- In DeserializeContext, scope info local values
snapshot is in order of `name,value,name,value`,
and we should ReadValue after ReadString.
- Support non-inlined ScopeInfo locals, use
NameToIndexHashTable to serialize and deserialize
scope info local values when its local count is
more than kScopeInfoMaxInlinedLocalNamesSize.
Bug: v8:11525, v8:12820
Change-Id: I6ea2c498b594bed7ba8ca5be6af2ab9f0d39aa2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3600531
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80130}
Rolling v8/build: 28bea73..c68def5
Rolling v8/buildtools/linux64: git_revision:1cdd270be9803dbfcdd0343f6104ad4dc30c38ce..git_revision:7c8e511229f0fc06f6250367d51156bb6f578258
Rolling v8/third_party/android_platform: 2760db4..36c1580
Rolling v8/third_party/android_sdk/public: ppQ4TnqDvBHQ3lXx5KPq97egzF5X2FFyOrVHkGmiTMQC..bY55nDqO6FAm6FkGIj09sh2KW9oqAkCGKjYok5nUvBMC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/960c656..88422dc
Rolling v8/third_party/depot_tools: 89ccf4a..dc8ca44
Rolling v8/third_party/zlib: a0906c7..32e65ef
Rolling v8/tools/clang: 4dd2e32..cd131c2R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I41663d5f20246e9b86ef73f0e264b67b390a4a83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599730
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80129}
These were originally proposed as a part of the fixed-width SIMD
proposal, and were then migrated to the relaxed-simd proposal
which also deems these operations out of scope.
Github issue: https://github.com/WebAssembly/relaxed-simd/issues/4
Bug: v8:12284
Change-Id: I65ceb6dfd25c43cf49bd7ec5b5ecd6b32cc3516a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595970
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80125}
This reverts commit 370cae1d8f.
Reason for revert: Breaking gcc and bazel builds:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20gcc%20-%20builder/1646/overviewhttps://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20bazel%20-%20builder/1714/overview
Original change's description:
> heap: Inline GCTracer::Scope::Name
>
> This is a follow-up to https://crrev.com/c/3581774.
> It inlines method GCTracer::Scope::Name so that the calculation of the
> name of the trace event can be performed at compile time and optimized
> away, at most call sites.
>
> Bug: chromium:1318062
> Change-Id: I483d8fdfcc2c82c2a88d245326f27e7e787979aa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602511
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80122}
Bug: chromium:1318062
Change-Id: Ib33472a3a51fa3922a0af4d1c7dbac4b30b0098b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3600682
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80124}
One of the biggest categories in heap snapshots is named “(system)”,
which gives developers no indication of why all that memory is used or
what they might do to reduce it. In this change, I propose that we
create a new category for Maps, DescriptorArrays, and related objects,
and call this new category “(object shape)” in the devtools. I think
that this category name would be more meaningful, while still grouping
those objects together so that they mostly stay out of the way.
Bug: v8:12769
Doc: https://docs.google.com/document/d/1a-6V_2LIJuRcsppwh6E18g8OSnC9j6gN4ao2gq--BiU
Change-Id: I282a7b87c34ca6ed371ff32f3c7332d794ae42ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3587974
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80123}
This is a follow-up to https://crrev.com/c/3581774.
It inlines method GCTracer::Scope::Name so that the calculation of the
name of the trace event can be performed at compile time and optimized
away, at most call sites.
Bug: chromium:1318062
Change-Id: I483d8fdfcc2c82c2a88d245326f27e7e787979aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602511
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80122}
RegisterFrameState is a container for free registers and values.
It abstracts operations for GeneralRegisters and DoubleRegisters.
It will be used later to call generic functions from the allocator,
depending on the register type needed.
See PrintLiveRegs as an example of function reuse.
Bug: v8:7700
Change-Id: If8e6cdb048c1782ca097d9bc2d810c66f680601a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596127
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80121}
Removes the full Smi handler from LoadField, leaving just the offset.
All other handler-based decisions (inline vs out-of-line, tagged vs.
double) should be done at graph building time and as separate IR nodes.
Bug: v8:7700
Change-Id: I55ba49edba5ef5628d5f30fc6ba60c8774e2ef9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602510
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80120}
Remove PENDING state as handles were always immediately transitioned
into FREE or NEAR_DEATH state.
Bug: v8:12672
Change-Id: I9a9d40b573e862282d41d7a4a3f9c8c8ed21b9e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599473
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80119}
As per https://tc39.es/ecma262/#sec-hostimportmoduledynamically defined,
referencingScriptOrModule in HostImportModuleDynamically can be a Script
Record, a Module Record, or null.
So to https://tc39.es/proposal-shadowrealm/#sec-shadowrealmimportvalue,
the HostImportModuleDynamicallyCallback is been invoked with a `null`
resource_name. This may not be considered a breaking change as the
parameter resource_name is defined as Local<Value>.
Updates d8's DoHostImportModuleDynamically to handle null resource_name,
and resolve the dynamically imported specifier relative to the executing
script's origin. In this way, we have to set ModuleEmbedderData.origin
even if the JavaScript source to be evaluated is Script. Also, a
ModuleEmbedderData is created for each ShadowRealm to separate their
module maps from the initiator context's.
Bug: v8:11989
Change-Id: If70fb140657da4f2dd92eedfcc4515211602aa46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522883
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#80118}
It should delegate to VisitLdaContextSlot.
Bug: v8:7700
Change-Id: I1591594648cfb038abccabb46a20c1b0c23b07a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602512
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80117}
- Introduces an array of RegisterStates for double registers
- Adds two functions to iterate over the arrays
We will be able to call the ForEach functions using a templated lambda
for RegisterBase<T>.
Bug: v8:7700
Change-Id: I7ef86917d9377933a4bc3456e30de3e4ec547f65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596122
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80116}
Using this flag has led to several duplicate issues. We need to stop
using the flag for a while until the issues are investigated.
Potentially these are all false positives.
No-Try: true
Bug: chromium:1317880
Change-Id: I09f4e1c642befc3a8f5b88c2eb003931dc112826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602508
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80114}
Result of `and` is stored in cr0.
Change-Id: I113ff7ceb9412d2f1f8ffdd58397123603b5818a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3600550
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80113}
This CL extends GetIterator to check whether the result of
calling @@iterator is JSReceiver and throw SymbolIteratorInvalid
if it's not JSReceiver.
GetIterator bytecode involves 3 steps now:
- method = GetMethod(obj, @@iterator)
- iterator = Call(method, obj)
- if(!IsJSReceiver(iterator)) throw SymbolIteratorInvalid [Added]
New Builtin: CallIteratorWithFeedbackLazyDeoptContinuation, which
is used when lazy deopt is triggered by call @@iterator.
Related spec: https://tc39.es/ecma262/#sec-getiterator.
Related doc: https://docs.google.com/document/d/1s67HC2f-4zxA_s1Bmm7dfwMFv_KDUfMiWIKkNSeQNKw/edit#heading=h.kdzv8mq4g4ks.
Bug: v8:9489
Change-Id: I17952c0f3e24e1e600ee1348809fb188c2c70f8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563447
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80112}
There is currently a bug in docker where fstat may not
return the correct device id and as a result a check under
`OS::RemapPages, stat_buf.st_dev != enclosing_region.dev`
fails, details on the bug:
https://github.com/moby/moby/issues/43512
Platform specific page sizes are also defined for kMaxPageSize
to fix compilation errors.
Change-Id: I026609329aa6432eda4f1880a0f586c0c2162461
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3601211
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80111}
This reverts commit 267b962d23.
Reason for revert: Flake turned out to not be reproducible: https://ci.chromium.org/ui/p/v8/builders/try.triggered/v8_flako/b8816185753319345009/overview
Original change's description:
> Revert "[base/platform] Simplify fast TLS on macOS"
>
> This reverts commit 9cdee4f418.
>
> Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/38658/overview
>
> Original change's description:
> > [base/platform] Simplify fast TLS on macOS
> >
> > Since the TLS offset is constant across all supported OS releases, we
> > no longer need to adjust it, nor to read it at runtime. This also aligns
> > the code in V8 with what is done in Chromium.
> >
> > Change-Id: I0f3c54da39a776406083c897de888f06c61852b8
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599481
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Commit-Queue: Benoit Lize <lizeb@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#80106}
>
> Change-Id: Ie6371c2ad12ed6f63be51b819083a7c0c4e22751
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602502
> Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Owners-Override: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80108}
Change-Id: I6c50a568751a3892b82fe2dce6fe940fce293b3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602503
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80110}
This reverts commit 9cdee4f418.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/38658/overview
Original change's description:
> [base/platform] Simplify fast TLS on macOS
>
> Since the TLS offset is constant across all supported OS releases, we
> no longer need to adjust it, nor to read it at runtime. This also aligns
> the code in V8 with what is done in Chromium.
>
> Change-Id: I0f3c54da39a776406083c897de888f06c61852b8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599481
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Benoit Lize <lizeb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80106}
Change-Id: Ie6371c2ad12ed6f63be51b819083a7c0c4e22751
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602502
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80108}
Since the TLS offset is constant across all supported OS releases, we
no longer need to adjust it, nor to read it at runtime. This also aligns
the code in V8 with what is done in Chromium.
Change-Id: I0f3c54da39a776406083c897de888f06c61852b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599481
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80106}
Bazel bot is red due to ICU problem.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20bazel%20-%20builder
Temporarily compiling V8 without ICU until the problem is solved.
Change-Id: I98b9ce9ca445d100896c43ae24d5fa73463cdfbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3598884
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80105}
should using scratch register to hold intermediate result.
Change-Id: I08e2236fd0a491398ffaa15c4fd9ae3d0e9ef535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596441
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#80103}
Normally, taking a heap snapshot in the near heap limit would
result in a full GC, then the overhead of the promotions would
cause another invocation of the heap limit callback and it can
raise the limit in the second call to avoid an OOM, so we test
that the callback can indeed raise the limit this way in this
case. When there is only one generation, however, there would
not be the overhead of promotions so the callback may not be
triggered again during the generation of the heap snapshot.
In that case we only need to check that the callback is called
and it can perform GC-triggering operations jsut fine there.
Bug: v8:12815
Change-Id: If244417624b56bc068aed480fb3391d26c19005a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3600357
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#80094}
In the simplest way possible.
Bug: v8:7700
Change-Id: I155aaf85192b75c89617820d6f127a2ae04c7d9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599484
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80089}
This reverts commit 2d394acac4.
Concurrrent marking for v8::TracedReference requires a single bit in
global handles to be written concurrently. While no other bits require
concurrent access, initialization still needs to properly publish the
the bitfield. Publishing generally allows all bits to be read on any
thread which is already used for some.
The CL introduces acq/rel semantics on the actual object pointer for
publishing the state.
Bug: chromium:1315498, v8:12600
Change-Id: Ic50c7c0b647b8b609bcd899f6c9f73bee80303da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596125
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80085}
Fixes the iteration after emitting an unconditional deopt to kill all
Jumps along the way, not just ones preceeding a merge point. This fixes
several issues:
a) That Jump may be to a not yet created merge point, in which case we
were getting a nullptr deref.
b) Not-yet created merge points would not be detected as merge points,
so we'd skip over them and miss killing the control node before
them.
c) We weren't reducing predecessor counts, so even after fixing the
nullptr deref above, merge states created later would have the wrong
predecessor count.
Now, we check bytecode targets (including fallthrough for non-returning
bytecodes) on for every bytecode, and skip over both not-yet created
merges, and loop merges that have no predecessors other than the loop
jump itself.
As part of this, the dead predecessor merging is changed; instead of
setting the predecessor to nullptr, we drop the predecessor count by
one, and trim any Phis' input counts.
Bug: v8:7700
Change-Id: I904c82df7c5dd44d7637e07f6750b35e7e219284
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599470
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80083}
When moving forward and optimizing internals, these APIs cannot be
trusted anymore as their semantics are tangled to the current
implementation.
Bug: v8:12819
Change-Id: I0e3370724307a420ee42fed8070b55542be9400d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599475
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80082}