This will allow on the infra side to easier link to the respective
shard on a test failure. Without that it's a hassle to find out on
which shard the failing test ran.
This also simplifies how the global test_config stores information.
Some information was duplicated, but is now rather shared through
properties if the owning object is already present.
Bug: v8:13681
Change-Id: I52f01a4fac74627575d80f25923faba99eb6a1fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181030
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85429}
This reverts commit 7eb8937bca.
Reason for revert: crbug.com/1408957
Original change's description:
> [turbofan] Optimize access to the length property of functions
>
> When compiling to JavaScript a language that supports curryfication, it
> is convenient to be able to efficiently get the arity of a function to
> check for partial application.
>
> Change-Id: I6611b523b2c3795f1f8fb123f63f5b6d604d793d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111447
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85409}
Fixed: chromium:1408957
Change-Id: I5200392af7532a864afd73fb0e88be9a2153a312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4187075
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85428}
This CL hides the ctor of the MemoryReducer::State class and only
provides factory methods for creating states. This simplifies creation
of states and makes it impossible to misuse the API.
Direct field accesses are also replaced with invocations of their
corresponding getter methods. The getter method will check whether
the current state is allowed to access that field.
Bug: v8:13653
Change-Id: I252a6d75d0ddb4813b16a706061ad1951cfa35ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181026
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85426}
Previously we stored kProxy in this case, which resulted in
set semantics for proxies.
Bug: chromium:1408310
Change-Id: Id9f215b4c3c08416b6d6c5f4605839668a5df340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178811
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#85422}
Previously in the DevTools console, users could inspect a preview of all private class members on an instance, but if they wanted to evaluate or inspect a specific private class member out of a long list, they had to be debugging and in a scope that has access to those private names.
This patch adds support for extraordinary access of out-of-scope private member access in debug-evaluate, specifically for Debugger.evaluateOnCallframe() (for console calls invoked during debugging) and Runtime.evaluate() (for console calls invoked when the user is not debugging). This kind of access is not otherwise allowed in normal execution, but in the DevTools console it makes sense to relax the rules a bit for a better developer experience.
To support this kind of extraordinary access, if the parsing_while_debugging or is_repl_mode flag is set, when we encounter a private name reference that's in a top-level scope or an eval scope under a top-level scope, instead of throwing immediately, we bind the reference to a dynamic lookup variable, and emit bytecode that calls to %GetPrivateName() or %SetPrivateName() in the runtime to perform lookup of the private name as well as the load/store operations accordingly.
If there are more than on private name on the receiver matching the description (for example, an object with two `#field` private names from different classes), we throw an error for the ambiguity (we can consider supporting selection among the conflicting private names later, for the initial support we just throw for simplicity).
If there are no matching private names, or if the found private class member does not support the desired operation (e.g. attempting to write to a read-only private accessor), we throw an error as well.
If there is exactly one matching private name, and the found private class member support the desired operation, we dispatch to the proper behavior in the runtime calls.
Doc: https://docs.google.com/document/d/1Va89BKHjCDs9RccDWhuZBb6LyRMAd6BXM3-p25oHd8I/edit
Bug: chromium:1381806
Change-Id: I7d1db709470246050d2e4c2a85b2292e63c01fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020267
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85421}
Add a shortcutting branch for TestTypeOf, similar to the compare
branches.
To do this, move the TestTypeOf implementation into MaglevAssembler. We
want to support label distances and fallthroughs correctly, so
additionally implement a generic Branch for labels with distances and
support for fallthroughs.
Bug: v8:7700
Change-Id: Ib8c6b0eeeec0a7f3429d3692081853d25278fba4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181034
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85420}
This CL adds the shared large object space to OldGenerationCapacity(),
CommittedOldGenerationMemory() and OldGenerationSizeOfObjects().
Bug: v8:13267
Change-Id: Ifdf5f78452d226266cf18c4c0bb1ed0117b1da60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4183485
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85416}
Reuse scratch register in deferred code instead of acquire a new one.
Note that with MaglevAssembler::ScratchRegisterScope, it is now
safe to pass a scratch to DeferredCode.
Fixed: chromium:1408900
Bug: v8:7700
Change-Id: I1e82285a0bd93a76e7f28b9a483b95c9b2f84712
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4183484
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85415}
The data race in [1] occurs because when reaching marking-barrier-inl.h,
value is in the shared heap while host is in the client heap.
Generally concurrent sweeping and marking barriers should not be active
at the same time. However, that only holds for a single heap.
In this case, the client is in the midst of incremental marking, thus
marking barriers are active for it, while concurrent sweeping is active
on the shared heap/space. This results in a race between reading the
value's mark bit and clearing the mark bit for the chunk.
[1] https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8791534956079065361/+/u/Check__flakes_/regress-crbug-1394741
Bug: v8:13665
Change-Id: I1b6210b9162b78b3c3635802a1e74432f5c89757
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181038
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85412}
When compiling to JavaScript a language that supports curryfication, it
is convenient to be able to efficiently get the arity of a function to
check for partial application.
Change-Id: I6611b523b2c3795f1f8fb123f63f5b6d604d793d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111447
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85409}
Annotate slow path call for creating a new GCInfo accordingly. This
path will only hit for the first object allocation for a given type.
All subsequent allocations will use the fast path.
Bug: chromium:1408821
Change-Id: Ifc1d3491a94b30dfeee1a2c9679c64939025fefe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85408}
The built-in wasm function behaves similar to string.new_utf8
but in case of invalid characters returns `null` instead of
throwing an exception.
Bug: v8:12868
Change-Id: Idde9bc2563d6bff1ab163ca8ed2219b6db23ca28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177105
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85406}
This allows MemoryReducer::Event to be an internal implementation
detail except for tests and make it impossible to misuse the API.
Bug: v8:13653
Change-Id: I333a6e17368ddaba562ec929b4950b6c234fc312
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178818
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85405}
If the phi moves are the same for all predecessors, the move optimizer
will merge them by picking an arbitrary move among them,
moving it to the phi's block, and eliminating the moves in the
predecessor blocks.
However, phi inputs may have different width, and this can result in a
mismatch between the source and destination representation.
Always emit gap moves based on the destination operand's
representation, to ensure that in this case the wider phi inputs are not
truncated.
R=tebbi@chromium.orgCC=dmercadier@chromium.org
Bug: chromium:1407571
Change-Id: I0263cd5024e8e1340fb971267b133a2a91090f8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178824
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85403}
Explicitly null terminate the string passed in as a simulator debug
command from gdb. Otherwise, gdb was creating a char[strlen(arg)] from
the argument, and storing it non-zero-terminated.
Change-Id: I9f80530b172e6de7c3ed174393f07351e7f1ee00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181021
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85402}
The new UniformReducerAdapter provides an easier way for reducers to
add special handling for certain operations.
Bug: v8:12783
Change-Id: Ib3b08a4c8383d7df4362579ec5ade8c6df01debe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178820
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85399}
In real world use cases, it's quite typical to not have any matches.
In these cases, allocating the match array lazily improves performance
(e.g., Speedometer2 0.2%).
Change-Id: Ib1ae5aecb2e14714c93092c4786763f272025a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174089
Commit-Queue: Marja Hölttä <marja@chromium.org>
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85398}
An unified scratch scope for Maglev.
- For arm64 we reuse the architecture scope.
- For x64, we create a simple linked list scope.
DeferredCode carries the same temporary scope.
The node temporaries registers now represents the available
temporary registers (i.e., minus fixed/specific ones).
Also refactor some shared code to maglev-assembler-inl.h, so
that DeferredCode can use scratch scopes.
Bug: v8:7700
Change-Id: I1019a03627f390aa8a69916a227e0007229d63ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178817
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85397}
In the end we managed to have static root builds without a two stage
isolate setup. Thus, the mode for creating isolates with an existing
read only page is unused. Also, no other usecase for this mode emerged.
Bug: v8:13598
Bug: v8:13466
Change-Id: I0a8174ba9383db7364b6e4545702aafc6f48170c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178814
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85396}
These stores were disallowed (emitting a generic path which was
expected to deopt) for all access modes, but only need to be disallowed
for stores. This now matched TurboFan behaviour.
Bug: v8:7700
Change-Id: Idbf0b45a538981ebf6124d255b395b338e14e097
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177101
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85395}
This CL reinstates the trampoline for pushing the values of
callee-saved registers on the stack, which is used for stack scanning.
It reintroduces the set of architecture-specific functions
PushAllRegistersAndIterateStack, removed in crrev.com/c/3989143.
The reason for this change is that the simpler architecture-specific
functions SaveCalleeSavedRegisters failed to correctly save the
values of the registers, in the presence of C++ compiler optimizations.
It also removes the stack context, introduced in crrev.com/c/4017512,
and uses again the trampoline for iterating through the stack.
Bug: v8:13257
Change-Id: I9e656a9b3ba6616168602300f2180b4f340593f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4171639
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85394}
A first stab at using some static maps to have faster instance type
checks in C++ code. This adds an instance type check variant which
uses the map without loading the instance_type field, when the
instance type corresponds to a single static map.
Changes the format of the static roots table to be more in line with
other code and orders the names by address.
Bug: v8:13466
Change-Id: I5417071efd24ee52d51146ef0887d32cb9b62fcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177102
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85392}
TSan realized that racy writes to `profiler_end_callback_` were
possible. With this CL all accesses to `profiler_end_callback_` are
protected by a lock.
R=clemensb@chromium.org
Bug: v8:13667
Change-Id: I37c1ba8a051294c3b8a714618954007797c7abba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174090
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85391}
Add custom analysis that is only done if the ClusterFuzz analyzer fails
analyze the stacktrace given without overriding any of its functionality.
Bug: v8:12313
Change-Id: I9e4bc40404387160eb122b8f58999717bd4e7672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165085
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85390}
Document that the code size estimate is not used for computing the
minimum reservation size for a new code space. This implies that the
returned reservation size can be smaller than the passed-in code size
estimate. Callers should be aware, and check for this.
R=sroettger@chromium.org
Change-Id: Ib91d2ed8a8cf8ce9abfc5fad31d9776692a9b405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174080
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85389}
For memory reducing GCs, promoted page iteration is inlined to avoid
delaying sweeping of array buffers (instead of offloafing to concurrent
sweeping).
Because AddPromotedPageForIteration takes a lock, promoted page
iteration in memory reducing GCs was essentially sequential rather than
split between multiple evacuation jobs.
Removing the mutex from AddPromotedPageForIteration and inlining
iteration there does not nicely work due to the need for multiple cached
remembered sets which are not available when AddPromotedPageForIteration
is called.
Fix by reverting to the previously used VisitBlackObjectsNoFail for the
memory reducing case.
Bug: v8:12612
Change-Id: I63dd2afcbfae474bcc8cee5d7e207a48a646a571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174083
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85388}
In the single-threaded compilation benchmark with the PS module I see
locally a 4.4% improvement in Liftoff compile time.
R=clemensb@chromium.org
Bug: v8:13673, v8:13565
Change-Id: Id85990dd5d14d558ef4efd336755d7fbd07868ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4177092
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85386}
This test sets a value to zero to simulate not knowing where read-only
space starts, since v8::debug_helper code often must work with only
partial information. However, the zero value persisted to another part
of the test which expected a precise result, and could cause a test
failure if an object happened to be allocated at the same offset from
its containing chunk as a known read-only object. This CL fixes the
test to only use the zero value during the steps that need it.
Bug: v8:13646
Change-Id: I90f1593bf9b5bb36177ee904a910a183384a4e64
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178630
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85385}
This flag is already used in production for quite some time and we
don't need this flag for testing/experimenting.
Bug: v8:13653
Change-Id: I7326b495e2dca5d0402ff275fd697b46b8c231ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4176733
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85384}
Creating the full call frames is expensive. The client should only
need the script id. As the script id is passed in the 'data.scriptId'
field of the message, we can omit call frames from the instrumentation
pause event.
Bug: chromium:1408105
Change-Id: I11827865168946e1f412f7d351a0d359e2ac80ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4174085
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85382}
Rolling v8/build: e831815..b999a0b
Rolling v8/buildtools/reclient: re_client_version:0.87.0.b6908b3-gomaip..re_client_version:0.93.0.9ed3cef-gomaip
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/7a311fe..de8aae6
Rolling v8/third_party/depot_tools: 86cfa62..8c5174b
Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20230114.0.1..version:11.20230118.1.1
Rolling v8/tools/clang: c042194..dced190
Change-Id: I8c073cccd2b33993069a960bab45e3a1fcace2d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4178354
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85381}
