The marking verifier used to run on a different stack than the marker
which could lead to it finding more objects than the marker. Fix this
by recording a stack end from which the verification starts. This
ensures that the verifier only finds a subset of the objects that the
actual stack scan finds.
Bug: v8:11709
Change-Id: I44fe7b247e56e75deded45b64c25379f1ad9e381
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859848
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74320}
This reverts commit c4cb14c754.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac64%20-%20debug/33969
Original change's description:
> cppgc: Try to fix test IteratePointersFindsCalleeSavedRegisters, vol.2
>
> The previous attempt has broken the tsan bot. The only reliable way to
> make sure that registers are not clobbered is by doing direct call from
> inline assembly, which is what this CL does.
>
> Change-Id: I6adbd5e735949a7cc4cc7fc686ee8c428863ffb9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859947
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74313}
Change-Id: I00260aeacdac8704475b37fd99d4ef552c523249
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2865746
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74314}
The previous attempt has broken the tsan bot. The only reliable way to
make sure that registers are not clobbered is by doing direct call from
inline assembly, which is what this CL does.
Change-Id: I6adbd5e735949a7cc4cc7fc686ee8c428863ffb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859947
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74313}
This fixes a compiler warning on gcc 7.4.
R=ahaas@chromium.orgCC=machenbach@chromium.org
Bug: v8:11716
Change-Id: I385765f1ac3de17eea1bb56109869636f8ae9d95
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862779
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74310}
Using the default cctest TEST(...) macro causes later writes to
FLAG_stack_size to have no effect, because the StackGuard reads
that flag's value during Isolate initialization, which is done
before the test body is executed. This patch changes the two
existing tests that accidentally did this to UNINITIALIZED_TEST,
putting them in charge of Isolate creation, thereby ensuring that
the intended stack size is configured correctly.
Change-Id: Ib030795ef46f23d576f6dbbd26b347ac804b5085
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862778
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74309}
Tracking the context is not enough, as we might clear the context to
avoid repeatedly reentering the same context.
Also fix unittests that relied on the default microtask queue getting
automatically processed instead of the one of the current context.
Bug: chromium:728583
Change-Id: Ia9a51c513fc7363a518af86cc54c5bda26b5fbe8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859850
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74303}
Previously we'd attach source positions to implicit returns that are
generated when leaving an async function with a promise rejection. This
was due to the use of `kNoSourcePosition` on the `end_position` in the
`ReturnStatement` nodes as indicator to pick the return position from
the function literal, instead of really not putting a source position on
that specific `Return` bytecode.
This CL adds a dedicated marker to `ReturnStatement` to express that the
`BytecodeGenerator` should put the return position from the function
literal there instead of overloading the meaning of `kNoSourcePosition`.
Bug: chromium:901819, chromium:782461
Fixed: chromium:1199919, chromium:1201706
Change-Id: I3647e0c3d711e9c3d6ae44606b70ec92ad82e1cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859945
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74301}
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.
R=ahaas@chromium.org
Bug: v8:11717
Change-Id: Ica92f4ddc9c351c1c63147cbcf050086ca26cc07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859854
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74297}
Modify TryAnyExtendMatch to combine Int64Add/Int64Sub(x, ChangeInt32ToInt64(y))
to use an extend register operand, removing the cast.
Change-Id: Id130f8a9614e2c208f9ed8c17b923ee738fcb916
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857964
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#74285}
This reverts commit 4ff37d3a3f.
Reason for revert: Fails with stress_incremental_marking - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/3049/blamelist
Original change's description:
> cppgc: Fix test IteratePointersFindsCalleeSavedRegisters
>
> call the compiler can clobber the tested register. Moving this tricky
> part into a noninlinable lambda allows to reduce pressure from the
> register allocator and thereby avoid such clobbering.
>
> Subtle: between the first inline assembly and the IteratePointers()
> Change-Id: Ibeca8fa2f4fd54d07c2f585a4e876504a6a991b7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859843
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74280}
Change-Id: Ib257e30273f382d19ec922e2fa3279c39e918cde
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859847
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74282}
call the compiler can clobber the tested register. Moving this tricky
part into a noninlinable lambda allows to reduce pressure from the
register allocator and thereby avoid such clobbering.
Subtle: between the first inline assembly and the IteratePointers()
Change-Id: Ibeca8fa2f4fd54d07c2f585a4e876504a6a991b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859843
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74280}
The "Restart frame" feature was implemented as part of LiveEdit and
primarily used to support LiveEdit of active functions, but that was
previously disabled as part of https://crrev.com/c/2846892 because it's
too brittle and causes crashes when using seemingly unrelated features.
The "Restart frame" feature was also available as a context menu item
separately in the DevTools front-end, but that was also already removed
as part of https://crrev.com/c/2854681 earlier. So all uses are gone
now.
This change works by marking Debugger.restartFrame as deprecated and
having it respond with a ServerError all the time. It thus allows us to
remove a whole bunch of machinery that was essentially just put in
various places to support the restart_fp_ magic. In particular the
debugger no longer needs any machine specific builtins now.
Bug: chromium:1195927
Change-Id: I1153ba6b00e979620af57dd9f58aa1c035ec4484
Fixed: chromium:1203606
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854750
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74276}
While evaluating a class literal the containing function points to
Token::CLASS. It may have pushed a context for that class that uses
the range of the class scope. So far the class scope had a range that
started after the class name or class token in case of anonymous
classes. That means the source position of the function frame doesn't
point to a position that is included in the active context range. This
breaks the debugger because it relies on being able to find the
matching parser scope for the active context by looking at the source
position.
The fix is two-fold:
- extend the class scope source range to include Token::CLASS
- update ScopeChainRetriever::ContainsPosition to include the start
position of class scopes as a valid source position. We can't always
include start due to arrow functions that don't have braces.
Bug: chromium:1156498
Change-Id: I9ec640c6326289dadcb154bb0a329ca6f8188f8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857957
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74268}
Replacing a crash with a TypeError.
Bug: chromium:1203692
Change-Id: I6970f980b46f20033f29c1deb9bc5d49ea2014ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2856842
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74266}
This CL factors out a CodeRange class out of MemoryAllocator.
When V8_COMPRESS_POINTERS_IN_SHARED_CAGE is defined, there is a single
CodeRange shared by all Isolates in the process. This also turns short
builtins back for both configurations of pointer compression. When
sharing a cage, there is a single copy of the re-embedded builtins.
Since a shared pointer cage is still experimental, to avoid API churn
this CodeRange's size is not configurable and is always the maximal size
depending on the underlying platform.
Change-Id: Ie94f52746f2c5450247a999cc6071e3914d4cf0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819206
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74261}
After the --wasm-shared-engine flag was removed (in
https://crrev.com/c/1864935), there is no point any more in holding the
wasm engine in a shared_ptr. The engine is initialized once for the
whole process, and only deallocated during global tear down.
R=jkummerow@chromium.org
Bug: v8:11384
Change-Id: Id8e96eaecfcab8b44842ec323c94529e9c5a5e25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2853589
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74253}
This CL adds the new AllocationTypes kSharedOld and kSharedMap for
the allocation of objects in the shared heap. An Isolate can be converted
into a shared isolate with Isolate::UseAsSharedIsolate(). Client
isolates can then be attached to the shared isolate.
Bug: v8:11708
Change-Id: Ie2ed30b83b404e01e6f6079c5a4bdaa9302e8004
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850709
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74252}
The exception concerning type None actually seems avoidable and
can cause issues with incomplete nodes remaining in the graph.
Bug: chromium:1202312, chromium:1202625
Change-Id: I89062715e7f640c66b3f7cdca249db8cde768f29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850917
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74250}
Previously we'd allow to replace the source of functions that are on the
current execution stack under certain conditions, but this has resulted
in an endless stream of bugs due to weird edge cases, and so we're now
limiting LiveEdit to functions that don't have any activation (including
not a suspended generator / async function activation).
We might eventually add the ability to LiveEdit functions with
activations and have them "upgrade upon next invocation", but that
doesn't seem to be an extremely important use case right now.
Fixed: chromium:1195927
Change-Id: I87a45ba4d0ddcfbf867bd4e73738d76b2d789e04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846892
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74249}
.. which traces various stats (time, memory) related to the snapshot.
Due to various flag shuffles, it was broken as of Oct 2020, with some
line items reporting constant 0.
This also refactors --profile-deserialization and
--serialization-statistics s.t. the former only reports
deserialization times and the latter reports memory. Memory.json now
passes both flags.
Change-Id: I7dacbbbe9f7a667e0802d0f7a44703dc34524a4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854742
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74241}
MatcherBase::buffer_ defined under "gtest/gtest-matchers.h"
is a union of sizes that may be too large for Config object
currently being passed to it. This might result in `buffer_` to remain
uninitialized.
More information about the error can be found
in the comment section of this CL: https://crrev.com/c/2228887
Change-Id: Ibeef1189a7db8056f00cc85dbccec506d345a7eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854278
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#74235}
Changes:
- Add WasmInitExpr class which knows how to create initializer
expressions as pairs of {type, value}. Also define a default for every
type. Emit such pairs to a byte array with emit_init_expr().
- Add an initializer expression to every global (addGlobal() uses the
default if the argument is absent).
- Introduce wasmI64Const();
- Update tests as needed.
Change-Id: I75ffe96604891506ad78bd3677ce1efe5e0cee07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851892
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74231}
The kInt64, kUint64, and kIntPtr type definitions made no sense.
This CL removes kIntPtr and fixes+renames k(I|Ui)nt64. It also adds
some DCHECKs to avoid similar bugs in the future.
Bug: chromium:1202609
Change-Id: Ibe2e9c7501c22959b850d2b1076e819455440450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851895
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74230}
The previously added perf-context Promise-hooks take a v8::Function as
arguments. However, the builtin code was only accepting JSFunctions
which causes cast errors.
Drive-by-fix: Directly pass nativeContext in more places.
Bug: chromium:1201465
Change-Id: Ic8bed11253a1f18a84e71eb9ea809b1ec1c3f428
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850162
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74223}
This CL makes the object passed as argument to IsLeafTemplateForApiObject
be received as a handle instead of a raw C++ pointer. From the codegen
point of view, the memory representation is the same, so this doesn't
change its semantics.
Bug: chromium:1052746
Change-Id: Ibc116aa4d577ba95f30d1014f15f34ef3fbb1a35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851884
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74220}
With --stress-scavenge it is possible that we don't have a memento for
the object we are interested in anymore, making the test useless.
Bug: v8:11701
Change-Id: I05984de33dc0c21d01023ebaa4ceebacfb63cc84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851889
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74218}
Expose third_party/google_benchmark:google_benchmark as a public dep
from third_party/google_benchmark:benchmark_main and a v8_libbase
dependency to empty_benchmark to expose base/macros.h.
Bug: v8:7330
Change-Id: I5205af365da2ac7c35647acff90ed65d831cfa07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851888
Commit-Queue: Dan Elphick <delphick@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dan Elphick <delphick@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74217}
* Failed tests that also trigger GCs are not filtered out. They are
expected to be fixed when TPH supports real garbage collection.
Bug: v8:11641
Change-Id: I30b8bcf48d5e3f32439eeffb39d28ee45db2a21c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2849822
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Wenyu Zhao <wenyu.zhao@anu.edu.au>
Cr-Commit-Position: refs/heads/master@{#74212}
Keep idiomatic state loop but rely on USE() to avoid
warning about unused variables.
Bug: v8:11687
Change-Id: Icde295723c5d389d827280f70a65776866d4e7a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850645
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74200}
When add/sub with immm in [-4096, -2049] || [2048, 4094],
it can be split two addi/subi instr.
Change-Id: I94b93763c33fa5ef31c5ec4d23cbc5580a93ed1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848732
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Cr-Commit-Position: refs/heads/master@{#74199}
This reverts commit d2ce574457.
Reason for revert: We reverted the early canonicalization change, so we need to worry about non-canonicalized shuffles now.
Original change's description:
> [wasm-simd][arm64] Update f32x4.mul(dup) pattern matching
>
> We now canonicalize earlier in the pipeline, and don't need to worry
> about non-canonicalized shuffles.
>
> Bug: v8:11542,v8:11257
> Change-Id: If9f5c44061465be339c98e479fd8c5a437bbd74b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2778673
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73645}
Bug: v8:11542
Bug: v8:11257
Change-Id: Ib492b3ab7ad140193975d2641999c12c9697e27b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850630
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74193}
- Move LsanPageAllocator to base;
- Use LsanPageAllocator in PageBackend that serves managed C++
objects;
- Remove spurious TODO for GCInfoTable which should not use the
LSAN-aware backend;
Bug: chromium:1056170
Change-Id: I2caa11443ab44da5164f1c29339e302bffb49228
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850157
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74192}
All existing usages are changed to Factory::NewFixedArray(). The
motivation for the removal is that the function is unsafe and easy
to misuse.
Note that NewUninitializedFixedArray has been already changed to
initialize the result as an experiment with 3%-13% regression on
a few SixSpeed microbenchmarks and no impact on larger benchmarks.
Change-Id: I2e084bc03b2636aa6d368ca255970566a7ce222e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2846895
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74186}
