In the previous implementation, functions overwrote any budget
decrements caused by recursive invocations of themselves, which
could cause tier-up decisions for certain unlucky functions to
get delayed unreasonably long.
This patch avoids this by working with the on-instance value
directly instead of caching it in a stack slot. That generates
the same amount of Liftoff code as the status quo, but handles
recursive functions properly.
The "barista3" benchmark's peak performance improves by almost 20%.
Bug: v8:12281
Change-Id: I8b487a88da99c2d22e132f2cc72bdf36aa5f6e63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693710
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81249}
This is a reland of commit 538f2bc9ab
Changes compared to original: None. We think the problem that caused
the revert (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/9377/overview) is unrelated.
Original change's description:
> [wasm-gc][cleanup] Remove wasm signature from CallDescriptor
>
> This field is no longer used, as the functionality it supported has been
> subsumed by wasm-gc typed-based optimizations.
>
> Bug: v8:7748
> Change-Id: I970514bb29e5f91bb5610cafde60ec3dbcfb07aa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705376
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81244}
Bug: v8:7748
Change-Id: I8eacff98d265751fae55f244d40c0df94e35e6fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714231
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81248}
CHECKs were added / DCHECKs turned into CHECKs in
https://crrev.com/c/3707103 to help investigate crash reports.
Revert this changes (besides 1 CEHCK that prevents potential OOB reads
when the hash value is corrupted).
Bug: chromium:1336516
Change-Id: I84dd699b53c2006a1be4059940017c1277efa7ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711757
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81247}
Fix underflow in allocation timeout which is used by fuzzers to trigger
garabge collection.
Bug: chromium:1337646
Change-Id: Iffa70497c2945a26242e9e67820197bd5e61f04c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711758
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81246}
This field is no longer used, as the functionality it supported has been
subsumed by wasm-gc typed-based optimizations.
Bug: v8:7748
Change-Id: I970514bb29e5f91bb5610cafde60ec3dbcfb07aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705376
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81244}
use_rbe has been deprecated and logic formerly checking it now checks for use_remoteexec first
Bug: chromium:1247781
Change-Id: I665e76345d5c1a64c2f5253799cee818a4b39129
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707092
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Richard Wang <richardwa@google.com>
Cr-Commit-Position: refs/heads/main@{#81243}
Mostly in comments, again, not much to be said...
Bug: v8:12425
Change-Id: Id847447ade3100f13c5da8931fbb47d06ff1ce1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711883
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81242}
Mostly in comments, again, not much to be said...
One case of UNREACHABLE with return.
Bug: v8:12425
Change-Id: I295db355c4794e4205b9b70ebbf51e019ec14060
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695265
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81240}
... to avoid additional indirection on every access.
Drive-by: given that AccessorInfo class now has a custom body visitor
it's no longer necessary to encode flags field as Smi.
Bug: v8:12949
Change-Id: I30eabee3cbc5ded2bf3f050dfe22208713a764bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701590
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81237}
Remove finalization step of incremental marking. The step was
historically used to process embedder/weak work on the main thread
before invoking the atomic pause. Remove the infrastructure as the
step is not needed anymore and actually required a safepoint.
Change-Id: I208767bbac3d9a06a0b3c67aa9779f8a5fa07328
Bug: v8:12775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702801
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81234}
... in order to distinguish OOMs caused by code range exhaustion from
other OOMs.
Bug: v8:11880
Change-Id: Ic27242bee7dd7b68673ea478d5972a055ec58943
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707289
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81232}
f8(fs0) is callee saved so that we should not use it to hold return value in the float_min_max test case.
Change-Id: I7039918cc434462dd956339d4263811543e23a94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711284
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81230}
Rolling v8/build: 7e8d64b..5ee7989
Rolling v8/buildtools: 8b16338..34f9ff8
Rolling v8/buildtools/third_party/libc++/trunk: 1a63708..b126981
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0eef537..b83d69f
Rolling v8/third_party/depot_tools: c5c4853..9a3c4bc
Rolling v8/tools/clang: aab5788..f68dc6b
Rolling v8/tools/luci-go: git_revision:de014227dd270df7c61bfab740eb4ae4b52ac2a7..git_revision:df39938896c4603fb2a214a2430450a85d9cca81
Rolling v8/tools/luci-go: git_revision:de014227dd270df7c61bfab740eb4ae4b52ac2a7..git_revision:df39938896c4603fb2a214a2430450a85d9cca81
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I11e049b61608a0f43f04dfa4b88ca569dfc56d6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712646
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81229}
This CL corrects the selection and print of fcfid variations
(singe and double precision).
Change-Id: I438a76793ec5fdb814ea6bc46bd0a2b0c9b2acd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712063
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81226}
Due to shared GCs it's easy to accidentally deadlock V8 by forgetting to
park a thread before blocking.
This CL does the following:
- Adds ParkingConditionVariable and ParkingSemaphore, which hide
the Wait[For] methods in favor of ParkedWait[For], which parks the
thread before blocking the thread.
- Migrate to the Parking* variants in JS shared memory tests.
Bug: v8:11708
Change-Id: I6d1b2b26a05e7df0a69a1614c03308f538a8782f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708017
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81225}
In addition to checking that a node is owned, CanCover() also needs to
check if there are any side-effects in between the current node and
the merged node. When merging inputs of inputs, this check was done
with the wrong side-effect level of the in-between node.
We partially fixed this before with `CanCoverTransitively`.
This CL addresses the issue by always comparing to the side-effect
level of the node from which we started, making `CanCoverTransitively`
superfluous.
Bug: chromium:1336869
Change-Id: I78479b32461ede81138f8b5d48d60058cfb5fa0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707277
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81217}
Drive-by: include the right header in sandboxed-pointer-inl.h and fix
missing sandbox initialization in generate-bytecode-expectations.cc.
Bug: v8:10391
Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81216}
This enables the --freeze-flags-after-init flag globally. Note that
tests, fuzzers, Node and other still explicitly disable the flag. The
chrome renderer process and default d8 execution will have it enabled
though.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I9a15ef64227e5e6e04779d8d671a2c50d99c9097
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695264
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81214}
This reverts commit 8325f86df3.
Reason for revert: Speculative revert for chromium:1336850.
Original change's description:
> [heap] Sweep code pages on the background thread
>
> We already make code pages writable & executable for concurrent
> Sparkplug. We can use the same mechanism for sweeping of code pages on
> the background thread, instead of scheduling incremental tasks on the
> main thread. This allows us to remove almost all special
> handling for code pages in the sweeper and allows us to off-load more
> work from the main thread.
>
> Bug: v8:12967
> Change-Id: Idb8e9f8e2eadbec26a386f2de683a80087f671f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695557
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81139}
Bug: v8:12967, chromium:1336850
Change-Id: I1fb775892c2679984221efa7ceb682800c88cb2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707274
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81213}
This reverts commit 035ba1d8f5.
Reason for revert: fails on Blink Linux Debug bots:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/14932/overview
Original change's description:
> [wasm] Use the API callback to resolve the wasm result promise
>
> This CL switches resolving and rejecting the wasm result promise from
> the V8-internal API to the external API added in
> https://chromium-review.googlesource.com/c/v8/v8/+/3695584.
>
> This CL can land once Chrome provided an implementation of the callback.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12953
> Change-Id: I3ca395594b4e7b5018fdcdac8c215dd4d6bf8de0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695589
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81206}
Bug: v8:12953
Change-Id: I35f85d056e2c9063f5b1280c7a3e96a20d67fcad
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709409
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81211}
This reverts commit be41754f9f.
Reason for revert: This change breaks the GCC component build (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug%20builder/1997/overview)
Original change's description:
> [wasm] Deprecate WasmModuleObjectBuilderSteraming
>
> This class is just dead code.
>
> Bug: v8:12926
> Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81169}
Bug: v8:12926
Change-Id: I8ef0dbd6ebaac0cbcc752338b7bfdf6049e6874c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707219
Owners-Override: Adam Klein <adamk@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81210}
Exceptions should propagate inside the logical stack, which can consist
of multiple wasm stack segments. When the outermost frame of the current
segment is reached, pick up the parent stack and continue the search
from there, and update the state to reflect the implicit stack switch.
Drive-by: cleanups.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191, v8:12960
Change-Id: Ia5cb39a6ae197fb68e635f986952419dc43c7b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695376
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81208}
This CL switches resolving and rejecting the wasm result promise from
the V8-internal API to the external API added in
https://chromium-review.googlesource.com/c/v8/v8/+/3695584.
This CL can land once Chrome provided an implementation of the callback.
R=jkummerow@chromium.org
Bug: v8:12953
Change-Id: I3ca395594b4e7b5018fdcdac8c215dd4d6bf8de0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695589
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81206}
Changes:
- Rename InitExpression -> ConstantExpression in places which reference
the ConstantExpression type.
- Move ConstantExpression to its own file, along with ValueOrError and
EvaluateConstantExpression.
Change-Id: Ife572d783531216b6ea3d2626e4fbf4048463253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702798
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81204}
Rolling v8/build: 4be7c7b..7e8d64b
Rolling v8/buildtools/linux64: git_revision:2ecd43a10266bd091c98e6dcde507c64f6a0dad3..git_revision:e62d4e1938a45babc9afb6db543f388cd1802a52
Rolling v8/buildtools/third_party/libc++/trunk: b126981..1a63708
Rolling v8/buildtools/third_party/libc++abi/trunk: 013bcd8..2dba7d2
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d854027..0eef537
Rolling v8/third_party/depot_tools: b603090..c5c4853
Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220613.2.1..version:8.20220614.2.1
Rolling v8/tools/clang: 30892fa..aab5788R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I97d4ae83dccc42a36734fd2ae3b047632fac8be6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708478
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81203}
This is useful for cases where we're calling a Maybe-returning
function only for its side effects and possible exception-throwing.
Change-Id: I64e73598d40b3565d83cb17166c762d8affd7a84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708022
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81201}
