Skip to content

V
V8
Switch branch/tag
  1. 05 May, 2021 13 commits
    • Antonio Sartori's avatar
      [api] Add API callback setter for the SAB origin trial · bc1eb7b4
      Antonio Sartori authored 
      This change makes it possible to enable SharedArrayBuffer per Context,
controlling whether it should be enabled or not with a callback. The
previous implementation of the reverse origin trial for
SharedArrayBuffer was broken, since the feature could only be enabled
globally per process, and only if the feature flag is set early enough
in the v8 initialization. This does not play well with how origin
trials work.

The implementation is similar to the callbacks that already exist for
the origin trials for WebAssembly simd and exceptions.

SharedArrayBuffer is still controlled by the flag
harmony_sharedarraybuffer. If that flag is disabled, then
SharedArrayBuffer is disabled unconditionally. On top of that, this CL
introduces a new flag for enabling SharedArrayBuffer per context. If
that flag is set, a callback is used to determine whether
SharedArrayBuffer should be enabled.


Note that this only controls whether the SharedArrayBuffer constructor
should be exposed on the global object or not. It is always possible
to construct a SharedArrayBuffer using

  new WebAssembly.Memory({
    shared:true, initial:0, maximum:0 }).buffer.constructor;


There are few things which I do not like of this approach, but I did
not have better ideas:

1. The complex logic of dobule flag + callback. However, this seemed
the best way to me to not break embedders which rely on that flag
being enabled by default.

2. The fact that what actually matters is just whether the callback
returns `true` once. It would be good to check that the callback gives
a consistent return value, or to provide a better API that cannot be
missunderstood.


Bug: chromium:923807,chromium:1071424,chromium:1138860
Change-Id: Ibe3776fad4d3bff5dda9066967e4b20328014266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867473Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74378}
      bc1eb7b4
    • Nico Hartmann's avatar
      [TurboFan] Add %VerifyType intrinsic · f486a343
      Nico Hartmann authored 
      This CL adds a new %VerifyType compiler intrinsic that can be used
by tests and fuzzers to generate a runtime type check of the given
input value. Internally, %VerifyType is lowered to %AssertType
which is why checks are currently limited to range types.

tests to be const-correct.

Drive-by: Add a few consts to NodeProperties accessors to allow
Bug: v8:11724
Change-Id: I06842062d0e8278a5ba011d5a09947fe05b6e85e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859959
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74377}
      f486a343
    • Anton Bikineev's avatar
      cppgc: Save xmm registers on the stack · 305aa12f
      Anton Bikineev authored 
      Microsoft x86_64 ABI considers XMM6-XMM15 as non-volatile
(callee-saved), which means that the compiler can store pointers in them.
We need to make sure they are pushed onto the stack inside the stack
scanning trampolines.

Bug: v8:11710
Change-Id: Ida804fe49d3d3b6f179ec276903a42ec8d3d86be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865745
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74376}
      305aa12f
    • Thibaud Michaud's avatar
      [regalloc] Avoid duplicate moves for slot constraint · f6a3ef56
      Thibaud Michaud authored 
      We potentially emitted the same gap move multiple times to satisfy slot
constraint of live ranges defined by a constant. Avoid this by keeping
track of already spilled ranges for a given instruction.

This is not expected to cause any regression because this case is rare.
If it does, a better approach to save allocations would be to re-use the
same vector by storing it somewhere that survives the function calls,
e.g. in the ConstraintBuilder.

Drive-by: Remove unused functions.

R=sigurds@chromium.org
CC=nicohartmann@chromium.org

Bug: chromium:1204748
Change-Id: I75a838a8b27775ecdeddb4c60cf72c56d5f1c2a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871462Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74375}
      f6a3ef56
    • Manos Koukoutos's avatar
      [wasm] Complete element segment features for reftypes/typed-funcref · 37579df7
      Manos Koukoutos authored 
      Main changes:
- Allow global.get in elements segments with expressions-as-elements.
- Allow element segments with types other than funcref.

Detailed changes:
- Move WasmInitExpr to its own file. Add stream opearator << support.
- Simplify type of PrintCollection.
- Make WasmElemSegment use an array of WasmInitExpr's over the previous
  ad-hoc implementation. Move null_index to WasmModuleBuilder.
- Refactor consume_element_segment_header. Make it return a
  WasmElemSegment.
- Refactor consume_element_expr. Make it return a WasmInitExpr.
- Refactor DecodeElementSection. Make it invoke
  consume_element_segment_header, then populate its element array.
- Update module-instantiate.cc to handle global.get elements.
- Fix bug in wasm-objects.cc where the wrong type index was passed into
  module()->has_signature()
- Adapt and add tests.

Change-Id: I5abfbe424dbb750ee2dca59f91c451ffcb79f95f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857959
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74374}
      37579df7
    • Ross McIlroy's avatar
      [compiler] Simplify and optimize Scheduler::PrepareUses. · 3f28ca94
      Ross McIlroy authored 
      Simplifies the traversal of nodes in Scheduler::PrepareUses to
avoid having to carefully order stack traversal for pre/post
ordering visits. Instead simply pre visit when pushing a node
onto the stack, then post visit the node when popping it from
the stack and then visiting it's inputs. This keeps the same
invariants required, but reduces visit overhead.

In addition, move checking for CoupledControlEdges out of
Increment/DecrementUnscheduledUseCounts such that the
coupled control edge calculation only needs to be done once
per node, rather than once for every input of the node. Also
remove unecessary recursion from these functions.

All told, these optimizations reduce the PrepareUses overhead
by 40-50%.

BUG=v8:9684

Change-Id: I934523a732892a1f66d7e77f8d04e200169080f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2863602
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: 's avatarNico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74373}
      3f28ca94
    • Jakob Gruber's avatar
      [compiler] Remove the old Ref ctor generator macro · db89ea81
      Jakob Gruber authored 
      This is the final part of a CL series that establishes
MakeRef/TryMakeRef as the bottleneck for Ref construction. We do this by
converting direct constructor uses to (Try)MakeRef calls, and then
marking the ctor as protected.

Bug: v8:7790
Change-Id: I41bfa226d48cbdfee53b434ec52004eb6507e67a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874166
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74372}
      db89ea81
    • Jakob Gruber's avatar
      [compiler] Use MakeRef for remaining types · 2e8dd879
      Jakob Gruber authored 
      This is part of a CL series that establishes MakeRef/TryMakeRef as
the bottleneck for Ref construction. We do this by converting direct
constructor uses to (Try)MakeRef calls, and then marking the ctor
as protected.

Bug: v8:7790
Change-Id: I26faa6bc1934662c81ae127dee64bddffa428de9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874165Reviewed-by: 's avatarSantiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74371}
      2e8dd879
    • Manos Koukoutos's avatar
      [wasm][bug] Remove deleted WasmModule from typing cache · 202032c8
      Manos Koukoutos authored 
      WasmModules were not removed from the global type judgement cache when
they were deleted. This created problems if another module got allocated
in the same location as a previously deleted module, by creating false
positive cache hits. This CL fixes this issue by removing WasmModule
from the cache as part of its destructor.

Bug: v8:11700
Change-Id: I4948e361dd681040807f35d759b647d1bce585dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859863
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74370}
      202032c8
    • Daniel Dromboski's avatar
      [tools] More Python 3 compatibility fixes · 8807f0ad
      Daniel Dromboski authored 
      These should all be forward/backward compatible with Python 2/Python 3.

[tools] Tweak statusfile.py for Python 3

.iteritems() does not exist in Python 3, only .items().

(While .iteritems() was meant to be an optimization over .items()
in Python 2, .items() should work fine, and it is forward/backward
compatible.)


[tools] Fix another Python 3 issue in mb.py

sys.platform used to return e.g. 'linux2', which is 'linux' plus
whatever the first digit of `uname -r` was when Python was built.
As of Python 3.3, it always returns just 'linux' for Linux OSes.
Use `sys.platform.startswith('linux')` for forward/backward
compatibility.


[tools] Make base_runner.py Python 3 compatible

dict.keys() returns a dict_keys in Python 3, whereas it
used to return a simple array. list() is forward/backward
compatible with identical results on Python 2/3 (returns array).

(Tested on Linux x64, trying to recreate NodeJS's CI workflow.)


[tools] Make tools/dev/v8gen.py work with Python 3

dict.keys() returns a dict_keys in Python 3, whereas it
used to return a simple array. list() is forward/backward
compatible with identical results on Python 2/3 (returns array).

Comparing a None-type value numerically used to result in the
None-type value always being considered "less than" the thing
it is compared to. As of Python 3, numerically comparing against
None or None-typed values results in an error. Check if a value
is truthy before numerically comparing it, for forward/backward
compatibility.

print() used to transparently decode byte strings in Python 2.
In Python 3, they must be explicitly decoded first.

(Tested on Linux 64-bit, trying to recreate NodeJS's CI workflow.)

Bug: v8:9871
Change-Id: I059bf98577a67649bbe7ec49848989d468da96b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867270Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74369}
      8807f0ad
    • Manos Koukoutos's avatar
      [wasm][test] Initializer exprs. for element segments · 8d6da6d5
      Manos Koukoutos authored 
      Element segments and tables in tests used an ad-hoc mechanism to
describe the different types of initializer expressions, e.g. an number
which could denote either the value of a constant or the index of a
global. This CL tidies up and generalizes the test infrastructure by
directly using WasmInitExpr in those cases.

Additional changes:
- Introduce WasmElemSegment class.
- Remove obsolete --experimental-wasm-bulk-memory flag from tests.
- Rename WasmInitExpr.type -> kind.
- Remove dependency of wasm-module-builder from mjsunit.js (except in
  assertTraps).

Change-Id: I716254a04ceea9ceb8ac6b848e12e1637f618f0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857638
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74368}
      8d6da6d5
    • Jakob Gruber's avatar
      [compiler] Use MakeRef for a few types · e0192c6b
      Jakob Gruber authored 
      This is part of a CL series that establishes MakeRef/TryMakeRef as
the bottleneck for Ref construction. We do this by converting direct
constructor uses to (Try)MakeRef calls, and then marking the ctor
as protected.

Bug: v8:7790
Change-Id: I36c07f69378f3a630462c216ef5da284cfd3972f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871449
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74367}
      e0192c6b
    • v8-ci-autoroll-builder's avatar
      Update V8 DEPS. · 8338c7fb
      v8-ci-autoroll-builder authored 
      Rolling v8/build: https://chromium.googlesource.com/chromium/src/build/+log/b057259..85859d6

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/785c56f..d4ee032

Rolling v8/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools/+log/0292793..6b022d1

Rolling v8/third_party/google_benchmark/src: https://chromium.googlesource.com/external/github.com/google/benchmark/+log/ba9a763..33c133a

Rolling v8/tools/clang: https://chromium.googlesource.com/chromium/src/tools/clang/+log/84ada2d..dbcffda

TBR=v8-waterfall-sheriff@grotations.appspotmail.com

Change-Id: Id4968f10cd978198caa4dc523aef60a9a6a81092
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2873071Reviewed-by: 's avatarv8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74366}
      8338c7fb
  3. 04 May, 2021 24 commits
  5. 03 May, 2021 3 commits
    • Omer Katz's avatar
      cppgc: Add AtomicCtorTag to Member types · 39c43692
      Omer Katz authored 
      AtomicCtorTag is needed by Blink to force atomic initialization of
members. This is used when reinitializing a member in a backing store.

Bug: chromium:1056170
Change-Id: I410766a9c9133a1f1c2ea2e1153cb1c61363459f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859944
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: 's avatarMichael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74341}
      39c43692
    • Andreas Haas's avatar
      [wasm-api] Enable trap handler in c-api tests · dc354358
      Andreas Haas authored 
      Additionally a bug in the wasm-to-C wrapper got fixed, which caused
problems with the thread-in-wasm flag: An invalid effect-chain got
constructed. With the write of the thread-in-wasm flag not being
properly placed in the effect chain, the write got scheduled too late.

R=jkummerow@chromium.org

Bug: v8:11713
Change-Id: I351bf622081850b7b0c7aebfd798d1e73ae34a4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867468
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74340}
      dc354358
    • Michael Achenbach's avatar
      Revert "[wasm] Add PKU alloc/free and support counter" · f98f496f
      Michael Achenbach authored 
      This reverts commit a4c37558.

Reason for revert: Speculative revert.
Seems to break all gpu builders, e.g.:
https://ci.chromium.org/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/14577

See shards for detailed output, e.g.:
https://chromium-swarm.appspot.com/task?id=534a8fbeaca4df10

Check failed: valid_arguments. V8.WasmMemoryProtectionKeysSupport

Original change's description:
> [wasm] Add PKU alloc/free and support counter
>
> To enforce W^X for the WebAssembly code space, we want to explore using
> Intel memory protection keys for userspace, also known as MPK, PKEYs, or
> PKU. Instead of flipping page protection flags with mprotect (which
> incurs a high syscall overhead; and which switches flags for the whole
> process), this associates a key with each page once, and then changes
> the permissions of that key with a fast thread-local register write.
> That is, this gives both finger-grained permissions (per-thread) and
> more performance.
>
> This CL is starts experimenting with PKUs by
> (1) trying to allocate a protection key once per {WasmEngine} in x64
> Linux systems, and
> (2) adding a counter for recording the sucess/failure of that, to assess
> the support for PKUs on the target machine.
>
> The low-level PKU allocating functions should be moved into base/platform
> long-term, but are inside wasm/ for this CL.
>
> R=​clemensb@chromium.org
> CC=​​jkummerow@chromium.org
>
> Bug: v8:11714
> Change-Id: Ia4858970ced4d0b84cc8c2651e86dceb532c88a7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850932
> Commit-Queue: Daniel Lehmann <dlehmann@google.com>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74319}

Bug: v8:11714
Change-Id: I70349d413ac9092e2f033d138887678bfecaae17
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2868607
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74339}
      f98f496f