When running microtasks, the auto policy currently only invokes
MicrotasksCompletedCallbacks when the microtask queue is non-empty,
while all other policies unconditionally invokes the callbacks. Make the
auto mode also unconditionally invoke the callbacks.
Bug: v8:10213
Change-Id: I2f608459960b84e6f506646712ac935130646b9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2057813
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66320}
Please take a look at tools/v8windbg/README.md for an overview of what
v8windbg can do and how it's structured. This platform-specific
debugging plugin makes use of the data provided by the V8 postmortem
debugging API in tools/debug_helper.
Note: This code began as https://github.com/billti/v8dbg and then moved
into the Edge repository, where I added features gradually and got code
reviews for individual changes. Now, taken in its entirety, it's an
obnoxiously large CL. I'm open to breaking it up into a few chunks if
that would be preferable.
Bug: v8:9376
Change-Id: I3e503de00bb1aea870ae83e9bd99e4e2eab9ef98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2031700
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66319}
This allows CoverageInfo to be distinguished from other kinds of
FixedArray at runtime. I also updated it to use untagged data since it
only stores ints, since that seems like the generally right thing to do
(even though I doubt anybody allocates enough of these to notice the
reduced GC work).
Related Torque changes:
- Allow structs containing untagged data to be used as class fields.
This requires classifying them into the tagged or untagged sections of
the class layout, and checking that their alignment requirements are
met when stored in a packed array.
- Generate a struct containing struct field offsets, so we can ensure
that the layouts defined in Torque and C++ code match. Of course it
would be nice to generate a lot more (indexed accessors, synchronized
accessors, GC visitors, etc.), but we can't do it all at once.
Change-Id: I29e2a2afe37e4805cd80e3a84ef9edfe7ca7bb6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2047399
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#66318}
The marking speed is computed from incremental marking steps reported.
In case of embedder tracing, such steps should not include time spent
processing embedder memory.
Bug: chromium:1044630, chromium:1049084
Change-Id: Ie7b5af569b4114dd8dffd2d85eaf28ece9dfa18c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062394
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66316}
Fix the gc_stress problem in Original by moving the
NewStringFromAsciiChecked before the cast.
This is a reland of a872c393c6
Original change's description:
> [Intl] Fix RelativeTimeFormat fatal
>
> Intl.RelativeTimeFormat constructor crash while the locale or
> numberingSystem contains an "algorithmic" numberingSystem.
> Fix by fallback to the locale without the nu
>
> Bug: chromium:1041319
> Change-Id: Ica520e8dec6ace21264504274b92cb2c3d16286f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055970
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#66276}
Bug: chromium:1041319
Change-Id: I97563c5dbac1842a4e740e2450070471ea2681a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2057761
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66315}
V8 is capped by a maximum. Since the embedder step is computed from V8's
speeds using concurrent marking it may be too aggressive. Cap the
embedder step to the same maximum as V8 to workaround that issue.
Bug: chromium:1044630
Change-Id: Idcd84cacf2f3fa4dd8df2a03aa3ae6ffb6cb36a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062393
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66314}
Use 1 less task for concurrent marking to allow Oilpan's concurrent
marking a chance to run as well.
Change-Id: I236f78925324dc4d21a38233d75dc101cc477930
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062389
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66311}
Port 820faa6e70
Original Commit Message:
The arm/arm64 simulators debugger has a command "mem" that prints
the content of the memory. It also prints a short summary for JS
objects (SMI, Array, JSFunction, ...). That is very handy, but
when trying to print incomplete initialized memory, it could raise
an exception.
It is useful to have a command that prints the content of the memory
for non-initialized or bogus values without the risk of raising
an exception. This CL adds the command "dump".
R=victorgomes@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ie3931af0cf34052706618774ba95bf0057cfcabf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2062159
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#66308}
... in favor of CodeAssembler's ScopedExceptionHandler.
Also remove unused exception arguments from some iterator
related methods.
Bug: v8:10187
Change-Id: I8eb7dfd4eb339e4f566970efa5757c3771926ba6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060496
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66306}
This adds tests for the mock logic used in differential fuzzing. The
tests uncovered a couple of issues in the mock files that are also
fixed.
This also does some minor code clean up in the mock code.
Bug: chromium:1044942
Change-Id: I5b67f70f8b104bb681548f742ab863395a88360f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2043843
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66304}
This CL reinstates the old pow implementation which calls out to the
system implementation of pow.
Bug: v8:9622
Change-Id: I3df997888ced3fb8b5bd4b810098e967649aaa55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1774898
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66303}
REPL 'let' declared variables use VariableLocation::REPL_GLOBAL which
was not handled by a switch in the bytecode generator. The default
case ran into an UNREACHABLE.
This CL fixes this by properly handling VariableLocation::REPL_GLOBAL
for delete.
Drive-by: Replaced the default case with an explicit case for
VariableLocation::MODULE.
Bug: chromium:1052721
Change-Id: I1330ff2f2c6f042a596a8298599a5d58769894f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060488
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66301}
By replacing usage of the IsNotArrayIndex bit with IsNotIntegerIndex,
we get back one bit that we can use to increase the number of hash bits
stored. The price is that strings that represent array/integer indices
beyond the cacheable range will have to be scanned more often, but these
strings should be rare, and we expect that the additional hash bit is
more worthwhile to have.
Bug: v8:9904
Change-Id: I33f74b0a73f4754aee85805d4b7c409177668439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051947
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66299}
Implement the latest spec changes:
- Allow declarative segments to behave like passive & dropped segments.
- Enforce that only declared functions may be returned or used in globals
as funcref.
- Ensure that table fill does not modify any entries if OOB.
Spec tests for select and br_table are still failing due to proposal issue
Bug: v8:10156
R=ahaas@chromium.org
Change-Id: I5b95be36a67bc7482a84b848908cc4cbdf94af03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2027458
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66297}
Currently dirty FinalizationGroups are processed by the cleanup task in
LIFO order. This results in starvation when FinalizationGroups are added
to the dirty list faster than the cleanup task is run.
R=ulan@chromium.org
Bug: v8:8179
Change-Id: I6e4a5bbd490396120b07ca6053176beded7cef6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051619
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66296}
This is to fix the hang (rarely happen). The potential root cause is
that before initialing recompilation, the recompilation callback is
added and then already cleared out by other running threads from initial
compilation.
Bug: v8:10086, v8:9654
Change-Id: I769bac621cce4611ccde1f0998b0f2bc0e9c04cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2053248
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66295}
There is a copy of the pointer decompression logic in
TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr,
which was not updated for the new ("smi-corrupting") pointer
compression scheme: it erroneously used a sign-extending cast
from compressed to full representation. This causes incorrect
values to be computed when the heap size can grow beyond 2GB.
Bug: v8:9706, chromium:1051005
Change-Id: I2220ce759df1147f255ffca93428888858929fd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060494
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66293}
This adds 3 flags to the numfuzz fuzzer depending on a probability:
--budget-for-feedback-vector-allocation=0
--interrupt-budget=100
--no-lazy-feedback-allocation
No-Try: true
Bug: v8:10204
Change-Id: I83dabcd0e3ca80bebe596d65d03b3e99d8ecbf03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060490
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66291}
This reduces the pointer-compression experiment by 3% as it is in
production since a while.
This also uses turbofan when comparing across architectures as tests
run faster and likely find the same or more relevant bugs.
No-Try: true
Change-Id: I35ec97188a101a7cb43454903f7bf9765e57893c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059995
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66290}
Pass --no-lazy-feedback-allocation in all second runs depending
on a probability. Also combine with --interrupt-budget=100.
This also allows adding several extra flags behind one probability.
The tests are improved to ensure valid flags and configs.
No-Try: true
Bug: v8:10215
Change-Id: I2766ef5044cd8c7096f6b76f39b60b568f550bde
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2059991
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66289}
This again improves readability and makes the code much shorter. It
might also allow us to generate a scheduled graph directly in the
future, for improved wrapper compile times.
R=jkummerow@chromium.org
Bug: v8:10123
Change-Id: I0225d685a0660adb265eedcd160dfac6b4b23c87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2060001
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66287}
... instead of first claiming space on the stack and then storing it,
which was sometimes causing the profiler to read the uninitialised frame
type slot right after it was claimed, but before it was written to.
Bug: v8:9907
Change-Id: I33318aec44b6083488317ec5e226a06e59c7560c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056473
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/master@{#66285}
The arm/arm64 simulators debugger has a command "mem" that prints
the content of the memory. It also prints a short summary for JS
objects (SMI, Array, JSFunction, ...). That is very handy, but
when trying to print incomplete initialized memory, it could raise
an exception.
It is useful to have a command that prints the content of the memory
for non-initialized or bogus values without the risk of raising
an exception. This CL adds the command "dump".
Change-Id: I682f97afa30a8d9dc572fe5e9dd256eeebf79de9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056468
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66284}
port 9d3dc6fhttps://crrev.com/c/1914218
Original Commit Message:
FunctionEntry StackChecks is one of the two cases where we generate a
StackCheck bytecode. In these cases, we do stack check against the js
limit (not to be confused with the real js limit). Their purpose is to
be able to interrupt the running code.
We can omit the FunctionEntry StackCheck by embedding its code into
the InterpreterEntryTrampoline builtin. We save one bytecode per
interpreted function.
This change has rippling effects for optimized code, as well as the
deoptimizer.
Change-Id: I2ad985959a3f55dfe80fabeffee3d344c1817c88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2050055
Auto-Submit: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66281}
This variable significantly slows down indexed-getter.html of blink_perf.bindings on linux-perf
https://pinpoint-dot-chromeperf.appspot.com/job/136cce54620000
V8_STACK_UNINITIALIZED macro is the same as http://crrev.com/c/1974951
Bug: chromium:977230
Change-Id: I3e7e91804e13b856d6b2ba0a5d67f0354636c510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2046872
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>
Auto-Submit: Vitaly Buka <vitalybuka@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66278}
Intl.RelativeTimeFormat constructor crash while the locale or
numberingSystem contains an "algorithmic" numberingSystem.
Fix by fallback to the locale without the nu
Bug: chromium:1041319
Change-Id: Ica520e8dec6ace21264504274b92cb2c3d16286f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055970
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66276}
Use adoptSymbols(NumberingSystem *) API in Intl.NumberFormat to reduce string size
Bug: v8:10207
Change-Id: I3163c524612b61cfdad51743d58ece08b437520a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2055567
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66273}
It was using nullptr to signal that it was empty.
Bug: v8:10155
Change-Id: I0844d6a2bfacb1fd35ba83c24307de86f77f4e40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2056470
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66271}
