Make sure both the fast and slow version return the same value in case
of wrong follow-bit values in the input.
Bug: chromium:1359230, chromium:1360735
Change-Id: Ic65f81109e5bbc288fa41a5540ec7e6cece10ffc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890998
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83307}
For the 'finish compilation' event for all tiers (SP, ML, TF),
consistently use the 'completed compiling' message prefix.
For deoptimization, print the Code object in addition to the JSFunction
(now that deopts may happen in both ML and TF).
Bug: v8:7700
Change-Id: I3375db91413195c92007db9b1b202af9bd6ac05a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3904601
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83303}
... which will contain all compression scheme related functions.
This will allow introducing custom compression schemes for certain
cases and use the compression scheme class as a template argument for
TaggedField or OffHeapCompressedObjectSlot implementations.
Bug: v8:7703, v8:11880
Change-Id: Ic78d36b7021110d6a4797a3150547a224d942b32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899262
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83302}
ArrayBuffers of length 0 may not have a BackingStore, so guard for that
case in ArrayBuffer.prototype.transfer.
Bug: v8:11111, chromium:1364738
Change-Id: I058d00f0f60183f9137c60682ad93973c7a6dcbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902517
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83301}
This change tests all JavaScript language constructs and builtins in
combination with the unwrapped Wasm objects.
For JavaScript, excluding some basic introspection (e.g.
`Object.isExtensible`) WebAssembly GC objects are treated opaque.
They can be passed around freely but don't allow any access to
properties, elements etc.
This behavior is currently exposed only if the `wasm-gc-js-interop`
flag is set.
Bug: v8:7748
Change-Id: If0dc368f99d4097e3eaf53edde4e244e3081e334
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879616
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83299}
The parallel move optimizer tries to use the scratch register to store
cycle breaks, but needs to spill the value if the scratch register is
needed for stack->stack moves. Whether this spill happened is supposed
to be tracked with the scratch_has_cycle_start_ field, but the update of
this field was missing.
Bug: v8:7700
Change-Id: I2dc8d9186c9ec8ca03104fd3ae972a38924670ed
Fixed: chromium:1364783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899086
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83297}
This reverts commit defa678e8b.
Reason for revert: Blocks roll:
https://ci.chromium.org/ui/p/v8/builders/ci/Linux%20V8%20FYI%20Release%20(NVIDIA)/21307/overview
Original change's description:
> cppgc: Be more conservative in Seeper::FinishIfOutOfWork
>
> Finalizing sweeping can be beneficial to truly end a GC cylce. We
> should only finalize in `FinishIfOutOfWork()` though if that would not
> introduce any jank. Limit the amount of executing finalizers in that
> scenario.
>
> Bug: v8:13294
> Change-Id: I0237f6b6017d444c457923d83e85147c58586445
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902222
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83279}
Bug: v8:13294
Change-Id: Ic3cf7e105a076ef41b35a075d8f35918bc412588
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902582
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83295}
... and report an error if the profile file can't be opened for writing.
Also, overwrite the profile file instead of appending if the file
exists.
Bug: v8:10470
Change-Id: I0da0ee8d901a0c477b7f71ba23436243f93bd0ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902521
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83294}
Lazy deopts are always after calls, so force them to spill their inputs.
This would normally be the case anyway, except for deferred calls, which
don't tell the register allocator to spill like normal calls do.
This makes lazy deopt regalloc always spill its inputs and use their
spill slot, but unlike calls, this doesn't additionally clear the
register, so subsequent nodes can continue using the register cached
value without having to reload it.
As drive-bys, fix the Throw* opcodes to have the Throw property, and use
detail::DeepForEachInput in a couple of extra locations (including for
lazy deopts).
Bug: v8:7700
Change-Id: I89b04f17ca781d4f69ff0ed07566fa583aa677e6
Fixed: chromium:1364074
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899009
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83293}
1) Inlining functions that contain stringref operations require builtin
calls to be marked as kNoThrow appropriately (or have exception
handling support in the graph).
2) Some overly-large inputs for string creation hit DCHECKs before
getting to the places where they would have thrown an orderly
exception.
3) We still had a known issue that some exceptions thrown by JS-focused
code were erroneously catchable by Wasm.
4) When string.concat attempted to create a too-long string, it ran into
a DCHECK because we didn't clear the "thread in wasm" flag.
5) The builtin call for string.concat was erroneously marked as
kEliminatable, which could cause the trap get eliminated.
Bug: v8:12868
Change-Id: Iad3ada0e2465bfd8f3d00bb064c32049d6b19d87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902522
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Reviewed-by: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#83292}
Add a conversion to int32 index for Numbers and Strings containing
indices, and change the element bounds check / lookup nodes to take an
int32 rather than a Smi. While we're at it, also turn the index node
into an int32 index different depending on its known representation.
Bug: v8:7700, v8:13287
Change-Id: Ie98502d58f789873d42f8801499e78bf777db70f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900012
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83291}
Let jump threading phase be able to handle the jump with gap moves instructions.
Record the first occurrence of the gap jump instruction and forward
the same gap jump instructions into the recorded one.
For example:
In this case, we merge the second instruction into the first one,
because those two gap jump instructions have the same gap moves.
-- Before jump threading phase:
B0:
1. gap(rdx=rbx)
ArchJmp imm:3
B1:
2. gap(rdx=rbx)
ArchJmp imm:3
-- After jump threading phase:
B0:
1. gap(rdx=rbx)
ArchJmp imm:3
B1:
2. ArchNop
This can eliminate redundant jump and move instructions.
Design doc: https://docs.google.com/document/d/1SpO7Kw4e6CnCesFT118MUnCufUHZDy3QaVSymcci5jE/edit?usp=sharing
Change-Id: Ie94c8f63e2f758824619f6ed9513cbdff00186c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858528
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#83288}
If trap cover 32bit compare, it will emit 3 archopcode(shl shl trap) and don't emit right source position on Trap opcode.
Change-Id: I5dd1a89d133688ca315360b8d8123d561782d623
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3903733
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83287}
Rolling v8/build: 843261b..cf385c0
Rolling v8/buildtools: 92ea83b..9e95466
Rolling v8/buildtools/third_party/libc++/trunk: e73c465..d128f2b
Rolling v8/third_party/depot_tools: 421c4fe..18bdadc
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220916.1.1..version:9.20220917.2.1
Rolling v8/tools/clang: c3b78bc..b118dfdR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I0474c3176189c9245220bf5682a75e78cb20d8da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3903332
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83285}
Rolling v8/build: b001130..843261b
Rolling v8/buildtools: 813d569..92ea83b
Rolling v8/buildtools/linux64: git_revision:e70d8c3d5620bc0ddcbad23a36b1b26f815ca90a..git_revision:cc28efe62ef0c2fb32455f414a29c4a55bb7fbc4
Rolling v8/buildtools/third_party/libc++/trunk: e2f63a1..e73c465
Rolling v8/buildtools/third_party/libunwind/trunk: 60a480e..77b82eb
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/c067655..fcf15b9
Rolling v8/third_party/depot_tools: dca14bc..421c4fe
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220915.2.1..version:9.20220916.1.1
Rolling v8/third_party/zlib: 7d7ed92..8f22e90
Rolling v8/tools/luci-go: git_revision:c93fd3c5ebdc3999eea86a7623dbd1ed4b40bc78..git_revision:78063b01b53dd33a541938207b785cc86d34be37
Rolling v8/tools/luci-go: git_revision:c93fd3c5ebdc3999eea86a7623dbd1ed4b40bc78..git_revision:78063b01b53dd33a541938207b785cc86d34be37
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Iab1835ab4d720c4499485def6680f8cbed20fa90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3901693
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83284}
This CL unifies the fields for shared spaces for both the shared
isolate and the shared space isolate-approach. This allows to mostly
avoid separate code paths for both implementations.
While this CL already sets up everything needed for allocation with
--shared-space, allocation isn't fully working with this CL due to
other remaining issues.
Bug: v8:13267
Change-Id: Icdb40ed7045e33e6acbb97d3838fa374e6c24a2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3892786
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83280}
Finalizing sweeping can be beneficial to truly end a GC cylce. We
should only finalize in `FinishIfOutOfWork()` though if that would not
introduce any jank. Limit the amount of executing finalizers in that
scenario.
Bug: v8:13294
Change-Id: I0237f6b6017d444c457923d83e85147c58586445
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902222
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83279}
In order to support a larger heap cage (8GB, 16GB), the cage offset
will take up more than 32 bits. As a consequence, for 8GB cages, the
least significant bit of the cage offset will overlap with the most
significant bit of the tagged offset. To avoid this, allocations need
to be aligned to 8 or 16 bytes to free up one or two bits from the
offset.
The allocation top is kept properly aligned without adding fillers in
the newly created gaps, by aligning allocation sizes to 8 bytes.
Bug: v8:13070
Change-Id: I169b51e583d7a4be61d2a6c6060fcf74b410703c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3877147
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Teo Dutu <teodutu@google.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83277}
In multiple counters we have peaks in the 0 microseconds and 1000
microseconds bucket, most probably coming from clients with a
low-resolution clock. Exclude those to get more precise timings.
R=jkummerow@chromium.org
Change-Id: I9b8377354920db4d0070198f440b57a7e86dc7bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3902221
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83276}
We move js-to-wasm wrappers to a WeakFixedArray in the isolate,
indexed by their canonical type index. This ensures that they are
reused across instances, and get GC'd when no longer needed.
We also remove eager compilation of wrappers.
This CL fixes some issues that were caused by out-of-bounds accesses
to wrapper arrays attached to module objects.
Bug: chromium:1363859, chromium:1363895
Change-Id: Idec0925e775f51fdfa7cd380379b0d1798295a0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893860
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83275}
Looks like we hammered on the regalloc hard enough that this works again
🥳
Bug: v8:7700
Change-Id: I4f02417e069e3a6d89ca0c8c43ba165a502150e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899302
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83272}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Ia17d668b3ddcbcb7a35388231aa5d80e8e5b419b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899122
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83270}
We only complete sweeping when the young generation GC is enabled.
Change-Id: I915acce35d6ba16716c2c4ee4130f99af0744f83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3900377
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83269}
Align slow path allocation with V8 in that:
1. Try to refill from the free list.
2. Perform limited sweeping of a space if necessary and retry the free
list.
3. Try to expand the space.
4. Perform full sweeping of a space if necessary and retry the free
list.
5. Finish sweeping fully as we would anyways do a GC at this point.
6. Retry the free list again
7. Try expanding again as finishing sweeping may have freed up pages.
Specifically, this adresses a performance problem where we would fully
sweep the whole heap, possibly causing 100ms of jank on allocation. In
such cases the new approach maintains performance and stays fast at the
expense of using more memory.
Allocations usually find memory in 1.-3. Steps 4.-7. are slow paths
that are definitely expensive but prevent failing with OOM.
Bug: v8:13294
Change-Id: I56133fa4cbbc74f8abcdec49c7e10125c2dbc3e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899260
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83268}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=saelo@chromium.org
Bug: v8:12887
Change-Id: I7e41e1952958936c32fec501b8348fac0538cd71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899269
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83265}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=ishell@chromium.org
Bug: v8:12887
Change-Id: I2ef25bc50fdf12f0149f2cdfce7102f2cc0f25d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899196
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83261}
Isolate::shared_isolate() was used in many locations to check for the
shared heap feature. Now that we also have shared_space_isolate()
checking shared_isolate() isn't sufficient anymore.
This CL replaces many invocations of this method with either
has_shared_heap() or shared_heap_isolate(). These methods work for
both shared_isolate() and shared_space_isolate(). As soon as we remove
the shared isolate we can remove them again.
Bug: v8:13267
Change-Id: I68a3588aca2a12e204450c2b99635dd158d12111
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899316
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83260}
All --stress-* flags are now automatically tested. This also removes
a superfluous option that was never changed. The default value is
now inlined.
No-Try: true
Bug: v8:13113
Change-Id: If7428b383ed01ff36a93f618badababfc448db26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899259
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83258}
