- Remove the {ValueRepr} parameter from Wasm table and global object
internals. It is now the responsibility of the user to transform
to/from a JS object. This removes duplicate work in some cases (type
checking in the caller, transforming in the callee).
- For the reverse direction in the JS API, introduce
{WasmObjectToJSReturnValue}.
Bug: v8:7748
Change-Id: Ie7625cc0f08d38fe74dbe57e69004de2d93b8a11
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876184
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83031}
This reverts commit 703b0b31db.
Reason for revert: a simpler approach will be used instead.
Original change's description:
> [ptr-compr-8gb] Align runtime allocations to 8 bytes
>
> In order to support a larger heap cage (8GB, 16GB), the cage offset
> will take up more than 32 bits. As a consequence, for 8GB cages, the
> least significant bit of the cage offset will overlap with the most
> significant bit of the tagged offset. To avoid this, allocations need
> to be aligned to 8 bytes to free up one bit from the offset.
> All changes are deactivated behind the build flag
> `v8_enable_pointer_compression_8gb`.
>
> Bug: v8:13070
> Change-Id: Ibb0bd0177f3e88dcd24fc0ee7526335df0faa987
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791052
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Teo Dutu <teodutu@google.com>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82299}
Bug: v8:13070
Change-Id: I5cb60f8e4500c908bdef5d417393edbe89652c9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3877146
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Teo Dutu <teodutu@google.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83030}
This reverts commit 24e60017d4.
Reason for revert: Change breaks maglev GC stress tests.
Original change's description:
> [maglev] Deopt on overflow in >>>
>
> Re-enable the int32 fast path for ShiftRightLogical, but account for
> Maglev's missing signed/unsigned representation tracking by a)
> removing rhs==0 as the identity value (a shift by 0 is still a
> signed-unsigned conversion) and b) deoptimizing if the result cannot
> be converted to a non-negative smi.
>
> Note this is not a deopt loop, since a non-smi result will change the
> feedback to kSignedSmallInputs (from kSignedSmall).
>
> To fix this properly, we should track signed/unsigned representations
> and convert the result to a heap number if it doesn't fit within smi
> range.
>
> Bug: v8:7700
> Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f
> Fixed: v8:13251
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83025}
Bug: v8:7700
Change-Id: Ibd4c29cc57b999e1cfcd040cee3228ea27a74029
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876374
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83029}
... which works for stale pointers. The default == operator contains
a DCHECK guarding against Code vs. non-Code object comparisons and
thus it can't be used for stale pointer.
Bug: chromium:1360793, v8:11880
Change-Id: Ic5faf9b05e1586a15388cc1cbf3e8dcddbea452f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3879222
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83028}
Re-enable the int32 fast path for ShiftRightLogical, but account for
Maglev's missing signed/unsigned representation tracking by a)
removing rhs==0 as the identity value (a shift by 0 is still a
signed-unsigned conversion) and b) deoptimizing if the result cannot
be converted to a non-negative smi.
Note this is not a deopt loop, since a non-smi result will change the
feedback to kSignedSmallInputs (from kSignedSmall).
To fix this properly, we should track signed/unsigned representations
and convert the result to a heap number if it doesn't fit within smi
range.
Bug: v8:7700
Change-Id: Ifd538d227a6f1290eb7f008d9bfad586ff91ea0f
Fixed: v8:13251
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876366
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83025}
Abort evacuation for ~10% of evacuation candidates during stress
testing. This should make aborting of evacuation more frequently and
uncover bugs sooner.
Bug: chromium:1359294, v8:12578
Change-Id: I2fb2124b10456ea71da12df71ef92cf2c3d89c03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878173
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83023}
The laneidx of LoadLaneParameters will be taken as char type when
PrintParameter. Fix operator<< to print laneidx with integer type.
Change-Id: Ibe9992326014d912f9aa09e785c8c3632ed02c06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878768
Auto-Submit: Yolanda Chen <yolanda.chen@intel.com>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83022}
We've previously used JSFunction::GetActiveTier, which looks at
JSFunction::code to determine the active tier. However, that may
diverge from the actually active tier (i.e. the calling frame type),
e.g. when Turbofan code is available but we haven't yet tiered up
because we're stuck in a longrunning loop.
With this CL, we determine the caller code_kind by splitting the
BytecodeBudgetInterrupt runtime function up into _Ignition,
_Sparkplug, and _Maglev variants s.t. the tier is passed implicitly
without extra overhead at runtime.
Bug: v8:7700
Change-Id: I46d19c4676e3debb6d608d9fbc53495feef5cadf
Fixed: chromium:1358577
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871196
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83020}
Re-implement the --log-function-events functionality after
refactoring the tiering state bits on the FeedbackVector.
The new version also tries to log first-execution of non-interpreter
code and will handle OSR events.
Not-yet supported:
- First-execution logging when OSR-ing in Sparkplug or Maglev
Bug: v8:13146
Change-Id: I2059c6d8105091f20586eaf157ef19d5e65295aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832375
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83019}
This is a reland of commit d00c040547
Changes since revert: Use AsAtomicTagged instead of
base::AsAtomicPointer to store a hash value in the forwarding table.
Original change's description:
> [strings] Support shared external strings>
>
> With this CL shared strings can be externalized and external strings can
> be shared.
> The StringForwardingTable is used to delay the real transition to the
> next full GC. On the API side strings marked for externalization will
> look like externalized strings.
>
> Bug: v8:12957
> Change-Id: I53b6509129bc5679c06bdf99421bdb41ea5d9082
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3849643
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82966}
Bug: v8:12957
Change-Id: I17715e927e4339240a6aa12a3c4a3c2ea50eb567
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871211
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83018}
Add an enum in the jump buffer to represent the state of the
stack: active, suspended, or retired. Update the state on stack switch
and check that they are consistent.
The previous method relied on comparing the current stack pointer with
the bounds of the stack, which was not reliable because the upper bound
of the native stack is not known precisely.
R=clemensb@chromium.org
Bug: v8:13236
Change-Id: If1880aa3efd5a9dc03c3c52ac5315d369d886a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870925
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83017}
External pointers used in external strings are always stored in the
shared external pointer table.
Prior to this CL we didn't mark external pointer entries for external
strings residing in client heaps.
Bug: v8:13260
Change-Id: Ifc5dc86f4ebe2791bfb8c4c8fe2673886d24e8a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875028
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83016}
When migrating code objects, we also need to record typed slots in the
old-to-shared remembered set.
In addition this CL also removes handling of typed slots and code
pointers because both they only occur in the old generation.
Bug: v8:11708, v8:13265
Change-Id: I2f05f79f1a24ab0d36dc54c5e450207496a15cfd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876822
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83014}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=ishell@chromium.org
Bug: v8:12887
Change-Id: Ic54ad0c1135f6d3ff9f261df40f2138bf511d5be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876383
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83013}
This test somehow ended up inside an assertThrows arrow function, after
the expression that was supposed to throw -- so it never got executed
(and the expectation was slightly off.) This moves the test outside the
arrow function so it gets executed, and fixes the expectation.
Justification for changing the expectation: rab is [0, 1, 2, 3, ... 9],
and length_tracking_ta_with_offset2 has an offset of 2, so it is [2, 3,
...]. During the loop, after 2 iterations which have produced [2, 3], we
resize the buffer so the array has length 0. Therefore, the iteration
ends after producing [2, 3], not [3, 4].
Change-Id: Iec6024fb955102841b45f033de3fed80b7d2af34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3878244
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Philip Chimento <ptomato@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83009}
Follow up from https://crrev.com/c/3858226
- Remove include when not necessary.
- Choose platform/memory.h when appropriate.
Change-Id: Ic24ef89aefb754acccef896e6b59a7ba744ac2df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862504
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83007}
This adds Python logging to several code locations that previously
used to just print. The locations aren't yet complete. The changed
code locations should help for investigating hanging test runs.
The default level is WARNING for running tests locally, and INFO
when called from bots that pass the --swarming parameter.
Bug: v8:13113
Change-Id: If3a336703e7c346a5c718f2359b1a80e37e1ca6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876183
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83006}
This CL defines empty methods when building without VERIFY_HEAP. This
removes the need for some preprocessor statements around heap
verification.
Bug: v8:11708
Change-Id: I354fd2793ab5d8ca4ab7de0822c832e2a868d832
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872267
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83005}
ValueDeserializer should be lenient and not assume correct usage when
deserializing shared objects. This CL makes ValueDeserializer throw if
a shared object conveyor id or shared object id are not found.
Bug: v8:12547, chromium:1359227
Change-Id: I429a37dfadd95e42edca5d4870eb5188cb013bc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3872549
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83004}
Rename {TypeCheckJSObject} to {JSToWasmObject}. Change it to return
a MaybeHandle containing the typechecked object transformed to its wasm representation. Use the new function to simplify
{WasmWrapperGraphBuilder::FromJS}.
Bug: v8:7748
Change-Id: I036f3a1c197041d0b12e7338adca2bc10e66038b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3874931
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83002}
Temporary fix, ideally we should tell the register allocator to not
alias the input with the output.
Bug: v8:7700, v8:13109
Change-Id: I822e8e957689213499ea34620fcdeb5f532f2f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876382
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83001}
idiv throws a hardware divide exception if it overflows, so add some
manual overflow checks before it (mostly copied from TurboFan).
Bug: v8:7700
Change-Id: Ic3764ecb03d627e482d75b80e712d5ce4a16e9df
Fixed: chromium:1359864
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3876182
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82999}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=ishell@chromium.org
Bug: v8:12887
Change-Id: I457fd781f13c37ffdaa19e29c8f998ee3eaa55a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875085
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82996}
If collecting PGO information, keep all modules alive until the process
dies. This allows to run multiple tests / benchmarks and combining the
profile information for all of them. Otherwise the NativeModule might be
garbage-collected between runs, and previous information would be lost.
R=manoskouk@chromium.org
Bug: v8:13209
Change-Id: I96e3cda1a123c7a1f3fbc7f5369d2366acee80e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875082
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82995}
The check for non-canonical address access must come before the check
for nullptr access as the faultaddr will be 0x0 in the former case.
Bug: v8:12878
Change-Id: I6f141d08862879ec9ccb13c081aa6c75a3707530
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875904
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82994}
- i31s should not be packed in {WasmWrapperGraphBuilder::ToJS}.
- anyref should be able to hold any JS value (except null if non
nullable).
- Restructure TypeCheckJSObject.
Bug: v8:7748
Change-Id: I51ab6b84e89a70e565ce56de7a41f8693aa28e5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871073
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82992}
Fixed a bug with Smis in the bytecode constant pool when running
with --trace-turbo
Bug: chromium:1356895
Change-Id: Idc8990c250c2c85f4755e45115d4c4bac167bfe3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3870413
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Danylo Boiko <danielboyko02@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82991}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jgruber@chromium.org
Bug: v8:12887
Change-Id: Id293b260c1d84c2f9bd7f5c3c826f374ac6a68b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875086
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82990}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jgruber@chromium.org
Bug: v8:12887
Change-Id: Ide7272de6a59e8324f19d4f52053737b56a380d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3875083
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82989}
Dynamic maybe-context/maybe-global lookup can fast-path in the case
where there are no context extensions in the parent contexts. Add a
trampoline builtin for maglev which performs this fast path.
This is similar to Sparkplug, which calls a similar builtin (except one
which loads context and FBV from Sparkplug frame slots), and unlike
TurboFan, which creates local control flow to inline this operation
fully. Maglev avoids creating local control flow, so the builtin
approach seems more fitting.
Bug: v8:7700
Change-Id: I2f63694d9c1f907f91b8b7b8982adc9f9ba106ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871210
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82985}
Contexts are not included into bytecode loop assignment
analysis. We follow TF and create a LoopPhi unconditionally.
Bug: v8:7700
Fixed: chromium:1359662
Change-Id: I1a589a4bae2bbbf14bf637f0c1e0439e66216aae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871209
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82984}
This reverts commit f388f96fdb.
Reason for revert: Crashes in canary (https://crbug.com/1360024)
Original change's description:
> Enable background merging of deserialized scripts
>
> This can save memory in cases where multiple frames in a process use the
> same script, with sufficient time between loads that the script's
> top-level SharedFunctionInfo is no longer present in the compilation
> cache. Merging is relatively fast; it generally takes about one tenth as
> long as deserialization.
>
> Bug: v8:12808
> Change-Id: I7366a51f1d2ca6a9f551cdf2bdbe0441450cf1bb
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3868088
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82920}
Bug: v8:12808
Change-Id: If160173afaab351d995ddcf4b60d6efe656cf70b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3871208
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82983}
