Commit Graph

72920 Commits

Author SHA1 Message Date
Clemens Backes
f0c982b8d1 [counters] Make all counters thread-safe
D8 shares counters across isolates, so even if they are only updated
from the main thread, they need to be thread-safe.
This CL removes the distinction between {StatsCounter} and
{StatsCounterThreadSafe}, and just makes all {StatsCounter} use (cheap)
atomic operations for counter updates. This will make previously
thread-safe counters cheaper, because no Mutex is involved. It might
make previously not-thread-safe counters slightly more expensive, but
it's not expected to be a significant regression.

R=mlippautz@chromium.org

Bug: v8:12481, v8:12482
Change-Id: I47b8681c1cf26d142e1ccfafa0c192e3fdcb7d2a
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320427
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78278}
2021-12-07 17:12:19 +00:00
Patrick Thier
41b9cd7fd4 Revert "[turbofan] Improve StoreStoreElimination"
This reverts commit 863bc2b88a.

Reason for revert: https://crbug.com/1276923

Original change's description:
> [turbofan] Improve StoreStoreElimination
>
> Previously, StoreStoreElimination handled allocations as
> "can observe anything". This is pretty conservative and prohibits
> elimination of repeated double stores to the same field.
> With this CL allocations are changed to "observes initializing or
> transitioning stores".
> This way it is guaranteed that initializing stores to a freshly created
> object or stores that are part of a map transition are not eliminated
> before allocations (that can trigger GC), but allows elimination of
> non-initializing, non-transitioning, unobservable stores in the
> presence of allocations.
>
> Bug: v8:12200
> Change-Id: Ie1419696b9c8cb7c39aecf38d9f08102177b2c0f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295449
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78230}

Bug: chromium:1276923
Change-Id: I43dc3572ce1ef1fda42b7551ce8210d9f03e36ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318666
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78277}
2021-12-07 14:52:57 +00:00
Michael Lippautz
3902ffbba4 cppgc: Persistent: Check thread usage on slow path
Checks whether a Persistent is used from the creation thread on slow
path allocations. In practice, these currently happen every 256
Persistent allocations. This is a best effort check that may help to
flush out issues that are missed with DCHECK builds.

Bug: chromium:1276570
Change-Id: Ia868ca436341b1b5ef427d5b3ec04926c1394e41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318658
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78276}
2021-12-07 14:32:47 +00:00
Jakob Kummerow
649c980588 [liftoff] Fix temp register for BrImpl with TierupCheck
Allocating a temp register in a conditional branch confuses
the LiftoffAssembler's state tracking, so this patch moves
allocation of the register into the unconditional part of the
control flow.

Fixed: chromium:1275711
Change-Id: Ic83ba8c098c5edb33d035c1a93931d54cc1f1caa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320423
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78275}
2021-12-07 14:05:17 +00:00
Maya Lekova
94f86e6d4e [fastcall] Add more TypedArray tests for fallback cases
This CL adds the following specific cases, to make sure they are
correctly handled by the slow path:
 - the backing store of a TypedArray gets detached after optimisation
 - passing null instead of a TA doesn't lead to a deopt

Bug: v8:11739, chromium:1052746
Change-Id: I7dfd3da9f535831901998ca6fad854af6e93e9f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320425
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78274}
2021-12-07 13:56:01 +00:00
Dominik Inführ
fd23e91464 [heap] Make active_safepoint_scopes_ non-atomic
Field used to be atomic for AssertActive() but now that this method
uses another approach, we can make that field non-atomic again.

Bug: v8:11708
Change-Id: I5254aa5e655844739082144fc75ba9f0c13d1ba0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317424
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78273}
2021-12-07 13:47:47 +00:00
Marja Hölttä
5f4a7052e6 [web snapshots] Support function prototype
Bug: v8:11525

Change-Id: Iacdbc486de4aac3df6792f760ee216a5b6e62a27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312276
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78272}
2021-12-07 11:34:07 +00:00
Kim-Anh Tran
9b7c14bb33 [debugger] Remove separate didPause for instrumentation breakpoints
This removes the additional call to `didPause` solely for
instrumentation breakpoints. They will be reported along with any
other pause reasons, and if several apply, 'ambiguous' will be
reported as a reason.

Bug: chromium:1229541
Change-Id: I38557248dc2274c2ff2c396aa19073f4a5c5abd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300134
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78271}
2021-12-07 10:42:27 +00:00
Shu-yu Guo
57bec6aa4a [string] Remove unused String::SlowCopy
Change-Id: I8b496a028601442b509f894ab29d70c53d67eef5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318732
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78270}
2021-12-07 09:40:17 +00:00
Dominik Inführ
e7fbe09d0a [heap] Fix marking state regression
Concurrent marking got accidentally disabled because
V8_ATOMIC_MARKING_STATE got removed.

Bug: v8:12470, chromium:1277264, chromium:1277330, chromium:1277392
Bug: chromium:1277287, chromium:1277260, chromium:1277259
Bug: chromium:1277256, chromium:1277252, chromium:1277250
Bug: chromium:1277254, chromium:1277251
Change-Id: I21211e8f6d3a65714ba3204e87863b71af42d82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318663
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78269}
2021-12-07 09:30:17 +00:00
Shu-yu Guo
368945e4a6 Make YIELD_PROCESSOR work on MSVC
MSVC disallows inline assembly on x64 and arm64, and instead requires
use of compiler intrinsics [0]. This CL checks for MSVC and uses
intrinsics for yield/pause, where available.

[0] https://docs.microsoft.com/en-us/cpp/intrinsics/compiler-intrinsics?view=msvc-170

Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel_ng
Change-Id: I3b9cbd998e91b391a21f1443e83758e7242425c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318721
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78268}
2021-12-07 08:56:27 +00:00
Simon Zünd
d6c01d5f48 [inspector] Avoid unnecessary string copy when scheduling async tasks
R=bmeurer@chromium.org

Bug: chromium:1267427
Change-Id: Ibee0fb62fda5f834b1866e2b6ae17bebca34f4ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317425
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78267}
2021-12-07 08:14:19 +00:00
Igor Sheludko
df64feca85 [ext-code-space] Fix issues with shared GC
Bug: v8:11880, v8:12478
Change-Id: I47f5384195aee8d6f251ca141714bdaec272f62f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318659
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78266}
2021-12-07 07:44:17 +00:00
v8-ci-autoroll-builder
50553390c4 Update google_benchmark
Rolling v8/third_party/google_benchmark/src: fd258bb..ab86707

clang-tidy: readability-redundant and performance (#1298) (dominc8)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/ab86707

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I234eb0daeb7d96c1886b780c97016ca25f5af7f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3319441
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78265}
2021-12-07 05:50:10 +00:00
Frank Tang
d962c788dd [test262] Roll test262
4b7f8b49c..1f16a6ad0

Bug: v8:7834
Change-Id: Id9d8d48f03d60e44fc614667e599da056cf23464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315231
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78264}
2021-12-07 04:46:37 +00:00
Frank Tang
40deaa1768 [temporal] Sync parser change in PR1957
https://github.com/tc39/proposal-temporal/pull/1957
Resolve https://github.com/tc39/proposal-temporal/issues/1794

Bug: v8:11544
Change-Id: I50d406848e815b400d6e0cd14dee95589aac0647
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318718
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78263}
2021-12-07 04:03:17 +00:00
v8-ci-autoroll-builder
eb8849a594 Update V8 DEPS.
Rolling v8/build: 623bc83..0d9559b

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/32ccf21..02439f6

Rolling v8/third_party/depot_tools: 203a644..82f3512

Rolling v8/tools/clang: d812be7..fb06cff

Rolling v8/tools/luci-go: git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05..git_revision:81212ba3aa0a1a724465bded12d12c16ed46da3a

Rolling v8/tools/luci-go: git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05..git_revision:81212ba3aa0a1a724465bded12d12c16ed46da3a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: If442eafffb10213c8e5b3cb624b833f3909ef523
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3319440
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78262}
2021-12-07 03:51:08 +00:00
Shu-yu Guo
a4b83dcf22 Reland "[top-level-await] Remove --harmony-top-level-await"
This is a reland of 3ee4804f83.

The CL was originally reverted for blink test failures. Since the
revert, the blink top-level await flag has been removed.

Original change's description:
> [top-level-await] Remove --harmony-top-level-await
>
> TLA has been shipped since v8.9.
>
> Bug: v8:9344, chromium:1271114
> Change-Id: Ibebf21da8bacb1f0d212390133847495ad8553e5
> Reviewed-on:
https://chromium-review.googlesource.com/c/v8/v8/+/3307103
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78169}

Bug: v8:9344, chromium:1271114
Change-Id: I96a9641967a23a12ba2467a69e5859ad8647f3e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318717
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78261}
2021-12-06 23:02:33 +00:00
Michael Lippautz
806a207f91 cppgc: Do not run stack verification with TSAN
Avoid verifying the stack when running with TSAN as the TSAN runtime
changes stack contents when e.g. working with locks.

Specifically, the marker uses locks in slow path operations which
results in stack changes throughout marking. This means that the
conservative iteration in the verifier may find more objects then the
regular marker. The difference is benign as the delta of objects is
not reachable from user code but it prevents verification.

Bug: chromium:1275581
Change-Id: Ie316ab65a5b90a1b72c09966f72d61af91224091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317976
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78260}
2021-12-06 22:32:47 +00:00
Tobias Tebbi
d3ba88a2ce [builtins] catch and rethrow the message together with the exception
This aligns the Torque semantics of catch with the JavaScript behavior:
When we catch an exception, we also reset the pending exception.
This also fixes a long-standing bug that we didn't restore the original
pending message after executing arbitrary JS in IteratorCloseOnException

Bug: v8:12439
Change-Id: I268d9d639d09023a424f352547cdce03428f983a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303805
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78259}
2021-12-06 22:14:56 +00:00
Clemens Backes
ab501b59a6 [wasm] Unconditionally allocate a protection key
This CL separates checks for hardware support from checks for software
configuration. We unconditionally allocate a protection key to know
whether hardware support is there, but then only use it if PKU is
enabled via flags.
This will allow us to collect statistics on hardware availability even
if PKU cannot be used yet on ChromeOS. Allocation should always be fine,
and has been finched for several weeks now. The remaining kernel issue
on ChromeOS does not affect allocation and deallocation of protection
keys, so it is safe to unconditionally enable that.

R=ahaas@chromium.org

Bug: v8:11974
Change-Id: I62fd48e6302aecae9843a62861d978f86ea52141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315446
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78258}
2021-12-06 22:13:26 +00:00
Shu-yu Guo
b6030dbac5 [string] Make String::MakeThin threadsafe for shared strings
For shared strings, String::MakeThin is protected by using the map word
of the string being migrated as a spinlock.

Note that this CL does not make it safe yet to access character data
from multiple threads. The spinlock here only protects write-write races
in String::MakeThin.

For more information, see the following two design docs:

https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edit
https://docs.google.com/document/d/1Drzigf17t4ofy0evDmaIL5p0MDZuAl95c9fSeX-QjVg/edit

Bug: v8:12007
Change-Id: I9c47412c6ec7360a672b65a8576b4f6156ee5846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313429
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78257}
2021-12-06 20:27:06 +00:00
Camillo Bruni
480a917d8e Revert "[profiler] Surface VM & Embedder State"
This reverts commit 2d087f237e.

Reason for revert: 
- Causing MSVC build failures: https://crbug.com/v8/12476
- Causing flaky failures: https://crbug.com/v8/12475

Original change's description:
> [profiler] Surface VM & Embedder State
>
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState: 
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}

Bug: chromium:1263871, v8:12475, v8:12476
Change-Id: I02670b1ed3bb863033208369227642a7419fce00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78256}
2021-12-06 17:02:05 +00:00
Samuel Groß
32ae918099 [platform] Also use MAP_JIT on Intel-based macOS
On Intel chips, MAP_JIT is required when the hardened runtime is
enabled, which it is in Chrome. Without MAP_JIT, it is then not possible
to allocate executable pages in an address space reservation.

Bug: chromium:1276887
Change-Id: I632fdfc9e6cf02bac95e630e6404fea7d8f4c176
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310913
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78255}
2021-12-06 16:48:09 +00:00
Milad Fa
5102555797 S390: Support Wasm atomic ops on big endian within turbofan
Currently atomic ops on TF are using machine native byte order
and cannot be used by Wasm calls.

This Cl adds support for Little Endian enforced Wasm atomic ops
to S390 by reversing bytes where needed.

This CL does not change the behaviour on S390 simulator.

Change-Id: Iedb2c05a55f495409ee21a76713bf15e21108997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313444
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78254}
2021-12-06 16:46:55 +00:00
Shu-yu Guo
6e2078d659 [string] Extend StringShape to query the shared bit
Rename StringShape::full_representation_tag to
StringShape::representation_and_encoding_tag, since the full
representation tag now includes the shared bit.

There are no users of the new method in this CL; this is split out to
make subsequent shared string CLs smaller.

Bug: v8:12007
Change-Id: Ic4ac0241fd9846241e85b4a094dfee6d201ba42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313428
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78253}
2021-12-06 16:35:15 +00:00
Clemens Backes
b8bc9b23bb [d8] Simulate errors before disposing flags
Calling {V8::Dispose} resets flag values, but error simulation relies on
{FLAG_random_seed}. Thus simulate errors before disposing V8.

R=machenbach@chromium.org

Bug: chromium:1168290
Change-Id: Ie3bc921d6dd1dbaece68ef0b801d8b25ba97585f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315441
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78252}
2021-12-06 16:07:25 +00:00
Samuel Groß
ad9c395d87 Add LsanVirtualAddressSpace implementation
When leak sanitizer is active, an LsanVirtualAddressSpace is used and
takes care of marking the allocated pages as lsan root regions.

Bug: chromium:1276767
Change-Id: I3d8a61f7d3c59e4574e46707d2217031a32e3f0e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314828
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78251}
2021-12-06 16:01:54 +00:00
Corentin Pescheloche
2d087f237e [profiler] Surface VM & Embedder State
Add APIs to surface VMState and new EmbedderState to CpuProfile samples.

EmbedderState:
* An EmbedderState is defined as a value uint8_t and a v8::context used
for filtering.
* EmbedderStates are stack allocated by the embedder, construction and
destruction set/unset the state to the isolate thread local top.
* A v8::context is used to filter states that are added to a CpuProfile,
if the CpuProfile do not have a ContextFilter set or if contexts do not
match, state defaults to Empty.

* v8:StateTag is already propagated all the way to a Sample, simply add
an API to surface it.

VMState: 
Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
Bug: chromium:1263871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78250}
2021-12-06 15:29:06 +00:00
Jakob Gruber
e947712e2c [compiler] Also make PrepareInstall deterministic
Like https://crrev.com/c/3283074; iterating the unordered set is not
deterministic, so sort compile deps before iterating if --predictable is
set.

Bug: v8:12465,v8:12397
Change-Id: Ia0cc299b197e9c84f4fd3fbc70d592656cf4bd43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310911
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78249}
2021-12-06 14:56:34 +00:00
Clemens Backes
eaaaf9c98e [wasm][counters] Remove unused V8.WasmAddressSpaceUsageMiB
The counter is unused since https://crrev.com/c/2050398.

R=mlippautz@chromium.org

Bug: chromium:1275959
Change-Id: I0c1472e2d63451d3b7280f4ebec01314119584c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310926
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78248}
2021-12-06 14:53:15 +00:00
Clemens Backes
3986012f4c [d8] Make --dump-counters a d8-only flag
--dump-counters and --dump-counters-nvp are only functional in d8, thus
they should be d8-only flags.

R=mlippautz@chromium.org

Bug: v8:12464
Change-Id: Ie3295990a1b4691ab95f8403ff6d9932543b03cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312275
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78247}
2021-12-06 14:47:04 +00:00
Jakob Gruber
9c53e7a9c8 [profiler] Remove invalid DCHECK
The same Code object can and does deopt multiple times when called
recursively and thus present on the stack in >1 activations.

Fixed: v8:12458
Change-Id: Ib34d6bae4aa0ea2e31731c5a6e8e85a878362621
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314824
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78246}
2021-12-06 14:41:55 +00:00
Michael Lippautz
e4b585eae1 cppgc: Revert diagnosing CHECKs for Persistent
This CL reverts two diagnosing CLs that introduced same-thread CHECKS,
recovering all introduced performance regressions.

We will try to add less performance-sensitive checks again in a follow
up.

This reverts commit 0c2bbfd5bb.
This reverts commit 6643c05940.

Bug: chromium:1253650, chromium:1243257, chromium:1274201
Change-Id: I96c41c39c4f58b062574fa11c4a2d76ad030bcf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315437
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78245}
2021-12-06 13:23:45 +00:00
Clemens Backes
9c75acecc4 Reland "[codegen] Reduce size of safepoint table fields"
This is a reland of f68242bcb0, with
fixes for UBSan (double-fixed, actually).

Original change's description:
> [codegen] Reduce size of safepoint table fields
>
> Code objects are often small and do not use the full integer range of PC
> offsets and deoptimization indexes. Reducing the size of these fields to
> the required size per table reduces the overall size of safepoint tables
> by roughly 25%.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12401
> Change-Id: Ie6889a70782f5510436a1d05d31d17aac0bfec6e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306556
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78216}

Bug: v8:12401
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Change-Id: I2aa7f6448afd3350b0cc3d09a0f4ac18fcab0928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310806
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78244}
2021-12-06 12:32:25 +00:00
Maya Lekova
b891858c8c [fastcall] Disallow constructors with fast calls
This CL makes sure that the API reports an error if the embedder
attempts to create a fast API function which could be used as a
constructor. It also adds corresponding cctest.

Bug: chromium:1052746
Change-Id: I36e51b298889900131bd5c3894134df3d8d28e5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314856
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78243}
2021-12-06 12:16:16 +00:00
Igor Sheludko
ca5252989c [cleanup] Cleanup BodyDescriptorApply() and friends
In particular
* use variadic templates in BodyDescriptorApply(),
* ensure all the relevant classes have BodyDescriptor definition,
* ensure "objects-body-descriptors[-inl].h" headers are included only
  where necessary.

Bug: v8:12425
Change-Id: I7a95ed94bf62952e3d22d419d4a65ad2fe959d57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312273
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78242}
2021-12-06 12:07:56 +00:00
Dominik Inführ
18cb0cb468 [heap] Use atomic marking state in all configs
Use an atomic marking state in all builds - even builds with concurrent
marking disabled. This will allow us to simplify our code a bit.

This CL starts by always using MajorMarkingState for
MarkCompactCollector::MarkingState and removing V8_ATOMIC_MARKING_STATE.

Bug: v8:12470
Change-Id: I88a65647fb2142a63b2b51fc21391c8ef1baa82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314864
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78241}
2021-12-06 12:01:21 +00:00
Dominik Inführ
ce9453bb46 [heap] Find references in client heaps to shared objects in shared GC
When performing a shared GC, we need to find references from the client
heaps into the shared heaps. For now we achieve this by simply
iterating all objects in client heaps.

We need to do this both for marking and when updating pointers after
evacuation.

Bug: v8:11708
Change-Id: Ic1dd94cc352be0404095e548979c37b1ef25682a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300142
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78240}
2021-12-06 12:00:18 +00:00
Jakob Gruber
79f48ad767 [builtins] Fix invalid unique_ptr use
It points at an uint8_t array, not a single uint8_t.

Fixed: chromium:1276455
Change-Id: I221c911b7fc71803e2c79f7a755fe73928e6ffa0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317418
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78239}
2021-12-06 11:40:15 +00:00
Jakob Gruber
5bdf836a7a Remove duplicate branch in HeapObjectShortPrint
Bug: chromium:1276129
Change-Id: I346d91282bccb4f75a8dfeec5e359d4a5c9a4891
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317416
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78238}
2021-12-06 11:13:06 +00:00
v8-ci-autoroll-builder
f738a4a5e6 Update V8 DEPS.
Rolling v8/build: 0142a64..623bc83

Rolling v8/tools/clang: 4d362c3..d812be7

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I01f011876c6608404108b6fc51bd5a577a9a0815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317018
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78237}
2021-12-06 03:58:06 +00:00
v8-ci-autoroll-builder
2811dd1ec0 Update V8 DEPS.
Rolling v8/build: b0031ae..0142a64

Rolling v8/tools/clang: 16279ec..4d362c3

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Iacbe57fbb36af0180ab10aeb9cadfbb437f4f771
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314346
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78236}
2021-12-05 04:02:24 +00:00
Samuel Groß
a7cb30b0e9 Introduce VirtualAddressSpace interface
This interface is meant to eventually replace the existing
v8::PageAllocator interface. Beyond general refactoring of the
PageAllocator APIs, the new interface now supports the concept of
(contiguous) address space reservations, which previously had to be
implemented through page allocations. These reservations now make better
use of provided OS primitives on Fuchsia (VMARs) and Windows
(placeholder mappings) and can be used to back many of the cages and
virtual memory regions that V8 creates.

The new interface is not yet stable and may change at any time without
deprecating the old version first.

Bug: chromium:1218005
Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78235}
2021-12-04 21:42:04 +00:00
v8-ci-autoroll-builder
c1278acd31 Update V8 DEPS.
Rolling v8/build: 746224d..b0031ae

Rolling v8/buildtools/clang_format/script: 99876ca..e435ad7

Rolling v8/buildtools/linux64: git_revision:b79031308cc878488202beb99883ec1f2efd9a6d..git_revision:e0afadf7a743d5b14737bd454df45d5f1caf0d23

Rolling v8/buildtools/third_party/libunwind/trunk: 0f447a3..74c6eec

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/dbf8536..32ccf21

Rolling v8/third_party/depot_tools: 3e68015..203a644

Rolling v8/third_party/googletest/src: 1b26064..d61d4d8

Rolling v8/tools/luci-go: git_revision:d3f13de997dcae45d2af9210be74e7eb96a98268..git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05

Rolling v8/tools/luci-go: git_revision:d3f13de997dcae45d2af9210be74e7eb96a98268..git_revision:3de46a51120f37b29e3552d36ad2aa5882961a05

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I14d594e8eb7322e8ea1a505df1ee7b834833fcb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314344
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78234}
2021-12-04 03:57:39 +00:00
Frank Tang
69608fc76d [Temporal] Sync Parser to pull/1950
Sync the parser to grammar change in
https://github.com/tc39/proposal-temporal/pull/1950

Bug: v8:11544
Change-Id: I57e9f9c2bd234f930cc06dd730ad4ccf77d239d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313966
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78233}
2021-12-04 01:44:18 +00:00
Milad Fa
9ec5be7d58 [wasm][turbofan] Fix endianness issue with compressed pointers
When pntr compression is enabled, `Pointer()` reads 8 bytes
whereas `TaggedPointer()` reads 4 bytes and decompresses.

TaggedPointer() in this case was causing an incorrect read
on big endian as the desired value was located on the high side
of memory.

Similar patches were also applied in this CL:
https://crrev.com/c/2057355

Change-Id: I77c449256ae1f56f2f8664f687985221badf819f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314302
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78232}
2021-12-03 19:39:58 +00:00
Shu-yu Guo
975318a30c Add Relaxed_Memcmp
This is in preparation for supporting concurrent access in
String::SlowEquals, which will need to compare character buffers with
relaxed ordering.

Bug: v8:12007
Change-Id: Ie8ac62c15df48ebd605985c35b843b510c7ad167
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313467
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78231}
2021-12-03 18:00:48 +00:00
Patrick Thier
863bc2b88a [turbofan] Improve StoreStoreElimination
Previously, StoreStoreElimination handled allocations as
"can observe anything". This is pretty conservative and prohibits
elimination of repeated double stores to the same field.
With this CL allocations are changed to "observes initializing or
transitioning stores".
This way it is guaranteed that initializing stores to a freshly created
object or stores that are part of a map transition are not eliminated
before allocations (that can trigger GC), but allows elimination of
non-initializing, non-transitioning, unobservable stores in the
presence of allocations.

Bug: v8:12200
Change-Id: Ie1419696b9c8cb7c39aecf38d9f08102177b2c0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295449
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78230}
2021-12-03 17:12:48 +00:00
Junliang Yan
719f9db3f0 s390x: [baseline] implement Jump pt.2
Change-Id: I508b75e9023cc5cff8018aa0c07ce6ca10bf1bbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313443
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78229}
2021-12-03 16:49:08 +00:00