Change the unittest runner to no longer uncondtionally set up a default
platform in the "environment", but to instead make platform set-up part
of the "mixin" framework for test fixtures.
Requires modifying some tests that expect the platform to be available,
and all flag implications resolved, before the mixin constructors run.
We still keep the environment for setting up the process for cppgc. This
process setup can only be done once per process, so it can no longer use
the platform -- that's ok though, the page allocator used by cppgc's
process initialisation doesn't have to be the same as the platform's so
we can just pass in a separate new one.
Change-Id: Ic8ccf39722e8212962c5bba87350c4b304388a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571886
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79820}
TearDown was actually redundant and can be replaced with the dtor.
Bug: v8:12612
Change-Id: Idc4a77c3f20372a53b0003cda6fb00ae7ec0035c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571806
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79819}
This is a reland of commit 54e360d141.
The two WasmGC cctests which require SSE4.1 support in Liftoff are now
skipped, so we can keep disallowing any bailout (even for missing CPU
features) in --liftoff-only.
Original change's description:
> [wasm] --liftoff-only should disable --wasm-dynamic-tiering
>
> A Liftoff only configuration should never tier up to TurboFan, hence add
> a proper implication to disable dynamic tiering if --liftoff-only is
> set.
> Also, add a DCHECK to ensure we never accidentally compile with TurboFan
> if --liftoff-only is set.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12281
> Change-Id: Ia9b81add503cc939f59fde3f4d3bb67252facf2c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569741
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79779}
Bug: v8:12281
Change-Id: I334bd81f75c3ef6d31b6117da5ef59a33fb46ae2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572043
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79813}
This reverts commit 8ba60b7a8e.
Reason for revert: code_serializer failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/38940/overview
Original change's description:
> [string] Non-transitioning shared strings
>
> Instead of transitioning shared strings to ThinString on
> internalization, use a forwarding table to the internalized string and
> store the index into the forwarding table in the string's hash field.
>
> This way we don't need to handle concurrent string transitions that
> modify the underlying string data.
>
> During stop-the-world GC, live strings in the forwarding table are
> migrated to regular ThinStrings.
>
> Bug: v8:12007
> Change-Id: I6c6f3d41c6f644e0aaeafbf25ecec5ce0aa0d2d8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536647
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79801}
Bug: v8:12007
Change-Id: I740904f3edfc395331f06c7218e89476b06b0563
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574543
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79810}
With this CL, spilled parameters with ref type in a call to wasm
function, will be placed at a consecutive area in the generic
JSToWasmWrapper frame as WasmCallDescriptor expected.
Bug: v8:12722
Change-Id: I8b82f35b712a32b87abf5100ec46ee499a8178bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563445
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79805}
This flag was a leftover from very early Turbofan days and serves no
purpose. Non-OSR TF code automatically uses function context
specialization (FCS) when appropriate without looking at the flag
value. OSR TF code should never use FCS since it is cached by the
SharedFunctionInfo (not by the JSFunction).
Bug: v8:12161
Change-Id: Ifb5a10918dbdf34a7164f7e665a230698b793e9e
Fixed: chromium:1313419
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571895
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79802}
Instead of transitioning shared strings to ThinString on
internalization, use a forwarding table to the internalized string and
store the index into the forwarding table in the string's hash field.
This way we don't need to handle concurrent string transitions that
modify the underlying string data.
During stop-the-world GC, live strings in the forwarding table are
migrated to regular ThinStrings.
Bug: v8:12007
Change-Id: I6c6f3d41c6f644e0aaeafbf25ecec5ce0aa0d2d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536647
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79801}
This CL introduces the --separate-gc-phases flag, which prevents that young and old generation GCs can happen at the same time. When incremental marking is in progress and a young generation GC triggers, marking is forced to finish and the full collection takes care of the young generation.
Bug: v8:12503
Change-Id: Ia3e4814f46bff0fdc404b0ac618dfd48fe7cf20c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3351973
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79799}
This reverts commit 8d51d561d5.
Reason for revert: This has runtime failures because including
cmx fragments isn't working ocrrectly. Still investigating why
this wasn't discovered by CQ.
Original change's description:
> [fuchsia] Use SDK provided gn templates for v8_unittests
>
> cr_fuchsia_package is deprecated in favor of using the Fuchsia
> SDK provided rules directly.
>
> Bug: chromium:1092804
> Change-Id: I86a59b6a717cb0aa8c3473e8410bdd98f0ffd042
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537883
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Wez <wez@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Bryant Chandler <bryantchandler@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79763}
Bug: chromium:1092804
Change-Id: I33e8a6f07c99d7040cffa579a95508e79904889e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572005
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79796}
The FastArray path for Array#groupBy and Array#groupByToMap does not
recheck the input array's length each iteration. This is incorrect since
the grouping callback can truncate the length, and we should deopt to the
generic path when this happens.
Bug: chromium:1312838, v8:12499
Change-Id: Id3a4973e9960500a2f29ed63281ea721777d4dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570342
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79787}
Incremental finalization previously used to rescan roots to avoid any
new work showing up in the atomic pause.
With concurrent marking we should be way faster in finalizing, so that
we can save ourselves this work. In particular, if we finalize in the
same JS execution we would be doubling work as the atomic pause
anyways needs to rescan all roots.
Bug: v8:12775
Change-Id: I58a5a931da72c8d5c8aee4cd5dad4512954668b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570427
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79784}
HeapAllocator didn't fall back to old space allocation when the
heap had no map space.
Bug: v8:12578, chromium:1313119
Change-Id: Ic02334f42f9fb80a8a9dcf99a94a7ac16da24053
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570423
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79776}
If we have a smi operation in the feedback vector, we emit SmiTag
Int32AddWithOverflow and SmiUntag nodes, instead of a generic
operation binary node.
Change-Id: Idb9ce2b60289fbe492bf269793660b32de23e2b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560641
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79775}
This includes two fixes:
1. For dynamic tiering, the budget must always be reduced when jumping
backwards, otherwise we might never trigger tier up, which makes the
loop non-interruptible (because the tier-up check replaces the stack
check).
2. The d8 worker implementation also needs to terminate the isolate via
an interrupt, in addition to scheduling a task, because the worker
might never return to the event queue.
This CL also fixes one of the failure modes of the inspector fuzzer
(see https://crbug.com/1180018).
R=jkummerow@chromium.org, marja@chromium.org
Bug: v8:12767, chromium:1180018
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ia01d1725fc14931d2ea54c4769c4ee93f866ed63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568470
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79773}
Remove cctest's ability to run multiple tests (which has long been
deprecated and mostly broken). We can then make platform & V8
initialisation be part of running the test's Run method.
In particular, this allows us to inject custom logic into the platform
initialisation, like setting up a platform wrapper. Add a
TEST_WITH_PLATFORM which exercises this by registering a platform
factory on the test, and wrapping the default platform using this
factory. This allows these tests to guarantee that the lifetime of the
platform is longer than the lifetime of the isolate.
As a result of this, we can also remove the complexity around draining
platform state in the TestPlatform (since it will now have a longer
lifetime than the Isolate using it), and as a drive-by clean up the
TestPlaform to use a CcTest-global "default platform" instead of trying
to scope over the "current" platform.
As another drive-by, change the linked-list of CcTests and the linear
search through it into an std::map of tests.
Change-Id: I610f6312fe042f29f45cc4dfba311e4184bc7759
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569223
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79772}
The CL makes sure to extract and copy Oilpan young GC metrics to
v8::metrics::GarbageCollectionYoungCycle. In addition, it makes sure
that metrics are not reported twice by bailing out from
GCTracer::NotifyCppGCCompleted() for young GC cycles (the metrics are
reported later in Heap::CollectGarbage() by calling
GCTracer::StopCycle()).
Bug: chromium:1029379
Change-Id: I07bf51e85a76a7cdbeeb8d87c9072edf2634158b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545168
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79766}
Tweak a few names, remove a few GetIsolate calls, other minor
usability refactors.
It may be worth taking a closer look at the impl in the future,
currently the design choices don't seem ideal (see the added TODO
on top of the class).
The reland is unchanged from the original CL.
Bug: v8:12161
Change-Id: I9971f7f2fb08b7a1ec2d57b2a0e4accdc11191ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568444
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79759}
- Unhandlify OSROptimizedCodeCache::GetOptimizedCode.
- Unstatic-fy FeedbackVector::SetOptimizedCode.
- Remove frame-walking logic during the OSR tierup decision.
The reland is unchanged from the original CL.
Bug: v8:12161
Change-Id: Ibf03a9dd9a6fcd38c0664e5d5014a26d0240e035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568463
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79752}
This changes the logic for generating method names in `error.stack` to
prepend an inferred type name only when the function name is a valid
ECMAScript identifiers and does not equal the inferred type name, to
(1) give developers more control over the exact name shown in
`error.stack`, as well as
(2) avoid confusion in the presence of renaming of local variables.
Previously we'd leave the function name as-is if it was prefixed by the
inferred type name, but that condition is unnecessarily strict, and led
to a bunch of inconsistencies around special names like
`<instance_member_initializer>` where this dynamic approached often
prefixed it with the correct type name, but also sometimes got it wrong
and prepended `Object.`, which is very unfortunate and misleading.
Specifically for these special names, we'll add logic later in the
parser to infer a useful (complete) name.
The design doc (https://bit.ly/devtools-method-names-in-stack-traces)
contains more background and examples of why we do this change.
Doc: https://bit.ly/devtools-method-names-in-stack-traces
Fixed: chromium:1294619
Bug: chromium:1283435
Change-Id: Ib8b528ba25255dcd07e9d11044c562c11d699bcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565724
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79748}
This is a reland of commit 3ce690eef2
Changed for the reland:
- Remove the currently-unused BytecodeArray member to avoid MSAN
failures.
- s/return/continue/ in optimizing-compile-dispatcher.
Original change's description:
> [osr] Basic support for concurrent OSR
>
> This CL adds basic support behind --concurrent-osr,
> disabled by default.
>
> When enabled:
> 1) the first OSR request starts a concurrent OSR compile job.
> 2) on completion, the code object is inserted into the OSR cache.
> 3) the next OSR request picks up the cached code (assuming the request
> came from the same JumpLoop bytecode).
>
> We add a new osr optimization marker on the feedback vector to
> track whether an OSR compile is currently in progress.
>
> One fundamental issue remains: step 3) above is not guaranteed to
> hit the same JumpLoop, and a mismatch means the OSR'd code cannot
> be installed. This will be addressed in a followup by targeting
> specific bytecode offsets for the install request.
>
> This change is based on fanchen.kong@intel.com's earlier
> change crrev.com/c/3369361, thank you!
>
> Bug: v8:12161
> Change-Id: Ib162906dd4b6ba056f62870aea2990f1369df235
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548820
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79685}
Bug: v8:12161
Change-Id: I48b100e5980c909ec5e79d190aaea730c83e9386
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565720
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79746}
.. since they are the same as eager deopts (% an unused counter).
Fixed: v8:12765
Change-Id: I2be6210e476ead4ac6629a49259f28321e965867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565717
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79729}
This CL removes two obsolete regression tests that were taking too
long on debug engine builds.
Bug: v8:12753
Bug: v8:12754
Change-Id: I818101725caa22fb4b2ed22381f01a2dd9436fe4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563563
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79727}
In DisassembleFunction runtime, function may have available
optimized code and we could directly set the optimized code
for the function like in CompileLazy if it's not compiled,
which avoids calling Compiler::Compile and failed in
DCHECK(!function->HasAvailableOptimizedCode()).
Bug: v8:12762
Change-Id: I00001fc598f3fc96dfe86b2367e8ba88f0085fd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563448
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79722}
For short builtin calls, the builtins are copied on the heap when they
cannot be put close enough to be in range of relative calls. This costs
memory, as the embedded builtins are part of the binary, and mapped from
the binary, and as a consequence shared with all running processes.
Rather than copying the memory, we can remap it at a different address,
avoiding the memory cost. This CL does that, on ARM64 macOS only for
now.
This saves at least ~1.4MiB of memory per V8 process. See below the
output of vmmap <PID>:
[...]
Memory Tag 255 7408308000-740833c000 [ 208K 144K 144K 0K] r-x/rwx SM=ZER
Memory Tag 255 740833c000-7408340000 [ 16K 0K 0K 0K] ---/rwx SM=ZER
Memory Tag 255 7408344000-7408348000 [ 16K 0K 0K 0K] ---/rwx SM=ZER
Memory Tag 255 7408348000-740837c000 [ 208K 144K 144K 0K] r-x/rwx SM=ZER
Memory Tag 255 740837c000-740fe80000 [123.0M 0K 0K 0K] ---/rwx SM=ZER
mapped file 740fe80000-740ffe4000 [ 1424K 1328K 0K 0K] r-x/rwx SM=COW ...pp/Contents/Frameworks/Chromium Framework.framework/Versions/102.0.4958.0/Chromium Framework
Memory Tag 255 740ffe4000-7410000000 [ 112K 0K 0K 0K] ---/rwx SM=ZER
The "208K" regions are 256kiB code pages, minus the header and guard
pages, meaning that they are code chunks. The mapped file are the
remapped builtins, showing that they aren't copied, but remapped from
the binary.
Bug: chromium:1298417
Change-Id: Ia30a43e671726d01450a7db0ecb7777b34763053
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3553006
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79716}
Lock mutex for shared isolate in global safepoints, such that e.g. the
StringTable can use isolate->heap()->safepoint()->AssertActive() even
for shared isolates.
Bug: v8:11708, v8:12749
Change-Id: I8d99203581dfa2d7225846e19fa981300f88589e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563138
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79715}
Skipped test: https://crrev.com/c/3561199.
This is a reland of commit 6e2c9bb265
Original change's description:
> [serialize] copy bytes for non detachable array_buffer
> in WriteJSArrayBuffer when array_buffer is not in
> array_buffer_transfer_map_
>
> According to https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeinternal
> steps 13.3.2-4, should normally serialize array buffer which
> is not detachable.
>
> Bug: v8:12703
> Change-Id: I4554c5d07ae85e1a96a728ebba04c6a071575f6f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3518910
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Commit-Queue: Marja Hölttä <marja@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79466}
Bug: v8:12703
Change-Id: I1ad1b8159ac7b13011831a4590e8577e954db946
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557689
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79714}
Add an array of canonical rtts on the isolate. Each wasm instance
copies its rtts from there, based on the type index -> canonical index
mapping in the module.
Bug: v8:7748
Change-Id: I0958686c51ecab15a3215a0da3bee1ad6d543cb3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548821
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79712}
The current safety margin between the JS stack limit and the actual
boundary of the stack space reserved by the simulator can be overrun by
a large frame.
Raise this margin to 4KiB, corresponding to the "large frame" threshold.
This ensures that the stack check is executed before the frame is
allocated if the frame is larger than this margin.
R=clemensb@chromium.org
Bug: chromium:1308333
Change-Id: I3e1a51bb36c630c7e37e58679971392dada2a83e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560435
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79711}
... in JSObject::DefineOwnPropertyIgnoreAttributes().
Don't execute interceptor again if it declined to handle the operation.
Bug: chromium:1311641
Change-Id: If61ed40665ff7d81e96fa6bf29bbb5dfbeadfcc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3562979
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79707}
This reverts commit 3ce690eef2.
Reason for revert: failures on CrOS MSan build: https://crbug.com/1312188
Original change's description:
> [osr] Basic support for concurrent OSR
>
> This CL adds basic support behind --concurrent-osr,
> disabled by default.
>
> When enabled:
> 1) the first OSR request starts a concurrent OSR compile job.
> 2) on completion, the code object is inserted into the OSR cache.
> 3) the next OSR request picks up the cached code (assuming the request
> came from the same JumpLoop bytecode).
>
> We add a new osr optimization marker on the feedback vector to
> track whether an OSR compile is currently in progress.
>
> One fundamental issue remains: step 3) above is not guaranteed to
> hit the same JumpLoop, and a mismatch means the OSR'd code cannot
> be installed. This will be addressed in a followup by targeting
> specific bytecode offsets for the install request.
>
> This change is based on fanchen.kong@intel.com's earlier
> change crrev.com/c/3369361, thank you!
>
> Bug: v8:12161
> Change-Id: Ib162906dd4b6ba056f62870aea2990f1369df235
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548820
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79685}
Bug: v8:12161, chromium:1312188
Change-Id: Iac1e3fd67ecc658a1cdee8f4d13354c097ed6697
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3564983
Auto-Submit: Adam Klein <adamk@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79702}
This reverts commit d368dcf4ae.
Reason for revert: https://crbug.com/1312188
Original change's description:
> Refactor OSROptimizedCodeCache
>
> Tweak a few names, remove a few GetIsolate calls, other minor
> usability refactors.
>
> It may be worth taking a closer look at the impl in the future,
> currently the design choices don't seem ideal (see the added TODO
> on top of the class).
>
> Bug: v8:12161
> Change-Id: Ib34e372aa58a30c68c9c5cdd0d1da0ec3e86717c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560447
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79687}
Bug: v8:12161, chromium:1312188
Change-Id: Ieb3a91682845a23536fdfdf3208af74b3c6585f8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3564989
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79700}
These tests are too slow to be generally run.
Bug: v8:12741
Change-Id: I142a81a90558942a61b8582756b9227e6d8d634e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3558558
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79697}
