* Fix IsPendingAllocation check
* Fix IsImmovable check
* Skip some space checks in Heap::CompactWeakArrayLists and Heap::ExternalStringTable::CleanUpAll
-- They assumes some objects are allocated to old or new space, which may not be true for TPH.
Bug: v8:11641
Change-Id: I21d9e3a71f6169bfd19e9a521ee378d7b9f74fa8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2994221
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#75542}
This resolves an issue where an inlined CodeEntry may outlive its parent
when translated into a ProfileNode.
Bug: chromium:1223323
Change-Id: I0427fce6a667c16d825f534333d39e463b287e31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000682
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#75541}
This reverts commit 1532f8ff92.
Reason for revert: Race in initialization
Original change's description:
> [heap] Tie process-wide CodeRange lifetime to any remaining Heaps
>
> Currently the process-wide CodeRange, once created, lives until process
> shutdown. This CL changes it to be alive as long as there is a Heap,
> when the last Heap is gone it gets destroyed and will be recreated the
> next time a Heap is created. This behavior is shared with
> SingleCopyReadOnlyArtifacts.
>
> Bug: v8:11929
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Change-Id: I8a545926c3a4122991f9682bd3fd90e72697ea5a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989103
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75522}
Bug: v8:11929
Change-Id: Ie13a09fc07f8da8af3813de46298eceb7b18ba41
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3000960
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75539}
The shadow stack space is == the number of register arguments
saved on stack, so reuse the same constant that is already defined.
Bug: v8:11879
Change-Id: I576c26770660de63c85089d658fcddc14bd5a08f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997927
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75538}
Moves back to the same approach as TurboFan of keeping the graph
unscheduled during effect control linearization and later backend
phases and only scheduling the graph immediately before instruction
selection. This gives better code generation, though at a small cost
of more background optimization time.
BUG=v8:9684
Change-Id: I4fb32b5d332e977ca480ac9cceff955750ddd320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999091
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75535}
This reverts commit 92bfb63cac.
Reason for revert: Broke build https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/43249/overview
Original change's description:
> [build] Separate out inspector as a shared library
>
> This makes src/inspector:inspector into a v8_component producing a
> shared library in component builds. To enable this, all of its exported
> are now marked with V8_INSPECTOR_EXPORT.
>
> This also inverts the dependency between src/inspector:inspector and
> :v8_base_without_compiler, and instead makes d8 and some tests depend on
> inspector rather than getting it via v8.
>
> As a result, the no_check_targets exclusions list in .gn is reduced.
>
> Ultimately embedders like chromium should depend on :v8 and optionally
> src/inspector:inspector, but to allow that transition to occur, this
> renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
> inspector. Once all embedders have changed to reflect the new structure,
> this part can be reverted.
>
> Bug: v8:11917
> Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75532}
Bug: v8:11917
Change-Id: I0ed27ed95211d13b8b3438a8c0a42d577806c475
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003452
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75533}
This makes src/inspector:inspector into a v8_component producing a
shared library in component builds. To enable this, all of its exported
are now marked with V8_INSPECTOR_EXPORT.
This also inverts the dependency between src/inspector:inspector and
:v8_base_without_compiler, and instead makes d8 and some tests depend on
inspector rather than getting it via v8.
As a result, the no_check_targets exclusions list in .gn is reduced.
Ultimately embedders like chromium should depend on :v8 and optionally
src/inspector:inspector, but to allow that transition to occur, this
renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
inspector. Once all embedders have changed to reflect the new structure,
this part can be reverted.
Bug: v8:11917
Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75532}
This is a reland of d3cacbbbd5
Changes: Skipped the test in the 'stress' variant instead.
Original change's description:
> Reland: ScopeInfo, SharedFunctionInfo never-ever serialized
>
> This relands squashed CLs:
>
> 59b9aaf7db
> 8f84d0bb8f
>
> The revert was at crrev.com/c/2996198.
>
> Changed: Fixed a test in which bytecode flushing caused a behavioral
> change between serialized- and unserialized SFI Refs. The serialized
> SFI ref kept bytecode alive while unserialized SFIs allow flushing.
> The test was fixed by adding a %PrepareFunctionForOptimization
> annotation.
>
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Bug: v8:7790, v8:11939
> Change-Id: I170f8085bd7454a2a5f2bb03c8824e2862857827
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999089
> Commit-Queue: Jakob Gruber <jgruber@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75504}
Bug: v8:7790, v8:11939
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Change-Id: I10c3fce3a1e5007b4dadfead2baf1f4434d8880b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998590
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75531}
Replace a ZoneUnorderedMap with a ZoneMap in order to avoid
non-deterministic iteration order resulting in non-deterministic IR
and non-deterministic allocations during code assembly later. The
map in question is very small in practice so there should be no
performance regression.
Bug: v8:11894
Change-Id: Ic961102b45b3df28dafdece0cfb54ff5ef940d56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001348
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75529}
On PPC we don't have the `ties to even` FP roundings enabled,
therefore their equivalent Simd op will never get emitted.
Once support is added, the flag needs to be set under
`SupportedMachineOperatorFlags` within the instruction selector.
Setting this flag affects both the scalar and Simd variants
of this op.
Change-Id: I7d486def103045d2dee7cb691927feb19c3e5ef4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2996747
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#75528}
Also split v8_third_party_heap_files headers and source files between
v8_base_without_compiler and v8_internal_headers.
Bug: v8:7330
Change-Id: I58a1aa3af1d2b5b5872e5cd25a886be8fd9461d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001169
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75527}
Without flushing the messages, the timing of the notifications
is unpredictable making it hard to build features on top.
Bug: chromium:1224371
Change-Id: Ice09ef82231186d1a93ca82508c49e26585ce260
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991237
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75525}
Rolling v8/build: 969e9b2..f79e8a3
Rolling v8/buildtools/third_party/libc++abi/trunk: d46361b..ae0481e
Rolling v8/buildtools/third_party/libunwind/trunk: 9303368..ed4a85e
Rolling v8/third_party/aemu-linux-x64: kZbnq1Wh_y69PWihHdedFiEIQANIiZchdysb5-fpBTEC..czR22wy3jcAfrw7l4ljto3qX6BpD2DSahnluWvqUockC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/949bca8..36f311b
Rolling v8/third_party/googletest/src: 255323c..4ec4cd2
Rolling v8/tools/luci-go: git_revision:ede472114f4e51eaa068cd84cadcf470773f19ef..git_revision:e20098f56b10587e3cc0bc9ccac4934a13158de3
Rolling v8/tools/luci-go: git_revision:ede472114f4e51eaa068cd84cadcf470773f19ef..git_revision:e20098f56b10587e3cc0bc9ccac4934a13158de3
Rolling v8/tools/luci-go: git_revision:ede472114f4e51eaa068cd84cadcf470773f19ef..git_revision:e20098f56b10587e3cc0bc9ccac4934a13158de3
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I4f07d610e608afbf4dfb8f5bec70a694ad660ca9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3002689
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75523}
Currently the process-wide CodeRange, once created, lives until process
shutdown. This CL changes it to be alive as long as there is a Heap,
when the last Heap is gone it gets destroyed and will be recreated the
next time a Heap is created. This behavior is shared with
SingleCopyReadOnlyArtifacts.
Bug: v8:11929
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: I8a545926c3a4122991f9682bd3fd90e72697ea5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2989103
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75522}
With relative paths in the debug symbols, lldb cannot find the source
files, so set up a source map to direct "../.." to V8 root. This is
similar to what Chromium does in src/tools/lldb/lldbinit.py.
Bug: v8:11879
Change-Id: Ic6126aacafa7e3462c69da538a9528041c92ef00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998517
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75521}
Small refactoring to use an existing ElementSizeInPointers (which has
the same implementation). LinkageLocation::GetSize is now not called
anywhere else, so remove it. The instruction selector can then call
LinkageLocation::GetSizeInPointers instead of calculating it.
Bug: v8:11879
Change-Id: I6f717db1c4047e7847f00cf2bf96c6ec8ea52bda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997924
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75520}
Splits FLAG_lazy into
- FLAG_lazy for main-thread compiled scripts/modules
- FLAG_lazy_streaming for streamed scripts
- FLAG_lazy_eval for eval
This allows us to evaluate the impact of non-lazy compilation for streamed
scripts.
Change-Id: I8a362ea184e0afd3aa7cdb11a7eab5b7497a4691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999090
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75518}
In the existing code we calculate twice how we want to compile a
WebAssembly function, first in InitializeCompilationProgress, and then
again in InitializeCompilationUnit. With this CL we use the information
in the compilation progress to create the CompilationUnits. Not only
does this make the code cleaner, it will also allow us to initialize the
compilation progress differently for deserialization but reuse the code
to create CompilationUnits.
R=clemensb@chromium.org
Bug: v8:11862
Change-Id: Iee48727be429e3a3a950404806fdd04264145999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988759
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75516}
Changes:
- Use a lightweight WasmElemSegment::Entry struct to store element
segment entries in a WasmModule.
- Also, restructure LoadElemSegmentImpl to handle all types of
global.get entries correctly.
- Simplify InitializeIndirectFunctionTables and make it handle all types
of entries correctly.
- In the above two cases, reject WasmJSFunctions for now.
Bug: v8:11895
Change-Id: Ie714f8c7f1af8959486138d2ad49bc622a89276d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991248
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75513}
NewEmptyCode was missing the initialisation of three fields.
These were crashing when running with --verify-heap.
Bug: v8:11872
Change-Id: I679f0d2d68c5594b0e9700b26c031483c3d46b68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999095
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75511}
When adding up the results of the recursive steps, the Karatsuba
algorithm can temporarily have intermediate results that are one
bit bigger than the final result. This patch makes sure we handle
that case correctly.
Since that extra bit would always get subtracted again, the old
code would not have caused incorrect results or memory corruption,
but it did run into DCHECK-failures, and potentially could have
caused segfaults.
Bug: v8:11515, chromium:1223724
Change-Id: I3592835d01cc36def8f0a9bae625e9249864ef78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2988758
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75509}
This CL improves setting the javascript_execution_assert
on the isolate from generated code by adding a single wrapper
function around the fast call creation, along with its setup
and teardown. It's a follow-up for
https://chromium-review.googlesource.com/c/v8/v8/+/2982998/
Bug: chromium:1218898
Change-Id: I0dc45520aa2a9b60ce03076a495e3f68c05945c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999086
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75506}
It is possible that we fallback to GenericLowering for minimorphic
property accesses. So handle MinimorphicPropertyAccess in
ShouldUseMegamorphicLoadBuiltin.
Bug: chromium:1223733
Change-Id: Ia1ba8c8786be91dda841d4138cffe81185c066b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997104
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75505}
This relands squashed CLs:
59b9aaf7db8f84d0bb8f
The revert was at crrev.com/c/2996198.
Changed: Fixed a test in which bytecode flushing caused a behavioral
change between serialized- and unserialized SFI Refs. The serialized
SFI ref kept bytecode alive while unserialized SFIs allow flushing.
The test was fixed by adding a %PrepareFunctionForOptimization
annotation.
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:7790, v8:11939
Change-Id: I170f8085bd7454a2a5f2bb03c8824e2862857827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999089
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75504}
The files that Node.js checks in source control are not enough
for BUILD.gn.
Change-Id: I84f4794b9354bf8a4006965cc84d8610ea3a1a7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2991647
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75503}
This special-cases the most common situation to avoid call overhead.
Bug: chromium:1224299
Change-Id: Ic4bac2d5565f9b7a174eed845952b596adecbc8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997584
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75502}
Start a local symbol server using the local-web-sever node package:
ws --stack system-analyzer/lws-middleware.js lws-static cors
The system-analyzer will then use it to symbolize profiles.
Note: The symbol server will execute `nm` and `objdump` locally.
Change-Id: Icff6e9f5af24f214f353c049f5cd13eedccf0f88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979591
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75501}
We've already been zero-extending 32-bit offset registers since
https://chromium-review.googlesource.com/c/v8/v8/+/2917612,
but that patch only covered the case where offset_imm == 0.
When there is a non-zero offset, we need the same fix.
Bug: chromium:1224882,v8:11809
Change-Id: I1908f735929798f411346807fc4f3c79d8e04362
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998582
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75500}
Bug: v8:7790, chromium:1225521
Change-Id: I4210ca9d3eccdc4de0b5b865bac37dc32b8e6f17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999085
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75499}
We currently only measure the compilation time of individual functions,
but that does not include other things that happen for lazy compilation,
like switching memory permissions or publishing the code.
This CL adds a dedicated counter to measure the complete lazy
compilation time.
R=jkummerow@chromium.orgCC=dlehmann@google.com
Bug: v8:11940
Change-Id: I9a87882d2adc7bea6c5258954a642da18b8337ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2997106
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75498}
Bug: v8:7790, chromium:1225300
Change-Id: I36ae331db0abb072ebc597b4682c3983a00d8a1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999084
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75497}
