We need this because read_heap_type uses the type vector capacity as
out-of-bounds limit.
Bug: chromium:1314496, v8:7748
Change-Id: Id76c8a143c32b20b24356f361d554cb212576c09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578654
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79882}
Port 9ca0bfef37
Original Commit Message:
This adds feedback collection to count the number of executions of
call_direct instructions in Liftoff code. The purpose is better
inlining decisions in Turbofan, which are enabled by having call
count information for all kinds of calls.
The new feature is gated on --wasm-speculative-inlining. While
direct calls don't need to speculate about their target, the whole
feedback collection infrastructure depends on that flag.
Change-Id: I91e34d765e5a08c382d678acdb0fca57d5d3fb7e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578235
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79878}
Replace by a unary right fold using the comma operator. This also
evaluates from left to right, so has the same semantics but uses
standard C++17 syntax.
R=tebbi@chromium.org
Bug: v8:12425
Change-Id: I680800ba07b048ee85d9da4ae32c12825df14e54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576131
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79877}
Sweeper needs to clean up slots in the OLD_TO_SHARED remembered set
as well in the future. Unlike OLD_TO_NEW or OLD_TO_OLD this remembered
set will not be reset after a full GC. So we will have to remove from it
both during and after a full GC when sweeping.
However in the current implementation we still reset this remembered set
in a shared GC. This only works because we scan all client heaps
during a shared GC anyways to rebuild the remembered set. We will get
rid of that when all required write barriers are implemented.
Bug: v8:11708
Change-Id: Ib891a882fdf70671a483c8662408cf64e72134c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574546
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79874}
This will need re-work but it allows us to test for now.
Bug: v8:7700
Change-Id: I4eabb7f9f8e8a4c0d23c6bab22c7f0127c7820dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579102
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79873}
For large BigInts, computing the decimal representation can take a
very long time, so send them as hexadecimal strings instead. Also
make sure to abbreviate the RemoteObject description for bigints
appropriately always.
Also-By: jarin@chromium.org
Fixed: chromium:1068663
Change-Id: I2f7e4e1cbd2f66ce45be307fb787e101d9a8e2a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3578653
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79872}
Executing a frsp after copysign changes any SNaN inputs
to QNaN which causes test failures.
Change-Id: Ieab5d24fd09344e0a3108565f478fda3b5889556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576793
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79866}
If --liftoff-only is on, we should not execute Turbofan compilation, no
matter what the result of Liftoff compilation was. Right now, decoding
errors are considered bailouts, which make us fall back to Turbofan and
trigger a DCHECK.
Change-Id: Ic12591da256d92fb79578603d4778a3d2aa460ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574555
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79865}
Removing slots in the Iterate() method performs an atomic CAS operation
on a cell. This is not necessary, we can simply keep slots and drop
the whole SlotSet with all buckets after iteration.
Bug: v8:12760
Change-Id: I6aeb656d21e5fea6f7e15238d4105013c84ffb2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574558
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79863}
Port 9ca0bfef37
Original Commit Message:
This adds feedback collection to count the number of executions of
call_direct instructions in Liftoff code. The purpose is better
inlining decisions in Turbofan, which are enabled by having call
count information for all kinds of calls.
The new feature is gated on --wasm-speculative-inlining. While
direct calls don't need to speculate about their target, the whole
feedback collection infrastructure depends on that flag.
R=jkummerow@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Id94a8a00e00877213b017d1ccf06ae0ea988539b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576126
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79862}
The key idea is that we can now use call count feedback into
account consistently for all kinds of calls that support inlining.
Bug: v8:12166
Change-Id: I764b8686b6c825a9b24f0032e81f7d1217ef1371
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574554
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79861}
Local tests on Windows using the --enable-system-instrumentation flag
in combination with ETW have shown that parts of the JS stack miss
symbols and most of these missing parts comes from
code-creation,Bytecodehandler events.
The CL fixes this issue.
Bug: v8:11043
Change-Id: I77b150742e689a4002dbc5937d6daa08a0795ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574545
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Henrik Andreasson <henrika@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79858}
This CL adds the requirements to port object definitions back to C++.
A @cppObjectDefinition is introduced to annotate classes for which
Torque shall merely generate asserts to check that offsets match between
Torque and C++.
As a first object, this CL ports Oddball back to C++.
Bug: v8:12710
Change-Id: I1304d8980f6318ffccbc2ef7284cb9d46ff579e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3523046
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79856}
This reverts commit 51b99213e7.
Reason for revert: Speculative revert for MSAN failure https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/43080/overview
Original change's description:
> [osr] Add an install-by-offset mechanism
>
> .. for concurrent OSR. There, the challenge is to hit the correct
> JumpLoop bytecode once compilation completes, since execution has
> moved on in the meantime.
>
> This CL adds a new mechanism to request installation at a specific
> bytecode offset. We add a new `osr_install_target` field to the
> BytecodeArray:
>
> bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
> osr_urgency: uint32: 3 bit;
> osr_install_target: uint32: 13 bit;
> }
>
> // [...]
> osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
> bytecode_age: uint16; // Only 3 bits used.
> // [...]
>
> Note urgency and install target are packed into one 16 bit field,
> we can thus merge both checks into one comparison within JumpLoop.
> Note also that these fields are adjacent to the bytecode age; we
> still reset both OSR state and age with a single (now 32-bit)
> store.
>
> The install target is the lowest 13 bits of the bytecode offset.
> When set, every reached JumpLoop will check `is this my offset?`,
> and if yes, jump into runtime to tier up.
>
> Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
>
> Bug: v8:12161
> Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79853}
Bug: v8:12161
Change-Id: I0c47499544465c80b5b23a492c00ec1c62815caa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576121
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79855}
This improves the code generated for float to int64 conversions on x64.
Instead of explicitly checking the input for specific values and
executing conditional jumps, just convert the integer back to a float
and check if this results in the rounded input. The "success value" is
then materialized via vmov + and instead of via branches.
old:
7 c4e1fb2cd9 vcvttsd2siq rbx,xmm1
c ba01000000 movl rdx,0x1
11 49ba000000000000e0c3 REX.W movq r10,0xc3e0000000000000
1b c441f96efa vmovq xmm15,r10
20 c5792ef9 vucomisd xmm15,xmm1
24 7a08 jpe 0x3599421714ee <+0x2e>
26 7408 jz 0x3599421714f0 <+0x30>
28 4883fb01 REX.W cmpq rbx,0x1
2c 7102 jno 0x3599421714f0 <+0x30>
2e 33d2 xorl rdx,rdx
new:
7 c463010bf90b vroundsd xmm15,xmm15,xmm1,0xb
d c4e1fb2cd9 vcvttsd2siq rbx,xmm1
12 c4e1832ac3 vcvtqsi2sd xmm0,xmm15,rbx
17 c4c17bc2c700 vcmpss xmm0,xmm0,xmm15, (eq)
1d c4e1f97ec2 vmovq rdx,xmm0
22 83e201 andl rdx,0x1
A follow-up step would be to replace the explicitly materialized success
value by a direct jump to the code handling the error case, but that
requires more rewrite in TurboFan.
R=tebbi@chromium.org
Bug: v8:10005
Change-Id: Iaedc3f395fb3a8c11c936faa8c6e55c2dfe86cd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560434
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79854}
.. for concurrent OSR. There, the challenge is to hit the correct
JumpLoop bytecode once compilation completes, since execution has
moved on in the meantime.
This CL adds a new mechanism to request installation at a specific
bytecode offset. We add a new `osr_install_target` field to the
BytecodeArray:
bitfield struct OSRUrgencyAndInstallTarget extends uint16 {
osr_urgency: uint32: 3 bit;
osr_install_target: uint32: 13 bit;
}
// [...]
osr_urgency_and_install_target: OSRUrgencyAndInstallTarget;
bytecode_age: uint16; // Only 3 bits used.
// [...]
Note urgency and install target are packed into one 16 bit field,
we can thus merge both checks into one comparison within JumpLoop.
Note also that these fields are adjacent to the bytecode age; we
still reset both OSR state and age with a single (now 32-bit)
store.
The install target is the lowest 13 bits of the bytecode offset.
When set, every reached JumpLoop will check `is this my offset?`,
and if yes, jump into runtime to tier up.
Drive-by: Rename BaselineAssembler::LoadByteField to LoadWord8Field.
Bug: v8:12161
Change-Id: I275d468b19df3a4816392a2fec0713a8d211ef80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571812
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79853}
Since the inspector does not longer hold on strongly to Script objects
after they were collected by V8, this test was relying on the GC to not
collect the scripts too eagerly in case where nothing else holds on to
the script. So explicitly adding a global object property assignment
here in those cases to ensure that the Script is kept alive.
Fixed: chromium:1314212, v8:12699
Bug: chromium:1246884, chromium:1295659
Change-Id: Ia16fcf841aeb29bf131fc6fa066f120d342f94b2
Doc: https://bit.ly/v8-inspector-script-caching
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576117
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79852}
This is a follow up CL for https://crrev.com/c/3538284.
Tests credited to https://crrev.com/c/3468352.
- Add unicode filename path test.
- Convert ansi encoded filename argv to utf8 encoded on windows. Because
the ansi encoded filename argv may lose some information for unicode
filename, and we need to use GetCommandLineW to get the actual unicode
filename argument. And we convert it to utf8 encoded to be consistent
with subsequent processing.
- Use REPLACEMENT CHARACTER to replace the characters which cannot be
encoded with sys.stdout.encoding in progress.py.
This CL should be **reverted** if new unicode filenames cause problems.
Bug: v8:12541
Change-Id: Ic5c5ae342b3a5b11c3119452af03c9165d429ed7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568926
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#79850}
We can perform these DCHECKs on all pages, not just pages in old space.
Bug: v8:12760
Change-Id: I202e1a96190d305b86c69cd6616bdb5ecc812044
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3574560
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79847}
This adds feedback collection to count the number of executions of
call_direct instructions in Liftoff code. The purpose is better
inlining decisions in Turbofan, which are enabled by having call
count information for all kinds of calls.
The new feature is gated on --wasm-speculative-inlining. While
direct calls don't need to speculate about their target, the whole
feedback collection infrastructure depends on that flag.
Bug: v8:12166
Change-Id: Ie24a988fcea631f370188dc21e60a5fac923dd3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571807
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79846}
Some test variants and fuzzers set their own GC interval, so the flag
specified in the regression test causes flag contradictions.
The test failure was flaky anyway, so this change is only a slight
reduction in reproducability, and the test will still be used as seed
for the fuzzers.
R=machenbach@chromium.org
Bug: chromium:1313475
Change-Id: I7c7084ab34fe46d691b841921d42a487cc8a1cad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3576114
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79845}
Minor MC heap verification requires heap iterability. This however was
not directly ensured. Coincidentally, there was an unrelated call to
`Heap::Verify` that ensured `Heap::MakeHeapIterable` had been called,
so the precondition was met. This call was moved to an earlier point
by https://crrev.com/c/3497318 and, because of that, some combination
of flags now results in a crash.
This CL fixes the issue by directly ensuring heap iterability. It also
moves back the call to `Heap::Verify`, so that it takes place inside
the GC safepoint.
Bug: v8:12768
Change-Id: I2c66de0d0a735b84dd9435ff503e78bb3611ce55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569224
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79844}
They can be replaced by std::conjunction and c++17 folding expressions.
R=tebbi@chromium.org
Bug: v8:12425
Change-Id: I109ac904245aab431f11752eff5129fd4361de8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570428
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79843}
Callee saved registers do not include the LR anymore, so we can
now remove the last place where we pass a non-default template
argument to PushCPURegList/PopCPURegList (in the code generator).
This makes the template argument redundant, so we can remove the
template altogether.
Change-Id: I07f0c0a10840817df8a5afc1dc74330e290ce5bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571816
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/main@{#79842}
Turn this assertion also on for release builds for now. This shouldn't
regress sweeping performance because we do the same work as in the last
release.
Bug: v8:12760
Change-Id: I02f78157d20780f46bb4aebf59ce96a7b52f0a27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571810
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79841}
Port d36f596e8a
Change-Id: I13c9d23bb06841e1f6cbb07c68968fb3cc9eb01a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3573784
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79836}
This CL adds support for interacting with CpuProfile with their integer
id.
A String ID is problematic because it forces an allocation when stopping
or cancelling a Profiler which can happen during a GC when this
is not allowed.
Change-Id: I9a8e754bd67214be0bbc5ca051bcadf52bf71a68
Bug: chromium:1297283
Co-Authored-By: Nicolas Dubus <nicodubus@fb.com>
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522896
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Commit-Queue: Corentin Pescheloche <cpescheloche@fb.com>
Cr-Commit-Position: refs/heads/main@{#79835}
