Inlining the field accesses make the code simpler by avoiding the
abstraction of the accessor, and makes stepping through the code for
debugging easier.
R=thibaudm@chromium.org
Bug: v8:12330
Change-Id: I51bd0e88baa5ffba5bd4bfcca36e95caab7468c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372913
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78521}
Since the accessors are only called from other methods in the same
class, we can just access the field directly. This makes stepping
through easier and makes the code simpler by avoiding an unneeded
abstraction.
R=thibaudm@chromium.org
Bug: v8:12330
Change-Id: I39727324e82fcfd15b3b242c53ed5534e2e5511d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372912
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78520}
This should have been updated in https://crrev.com/c/3370408
Bug: chromium:1284506
Change-Id: Ie44d80b507c9a798ce6f4776672270f9d4b12195
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3371463
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Austin Sullivan <asully@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78519}
The test was added in https://crrev.com/c/3372910, but needs to be
skipped on non-SIMD hardware because it contains SIMD instructions.
R=thibaudm@chromium.org
Bug: v8:12330, chromium:1284980
Change-Id: Ifaede466b24aea4f9ef6b062414a31698bcca864
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372917
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78517}
The register state is accessed a lot in the mid-tier register allocator.
Instead of going through an accessor with a DCHECK, just access
directly. This makes stepping for debugging a lot easier, and will
result in an easy-to-debug nullptr access if the register state is not
initialized.
R=thibaudm@chromium.org
Bug: v8:12330
Change-Id: Icf4d1cc187a34f28ee44fc9b80ee5d765aa14b9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372911
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78516}
The bailout is there explicitly in the code, so we should allow it in
{CheckBailoutAllowed}.
R=ahaas@chromium.org
Bug: v8:12527
Change-Id: Ifd906afb5f034f05c2bf7d9a28e3ab458549e7ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372915
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78515}
Spilling was already fixed if a fixed SIMD register overlaps with an
allocated FP register, but the other way around was missing: If an odd
FP register (in this case d1) is used as a fixed output register, but
this register is in use as the upper half of a SIMD register (in this
case q0), we did not detect this and would just use overwrite the SIMD
half.
This CL also fixes this case.
R=thibaudm@chromium.org
Bug: v8:12330, chromium:1284980
Change-Id: Id3f98b7accd77e38ab4cd5ff8910aaf5ad96a1ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372910
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78514}
Rolling v8/build: f29e3b6..3fd1fd5
Rolling v8/buildtools/linux64: git_revision:19bf826e6e5d05100cb3568e90e48bd3c97d4f22..git_revision:387b368dfe63fec317f8e609d90c634807f2764e
Rolling v8/buildtools/third_party/libunwind/trunk: 6a10e3e..4bf418e
Rolling v8/third_party/depot_tools: e971498..9552069
Rolling v8/tools/clang: 24c1100..17ca796
Rolling v8/tools/luci-go: git_revision:89429843eb2dedb599a6c7c7754343b97d95943d..git_revision:d1e877e2b3e5a05a5cd34c4a340fedba14a16c2b
Rolling v8/tools/luci-go: git_revision:89429843eb2dedb599a6c7c7754343b97d95943d..git_revision:d1e877e2b3e5a05a5cd34c4a340fedba14a16c2b
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I9b882395fb44b11308a3e55166bbf7f527c538d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3371705
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78508}
https://crrev.com/c/3297708 changed the serialization format for typed
arrays without bumping the format version. As a consequence, builds that
include that CL fail to deserialize typed arrays serialized by previous
V8 versions.
This CL reverts the serialization format change, and does minimal test
changes to reflect the revert. https://crbug.com/v8/12532 tracks
serializing typed array flags in a backwards-compatible manner.
Bug: chromium:1284506
Change-Id: Ib32e88c6383e0ad4ad1a9ff63f413a1eb123b1ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3370408
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78507}
Rolling v8/build: ccc9811..f29e3b6
Rolling v8/buildtools/linux64: git_revision:281ba2c91861b10fec7407c4b6172ec3d4661243..git_revision:19bf826e6e5d05100cb3568e90e48bd3c97d4f22
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ec88714..aa0e8d0
Rolling v8/third_party/depot_tools: 02d65ea..e971498
Rolling v8/tools/clang: 2d10229..24c1100
Rolling v8/tools/luci-go: git_revision:e897e118887a2e6c50a82212b660cb2a7c58d910..git_revision:89429843eb2dedb599a6c7c7754343b97d95943d
Rolling v8/tools/luci-go: git_revision:e897e118887a2e6c50a82212b660cb2a7c58d910..git_revision:89429843eb2dedb599a6c7c7754343b97d95943d
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I9d02d870a7233878220336aaa985c9216f521c58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3362608
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78505}
In the C++20 a following paper was implemented [1]. This
paper makes code below illformed. The high level idea is
that as soon as class gets non default constructor - all
default initializations are not added implicitly.
class A {
public:
A(const A&) = delete;
};
int main() {
A a{};
return 0;
}
So if V8 embedder is building its code with C++20 it can
not initialize v8::CppHeapCreateParams struct and as a
result can not create a CppHeap.
One of the possible mitigations (3.3) from the paper is
to add non copyable field into class. Luckily there
is std::vector<std::unique_ptr>> in this class already.
[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1008r1.pdf
Change-Id: I8a2dc35784d7646b5f73a5e178716e9bf2ffe601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348007
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78504}
This reverts commit be6bd4f448.
Reason for revert: Consistent timeouts on Linux and Mac, e.g.
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/37973/overviewhttps://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/37346/overview
Original change's description:
> [wasm] Fast paths in EvaluateInitExpression
>
> We add fast paths for the most common types of expressions in
> {EvaluateInitExpression} to improve instantiation time. We fall back to
> full expression decoding for less common operators, or for expressions
> with operands.
>
> Bug: chromium:1284557
> Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78497}
Bug: chromium:1284557
Change-Id: If09468eb1e790d4359573ddff8b653fe84b0e11e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368602
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78502}
Clang 12 doesn't support -Wno-bitwise-instead-of-logical,
so silence it with -Wno-unknown-warning-option.
GCC requires using GNU dialect of the C++ standard, using
optimizations (otherwise "always_inline" fails to inline),
and produces a lot of warnings that had to be silenced.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I9ddd4f39dca2167b5b208dc2d0ba8e60030eddfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333635
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78499}
New text is moved over from BlinkGCDesign.md
Bug: chromium:1283934
Change-Id: I10a84c91a642e96c494d6e523d6d89059afaa1ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366658
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78498}
We add fast paths for the most common types of expressions in
{EvaluateInitExpression} to improve instantiation time. We fall back to
full expression decoding for less common operators, or for expressions
with operands.
Bug: chromium:1284557
Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78497}
We implement loop peeling for wasm, currently available behind a flag.
Loops are peeled regardless of size.
Bug: v8:11510
Change-Id: Ia4c883abdee83df632b2611584d608c44e3295c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367615
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78496}
Introduce a build-time flag to disable all CET shadow-stack
manipulation. This will allow us to develop the feature without breaking
production code, and enable it all at once once the feature is ready.
R=mlippautz@chromium.org
Bug: v8:12522, v8:11246, chromium:1284445, chromium:1284599
Change-Id: Iedc1b9a0c0c74f484bb76d86c84809798c0931b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368101
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78494}
When computing the code size estimate for {PrepareAndStartCompile}, we
did not consider Liftoff code in the async path. Other invocations
checked {FLAG_liftoff} to decide whether Liftoff code will be generated.
This CL fixes the async path to do the same, and renames {uses_liftoff}
to {include_liftoff} to match the name of the parameter in
{EstimateNativeModuleCodeSize}.
R=ahaas@chromium.org
Bug: v8:12520
Change-Id: Ic92237dc05ac96ddd88c3e8788cd443c83bd446f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367624
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78492}
The jump table sizes were added to the estimated code size, and then
again added for computing the reservation size for the code. This CL
moves the jump table size from {EstimateNativeModuleCodeSize} to
{EstimateNativeModuleMetaDataSize} so it is still considered for the
total memory associated with the {NativeModule}, but only added once for
the code space reservation.
R=ahaas@chromium.org
Bug: v8:12520
Change-Id: I871e54833659a0d466f3e8359bb3b515c85dd3cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367622
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78491}
The V8InspectorSessionImpl constructor accepts a state, as either text
or CBOR encoded, and generally ignores all invalid inputs, except for
the case where it's a valid value, but not a dictionary value, in which
case it'll leak the value and crash upon casting to a `DictionaryValue`.
This is purely an issue with the test driver, so no security impact on
Chromium in the wild.
Fixed: chromium:1281031
Change-Id: I7b4d0aea83370499b1274d3fa214a14dc098d2f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361838
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78490}
This method performs exactly the same operation as the official
`v8::Exception::GetStackTrace()`, which is already used in other
places, so there's no point to have a duplicate of that in the
debug interface.
Bug: chromium:1283162
Change-Id: I09dd07f678165e1565bd77173e8ce64636ef649b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366659
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78489}
There is no reason for bazel/config to be used as an external dependency
(we can replace "@v8//bazel/config" as easily as "@config") and it makes
integration with other Bazel workspaces much harded than it needs to be.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: Idb818c3237d6840ebaa1dfc85b8be686b06d8a2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3331591
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78486}
Naming a class member function the same as a class name
could cause compilation issues with gcc:
```
error: changes meaning of 'StackFrameInfo' from 'class
v8::internal::StackFrameInfo'
```
This CL changes the function name to fix the problem.
Change-Id: I085018504deefefa99dbf2ff8638bc0e872fdbc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366703
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78484}
If a fixed register is defined for an input, we did only spill the
sibling SIMD register if the other sibling was allocated. This is not
correct. If only the sibling is in use (e.g. s1 colliding with q0) we
also have to spill that sibling.
R=mslekova@chromium.org
Bug: chromium:1283042, v8:12330
Change-Id: I6a22eaf461774a0b4603ec3ff17062134a528161
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359615
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78483}
The mid-tier register allocator did not handle block merges correctly
where a SIMD register was partially overlapping with a non-SIMD
register. This CL fixes that, and reorders the code to allow for early
exits.
R=mslekova@chromium.org
Bug: chromium:1282224, v8:12330
Change-Id: I2e9275d5c1aaa764ecb63fbf8fa197b68d6b6c3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3358294
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78482}
If such a frame is near the top of the stack frame, move to the frame
below instead, which is the caller of OS::DebugBreak.
Also, rename dcheck_stop_handler to v8_stop_handler since we handle more
than DCHECKs there.
R=leszeks@chromium.org
No-Try: true
Change-Id: Ib31c2dc8278ec779a00babfdc952453e66e5f110
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366238
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78481}
Previously, guard regions were created by allocating pages with
PROT_NONE and relying on an allocation hint. This could fail however,
for example on Fuchsia (where it would allocate a VMO to back the guard
region) and possibly on Windows (where a placeholder mapping was
replaced by a "real" mapping).
Introducing an explicit VirtualAddressSpace::AllocateGuardRegion routine
now makes this operation more efficient and effectively guarantees that
it cannot fail if used correctly: in a regular subspace, there is no
need to allocate anything when creating guard regions since the address
space reservation backing the subspace is guaranteed to be inaccessible
when no pages are allocated in it.
Bug: chromium:1218005
Change-Id: I6945f17616b6b8dad47241af96d4cb1f660e8858
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366237
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78480}
This change fixes the implementation of the previously introduced API
`Runtime.setMaxCallStackSizeToCapture` to work correctly and also apply
(consistently) to stack traces captured by V8 when exceptions are
thrown. It does so in a fully backwards compatible manner.
This change thus makes the previous fix for catapult (which landed in
http://crrev.com/c/3347789) effective, and therefore ensures that real
world performance benchmarks aren't affected by the use of the `Runtime`
domain in the catapult test framework.
Note this is basically a reland of crrev.com/c/3361839, but without
touching the stack traces for console messages (which led to the
regressions in crbug/1283516, crbug/1283523, etc.).
Fixed: chromium:1280831
Bug: chromium:1283162, chromium:1278650, chromium:1258599
Bug: chromium:1280803, chromium:1280832, chromium:1280818
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: I3dcec7b75d76ca267fac8bd6fcb2cda60d5e60dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364086
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78479}
This sprinkles some more trace events in the disabled by default
"v8.inspector" category, to help with understanding performance
impact of stack trace capturing better.
Bug: chromium:1283162
Change-Id: I6085d587f241635fbb6934bef3adc95f58c5d2aa
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3364085
Reviewed-by: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78477}
