Cached template objects only need to be cached for reference identity
comparisons. If there is no strong reference to the cached template
object, then there's nothing to compare it against if it were to be
loaded from the cache, so we can hold it in the cache weakly.
Bug: v8:13190
Change-Id: I4a787eb33eab734fe9df6c424ff915d775fce70f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3898692
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83220}
Based on bots and local testing, MinorMC has reached a stable state in
terms of correctness.
Enable fuzzing with MinorMC to flush out additional issues.
Bug: v8:12612
Change-Id: I9cf8c5791d7256ff63c777b295863506436ee165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872265
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83190}
The numfuzz fuzzer.py has a loop to send a new test after receiving
a result. When all test processors go into stopped state, attempts
of sending new tests return False. That case wasn't handled here
and we kept looping forever.
Bug: v8:13113
Change-Id: Ief2686614d9703fb590400ac3e73b6ac9008c8f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891373
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83188}
Joining a queue-using process can deadlock if the child process is
about to write to the queue, but the parent process wants to join the
child. To fix this, we now drain elements from a separate thread of
the main process.
Bug: v8:13113
Change-Id: Ic279e66ab84eb89a4034ff1f2c025eb850b65013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891116
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83177}
callstats.html creates grouped entries on the fly. Thus we can safely
ignore already added group entries from the input file.
Change-Id: I5a17fc895c4d36bfd7b79fcdb6d4644498998f86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890977
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83135}
A call to cancel_join_thread() is removed as it is suspected to leave
the done_queue with garbled data on process join.
Bug: v8:13113
Change-Id: I85a736cee98d1c2a315efdd468cde216ad848c99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3891251
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83132}
This is a reland of commit 49c5967830
The non-deterministic snapshot issue has been fixed by using the correct
field size for CodeDataContainers in serializer.cc.
Original change's description:
> [sandbox] Fold V8_SANDBOXED_EXTERNAL_POINTERS into V8_ENABLE_SANDBOX
>
> Now that all external pointers have been sandboxed,
> V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
> shrinks external pointer slots to 32 bits when the sandbox is enabled.
>
> Bug: v8:10391
> Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83083}
Bug: v8:10391
Change-Id: I29870404406902d99ba6016c570cc0c4d05c6c85
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3887899
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83130}
On termination of the worker pool in the main process, a SIGTERM is
sent from pool to worker. It was meant to terminate long-running
tests in the worker process. The signal handler on the worker side,
however, was only registered during test execution. During the
remaining logic (<1% of the time probably) the default system
behavior for SIGTERM would be used (which will likely just kill
the process). The ungracefully killed process might be killed while
writing to the results queue, which then remains with corrupted data.
Later when the main process cleans up the queue, it hangs.
We now register a default handler in the worker process that catches
the SIGTERM and also gracefully stops the processing loop. Like
that, the SIGTERM signal will always be handled in workers and never
fall back to SIGKILL.
However, a small time window exists when the SIGTERM was caught
right when starting a test process, but when the test-abort handler
was not registered yet. We keep fixing this as a TODO. Worst case,
the main process will block until the last test run is done.
Bug: v8:13113
Change-Id: Ib60f82c6a1569da042c9f44f7b516e2f40a46f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882972
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83101}
Now that all external pointers have been sandboxed,
V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
shrinks external pointer slots to 32 bits when the sandbox is enabled.
Bug: v8:10391
Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83083}
.. which sets the --interrupt-budget-for-maglev to a very low value
s.t. that tiering to Maglev happens very early. Note this affects
both normal tierup and OSR.
Also add flag handling to fuzzer.py, both as added globally with
probability 0.1, and added to InterruptBudgetFuzzer (which I also
updated with other tiering-related flags).
Bug: v8:7700
Change-Id: I844cf53a6a2da459565d0ad0ccae02b04853cd26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878165
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83033}
This is a reland of commit d00c040547
Changes since revert: Use AsAtomicTagged instead of
base::AsAtomicPointer to store a hash value in the forwarding table.
Original change's description:
> [strings] Support shared external strings>
>
> With this CL shared strings can be externalized and external strings can
> be shared.
> The StringForwardingTable is used to delay the real transition to the
> next full GC. On the API side strings marked for externalization will
> look like externalized strings.
>
> Bug: v8:12957
> Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82966}
Bug: v8:12957
Change-Id: I17715e927e4339240a6aa12a3c4a3c2ea50eb567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871211
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83018}
This adds Python logging to several code locations that previously
used to just print. The locations aren't yet complete. The changed
code locations should help for investigating hanging test runs.
The default level is WARNING for running tests locally, and INFO
when called from bots that pass the --swarming parameter.
Bug: v8:13113
Change-Id: If3a336703e7c346a5c718f2359b1a80e37e1ca6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876183
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83006}
This reverts commit d00c040547.
Reason for revert: Failing CI tests on Mac arm64
Original change's description:
> [strings] Support shared external strings
>
> With this CL shared strings can be externalized and external strings can
> be shared.
> The StringForwardingTable is used to delay the real transition to the
> next full GC. On the API side strings marked for externalization will
> look like externalized strings.
>
> Bug: v8:12957
> Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82966}
Bug: v8:12957
Change-Id: I13155fcc788d217db56cbfd1c9e4457a81a9dbd7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870486
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82970}
With this CL shared strings can be externalized and external strings can
be shared.
The StringForwardingTable is used to delay the real transition to the
next full GC. On the API side strings marked for externalization will
look like externalized strings.
Bug: v8:12957
Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82966}
This ignores one of --assert-types and --stress-concurrent-inlining if
used together. We already filter those from trials, but they also might
get picked from // Flags lines in test cases.
No-Try: true
Bug: chromium:1359829
Change-Id: I7e46afb53bdbb0a871c7443a5a66a339046eb3de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871195
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82961}
Add logic to drop cyclic contradictory flags from
correctness-fuzzing command lines. Add the currently known
biggest offenders.
Without this, the correctness fuzzing harness runs into a CHECK
failure during smoke testing, when attempting to pass cyclic flags
to d8. It fails fast, but uselessly burns fuzzing time.
This change drops one of the known cyclic flags instead to make the
test run still useful. The precedence is right to left like in the
V8 test framework.
Additionally on Clusterfuzz, all crashes during smoke testing are
deduped as one crash report. We don't know if there are other
problems before this one is fixed/hidden.
No-Try: true
Bug: chromium:1330303
Change-Id: I06cbb4655cd3cf467f5cce6f84dba653834ca72e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865562
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82939}
.. and update old entries:
- Remove --no-untrusted-code-mitigations (flag no longer exists)
- Make --stress-concurrent-inlining-attach-code less likely since it
mostly overlaps with --stress-concurrent-inlining and there haven't
been many reports in this are lately.
Bug: v8:7700
Change-Id: Ic88ea74ca88a7c14edfc39bc0a55b846bb01e465
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867506
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82882}
If we see a default ctor, walk up the constructors until we find a non-
default one.
Default ctors can only be skipped if there are no class fields / private
brands.
This CL implements the Ignition parts; Sparkplug, Maglev and TF will
be implemented as follow ups. (This is fine, since this feature is
behind a flag.)
Bug: v8:13091
Change-Id: Ie8ca8aedb01bd4b13adf1063332a5cdf41ab358a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804601
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82872}
Due to https://crbug.com/1195263, large typed arrays can have an
observable difference on the same architecture, depending on
optimization behavior.
For differential fuzzing comparisons, we previously used a proxy
for typed arrays that capped the maximum size only when comparing
different architectures - there an observable difference is WAI.
We move the capping code and make it arch-independent for now until
the bug above gets fixed, since it caused too many duplicates, which
degrade fuzzing performance.
Bug: chromium:1195263
Change-Id: Ic81c383e547413378cbe037de3c38eb900a9e5dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866173
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82860}
There are 2 kinds of WasmToJs code: one uses a WasmFrame and the other
a simple TypedFrame TF frame. This CL introduces WasmToJsFunctionFrame
(as a simple TypedFrame) to dfferentiate from the WasmFrame counterpart.
This was not an issue before
https://crrev.com/c9c490891ab3d63fc790770cb1c76f8013ba963f
since we used to use a single master function for pointer iteration.
No-Tree-Checks: true
Bug: v8:13243
Change-Id: I97f7e8c897159ca3cafa65ff6ddf836c5ef7b76e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865969
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82856}
This CL:
- Separates Wasm frame pointer iteration from TypedFrame iteration
- Introduces the frame StubWithContext that correspond to a TF-optimized
code without JS linkage
- Fixes WasmToJsFrame to be a WasmFrame
- Fixes the hack with JsToWasmFrame that calls TypedFrame when not
the right builtin
- Cleans up TypedFrame::Iterate
Change-Id: Ie238df5188f2e2f081f5353b4538b75b6e79f64a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859787
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82809}
Bugs that are older than the switch of v8_foozzie.py to Python3
bisect to the switch commit unfortunately. This change attempts to
let bisect run longer if a python2 executable still exists.
No-Try: true
Bug: chromium:1355824
Change-Id: I457a50af21704ddd2985793861eee8be5601a673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856574
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82728}
--stress-opt never did what we wanted it to; it ran its runs in
different contexts (therefore not able to share feedback across runs),
and even if it didn't, each run would create new closures for any
defined closures, so we'd still more than likely end up poly- or
mega-morphic.
Fuzzers cover this use case better than --stress-opt ever did, so now
it's just using precious bot time. We can get rid of it.
Bug: v8:10386
Change-Id: Ibbb9207d887b4b1dc4ec9093858d477c0f95eb37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803228
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82722}
Now roll_merge_gerrit.py waits for a +1, and immediately submits. With
auto-submit and rubber-stamper bot, this makes the script fully
fire-and-forget.
This also fixes the commit message update to include the change id.
Bug: v8:12849
Change-Id: I63784bfc1b2a16dfcd308b11e67d9da9c2ff3f8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804249
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Liviu Rau <liviurau@google.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82664}
Namely:
- AccessorInfo::getter and AccessorInfo::js_getter,
- CallHandlerInfo::callback and CallHandlerInfo::js_callback.
The redirected/non-redirected callback distinction is required only
for simulated builds but we wasted memory also for all native builds.
Now we store these fields in "redirected" form which allows us to call
them directly from builtins or generated code. In case it's necessary
to call a callback from C++ code the C function address is read from
the redirection. This additional indirection makes the callback calls
from C++ code in simulated builds slower but saves memory for native
builds.
This CL should recover a part of memory regression caused by inlining
Foreign fields into AccessorInfo and CallHandlerInfo.
Bug: v8:12949, chromium:1336105, chromium:1335930
Change-Id: I38470ed21ee23b281247c11a9531542c7e4acca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835686
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82631}
This CL changes the WasmTypeInfo class to have a direct ExternalPointer
to the native type structure instead of using a Foreign. This in turn
makes it possible to use a unique pointer tag for that external pointer
when the sandbox is enabled.
Bug: v8:10391, v8:12949
Change-Id: Ifee4d2103cabfa6a7299d0d09e06d387034e5f8f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829085
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82504}
Once lazy compilation lands we want to continue testing the eager
compilation configuration. For that we add --no-wasm-lazy-compilation to
the "stress" variant.
Bug: v8:12852
Change-Id: I1777aaeb1c8cec0359128ed4b3d34a21aa3ce37e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810249
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82470}
When trying to understand why a given module fails to validate, it
can be helpful to disassemble it as far as possible until reaching
the erroneous byte(s).
Change-Id: I0056ba1a81b85a486c0446d15bbf54ccb2e8332e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827866
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82433}
- Unify old Pool interface with the new context related interface
- Add single threaded execution pool
- Defer task killing back to OS context
- Defer process listing in indicators back to OS context
Bug: v8:12785
Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg_ng,v8_numfuzz_ng,v8_numfuzz_tsan_ng,v8_android_arm64_n5x_rel_ng
Change-Id: I8ffe01c5d567411203f69ecc451c718ff35d81c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3781347
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#82371}
This is a reland of commit b1020a4345
Changes since revert:
- Fixed global safepoint interrupts in
https://chromium-review.googlesource.com/c/v8/v8/+/3820913
Original change's description:
> Reland "[shared-struct] Add Atomics.Condition"
>
> This is a reland of commit e2066ff6bf
>
> Changes since revert:
> - Rebased against c991852491, which
> uses the external pointer table for the WaiterQueueNode stored
> in the state field when compressing pointers. This relaxes
> the alignment requirement of the state field to be 4-bytes when
> compressing pointers.
> - Moved the state field into the JSSynchronizationPrimitive base
> class, since alignment and padding can now be made simpler.
>
> Original change's description:
> > [shared-struct] Add Atomics.Condition
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630350
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763787
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Bug: v8:12547
Change-Id: Ibc6de74c7853e4ea766ff2c70f92339ba69f2675
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820901
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82368}
This is a reland of commit 5592bad963
- Disable timeout signal handler with --fuzzing
- Properly initialize sigaction object
Original change's description:
> [d8] Dump stack trace on d8 tests timeouts on posix systems
>
> - Add a SIGTERM handler in d8 that dupms the stack trace
> - Send SIGTERM before SIGKILL in the test runner
>
> Bug: v8:13115
> Change-Id: I75285f33caabab61ff6ae83c1fbc6faf45cf595a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791906
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82173}
Bug: v8:13115
Change-Id: I115cc3f671ebe11ba204e75a6fc358ca3477e950
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820221
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82361}
The system analyzer relies on server-side processing to symbolize C++
addresses, using lws-middleware.js:
ws --stack system-analyzer/lws-middleware.js lws-static cors
This does not work on Android however, given the log file refers to the
stripped apk file rather than the unstripped libchrome.so binary. This
CL adds the --apk-embedded-library option to the middleware script to
make this work:
ws --stack system-analyzer/lws-middleware.js lws-static cors \
--apk-embedded-library=/path/to/out/android/lib.unstripped/libchrome.so
Also, for completeness, add the --target option to set targetRootFS.
Bug: v8:10644
Change-Id: I7bb73adf49e3af8eaa88a5e2c81ec913023ac1a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823133
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82359}
- Add explicit --turbo-profiling-output and --turbo-profiling-input
- Rename --turbo-profiling-log-file to --turbo-profiling-input
- No longer log PGO data to v8.log
- Add runtime %GetAndResetTurboProfilingData helper function for
more controlled logging within chrome
- Rewrite generate.py script to use more python3
Bug: v8:10470
Change-Id: Ib817b5c3793a0a7ae77103075ea2d6f6d0282150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820381
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82350}
The original CL triggered a fail in a test that was actually broken.
This broken test has now been disabled.
Original CL description:
> In a subsequent CL, I'll need to do String allocations in Turbofan (in
> the background), where only a LocalFactory is available. By moving
> those string allocation functions to FactoryBase, they will also be
> available in the LocalFactory.
>
> Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82262}
Change-Id: I89108038bd7b3d1e99ad16837fd730b7703d3c9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816669
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82335}
as part of --instruction-stats.
Change-Id: I4504514fa291a28bc04dec31d8a444b316e7d7b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823123
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82334}
This is a reland of commit 5592bad963
Disable timeout signal handler with --fuzzing
Original change's description:
> [d8] Dump stack trace on d8 tests timeouts on posix systems
>
> - Add a SIGTERM handler in d8 that dupms the stack trace
> - Send SIGTERM before SIGKILL in the test runner
>
> Bug: v8:13115
> Change-Id: I75285f33caabab61ff6ae83c1fbc6faf45cf595a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791906
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82173}
Bug: v8:13115
Change-Id: I8ddbf2a5e601737c2326384d832902b38c371f81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816670
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82296}
This reverts commit b1020a4345.
Reason for revert: Causes timeout for `condition-workers`: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/40516/overview
Original change's description:
> Reland "[shared-struct] Add Atomics.Condition"
>
> This is a reland of commit e2066ff6bf
>
> Changes since revert:
> - Rebased against c991852491, which
> uses the external pointer table for the WaiterQueueNode stored
> in the state field when compressing pointers. This relaxes
> the alignment requirement of the state field to be 4-bytes when
> compressing pointers.
> - Moved the state field into the JSSynchronizationPrimitive base
> class, since alignment and padding can now be made simpler.
>
> Original change's description:
> > [shared-struct] Add Atomics.Condition
> >
> > Bug: v8:12547
> > Change-Id: Id439aef9cab3348171a23378cdd47ede5f4d7288
> > Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630350
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Shu-yu Guo <syg@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#81734}
>
> Bug: v8:12547
> Change-Id: I638304c3d5722c64bd04708ed4cf84863cdebb81
> Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763787
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82278}
Bug: v8:12547
Change-Id: I27c2aeb131f1b68c2240323189db88d552aa92f9
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817187
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82292}
This is a reland of commit e2066ff6bf
Changes since revert:
- Rebased against c991852491, which
uses the external pointer table for the WaiterQueueNode stored
in the state field when compressing pointers. This relaxes
the alignment requirement of the state field to be 4-bytes when
compressing pointers.
- Moved the state field into the JSSynchronizationPrimitive base
class, since alignment and padding can now be made simpler.
Original change's description:
> [shared-struct] Add Atomics.Condition
>
> Bug: v8:12547
> Change-Id: Id439aef9cab3348171a23378cdd47ede5f4d7288
> Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630350
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81734}
Bug: v8:12547
Change-Id: I638304c3d5722c64bd04708ed4cf84863cdebb81
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763787
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82278}
This reverts commit 5965c90b3c.
Reason for revert: breaks tree
Original change's description:
> Move some string allocation functions from Factory to FactoryBase
>
> In a subsequent CL, I'll need to do String allocations in Turbofan (in
> the background), where only a LocalFactory is available. By moving
> those string allocation functions to FactoryBase, they will also be
> available in the LocalFactory.
>
> Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82262}
Change-Id: I27b4dd06286562ec67e5e6e681e6bcebbff08980
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816662
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82264}
In a subsequent CL, I'll need to do String allocations in Turbofan (in
the background), where only a LocalFactory is available. By moving
those string allocation functions to FactoryBase, they will also be
available in the LocalFactory.
Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82262}
This CL refactors WasmContinuationObject to have a direct
ExternalPointer to the jmpbuf structure instead of using a Foreign.
This in turn makes it possible to use a unique pointer tag for that
external pointer when the sandbox is enabled.
Bug: v8:10391, v8:12949
Change-Id: I25528bd8aaffb32dd617440d3ccb77d319894a38
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805061
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82238}
The infrastructure runs everything already in Python3, so this is
mostly a clean-up.
For MB, a python2 holdover was removed and new lint errors were
fixed.
The renames were automated with:
git grep -e "/usr/bin/python$" |
cut -d':' -f1 |
xargs
sed -i 's/#!\/usr\/bin\/python$/#!\/usr\/bin\/python3/1'
and
git grep -e "/usr/bin/env python$" |
cut -d':' -f1 |
xargs
sed -i 's/#!\/usr\/bin\/env python$/#!\/usr\/bin\/env python3/1'
Bug: v8:13148
Change-Id: If4f3c7635e72fa134798d55314ac1aa92ddd01bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811499
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82231}
The "Deoptimized function count" displayed in profview tool
should be the sum of deopt-eager, deopt-lazy and deopt-soft.
Change-Id: I42252930c3685f1ca721691f983abb8adeb492e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793469
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82220}
- Update parse processor to use new async log-reader functions
- Fix some typos
- Add more desciptions to the output
- Update bytes and time formatting to use common helper.mjs functions
Bug: v8:13146
Change-Id: Idf58a394aa493b7f50ad5282533c1b6d326117be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810233
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82206}
Memory limits are difference on 32-bit and 64-bit systems, so foozzie
finds differences in Wasm execution.
This can be avoided by always setting the same (lower) limit.
R=machenbach@chromium.org
Bug: chromium:1348335
Change-Id: I452d257fd78730b4113bfe67120dbed2e8ba5878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804696
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82200}
This is a reland of commit 491de34bcc
co-authors: Ji Qiu <qiuji@iscas.ac.cn>
Alvise De Faveri Tron <elvisilde@gmail.com>
Usman Zain <uszain@gmail.com>
Zheng Quan <vitalyankh@gmail.com>
Original change's description:
> [riscv32] Add RISCV32 backend
>
> This very large changeset adds support for RISCV32.
>
> Bug: v8:13025
> Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82053}
Bug: v8:13025
Change-Id: I220fae4b8e2679bdc111724e08817b079b373bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807124
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82198}
- Add a SIGTERM handler in d8 that dupms the stack trace
- Send SIGTERM before SIGKILL in the test runner
Bug: v8:13115
Change-Id: I75285f33caabab61ff6ae83c1fbc6faf45cf595a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791906
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82173}
Add flag contradictions for "assert-types" flag and a README file for how
to add trials from the source side. Also restore "assert-types" and its
contradictions' probability since we can avoid contradictions now.
Bug: v8:1340816,v8:1336577
No-Try: true
Change-Id: I2a3af2d13cd2f9f542bec5c013c50bf26ff93cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3787878
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82133}
This is a reland of commit 07e11a64e4.
The original change removed the fill_thehole_and_call_runtime bailout
in StringBuiltinsAssembler::StringToArray() so when the string
is external and cannot be unpacked, the FixedArray won't be filled
with holes before we call into the runtime, thus failing a
heap verification if a GC happens before the array is filled. This
reland adds back the bailout for this case.
Bug: v8:12718, chromium:1330410
Original change's description:
> [heap] pre-populate the single_character_string_cache
>
> This simplifies the code and removes the runtime overhead of
> spontaneously adding strings to the cache.
>
> Bug: v8:12718
> Change-Id: I2ed49bd82e3baf2563eeb8f463be72c0308c52c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616553
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#80803}
Change-Id: I25e8724d511a8d0d971fa2a9b6ba8a0eafce4413
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793525
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82082}
This very large changeset adds support for RISCV32.
Bug: v8:13025
Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82053}
Strips the Name section off a module.
Change-Id: Ie28b80e610e4a858689f6a8aa01c0855c4c905a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3787876
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82029}
Drive-by-fix:
- Rename baseline to sparkplug for consistency
- Add request timeouts for the local symbol server
- Add script to start a local symbol server
- Fix -h/--help support for linux-perf-chrome-renderer-cmd.sh
Change-Id: I4c2fc3595d672871f20fc5c4065ba45e801a1111
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769699
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81992}
This is a follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/3776693
The previous CL accidentally didn't manage to enable
the PGO build because `v8_optimized_debug` is true in
release builds.
Bug: v8:10470
Change-Id: I66ec74e71eb697aa48b981d78ad526f4b8c5a917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784989
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81971}
This extends the ExpectedOutProc runner to print a diff between the
expected and actual output. The behavior of other runners is unchanged.
Change-Id: If2b89d39cf98b8d257b1a209b5471a79ec3868ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771641
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81966}
This CL refactors WasmInternalFunction to no longer inherit from Foreign
but instead contain a (sandboxed) ExternalPointer field for the call target.
Bug: v8:10391
Change-Id: Iaaf25e635a275d7570e09699be3c8dec6108d4b3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3782675
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81957}
The DevTools frontend doesn't want the Wasm module's understanding of
function body offsets (i.e. including locals), but the ranges of
offsets where breakpoints can be set (i.e. only where instructions are).
This patch adjusts the reported offsets accordingly.
A consequence is that we have to report full (start,end) pairs for each
function, instead of being able to dedupe end1==start2 etc.
Bug: v8:12917
Change-Id: I0c7d2d96435cdac2c4553647b7bcc8783bc1798b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780526
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81887}
Prints information about frequency and aggregate size of instructions.
Change-Id: Ia745c0e5e26fbc5e24437302ba171bd05600577d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773779
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81875}
Background:
In order to show custom content in the "Locals" pane in WinDbg, v8windbg
replaces the getter function for a built-in debug model property named
"Debugger.Models.StackFrame.LocalVariables". This is the property that
the debugger fetches when determining what to display in "Locals". The
new implementation of that getter, V8LocalVariables::GetValue, can
either call the original getter (so that WinDbg displays the usual
content for normal C++ frames) or produce a custom result (for builtins
and JIT-compiled JS frames).
The current problem:
In new builds of WinDbg, users of v8windbg no longer see any content in
the Locals pane for stack frames that correspond to builtins or
JIT-compiled code. This is because of a behavior change in WinDbg:
previously, attempting to get Debugger.Models.StackFrame.LocalVariables
would eagerly attempt to find the symbols for the frame and return an
error code if symbols were not found, but now it returns a lazy object
which does not perform symbol lookup until you iterate its properties.
V8LocalVariables::GetValue currently starts with an early-exit path
based on checking whether the original getter succeeded, so the new lazy
implementation causes us to always take that early exit.
Proposed fix:
Rather than relying on the return value from the original getter, which
is not guaranteed to work consistently, we can base our decisions on the
instruction pointer. If it points outside any module, or if it points to
within a function in the module containing V8 whose name starts with
"Builtins_", then we can build a custom result for the Locals pane.
Change-Id: I6644071d5d83a25b964d9f4018265532528cc85c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3759228
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81856}
Some follow-up after getting rid of `let`.
Change-Id: I073372f4edd0847c4ffa428595a6f74158c87a98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773515
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81844}
This adds support for reading modules in hex or decimal "array literal"
syntax, e.g. what --full-hexdump produces, or the result of printing
JS arrays using `console.log(JSON.stringify(bytes))` or similar.
Bonus feature: support reading input from stdin, e.g. for piping.
Change-Id: Ic268f266a243f843b6fbf1e3f090e1b06487f5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767743
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81829}
- accelerated nodes selection for the old IR layout;
- implemented turboshaft blocks layout building (blocks coordinates and edges);
- extended interaction with user (selecting/hovering) for such things like: blocks/nodes/edges.
Bug: v8:7327
Change-Id: I0b01679e9dde0bb7d94ba80dd0ee744f334e1968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747871
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#81810}
This adds a bunch of tracing hooks to the module decoder and uses
them to support "annotated hexdump" output for full modules in wami:
$ out/x64.release/wami my_module.wasm --full-hexdump
Change-Id: I5821d940b5ec236df9708eecd0124172d8893ffd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754741
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81791}
- Removed duplication and unnecessary indirection from all suites testcfgs.
- Introduced a more comprehensive context to cover both command context and other platform specific concerns.
- Propagated above context to TestLoader to allow for test counting command execution on all platforms.
- Wrapped original pool with another class to give it a new interface and allow injecting different implementations in the future.
- Consolidated progress indicators under a single processor in the pipeline.
- Consolidated result retention requirements calculation outside of pipeline chain.
- Refactored LoaderProc and got it under tests.
- Added some more tests for the standard runner.
- Extracted BuildConfig class.
Bug: v8:12785
Change-Id: I87be040e91f792a983662bb5a10d55b36a14ea7f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701595
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81770}
As sandboxed pointers are now default-enabled when the sandbox is
enabled, it is no longer possible to deactivate the sandbox at runtime.
This CL therefore removes all the logic that was required to support a
sandbox that could be disabled at runtime, moves the initialization of
the sandbox into V8::Initialize, and deprecates V8::InitializeSandbox.
This change also makes the sandbox initialization deterministic if
FLAG_random_seed is supplied.
Bug: v8:10391
Change-Id: Ibd49f7c251b7c58c642f18a551ecc2c391740970
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762583
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81746}
This adds "annotated hexdump" as a disassembly output format, as a
first step only for individual functions:
$ out/x64.release/wami my_module.wasm --single-hexdump 17
"Annotated hexdump" format is useful for debugging/inspecting module
wire bytes, and for creating array literals for regression tests.
Change-Id: Iabfb4f9c6f68f3328910c1225a23b424e9315d4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3748652
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81616}
Minor bug fix in alias support (crrev.com/c/3723506), which broke
modes with suffixes, e.g. x64.release-css or x64.rel-css
No-Try: True
Change-Id: I16fdc83dde269f66f4bb7260de0d2649aaece27e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732929
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81541}
Prints information about sections in a given module and their sizes.
Change-Id: I3bf02f0c8be53756364db4d2dada60bc8a510815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743447
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81522}
Initial feature: list functions in a module, as follows:
$ gm x64.release wami
$ out/x64.release/wami --list-functions my_module.wasm
More to come.
Change-Id: I9580437d51153e1b5ccc291fdb6a6a67315be07d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742700
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81515}
This adds a new --experimental-value-unavailable flag, which is disabled
for now. When enabled the debugger reports values that are optimized out
by TurboFan and values of certain variables in Temporal Dead Zones (TDZ)
as unavailable. Internally we use a special `value_unavailable` accessor
info to represent these values, and on the debugger boundary we report
these properties with `value`, `get`, or `set`.
Doc: https://goo.gle/devtools-value-unavailable
Bug: chromium:1328681
Demo: devtools-dbg-stories.netlify.app/crbug-1328681-value-unavailable
Change-Id: Idb09a4a148335a950deae60f7c07caecc48826ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3627510
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81509}
Ctrl+X, Ctrl+V. No change in behavior.
This is a preparational step for templatizing the module decoder
for disassembler purposes.
Bug: v8:12917
Change-Id: I08a5d2e666cd16a207e9862b2691446c0473ddb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738221
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81489}
This reverts commit a618a4a341.
Reason for revert: Original CL got reverted, we don't need the suppression anymore.
Original change's description:
> [foozzie] Silence a frequently occuring correctness bug
>
> This CL adds back a patch of Math.pow for correctness fuzzing, which
> drops some precision and hides a difference on the fast path.
>
> The same suppression was previously used on https://crbug.com/693426.
>
> No-Try: true
> Bug: chromium:1339320
> Change-Id: Id52f25f8a2b6b5aeca956587b16a10c61aa68e36
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726295
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Auto-Submit: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81408}
Bug: chromium:1339320
Change-Id: Id4cf04f9480b3052978ee7ca3dd83d7ee16845c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736446
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81470}
MinorMC maintained a separate marking state to support interleaved GCs.
Since MinorMC now assumes that interleaving is not possible, MinorMC can
use the same marking state as the full GC.
Bug: v8:12612
Change-Id: Ibeb7df2eb24e448f811b497c9d16b3b132f87ec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735163
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81468}
This CL adds back a patch of Math.pow for correctness fuzzing, which
drops some precision and hides a difference on the fast path.
The same suppression was previously used on https://crbug.com/693426.
No-Try: true
Bug: chromium:1339320
Change-Id: Id52f25f8a2b6b5aeca956587b16a10c61aa68e36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726295
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81408}
The ExternalPointerTags are assumed to be compile-time constants in most
cases, so turning them into template parameters enforces that. As
decisions such as whether to use the per-isolate or the shared external
pointer table are encoded into the tag values, forcing those to be
compile-time constants guarantees that the compiler will be able to
inline the correct logic when accessing an external pointer.
With this, there are now two (high-level) ways of accessing external pointer fields from C++: the Read/WriteExternalPointerField methods
which require the ExternalPointerTag to be a template parameter, and the
ExternalPointerSlot class which takes the tag as an argument. The latter
is for example used for snapshot deserialization and by the garbage
collector (more generally, by the ObjectVisitor::VisitExternalPointer
method), where the tag is not a compile-time constant.
Finally, this CL also introduces a new ExternalPointerHandle type which
represents the (opaque) on-heap representation of a reference to an
entry in an ExternalPointerTable when sandboxing is enabled. Making this
its own type makes the code a bit more readable.
Bug: v8:10391
Change-Id: I867b8ce41d15d485f1dc66786f233c710c56afcb
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720641
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81402}
The following flag combinations run into a CHECK in d8:
('--assert-types', '--stress-concurrent-inlining')
('--assert-types', '--stress-concurrent-inlining-attach-code')
All flags can be passed as clusterfuzz trials on d8 fuzzers and lead
to poor fuzzing outcomes. This lowers their probability as a
mitigation until a better solution is found.
No-Try: true
Bug: chromium:1336577
Change-Id: I63747bb0a466c01d2789fc76cb9232f7afe720f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721382
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81387}
Now you can use 3-letter alias for all modes: rel, opt, dbg
Example: gm.py x64.opt.d8
No-Try: True
Change-Id: I825ebbf4cc1c509599f4fd2ac5aa0ac6fab998c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3723506
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81382}
If the returned promise rejects, we switch to the suspender's stack and
throw the value.
Re-purpose the WasmOnFulfilled data to also represent the rejecting
case and rename it to WasmResumeData.
R=ahaas@chromium.orgCC=fgm@chromium.org
Bug: v8:12191
Change-Id: I91a301c3c6d9d243efbfabe7263555e11f0d9277
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706606
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81325}
ICU 71 added new enum value UNUM_APPROXIMATELY_SIGN_FIELD
need to map to "approximatelySign"
We also discover a spec bug in
https://github.com/tc39/proposal-intl-numberformat-v3/issues/99
All the parts of formatRangeToParts should have a source "shared" for
the case that start and end are the same or very close.
Bug: chromium:1336865
Change-Id: I89142479989d3d2017d8cb89194db737710c38ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3717278
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81286}
Initial implementation for concurrent shared arrays. Current implementation exposes a `SharedArray` constructor, but its syntax might
change in the future.
Shared arrays can be shared across Isolates, have a fixed size, have no
prototype, have no constructor, and can only store primitives, shared structs and other shared arrays. With this CL shared structs are also allowed to store shared arrays.
The Backing storage for the SharedArrays is a `FixedArrayBase`. This CL introdces a new ElementKind: `SHARED_ARRAY_ELEMENTS`. The new kind should match the overall functionality of the `PACKED_SEALED_ELEMENTS` kind, but having it as standalone kind allows for easier branching in CSA and turbofan code.
Bug: v8:12547
Change-Id: I054a04624d4cf1f37bc26ae4b92b6fe33408538a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585353
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81285}
... to avoid additional indirection on every access.
Drive-by: given that AccessorInfo class now has a custom body visitor
it's no longer necessary to encode flags field as Smi.
Bug: v8:12949
Change-Id: I30eabee3cbc5ded2bf3f050dfe22208713a764bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701590
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81237}
Instead of doing multiple separate checks with branches, turn the
name check into a single range check.
This means that the symbols and strings for properties than can
invalidate protectors need to be allocated consecutively in memory.
Change-Id: Id3a2003534bab5ecf83393a60167f779d636fc4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695360
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81185}
--no-use-map-space should now be fixed, it is already enabled with
--future.
Bug: v8:12578, chromium:1317880
Change-Id: I9ea10dfaebf7b17cb1c953e272bc3358932a10b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702232
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81173}
This prevents accidental use for release branch merging, which
works but shouldn't.
Change-Id: I4db99bb721c935a8a1c7c44c1b4d909f44a8bf9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705382
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81157}
roll_merge_gerrit.py now loops, waiting for the merge to be submitted.
Once it is, it adds a tag with the version number.
Bug: v8:12849
Change-Id: I7c2765877efad2ccbe082b984642f5e989dc3c8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705379
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81150}
- removed some 'feature envy' instances:
- created a AugmentedOptions class to take care of non trivial option look-ups
- moved some calculation closer the the actual data
- promoted parameter that was passed around a lot (options) to filed in the offending class
- similar object creation looks a bit more similar
- CommandContext provides a wrapper that ensures resource de-allocation
- separate tests from standard and num_fuzz runners
- added a couple of more tests to improve coverage
This is still in flux. But further changes risk creating a disconnect between the original implementation and further refactorings.
Bug: v8:12785
Change-Id: I0ec2e9c6a81604a5cd1d4a80982dd3329c1b48db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3686411
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81148}
In previous refactoring, the CSS files are moved to subdirectory css
Change-Id: I38e05ae1a9e56f36d5bd25131e605a93cfdb61f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701958
Commit-Queue: Jie Pan <jie.pan@intel.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81120}
In particular, this CL adds support for:
- exception handling
- source positions
- OSR
- various numeric operations and conversions
Since the test suite now passes with `--turboshaft`, this also adds a
new variant for Turboshaft and enables it on some bots.
Bug: v8:12783
Change-Id: Ia2dd2e16f56fc955d49e51f86d050218e70cb575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669251
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81074}
roll_merge.py manually checks out V8 into a temporary directory, locally
builds a cherrypick, and uploads this to Gerrit. However, Gerrit has its
own REST API which allows cherrypicking. Using this API directly has two
advantages:
1) We don't need to perform any local checkouts, so it's much faster,
and
2) The cherry-picked commit is marked as a cherry-pick by Gerrit,
which means Rubber-Stamper-Bot will treat it as a cherry-pick.
The implementation for now is very simple, and doesn't support things
like cherry-picking multiple revisions or applying an additional local
patch. It does, however, increment the patch value in v8-version.h, and
tries to set Owners-Override +1.
Bug: v8:12849
Change-Id: Ie242dbec6b3d24f5118d601e9d326465d190a8f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644609
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81072}
- moved test data closer to tests
- removed the coverage related code
- refactored to remove boilerplate from test code
Bug: v8:12785
Change-Id: I1013d29d8ff2c3ecb786c294ae3b3ab6decdca20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683610
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80921}
The last line of output (which is not terminated by a newline) was not
showing for me when running the merge script. We can either fix it by
specifying `flush=True` at the `print` statement, or flushing before
reading user input. The latter seems more future-proof.
R=machenbach@chromium.org
Change-Id: I61cb929d2f7cdd20b3e32b9beb1653fe2d5c5791
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3676857
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80890}
List all variants for the --variant help text
Change-Id: I249d8140b19e13dc3eceedaade2b856b1fdb1567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3663088
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80884}
This is a reland of commit ea9a1f1cbe
Changes since revert:
- Make the state field uintptr-aligned since arm64 faults on
atomic accesses to non-naturally aligned addresses.
Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}
Bug: v8:12547
Change-Id: I776cbf6ea860dcc6cb0ac51694a9b584b53d255c
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673354
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80875}
This CL adds a moving GC-safe, JS-exposed mutex behind the
--harmony-struct flag. It uses a ParkingLot-inspired algorithm and
each mutex manages its own waiter queue.
For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
Bug: v8:12547
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80789}
We want to use llvm-ml to assemble files on Windows, but it only
recognizes .asm files as input files. See
https://chromium-review.googlesource.com/c/v8/v8/+/3668287.
Change-Id: I34ff6d2693a34653c8e22a7c2d093853505cd455
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3672420
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80782}
The generated code checks if the receiver is a JS_API_OBJECT and if the
receiver requires an access check, and if not it lowers the call to an
API call.
We also add compilation dependencies on the protector cell to deopt if
our invariants change. (Note - the actual invalidation of these cells
will be implemented in a follow up CL)
Bug: v8:11321
Change-Id: I15722f1e5fac7176e292da4a35186e4609636aba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2719563
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80748}
The test cctest/test-v8windbg recently started failing because the
v8windbg debugger extension is unable to read the "flags" field on a
SharedFunctionInfo instance. This occurs because one of the bitfields
within "flags" has type OSRCodeCacheStateOfSFI, which is only declared
using an "opaque enum declaration":
enum OSRCodeCacheStateOfSFI : uint8_t;
When WinDbg fails in its attempt to look up that type, v8windbg responds
by failing to construct anything at all for "flags". However, the other
17 bitfields in "flags" can be represented successfully, so a more
useful behavior is to just skip the one failed entry.
Change-Id: I40630548d21499e49f0214da28260318a38d9360
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3653096
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80615}
Split off a TurbofanFrame from OptimizedFrame, and make MaglevFrame a
subclass of OptimizedFrame. This allows it to be treated as an optimized
frame by code that is looking at deoptimization data.
Bug: v8:7700
Change-Id: Ia38e0f1c2cd73f054f63be81dff187d9197c1202
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644798
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80592}
NumFuzz passes various flags to V8 testing randomly, which can lead to
various flag contradictions with existing flags. Up to now the system
ignored the check for contradictions and kept running the test cases,
leading to false positives.
This change adds a new v8 flag --exit-on-contradictory-flags that
exists gracefully when a contradiction is detected. On the numfuzz
side we now filter simple contradictions beforehand.
Measurements showed that ~2% of all numfuzz tests ran into
contradictions. Around half of them are simple contradictions
(repetitions and inversions), which are now filtered beforehand.
The remaining ones (redundant or contradictory implications) are
now ignored.
Bug: v8:11826
Change-Id: I9942e203ba9668a097fabe1343dd1365c9da94c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650746
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80589}
Now that we require C++17 support, we can just use the standard
static_assert without message, instead of our STATIC_ASSERT macro.
R=leszeks@chromium.org
Bug: v8:12425
Change-Id: I1d4e39c310b533bcd3a4af33d027827e6c083afe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647353
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80524}
Doesn't do much at the moment beyond not being a baseline frame. Fixes a
DCHECK in tiering that checks the frame type, by removing the frame
lookup there (which wasn't necessary anymore).
Bug: v8:7700
Change-Id: Icecfe27771923d380a7d1dc1c29aa9c5c9dfbf0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644618
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80512}
This reverts commit c3ac338bb9.
Reason for revert: Breaks stepping with `n`
Original change's description:
> [tools] Add a simple gdb frame unwinder
>
> Add a simple unwinder for gdb which, on x64, walks frame pointers
> whenever there is no source information available. Ideally we would only
> do this for V8 PCs but this appears hard to do in an Unwinder without
> messing with gdb's internal assumptions.
>
> Change-Id: Iba1e62a3768340ee912e81d691237c1920a8ae91
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608628
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80204}
Change-Id: I0264cf34cfe8fe2331bacf202dedbb4706535936
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644855
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80493}
- Make sure the viewport size of the svg is adjusted properly when
scaling
- Fix an off-by-one when calculating Chunk groups
Bug: v8:10644
Change-Id: I56e857a8aa1a67e408bcfb08ed126e6bfdb0ce1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641177
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80473}
This filters the flags --maglev and --no-use-map-space when passed to
foozzie. Most open bugs are known or spurious, but all take up the
limited hashes for correctness bugs, which prevents finding other
bugs. Filtering on the source-side will make those reports appear
as fixed.
Bug: chromium:1324097, chromium:1317880
Change-Id: Ibf1b04bdfdd2395c3bda5787b4843c6bb5ca8f8e
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641171
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80468}
In the previous refactoring --filter was accidentally filtering out
paths that matched <regexp>. This CL restores the original behavior
where only the matching paths are kept.
Bug: v8:12821, v8:11113
Change-Id: I7e7d7b793107fbf9b4944b1674874150803f4bb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623539
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80426}
Turn on fuzzing for Maglev to get additional test coverage.
Bug: v8:7700
Change-Id: I5b72d851639e31dff1bd91361cd81ad448c2d69e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629334
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80416}
With the introduction of the StringForwardingTable, there are no
concurrent transitions of strings happening anymore.
- Remove String migration sentinel maps + helper methods
- Remove CanMigrateInParallel()
- Remove MigrateStringMapUnderLockIfNeeded() and simplify MakeThin()
There is still unused code I didn't remove in this CL, as we might need
it later for shared struct features: YIELD_PROCESSOR for spinlocks and
Relaxed_Memcmp().
Bug: v8:12007
Change-Id: Iaa09ef93d2ee612e42cd73395a06eada22fe7dae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629545
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80414}
Also manually reformat some files with the clang-format change.
Rolling v8/build: e10cf1a..c8ec41b
Rolling v8/buildtools: c2e4795..113378f
Rolling v8/buildtools/linux64: git_revision:7c8e511229f0fc06f6250367d51156bb6f578258..git_revision:48b013c9d9debc0f5fc1dd71a257b3c38c5acb43
Rolling v8/buildtools/third_party/libc++abi/trunk: 518fd76..c7888dd
Rolling v8/buildtools/third_party/libunwind/trunk: 705543f..d8a4746
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/88422dc..9ba02ee
Rolling v8/third_party/depot_tools: dc8ca44..fccf35c
Rolling v8/third_party/zlib: 32e65ef..961141d
Rolling v8/tools/clang: 3c4a622..75625c6
Rolling v8/tools/luci-go: git_revision:6da0608e4fa8a3c6d1fa4f855485c0038b05bf72..git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e
Rolling v8/tools/luci-go: git_revision:6da0608e4fa8a3c6d1fa4f855485c0038b05bf72..git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I00a09d42cf91f226c661e97915d5a95fff84b079
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3615245
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80343}
To be consistent with the all the other tiers and avoid confusion, we
rename --opt to ---turbofan, and --always-opt to --always-turbofan.
Change-Id: Ie23dc8282b3fb4cf2fbf73b6c3d5264de5d09718
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610431
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80336}
This change adds support for computing SHA-256 hashes in the stack
output of errors by adding a function to the prototype of the
`CallSite` object, passed to `Error.prepareStackTrace`. Additionally,
it updates the `hash` property from `Debugger.scriptParsed` and
`Debugger.scriptFailedToParse` to be SHA-256 instead of the
proprietary hash it is today.
It is intended to be an advancement in indexing source maps to
support improved tooling, especially for post-hoc or in-production
diagnostics scenarios.
The explainer can be found here:
https://docs.google.com/document/d/13hNeeLC2Ve_FVieNndZUUUP15x2O4ltvjnGWwOsMlrU/edit?usp=sharing
Change-Id: Ifbbed4b22c8256e74e6d79974d2dd1e444143eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229957
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Robert Paveza <Rob.Paveza@microsoft.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80320}
We usually run benchmarks in multiple variants: default, future, noopt
This is currently only achieved by copying the run-perf json file and
changing the flags at the top-level (or copy whole subsections).
Using "variants" we can duplicate the tests at the current level with
different values and easily create benchmarks that differ only in v8
flags.
Drive-by-fix:
- Add Node.__iter__ and log the whole config graph in debug mode
- Add GraphConfig.__str__ method for better debugging
- Rename TraceConfig to LeafTraceConfig
- Rename RunnableTraceConfig to RunnableLeafTraceConfig
- Make --filter accept a regexp to better filter out variants
Bug: v8:12821, v8:11113
Change-Id: I56a2ba2dd24da15c7757406e9961746219cd8061
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596128
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80307}
Introduce get_hints.py and combine_hints.py in order to make
the interpretation of basic block counts into hints more
configurable and explicit, as well as allowing more accurate
and consistent methods of combining multiple profiles.
get_hints.py allows for the minimum count and threshold ratio
values to be easily altered for different profiles, while
combine_hints.py allows the hints produced from different
benchmarks and threshold values to be easily and sensibly
combined.
Simply summing together basic block counts from different
benchmarks could previously lead to a longer running benchmark
overshadowing multiple shorter benchmarks with conflicting
hints.
Allowing alteration of the current threshold values gives a
doubling of performance, while the new method of combining
distinct profiles can double the performance improvement of the
secondary benchmark while losing as little as 4% of the
improvement gained in the primary benchmark.
Design doc: https://docs.google.com/document/d/1OhwZnIZom47IX0lyceyt-S9i8AApDB0UqJdvQD6NuKQ/edit?usp=sharing
Bug: v8:10470
Change-Id: I1c09d1eabfdda5ed6794592e2c13ff8b461be361
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545181
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Cr-Commit-Position: refs/heads/main@{#80282}
The SIMD proposal has been merged into the main spec, it is not
necessary anymore to execute the SIMD proposal tests additionally.
R=gdeepti@chromium.org
Change-Id: I1c5847a1bfba2d0c956cf353816fd71417506a1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3609848
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80241}
Allow live ranges to be displayed beside the
instruction sequence in turbolizer.
Bug: v8:7327
Change-Id: Idec5130655ccc9365dd32ec6927d8615a3e5c570
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585960
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80226}
Add a simple unwinder for gdb which, on x64, walks frame pointers
whenever there is no source information available. Ideally we would only
do this for V8 PCs but this appears hard to do in an Unwinder without
messing with gdb's internal assumptions.
Change-Id: Iba1e62a3768340ee912e81d691237c1920a8ae91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608628
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80204}
Add basic profiler support
- Moved profiling-related helpers to profiling.mjs
- Added bottom-up profiler table
- Added mini-timeline overview wit opt/deopt events and usage graph
- Added flame-graph, pivoted on the currently selected function
Drive-by-fixes:
- Added/updated jsdoc type information
- Fixed static symbols (builtins, bytecodehandlers) that were both
added by the CppEntriesProvider and from code-events in the v8.log
- Support platform-specific (linux/macos) dynamic symbol loader by
adding a query path ('/v8/info/platform') to lws-middleware.js
- added css var --selection-color
Bug: v8:10644
Change-Id: I6412bec63eac13140d6d425e7d9cc33316824c73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585453
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80192}
ShadowRealm.prototype.importValue dynamically imports other files, so
the testing infrastructure need to look for these calls to gather files
to push to e.g. test devices.
The reason to do this over explicit Resources: comment lines is to also
cover test262.
Bug: v8:12829
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Change-Id: I6a06933d5da849157b2c7d5fa6b7b98d39f7d39f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606391
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80189}
Invoking a JSBoundFunction is slightly slower than a normal
JSFunction (since we don't have to first jump to the
target_function).
The closure steps in SourceTextModule ExecuteAsyncModule is
controlled by the engine so it is better to create dedicated
context slots for the captured values.
Change-Id: I8163fc4b302d6d22906e578164470c9e28e768e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584601
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#80155}
The `set disable-randomization off` command may fail on some platforms,
such as the `rr` debugger. We can just ignore the error and carry on.
Change-Id: I9b8dae183a9852178a3d3411172bf3aef173c995
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602519
Auto-Submit: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80143}
As per https://tc39.es/ecma262/#sec-hostimportmoduledynamically defined,
referencingScriptOrModule in HostImportModuleDynamically can be a Script
Record, a Module Record, or null.
So to https://tc39.es/proposal-shadowrealm/#sec-shadowrealmimportvalue,
the HostImportModuleDynamicallyCallback is been invoked with a `null`
resource_name. This may not be considered a breaking change as the
parameter resource_name is defined as Local<Value>.
Updates d8's DoHostImportModuleDynamically to handle null resource_name,
and resolve the dynamically imported specifier relative to the executing
script's origin. In this way, we have to set ModuleEmbedderData.origin
even if the JavaScript source to be evaluated is Script. Also, a
ModuleEmbedderData is created for each ShadowRealm to separate their
module maps from the initiator context's.
Bug: v8:11989
Change-Id: If70fb140657da4f2dd92eedfcc4515211602aa46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522883
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#80118}
Using this flag has led to several duplicate issues. We need to stop
using the flag for a while until the issues are investigated.
Potentially these are all false positives.
No-Try: true
Bug: chromium:1317880
Change-Id: I09f4e1c642befc3a8f5b88c2eb003931dc112826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602508
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80114}
- Use explicit options when running gmcole.py from run-gcmole.py
- Use gcmole.py-relative paths to find the default V8 root dir for
maximum convenience when running locally
Change-Id: Iba0da90b99b0321129f1c4099f437c76dabb1186
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582386
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80058}
We do change CWD in the script which breaks relative input paths
to d8 and .js files for instance.
Drive-by-fix:
- Show clear warning if `perf record` failed
Change-Id: Ib900ca6b53307e13be459beba1e96ddfc8ee9b79
No-try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593784
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80057}
These tools haven't been used in a while and are unmaintained.
We can use pprof with stack-filtering to achieve similar results.
Change-Id: I84392c066dffc6b0d9efba27a8fdfb31091796bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593786
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80026}
i::Logger => i::V8Log
i::PerfJitLogger => i::LinuxPerfJitLogger
i::PerfBasicLogger => i::LinuxPerfBasicLogger
Note: V8Log is currently still managing instances of other loggers,
this functionality will be moved to a separate class in the future.
Bug: v8:12795, chromium:1316443
Change-Id: Id1b44e65abb7819eb6d6c718a1baa9ed61ad51aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3593133
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80016}
Turn on fuzzing for disabled map space to get additional test coverage.
Bug: v8:12578
Change-Id: I82c577c8c24b51df627c873fde95fb239e16d36f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3592892
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80012}
- Start moving profiler scripts to tools/profiling
- Add linux-perf-d8.py wrapper script that runs `perf record` and
`perf inject`
- Improve waiting for the d8/chrome process and allow for early
termination if --timeout is provided
- Allow fractional seconds for --timeout
- Delete run-perf.sh and provide equivalent functionality in
linux-perf-d8.py
Change-Id: Iac1d6cf895aa7159a9bbb387aca7632df27a0ca3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3585951
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79991}
API logging has not been used in a while and we have valid alternatives:
- Runtime call stats
- Profiling
- Timer events
Together they make --log-api superfluous and we can remove it and reduce
the number of branches when calling into the V8 API.
Change-Id: Ie10f70b61ebdb82166270e7630ebcf20a27c4902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574549
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79904}
- Parse the condensed source position info support for jitted code
- Add progress bar/circle to loader
- Use temporary Array instead of concatenated strings in escapeField to
reduce gc pressure
- Use bound functions as event handlers in more places
- Various timeline legend fixes:
- Fix columns alignment when duration is present
- Use fixed width to avoid breaking the UI
- Correctly show total/percents for 'All' and 'Selection' entries
- Improve usability of filtering buttons: added tooltips and fixed
redrawing on filtering
Bug: v8:10644
Change-Id: I1275b31b7b13a05d9d6283d3067c1032d2d4819c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574544
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79897}
This is a follow up CL for https://crrev.com/c/3538284.
Tests credited to https://crrev.com/c/3468352.
- Add unicode filename path test.
- Convert ansi encoded filename argv to utf8 encoded on windows. Because
the ansi encoded filename argv may lose some information for unicode
filename, and we need to use GetCommandLineW to get the actual unicode
filename argument. And we convert it to utf8 encoded to be consistent
with subsequent processing.
- Use REPLACEMENT CHARACTER to replace the characters which cannot be
encoded with sys.stdout.encoding in progress.py.
This CL should be **reverted** if new unicode filenames cause problems.
Bug: v8:12541
Change-Id: Ic5c5ae342b3a5b11c3119452af03c9165d429ed7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568926
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#79850}
Currently, v8_presubmit uses the system version of depot_tools for C++
and JS linting. This is an issue for branches which rely on a specific
depot_tools version for linting. This CL proposes the use of the
depot_tools version defined in DEPS.
This change was evaluated in https://crrev.com/c/3571813. The first
v8_presubmit attempt uses the system-defined depot_tools version, while
the second attempt is rebased on this CL and uses the DEPS defined
version.
Bug: v8:12743
Change-Id: I87e14ea5c1e3dc20b34106ff56f608d55ec3253d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571805
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79828}
Reduce the dispatching overhead in the hottest loop when parsing log-lines.
- Using a JSMap we can avoid internalizing strings
- Preprocess the dispatch table and only have varArgs or functions as
parsers
- string[] seems to be slightly faster than string.charAt()
Bug: v8:10644
Change-Id: I03b13bdeecda1ad037191ff74e05142ceeb6533c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571890
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79816}
- Double click on the current timeline selection to focus and zoom in
- Make timeline-tracks focusable by setting a tabindex
- Add back arrow-key navigation for the map panel (only when focused)
- Prepare code for adding keyboard-based horizontal scrolling
- Use --code-font CSS variable
Bug: v8:10644
Change-Id: Ic473695c9fcdc795d173cd064b4660e100ae8b24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568475
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79786}
- Process the minidump in a separate function to avoid keeping
references to the mmapped file during disposal
- Clear all MinidumpReader variables before disposing the mmapped file
Change-Id: I0ce468597329d6f7d703a08309e4be378d9c27cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568469
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79750}
