The special symbols defined in heap-symbols.h were extracted out of
src/heap/heap.{cc,h} a long time ago because they logically belong to
the objects and not to the implementation of the GC/heap, so they should
have the same ownership as the objects that use them in src/objects.
Bug: none
Change-Id: I9a87c1600dc26b0fc5e620a13d409fb9116235e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3375546
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78539}
We should only check the "SIMD sibling" register if we are handling a
SIMD register. This avoids unneeded spills, and in this particular case
ran into a DCHECK because there are only 29 registers, but we tried
checking #29.
R=thibaudm@chromium.org
Bug: v8:12330, v8:1285007
Change-Id: Ife8b295ac958990611ca8816bbfbfb5124a4297d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372916
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78532}
Tested with both GCC and Clang on s390x (under QEMU).
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: Iad6609136e25a6e94d51f365e4c54e6f042aa897
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3346395
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78531}
This is a reland of be6bd4f448.
The reason for revert was two bots timing out. On further inspection,
the timeouts seem unrelated.
Original change's description:
> [wasm] Fast paths in EvaluateInitExpression
>
> We add fast paths for the most common types of expressions in
> {EvaluateInitExpression} to improve instantiation time. We fall back to
> full expression decoding for less common operators, or for expressions
> with operands.
>
> Bug: chromium:1284557
> Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78497}
Bug: chromium:1284557
Change-Id: I209458c1fa36ae41899434b90759ebe3fe5e2a57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3375545
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78529}
Without the comma, the two strings '--no-enable-sse3' and
'--noenable-ssse3' will be concatenated, resulting in missing detection
for the no_simd_hardware flag.
R=liviurau@chromium.org
Bug: v8:12521
Change-Id: Icbdc5e8057d1eeead472f76efd52c379bffbe5b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372914
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78528}
Inlining the field accesses make the code simpler by avoiding the
abstraction of the accessor, and makes stepping through the code for
debugging easier.
R=thibaudm@chromium.org
Bug: v8:12330
Change-Id: I51bd0e88baa5ffba5bd4bfcca36e95caab7468c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372913
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78521}
Since the accessors are only called from other methods in the same
class, we can just access the field directly. This makes stepping
through easier and makes the code simpler by avoiding an unneeded
abstraction.
R=thibaudm@chromium.org
Bug: v8:12330
Change-Id: I39727324e82fcfd15b3b242c53ed5534e2e5511d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372912
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78520}
This should have been updated in https://crrev.com/c/3370408
Bug: chromium:1284506
Change-Id: Ie44d80b507c9a798ce6f4776672270f9d4b12195
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3371463
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Austin Sullivan <asully@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78519}
The test was added in https://crrev.com/c/3372910, but needs to be
skipped on non-SIMD hardware because it contains SIMD instructions.
R=thibaudm@chromium.org
Bug: v8:12330, chromium:1284980
Change-Id: Ifaede466b24aea4f9ef6b062414a31698bcca864
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372917
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78517}
The register state is accessed a lot in the mid-tier register allocator.
Instead of going through an accessor with a DCHECK, just access
directly. This makes stepping for debugging a lot easier, and will
result in an easy-to-debug nullptr access if the register state is not
initialized.
R=thibaudm@chromium.org
Bug: v8:12330
Change-Id: Icf4d1cc187a34f28ee44fc9b80ee5d765aa14b9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372911
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78516}
The bailout is there explicitly in the code, so we should allow it in
{CheckBailoutAllowed}.
R=ahaas@chromium.org
Bug: v8:12527
Change-Id: Ifd906afb5f034f05c2bf7d9a28e3ab458549e7ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372915
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78515}
Spilling was already fixed if a fixed SIMD register overlaps with an
allocated FP register, but the other way around was missing: If an odd
FP register (in this case d1) is used as a fixed output register, but
this register is in use as the upper half of a SIMD register (in this
case q0), we did not detect this and would just use overwrite the SIMD
half.
This CL also fixes this case.
R=thibaudm@chromium.org
Bug: v8:12330, chromium:1284980
Change-Id: Id3f98b7accd77e38ab4cd5ff8910aaf5ad96a1ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372910
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78514}
Rolling v8/build: f29e3b6..3fd1fd5
Rolling v8/buildtools/linux64: git_revision:19bf826e6e5d05100cb3568e90e48bd3c97d4f22..git_revision:387b368dfe63fec317f8e609d90c634807f2764e
Rolling v8/buildtools/third_party/libunwind/trunk: 6a10e3e..4bf418e
Rolling v8/third_party/depot_tools: e971498..9552069
Rolling v8/tools/clang: 24c1100..17ca796
Rolling v8/tools/luci-go: git_revision:89429843eb2dedb599a6c7c7754343b97d95943d..git_revision:d1e877e2b3e5a05a5cd34c4a340fedba14a16c2b
Rolling v8/tools/luci-go: git_revision:89429843eb2dedb599a6c7c7754343b97d95943d..git_revision:d1e877e2b3e5a05a5cd34c4a340fedba14a16c2b
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I9b882395fb44b11308a3e55166bbf7f527c538d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3371705
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78508}
https://crrev.com/c/3297708 changed the serialization format for typed
arrays without bumping the format version. As a consequence, builds that
include that CL fail to deserialize typed arrays serialized by previous
V8 versions.
This CL reverts the serialization format change, and does minimal test
changes to reflect the revert. https://crbug.com/v8/12532 tracks
serializing typed array flags in a backwards-compatible manner.
Bug: chromium:1284506
Change-Id: Ib32e88c6383e0ad4ad1a9ff63f413a1eb123b1ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3370408
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78507}
Rolling v8/build: ccc9811..f29e3b6
Rolling v8/buildtools/linux64: git_revision:281ba2c91861b10fec7407c4b6172ec3d4661243..git_revision:19bf826e6e5d05100cb3568e90e48bd3c97d4f22
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/ec88714..aa0e8d0
Rolling v8/third_party/depot_tools: 02d65ea..e971498
Rolling v8/tools/clang: 2d10229..24c1100
Rolling v8/tools/luci-go: git_revision:e897e118887a2e6c50a82212b660cb2a7c58d910..git_revision:89429843eb2dedb599a6c7c7754343b97d95943d
Rolling v8/tools/luci-go: git_revision:e897e118887a2e6c50a82212b660cb2a7c58d910..git_revision:89429843eb2dedb599a6c7c7754343b97d95943d
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I9d02d870a7233878220336aaa985c9216f521c58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3362608
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78505}
In the C++20 a following paper was implemented [1]. This
paper makes code below illformed. The high level idea is
that as soon as class gets non default constructor - all
default initializations are not added implicitly.
class A {
public:
A(const A&) = delete;
};
int main() {
A a{};
return 0;
}
So if V8 embedder is building its code with C++20 it can
not initialize v8::CppHeapCreateParams struct and as a
result can not create a CppHeap.
One of the possible mitigations (3.3) from the paper is
to add non copyable field into class. Luckily there
is std::vector<std::unique_ptr>> in this class already.
[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1008r1.pdf
Change-Id: I8a2dc35784d7646b5f73a5e178716e9bf2ffe601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348007
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78504}
This reverts commit be6bd4f448.
Reason for revert: Consistent timeouts on Linux and Mac, e.g.
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/37973/overviewhttps://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64%20-%20debug/37346/overview
Original change's description:
> [wasm] Fast paths in EvaluateInitExpression
>
> We add fast paths for the most common types of expressions in
> {EvaluateInitExpression} to improve instantiation time. We fall back to
> full expression decoding for less common operators, or for expressions
> with operands.
>
> Bug: chromium:1284557
> Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78497}
Bug: chromium:1284557
Change-Id: If09468eb1e790d4359573ddff8b653fe84b0e11e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368602
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78502}
Clang 12 doesn't support -Wno-bitwise-instead-of-logical,
so silence it with -Wno-unknown-warning-option.
GCC requires using GNU dialect of the C++ standard, using
optimizations (otherwise "always_inline" fails to inline),
and produces a lot of warnings that had to be silenced.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Change-Id: I9ddd4f39dca2167b5b208dc2d0ba8e60030eddfc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3333635
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78499}
New text is moved over from BlinkGCDesign.md
Bug: chromium:1283934
Change-Id: I10a84c91a642e96c494d6e523d6d89059afaa1ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366658
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78498}
We add fast paths for the most common types of expressions in
{EvaluateInitExpression} to improve instantiation time. We fall back to
full expression decoding for less common operators, or for expressions
with operands.
Bug: chromium:1284557
Change-Id: I39a1816176974058b801cdad6eaaa6da156cea04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367627
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78497}
We implement loop peeling for wasm, currently available behind a flag.
Loops are peeled regardless of size.
Bug: v8:11510
Change-Id: Ia4c883abdee83df632b2611584d608c44e3295c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367615
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78496}
Introduce a build-time flag to disable all CET shadow-stack
manipulation. This will allow us to develop the feature without breaking
production code, and enable it all at once once the feature is ready.
R=mlippautz@chromium.org
Bug: v8:12522, v8:11246, chromium:1284445, chromium:1284599
Change-Id: Iedc1b9a0c0c74f484bb76d86c84809798c0931b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368101
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78494}
When computing the code size estimate for {PrepareAndStartCompile}, we
did not consider Liftoff code in the async path. Other invocations
checked {FLAG_liftoff} to decide whether Liftoff code will be generated.
This CL fixes the async path to do the same, and renames {uses_liftoff}
to {include_liftoff} to match the name of the parameter in
{EstimateNativeModuleCodeSize}.
R=ahaas@chromium.org
Bug: v8:12520
Change-Id: Ic92237dc05ac96ddd88c3e8788cd443c83bd446f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367624
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78492}
The jump table sizes were added to the estimated code size, and then
again added for computing the reservation size for the code. This CL
moves the jump table size from {EstimateNativeModuleCodeSize} to
{EstimateNativeModuleMetaDataSize} so it is still considered for the
total memory associated with the {NativeModule}, but only added once for
the code space reservation.
R=ahaas@chromium.org
Bug: v8:12520
Change-Id: I871e54833659a0d466f3e8359bb3b515c85dd3cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3367622
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78491}
The V8InspectorSessionImpl constructor accepts a state, as either text
or CBOR encoded, and generally ignores all invalid inputs, except for
the case where it's a valid value, but not a dictionary value, in which
case it'll leak the value and crash upon casting to a `DictionaryValue`.
This is purely an issue with the test driver, so no security impact on
Chromium in the wild.
Fixed: chromium:1281031
Change-Id: I7b4d0aea83370499b1274d3fa214a14dc098d2f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361838
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78490}