[+] Massive performance boost in dealing with expressions consisting of non-literal/const bigints (1 out of 2)
[*] Updated source url map
Last aurora commit: b8f6b544
This was seemingly less of an issue under older v8 for whatever reason. Could be how old AuRuntimeV8 managed threads and reimplementation of the gc-extension, dunno. Either way, this is fucked.
This modified torque object had not had its new members initialized under a no-gc scope of the factory.
Last aurora commit: f4b0ec56
Fixes a regression that happed somewhere unknown given the changes introduced in the, "speed glorious speed" commit: f86bf4d7
Instead of chaining waitables, or checking for nested state, or blocks; these tasks are assumed to be thread-local condition variable dispatchers.
Last aurora commit: 87131415
Move code from Prepare() to the corresponding marking start methods of
MinorMC. This simplifies marking start logic and creates a unified path
for starting marking.
Bug: v8:12612
Change-Id: I2fe9a3aad4f68fca6e8186dcc717d64403fafac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224475
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85707}
The conversion was accidentially disabled by a trailing backslash.
Bug: v8:13466
Change-Id: I0e1d162afff3bb9d22ac17a98b0b4ffde51a5ca2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224465
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85706}
This is a reland of commit 2e357c4814
Difference compared to original: Initialize wasm-null object's
payload.
Original change's description:
> [wasm-gc] Introduce wasm null object
>
> We introduce a wasm null object, separate from JS null. Its purpose is
> to support trapping null accesses for wasm objects.
> This will be achieved by allocating a large payload for it (larger than
> any wasm struct) and memory-protecting it (see linked CL). The two null
> objects get mapped to each other at the wasm-JS boundary.
> Since externref objects live on the JS side of the boundary,
> null-related instructions in wasm now need an additional type argument
> to handle the correct null object.
>
> Bug: v8:7748
> Change-Id: I06da00fcd279cc5376e69ab7858e3782f5b5081e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200639
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85648}
Bug: v8:7748
Change-Id: I46413d05f0213229f1d19277ae98dbb8df5afdf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224011
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85705}
TRACE_EVENT_CALL_STATS_SCOPED was missing if V8_RUNTIME_CALL_STATS
was not set but V8_USE_PERFETTO was enabled.
Change-Id: Ie762627eaecb258324264b8e78b7ffd4ffd71698
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221700
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85702}
This reverts commit 46a5dd0256.
Reason for revert: Closed the waterfall, seems to be causing timeouts: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac64/49979/overview
Original change's description:
> Create a MicrotasksScope for async GC
>
> When running the async version of window.gc()
> (e.g. window.gc({type: 'major', execution: 'async'})),
> the promise is resolved without a MicrotasksScope, causing us to hit a
> DCHECK.
>
> Change-Id: I10f72c96605263afacc01afbfcc56d1134d84b43
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4220146
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Kevin McNee <mcnee@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85698}
Change-Id: I34edd72d28a126d93e6ba68ed64b3a9f965f62e3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224395
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85699}
When running the async version of window.gc()
(e.g. window.gc({type: 'major', execution: 'async'})),
the promise is resolved without a MicrotasksScope, causing us to hit a
DCHECK.
Change-Id: I10f72c96605263afacc01afbfcc56d1134d84b43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4220146
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Kevin McNee <mcnee@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85698}
[+] Noted extension APIs
(private)
[+] IsolateSafepoint::NotifyParkEx
[+] IsolateSafepoint::NotifyUnpark
[*] Continued hacky bug fix as """described""" below
-------------------------------------------------------------------------------------------------
Last aurora commit: 7c599206 continued
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
# src/heap/safepoint.cc
-----------
[-] (USE AFTER FREE) quick hack: removing a mutex guard on shared RemoveClient to temporarily mitigate a crash on deinit
-----------
well, this is fucking dumb. i think someone at google also figured out this can lead to crashing. their solution: remove the mutex with a call to AssertActive.
considering my issue was related to a dead context with everything else alive, i dont want to find out what that AssertActive is doing. reverting v8 change.
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
3172b30fe4 - Dominik Inführ, and Michael Lippautz
Fuck safety for now. The entire file will be different in 3 months time, anyway. I just want my software to actually fucking work.
This reverts commit a2f63f1886.
Reason for revert: It breaks chromium integration tests https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/22574/overview
Original change's description:
> [gc][static-roots] Don't access markbits on R/O pages
>
> Markbits on read only pages are initialized BLACK and never change. For
> any practical purposes they are unused.
>
> This CL prevents any access to the markbits of these pages. This is a
> precursor to removing them entirely from the page to make room for
> static roots.
>
> Bug: v8:13466
> Change-Id: I61d3f6d9bbca750d0f34475859b34ff44f7fec1e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212397
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Auto-Submit: Olivier Flückiger <olivf@chromium.org>
> Commit-Queue: Olivier Flückiger <olivf@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85665}
Bug: v8:13466
Change-Id: Icda4be38da984fdefd40301238c361a86f912141
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4225673
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Ilya Rezvov <irezvov@chromium.org>
Owners-Override: Ilya Rezvov <irezvov@chromium.org>
Commit-Queue: Ilya Rezvov <irezvov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85695}
PageMarkingItem is used to process OLD_TO_NEW regular and typed slots
sets. These slot sets are disjoint and do not share state that needs to
be modified, i.e., can be processed in parallel.
Rework PageMarkingItem to allows for parallel processing of slot sets on
a single page. Remove the lock as it should not be necessary.
The CL does not change the cost function for computing tasks.
Drive-by: Optimize marking a single object on filtering.
Bug: v8:12612
Change-Id: I6595d857d6df23d9d427bcdf5ecb3c9ea1c3c9ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224451
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85694}
Avoid generating a tracing scope when there's no such callbacks.
Drive-by: Avoid a return value in the GC call by using a getter in the
single place that is actually interested in whether external callbacks
have been executed for global handles.
Change-Id: I07082b4a2a68c37ccc90a5aae936d484bacd3717
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224132
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85693}
Because the Immediate might not fit in an immediate.
Bug: v8:7700
Change-Id: Ie5efca4af40cc4b10766144a295046f99cb5f25c
Fixed: chromium:1412730
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224462
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85690}
We should use consistently macro instructions in arm64
(instruction starting with a capital letter). To avoid
issues like https://crrev.com/c/4224931
Bug: v8:7700
Change-Id: I8f64c1b305ee14332ac85e8be71357a2f99c6442
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224460
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85688}
`MacroAssembler::B` registers its labels with the veneer pool, while
`Assembler::b` doesn't. This meant that our JumpIf (used in particular
for deopts) could run out of jump distance.
As a drive by, also limit the maximum number of deopts according to the
limit set by the deoptimizer. This turned out to not be the issue, but
we should also do it.
Bug: v8:7700
Change-Id: Ic5a8dd3b69c995375d7caab008f31ae91d9c732d
Fixed: chromium:1410080
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224931
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85686}
This updates the (experimental, unsafe, non-standard) ref.cast_nop
to take the same immediate as the new ref.cast.
This is being done in order to align with Binaryen, per discussion
in https://github.com/WebAssembly/binaryen/pull/5473.
Bug: v8:7748
Change-Id: Ifcd2bab95a1601406370939301a5c6dfd854347c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224632
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85685}
The conflict with --future causes tests that enable experimental
features to fail if the test configuration enables --future, and the
conflict with --fuzzing makes it impossible to reproduce issues in
Clusterfuzz as it always adds --fuzzing to the commandline.
Change-Id: I7d952fc5c09967386e06d992b4dbd6129ea404c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224454
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85684}
ActiveSystemPages uses std::bitset internally for convenience. Our
MemoryChunk fields implicitly assume that all fields only require
system pointer alignment.
However MSVC on 32-bit uses uint64_t internally to implement
std::bitset. Because of this ActiveSystemPages needs 8-bytes alignment
on 32-bit architectures. We can solve this by moving
ActiveSystemPages out of the page header and storing it in the
malloc()'ed heap.
Bug: v8:13716
Change-Id: Iecb17372d065c612bbdbca7d854c76d3256bc01d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4223005
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85681}
With the recent introduction of unicode sets (v-flag), nested character
classes are allowed in regular expressions.
We always expect a nested class to be of type
`RegExpClassSetExpression`, but the empty nested class was not handled
correctly.
Bug: v8:11935, chromium:1412942
Change-Id: I3b644c8627d8fc6b320a419216372810e8003983
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224311
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85680}
We DCHECK in the scavenger that evacuated objects are not allocated
on evacuation candidates. This DCHECK fails however when
shortcutting ThinStrings to the actual string object when
incremental marking is enabled in the shared heap.
We fix this by disabling shortcutting of strings when shared
incremental marking is enabled. We already do this for incremental
marking in the local isolate.
Bug: v8:13267, chromium:1412643
Change-Id: I2a61028ae5377c7621b917ed332e15d6b25b80ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219781
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85677}
Since this is a generated file everyone should be able to update it.
Bug: v8:13466
Change-Id: Ia769bc82d6d5fdd6638763ef5330fe6aefbaf8c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221698
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85676}
Global handles processing could not actually restart marking anymore.
Weak handles are either reset or already point to live objects. This is
different from the scavenger that actually needs to update the
forwarding pointer for live objects. Move the phase to clearing of
references instead.
Bug: v8:12612
Change-Id: I21f1ba468f257990d23a129f24d5496c38c4eb04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4224151
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85674}
- Move CppHeap code into scopes
- Move class declarations out of inline header
- Add TODO for working global handles processing
Bug: v8:12612
Change-Id: I97737d4f5ded940f0145ba093963f45338d44d57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221701
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85673}
Yet another access to the markbits on the r/o pages that was overlooked
in https://chromium-review.googlesource.com/c/v8/v8/+/4212397.
No-Tree-Checks: true
No-Try: true
Bug: v8:13717
Change-Id: I682a2604512dfda00b3f69d0e1f60edd66391687
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221702
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85672}
As part of https://crrev.com/c/4200642 loop peeling was enabled for
loops containing a getCodeUnit instruction.
As a side effect this also affected loop unrolling now only happening
if getCodeUnit was used in the loop body which is fixed by this
change.
Bug: chromium:1412781
Change-Id: I60e3a524340cfbdb907ae2ee5b46cbb6f514775c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219103
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85671}
