Commit Graph

77487 Commits

Author SHA1 Message Date
Clemens Backes
16097154cf [wasm][pgo] Keep native modules alive
If collecting PGO information, keep all modules alive until the process
dies. This allows to run multiple tests / benchmarks and combining the
profile information for all of them. Otherwise the NativeModule might be
garbage-collected between runs, and previous information would be lost.

R=manoskouk@chromium.org

Bug: v8:13209
Change-Id: I96e3cda1a123c7a1f3fbc7f5369d2366acee80e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875082
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82995}
2022-09-06 12:46:35 +00:00
Samuel Groß
003f5608a0 [sandbox] Fix non-canonical address detection in sandbox crash filter
The check for non-canonical address access must come before the check
for nullptr access as the faultaddr will be 0x0 in the former case.

Bug: v8:12878
Change-Id: I6f141d08862879ec9ccb13c081aa6c75a3707530
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875904
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82994}
2022-09-06 12:27:42 +00:00
Victor Gomes
0472d5a5aa [maglev] Add Print commands
Allows to debug print a node, similar to CSA.

Bug: v8:7700
Change-Id: I602f8f8ed8c6df6b0782dd55b477252ee31dca26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874932
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82993}
2022-09-06 09:37:58 +00:00
Manos Koukoutos
8df265970a [wasm-gc] Fixes for the JS/Wasm boundary
- i31s should not be packed in {WasmWrapperGraphBuilder::ToJS}.
- anyref should be able to hold any JS value (except null if non
  nullable).
- Restructure TypeCheckJSObject.

Bug: v8:7748
Change-Id: I51ab6b84e89a70e565ce56de7a41f8693aa28e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871073
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82992}
2022-09-06 08:59:35 +00:00
Danylo Boiko
6811cb9f88 [turbofan][turbolizer] --trace-turbo Smi support
Fixed a bug with Smis in the bytecode constant pool when running
with --trace-turbo

Bug: chromium:1356895
Change-Id: Idc8990c250c2c85f4755e45115d4c4bac167bfe3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870413
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82991}
2022-09-06 07:41:35 +00:00
Clemens Backes
1df05d5dbd [snapshot] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jgruber@chromium.org

Bug: v8:12887
Change-Id: Id293b260c1d84c2f9bd7f5c3c826f374ac6a68b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875086
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82990}
2022-09-06 06:13:35 +00:00
Clemens Backes
ca2a96837c [regexp] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=jgruber@chromium.org

Bug: v8:12887
Change-Id: Ide7272de6a59e8324f19d4f52053737b56a380d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875083
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82989}
2022-09-06 06:12:15 +00:00
v8-ci-autoroll-builder
f5cda3d1ef Update V8 DEPS (trusted)
Rolling v8/build: a412eb2..24bb610

Rolling v8/buildtools: 18d22db..46ab4c3

Rolling v8/buildtools/third_party/libc++/trunk: 369cbf3..85a3363

Rolling v8/buildtools/third_party/libc++abi/trunk: 48afced..6285577

Rolling v8/third_party/zlib: 81e0cc1..9f4113d

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If51fa917599a962c36cbb1cacfaa3c182911540a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870602
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82988}
2022-09-06 03:52:45 +00:00
Michael Lippautz
e47a942a68 cppgc: Random cleanups
- ObjectAllocator::Terminate() description was out of date.
- Compactor::CancelIfShouldNotCompact() return value was unused.

Change-Id: Ie47e70eaecaba1300ad638e155a9dd273202aca5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875084
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82987}
2022-09-05 17:35:54 +00:00
Feng Yu
41df164a1a [test] Migrate cctest/test-run-tail-calls to unittests/
Bug: v8:12781
Change-Id: Ib2d7fe959f06cb750ccf419796002efb7e569623
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865062
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82986}
2022-09-05 16:33:54 +00:00
Leszek Swirski
8c12c24d04 [maglev] Add fast-path trampolines for dynamic lookup
Dynamic maybe-context/maybe-global lookup can fast-path in the case
where there are no context extensions in the parent contexts. Add a
trampoline builtin for maglev which performs this fast path.

This is similar to Sparkplug, which calls a similar builtin (except one
which loads context and FBV from Sparkplug frame slots), and unlike
TurboFan, which creates local control flow to inline this operation
fully. Maglev avoids creating local control flow, so the builtin
approach seems more fitting.

Bug: v8:7700
Change-Id: I2f63694d9c1f907f91b8b7b8982adc9f9ba106ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871210
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82985}
2022-09-05 16:32:20 +00:00
Victor Gomes
9a2912d219 [maglev] Unconditionally create LoopPhi for contexts
Contexts are not included into bytecode loop assignment
analysis. We follow TF and create a LoopPhi unconditionally.

Bug: v8:7700
Fixed: chromium:1359662
Change-Id: I1a589a4bae2bbbf14bf637f0c1e0439e66216aae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871209
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82984}
2022-09-05 14:37:25 +00:00
Leszek Swirski
9dedaaf313 Revert "Enable background merging of deserialized scripts"
This reverts commit f388f96fdb.

Reason for revert: Crashes in canary (https://crbug.com/1360024)

Original change's description:
> Enable background merging of deserialized scripts
>
> This can save memory in cases where multiple frames in a process use the
> same script, with sufficient time between loads that the script's
> top-level SharedFunctionInfo is no longer present in the compilation
> cache. Merging is relatively fast; it generally takes about one tenth as
> long as deserialization.
>
> Bug: v8:12808
> Change-Id: I7366a51f1d2ca6a9f551cdf2bdbe0441450cf1bb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868088
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82920}

Bug: v8:12808
Change-Id: If160173afaab351d995ddcf4b60d6efe656cf70b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871208
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82983}
2022-09-05 14:26:24 +00:00
Clemens Backes
1bc4d3989e [objects] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=tebbi@chromium.org

Bug: v8:12887
Change-Id: Ia636a23e8d9fceb9bc17d830b8395bac46984285
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871202
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82982}
2022-09-05 14:15:04 +00:00
Clemens Backes
62cebbe031 [builtins] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=nicohartmann@chromium.org

Bug: v8:12887
Change-Id: Icc9016552c53489afd821ff6d360c025e48fee18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871201
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82981}
2022-09-05 13:59:05 +00:00
Clemens Backes
c61b985ee0 [baseline] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=leszeks@chromium.org

Bug: v8:12887
Change-Id: I17a168a4810f13087be34a58358c684f1516da99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870489
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82980}
2022-09-05 13:51:44 +00:00
Clemens Backes
943de45545 [wasm][pgo] Introduce flags for PGO via local files
This adds two flags to dump "type feedback" (call targets and
frequencies) to a local file, or load it from there. This is meant for
experimentation only.

Some implications are removed, as (speculative) inlining now does not
require Liftoff any more, but can also use information from PGO.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I2d34233ce4077db61f5c237b1941136ac61d3b73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870470
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82979}
2022-09-05 13:48:45 +00:00
Leon Bettscheider
4320ed7dcc [heap] Enable MinorMC concurrent marking
This CL implements ConcurrentMarking::RunMinor which uses
YoungGenerationConcurrentMarkingVisitor (go/YGCMV).

This CL also implements Teardown and FinishConcurrentMarking, and
schedules minor concurrent marking in
IncrementalMarking::StartMarkingMinor.

Additionally, this CL opts out of ConcurrentMarking::PauseScope in
Heap::MinorMarkCompact if concurrent MinorMC is active because
concurrent marking will be finalized in FinishConcurrentMarking
subsequentially.

Bug: v8:13012
Change-Id: I78fe18416e564565c6421243ff40dec7561fb20a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850292
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82978}
2022-09-05 13:43:24 +00:00
Igor Sheludko
633cc57f8d [runtime] Update transitioning target when deserializing values
Bug: chromium:1359936
Change-Id: If5b09647dbb341b056a782ae6d1733351c8061bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870487
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82977}
2022-09-05 13:29:54 +00:00
Leon Bettscheider
fb41a1369e [heap] Remove global handle marking barrier for MinorMC
This CL removes global handle marking barriers for MinorMC because
global handles should only be marked by MajorMC.

Bug: v8:13012
Change-Id: I23737f128c01eee75b2b1a19f47c4bcf6d043976
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872270
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82976}
2022-09-05 13:05:08 +00:00
Camillo
10f0fb9d89 [tools] Improve linux-perf-d8.py
- Disable interspersed args for a cleaner CLI
- Auto upload pprof results for authenticated googlers

Change-Id: I3bfa602980ed659c8671910ea77dddedabc84e12
No-Try: True
No-CQ: True
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871200
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82975}
2022-09-05 13:04:05 +00:00
Michael Lippautz
ec5a042e66 cppgc: Fix AgeTableTest
The test broke in
  https://crrev.com/c/3865148

Bug: chromium:1352649
Change-Id: I9857fd359d73a4c1f7d202feba27a3dcf56e23c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872275
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82974}
2022-09-05 12:56:15 +00:00
Nikolaos Papaspyrou
7c79ab6d43 [heap] Fix setting start of stack
The stack of an isolate's main thread is kept in the isolate's heap.
This CL sets the stack's start address when the isolate's heap is set
up; it can also be set explicitly from the embedder. The CL also fixes
threaded cctests, where an isolate is shared by many "main" threads.

Bug: v8:13257
Change-Id: Ie30bbbe4130882d94f23de946cbada748f32e22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870923
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82973}
2022-09-05 12:43:21 +00:00
Leszek Swirski
c6a8832e88 [turbofan] DCHECK that lookups have a slow path
LdaLookupGlobal/ContextSlot loop over parent contexts to check for
context extensions. If there aren't any, they can do a fast
context/global load, otherwise they have to call a runtime slow path.

The bytecode graph builder didn't build a slow path in the case where no
context extensions are possible, by depth == 0 or static scope info
information that there are no possible context extensions. However, this
information is already known to the interpreter, so that should already
elide the lookup in these cases. So, get rid of the slow path being
optional in TurboFan, and consider such cases bytecode generation bugs.

Change-Id: Ib69f90e51b0f783306824fed56911d039f7e134e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872277
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82972}
2022-09-05 12:42:18 +00:00
Leszek Swirski
007862bf18 [maglev] Workaround for linux perf logging
Workaround crbug.com/13261 by converting the maglev CodeT into a Code.

Bug: v8:7700
Bug: v8:13261
Change-Id: I5ef692dea9d7c4eee2c1ca6476f572fc415f5ed0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872274
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82971}
2022-09-05 12:41:15 +00:00
Matthias Liedtke
0b1b79d24a Revert "[strings] Support shared external strings"
This reverts commit d00c040547.

Reason for revert: Failing CI tests on Mac arm64

Original change's description:
> [strings] Support shared external strings
>
> With this CL shared strings can be externalized and external strings can
> be shared.
> The StringForwardingTable is used to delay the real transition to the
> next full GC. On the API side strings marked for externalization will
> look like externalized strings.
>
> Bug: v8:12957
> Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82966}

Bug: v8:12957
Change-Id: I13155fcc788d217db56cbfd1c9e4457a81a9dbd7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870486
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82970}
2022-09-05 12:06:17 +00:00
Clemens Backes
7d3d3a780c [heap] Use v8_flags for accessing flag values
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.

R=mlippautz@chromium.org

Bug: v8:12887
Change-Id: Id12f9d8270dd9fed651e1b3596c06e45aae9d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846151
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82969}
2022-09-05 10:59:05 +00:00
Clemens Backes
203c18b993 [wasm] Make typer errors fatal
With PGO, I am hitting typer errors. Instead of just saying
"UNREACHABLE", do print an error message instead, which would previously
have required passing --trace-wasm-typer.

R=manoskouk@chromium.org

Bug: v8:13209
Change-Id: I75498782712b6adfeb1236f6882c49d015f9ef78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870920
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82968}
2022-09-05 10:42:46 +00:00
Jakob Linke
e6998519c6 [maglev] Fix missing safepoint for OSR support
Bug: v8:7700
Change-Id: Ie940b85cc801de056ce3572b73669ba924aa03b4
Fixed: chromium:1359597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872272
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82967}
2022-09-05 10:35:38 +00:00
Patrick Thier
d00c040547 [strings] Support shared external strings
With this CL shared strings can be externalized and external strings can
be shared.
The StringForwardingTable is used to delay the real transition to the
next full GC. On the API side strings marked for externalization will
look like externalized strings.

Bug: v8:12957
Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82966}
2022-09-05 10:14:12 +00:00
wenqin.yang
a3a2284edc [pku][heap] Support PKUs for V8 heap
This CL adds PKU support for V8 heap, but we will not enable
PKU by default before adding bots that are able to test the
PKU machinery.

Bug: v8:13023
Change-Id: I0465604d56900536ad63311f119ea0324ebe4f2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793944
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82965}
2022-09-05 10:13:07 +00:00
Leszek Swirski
3f9f1eeefa [maglev] Depend on stable protos up to validity cell
Inline DependOnStablePrototypeChain to iterate only those maps which
share a validity cell with the receiver map. This resolves an issue
where maps after the holder object violate the stability invariants, but
doesn't require looking up what the actual holder is.

Bug: v8:7700
Change-Id: Id06f0d13660f547e14dd25085799c0e6223c34b9
Fixed: chromium:1359215
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871298
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82964}
2022-09-05 10:12:04 +00:00
Matthias Liedtke
271bd0866f Revert "[sandbox] Sandboxify ExternalString external pointers"
This reverts commit e7bf81100a.

Reason for revert: Failing TSAN runs

Original change's description:
> [sandbox] Sandboxify ExternalString external pointers
>
> Bug: v8:10391
> Change-Id: I0f737e5adf6e4fd24f93436fa5680ff20c1536da
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757901
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82958}

Bug: v8:10391
Change-Id: I384d49016b9494655866339a21dab60d451158a7
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872271
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82963}
2022-09-05 09:47:24 +00:00
Leszek Swirski
f620df20d6 [maglev] Call the write barrier in GeneratorStore
There was a missing write barrier for the saved registers and context
in GeneratorStore. Add (deferred) write barriers for these, with some
careful register reshuffling to minimise moves.

Bug: v8:7700
Change-Id: Icf50e96adf3775785ce9b2c5a7566ecbbd1d63d9
Fixed: chromium:1359163
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870914
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82962}
2022-09-05 08:38:30 +00:00
Michael Achenbach
9beb6f383c [foozzie] Avoid more contradictory flags
This ignores one of --assert-types and --stress-concurrent-inlining if
used together. We already filter those from trials, but they also might
get picked from // Flags lines in test cases.

No-Try: true
Bug: chromium:1359829
Change-Id: I7e46afb53bdbb0a871c7443a5a66a339046eb3de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871195
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82961}
2022-09-05 08:37:26 +00:00
Tom Anderson
a482e33fdb Fix build with -Wextra-semi (arm64)
Bug: chromium:1355871
Fixed: chromium:1359712
No-Tree-Checks: true
Change-Id: I01e35ec6c35d82608797d8ae222d79a125ca5758
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872346
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82960}
2022-09-05 08:17:27 +00:00
v8-ci-autoroll-builder
c178d3d407 Update V8 DEPS (trusted)
Rolling v8/build: aebd733..a412eb2

Rolling v8/third_party/depot_tools: eb16430..a089281

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220902.0.1..version:9.20220902.1.1

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ied5248bff1159fc65f61bfc512464e356578840b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872519
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82959}
2022-09-05 07:33:45 +00:00
Samuel Groß
e7bf81100a [sandbox] Sandboxify ExternalString external pointers
Bug: v8:10391
Change-Id: I0f737e5adf6e4fd24f93436fa5680ff20c1536da
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757901
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82958}
2022-09-05 07:32:39 +00:00
v8-ci-autoroll-builder
b804d8d0b9 Update V8 DEPS (trusted)
Rolling v8/build: 15f3aed..aebd733

Rolling v8/buildtools: 734683a..18d22db

Rolling v8/buildtools/third_party/libc++/trunk: 84f0693..369cbf3

Rolling v8/third_party/depot_tools: 8cdc635..eb16430

Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220831.2.1..version:9.20220902.0.1

Rolling v8/tools/clang: e0c2881..0a22859

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I01a1df8f6fe1db74fad773480edb5801f2851219
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872510
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82957}
2022-09-03 03:56:53 +00:00
Leon Bettscheider
0d192e1e70 [heap] Select MinorMC to finalize incremental MinorMC
This CL makes SelectGarbageCollector choose MinorMC to finalize
minor incremental marking if the allocation space is new space.

Bug: v8:13012
Change-Id: I0125d956842d83683cf3b1c5999de0e10a43dee5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871074
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82956}
2022-09-02 18:16:23 +00:00
Leon Bettscheider
cc3bd0e631 [heap] Only one active new space allocation observer
This CL exclusively activates ScavengeTaskObserver, used by Scavenger
and atomic MinorMC, or MinorMCTaskObserver, used by concurrent
MinorMC.

Bug: v8:13012
Change-Id: I313b0cbe250828cc76d7d4b25e9abb457315112e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871295
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82955}
2022-09-02 17:41:03 +00:00
Ilya Rezvov
d7c306a2d9 Reland "Port Generic JS-Wasm Wrapper for arm64"
This is a reland of commit 5a318a2313

Original change's description:
> Port Generic JS-Wasm Wrapper for arm64
>
> Bug: v8:10701
> Change-Id: I2014f8994c74379663998e2560d1d51b98a4a9a6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811834
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82915}

Bug: v8:10701
Change-Id: Ic0ac1478759150a5cc7e75d1a8e4e465e0d48233
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869197
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82954}
2022-09-02 16:53:34 +00:00
Patrick Thier
e547fe70f9 [strings] Fix concurrent internalization of external strings
When internalizing cached external string that are not in-place
internalizable, there is an optimization that avoids copying the
contents of the string. This optimization doesn't work when the string
table is shared, as it leaves strings in a partly initialized state that
can be accessed in a concurrent environment.

Bug: v8:12007
Change-Id: I49fcbb232893c87d065af114546a6f1a15471016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870469
Auto-Submit: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82953}
2022-09-02 16:16:13 +00:00
Manos Koukoutos
c716142410 [OWNERS] Make Matthias Liedtke a wasm owner
Change-Id: Ie36ef2b934b4ea1fd256175748daac73246be826
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870467
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82952}
2022-09-02 16:05:02 +00:00
Dominik Inführ
3ec02e314c [heap] Fix aborting compaction with map space compaction
When aborting compaction on a page, slots need to be recorded in the
non-evacuated part. Now that maps might be recorded as well, slots
need to be recorded in the map word as well.

Bug: chromium:1359294, v8:12578
Change-Id: I91e4a98ae2951d814d4b50e527b34d8e54d55434
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871297
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82951}
2022-09-02 16:03:03 +00:00
Shu-yu Guo
bbc38834d6 Fix DoubleToInteger to never return -0
DoubleToInteger, which corresponds to the ToIntegerOrInfinity AO in
ecma262, never returns -0. Currently there's a bug as std::ceil can
return -0.

Bug: v8:10271
Change-Id: Id5e7d040ef9d186462022dc96052d7920be6ebed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869196
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82950}
2022-09-02 15:41:23 +00:00
Clemens Backes
45c878a6da [wasm] Refactor TransitiveTypeFeedbackProcessor
A minor refactoring to call a static method instead of just creating an
instance in order to do the work.
This also makes it easier to later add methods to process all feedback
before dumping profile information.

R=jkummerow@chromium.org

Bug: v8:13209
Change-Id: I157357753b3a1cff83df426660501c43959937b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870468
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82949}
2022-09-02 15:36:54 +00:00
Leon Bettscheider
e69fa72620 [heap] Fix regression in IncrementalMarkingJob::ScheduleTask
This CL fixes a regression caused by https://crrev.com/c/3865147.

Bug: v8:13012
Change-Id: I2a0b89965a305197b499044ea7b10285a763dc4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871296
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82948}
2022-09-02 15:25:43 +00:00
Jakob Linke
de762c9630 [compiler] More conservative reads of call feedback
The `target` field of call feedback may be stored in the feedback
vector without protection by generated code (see
TryInitializeAsMonomorphic).  We thus can't assume a memory fence
exists when creating the ref, switch to TryMakeRef instead.

Bug: v8:7790,v8:12876
Change-Id: I428b00b19a417e818c315f1cf9ee62d19f0747d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867728
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82947}
2022-09-02 15:15:34 +00:00
George Wort
5981d168b1 [compiler] Apply StoreStoreElimination through bitcasts
Add BitcastWordToTagged and BitcastWordToTagged to
CannotObserveStoreField in StoreStoreElimination to
allow more stores to be eliminated.

Also add the use properties in CannotObserveStoreField
so that future nodes don't block opportunities.

Improves Speedometer2 by 0.16% and 0.12% on a Cortex-A55
and a Neoverse-N1 machine respectively, with Preact seeing
+0.8% on both.

Change-Id: I0cfe887ec4c0c435dbb0f9d8dc3da4bfcdabc265
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865560
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82946}
2022-09-02 15:01:18 +00:00