Fix for the following compilation error which occurs
after this upgrade:
crrev.com/c/3961032
```
error: bitwise operation between different enumeration types
```
Change-Id: I50e59f7bda6ef0102fa5ec9619509764c9e6d909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963691
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#83784}
When forwarding strings during GC, String::MakeThing will invoke
NotifyObjectSizeChange to right-trim the object. This in turn leads
to clearing of slots in SHARED_SPACE.
This CL relaxes a DCHECK to allow Heap::ClearRecordedSlotRange on
objects in SHARED_SPACE during a full GC.
Bug: v8:13267
Change-Id: I908f750c07494cb557958e9309eecf3c531a0ab4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963193
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83783}
Concurrent sweeping for MinorMC means mementos may be swept concurrently
while the main thread is reading them (e.g. to check if there is a valid
memento present). Avoid this race by assuming that all mementos on pages
that are currently being swept are gone and bail out for pages which are
still being swept.
The exception to this rule is getting memento for GC, which happens only
in the atomic pause and may intentionally try to get the memento while
sweeping.
Bug: v8:13393
Change-Id: I7bcfb437f24d21849c755875dcf4002cdfd0385e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963120
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83782}
Pretenuring happens at the end of the atomic pause. With MinorMC, this
maybe before sweeping is completed. Thus the allocation site updates
will remain until the next GC cycle. However, the next cycle may move
allocation sites when evacuating pages, and thus make the pretenuring
data collected invalid.
MinorMC needs to update pretenuring decision after finalizing sweeping.
Bug: chromium:1374998
Change-Id: I585bdc4a1495ae6419d01eb6d5075832366b4198
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963116
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83781}
CWasmArgumentsPacker stores ref types as full pointers even when pointer
compression is enabled and should calculate its buffer size accordingly.
Bug: v8:13388
Change-Id: I6c1c6b5ecd879af5ca61cbc2a31edfc660fdb036
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3962030
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83779}
This is only used for GC, so not performance critical for now, but since
this is the last use of ZoneVector in the function body decoder, we also
switch it to a FastZoneVector.
R=jkummerow@chromium.org
Bug: chromium:1358853
Change-Id: Id469364a69ebca4384f49db59313ddb536bc1f67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960408
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83775}
Rolling v8/build: 7e7c21a..2cf254f
Rolling v8/buildtools: 9174abb..ca6213a
Rolling v8/buildtools/linux64: git_revision:cc28efe62ef0c2fb32455f414a29c4a55bb7fbc4..git_revision:b9c6c19be95a3863e02f00f1fe403b2502e345b6
Rolling v8/buildtools/third_party/libc++/trunk: 2e91997..e6caea4
Rolling v8/buildtools/third_party/libc++abi/trunk: db2a783..685c4ad
Rolling v8/buildtools/third_party/libunwind/trunk: 08ebcbe..1111799
Rolling v8/third_party/android_platform: 04b3350..1bf9b93
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ff03621..98d333e
Rolling v8/third_party/depot_tools: a724859..77e64ae
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220919.2.1..version:10.20221017.2.1
Rolling v8/third_party/instrumented_libraries: e09c4b6..26f2d29
Rolling v8/tools/clang: a5e0d72..2619cde
Rolling v8/tools/luci-go: git_revision:20c50aa39686d91330c2daceccaa4ef1a0a72ee4..git_revision:9f65ffe719f73af390727d369b342c22fa37ea54
Rolling v8/tools/luci-go: git_revision:20c50aa39686d91330c2daceccaa4ef1a0a72ee4..git_revision:9f65ffe719f73af390727d369b342c22fa37ea54
Change-Id: Ie07081ffa0b5c8512313ab1ba1915788c2a2e5bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3961032
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83773}
Since base::SharedMutex is now implemented via std::shared_ptr on Mac
(https://crrev.com/c/3870465), we do not need this special handling any
more.
As std::shared_ptr has slower performance than pthread_rwlock_t on
Android (see Runtime_WasmCompileLazy), we switch back to
base::SharedMutex.
This reverts commit f2faee8519.
R=ishell@chromium.org
Bug: v8:13256, chromium:1375009
Change-Id: Iebcff53a9b51f219ca4f12e0a539506781c94734
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959745
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83772}
Inlined virtual methods that are declared in *.h file but defined in
*-inl.h prevent generating a vtable for the type when only the *.h
file is included.
Bug: chromium:1374227
Change-Id: I01ff41248137ad69ec1ce23f4254e69c043d80ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959621
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83771}
This avoids some more OOB checks, saving binary size. Note that without
Wasm GC, this code is dead, so we can't expect performance wins from
this in production code, only binary size savings.
R=jkummerow@chromium.org
Bug: chromium:1358853
Change-Id: I426ce318c900322c9fcfc9d22a24c03855ddd885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959736
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83770}
We want to trigger CQ builders with the resultdb flag on.
V8-Recipe-Flags: resultdb
Bug: v8:13316
Change-Id: I42299909504bddae51348ab1a70b43b5d8239453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3962988
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83769}
Collect feedback for small BigInt division and modulo operation in
the interpreter and use feedback for BigInt subtraction,
multiplication, and division in turbofan except modulo operation
because it is not supported yet in turbofan.
Bug: v8:9407
Change-Id: I931cf9f70778c866599611474f1834417f023a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948787
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83768}
Remove the dedicated MinorMC sweeping flag and merge with the
general concurrent sweeping flag.
Bug: v8:12612
Change-Id: I278f274e293a7160839259df38b4a2951df31e91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3936272
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83767}
A generic DCHECK (in builtins-utils.h) checks if the content in
kContextRegister is properly a context.
Bug: v8:7700, chromium:1375932
Change-Id: Ib5e6ac7d331678faf1a6ec5737d93bbf555c3870
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959819
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83766}
Use fast path for locales that don't need special handling.
Related CL for toLocaleLowercase: crrev.com/c/3952317
Change-Id: I400df77c8101715681c7f741581545924dbbfc57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3958915
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83764}
The feature landed in M105 so we can remove the kill switch with
M109. We haven't seen any crashes related to this feature.
R=bmeurer@chromium.org
Bug: chromium:1334484
Change-Id: I5e238d350b383c1b71781de750b634a891c5b0c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959818
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83763}
Since the agent instance represents the DevTools session it should
be responsible for ensuring that runIfWaitingForDebugger are applied
only once. This allows the underlying client to not be concerned with
counting of the duplicate runIfWaitingForDebugger calls.
Blink CL: https://crrev.com/c/3954366
Context: https://crbug.com/1352175#c5
Bug: chromium:1352175
Change-Id: Ia1ef7287cd773e9f05db18d1439499e7fc9cfa16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952117
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83759}
--use-map-space was already disabled by default. This CL removes
the possibility to enable map space again by removing that flag and
all its usages.
Bug: v8:12578
Change-Id: I8af18f39e9bf645316aa8718b49589eb4b852374
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959658
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83758}
This CL fixes a bug in the block list handling for debug-evaluate.
Specifically, we can't rely on the source position alone to find
scopes. We also need to take the scope type into account. This needs
to happen in two places:
- When we try to find the closure scope in the re-parse
result based on the function at the top of the stack.
- When we try to find matching `ScopeInfo` objects from
re-parsed scopes.
Note that the code alrady contains a fix for a similar issue in
the past where we found class scopes instead of member initializer
function scopes. Both share the exact same source position.
This CL generalizes that fix to check that the scope type matches
when looking for the closure scope.
R=jarin@chromium.org
Bug: chromium:1363561
Change-Id: I18d167f59c994ece85971273954d0e3c65c12b7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959915
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83757}
This CL fixes the ScopeIterator when it's created for a stack frame
that represents the script scope. For example the following script:
```
function foo() { debugger; }
foo();
```
Then a ScopeIterator created for the second stack frame (`foo()`)
should not a create a blocklist. This is somewhat a special case,
since the closure_scope_/start_scope_ are the SCRIPT_SCOPE.
Note that the debug-evaluate code can't run into this scenario as
we would never iterate far enough to actually trigger block list
calculation. Nevertheless, since it's possible to create a
`ScopeIterator` that could run into this scenario, we guard
against it.
R=jarin@chromium.org
Bug: chromium:1363561
Change-Id: I0677c257d41c9af5ffc38d390f58997da20fd069
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960568
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83754}
Move the Assemble call on MaglevCodeGenerator to happen as part of job
execution instead of finalization, to allow it to happen on the
background thread.
Bug: v8:7700
Change-Id: I55c35f3d0423f88c38e2048a271282c62a818e14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959694
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83753}
This reverts commit b172c4dc6e.
Reason for revert: Major regressions on "IC:duration_avg" on mobile.
Original change's description:
> [base] Implement SharedMutex via std::shared_mutex
>
> On Mac we already use {std::shared_mutex} to implement
> {base::SharedMutex}, as {pthread_rwlock_t} causes deadlocks if combined
> with signals. Other platforms still use such low-level primitives.
>
> In order to streamline the implementation, and as a preparation to use
> {std::shared_mutex} directly everywhere, we make {base::SharedMutex} a
> wrapper around {std::shared_mutex} on all platforms.
>
> If this causes regressions anywhere, it will be reverted and the switch
> to {std::shared_mutex} will be abandoned.
>
> R=ishell@chromium.org
>
> Bug: v8:13256
> Change-Id: I39c41666451884b974f8e5e592df0a36e8e80445
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952116
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83722}
Bug: v8:13256, chromium:1375009
Change-Id: I6a9b39de73580510bd3881e37fca9c55d16a46bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959743
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83750}
If the number of locals entries is inplausibly huge, we still try to
allocate storage for the SmallVector, resulting in OOMs, DCHECK errors
and other weird behavior depending on the platform.
This can be avoided by checking the decoded value for plausibility
before trying the allocation.
R=thibaudm@chromium.org
Bug: chromium:1374529
Change-Id: I4ba5f943e1933527fb009d9271750b1fb9ad21a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956518
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83749}
The test occasionally times out, and it's unclear why.
This CL adds an explicit timeout to the test (30 seconds), and prints
all seen profiles after that. This makes it easier to see which frame is
missing from the profiles.
As a drive-by refactoring, we now also use
{InspectorTest.runAsyncTestSuite} instead of the hand-written sequential
execution of the asynchronous test functions.
R=thibaudm@chromium.org
Bug: v8:13370
Change-Id: I67f53a819706c8e5971bf32dc925d90b21c96243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956976
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83748}
In order to avoid bounds checks on every access (with hardened libc++),
use FastZoneVector for the control stack.
R=thibaudm@chromium.org
Bug: chromium:1358853
Change-Id: I081758774a04a8257a8995eb043ae8b60e530e9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952319
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83747}
Split up the mostly-Isolate-independent code assembly, and the
actual-Isolate-access codegen, similar to TurboFan. This will allow us
to move code assembly to the background thread.
Bug: v8:7700
Change-Id: Icc9345f7c61ef30f271cc2ab766f5ab49d65b6c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3957716
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83746}
Currently it falls back to runtime for externalized strings.
Bug: v8:7700
Change-Id: I9bc09969915e437af5fcf563ba74a6edd9280779
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956975
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83745}
Also flush the worklist with retraced marked objects.
Change-Id: Ic0cd7d8dc5de64426ff9b4246ce5cf6649ffeb4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959776
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83744}
This is a reland of commit 934afdf0d1
After landing https://crrev.com/c/3959774 try to re-enable
--shared-space again.
Original change's description:
> [heap] Enable --shared-space flag by default
>
> This switches V8 to the shared space isolate approach for the shared
> heap by default.
>
> Bug: v8:13267
> Change-Id: I06d36468a3a6b098475ec2bbfa998cb1934afe81
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3925754
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83701}
Bug: v8:13267
Change-Id: Icb3cfd7c1da2d2420741057c26d32893a6edc80c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959695
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83742}
The shared heap isolate can directly allocate in the shared space
instead of using a ConcurrentAllocator.
Bug: v8:13267
Change-Id: I349e0f3570215bf798e89a77179c0ff9d9f7a118
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959774
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83740}
TypeGuard nodes interpret their inputs to be of a given type, which
might not be reflected in the graph and hence may lead to a type
conflict being reported by the Simplified Lowering Verifier. This
CL adds an additional SLVerifierHint node to preserve this type
information for the verification step.
Bug: v8:12619, chromium:1370398
Change-Id: I5e4117d6b3ada053249bc000ba98d04021395ce1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948704
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83739}
Compaction also invokes finalizers and requires bailing on global
handles.
Bug: chromium:1371512, v8:13372
Change-Id: Ie7b00493201e800b1adf3475b1fef9f3a11b57fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3959635
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83737}
