We will provide a replacement for raw pointers in future which should
only be used by backing stores. Any other callsite must go through
Trace(BasicMember<>).
Bug: v8:13089
Change-Id: Ibdae439b44ad94bd7af2532855be941c5334db99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3772328
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81833}
This CL fixes macro-asm to take in scratch registers as arguments.
Change-Id: Ib6070c9a9df050ce201d36027a0be44c77a54ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773875
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81832}
This adds support for reading modules in hex or decimal "array literal"
syntax, e.g. what --full-hexdump produces, or the result of printing
JS arrays using `console.log(JSON.stringify(bytes))` or similar.
Bonus feature: support reading input from stdin, e.g. for piping.
Change-Id: Ic268f266a243f843b6fbf1e3f090e1b06487f5d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3767743
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81829}
The used_or_unused_instance_size_in_words field already determines
whether the used fields are in- or out-of-object, so we can use it's
value for a fast HasOutOfObjectProperties check rather than using
NumberOfFields (which includes an iteration over the descriptor
array).
Change-Id: I6c5b4f3f793b8df7832def7465106f2af7306759
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1718152
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81828}
This is a reland of commit c66a80172e
The reland suppresses the deprecation warning on windows for
google_benchmark.
Original change's description:
> Update V8 DEPS
>
> Rolling both trusted-versions and trusted-origins and an additional patch coming from https://crrev.com/c/3706887.
>
> Rolling v8/buildtools/third_party/libc++/trunk: b126981..88bf407
>
> Rolling v8/buildtools/third_party/libunwind/trunk: 49191c5..955e2ff
>
> Rolling v8/third_party/depot_tools: 8168f76..f05fcf7
>
> Rolling v8/build: 679de1e..6e435d6
>
> Rolling v8/buildtools: 5cee6a2..a4506d5
>
>
>
> R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
>
> Bug: chromium:1345621
> Change-Id: I0659a5f98c83bbc6f061259e798a4b85a7cd7c63
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3766889
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Liviu Rau <liviurau@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81815}
Bug: chromium:1345621
Change-Id: I2975ca6ae04c99a9e53f3bbd6872b7d114febb7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773775
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81823}
The suspender is only needed by the wrapper, do not forward it to the JS
import.
R=ahaas@chromium.org
Bug: v8:12191
Change-Id: Id8e9a820491588b40fffb5dfd8706e85a16b8b23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768410
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81818}
Thread through compressed pointer into write barrier to allow to delay
compression after checking whether a write barrier is actually needed.
Change-Id: If7e6cbb69a57cc9aeeb551c11f685bace4e56c4c
Bug: chromium:1325007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769826
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81816}
... when external code space is enabled.
Currently this mode is guarded by V8_REMOVE_BUILTINS_CODE_OBJECTS flag
which is set to false until Code-less builtins are supported.
Drive-by:
* remove unnecessary methods from AbstractCode,
* avoid CodeDataContainer <-> Code roundtrips when accessing writable
state of Code objects via CodeT.
Bug: v8:11880
Change-Id: Iae3ff3b2feae68d875cbe9f82a6bb076460dd2f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769832
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81814}
We already generate BTI instructions with
`BaselineAssembler::JumpTarget()` on `VisitSingleBytecode()`, so we
shouldn't need to do it when binding a label.
Bug: v8:13082
Change-Id: Ie4d645a2379c3feb4909be524b42ebd85a8d35af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771861
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#81813}
When pointer compression is disabled, and sizeof(Tagged_t) is 8 (eg,
arm64 without pointer compression), the function
extract_first_nonzero_index is never used, which was causing a warning.
Bug: v8:13048
Change-Id: I5a0fba4da4201e3be147632d891d0d9e20cb46eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769694
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81812}
The Code::constant_pool() segfaulted on configurations with disabled
external code space when it was called on mallocced copy of a Code
object.
Bug: v8:11880
Change-Id: I86919002ef080486f1e4532c3a2d3352f4526508
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3772004
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81811}
- accelerated nodes selection for the old IR layout;
- implemented turboshaft blocks layout building (blocks coordinates and edges);
- extended interaction with user (selecting/hovering) for such things like: blocks/nodes/edges.
Bug: v8:7327
Change-Id: I0b01679e9dde0bb7d94ba80dd0ee744f334e1968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747871
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#81810}
Thic CL adds a CDP API skeleton that will be used to disassemble WASM
modules using V8's new disassembler.
Bug: v8:12917, chromium:1325626
Change-Id: I4ca81aca923e9716653cd90367e5fad319483aae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721381
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81809}
This includes several changes:
- avoid a very-unlikely-but-theoretically-possible OOB write
- avoid a somewhat-likely memory leak
- grow the buffer less aggressively for medium-length strings
Change-Id: I877f43d7e2e7cd4778ba8c7c7525ba988301f750
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771900
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81808}
Notably:
- As per convention, TrapIf/Unless should not return a control node.
- Wasm-gc pipeline should not depend on FLAG_wasm_inlining.
Change-Id: Ic593db1f979bec1cedfd9384b21487fc2763a35b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771640
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81806}
To work properly and securely, the sandbox requires cooperation from the
Embedder, for example in the form of a custom ArrayBufferAllocator and
later on custom type tags for external objects. As such, it likely does
not make sense to enable the sandbox by default everywhere.
Bug: v8:10391, v8:13058
Change-Id: Ief2720122f70b9a1bc3f2e6802e60b5b95b855d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771841
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81805}
DropRegisterAtEnd is used to free a register, to make space for the
result of a node. Normally this frees up an input that is dead at the
end of the node's lifetime, but under high local variable pressure, we
might not have a dead value to drop.
In these cases we have to spill a register through the normal spilling
mechanism. Additionally, allow freeing up a blocked free register (i.e.
a temporary) if this is possible.
Bug: v8:7700
Change-Id: I0099751918cf5cb65c2a09337a3f080eb2c4dd14
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769833
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81804}
This CL fixes a bug in the units of the reported metrics for
V8.GC.Cycle.MainThread.Full.Incremental.Mark (ms instead of us).
It also reports incremental marking/sweeping metrics (both for the
unified heap and the C++ managed heap) only when incremental
marking/sweeping were used; otherwise, no zero values are reported.
Bug: chromium:1154636
Bug: chromium:1343507
Change-Id: Ibc0103ea62fa0eeb5f7184280c8514e99a5c21a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3768502
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81803}
Similarly to TF, we inline ToBoolean directly on Maglev generated code.
Most of the code is run as deferred, it "returns" true after 6 simple checks.
ToBoolean is separated in a different function to be used by other nodes
later (e.g. ToBooleanLogicalNot).
Bug: v8:7700
Change-Id: I75d77b60ebfb1bb124c9e98ad381f8aefa0ac665
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769688
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81800}
This CL is part of an effort to enable concurrent marking in MinorMC.
For this purpose we plan to reuse the IncrementalMarking class which
already implements a part of the concurrent marking code for MajorMC
(and is currently coupled with MarkCompactCollector).
We plan to parameterize IncrementalMarking with CollectorBase, which
can be either MinorMarkCompactCollector or MarkCompactCollector, in
a subsequent CL.
Bug: v8:13012
Change-Id: I595bfdcb6e1abaa270d8037d889620433f26a416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749183
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81797}
The LeftTrimFixedArray will call OnMoveEvent every time. Even though when the profiling is not enabled in user mode, it still need to do some check, and the function call itself has certain overhead. This patch aims to remove the unnecessary check. We only need to check it when the logging status changes.
Change-Id: I0e957860616a18415398f7753ed21caab5a4361f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751964
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81794}
This adds a bunch of tracing hooks to the module decoder and uses
them to support "annotated hexdump" output for full modules in wami:
$ out/x64.release/wami my_module.wasm --full-hexdump
Change-Id: I5821d940b5ec236df9708eecd0124172d8893ffd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3754741
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81791}
This file did not include all the headers it needed, so when
https://crrev.com/c/3749178 removed a bunch of headers, the MSVC build
broke. Add in the missing header to address the MSVC compiler falure.
Change-Id: I646787cfde802d8cabe7d61bac2f2066beaec436
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764190
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81790}
Port d5b3d8e994
Original Commit Message:
This change already landed for x64, now come arm and ia32. The code
already existed for arm64.
The wasm instance got pushed three times in the lazy-compile builtin:
1) as part of the parameters;
2) as a parameter for the runtime function;
3) to load the jump table address after the runtime function;
The third push can be avoided by loading the jump table address after
all parameters get loaded from the stack again.
R=ahaas@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I731473b2d5e08e7ea5841ef589dd3f896b5302db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769698
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81789}
... in order to avoid expensive computation of cage_base for Code
objects and in order to avoid issues with wrong cage base values
computed from Code objects in external code space.
Drive-by: cage-bas'ify some accessors in JSFunction and Code.
This is a step towards Code-less embedded builtins.
Bug: v8:11880
Change-Id: I95dd8bcd4680e09c7463e1bc7d72dcbf9f2e5c1c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769831
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81788}