The stack of an isolate's main thread is kept in the isolate's heap.
This CL sets the stack's start address when the isolate's heap is set
up; it can also be set explicitly from the embedder. The CL also fixes
threaded cctests, where an isolate is shared by many "main" threads.
Bug: v8:13257
Change-Id: Ie30bbbe4130882d94f23de946cbada748f32e22d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870923
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82973}
This reverts commit d00c040547.
Reason for revert: Failing CI tests on Mac arm64
Original change's description:
> [strings] Support shared external strings
>
> With this CL shared strings can be externalized and external strings can
> be shared.
> The StringForwardingTable is used to delay the real transition to the
> next full GC. On the API side strings marked for externalization will
> look like externalized strings.
>
> Bug: v8:12957
> Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82966}
Bug: v8:12957
Change-Id: I13155fcc788d217db56cbfd1c9e4457a81a9dbd7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870486
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82970}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=mlippautz@chromium.org
Bug: v8:12887
Change-Id: Id12f9d8270dd9fed651e1b3596c06e45aae9d6d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846151
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82969}
With this CL shared strings can be externalized and external strings can
be shared.
The StringForwardingTable is used to delay the real transition to the
next full GC. On the API side strings marked for externalization will
look like externalized strings.
Bug: v8:12957
Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82966}
This CL adds PKU support for V8 heap, but we will not enable
PKU by default before adding bots that are able to test the
PKU machinery.
Bug: v8:13023
Change-Id: I0465604d56900536ad63311f119ea0324ebe4f2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793944
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82965}
This CL refactors most of the cctests and unittests (22 out of 31) that
directly invoke heap GC, so that the corresponding internal heap methods
are called from a few specific places in boilerplate code. This will
facilitate impending changes to the interface of GC-related internal
heap methods.
Bug: v8:13257
Change-Id: Ia6773a7952501b0792b279b799171519620497d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3869264
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82927}
This CL removes the marking_worklists parameter from the
ConcurrentMarking constructor, and instead sets marking_worklists_
in ScheduleJob based on the new GarbageCollector parameter.
We will use the ConcurrentMarking class for both major and minor
marking later, and this CL does preparatory work for that by allowing
to change the mode of operation (minor/major) through ScheduleJob.
Bug: v8:13012
Change-Id: I44a35155cf19e1df139a6a4e5bc5cbedbc3e00aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3850289
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82910}
Sufficiently full pages in new space are promoted as is to old space. If
a string is allocated on such a page, it won't be promoted to the shared
heap. The string can later be promoted by the next full GC, but then it
is promoted from old space, not new space, which was not supported.
Bug: v8:12612
Change-Id: I6133e13bec9ba3110b2b9dbfb4dcef47bde25e90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865162
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82906}
Add test for ensuring that page promotion records old-to-shared slots
during a full GC.
Bug: v8:11708
Change-Id: Id2eb77a623c84586cad61d72bb80479ef69e3b29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866176
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82873}
The representation of `options.data` was previously refactored to
`v8::Value` when removing `v8::ApiObject`, but this is invalid for a
number of reasons (SMIs, v8::Value being a ZST, etc). To fix this, it
has been changed to `Local<Value>`, which also matches the
representation used for other fastcall parameters.
Bug: chromium:1052746
Change-Id: Ia4450bf3d908d4e1b7a85d6bd7ab45ea5f5f08f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3844662
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82843}
Per https://github.com/WebAssembly/function-references/pull/76,
call_ref and return_call_ref should consume type immediates specifying
the signature of the funcref. This is a breaking change.
To ease the migration, this patch introduces a temporary alternative
binary encoding for call_ref:
- 0x14 continues to *not* take a type immediate for now.
- 0x17 (formerly "let") is the new call_ref *with* type immediate. Module
producers are encouraged to emit this encoding ASAP.
- After a few weeks of transitionary period, we'll update 0x14 to
take a type immediate as well. At this point, module producers will be
encouraged to switch back to 0x14.
- After a few more weeks of transitionary period, we'll drop 0x17 again.
We're not doing the same dance for return_call_ref because it currently
has no uses that we know of.
Bug: v8:7748,v8:9495
Change-Id: Id8d468be3949f84571efff713c937ffd1addff70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863280
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82839}
- move cctest/test-parsing -> unittests/parser/parsing-unittest
- move common/{scope-test-helper, unicode-helper} to unittests/parser
directory because these are only be used by tests in unittests/parser
Bug: v8:12781
Change-Id: Ie0fb043d5df6178bbe088d140a76f606454bbf29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855313
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82837}
Methods are now defined in heap-verifier.h in the HeapVerifier class.
Bug: v8:11708
Change-Id: I13e7f1760598f3659ad6aa31082840caf2e44038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857558
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82810}
When a call_indirect fails because of a signature mismatch or a null
target, the value stack generated for debug doesn't contain the target
index anymore, which makes it hard for users to understand the error.
Keep the index on the stack, and ensure that the index is not modified
until we generate the debug info. Previously, the index was shifted
in-place to compute various offsets. Instead, use scaled loads to
compute the offset directly in the load instruction.
R=clemensb@chromium.org
Bug: chromium:1350384
Change-Id: Iad5359ec80deef25a69ac119119a0b5ca559a336
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854309
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82780}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Ieccf35730f69bcefa3740227f15e05686080d122
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843517
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82774}
Those are not safe in combination with the sandbox as they are stored as
raw pointers. Instead of turning them into ExternalPointers (which use
the ExternalPointerTable indirection), this CL simply turns them into
on-heap ByteArrays which is cheaper and should be unproblematic
security-wise as their contents can be corrupted without causing memory
corruption outside the sandbox address space (just incorrect behaviour
and/or further memory corruption *inside* the sandbox, which is fine).
Bug: chromium:1335046
Change-Id: Id2b901a58b7d6c91dd7596fca553d7c76cbc61ec
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845636
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82765}
Currently the ability to create shared isolates is partially exposed to
API. Instead of fully exposing it, this CL makes shared isolate and
shared heap handling transparent to the embedder.
If a flag that requires the shared heap is true (currently
--shared-string-table and --harmony-struct), the first isolate created
in the process will create and attach to a process-wide shared isolate.
Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted.
Bug: v8:12547
Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82756}
Change the has-optimized FeedbackVector bit to two bits, one for Maglev
and one for Turbofan. Ignition and Sparkplug can check both bits, while
Maglev will only check the Turbofan one.
Bug: v8:7700
Change-Id: I95f6e4326180cac02f127a97438f960950f09d82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856569
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82748}
This is a left-over of the removal of the dynamic (rtt-based)
variants.
Bug: v8:7748
Change-Id: I93bb74a72543a5697f1102d283c7d65c6be99466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856577
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82746}
- Move StringForwardingTable implementation to own compilation unit.
- Refactoring preparing for layout change (Introduce explicit record
class to make transition from contiguous Tagged_t fields to a
heterogeneous record layout easier).
- Replace RootVisitor pattern for transitioning/cleanup during GC with
callback.
- Minor cleanups.
Bug: v8:12957
Change-Id: Iae343393f470130eac0c54148a1303b67fb95aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845635
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82730}
--stress-opt never did what we wanted it to; it ran its runs in
different contexts (therefore not able to share feedback across runs),
and even if it didn't, each run would create new closures for any
defined closures, so we'd still more than likely end up poly- or
mega-morphic.
Fuzzers cover this use case better than --stress-opt ever did, so now
it's just using precious bot time. We can get rid of it.
Bug: v8:10386
Change-Id: Ibbb9207d887b4b1dc4ec9093858d477c0f95eb37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803228
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82722}
This CL adds a soft limit (via AllocationObserver) to run
incremental marking for MinorMC.
Once the soft limit is triggered, roots are marked.
This a stepping stone for concurrent marking
(YoungGenerationConcurrentMarkingVisitor, go/YGCMV) integration.
Bug: v8:13012
Change-Id: I5bc9aeb80511159561845deb494023ade3fb7365
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824339
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82695}
Concurrent markers could add work into the worklist before the CHECK.
Bug: v8:12775, v8:13223
Change-Id: I8ac252b0fec8e5acbcfec56dad04830e596c709d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854496
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82690}
Users should rely on CppHeap which is the only supported way of using
v8::TracedReference in going forward.
Bug: v8:13207
Change-Id: Idd03f458167c74b06f285bb568e5c77ad46003fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849037
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82681}
IsRunning() and IsMarking() are now equivalent. So IsRunning() can be
removed in favor of IsMarking().
IsComplete() is also renamed to IsMarkingComplete().
Bug: v8:12775
Change-Id: Ife88be4d674af055590ba5178ec1e410f8fa89d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849833
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82665}
- Swap() was not necessary as all uses merely required Merge()
- Remove unused empty Local ctor
- Use refrence for backref as it's always supposed to be non-null
Bug: v8:13193
Change-Id: Ide0a0de15185a67d028890371ae30528fd55a058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846863
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82648}
This change adds support for new table element types besides the
existing support for func and extern.
The newly supported types are the generic types of the 'any' subtype
hierarchy: any, eq, data and array.
All these table types are also usable and accessible via JavaScript,
causing implicit internalization and externalization of the elements
on Table::get() and Table::set().
Bug: v8:7748
Change-Id: Ie85d8f5e1d70471360dd2fb8a39cd38efaac2c22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838729
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82643}
