Rolling v8/build: 8d71aab..35a1478
Rolling v8/buildtools: f45ca77..be63ea5
Rolling v8/buildtools/linux64: git_revision:57c352b2b03461c24b19c678c61d7aeacc6981f4..git_revision:27b90626701a112217a9244022c729231ebcc3a0
Rolling v8/buildtools/third_party/libc++/trunk: 9c5e35a..9f512cf
Rolling v8/buildtools/third_party/libc++abi/trunk: 685c4ad..519e9ef
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/62b4c4e..981585a
Rolling v8/third_party/depot_tools: bd0cea6..3b95525
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221019.3.1..version:10.20221020.1.1
Rolling v8/third_party/instrumented_libraries: 5104b7e..459048b
Rolling v8/third_party/zlib: 3cec057..cff7208
Rolling v8/tools/luci-go: git_revision:2673c9d7d4a38bce69415221fe721f807e909d85..git_revision:50ab33853a8b220162f851dcb74a1519e106b3df
Rolling v8/tools/luci-go: git_revision:2673c9d7d4a38bce69415221fe721f807e909d85..git_revision:50ab33853a8b220162f851dcb74a1519e106b3df
Change-Id: I8c10c836da728f400838364c8fc451b781c6f862
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968513
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83835}
This can certainly be optimized further, but we just check the value
inline rather than calling into Call_*WithFeedback
Bug: v8:7700
Change-Id: I19daf5eba86e1fb42e02e3e598135e5e9ff9dfd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3967842
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83833}
Add a sanity check and a note to ensure that use of V8's trap handler
is not naively enabled for Android without seeing this note.
Using the trap handler on Android is potentially risky because V8 may
have to coexist in the same process with Android's Java
implementation, which may also use signal handling, and getting
different signal handlers to coexist safely is quite difficult.
Bug: v8:13383
Change-Id: I5caa52577bf0c74635171adac0dcaed32295d654
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956130
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Seaborn <mseaborn@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83830}
We were setting the interrupt budget before performing Maglev tier-up,
therefore ignoring that tiering state and resetting the interrupt budget
to the tier-to-maglev budget, not the tier-to-turbofan budget. Now, set
the interrupt budget
a) only after the optimisation decision is made, and
b) based on tiering state as well as the active tier -- in particular,
any tiering state that isn't "none" is treated as needing the
tier-to-turbofan budget.
Bug: v8:7700
Change-Id: Ife353b32c580cac92c051eb40f58294069930786
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3968479
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83828}
Change-Id: I5760687fa9e8a7512d3946704f51f321ffa3676b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963718
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83827}
... otherwise AllocateRaw can call the allocation builtin,
that can trigger a GC and read the character as a pointer.
Bug: v8:7700, v8:13397
Change-Id: If4e15fc8bfe0f94c53fe77022b18d5d4a6168702
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3964754
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83826}
When merging a newly deserialized script into an existing one from the
compilation cache, it is often the case that a SharedFunctionInfo from
the cached script ("old SFI") has been flushed and the corresponding
SharedFunctionInfo from the new script ("new SFI") is compiled. In that
case, it is sufficient to copy the bytecode array and feedback metadata
from the new SFI to the old SFI, as already implemented.
However, there is another case to consider: perhaps the new SFI is
compiled and the old SFI was never compiled. In that case, the old SFI
has no ScopeInfo and some of its flags may be incorrect.
To fix the problem, this CL updates CompleteMergeInForeground to copy
everything except script_or_debug_info from the new SFI to the old SFI.
This change implies some duplication of ScopeInfos, since each ScopeInfo
can point to its parent, so matching parent ScopeInfos from the new and
old scripts will coexist. However, this isn't a new problem: similar
duplication is already caused by the portion of the merge algorithm
which attaches new compiled SFIs into the old Script where the old
Script doesn't have a matching SFI. I don't see any way in which this
duplication would cause incorrect behavior. In fact, it is possible to
get duplicated ScopeInfos without any merging at all, which indicates to
me that such duplication is safe. Duplication occurs if a SFI is flushed
or removed while one of its descendant functions is still alive, and
subsequently the same function literal is compiled again.
Bug: v8:12808, chromium:1359773
Change-Id: I2a3a720021c797c62a87d10e999603ff5e29a027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3965723
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#83825}
Use jcc where possible if using TailCallBuiltin with a condition (e.g.
in the BailoutIfDeoptimized call).
Change-Id: I160096919082b6535550c0e2053522a703c0c264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963994
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83823}
It makes it more difficult to navigate code.
Bug: v8:7700
Change-Id: I18175dfa9b05261e1646410b041c2efaa009d191
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3967899
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83821}
Removing the nowadays unused field `allocated_code_space_` from
`WasmCodeAllocator`. Formerly, it was used when setting the code space
of a `NativeModule` to writable, but nowadays we do that per-function.
Thus, `allocated_code_space_` is only written to, but never actually
used.
Change-Id: Ia57c377518ff177e72ec5e2945db34816bd02885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963993
Commit-Queue: Daniel Lehmann <dlehmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83820}
Since AssertNotNull is used for typing nodes correctly, we cannot skip
it during graph generation or further passes will fail. Instead, skip
null checks during wasm-gc lowering.
Bug: v8:7748
Change-Id: I8ebee1f2f26d8b7e761a13b2d9e31c1361875bbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3967836
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83817}
When maglev is enabled, we can hold off a little with tiering up to
turbofan.
Bug: v8:7700
Change-Id: Ibf8bdbe3371be15434e3d1a11dd0cf4b7cf61a32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963192
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83815}
Rolling v8/build: 2cf254f..8d71aab
Rolling v8/buildtools: ca6213a..f45ca77
Rolling v8/buildtools/linux64: git_revision:b9c6c19be95a3863e02f00f1fe403b2502e345b6..git_revision:57c352b2b03461c24b19c678c61d7aeacc6981f4
Rolling v8/buildtools/third_party/libc++/trunk: e6caea4..9c5e35a
Rolling v8/buildtools/third_party/libunwind/trunk: 1111799..1f633d4
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/98d333e..62b4c4e
Rolling v8/third_party/depot_tools: 77e64ae..bd0cea6
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221017.2.1..version:10.20221019.3.1
Rolling v8/third_party/instrumented_libraries: 26f2d29..5104b7e
Rolling v8/third_party/zlib: d689fca..3cec057
Rolling v8/tools/luci-go: git_revision:9f65ffe719f73af390727d369b342c22fa37ea54..git_revision:2673c9d7d4a38bce69415221fe721f807e909d85
Rolling v8/tools/luci-go: git_revision:9f65ffe719f73af390727d369b342c22fa37ea54..git_revision:2673c9d7d4a38bce69415221fe721f807e909d85
Change-Id: I38ef91e236d7a501193cc845df1e140c58add032
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3965147
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83812}
Turbofan generates bitcast nodes like BitcastWordToTaggedSigned to
ensure the value types of definitions and uses are matched. These
nodes can be elided after MachineGraphVerifier verifying the graph.
This can avoid generating redundant instructions:
Before:
xorl r15,r15
cmpl [rdx+0xb],r15
After:
cmpl [rdx+0xb],0x0
Change-Id: I84bc1b05d77ed9487001e34a93dfe14e45a7a678
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837161
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83811}
This change inline call to Math.min/Math.max like
Math.min.apply(this, arguments_list)
to avoid packing and unpacking doubles during the optimized code execution.
Change-Id: I674476f688213df8eb13ee8c876b280c8fa47263
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3799214
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/main@{#83810}
It's been enabled everywhere since Chrome 88, and the related
Chromium flag was removed in https://crrev.com/c/2886421.
Bug: v8:6532
Change-Id: I987a5761f9453d4e7d77d16199e8f0b3a659c70a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956131
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83809}
In order to avoid races on updating page flags pause concurrent
marking in client for starting incrental marking and the final
atomic pause in a shared heap GC.
Bug: v8:13267
Change-Id: I592d21d3301b0bbc8551819236f3a4a12eaed756
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966433
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83808}
This optimization is triggered a few times for Splay.
Bug: v8:12612
Change-Id: Iade5dbf829e1b13b9818264dda99cfd15b680ba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966191
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83805}
StringShape can check with a single test for representation type and
whether it's 1- or 2-byte.
Change-Id: Ic90fe052f1cfefafd2fb4fafeb86878d9a33a582
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963711
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83804}
With a unique microtask queue possibly per context we need to pass
the microtask queue for the MicrotasksScope otherwise the default one
for the isolate will be used.
BUG=chromium:961186
Change-Id: Ib085f08e20185c69760aeea335d673d9c4c72999
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3950216
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83803}
For MinorMC it is sufficient to finalize new space sweeping.
Starting MinorMC will only ensure that background tasks are paused and
all new space pages are swept.
Accounting becomes more complicated since we can have minor sweeping
and full sweeping running at the same time. To support that, new space
sweeping is split to a separate sweeping scope. Also, the
Notify*SweepingCompleted methods are updated for the possibility of
nested sweeping. The distinction is that Notify*SweepingCompleted
knows what kind of sweeping we want to finalize, but not what kind
is currently running.
Bug: v8:12612
Change-Id: If46fa3bc036080d4231171e613fa3aefe7400246
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945098
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83800}
Lowering the Clamp annotation relies on float rounding, which is
only supported with SSE4 enabled. Thus disabling generating the
fast call path if such arguments are present and SSE4 is disabled.
Bug: chromium:1374745
Change-Id: I14438902946d4744521dac8d8d314af51a722da5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3960410
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83799}
During background deserialization strings are inserted into the string
table. When a string was internalized already it needs to be
transitioned into a ThinString using String::MakeThin.
String::MakeThin invokes NotifyObjectSizeChange which will update
the object size cached in the invalidated_slots map. Since this
operation is unsynchronized this is only allowed on the main thread.
However deserialization may also happen on a background thread. In
this case we know that the just allocated object wasn't recorded in
invalidated_slots yet, so UpdateInvalidatedObjectSize can be skipped
for deserialization.
This CL adds an additional argument to String::MakeThin which enables
the caller to skip invoking UpdateInvalidatedObjectSize.
Bug: chromium:1375228
Change-Id: I6291e6844294dfdc5040da9af6486df6d4120888
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966188
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83797}
Avoid performing BytecodeAnalysis on the main thread, by moving the
BytecodeAnalysis class and constructor to the graph builder.
To support this, remove CheckIsLoopPhiIfNeeded from the interpreter
frame state -- this was a DCHECK that is more awkward to wire up now
that the bytecode analysis is on the graph builder and not the
compilation unit, and the frame state stuff has been stable long enough
now that it's probably not worth re-wiring.
Bug: v8:7700
Change-Id: I210cb88f575ca34efb85a3bf88b9f0e2303d92ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963037
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83796}
This is a reland of commit 2a7f86edcb
Original change's description:
> Reland "[v8] Use |AllocateAtLeast| for resizing v8 zones."
>
> This is a reland of commit 4444874cdf
> This fixes a failure on the UBSan bots caused by assuming |Realloc| is always in-place if the new size is <= the value of |malloc_usable_size|.
>
> Original change's description:
> > [v8] Use |AllocateAtLeast| for resizing v8 zones.
> >
> > This is part of an ongoing effort to reduce fragmentation in Chrome. Partition alloc shows v8 zones are a large user of memory in Renderer processes, and that there is fragmentation from these allocations. This CL will reduce this fragmentation by allowing v8 to use all allocated memory for its zones.
> >
> > Bug: v8:13193, chromium:1238858
> > Change-Id: Ibeac8bdba9d0e7ff66b14a3dde10e7c87d3cf953
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3889361
> > Reviewed-by: Adam Klein <adamk@chromium.org>
> > Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#83235}
>
> Bug: v8:13193, chromium:1238858
> Change-Id: I923bcbce8403dd7d84642340fd7202087b8a4440
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3910268
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83372}
Bug: v8:13193, chromium:1238858
Change-Id: Ie541f6d9cfe410e4f9c37bb5b2a5c44b7a71718e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963703
Commit-Queue: Thiabaud Engelbrecht <thiabaud@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83795}
This is a reland of commit 4804c4de31.
There are major changes since the previous attempt:
- The WasmLiftoffFrameSetup (formerly WasmGetFeedbackVector) builtin
now performs as much of the frame setup work as possible, to reduce
generated code size for each function.
- The WasmLazyCompile builtin/runtime function no longer allocates,
hence gets frame type INTERNAL, and is un-handlified.
Original change's description:
> [wasm] Allocate feedback vectors on demand
>
> We previously allocated feedback vectors when instantiating the module,
> or when lazily compiling a function. That's not sufficient when there
> are multiple instances of the same NativeModule, or when we eagerly
> tier-down all code for debugging. This patch changes the "get vector from
> instance" sequence at the beginning of every Liftoff function to "get
> or allocate vector"; factored into a builtin call to avoid generating
> more code for every function.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3939667
> Cr-Commit-Position: refs/heads/main@{#83610}
Bug: v8:12852
Change-Id: I58a6a02a55c3e29cae3cbdafad6cf81487faccbe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942206
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83794}
TranslationArray building was split off from code-gen, as a separate
graph pass, so that it could be done on the background thread. Now that
code-gen assembly is on the background thread, we can merge the
TranslationArray building back into codegen. To keep the public
interface uncluttered, this patch adds a MaglevTranslationArrayBuilder
helper class which wraps this functionality up.
A side-effect of this is that we now need the LocalIsolate in the code
generator (for value reification). Take this opportunity to pass in the
LocalIsolate instead of the Isolate, and pass the Isolate just into
GenerateCode.
Bug: v8:7700
Change-Id: I9377f84840895147d6d524ca42b3adf5ce6055f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3966189
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83792}
When creating a character class in unicode, case-insensitive mode we use
icu::UnicodeSet::closeOver() to add all characters that case-insensitive
match the characters in the class.
According to the spec only simple case folding shall be performed for
case-insensitive unicode matching, but closeOver() adds all characters
that are equal w.r.t full case folding.
The current approach of just removing strings from the closeOver set is
not enough, as single code point characters still remain in the set if
they were equal only by performing full case folding.
E.g. the characters \u0390 and \u1FD3 both fold to the same string
"\u03B9\u0308\u0301" via full case folding, but they don't have a simple
case folding in common.
To prevent these wrong matches, we calculate the set of all characters
with close overs that are wrong according to the spec at build time and
remove them from the set before adding case-insensitive equivalent
characters.
Bug: v8:13377
Change-Id: I0252c79143f266911691331dd0e1e27044ea8cba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952095
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83791}
This CL enables the blocklist re-using across multiple debug-evaluates.
This mainly benefits conditional breakpoints and repeated
debug-evaluates in large scripts.
R=jarin@chromium.org
Bug: chromium:1363561
Change-Id: I809296a70ed89bd3bb227095d45633a335c87c94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3956394
Auto-Submit: Simon Zünd <szuend@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83789}
This CL assigns SnapshotSpace::kOld to all shared heap objects. This
basically duplicates shared heap objects for each isolate during
deserialization.
This CL retains the same behavior we currently have for the shared
isolate with --shared-space.
Bug: v8:13267
Change-Id: I4fff7a86da11d917fbb2ed61d51cab5ab13f6974
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3963119
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83788}
... instead of CheckMaps for HeapNumbers, avoiding deopting in case of
Smi. This follows the same approach as in TryBuildNumberCheck.
This fixes the regression in string-upack in JetStream.
Bug: v8:7700
Change-Id: I149d79fe7bb071cb46d6f82f95e2128d9cfa1ca3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3964108
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83787}
