This is a testing function used by d8 to test string externalization.
Bug: v8:12007
Change-Id: Ic19f28a42e1f9681ab08c00106788c569639fe7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3888378
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83117}
Raw hashes may need to be looked up via the forwarding table when
internalized strings are forwarded to external resources. Notably, the
megamorphic ICs were not correctly fetching the raw hash.
Bug: v8:12007
Change-Id: Ibbc75de57e707788f544fbd1a0f8f0041350e29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885379
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83115}
Port 6f9e71fa74
Original Commit Message:
- Fix tracing of reference return values. StoreTaggedPointer should not
use the write barrier since we are writing to the stack.
- Avoid re-allocating a slot for the return value when it is already
spilled.
R=thibaudm@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I5b16259b1c6e8c019f6b17e8efb7947776e4ee24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3886398
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83112}
Storing with E64 when SEW=32 has EMUL=2, which copies |n| 64 bit wide
data to the result double array already. Besides, accessing v1 when
EMUL=2 is reserved.
R=yahan@iscas.ac.cn
Change-Id: I0870d53c36b642529cab753409f52016d79219b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878442
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83110}
32-bit values are held in a sign-extended format in 64-bit registers. Which
the vaule 0x856AF894 becomes 0xFFFFFFFF856AF894 and failed equality comparison
with lwu's result 0x00000000856AF894. XOR the result with 0xFFFFFFFF00000000
before comparison.
R=yahan@iscas.ac.cn
Change-Id: I4d225ff653070022023ac7f10257ad0c30c24e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3881601
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#83109}
When externalizing a string, the external pointer slots need to be
initialized before the new Map is installed. Otherwise, a GC marking
thread may see the new Map before the slots are valid. In that case, it
would attempt to mark invalid ExternalPointerTable entries as alive,
leading to a crash.
Bug: chromium:1361557
Change-Id: I47f19e6d9576fab0809dca36388cdfa9c28113e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885891
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83108}
This is a reland of commit 72d6dc6d5e
Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}
Bug: v8:12612
Change-Id: I2075c8a509265a16a133b309f98eefad7b011212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885889
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83107}
In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.
gni/v8.cmx is retained temporarily until out-of-tree consumers have been
updated.
Bug: v8:12589
Change-Id: If08cfcbf579696482e7cd60a8b8b80bcc4c7dab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885881
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83106}
This CL cancels concurrent workers instead of joining them in
MarkLiveObjects. Joining could trigger another costly run.
Bug: v8:13012
Change-Id: I873db6e9d612e219060de0fa2447f6c7c0e9de3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885876
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83105}
This CL reschedules minor concurrent marking in MinorMCTaskObserver.
This allows to make continuous concurrent marking progress.
Bug: v8:13012
Change-Id: I5cc4e02a60993dd5ce970244274d4d5f99b4a550
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885885
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#83104}
- Fix tracing of reference return values. StoreTaggedPointer should not
use the write barrier since we are writing to the stack.
- Avoid re-allocating a slot for the return value when it is already
spilled.
R=manoskouk@chromium.org
Change-Id: I6418c48332964a1c3d407abafaf466b0e789be69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882971
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83102}
On termination of the worker pool in the main process, a SIGTERM is
sent from pool to worker. It was meant to terminate long-running
tests in the worker process. The signal handler on the worker side,
however, was only registered during test execution. During the
remaining logic (<1% of the time probably) the default system
behavior for SIGTERM would be used (which will likely just kill
the process). The ungracefully killed process might be killed while
writing to the results queue, which then remains with corrupted data.
Later when the main process cleans up the queue, it hangs.
We now register a default handler in the worker process that catches
the SIGTERM and also gracefully stops the processing loop. Like
that, the SIGTERM signal will always be handled in workers and never
fall back to SIGKILL.
However, a small time window exists when the SIGTERM was caught
right when starting a test process, but when the test-abort handler
was not registered yet. We keep fixing this as a TODO. Worst case,
the main process will block until the last test run is done.
Bug: v8:13113
Change-Id: Ib60f82c6a1569da042c9f44f7b516e2f40a46f93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882972
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83101}
This reverts commit 72d6dc6d5e.
Reason for revert: UBSan failure in PagedNewSpace:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/23130/overview
Original change's description:
> [heap] Do precise search in free list for new space
>
> In case the free list fast path fails, do a precise search through the
> precise category for the current allocation.
>
> Bug: v8:12612
> Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83096}
Bug: v8:12612
Change-Id: Ife4a41fa835e61a6d9f0f1c254900288b805f41f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885884
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Matthias Liedtke <mliedtke@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83100}
When testing for "has" rather than loading, we can immediately return
true when there is an accessor (this is already what the LoadHandler
path does but was missed in the inlined case).
Fixed: chromium:1361434
Fixed: chromium:1361560
Fixed: chromium:1361566
Fixed: chromium:1361654
Fixed: chromium:1361830
Change-Id: I69073eccbb39b08da597297fa597f53f260b242e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3885879
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83097}
In case the free list fast path fails, do a precise search through the
precise category for the current allocation.
Bug: v8:12612
Change-Id: I120e64b0d09b9cf5a776188180d6e6c53c44886b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879494
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83096}
This is a reland of commit a165e82ea7
The reason of revert is SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22 which is the line
"nanoseconds_mv = std::round((seconds_mv - std::floor(seconds_mv)) * 1e9);"
where seconds_mv is a double and nanoseconds_mv is a int32_t
In this reland, we change the type of nanoseconds_mv to double to avoid the ubsan error.
Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double and int32_t instead of int64_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}
Bug: v8:11544
Change-Id: If8b72cb4912d8b4fc4c286fc856ea59df5cf0bb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858576
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83090}
When the sandbox is disabled, object layouts are now different as
ExternalPointerSlots are then 64-bit (raw pointers) instead of 32-bit
(ExternalPointerHandles).
Bug: v8:10391
Change-Id: Ia03d1ae9300fad96e40b77f0ed9544a1a118b74a
Cq-Include-Trybots: luci.v8.try.triggered:v8_linux64_no_sandbox_dbg_ng_triggered
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3884075
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83089}
This CL includes the following changes:
1) Ignore ShouldReduceMemory for MinorMC (since it can't move objects)
2) Make FLAG_page_promotion more explicit in the condition
3) Take wasted bytes into account for MinorMC (full GC can compact and
"reset" wasted bytes)
Bug: v8:12612
Change-Id: I64d214e692b8ecd20189c59e2a77807f05e43817
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879606
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83086}
In the process, switch to using the Fuchsia GN SDK templates for
building the component and package.
Bug: v8:12589
Change-Id: I9b5a82accb0da2067e83bc80d691133550ce82cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879501
Auto-Submit: Greg Thompson <grt@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83084}
Now that all external pointers have been sandboxed,
V8_SANDBOXED_EXTERNAL_POINTERS is no longer needed. This change also
shrinks external pointer slots to 32 bits when the sandbox is enabled.
Bug: v8:10391
Change-Id: Iccbef27ac107b988cb23fe9ef66da6fe0bae087a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869269
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83083}
Support LoadHandler::Kind::kAccessorFromPrototype, which is an accessor
on the prototype and is a direct call to the accessor.
Bug: v8:7700
Change-Id: I288972c027d37c8eb7c3558db4951bffdfba201f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882975
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83082}
This mimics Ignition, which calls AbortIfRegisterCountInvalid.
This adds a --maglev-assert flag, since we do not want to emit
different code per IR node for debug vs. release modes.
Bug: v8:7700
Change-Id: Iddb17f0ccadf9d6009b242883b2e5d126875c844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876385
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83081}
Inlining of bar into foo required taking allocation in foo into account
as well (crrev.com/c/1021734), but this makes the test vulnerable to gc
timing changes since other allocations are also inlined into foo and may
die at arbitrary times (as observed when enabling MinorMC).
Fix by preventing inlining of bar into foo.
Bug: v8:12612
Change-Id: I2d8848d4002334d329c4b2cc8f18bff1296f5cc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3882970
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83080}
Currently this observer uses 80% of initial new space capacity as
step size. But this means that after the first minor GC this will most
likely decouple from the current new space size since the allocation
counter isn't reset after a GC and surviving objects aren't
accounted.
Use 64K as step-size since this should be large enough to not cause
regression but it should still work for Scavenger and Minor MC such
that a step invocation will be performed close to reaching 80% of
new space capacity.
Bug: v8:12612
Change-Id: I4abc17eaeded90e0f72d9467a4410159ef0e6dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879618
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83079}
Change the constructor and instance registers into a single
constructor_then_instance register, and add some register allocation
scopes to reduce temporary register use. This also allows us to change
FindNonDefaultConstructor to only need one output for both constructor
and instance.
Also make BuildCreateArrayLiteral a bit more friendly to the interpreter
register allocation.,
Bug: v8:13091
Change-Id: I0b6015b0bc6810bb4607157d715b7e536efb89f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876386
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83077}
Skip over DCHECK in fuzzing that is always checked later by getting the
value from a Maybe object.
Bug: chromium:1359230, chromium:1360735
Change-Id: I9512e27fdeb1d6919e24bd631ae2caece7aed466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874934
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83075}
Port b257641833
Original Commit Message:
Re-implement the --log-function-events functionality after
refactoring the tiering state bits on the FeedbackVector.
The new version also tries to log first-execution of non-interpreter
code and will handle OSR events.
Not-yet supported:
- First-execution logging when OSR-ing in Sparkplug or Maglev
R=cbruni@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I2a99ca0976bc81e5994fa2e1c6d8045c303fc0f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876375
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83074}
