Rolling v8/build: 4f35453..bd89361
Rolling v8/buildtools: c3244c4..09154d6
Rolling v8/buildtools/reclient: re_client_version:0.85.0.91db7be-gomaip..re_client_version:0.86.0.25feac0-gomaip
Rolling v8/buildtools/third_party/libc++/trunk: b343ccb..cd0a050
Rolling v8/buildtools/third_party/libunwind/trunk: 86213b7..5870472
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dc9aaef..b898eb3
Rolling v8/third_party/depot_tools: 7aaca94..d06e475
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221111.1.1..version:10.20221117.0.1
Rolling v8/third_party/instrumented_libraries: 7bb87a3..ecd3bd8
Rolling v8/third_party/zlib: 8bbd6c3..d866d41
Rolling v8/tools/clang: d3df9cc..ed5ed0e
Change-Id: I169e5ba775c5bcd84679e5c74b4583476ecfa964
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4039189
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84373}
This adds a regression test for https://crrev.com/c/4025548.
Using {addBodyWithEnd(body)} makes the test a lot faster, and we just
skip it on known-to-be-slow variants.
In a default release build, the test takes ~0.3 seconds. In an x64 debug
build, it takes 17 seconds.
Bug: v8:13436
Change-Id: I63e2927774601b24d177b03cf075f9a8d287e934
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4031206
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84371}
Port b57bb851e0
Original Commit Message:
If entered, the debugger hangs on readline in fuzz test cases, which
makes differential fuzzing test cases harder to handle and repro.
R=machenbach@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ic0ebfe18ea7a50b6655087983ad02dbec60456fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4037846
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Cr-Commit-Position: refs/heads/main@{#84369}
Top-level inline-asm has no knowledge of its current section and
continues under whatever section that was defined before it.
`src/heap/base/stack.h` in this case is defining some global
constant values and as a result the previous section in this case
is `.rodata`, hence we may be placing instructions in a (potentially
not properly aligned) read only data section (which happens to become executable).
This CL forces the assembler to place these in the .text section and
gives them a correct alignment.
Change-Id: Ie9288b6c024f6ff0f399620169e5f777986e96c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035887
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#84367}
Tail calls generate parallel moves that don't preserve the stack
layout, which is not always correctly handled by the current
gap resolver algorithm. Introduce a more robust algorithm that
handles any parallel move.
Design doc:
https://docs.google.com/document/d/1WbX5B4ej9MzsJ28JS4J5cF2eiJhKyX39vAUB7GSA5YE/edit?usp=sharing
Also remove the move-splitting logic. The problem that it addresses
(swapping aliasing FP registers of different widths on arm) is already
handled by the new algorithm.
Bug: chromium:1269989
Change-Id: I575d5b56e0d949e3226388e06052292680b66044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030580
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84366}
The CL implements an old-V8-to-young-Oilpan remembered set together with
a generational barrier.
Bug: v8:13475
Change-Id: I5f09f7c6db397f2a49cb0c47fd758a1604af4e83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030433
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84365}
The End block is not necessarily the last one in the RPO. Iterate
until the end but skip the end block.
Bug: chromium:1381131
Change-Id: I5e1cd19c1b3bea4cbe565319631a7686ed2352fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4017313
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84364}
The sandbox-future configuration (used by these bots) is now equivalent
to the default configuration, so they are no longer needed.
Bug: v8:10391
Change-Id: I3c4995f68a270b9f94161bbb9b4f90fd5ccade93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4034168
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84362}
This adds tests of the GCSuspectsCollector and its relevant usages
in GCMole. The relevant logic has now 100% code coverage, which
prepares refactoring of the code and serialization of only partially
collected suspect data in a future CL .
No-Try: true
Bug: v8:12660
Change-Id: I0b0cc6f8a5e65f14084e80cda50400232e0d2c45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4031052
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84361}
Now that the external pointer sandboxing rollout has completed, the
machinery to support unsandboxed external pointers is no longer needed.
Bug: v8:10391
Change-Id: I5cec4b9bfca41a7db670b93d984f3cfc5a2adbfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4034166
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84360}
We can skip write barriers when storing read only objects. This should
fix the linked bug where no v8::Isolate::Scope is set up during GC.
Bug: v8:13257, chromium:1386096
Change-Id: I2be9a38895e34bc7f6582c26d3c236dd23cf1f2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4036570
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84358}
This will enable running the main gcmole script in different modes
in the future, full run (this CL), later suspect generation only and
analysis only.
Bug: v8:12660
Change-Id: Ica87366fb3c5b6e238f5a1efaf347ebbeb01003a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026062
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84357}
We occasionally get a CHECK failure when trying to emit a (near) jump
table entry. This can happen if we are very close to the 26-bit limit
for near jumps, and emitting the `CodeEntry` brings us over this limit.
For the check whether a near jump can be used, or whether we need to
fall back to a far jump, we thus should consider the one instruction
that we (potentially) emit there.
This CL fixes that. This triggers very rarely, so we will have to watch
crash reports to see if this fixed the issue.
R=jkummerow@chromium.org
Bug: chromium:1383500
Change-Id: I703a24e76c2eeba4906989276c320f893095d77d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4034173
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84356}
- add --trace-maglev-inlining
- don't reregister lazy deopt info if we already have it (for return
values from inlined functions)
- don't deopt for OSR if OSR is disabled.
Bug: v8:7700
Change-Id: Idb73ff6f287e37cdafe1255afa7201a1f3618081
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4037781
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84355}
cppgc does not depend on v8 in general but only on `src/base/` and an
exception to implement tracing. Document this in the DEPS file to have
`git cl presubmit` complain properly.
Change-Id: I8240cca77816ccd4ca32fa2a69eef2e11c6a5ad5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4037705
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84354}
This reverts commit 7bf94d0336.
Reason for revert: https://crbug.com/v8/13509
Original change's description:
> [heap] Transition/Shortcut strings only during GCs without stack
>
> By limiting transitions of (shared) strings and shortcutting of
> Thin/Cons strings to GC withouts stacks, optimizing compilers can rely on
> the invariant that string maps do not change during a GC, allowing them
> to eliminate map checks and enable more aggressive optimizations.
>
> Change-Id: Ic9c9ed7b04b2ceed369484bf048965c083a9a693
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030578
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84347}
Change-Id: If8a2050c1c52ee59c9aac1196c1436abc23b5b5c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4037921
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84353}
... instead of manually calculating index of the Context parameter.
Drive-by: follow correct parameter count pattern:
* CodeAssemblerTester with JS calling convention and fixed parameter
count expects that the count includes the receiver parameter.
* FunctionTester's parameter count doesn't include receiver.
* Use JSParameterCount(kNumParams) instead of (kNumParams+1) and
"Include receiver" comment.
Bug: v8:13312, v8:11112
Change-Id: I2cd25f596882e0bdf6b6254a0182a391ad7b73b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4034174
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84352}
If entered, the debugger hangs on readline in fuzz test cases, which
makes differential fuzzing test cases harder to handle and repro.
Bug: chromium:1385995
Change-Id: Ib969f617831bca10421be125fdd3be846c803654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4036567
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84351}
This CL switches the ReadOnlySpace verification to also use the
SpaceVerificationVisitor class.
This allows to move the VerifyPointersVisitor class out of heap.cc
into heap-verifier.cc.
The CL also introduces a virtual BaseSpace::Verify method which is
implement by each space kind.
Bug: v8:13257
Change-Id: I592344fee524f247d656085e898aad77663c33a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030523
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84350}
Use argparse to make using subparsers possible in the future. Also
remove some dead code.
Bug: v8:12660
Change-Id: I26fbef0c8cc48ada6ca9f1072fbc3784893e5be9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4023079
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84349}
By limiting transitions of (shared) strings and shortcutting of
Thin/Cons strings to GC withouts stacks, optimizing compilers can rely on
the invariant that string maps do not change during a GC, allowing them
to eliminate map checks and enable more aggressive optimizations.
Change-Id: Ic9c9ed7b04b2ceed369484bf048965c083a9a693
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030578
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84347}
This reverts commit dbbccae19a.
Reason for revert: Deadlock in TSAN with stress:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN/44651/overview
Original change's description:
> Reland "[heap] Invoke allocation observers before limiting the LAB"
>
> This is a reland of commit 39d387bb72
>
> Original change's description:
> > [heap] Invoke allocation observers before limiting the LAB
> >
> > Currently whenever we reach a step we get a small LAB the same size as
> > the allocated object. This is becuase the remaining step size is smaller
> > then the current allocation.
> > Invoking observers before limiting the LAB, and thus updating step
> > sizes, should eliminate the small LAB we get whenever we reach a step.
> >
> > Drive-by: remove redundant method arguments.
> >
> > Bug: v8:12612
> > Change-Id: Ied92a947308368d3b289e246fdb4f40ac5e5981f
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013683
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Commit-Queue: Omer Katz <omerkatz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#84157}
>
> Bug: v8:12612, v8:13465
> Change-Id: I40fb930a755cb5decccd932c4d25ed7d5d224da4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020177
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84328}
Bug: v8:12612, v8:13465
Change-Id: I70df00448c7413999b91412343915c503baf0dd3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035252
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84345}
This reverts commit 00db0fff8c.
Reason for revert: Deoptimizer crash on Linux64 GC stress:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20gc%20stress/1642/overview
Original change's description:
> [maglev] Support call speculation disabling
>
> Add a FeedbackSource to DeoptInfo which allows the caller to specify
> that this deopt is part of call speculation, and that call speculation
> should be disabled for this call when the speculation fails. This is a
> mechanism to prevent deopt loops, also used by TurboFan.
>
> Bug: v8:7700
> Change-Id: I59b5db3956e074ec808b218c00ae85796455742e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030438
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84332}
Bug: v8:7700
Change-Id: I0552131cabb2e01351371d10849ec780bc160c00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4035586
Owners-Override: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84342}
This CL invokes Heap::SetIsMarkingFlag for all client isolates to
force the RecordWrite builtin into the marking barrier code path. That
way the RecordWrite builtin can run the marking barrier for objects
in the shared heap even when incremental marking in the that
particular client isolate isn't enabled at the moment.
The marking barrier then splits code path for shared vs. local
objects. Without a shared heap or when running on the shared space
isolate we know without checking page headers that all objects are
local. For client isolates it will also check whether incremental
marking is enabled for that particular space.
Bug: v8:13267
Change-Id: Iaa98d25c4c855769f95ee0ddf5540fb0ada55574
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020176
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84339}
This CL introduces a new interface SpaceVerificationVisitor which
is used for verifying of spaces in the heap. SpaceVerificationVisitor
has methods for verifying objects and pages in the space. All space
kinds invoke these methods for verification.
This new interface is then used in HeapVerifier to introduce single
bottlenecks for objects and pages in the heap.
Bug: v8:13257
Change-Id: I6b39d60a30793ec3f04a88ad73e8be0e96627815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030258
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84338}
This reverts commit 70e65f8961.
Reason for revert: Breaks roll (https://chromium-review.googlesource.com/c/chromium/src/+/4030636/6?checksPatchset=6&checksRunsSelected=chromeos-amd64-generic-rel&tab=checks)
Original change's description:
> [ext-code-space] Change compression scheme for Code pointers
>
> Unlike the default scheme the ExternalCodeCompressionScheme allows
> the cage to cross 4GB boundary at a price of making decompression
> slightly more complex. The former outweighs the latter because it
> gives us more flexibility in allocating the code range closer to
> the .text section in the process address space. At the same time
> decompression of the external code field happens relatively rarely
> during GC.
>
> Bug: v8:11880
> Change-Id: Ia62bedd318f88c2147534ff000ab9fad354777f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899307
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84269}
Bug: v8:11880
Change-Id: I65607590dd12e92c741ccedf84ac3c6b2fcf075e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4031182
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84335}
Remove machinery from regexp parser that keeps track of the type of the
last added token. This is used only in one spot for a DCHECK that
doesn't really provide any benefit for stability or security, but
keeping track of the last added type is tedious and error-prone.
Bug: chromium:1385569
Change-Id: I98e239a03a4c7c9ff22c24fc42e12ae6b643a6d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030583
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84333}
Add a FeedbackSource to DeoptInfo which allows the caller to specify
that this deopt is part of call speculation, and that call speculation
should be disabled for this call when the speculation fails. This is a
mechanism to prevent deopt loops, also used by TurboFan.
Bug: v8:7700
Change-Id: I59b5db3956e074ec808b218c00ae85796455742e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030438
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84332}
Since we don't do accurate type tracking in liftoff, we end up in
situation where we mix up ref and (ref null). This is safe and should
be allowed.
We merge {IsAssignable} into {CheckCompatibleStackSlotTypes}, and
rename and simplify it.
Bug: v8:13499
Change-Id: Ifaa2ff1e3f090a5d91219305ce4bb6f08bc5c00f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030512
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84330}
Some of the tests were accidentally disabled (TestCallBuiltinPCRelative
and TestCallBuiltinIndirect).
Also add tests for builtin tail calls.
Bug: v8:11527
Change-Id: I42c7249cde44ff055ff6cb0c908ec1611b24353c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4031034
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84329}
This is a reland of commit 39d387bb72
Original change's description:
> [heap] Invoke allocation observers before limiting the LAB
>
> Currently whenever we reach a step we get a small LAB the same size as
> the allocated object. This is becuase the remaining step size is smaller
> then the current allocation.
> Invoking observers before limiting the LAB, and thus updating step
> sizes, should eliminate the small LAB we get whenever we reach a step.
>
> Drive-by: remove redundant method arguments.
>
> Bug: v8:12612
> Change-Id: Ied92a947308368d3b289e246fdb4f40ac5e5981f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013683
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84157}
Bug: v8:12612, v8:13465
Change-Id: I40fb930a755cb5decccd932c4d25ed7d5d224da4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020177
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84328}
Scope: In practice, we don't need Scopes, so it'll be simpler to
access the table directly.
Predecessors: Phi inputs are often not mergeable (because they often
aren't defined in all predecessors). As a result, if we want to know
the value of a Phi input through the SnapshotTable, we need to lookup
its value in a predecessor, which is the feature that this CL
introduces.
Bug: v8:12783
Change-Id: I12a9e6abddd88ff1f3de172a387c9a502356f351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030581
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84327}
The deoptimized code list is inserted into when walking a native context
to find Code objects marked for deoptimization, and is then only used
for two purposes:
1. Looking up lazy deoptimizing code objects by PC, and
2. Counting deoptimizing code that's not marked for deoptimization.
Point 1 is slow, as it is a linked list traversal, and is made slightly
slower by the CodeT refactoring which adds another layer of indirection
to the list. The existing Isolate::FindCodeObject approach is faster,
and is already used in the deoptimizer for Code objects not found in the
list, in particular all eager deopts.
The careful reader will notice that point 2 results in a count that's
always zero, since the count excludes exactly those code objects which
are added to the list (ones marked for deopt). Indeed, all uses (which
were all in tests) were verying only that it is equal to zero.
So, we can remove this deoptimized code list entirely.
Change-Id: I352e77b1df83260a30464dbac7f268484211b2e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030582
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84325}
