Rolling v8/build: d134d68..cf3347c
Rolling v8/buildtools/linux64: git_revision:90294ccdcf9334ed25a76ac9b67689468e506342..git_revision:185124551408e7a5349c2aa31051b5a629dc3a5e
Rolling v8/third_party/aemu-linux-x64: _9UC-vP_2UFSwkJLesq9YhIVywjThQvItoADZJtdSUcC..BsMGVIB-SMSFb0qDOwUoX0kok6z1XZdfmi4kKMOPrWYC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/a7ad5b5..4dd11e9
Rolling v8/third_party/depot_tools: 3fca89b..067f0e5
Rolling v8/tools/luci-go: git_revision:4cf9fa8105d30e3a6855bbfca50c5d6f88efb6b2..git_revision:2dfe2f218f0395673f336d17b841edf629907ae3
Rolling v8/tools/luci-go: git_revision:4cf9fa8105d30e3a6855bbfca50c5d6f88efb6b2..git_revision:2dfe2f218f0395673f336d17b841edf629907ae3
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: If3b45fc43c38f115d605b0f5e2495949d0cbf292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3282314
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77916}
Due to a bug on AIX, some of the glibc FP functions do not
preserve the sign bit when a negative input is passed by
value and the output is rounded to 0:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97086
This CL continue the fixes previously added here:
https://crrev.com/c/2468618
Change-Id: I2afa1f67ac1d29ec0606de6d6ebcf05be0664b8d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3282308
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77915}
Port: 255aaed95b
Original Commit Message:
The receiver is now always included in the actual argument
count and the formal parameter count.
kDontAdaptArgumentsSentinel is changed from UINT16_MAX to 0
to preserve the maximum allowed declared parameters.
The build flag activating the changes is not set for any
architecture yet.
Bug: v8:11112
Change-Id: Ib106775014a886da80684dcb83ed704bb898a244
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3271635
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77907}
Let Heap::MakeHeapIterable() and Heap::FreeLinearAllocationAreas() also
handle the new space to be more uniform between spaces. Also removes
Heap::EnsureFillerObjectAtTop() in favor of
NewSpace::MakeLinearAllocationAreaIterable().
Bug: v8:10315
Change-Id: I7d28c1e95e433c4bc5a4a1a1f3aa8d71c43b8887
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3281926
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77905}
This change allows clients of the RegionAllocator to provide callbacks
that are invoked when regions are split or merged.
This will later be needed on Windows when a RegionAllocator is used to
manage a placeholder mapping as these need to be split and merged (using
the VirtualFree API) as well.
Bug: chromium:1218005
Change-Id: I228b41bdb43c4a9ef0db04de9b121dea6b5f12f9
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264287
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77903}
Port commit 3e3a027da1
Beside, some registers are changed to callee-saved, and the previous
related save and restore operations are removed.
Bug: v8:11382
Change-Id: Ic3161f8173771c1b7c190c77cbaf2534f52ec422
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3281673
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Auto-Submit: Liu yu <liuyu@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#77902}
Code pages need to be swept on the main thread for now. Originally this
was done to prevent RWX on code pages, but there might be more other
smaller issues like the linked bug. Most likely this restriction isn't
a problem for concurrent SP at the moment, so stick with this
invariant for now.
Bug: chromium:1269558, v8:12054
Change-Id: Icf7a7ce9714b9ef07b1a5070f0b0dd963b6d3011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3279682
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77901}
This CL adds Heap::FreeLinearAllocationAreas to free all local
allocation buffers (LABs). We use this to give up LABs for a local GC.
The second method Heap::FreeSharedLinearAllocationAreas is used to free
all LABs in the shared heap for shared GCs and in the future also on
isolate shutdown.
Bug: v8:10315
Change-Id: Ie5cbb68c95fae027055aeaf4458473b04b15b18c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3279681
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77900}
The stored value might be an allocation that can be removed once the
Store node is removed. We need to revisit this node manually because
inputs in a node removed with ReplaceWithValue are not revisited
automatically.
Bug: v8:11510
Change-Id: I57cb8955a3e2f7143474ad7ced9d946e6d1cc18e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277880
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77899}
This allow us to change the target to be built in V8 CI without
changing the bot recipe.
No-Try: true
Bug: v8:12388
Change-Id: I5513e264e7fb5ee273961b88171da8fa793c24f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3280223
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77897}
Extend bazel build to support windows in addition to linux and mac.
Bug: v8:11234
Change-Id: I264f8dd8a33e221890a408d504a94ce2bc9cc19f
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3265064
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77896}
Posting compile tasks from the parser has several issues:
1. We don't know how many functions there will be total, so we can't
yet allocate shared_function_infos array on the Script
2. Without this array, inner function compiles can't look up their own
inner functions during bytecode finalization, so we can't run that
finalization before script parse completes
3. Scope analysis can't have run yet, so we can only post top-level
function tasks and if we allocate SharedFunctionInfos early they
are forced into a bit of a limbo state without an outer ScopeInfo.
Instead, we can post compile tasks during bytecode generation. Then, the
script parse is guaranteed to have completed, so we'll have a
shared_function_infos array and we will have allocated ScopeInfos
already. This also opens the door for posting tasks for compiling more
inner functions than just top-level, as well as generating better code
for functions/methods that reference same-script top-level
let/const/class.
Bug: chromium:1267680
Change-Id: Ie1a3a3c6f1b264c4ef28cd4763bfc6dc08f45d4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277884
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77894}
TestExpectations has been empty for almost 3 years and its
use in v8 is not documented.
Change-Id: I9cf51ddf0934869ed3ba6214b8d6a383dab8a11c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3281260
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Johann Koenig <johannkoenig@google.com>
Cr-Commit-Position: refs/heads/main@{#77892}
Complete implementation of Heap::MakeHeapIterable() by also making the
LABs of paged spaces iterable. This method is the one to use when
the heap and/or a particular space shall be iterable.
Bug: v8:12338
Change-Id: Id859cf1a05df21a54939c504c59d7b1ccd659c9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277888
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77891}
With eager compilation, CompilationEventCallbacks get released when all
compilation units in the compilation state are finished. This is
possible because no future compilation event could get triggered after
that. With dynamic tiering, though, the {FinishedCompilationChunk} event
can trigger repeatedly, even after all compilation units finish at some
point in time, as dynamic tiering can create new CompilationUnits. As
a temporary fix, CompilationEventCallbacks don't get released when
dynamic tiering is enabled.
This CL fixes this issue by turning the callback from an std::function
into a class, and adding a second function to the class which indicates
whether the callback can be released when all compilation units in the
compilation state are finished. Thereby all callbacks can be deallocated
except the ones like the code caching callback which waits for the
{FinishedCompilationChunk} events.
R=jkummerow@chromium.org
Bug: v8:12289
Change-Id: I0f73f4bd2dffe644c9a26c274cb52ac6fa49ab67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3264288
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77890}
In each wasm CallDescriptor, we store the signature of the call based on
the real parameters passed to the call. This signature is more precise
than the formal function signature. We use this signature in inlining
to enable more optimizations.
Changes:
- Add wasm_sig_ field to CallDescriptor.
- Construct the real signature in {DoCall} and {DoReturnCall} in
graph-builder-interface, and pass it to all call-related functions in
WasmGraphBuilder.
- Update {ReplaceTypeInCallDescriptorWith} to use ValueType over
MachineType. Construct the updated function signature.
- In wasm-inlining, kill the Call node after inlining.
- Add two tests.
Bug: v8:11510
Change-Id: Ica711b6b4d83945ecb7201be26577eab7db3c060
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270539
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77889}
FLAG_wasm_dynamic_tiering is still off by default. When enabled,
it now uses the technique previously behind --new-wasm-dynamic-tiering.
Bug: v8:12281
Change-Id: I365c2c066e62418cd6abc7830f95d1fe0f950e33
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275570
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77883}
The entered contexts stack must be in sync with the flags stack.
Bug: chromium:1269225
Change-Id: Ibb522286b47866d5f13aaec1a0a02914c13a5545
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3279680
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77882}
When incrementally marking a non-shared heap, shared values should not
be marked. Similarly, non-shared values should not be marked when
incrementally marking a shared heap.
Bug: v8:11708
Change-Id: Iecd799e7e3060e5fb3897b8be0c4e8158d9ff57f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3278673
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77881}
Under certain conditions GC could flush bytecode array from
SharedFunctionInfos. This CL ensures that the bytecode array is always
available for reconstructing source positions.
Bug: chromium:1265570
Change-Id: I2ce7eb04201f69121687ab0aaa2af42adb2caae0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275569
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77877}
Switching stack affects all instances, therefore make the active
continuation a root object instead of an instance field.
Bug: v8:12191
Change-Id: Ia521bf4e7c3cbca035f916e47804c2f75bbd8f18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268296
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77876}
This shadows ATOM used in js-regxp.
Making this an enum class requires changing a lot of different places.
Atom is an Intel brand name, so INTEL_ATOM kinda make sense.
Bug: v8:12244,v8:12245
Change-Id: I80be342488328cde5aaca36f900375d2fb381253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3276926
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77875}
UnprotectAndRegisterMemoryChunk should only be called if we have
CodePageCollectionMemoryModificationScope or
CodeSpaceMemoryModificationScope open.
This also fixes cctests that create code objects without a
code modification scope.
Bug: v8:12054
Change-Id: Id931f1f8120050b2bb76ef3d5701b9a32e52ff37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277882
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77873}
Unify parse post-processing between main-thread and background-thread
parsing, now that we have LocalIsolate and can Internalize on background
threads.
As part of this, simplify the LocalIsolate parking pattern to explicitly
park during ParseOnBackground, rather than being implicitly parked when
ParseOnBackground is called. This reduces the amound of scoping needed
in the BackgroundCompileTask::Run method.
Change-Id: Ifdb128b763129bda78bd1bae89dac1c62f872350
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277876
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77872}
When closing a concurrent allocator, for instance when closing a
LocalHeap, we need to make the LAB of the code space iterable.
We add then a CodePageMemoryModificationScope to allow
code space modification.
Bug: v8:12054
Change-Id: I438d7c1a50694930b7558dec2dd552bec22b7552
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277887
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77871}
Speculative fix for a data race involving memory measurement. For memory
measurement we use JSGlobalObject::native_context_unchecked in
NativeContextInferrer::InferForJSObject when trying to infer the
NativeContext for a JS object from a concurrent marking thread. This
load can race e.g. with the context deserializer running on the main
thread. Fix this race by making the load relaxed atomic.
Bug: chromium:1269681
Change-Id: Id04a92572d7d722594b2f8465e579b7231e54e29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277885
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77870}
Due to streaming, the SFI enqueueing can happen concurrently with with
main-thread finalising, so we need to add locks around accesses to the
SFI->Job map.
Bug: v8:12370
Change-Id: I60281a954ef10f7fcde559b9529077a6b9a82c31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277874
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77869}
The DCHECK ensures that a page that is going to be destroyed is not
anymore part of the vector of pages of a space. This DCHECK runs while
a potential concurrent sweeper task may add a page for a live object
to the vector, resulting in a broken iteration. Use the pages lock to
fix this.
Bug: chromium:1268969
Change-Id: Ice87026957b3e6b5d36cf28293f7aa6901e96ba2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277132
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77867}
