This CL skips the MarkingFromInternalFields write barrier when
MinorMC concurrent marking is active, because we do not run Oilpan
young GCs yet.
Bug: v8:13012
Change-Id: Ib73dea8357be6d135290009258b5d172477a633b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865464
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82895}
This is a reland of commit ddafb7a30e
CL is relanded without changes. https://crrev.com/c/3865965 and
https://crrev.com/c/3865967 fixed the failing DCHECKs that caused
this CL to be reverted.
Original change's description:
> [heap] Verify client heaps during shared GC
>
> With --verify-heap verify all client heaps before and after a shared
> GC. This ensures that the OLD_TO_SHARED remembered set is properly
> filled for each client isolate.
>
> Bug: v8:11708
> Change-Id: I1506a419c7a91c5baa87ce251da9861d8ad9e066
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857559
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82829}
Bug: v8:11708
Change-Id: I38bd6724807fee36bc47d70b0d83156b81a2b4fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865968
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82893}
Currently MinorMC does not suport incremental marking but uses the
IncrementalMarking class to bootstrap concurrent marking.
IncrementalMarkingJob::ScheduleTask is called from multiple call
sites which assume major incremental marking. This CL adds a bailout
to ScheduleTask on IsMajorMarking()==false to avoid erreoneously
doing incremental steps while in MinorMC mode.
Bug: v8:13012
Change-Id: I57803a8f258697478a9696716063c8c2cae1ae30
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865147
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82891}
This CL removes two DCHECKs which no longer hold with minor
concurrent marking.
Bug: v8:13012
Change-Id: I6f24284f0955c57deeb2fa2c300623d9aedfdd3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865463
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82890}
Some wasm simd unit tests are not guarded by V8_ENABLE_WEBASSEMBLY,
it will cause test failure on no-wasm build.
Change-Id: Ib08e133f979e492ca620191d799f641bdb0f60bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866706
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#82887}
We've previously reset profiler ticks on ML finalization to avoid
unexpected early tierups to TF. This CL additionally avoid early TF
tierup through the `small function` reason by disabling small-function
optimization.
Bug: v8:7700
Change-Id: I57ba294af0d1d189f76c2cb1ffc31af0837b1e42
Fixed: v8:13242
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865550
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82886}
Emit an unconditional deopt if a BinOp/CompareOp has insufficient
feedback, rather than emitting a generic op.
Bug: v8:7700
Change-Id: I3e47d82716a8fe7832cc179e949d689b9aef14e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867731
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82885}
... for PC-relative builtin calls/jumps and explicitly use near_call /
near_jump instructions.
This is a step towards
1) removing the RelocInfo::RUNTIME_ENTRY which was temporarily used
for this purpose,
2) being able to remap embedded builtins into the code range multiple
times.
Bug: v8:11527
Change-Id: Ife26c8bbc524be0b07f333776716f22bd4bd36aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866190
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82884}
.. and update old entries:
- Remove --no-untrusted-code-mitigations (flag no longer exists)
- Make --stress-concurrent-inlining-attach-code less likely since it
mostly overlaps with --stress-concurrent-inlining and there haven't
been many reports in this are lately.
Bug: v8:7700
Change-Id: Ic88ea74ca88a7c14edfc39bc0a55b846bb01e465
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867506
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82882}
Introduce an inspector client interface method for running an
"instrumentation pause" (when an instrumentation breakpoint is hit).
This allows the client to run a more restrictive version of message
pumping on instrumentation breakpoint hits.
If not overriden, the instrumentation pause message loop handler will
run the normal message loop. Such an implementation preserves the
behavior for existing clients.
Bug: chromium:1354043
Change-Id: Id33bb10503d73b59b24e63fd9d24631611f68dee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863256
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82881}
Changes:
- Limit how often a function can be inlined, mostly to constrain
recursive-function inlining.
- Move call count limiting earlier (to WasmInliner::ReduceCall), and
guard it behind the flags that are required to generate call counts.
Bug: v8:12166
Change-Id: Ie3c140daff110e08fe7103ee79393ea27ae49bb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865918
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82880}
Rolling v8/build: d74c524..252971c
Rolling v8/buildtools: 69f262d..c24a0d5
Rolling v8/buildtools/linux64: git_revision:5705e56a0e5856621415cfdf444432554e72c9c9..git_revision:00b741b1568d56cf4e117dcb9f70cd42653b4c78
Rolling v8/buildtools/third_party/libc++/trunk: e5670a0..42e738f
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/6552f9b..638d30e
Rolling v8/third_party/depot_tools: b0fb8d5..5084800
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220830.2.1..version:9.20220831.2.1
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Ic2b31700344a5e433521362408949fa382ae0d2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865743
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82879}
Port commit ed90ea5cf7
Port commit ed90ea5cf7
Port commit ab5db111d0329cb0954c110a8cc67b9793b2bb8f
Change-Id: I7981793d7f38d3769a1c9fdca23b7607d7772089
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867138
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#82878}
This CL removes dependence on the ForegroundTaskRunner in the shared
isolate because the shared isolate doesn't have one associated with it.
There are 3 places:
1. The memory reducer is no longer allocated on the shared isolate.
2. The WasmEngine is no longer initialized for the shared isolate, which
never executes user code.
3. Ability to post non-nestable tasks is no longer required on the
shared isolate. This is required for FinalizationRegistry, and
the shared isolate never executes user code.
Bug: v8:11708
Change-Id: I4b0cf2c8dc8686ccc7b7d24e6c9e12eb4b9d03d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864275
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82876}
We fixed the test earlier but forgot to remove the SKIP.
Bug: v8:11544
Change-Id: I6594dc2ad07fe88fdc2ed9bfaa0f0715bc14930b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867132
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82874}
Add test for ensuring that page promotion records old-to-shared slots
during a full GC.
Bug: v8:11708
Change-Id: Id2eb77a623c84586cad61d72bb80479ef69e3b29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866176
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82873}
If we see a default ctor, walk up the constructors until we find a non-
default one.
Default ctors can only be skipped if there are no class fields / private
brands.
This CL implements the Ignition parts; Sparkplug, Maglev and TF will
be implemented as follow ups. (This is fine, since this feature is
behind a flag.)
Bug: v8:13091
Change-Id: Ie8ca8aedb01bd4b13adf1063332a5cdf41ab358a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804601
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82872}
This CL has two changes:
1. Remove ValueDeserializer::Delegate::SupportsSharedValues. Only
ValueSerializer::Delegate needs to report whether it supports
serializing shared values. The ValueDeserializer::Delegate should
DCHECK if it gets a shared object tag but it doesn't support it.
This better mirrors what happens with SharedArrayBuffer transfers
currently.
2. When attempting to serialize a shared object (shared struct, shared
array, Atomics.Mutex, or Atomics.Condition) when
!SupportsSharedValues(), throw instead of assert. This is for better
ergonomics.
Bug: v8:12547
Change-Id: I2bb66830393526578016813c4e3488859dd07073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866302
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82870}
Rename BytecodeOperandFlag to BytecodeOperandFlag8. The methods in
interpreter-assembler were missed in https://crrev.com/c/3857561.
Change-Id: I09383531e4d16e6e428a56feb76192156211dc81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867515
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82869}
When an entry is allocated from the freelist, is is not correct to
`DCHECK(entry.IsFreelistEntry())` before the compare-and-swap succeeds:
another thread may have allocated the same entry in the meantime,
thereby turning it into a regular entry. However, in that case the CAS
will fail and then entry allocation will be retried.
Drive-by: factor out the common logic from AllocateAndInitializeEntry
and AllocateEvacuationEntry into a new TryAllocateEntryFromFreelist.
Bug: v8:13246
Change-Id: Idf16b67a2ca5ddeef16620a4d6f4a8a6c07d917b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865864
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82868}
Some optimizations need to know if an operation has multiple uses,
for example to avoid extending live-ranges.
However, maintaining full use-lists is expensive memory-wise and
not really needed in this case, where we only need to distinguish
between 1 or more uses.
Therefore, we only count the number of uses. To save even more memory,
we use the 1 byte currently left for alignment padding in the
operation header and put the count there.
With a single byte, we cannot count beyond 255, but for the use-case
at hand, this is enough. When reaching 255, we no longer track the
use-count.
Nodes with so many uses should be rare and their use-count will usually not go down to 1 again, so this does not loose much precision.
Another possible future use of these counts is reserving memory for
full use-lists.
This CL also removes mutable access to node inputs, as this would need
to update use-counts and is not actually needed currently.
Bug: v8:12783
Change-Id: Idd2035c6f8ced6317e3aec0c42eecd1383e86248
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863266
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82867}
In preparation for the new `v`-flag, extend RegExp flags from 1-byte to
2-byte.
Bug: v8:11935
Change-Id: I2dacb5e8dba889947054aa5c155708b8d315b898
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857561
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82863}
OSR is triggered based on the condition:
bytecode_size <= x + profiler_ticks * y
where x and y are constants selected in the dawn of time. Since the
presence of Maglev introduces multiple interrupt budgets for different
target tiers (which control how often profiler_ticks are incremented),
constant y must be adapted to stay somewhat close to the old OSR
timing behavior.
Bug: v8:7700
Change-Id: I0f182d28fd64a58f2f6d8346cca0d553fbeae184
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866175
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82862}
During shared heap verification, we might verify the client heap
from the shared heap's thread. In this case this DCHECK doesn't hold.
Since there is no strong need for that DCHECK simply remove it.
Bug: v8:11708, v8:13244
Change-Id: I90897915290f5238da2559538ce3cfe7ab4e9dff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865967
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82861}
Due to https://crbug.com/1195263, large typed arrays can have an
observable difference on the same architecture, depending on
optimization behavior.
For differential fuzzing comparisons, we previously used a proxy
for typed arrays that capped the maximum size only when comparing
different architectures - there an observable difference is WAI.
We move the capping code and make it arch-independent for now until
the bug above gets fixed, since it caused too many duplicates, which
degrade fuzzing performance.
Bug: chromium:1195263
Change-Id: Ic81c383e547413378cbe037de3c38eb900a9e5dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866173
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82860}
.. since ticks collected in lower tiers use a different budget than
ticks collected in ML code. Keeping ticks from a lower tier would lead
to earlier-than-expected TF compilation requests.
Also, remove the runtime call between loops in osr-from-ml-to-tf.js
to not give TF too much time to tier up. It should no longer happen
now that ticks are cleared, but there's also no reason for the runtime
function to between the loops.
Bug: v8:7700
Fixed: v8:13242
Change-Id: I901c636079de05cb62d2aae1c92f0285a0f8c1ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867310
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82859}
This reverts commit 911c7170dc.
Reason for revert: Reverting because of the revert in https://crrev.com/c/3867311
Original change's description:
> [debug] CHECK that a function's context is always available
>
> After https://crrev.com/c/3854501 has landed, we no longer have to
> handle the case that we do not find a function's context in the
> scope iterator even though the function requires one.
>
> This CL renames `NeedsAndHasContext` to `NeedsContext` since we
> always find a scope's context now. Additionally we turn this
> assumption into a dedicated check.
>
> R=bmeurer@chromium.org
>
> Bug: chromium:1246907
> Change-Id: I6458df76689c0bfa6d6b2f8c421f9ce481855547
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865153
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82848}
Bug: chromium:1246907
Change-Id: I1c8849ce60533f5c6da99f432bf1902ade47bb8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866174
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82858}
- Remove TruncateInt64ToInt32 instead of translating to Turboshaft, since it has no effect. Removing it simplifies pattern-matching in optimizations.
- Change how exception handling is done in Turboshaft: The exception value is obtained as the result of `CatchExceptionOp` instead of a special projection. This simplifies projections.
- Add `TupleOp` as the counterpart to `ProjectionOp`, which is useful
for lowerings of operations that have multiple outputs.
- Split BinopOp into WordBinopOp and FloatBinopOp because they have quite different semantics and many kinds only exist for one of them.
- rename IntegerUnary to WordUnary and other occurences of
Integer/Integral
- rename ChangeOp::Kind::kUnsignedFloatTruncate` to `kJSFloatTruncate`
because it actually has JS wrap-around semantics.
- move/add representation DCHECKs to operation constructors.
- add some convinience helpers to `AssemblerInterface`.
- Add a mechanism to check which operations are supported by the machine.
Drive-by fix: Abort current block in OptimizationPhase::VisitBlock if
we lower to a block-terminator.
Bug: v8:12783
Change-Id: Ib738accccd22fb1606d9dab86f57ac1e739fcec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857449
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82857}
There are 2 kinds of WasmToJs code: one uses a WasmFrame and the other
a simple TypedFrame TF frame. This CL introduces WasmToJsFunctionFrame
(as a simple TypedFrame) to dfferentiate from the WasmFrame counterpart.
This was not an issue before
https://crrev.com/c9c490891ab3d63fc790770cb1c76f8013ba963f
since we used to use a single master function for pointer iteration.
No-Tree-Checks: true
Bug: v8:13243
Change-Id: I97f7e8c897159ca3cafa65ff6ddf836c5ef7b76e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865969
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82856}
This reverts commit 3297ccca23.
Reason for revert: V8 roll is failing https://luci-milo.appspot.com/ui/inv/build-8804330987023399745/test-results?q=DevToolsTest.TestPauseWhenScriptIsRunning
Original change's description:
> [debug] Immediately step-in for 'stack check triggered' debug breaks
>
> This CL changes debug breaks that are triggered via interrupts (i.e.
> via stack check). One client of this behavior is the `Debugger.pause`
> CDP method.
>
> The problem is that when we pause so early, the JSFunction didn't have
> time yet to create and push it's context. This requires special
> handling in the ScopeIterator and makes an upcoming change unnecessary
> complex.
>
> Another (minor) problem is that local debug-evaluate can't change
> context-allocated local variables (see changed regression bug). Since
> the context is not yet created and pushed, variables are written to
> the DebugEvaluateContext that goes away after the evaluation.
>
> The solution is to mirror what `BreakOnNextFunction` does. Instead
> of staying paused in the middle of the function entry, we trigger
> a "step in" and pause at the first valid breakable position instead.
> This ensures that the function context is already created and pushed.
>
> Note that we do this only in case for JSFunctions. In all other cases
> we keep the existing behavior and stay paused in the entry.
>
> R=jgruber@chromium.org
>
> Fixed: chromium:1246907
> Change-Id: I0cd8ae6e049a3b55bdd44858e769682a1ca47064
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854501
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82817}
Change-Id: I0c34b7b4a788572a73ca380b3d767223fb6e7ea1
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3867311
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82855}
Use raw_native_context().normalized_map_cache() to avoid handle
creation in a safepoint.
Handles have all kinds of DCHECKs that may not hold during heap
verification.
Bug: v8:11708, v8:13244
Change-Id: I3f9ceae6533059c119287b833d5795f8fa67f9d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865965
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82854}
Concurrent marking jobs were only joined in Heap::TearDown and
therefore may still update counters while DumpAndResetStats() emits
stats.
This CL stops concurrent marking tasks in Heap::StartTearDown when
also stopping other concurrent tasks like sweeping or unmapping of
pages.
Bug: v8:13175, v8:12775
Change-Id: Iccddbfce5e30002e0db63ba0bdea5ea6b2d5cc40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827869
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82849}
After https://crrev.com/c/3854501 has landed, we no longer have to
handle the case that we do not find a function's context in the
scope iterator even though the function requires one.
This CL renames `NeedsAndHasContext` to `NeedsContext` since we
always find a scope's context now. Additionally we turn this
assumption into a dedicated check.
R=bmeurer@chromium.org
Bug: chromium:1246907
Change-Id: I6458df76689c0bfa6d6b2f8c421f9ce481855547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865153
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82848}
Rolling v8/build: adc338f..d74c524
Rolling v8/buildtools: cf8185c..69f262d
Rolling v8/buildtools/third_party/libc++/trunk: 26e3467..e5670a0
Rolling v8/third_party/depot_tools: bbb66d7..b0fb8d5
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220826.3.1..version:9.20220830.2.1
Rolling v8/tools/clang: ad4caa4..b72e51aR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I642b0da0a35c541f74246b668c86b4448ce3dc09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866212
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82847}
