We should not assume that the embedder can run with concurrent marking
even though we just finalize the GC at this point.
Bug: chromium:1271371
Change-Id: I3d3a45e4283dcae9c6fdd1a467158254914868c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289169
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77982}
A SafepointScope might need to block for a shared GC initiated from
another client isolate. This means that anytime we create a
SafepointScope a shared GC may run. This CL adds a DCHECK to ensure
AllowGarbageCollected::IsAllowed() holds for each SafepointScope.
So far this DCHECK was only run in the less likely event that a
SafepointScope actually runs a shared GC. Which is technically good
enough but it is easy to miss use cases of SafepointScope where this
does not hold.
Bug: v8:11708, v8:12377
Change-Id: I30cc33c05ebe4835430e1d699a86079810523858
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289625
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77976}
Many callers already pass an int, so there is no point in storing as an
uint32_t internally. The style guide also recommends int as the general
data type for integers, even if it's statically known that only positive
values will occur.
R=jkummerow@chromium.org
Bug: v8:12401
Change-Id: I6067139f514895f925d1c536112b4cb5c2c24a36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289157
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77975}
In order to determine which module contains V8, v8windbg has been
looking for the known symbol v8::Script::Run. However, that symbol might
not be found if the function was inlined. To fix, we should instead
choose a symbol that is declared with V8_NOINLINE.
Change-Id: Ib73dfb27f35ab81ab69f92ffab944f6f1096b895
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3290107
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77974}
Refactor s.t. we now compact the DependentCode weak fixed array both
when adding new entries and when marked for deopts.
Bug: v8:12397
Change-Id: I842f3369644e88cc0b98a1f1371259c920cc8bbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291320
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77973}
The cpu profiler tests require a precise trace and become
flaky when running with concurrent sparkplug.
Bug: v8:12054
Change-Id: I62a20d15530c610bc1091371781c28687c718720
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289158
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77972}
Using a map to store node states in Int64Lowering has proven slow.
Therefore, we change the data structure to a vector indexed by node ids.
Bug: v8:12166, chromium:1271179
Change-Id: I13b78091fe1a6a13c26afd706d3839b0c04390f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291308
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77971}
This CL explicitly encodes the 'other' reason for breaking for:
* regular breakpoints
* triggered pause events.
The reason for explicitly encoding the reason is that we may otherwise
not know why we pause when we handle it. This knowledge is needed
in order to fully support instrumentation breakpoints, e.g. if we do
not know that we paused on a triggered pause, and this happens to
overlap with an instrumentation, we would previously only report
'instrumentation' as a reason which would be wrong.
Bug: chromium:1229541
Change-Id: I93c08f965a491f6d34f280157b182a78d5b3cf07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289638
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77970}
Prior to this CL we regularly generated high counts of code
dependencies, and installation was not the most efficient.
This CL 1) implements early dependency deduplication and
2) simplifies the way dependencies are persisted on the heap
through DependentCode.
Re 1): we dedupe twice, once based on the CompilationDependency
contents, and again once we know the final target object.
Re 2): Instead of a linked list of weak fixed arrays per
dependency group, store deps in a flat array together with a
bitset of their dependency groups.
See also:
https://docs.google.com/document/d/1B34S1s3Iv6hbquZ93RugD0b-ZKfHEptJ8Fk_YyOvjDk/edit
Bug: v8:12195,v8:12397
Change-Id: I9ab47f6d87b10558194b5de30a36b1122f7e362a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283074
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77969}
When compiling code off-thread in the large code space,
we need to register the chunk in the isolate using
AddCodeMemoryChunk.
In the main thread, this is done when AllocateRaw calls
NotifyOldGenerationExpansion.
Bug: chromium:1269315, v8:12054
Change-Id: I46ea5c9cdcd063708292dd49aac6d39091e11ba4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289151
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77968}
Raise an exception if CallFunction is invoked with a class constructor.
The check was initially removed in [1] but there are cases where we
could end in CallFunction with class constructors from optimized code.
[1] https://crrev.com/c/3186434
Bug: chromium:1271384
Change-Id: I0d700c4b1d117334c1c4c14719e24cd1f2c5e3a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291313
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77967}
Undetectables are always callable in V8, so the previous type check
didn't make sense.
Bug: chromium:1267230
Change-Id: Idb557bb05ee4c3b332d1fe61b40557122660261a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3291303
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77966}
We prevent unrolling of loops with indirect calls. We expand the set of
permitted wasm builtins in unrolled loops.
Bug: v8:11298
Change-Id: I70b8ff3b16d9b0d3a4ea2d103f8ffb74083fd2a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289152
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77965}
We have 4 different cases:
1) Explicit web snapshots (--web-snapshot) & errors in the snapshot
2) Explicit web snapshots & errors in the embedded script
3) Auto-detected web snapshots (--experimental-web-snapshots) & errors
in the snapshot
4) Auto-detected web snapshots & errors in the embedded script
Before this CL: cases 2 & 4 resulted in a DCHECK failing and the error
in case 3 wasn't reported correctly.
This CL implements consistent error reporting for all of them.
Bug: v8:11525
Change-Id: If2e5039d9769b9cad2175dfd5c4f91edf61111ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277877
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77963}
Extend BitsetType of TF's type system from 32 to 64 bit.
At the moment all 32 bits are used, so we can't add any new types.
This CL only adds support for > 32 types to C++. The bitset is also
mirrored in Torque. In the Torque definition, we just expose an
unstructured uint32 for the higher bits of the bitfield, because Toruqe
can't deal with 64 bit types on 32 bit platforms (yet) and we also can't
have multiple 1-bit bitfields within a single class (yet).
Bug: v8:12392, chromium:1262750
Change-Id: If571491443e86e4e47eb88d3f15eca485344d12d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3281922
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77962}
This is in anticipation for sharing internalized and
in-place-internalizable strings across Isolates. When such strings are
shared, background compilation threads need to be able to allocate
strings in the shared old space.
Bug: v8:12007
Change-Id: I93179c9674cc16e5a6125049d20e61495bc1f3a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283615
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77959}
We move the mask to be the first input of the node in wasm-compiler.cc,
this matches the order for S128Select, which makes code-gen for
arm/arm64 simpler (directly lower to BSL with no more shuffle of
inputs). This requires tweaking of input indices in the instruction
selector for ia32/x64, but no change in codegen.
Bug: v8:12284
Change-Id: I1f6f1a9fe0869509be77f77b6f54a0c636a0f92d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3272640
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77958}
Bug: v8:12228
Change-Id: I9f7bb60fb2647f44c41c8c9e35a534ecd60c426a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289150
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#77957}
NONE clashes with the PropertyAttributes::NONE, which is defined in
v8::internal namespace. PropertyAttributes have too many call sites
and depend on using the enums as masks, making it hard to convert
to an enum class. So we are changing the name instead.
Bug: v8:12244
Change-Id: Iec0be12c626549cca137aceeaee0e30fafab8b05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284003
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77956}
fma_instr is now no longer required
Change-Id: Iab47aa6afcc53c78acf15c7ab71f6b9ba45263c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3286003
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77955}
For streaming compilation, include the source URL in tracing, to
help identifying problems with caching.
R=ahaas@chromium.org
Change-Id: Iefda71890024a4fc9ec933c34c5870ba697bbff9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289148
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77950}
CodePageCollectionMemoryModificationScope was wrongly added to the test.
On M1, the code object is unprotected to RW and crash when running it later.
Bug: v8:12386, v8:12396
Change-Id: I1af3dabaa9b66d1f50033f298107949fcb35c3d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289155
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77947}
This fast path works for ASCII-only strings and is similar to the
existing fast-path in C++. Important differences:
- The locale check is done at Turbofan optimization time instead of
at runtime
- Use tables of size 256 instead of 128 to save a bounds-check when
handling one-byte strings.
- It first performs an equality check that's optimized for detecting
inequality quickly by comparing the strings from both ends. If the
equality check succeeds, we are done. Otherwise chances are high
that the strings differ according to collation level L1 already.
Therefore, we first do an L1 check and perform the L3 check
only when L1 didn't find a difference. This is based on the assumption
that few strings are identical except for different capitalization.
- Use the Torque version of string flattening instead of the runtime
version.
Bug: v8:12196
Change-Id: I2d043c1138846783f6d567b736d34063ba9301e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268465
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77946}
This is a reland of 9b5f398554
Reland fixes:
* Store a Handle instead of a raw pointer in the scope, to make sure
the saved object stays alive.
Original change's description:
> [runtime] Reset clobbered argument in DefineClass
>
> The caller of DefineClass may not expect its arguments to be mutated, so
> add an arguments mutation scope which resets the argument clobbered by
> DefineClass.
>
> Bug: chromium:1268738
> Change-Id: I03e9cd82535ca1f83353012a92e80f822566e64e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283077
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77921}
Bug: chromium:1268738
Change-Id: I934ba2063bf2b0e66a3c42f274419ddd178e4b54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289146
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77945}
This makes --experimental-wasm-gc imply --wasm-speculative-inlining,
which in turn implies --wasm-inlining and --wasm-dynamic-tiering as
prerequisites.
The former implication is weak, i.e. can be overridden on the command
line.
Bug: v8:7748
Change-Id: Iedc7c9916947f26e17bdd29dbf3b413dbaa05e6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275571
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77944}
Use recursion scope only for nullable references in the
GenerateRef function. We declare the recursion scope as
an optional and only initialize it if the reference type
is nullable.
Bug: v8:11954, chromium:1270126
Change-Id: I1548290cc9d48167f6fd56ff653744d472f65635
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284894
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#77943}
On 32-bit architectures, we need to run Int64Lowering on the inlinee
code to make it compatible with the caller code.
Since Int64Lowering now runs while a GraphReducer is active, only one of
them can use node marks to store node states. Therefore, we move the
Int64Lowering node states to an internal map.
Bug: v8:12166
Change-Id: I53b85442d503e71fa533e06568f4b9db572a4401
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283072
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77941}
Move the source code position for classes to the point where the block
context has already been created. Previously, there would be a mismatch
between the context and the scope when using the ScopeIterator.
We paused at a point where, according to the source position, we already
are in a class scope, but according to the bytecode (context), we would
not yet have created the block context for the class.
Also-by: leszeks@chromium.org, jarin@chromium.org
Fixed: chromium:1259878
Change-Id: I58b84f4dcfa8c4f51e16812c7a8caa21da99f262
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284887
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77940}
This fixes a -Wshadow warning with an inline enum in regexp-compiler.cc.
Bug: v8:12244,v8:12245
Change-Id: I8b53a94a1945addb958b230abe01b10d4533edae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3285732
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77935}
Declare more macro lists to split up W0 and W1, then disassemble using
the macro lists.
Change-Id: I4a73c24ea63c5a7b7489b81ee5ec7026c1765091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270598
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77934}
