozman@chromium.org,ulan@chromium.org > BUG=chromium:948678 > > Change-Id: I183262e230145a565732396688a0541034931500 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948 > Reviewed-by: Ulan Degenbaev <ulan@chromium.org> > Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org> > Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> > Commit-Queue: Dave Tapuska <dtapuska@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61021} Bug: chromium:948678 Change-Id: I092139117ee2b08f40a7c0ee4df49603cf383579 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585533Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#61053}
-
Jakob Kummerow authored
For a few double value above the max float, we have to round down to that max float rather than rounding up to infinity. Bug: chromium:956564 Change-Id: I34be1def5330bd4c3352b792d20dd500f108d9e1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585852 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61052}
-
Georg Neis authored
Instead of recording dependencies during ComputePropertyAccessInfo(s), store off-the-record dependencies in the resulting PropertyAccessInfo(s) and record them when the PropertyAccessInfo(s) are consumed. This will enable us to do the ComputePropertyAccessInfo(s) during serialization. Bug: v8:7790 Change-Id: I2a3918eb3bc2c795061ca7969c0053b68a53aea7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581610 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61051}
-
Z Duong Nguyen-Huu authored
This is reland of https://chromium-review.googlesource.com/c/v8/v8/+/1575036 which the flaky test is fixed by moving '%PrepareFunctionForOptimization' around Bug: v8:6831 Change-Id: I0e8c3d2452b14c86e8ff0851e1840294734435e2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582481Reviewed-by: Simon Zünd <szuend@chromium.org> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com> Cr-Commit-Position: refs/heads/master@{#61050}
-
Toon Verwaest authored
- Removes Utf8Iterator - Replaces Utf8Decoder with something based on ValueOfIncremental + NonAsciiStart and moves it into v8/internal. - Internalizes utf8 strings by first converting them to one or two byte - Removes IsUtf8EqualsTo and replaces current uses with IsOneByteEqualsTo Tbr: jgruber@chromium.org Change-Id: I16e08d910a745e78d6fd465718fc69ad731fd217 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585840 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#61049}
-
Sergiy Belozorov authored
This also makes processing immediate, i.e. outputs are parsed into results as soon as test run is finished, which will allow us to implement logic that checks whether we have enough runs based on already-accumulated results. Since we process each output immediately, we do not need Measurement class any longer and its ConsumeOutput is now integrated directly into TraceConfig. Similarly AccumulateResults is replaced with RunnableConfig.ProcessOutput as we do not accumulate results any longer. R=machenbach@chromium.org No-Try: true No-Tree-Checks: true Bug: chromium:880724 Change-Id: I0fc4846024c43258c10ba8d568312aa4746d746f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584325 Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61048}
-
Ben L. Titzer authored
Add a WasmCodeRefScope around _v8_internal_Print_Code() because that is needed for debugging. R=clemensh@chromium.org Change-Id: Ifdb7a32695163e0a109567ec00a52196e79e03db Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585844Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#61047}
-
Santiago Aboy Solanes authored
TaggedSigned to CompressedPointer, and TaggedPointer to CompressedSigned. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:7703 Change-Id: I9a257e583527256230576c7bc3d4c4b308570d2f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585729 Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Cr-Commit-Position: refs/heads/master@{#61046}
-
Santiago Aboy Solanes authored
I missed these cases when adding the branchful decompression on codegen. Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng Bug: v8:7703 Change-Id: Idb3f5ca81e00bb17fa08ba2b2506b642ffbd7b4b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571623 Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org> Reviewed-by: Igor Sheludko <ishell@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Cr-Commit-Position: refs/heads/master@{#61045}
-
Michael Achenbach authored
Bug: chromium:775123 Change-Id: Idea2799185f2b0b10d9357e91df9622b0d6d68c9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585731Reviewed-by: Sergiy Belozorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61044}
-
Michael Achenbach authored
TBR=sigurds@chromium.org NOTRY=true Bug: v8:9145 Change-Id: I01829358bc2729d39d06ee40af108b3218e7339d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585841Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61043}
-
Hannes Payer authored
Bug: v8:9093 Change-Id: I3e4187f8d47a8a6cf80cc2fa2d2b96d89628af35 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585738 Auto-Submit: Hannes Payer <hpayer@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#61042}
-
Clemens Hammacher authored
If a {NativeModule} dies while a GC is running, we could leave behind references to code of that deleted module. This CL fixes that. This issue was found by running with --stress-wasm-code-gc. R=mstarzinger@chromium.org Bug: v8:8217 Change-Id: I7f0d98977e6510899170306952936c4a7f7d3c10 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585722Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#61041}
-
Andreas Haas authored
The function {memory_copy_wrapper} is called directly from WebAssembly. Before calling {memory_copy_wrapper} we do not reset the tread-in-wasm flag. On asan builds on Windows this causes the problem observed in the crash report. My theory is the following: asan on Windows uses exceptions to allocate shadow memory lazily. When {memory_copy_wrapper} accesses memory, asan causes an exception to allocate shadow memory. This exception is first caught by the WebAssembly trap handler, which resets the thread-in-wasm flag but then does not handle the exception because it cannot find a proper landing pad. Asan then handles the exception and continues execution. However. the thread-in-wasm flag is not set anymore. A later check of the thread-in-wasm flag then fails. This CL disables asan for {memory_copy_wrapper} and thereby fixes the problem. As indicated above, another solution would be to reset and set the thread-in-wasm flag before and after the call to the C function, respectively. However, we do not do that for other uses of direct calls to C. R=binji@chromium.org Bug: chromium:952342 Change-Id: I2adb2eccf2ac25be58392d21f8f43a04414c7811 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584326Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#61040}
-
Clemens Hammacher authored
Add a flag which causes wasm code gc to be triggered whenever any code is found to be potentially dead. This mode found several bugs already, and I plan to enable it in 'gc-stress' mode once all issues are fixed. R=mstarzinger@chromium.org Bug: v8:8217 Change-Id: If28d980ded98b77b9efe7446da74d857e3c5e1b7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585720 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#61039}
-
Ross McIlroy authored
This reverts commit da7322c0. Reason for revert: Breaking the pointer compression bots, e.g.: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047 Original change's description: > [csa] verify skipped write-barriers in MemoryOptimizer > > With very few exceptions, this verifies all skipped write-barriers in > CSA and Torque, showing that the MemoryOptimizer together with some > type information on the stored value are enough to avoid unsafe skipped > write-barriers. > > Changes to CSA: > SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the > MemoryOptimizer by default. > Type information about the stored values (TNode<Smi>) is exploited to > safely skip write barriers for stored Smi values. > In some cases, the code is re-structured to make it easier to consume > for the MemoryOptimizer (manual branch and load elimination). > > Changes to the MemoryOptimizer: > Improve the MemoryOptimizer to remove write barriers: > - When the store happens to a CSA-generated InnerAllocate, by ignoring > Bitcasts and additions. > - When the stored value is the HeapConstant of an immortal immovable root. > - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned). > - Fast C-calls are treated as non-allocating. > - Runtime calls can be white-listed as non-allocating. > > Remaining missing cases: > - C++-style iterator loops with inner pointers. > - Inner allocates that are reloaded from a field where they were just stored > (for example an elements backing store). Load elimination would fix that. > - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole). > We could handle that in Torque. > - Double-aligned allocations, which are not lowered in the MemoryOptimizer > but in CSA. > > Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this > can be handled by overload resolution (in Torque and C++). > > R=jarin@chromium.org > TBR=mvstanton@chromium.org > > Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#61016} TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Ross McIlroy <rmcilroy@chromium.org> Cr-Commit-Position: refs/heads/master@{#61038}
-
Sergiy Belozorov authored
This is part of the refactoring needed to implement a feature that allows re-running benchmarks until needed confidence is reached. R=machenbach@chromium.org No-Try: true No-Tree-Checks: true Bug: chromium:880724 Change-Id: I45f584a3503ecf567f4c2661a302a74fc5e516af Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581605 Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#61037}
-