Sorting the pages by least free bytes should reduce fragmentation:
since map space is never compacted, it makes sense to first fill
pages that are the most full already rather than to start with the
most empty pages (which is what was more or less going on until this
CL).
Bug: v8:9329
Change-Id: I2157e3b4706c53da80220da5e4a26c00ee4c592f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735325
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Cr-Commit-Position: refs/heads/master@{#63090}
This is a reland of a3218aa744.
Unmodified reland, thus TBR.
Original change's description:
> [wasm] Add support to allocate in a specific code region
>
> For multiple code spaces with multiple jump tables, we need to allocate
> the space for the jump tables within specific regions (the new code
> spaces) so they are within reachable distance.
> This CL adds support for that, and uses it for the first jump table.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9477
> Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63074}
TBR=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: Ic110705fa13edeb103c06ad579a61cba78b6890c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1738848
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63089}
This is a reland of 779bdef36e
Original change's description:
> [wasm] Prepare for multiple jump tables
>
> This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
> code spaces with separate jump tables. {WasmCodeAllocator} calls back
> to the {NativeModule} for each code space it allocates, and
> {NativeModule} stores data (especially the jump table) for each code
> space.
> A jump table is currently only created for the first code space added,
> so nothing changes there yet.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9477
> Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63069}
Bug: v8:9477
Change-Id: I9e25d59029cb6ce4869cf53a868afc59bc20b72f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735324
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63088}
Instead of inserting "deletion" entries into the store buffer, keep
a list of invalidated objects to filter out invalid old-to-new slots.
The first CL https://crrev.com/c/1704109 got reverted because both the sweeper and the main task were modifying the invalidated slots data structure concurrently. This CL changes this, such that the sweeper only modifies the invalidated slots during the final atomic pause when the main thread is not running. The sweeper does not need to clean this data structure after the pause, since the "update pointers" phase already removed all invalidated slots.
Bug: v8:9454
Change-Id: Iffb5bf96de2c89eee1ee1231a3414a0f2a155cbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733081
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63087}
Sorting is done in order to make compaction more efficient: by
sweeping pages with the most free bytes first, we make it more likely
that when evacuating a page, already swept pages will have enough free
bytes to hold the objects to move (and therefore, we won't need to
wait for more pages to be swept in order to move those objects).
Since maps don't move, there is no need to sort the pages from
MAP_SPACE before sweeping them.
Bug: v8:9093
Bug: v8:9329
Change-Id: I63964364d3cd0b64faf8570e87b5f75de6443902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736746
Commit-Queue: Darius Mercadier <dmercadier@google.com>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63086}
When serializing frame states into translations (later used by
deopts), we pass certain values, depending on the frame kind, to be
serialized as the frame height.
This CL moves the calculation of this height value into the
FrameStateDescriptor. In a follow-up, we may want to simplify the way
these height values are passed and processed by deopts.
The motivation behind this is to simplify calculation of unoptimized
stack frame sizes during compilation.
Bug: v8:9534
Change-Id: I20d2b57a42cea0c238b9c887dba0280f6aad76de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728609
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63085}
Update the TracingCpuProfiler test to work properly with perfetto.
Roll perfetto to get fixes for bugs encountered with starting/stopping
tracing rapidly, which happens in the test for the tracing profiler.
Add a check that the DataSource::Register call was successful to flush
out any errors there (although they are fixed by the perfetto roll).
Emit a fake trace event when stopping tracing in order to avoid
losing the final trace event that the user provided. Remove the ad-hoc
fake final trace events that the cctests for perfetto added.
Add a test StartAndStopRepeated which flushes out the issues fixed by
the perfetto roll.
TBR=yangguo@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_perfetto_dbg_ng
Bug: v8:8339
Change-Id: I042d7385486bf42c86f1631406974693868a477f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731006
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63083}
This is a reland of 159df2488c
Original change's description:
> [ic] Don't transition to premonomorphic state
>
> We used to use premonomorphic state to delay initializing the ICs.
> This optimization was to avoid the cost of setting up handlers if the
> code executed only once. With lazy feedback allocation we no longer
> need this.
>
> This cl also renames LoadIC_Uninitialized to LoadIC_Nofeedback and
> StoreIC_Uninitialized to StoreIC_Nofeedback since we now miss to
> runtime in the uninitialized state and use the builtin when there
> is no feedback.
>
>
> Change-Id: I1633e61ea74664da51348e362c34c47a017a264a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1683525
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63020}
Change-Id: Ica7eb65649615c2f8410d5b815a98b55cb1cfc4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731000
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63082}
This reverts commit 5611f70b3d.
Reason for revert: flaky tests: v8:9588, v8:9587
Original change's description:
> "Reland x4 [arraybuffer] Rearchitect backing store ownership"
>
> This is a reland of bc33f5aeba
>
> Contributed by titzer@chromium.org
>
> Original change's description:
> > [arraybuffer] Rearchitect backing store ownership
> >
> > This CL completely rearchitects the ownership of array buffer backing stores,
> > consolidating ownership into a {BackingStore} C++ object that is tracked
> > throughout V8 using unique_ptr and shared_ptr where appropriate.
> >
> > Overall, lifetime management is simpler and more explicit. The numerous
> > ways that array buffers were initialized have been streamlined to one
> > Attach() method on JSArrayBuffer. The array buffer tracker in the
> > GC implementation now manages std::shared_ptr<BackingStore> pointers,
> > and the construction and destruction of the BackingStore object itself
> > handles the underlying page or embedder-allocated memory.
> >
> > The embedder API remains unchanged for now. We use the
> > v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> > keep the backing store alive properly, even in the case of aliases
> > from live heap objects. Thus the embedder has a lower chance of making
> > a mistake. Long-term, we should move the embedder to a model where they
> > manage backing stores using shared_ptr to an opaque backing store object.
>
> TBR=yangguo@chromium.org
>
> BUG=v8:9380,v8:9221,chromium:986318
>
> Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
> Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63041}
TBR=ulan@chromium.org,yangguo@chromium.org,mstarzinger@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:9380, v8:9221, chromium:986318
Change-Id: Ic7381239f4e90d0c437b7e47a5ac6e8bce60f882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1736747
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63081}
Now that we can short-circuit control flow in the optimizing compiler,
there is no more need for BranchIf... macros in CSA/Torque.
Thus removing support for them in Torque and rewriting Torque macros to
use bool return values instead.
Bug: v8:7793
Change-Id: Ie4b7522aa5558be038fe821d8b5d02859d522ed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724211
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63079}
This CL changes the signature of AccessorPair::GetComponent to take
an additional parameter {native_context}. The current native_context
does not always match the native context of the holder, resulting in
JSFunctions that have the wrong native context for lazy instantiated
AccessorPairs.
Bug: chromium:989909, v8:6495
Change-Id: I45bfcb27ac367858dd6788736eba1a2e1302e802
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735311
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63078}
This reverts commit 779bdef36e.
Reason for revert: Speculative revert for win breakage (https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8905967677942963904/+/steps/Check/0/logs/Fixed/0)
Original change's description:
> [wasm] Prepare for multiple jump tables
>
> This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
> code spaces with separate jump tables. {WasmCodeAllocator} calls back
> to the {NativeModule} for each code space it allocates, and
> {NativeModule} stores data (especially the jump table) for each code
> space.
> A jump table is currently only created for the first code space added,
> so nothing changes there yet.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9477
> Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63069}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I57af88872c1335d547f83e524c8f06938b5c817b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735320
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63076}
This reverts commit a3218aa744.
Reason for revert: Needed for another revert (https://chromium-review.googlesource.com/c/v8/v8/+/1735320)
Original change's description:
> [wasm] Add support to allocate in a specific code region
>
> For multiple code spaces with multiple jump tables, we need to allocate
> the space for the jump tables within specific regions (the new code
> spaces) so they are within reachable distance.
> This CL adds support for that, and uses it for the first jump table.
>
> R=mstarzinger@chromium.org
>
> Bug: v8:9477
> Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63074}
TBR=mstarzinger@chromium.org,clemensh@chromium.org
Change-Id: I4b1d1e670d5b25fa40205754d9572b2b809c93ea
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9477
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735321
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63075}
For multiple code spaces with multiple jump tables, we need to allocate
the space for the jump tables within specific regions (the new code
spaces) so they are within reachable distance.
This CL adds support for that, and uses it for the first jump table.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: Ibdf05c9500c2dfdb2c5f5f920b4422339aaab810
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733069
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63074}
This reverts commit 9499ec0d43.
Reason for revert: Breaks lots of stuff, e.g.
https://ci.chromium.org/p/v8/builders/ci/V8-Blink%20Linux%2064%20-%20future/9401
Original change's description:
> [TurboFan] Brokerize remaining feedback vector slots
>
> This CL adds new ProcessedFeedback subclasses, corresponding to various IC
> types:
>
> * ForIn
> * Comparison ops
> * Binary/Unary ops
> * InstanceOf
> * Calls
>
> The feedback is gathered at serialization time and used in several places,
> namely:
>
> * Bytecode graph building,
> * and its helper class JSTypeHintLowering (with its "early lowering")
> * Native context specialization
> * JSCallReducer
>
> Design doc: https://docs.google.com/document/d/1JLG0VFV8xmsAIJexU19xzlbNyP51ONqfo_Gf_2DcPC8/edit?usp=sharing
>
> Bug: v8:7790
> Change-Id: I53c3d7a17f844384f38c4ee0f0b082c114217a02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710663
> Commit-Queue: Georg Neis <neis@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63028}
TBR=mvstanton@chromium.org,neis@chromium.org,mslekova@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7790
Change-Id: Id0c4d6651611fc3964010f7615d0ad0485169ebc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735315
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63073}
This is a reland of 3fc9663159
The private method on_event in timeout proc is now renamed to be truly
private.
Original change's description:
> [test] Print hanging tests on linux on test-runner termination
>
> This will print the list of processes still running before and after
> joining workers during termination. This will help debugging hanging
> tests during flake-bisect or with num-fuzzer, which both terminate
> on total timeout and currently still sometimes hang without printing
> processes.
>
> Bug: v8:8292
> Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63065}
Bug: v8:8292
Change-Id: Ibad1172666d6f4d2c07884a54edfe9d6499b57fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735318
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63072}
This CL changes the way AccessorPairs are collected for instantiation
when debug break trampolines are installed.
Instead of walking the heap and looking at AccessorPairs directly, we
look at all JSObjects and collect AccessorPairs via each objects
descriptor array. This way, we can associate the correct native
context with each collected AccessorPair.
The current native context is not always the correct context to instantiate
the getter and setter JSFunctions for an AccessorPair.
Bug: chromium:986063
Change-Id: I124a0802f4938b95f1ad75efc65eb05b66bcfc67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735310
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63071}
When a fast path was added for Math.hypot, the algorithm was also
simplified. This simplification turns out to be incorrect in some rare
edge cases. This cl reverts back to the original algorithm and converts it to torque.
Original cl: https://chromium-review.googlesource.com/c/v8/v8/+/1684178
Bug: v8:9546
Change-Id: If4e21504732f46081a8de823f50f499917f1a20c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1725200
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63070}
This CL prepares {NativeModule} and {WasmCodeAllocator} for multiple
code spaces with separate jump tables. {WasmCodeAllocator} calls back
to the {NativeModule} for each code space it allocates, and
{NativeModule} stores data (especially the jump table) for each code
space.
A jump table is currently only created for the first code space added,
so nothing changes there yet.
R=mstarzinger@chromium.org
Bug: v8:9477
Change-Id: I3ddeb8e251648b07ba8b7b4638abafe2364b47ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730996
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63069}
Instead of exposing a {kNext} constant to be used to construct the next
bitfield, expose a templatized {Next} type alias. This ensures that the
storage type is the same for all bitfields created this way. It's also
shorter.
Apart from the expected changes in the code base, the AST node classes
are changed to expose a {NextBitField} templated type alias instead of
a {kNextBitFieldIndex} constant. They thus follow the same pattern as
{BitField} itself.
R=jkummerow@chromium.org, mstarzinger@chromium.org, verwaest@chromium.org
Bug: v8:9396
Change-Id: I70a1b0bd71cde694ec53444de0ca55e4cf0a3836
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728615
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63068}
This reverts commit 3fc9663159.
Reason for revert: _on_event clashes with a the same function in timeout proc.
Original change's description:
> [test] Print hanging tests on linux on test-runner termination
>
> This will print the list of processes still running before and after
> joining workers during termination. This will help debugging hanging
> tests during flake-bisect or with num-fuzzer, which both terminate
> on total timeout and currently still sometimes hang without printing
> processes.
>
> Bug: v8:8292
> Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63065}
TBR=machenbach@chromium.org,tmrts@chromium.org
Change-Id: Ic29013e92c77a9905e06ee13a2449e033285eb36
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:8292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735317
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63066}
This will print the list of processes still running before and after
joining workers during termination. This will help debugging hanging
tests during flake-bisect or with num-fuzzer, which both terminate
on total timeout and currently still sometimes hang without printing
processes.
Bug: v8:8292
Change-Id: I124b65fa35b8d7a6aa198fcf50f2c20df94dc51a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735312
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63065}
This CL changes {CreateApiFunction} to take an explicit native context
to set on the newly created JSFunction. The CL also adds a new variant
of {ApiNatives::InstatiateFunction}, that takes a native context and passes
it through to {CreateApiFunction}.
This is a refactoring in preparation for a bugfix.
AccessorPairs can be instantiated lazily. At the time of
lazy instantiation, the current context does not necessarily match
the creation context of the holder of an AccessorPair.
Bug: chromium:986063, chromium:989909
Change-Id: Idea4b5052f2baff5c3d916f5ab8ed5017b60699b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735308
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63063}
Building cctest has linking error when gn's args has "is_component_build = true".
This CL make the visibility of "MemOperand" and "UseScratchRegisterScope" from
"hidden" to "default" to solve this problem.
Change-Id: I3ebfaa25d598b4f2d626861b947c93d111d95456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731213
Auto-Submit: Mu Tao <pamilty@gmail.com>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63062}
Increasing the number of scavenging tasks in the previous CL
https://chromium-review.googlesource.com/c/v8/v8/+/1697245
has helped with GC performance but increased memory usage.
This CL ensures that there are at least two scavenging tasks if the
new space size is larger than one MB.
Bug: chromium:982663,chromium:985731
Change-Id: I6edff8b90beb2740a5b75a51cf25f48aa5442482
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733074
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63060}
When the --initial-heap-size flag is set V8's heap will grow to that
value without full GCs. Additionally, full GCs will be skipped
if the heap size drops below that value.
This patch also adds a comment for the initial_heap_size_in_bytes
parameter of ResourceConstraints:ConfigureDefaultsFromHeapSize
Change-Id: I85fda14bc6422af7bf2193d530efbc9b0bd0553d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1728622
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63054}
Also add a IsExtreme(double) overload.
This wasn't causing issues because there was no codepath
which exercised it (only approx operations did).
Change-Id: If7583fb567137c428d16c0d2cdfc37e086f7f3fd
Bug: v8:8460
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1726675
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63053}
For variable proxies in a function inside an eval scope that point to
a dynamic variable in the eval scope, the current scope resolution will
find this variable only when the function is eagerly compiled, as the
eval scope only exists during top-level eval compilation. This causes
a mismatch between lazy- and eager- compiled functions.
With this patch, we skip these dynamic variables during lookup, so that
the lookup for the variable proxy always finds a kDynamicLocal or
kDynamicGlobal, both when compiled lazily and eagerly. This is a minor
pessimisation of performance (as we know that the lookup has to be
dynamic), but unblocks other improvements which require idempotent
bytecode generation (such as lazy source positions).
Note that the alternative, of simply not tracking dynamic variables on
the eval scope at all, is not viable due to needing this information
during conflict detection.
Bug: v8:8510
Bug: v8:9511
Change-Id: Ifa72ec05e9a97b7be418912340081b9656765fd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733077
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63051}
MIPS64 has a user space of 2^40 bytes on most processors, address
space limits needs to be smaller. 256G is ok, but it will cause
many wasm tests get a OOM error.
This patch also skip some tests which need correct IEEE-745 2008
NaN bit patterns on mips.
Change-Id: I52968df3934e8748b2c42a0abf19db1540441d2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1712929
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Yu Yin <xwafish@gmail.com>
Cr-Commit-Position: refs/heads/master@{#63050}
This makes sure the "parameters" and "results" properties of the passed
FunctionType object can be arbitrary iterable objects, not just plain
JavaScript arrays.
R=clemensh@chromium.org
TEST=mjsunit/wasm/type-reflection
BUG=v8:7742
Change-Id: Icba18c418e549deba9fff1855be4956813b1a953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733071
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63049}
This CL adds regression tests for two bugs where the wrong native
context is used when lazy accessors are instantiated.
The first bug injects an object created in context 1, into another
context 2. The object has an accessor pair installed via
FunctionTemplate. In context 2, the property descriptor of this
accessor is retrieved, causing the JSFunction to be instantiated
with the current context (context 2) instead of the creation
context of the object (context 1).
The second bug is similar. When breakpoints are set, the whole heap
is walked and all lazy accessor pairs are instantiated. This again
uses the current context instead of using the context from which
a AccessorPair originates.
Bug: chromium:986063, chromium:989909
Change-Id: Iaaea6e81f1b9f6b55fc7583b260aa9aea035a8d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730999
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63048}
It's too slow and flakes on "V8 Linux - full debug"
Change-Id: I2a83a7a2de6a3865d230edb847a658b1b8b23bec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733076
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63047}
JSBoundFunctionRef::serialized() and JSFunctionRef::serialized() should
tolerate being called when the heap broker is disabled, because these
methods are now called in the JSCallReducer (in order to log whether
information was missing at serialization time).
Bug: v8:7790
Change-Id: Iac8e68178422bd9bb4ebe2acb412ff42ac87cf4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733075
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63045}
Previously we were also taking into account the machine type
Change-Id: Ic76aad578f00ef24cf17b349d94cdade8f9ee29d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1733072
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63044}
This is a reland of f5611402f7
Original change's description:
> [ptr-compr][arm64] Temporarily enable pointer compression on arm64
>
> ... and make sure that the arm64 ptr-compr bots proceed testing V8 without
> pointer compression in order to keep testing the other config.
>
> Commented out the 'extra' variant since it was crashing. Opened a bug
> regarding that: https://bugs.chromium.org/p/v8/issues/detail?id=9568
>
> Similar to x64's https://chromium-review.googlesource.com/c/v8/v8/+/1607654
>
> Bug: v8:7703
> Change-Id: Ifd46b029bab34524f9f536dcdbd1574f2ddcbf37
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1724216
> Reviewed-by: Tamer Tas <tmrts@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#63019}
Cq-Include-Trybots: luci.v8.try:v8_android_arm64_n5x_rel_ng
Bug: v8:7703
Change-Id: I1a82b87bf6db4e6d100aeffc29dae60ba73d8119
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730998
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63043}
Trying to use double_registers for fetching single precision fp values creates
four different implementations of this method depending on the architecture, hence
separating them out into their respective folder.
Change-Id: Ide61fe2e7a95bd8427b377959b262633d8c57e61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1730663
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Milad Farazmand <miladfar@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#63042}
This is a reland of bc33f5aeba
Contributed by titzer@chromium.org
Original change's description:
> [arraybuffer] Rearchitect backing store ownership
>
> This CL completely rearchitects the ownership of array buffer backing stores,
> consolidating ownership into a {BackingStore} C++ object that is tracked
> throughout V8 using unique_ptr and shared_ptr where appropriate.
>
> Overall, lifetime management is simpler and more explicit. The numerous
> ways that array buffers were initialized have been streamlined to one
> Attach() method on JSArrayBuffer. The array buffer tracker in the
> GC implementation now manages std::shared_ptr<BackingStore> pointers,
> and the construction and destruction of the BackingStore object itself
> handles the underlying page or embedder-allocated memory.
>
> The embedder API remains unchanged for now. We use the
> v8::ArrayBuffer::Contents struct to hide an additional shared_ptr to
> keep the backing store alive properly, even in the case of aliases
> from live heap objects. Thus the embedder has a lower chance of making
> a mistake. Long-term, we should move the embedder to a model where they
> manage backing stores using shared_ptr to an opaque backing store object.
TBR=yangguo@chromium.org
BUG=v8:9380,v8:9221,chromium:986318
Change-Id: If671a4a9ca0476e8f084efae46e0d2bf99ed99ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1731005
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63041}
