vector register has different register file from float register in Risc64 rvv extension.
So this cl add third FPalising kind INDEPENDENT to allocate independently simd register.
Bug: v8:11976
doc: https://docs.google.com/document/d/1UwmUwOI3eeIMYzZFRmeXmfyNXRFHNZAQ4BcN0ODdMmo/edit?usp=sharing
Change-Id: I0fb8901294b4bc44b0bee55e630b60460e42bef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383513
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79449}
when BuildCreateArrayLiteral
In spread calls, create array literal boilerplates for
BuildCreateArrayLiteral rather than emit array literals
without any boilerplates
Bug: v8:11582
Change-Id: Ia0538bd043eab040c3059440e982c7f0037d1a3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507126
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79447}
Atomics.load and Atomics.store now accept string field names as the
2nd argument when the 1st argument is a shared struct.
Currently these are implemented in C++ and not yet in CSA.
Bug: v8:12547
Change-Id: Ideeafc13fb6a925540edf3dc17428c8e50bcee79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3510837
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79431}
Instead of using the high water mark for determining this metric, we use
a bitset for all active/used system pages on a V8 heap page. Each time
when allocating a LAB on a page, we add the pages of that memory range
to that bitset. During sweeping we rebuild that bitset from scratch and
replace it with the old one in case free pages are discarded by the GC.
We DCHECK here that the sweeper only ever removes pages. This has the
nice benefit of ensuring that we don't miss any allocations (like we
do now for concurrent allocations).
CommittedPhysicalMemory for a page is then calculated by counting the
set bits in the bitset and multiplying it with the system page size.
This should be simpler to verify and track the "real" effective size
more precisely.
One case where we are partially less precise than the current
implementation is for LABs. In order to reduce complexity we now treat
all pages of a LAB allocation as active immediately. In the current
implementation we tried to only account the actual used part of the LAB
when changing the LAB later. This is more complex to track correctly
but also doesn't account the currently used LAB in effective size.
Change-Id: Ia83df9ad5fbb852f0717c4c396b5074604bd21e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497363
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79428}
NewSpace page operations like RemovePage, PrependPage, and
EnsureCurrentCapacity should account for committed page size.
This may happen when a page was promoted from the new space to
old space on mark-compact.
Also, add DCHECKs on Commit and Uncommit to ensure the final
committed page size is the same as the current state.
Bug: v8:12657
Change-Id: I7aebc1fd3f51f177ae2ef6420f757f0c573e126b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504766
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79426}
HeapObjectIterator creates a SafepointScope which requires the heap to
allow garbage collection. This collides with the outer
DisallowGarbageCollection scope. HeapObjectIterator already ensures
there is no allocation during its lifetime, so there is no need to
create an outer DisallowGarbageCollection scope.
Code::source_position_table requires their kind not equals to
CodeKind::BASELINE.
This also exposes the statistics extension through flag
--expose-statistics.
Bug: v8:12657
Change-Id: I1bf11cf499285a742dd99ec8c228ebc36152b597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3496552
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79425}
This is a reland of commit a664aef0ca.
The test is made ~25x faster by using integer parameters instead of
floating point.
Original change's description:
> [asm] Reject import calls with too many parameters
>
> The asm parser was missing a check for too many parameters for calls to
> imported functions. For regular functions this check implicitly existed
> because the limit was checked at the function declaration, and the call
> site needs to match the declared parameter count.
>
> R=mslekova@chromium.org
>
> Bug: chromium:1302596
> Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79415}
Bug: chromium:1302596
Change-Id: I138561742b38939a1c2c9a69a6fa508d4f3a028d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513613
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79424}
The only user of OverrideEmbedderStackStateScope is Blink where it is
used to override stack state of top-level tasks. Adjust the behavior
here to allow using this scope broadly while still supporting explicit
garbage collection calls.
Bug: chromium:1300492
Change-Id: I78c418c5f08991bf6857147cd4a537246bfcc556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497744
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79420}
Replace all CONVERT_XXX_ARG_XXX() macros from runtime-util.h with direct
calls to Arguments or the fully expanded equivalent.
- This replaces many of the hard CHECKs with DCHECK (as is common
practice in most V8 code)
- Instead of relying on verbose comments we now have readable code
- Rename Arguments.::xxx_at with Arguments::xxx_value_at since these
methods don't return the Object but rather their double/int value
- Add Oddball::ToBool helper
- Add and use v8::internal::PropertyAttributesFromInt helper
- Add stronger DCHECK for PropertyAttributes returned in
GetPropertyAttributesWithInterceptorInternal
Bug: v8:11263
Change-Id: I8d531857e05d19f3198753b05af28d993a391854
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497768
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79418}
This reverts commit a664aef0ca.
Reason for revert: Times out on CFI: https://cr-buildbucket.appspot.com/build/8820170241901030897
Original change's description:
> [asm] Reject import calls with too many parameters
>
> The asm parser was missing a check for too many parameters for calls to
> imported functions. For regular functions this check implicitly existed
> because the limit was checked at the function declaration, and the call
> site needs to match the declared parameter count.
>
> R=mslekova@chromium.org
>
> Bug: chromium:1302596
> Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79415}
Bug: chromium:1302596
Change-Id: I743647f739e0cc93b2e99145086dbbb7d2660c79
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512853
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79417}
The asm parser was missing a check for too many parameters for calls to
imported functions. For regular functions this check implicitly existed
because the limit was checked at the function declaration, and the call
site needs to match the declared parameter count.
R=mslekova@chromium.org
Bug: chromium:1302596
Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79415}
For background and reasoning, see
https://docs.google.com/document/d/1jvSEvXFHRkxg4JX-j6ho3nRqAF8vZI2Ai7RI8AY54gM/edit
This is the first step towards pulling the DefineNamedOwn operation out
of StoreIC.
Summary of the renamed identifiers:
Bytecodes:
- StaNamedProperty -> SetNamedProperty: calls StoreIC and emitted for
normal named property sets like obj.x = 1.
- StaNamedOwnProperty -> DefineNamedOwnProperty: calls
DefineNamedOwnIC (previously StoreOwnIC), and emitted for
initialization of named properties in object literals and named
public class fields.
- StaKeyedProperty -> SetKeyedProperty: calls KeyedStoreIC and emitted
for keyed property sets like obj[x] = 1.
- StaKeyedPropertyAsDefine -> DefineKeyedOwnProperty: calls
DefineKeyedOwnIC (previously KeyedDefineOwnIC) and emitted for
initialization of private class fields and computed public class
fields.
- StaDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral: calls
DefineKeyedOwnPropertyInLiteral runtime function (previously
DefineDataPropertyInLiteral) and emitted for initialization of keyed
properties in object literals and static class initializers. (note
that previously the StoreDataPropertyInLiteral runtime function name
was taken by object spreads and array literal creation instead)
- LdaKeyedProperty -> GetKeyedProperty, LdaNamedProperty ->
GetNamedProperty, LdaNamedPropertyFromSuper ->
GetNamedPropertyFromSuper: we drop the Sta prefix for the property
store operations since the accumulator use is implicit and to make
the wording more natural, for symmetry the Lda prefix for the
property load operations is also dropped.
opcodes:
- (JS)StoreNamed -> (JS)SetNamedProperty: implements set semantics for
named properties, compiled from SetNamedProperty (previously
StaNamedProperty) and lowers to StoreIC or Runtime::kSetNamedProperty
- (JS)StoreNamedOwn -> (JS)DefineNamedOwnProperty: implements define
semantics for initializing named own properties in object literal and
public class fields, compiled from DefineNamedOwnProperty (previously
StaNamedOwnProperty) and lowers to DefineNamedOwnIC
(previously StoreOwnIC)
- (JS)StoreProperty -> (JS)SetKeyedProperty: implements set semantics
for keyed properties, only compiled from SetKeyedProperty(previously
StaKeyedProperty) and lowers to KeyedStoreIC
- (JS)DefineProperty -> (JS)DefineKeyedOwnProperty: implements define
semantics for initialization of private class fields and computed
public class fields, compiled from DefineKeyedOwnProperty (previously
StaKeyedPropertyAsDefine) and calls DefineKeyedOwnIC (previously
KeyedDefineOwnIC).
- (JS)StoreDataPropertyInLiteral ->
(JS)DefineKeyedOwnPropertyInLiteral: implements define semantics for
initialization of keyed properties in object literals and static
class initializers, compiled from DefineKeyedOwnPropertyInLiteral
(previously StaDataPropertyInLiteral) and calls the
DefineKeyedOwnPropertyInLiteral runtime function (previously
DefineDataPropertyInLiteral).
Runtime:
- DefineDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral:
following the bytecode/opcodes change, this is used by
DefineKeyedOwnPropertyInLiteral (previously StaDataPropertyInLiteral)
for object and class literal initialization.
- StoreDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral_Simple:
it's just a simplified version of DefineDataPropertyInLiteral that
does not update feedback or perform function name configuration.
This is used by object spread and array literal creation. Since we
are renaming DefineDataPropertyInLiteral to
DefineKeyedOwnPropertyInLiteral, rename this simplified version with
a `_Simple` suffix. We can consider merging it into
DefineKeyedOwnPropertyInLiteral in the future. See
https://docs.google.com/document/d/1jvSEvXFHRkxg4JX-j6ho3nRqAF8vZI2Ai7RI8AY54gM/edit?disco=AAAAQQIz6mU
- Other changes following the bytecode/IR changes
IC:
- StoreOwn -> DefineNamedOwn: used for initialization of named
properties in object literals and named public class fields.
- StoreOwnIC -> DefineNamedOwnIC
- StoreMode::kStoreOwn -> StoreMode::kDefineNamedOwn
- StoreICMode::kStoreOwn -> StoreICMode::kDefineNamedOwn
- IsStoreOwn() -> IsDefineNamedOwn()
- DefineOwn -> DefineKeyedOwn: IsDefineOwnIC() was already just
IsDefineKeyedOwnIC(), and IsAnyDefineOwn() includes both named and
keyed defines so we don't need an extra generic predicate.
- StoreMode::kDefineOwn -> StoreMode::kDefineKeyedOwn
- StoreICMode::kDefineOwn -> StoreICMode::kDefineKeyedOwn
- IsDefineOwn() -> IsDefineKeyedOwn()
- IsDefineOwnIC() -> IsDefineKeyedOwnIC()
- Removing IsKeyedDefineOwnIC() as its now a duplicate of
IsDefineKeyedOwnIC()
- KeyedDefineOwnIC -> DefineKeyedOwnIC,
KeyedDefineOwnGenericGenerator() -> DefineKeyedOwnGenericGenerator:
make the ordering of terms more consistent
- IsAnyStoreOwn() -> IsAnyDefineOwn(): this includes the renamed and
DefineNamedOwn and DefineKeyedOwn. Also is_any_store_own() is
removed since it's just a duplicate of this.
- IsKeyedStoreOwn() -> IsDefineNamedOwn(): it's unclear where the
"keyed" part came from, but it's only used when DefineNamedOwnIC
(previously StoreOwnIC) reuses KeyedStoreIC, so rename it accordingly
Interpreter & compiler:
- BytecodeArrayBuilder: following bytecode changes
- StoreNamedProperty -> SetNamedProperty
- StoreNamedOwnProperty -> DefineNamedOwnProperty
- StoreKeyedProperty -> SetKeyedProperty
- DefineKeyedProperty -> DefineKeyedOwnProperty
- StoreDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral
- FeedbackSlotKind:
- kDefineOwnKeyed -> kDefineKeyedOwn: make the ordering of terms more
consistent
- kStoreOwnNamed -> kDefineNamedOwn: following the IC change
- kStoreNamed{Sloppy|Strict} -> kSetNamed{Sloppy|Strict}: only
used in StoreIC for set semantics
- kStoreKeyed{Sloppy|Strict} -> kSetKeyed{Sloppy|Strict}: only used
in KeyedStoreIC for set semantics
- kStoreDataPropertyInLiteral -> kDefineKeyedOwnPropertyInLiteral:
following the IC change
- BytecodeGraphBuilder
- StoreMode::kNormal, kOwn -> NamedStoreMode::kSet, kDefineOwn: this
is only used by BytecodeGraphBuilder::BuildNamedStore() to tell the
difference between SetNamedProperty and DefineNamedOwnProperty
operations.
Not changed:
- StoreIC and KeyedStoreIC currently contain mixed logic for both Set
and Define operations, and the paths are controlled by feedback. The
plan is to refactor the hierarchy like this:
```
- StoreIC
- DefineNamedOwnIC
- SetNamedIC (there could also be a NamedStoreIC if that's helpful)
- KeyedStoreIC
- SetKeyedIC
- DefineKeyedOwnIC
- DefineKeyedOwnICLiteral (could be merged into DefineKeyedOwnIC)
- StoreInArrayLiteralIC
- ...
```
StoreIC and KeyedStoreIC would then contain helpers shared by their
subclasses, therefore it still makes sense to keep the word "Store"
in their names since they would be generic base classes for both set
and define operations.
- The Lda and Sta prefixes of bytecodes not involving object properties
(e.g. Ldar, Star, LdaZero) are kept, since this patch focuses on
property operations, and distinction between Set and Define might be
less relevant or nonexistent for bytecodes not involving object
properties. We could consider rename some of them in future patches
if that's helpful though.
Bug: v8:12548
Change-Id: Ia36997b02f59a87da3247f20e0560a7eb13077f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3481475
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79409}
Before a young GC, the scavenger finalizes a pending full GC sweeping,
in case there are no more running sweeping jobs, to avoid unnecessarily
pausing sweeping and then resuming it.
This CL moves this sweeping finalization from
ScavengerCollector::CollectGarbage to Heap::CompleteSweepingYoung, so
that it is also performed for the minor mark-compactor and that sweeping
is correctly attributed to the previous full GC cycle (instead of the
beginning young cycle). Furthermore, it also finalizes CppGC sweeping
if there are no more running sweeping jobs.
Bug: chromium:1154636
Change-Id: Ic9ba4803f49db32c0a539f080329f012859bc8bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3508011
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79407}
We can cache this in a static field during V8 initialization such that
we don't need to cache this method's result for each use-case that
might benefit.
Bug: v8:12691
Change-Id: I4391a5e306646465ce96fb7e354be996d9fe8b44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506375
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79406}
This rename better reflects that heap_base is both used in cppgc but
also V8's GC.
Bug: v8:12691
Change-Id: Ia18ecba462d1b55cee6722452ceb28b25490a066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506374
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79398}
Clean up two flags which control features shipped in m99
harmony_intl_locale_info
harmony_intl_enumeration
Bug: v8:10743, v8:11638
Change-Id: I856afaceb0972052d1bcc70b162e8f9ee9071dd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3508169
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79397}
Fix typo which should check y match -∞ but checked -0
Bug: v8:10776
Change-Id: I6bddbf91dbee2411d47a5e3b8ccbc456a0602bf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504646
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79391}
Instead of returning a boolean success/failure value, the Free* methods
of the VirtualAddressSpace API now terminate the process on failure, as
this implies a bug in the caller. This is simpler than CHECKing for
success in all callers and also provides more details about the possible
cause of the failure.
Bug: v8:12656
Change-Id: I5b469ae2c564068cff74e60b7e98f6a4776a239d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506992
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79388}
Change TestPlatform's old_platform_ field to an atomic, so that its
write in the constructor and subsequent reads (that can be cross thread)
are race-free.
Hopefully this fixes the TSAN flakes we've been seeing.
Bug: v8:9054
Change-Id: Ib2b6edd21508ffa18debd6326dd7a100266125f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506505
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79385}
This decreases the snapshot size (we don't need to write the ID for the
string) and speeds up deserialization.
Bug: v8:11525
Change-Id: I8f48d2344a7fd895c746e6a3d26f6dbbdd11a062
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494539
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79381}
HeapNumbers that are in the shared heap were incorrectly considered
!IsShared().
TBR=jkummerow@chromium.org
Bug: v8:12547
Change-Id: Ie4b9575445d841a7045c947ff4439bf53a22869d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504085
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79372}
Because I don't get much out of "Object() != Object()"
Change-Id: I5a765b9cb0a272d30edcd834ec7b60d2fd03190b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497352
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79370}
This introduces a new (inspector-only) `v8::debug::ScriptSource`,
which represents the source for a given `v8::debug::Script` (in
case of JavaScript it's a `v8::internal::String` while in case of
WebAssembly it's a `Managed<v8::internal::wasm::NativeModule>`).
Every `v8_inspector::V8DebuggerScript` now holds on weakly to the
`v8::debug::Script` and strongly to its `ScriptSource`, making it
possible to access the source even after the `Script` dies.
This is preliminary work to allow for the removal of the special
GC feature that a `WeakCallbackType::kFinalizer` callback can
resurrect the object (this change is split into a separate follow
up CL https://crrev.com/c/3497324).
Bug: chromium:1295659, chromium:1302195
Doc: https://bit.ly/v8-inspector-script-caching
Change-Id: I503d0d9283e2da392023f06f79b8ff35953e7935
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494242
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79363}
This proposal adds i32 and i64 addition, subtraction, and multiplication
to the list of constant expressions.
See https://github.com/WebAssembly/extended-const.
Bug: v8:12089
Change-Id: I23a27a54a15fd37ee1d553992ab3b355eb9d317c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497665
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79362}
When the function is created with FunctionTemplate and set name with
native data property accessors, binding the function should throw
immediately if the native accessor throws.
Bug: v8:11989
Change-Id: Ief282202aa5b8515f581fd5478886ed5f001fd4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492966
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79356}
Prototype F32x4Relaxed(Min/Max) and F64x2Relaxed(Min/Max)
operations for ARM. F32x4 variants map directly to vmin/vmax
hardware instructions which are also used for F32x4(Min/Max)
operations. The F64x2 variants are mapped in this implementation
to Pmin/Pmax instructions as detailed in the github issue.
https://github.com/WebAssembly/relaxed-simd/issues/33
Bug: v8:12284
Change-Id: I5ea939385fa0ae97bbdf776fc0b763cabb1b293c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3501347
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79355}
With the previous change to using the mask as the first
input to the node, the lane select ARM codegen is equivalent
to V128Select. Also enable cctests to run on ARM.
Bug: v8:12284
Change-Id: I5572f4845307ff20cc2a0a58d3ccf162caa436b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500655
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79352}
A TrapUnless after an IfTrue, and conversely, a TrapIf after an IfFalse,
should not optimize away the respective Branch node.
Bug: v8:12624
Change-Id: I250b2f84c38295ca35e440589901ed5a58bb4e75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500303
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79349}
This renaming was missed in
https://chromium-review.googlesource.com/c/v8/v8/+/3468577, because the
code adding these #ifdef blocks landed in-between the renaming change
being uploaded and landed.
Bug: chromium:1298417
Change-Id: I8c2e951099dafcce7e19a59e40e36f308e2ed867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3498349
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79345}
Currently, a streamed script which specifies 'use strict' is stored in
the isolate script cache with a key indicating that it is strict mode.
However, the keys should be based on the context executing the script,
not the content of the script, so that the next lookup can find the
entry without having to parse the script first.
Bug: v8:12668
Change-Id: Iaa76c00c431ad54a86ffd18b61cb4f67dc457b03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3498220
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79331}
When --maglev is set, tier up to Maglev from unoptimized tiers based on
--interrupt-budget-for-maglev, initially set to 40KB (which should very
roughly by 1/10th of the time until the TF tierup decision is made).
On the first interrupt, a non-concurrent optimization to Maglev is
requested, which the next call to the marked function will perform.
- There is no support for tiering from Maglev to TF yet.
- Maglev's language support is minimal and tests are not expected to
pass with --maglev.
- Disable --maglev by default for now.
Drive-by: fixes related to Maglev flag definitions.
Bug: v8:7700
Change-Id: I121bb3f4f3830fdd20e1d4a12d3e04f08a99be38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500302
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79328}
According to the latest changes in wasm-gc, externref will be renamed
to anyref, and will be assigned as the top of the reference type
hierarchy. Since in the current wasm type system funcref is not a
subtype of anyref, subtyping is now dependent on whether wasm-gc is
enabled.
Bug: v8:7748
Change-Id: I0c0ae3dd5523e624d4490ca33d1fba4c2ae59393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468345
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79322}
- Add the Isolate as an explicit param (we already have it at all
callsites)
- Pass an explicit CodeKind param to MarkForOptimization in preparation
for Maglev.
- Split EnsureFeedbackVector into that, plus
CreateAndAttachFeedbackVector for when we know it has to be created.
Bug: v8:7700
Change-Id: Ie9022deccd31d472d6df3d442b25583af5569ab0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497383
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79318}
When running with the simulator, Assembler::debug() can record an inline
comment to be printed when the simulator encounters it. We need to make
sure pools are not emitted while the comment is recorded in the code
stream.
However the BlockPoolsScope was missing its margin argument to tell it
how much code we're going to generate, and could forget to emit pools
when it should have, causing crashes later on when a branch cannot jump
over the code comment.
Bug: v8:12637
Change-Id: I39e50f176d87c781c865b81fb9aca57d69c8c019
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494544
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#79317}
Single generation doesn't have a young generation, so we cannot check
whether it's inline allocation is enabled.
Bug: v8:12615
Change-Id: I145e7c3ff225dc0099136289c9aef4ddd28b3578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487993
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79316}
The following histograms have been deprecated, as they are superseded
by V8.GC.Cycle.*.Young or not needed anymore (next to each, the
corresponding isolate counter):
- V8.GCScavenger (gc_scavenger)
- V8.GCScavengerBackground (gc_scavenger_background)
- V8.GCScavengeReason (scavenge_reason)
- V8.GCScavengerForeground (gc_scavenger_foreground)
- V8.GCBackgroundScavenger (background_scavenger)
- V8.GCMarkCompactor (gc_mark_compactor)
This CL removes the corresponding instrumentation in the code and the
isolate counters.
Bug: chromium:1154636
Bug: chromium:1299555
Change-Id: I62d28ff60ef47a058fe148c7855af8e2c1cc0aed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487548
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79308}
inspector tests are not yet enabled as a few issues need to be
solved related to endianness and IBM lane numbering.
Change-Id: I3c5c87af45037033d4a112cb7e1da8b7923ce0f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489244
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79306}
The main change is the section name, which is now 'metadata.code.branch_hint'.
The binary format has also a couple of minor changes.
Semantics remain unchanged.
Change-Id: I056c9f672ae494979e8ea55266fa766139b71d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487788
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79292}
After https://crrev.com/c/3484317, passing {nullptr} to the
{CodeSpaceWriteScope} won't work any more. Since the tests do not have a
{NativeModule} to pass instead, make them use
{pthread_jit_write_protect_np} directly.
The jump-table assembler tests have dedicated threads for writing and
executing the code, so we just switch once per thread. The icache test
switches between writing and executing, so we use a little struct for
switching.
R=jkummerow@chromium.org, tebbi@chromium.org
Bug: v8:12644, v8:11974
Change-Id: I116f3ad75454f749cdc4635802a4617ff91548b2
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487995
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79290}
When we can eliminate a branch-on-type instruction based on statically
available type information and replace it with an unconditional branch,
we have to mark the rest of the current block as unreachable.
Change-Id: I9b8cc2f8e76da0b1b7cdf72b150ec675e9aae1a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490931
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79288}
mjsunit/compiler/deopt-pretenure.js is flaky due to --gc-interval in
some variants.
The flag can cause a variable to be promoted to old space before the
test can force allocation site pretenuring for that variable, which is
essential for the test case.
Bug: v8:12652
Change-Id: If7239deaa3026bb781d3ee96df28a1bbf3a5b6f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488371
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79275}
This is a reland of a183895687
Now that https://crrev.com/c/3485678 landed and fixed the deadlock
in the linked bug, we can reland this CL without changes.
Original change's description:
> [heap] Allow shared references in WeakMap
>
> Shared references can also be stored in WeakMaps and during marking we
> need to be able to deal with such references. In a client GC shared
> objects are treated as live, so we don't need to update or check mark
> bits for such objects.
>
> Bug: v8:11708
> Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79153}
Bug: v8:11708, v8:12642
Change-Id: I5945a16255647c897a1df834267137bf73b6207f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485679
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79267}
{AtomicSub} on x64 first negates the {value} register, then does an
atomic addition. For that reason, {value} should be a unique register.
So far, we only checked that it's not used in the value stack, but we
should also check for overlap with the destination address or the offset
register.
Drive-by: Remove unneeded handling of non-unique register index on arm,
as that cannot happen (LiftoffCompiler ensures that the result register
is unique).
R=thibaudm@chromium.org
Bug: chromium:1296876
Change-Id: Ie6b97eec8e8dea07b0bcc644d261f47467cc5b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487987
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79265}
This CL introduces an additional verification pass at the end of
SimplifiedLowering. The verification checks consistency of the lowered
graph with respect to node types under the effect of used truncations.
Typing of additional, lower level nodes is required and added in this
CL.
The verification pass can be enabled using --verify-simplified-lowering.
Bug: v8:12619, v8:11682
Change-Id: I21e7ebcf40153e53108ddfad2a871c7cbd61a085
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452029
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79264}
Previously, the interval was max(6, <interval_value>) which was
changed to actually consider the value of the flag.
Change-Id: Iec3cef19b6ec8528f03c36db6239b044ee90cde1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487969
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79262}
This CL refactors Heap::GCTypeTimer and Heap::GCTypePriorityTimer
and moves them to a GCTracer::RecordGCPhasesInfo class. This is
a necessary change for deprecating counters that are used for
old style GC metrics, like gc_scavenger. When all such counters
are deprecated, GCTracer::RecordGCPhasesInfo will no longer be
necessary and will be removed.
Bug: chromium:1154636
Change-Id: I04504a0f6c7a0955f4300a1c94c969aaeb23b77f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3486556
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79257}
Keep --gc-interval precise wrt to the # of allocations needed for a
GC.
Bug: v8:12615
Change-Id: I1ff45ef709013427b5f27643e3a6135dd0f4025d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485676
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79256}
With this change we can easily track and filter unsupported objects
for full-page snapshots.
Bug: v8:11525
Change-Id: Id75b6f4edf68b47d6dfbe79aed2b686aeec61068
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484320
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79252}
{FreePages} is never expected to fail, and each caller wraps the call in
a CHECK macro. In order to learn more about failures, this CL moves the
CHECK inside of {::FreePages}, to fail whenever the {PageAllocator}
fails to free pages.
As a next step, I'll audit our {PageAllocator} implementations to ensure
that none of them return {false} for {FreePages}. Note that this is
already the case for the gin platform (chromium).
R=mlippautz@chromium.org
Bug: v8:12656, chromium:1299735
Change-Id: Ib61be6cc8da0110ead2db1ad005728bd061e0243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484321
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79248}
Maglev is mid-tier optimising compiler designed mainly for compilation
speed that can still generate good code for straightforward JS.
This initial commit is an MVP for Maglev which can compile and run some
very simple code, and sets up a framework that we can build upon.
Design:
https://docs.google.com/document/d/13CwgSL4yawxuYg3iNlM-4ZPCB8RgJya6b8H_E2F-Aek/edit#
Bug: v8:7700
Change-Id: I5ae074ae099126c2c0d50864ac9b3d6fa5c9e85a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483664
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79247}
The external project is effectively abandoned. Fork and move it in-tree
for easier maintenance and Python 3 migration.
Bug: chromium:1296209
Change-Id: I4ff97749acb2895bd8433c08b2a4ff109c90cda2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3475086
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79240}
To avoid leaking VMState cross origin leverage existing FilterContext
to filter out VMSTates.
GC State is the exception as it is not coupled to any native context and
is always included.
Bug: chromium:1263871
Change-Id: I5cab8620460f4db24fa183c891cb0c43996e95c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3465735
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79234}
Embedder fields are located between JSObject header and inobject fields
and there must be no gaps.
This CL adds respective check to Map verification and fixes existing
issues.
Bug: v8:10391
Change-Id: If55652095588f8704c9a375fb86be1599816aa86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3482436
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79227}
When triggering a step out action, we check whether we already
are at a return or suspend location. If not, we first flood all
return positions with breakpoints, set the fast_forward_to_return_
flag and continue.
With the new way of reporting instrumentation breakpoints, we now
may get into the situation where we stopped on an instrumentation,
but may still need to continue until we reach the return point for
the step out. This CL fixes a bug in which we ran into a DCHECK
that expected us to stop on a return location (since
fast_forward_to_return_ is set to true), but we didn't.
Drive-by: adapt other stepping tests to properly wait for all pauses
Bug: chromium:1229541
Change-Id: Ie5fd358922f4cdaf1f8584bb0b35e87b0e221fb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3480094
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79226}
Custom callbacks assume that untraced pointers always point to valid,
not freed objects. They must make sure that upon callback completion no
UntracedMembers point to an unreachable object. This may not hold true
if a custom callback for an old object operates with a reference to a
young object that was freed on a minor collection cycle. To maintain
the mentioned invariant, the CL calls custom callbacks for old objects
on every minor collection cycle.
The alternative options could be:
1) Replacing all UntracedMembers with WeakMembers, since WeakMember
supports tracing and the barrier.
2) Emitting the generational barrier for UntracedMember + tracing
UntracedMember on minor collection cycles.
The first option requires changing multiple use sites and can bring some
performance regression. The second option requires changing the GC logic
and the semantics of UntracedMember.
Bug: chromium:1029379
Change-Id: I9bb89e4787daf05990feed374dceca940be7be63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472499
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79221}
Previously we'd hold on to Script objects strongly after they are
considered unreachable by V8 itself, and keep them around for the
V8DebuggerAgent cache (whose upper limit can be controlled with a
parameter to `Debugger.enable`).
This CL changes that to instead copy out the script source and the
WebAssembly bytecode (depending on whether it's JavaScript or Wasm)
to the C++ heap and keep it cached there.
Fixed: chromium:1295659
Bug: chromium:1246884
Change-Id: Idfcd7172715eafca6b011826ae03a573d58803f2
Doc: https://bit.ly/v8-inspector-script-caching
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472082
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79217}
This is a reland of 1025bf26e3
Changes since revert:
- TSAN issue fixed by https://crrev.com/c/3475084
- Skip the shared-struct-workers test until shared GC deadlock is fixed,
being tracked in v8:12645
Original change's description:
> [shared-struct] Prototype JS shared structs
>
> Unlike the Stage 1 proposal, for simplicity the prototype does not add
> any new syntax, instead opting for exposing a SharedStructType
> constructor which takes an array of field names. This type constructor
> returns constructors for shared structs.
>
> Shared structs can be shared across Isolates, are fixed layout, have no
> prototype, have no .constructor, and can only store primitives and
> other shared structs.
>
> The initial prototype does not have TurboFan support.
>
> Bug: v8:12547
> Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79156}
Bug: v8:12547
Change-Id: Ic1f5cf9fa9791ae2d5d5dc7c110614ca10b5d98e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3475078
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79215}
This CL refactors all remembered set logic from heap-base and
explicit-management to a new class OldToNewRememberedSet.
Bug: chromium:1029379
Change-Id: Id032b9dcc01af6f9bb9e546ed9bc6324da6d9b66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472498
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79212}
This CL prepares WebSnapshot for skipping and re-injecting external
references in the web snapshot. External references are encoded as
separate object type and allows us to create partial snapshots at
runtime and reconnect a deserialised snapshot to an existing
object graph.
Part II will also collect all objects which cannot be serialized by the
web-snapshot serializer.
Usage:
snapshot = %WebSnapshotSerialize(root, skip_externals);
object = %eWebSnapshotDeserializ(snapshot, replaced_externals);
Drive-by-changes:
- Reduce JSObject Map size in serializer (we ended up with 4 embedder
fields)
- Avoid adding non-HeapObject to the discovery_queue_
- Split off ReadXXX handlers into separate functions
Bug: v8:11525
Change-Id: Ia6a9914259614c6c288667621b38daa0202d4d72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461936
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79211}
When calling `Runtime.getProperties` with `accessorPropertiesOnly` we
previously did not report any private fields at all, although it is
possible to define private accessors.
Bug: chromium:1296855
Change-Id: I18b84bfc81449d224738ba3de1f0c41c234025b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477112
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79210}
Calling didContinue() after having paused on an instrumentation break
clears the breakpoint reasons that were stored in the debugger agent.
This removes clearBreakDetails() from didContinue() and specifically
calls it if we need it.
Drive-by: removing left-over dead code
Bug: chromium:1229541
Change-Id: I49f598d0e97801661e003c3911967c64ea63373e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477099
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79203}
When serialize object, error will be added to id_map as reference
by other object. Error object should be added to id_map_ when
deserialize too.
Bug: v8:12542
Change-Id: If95b4047570de9927b67e64cda762f4c4a23e711
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468875
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79202}
The test case was fixed in c7fbac6a72
This reverts commit 34c0f0fced.
Bug: chromium:1278780
Change-Id: If04e41a7fc1f0c744fe785a834880e598f482ef8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401592
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79201}
The ExceptionDetails structure allows the association of requests and
issues with JavaScript errors. These are currently only reported
when an exception goes through `Runtime#exceptionThrown`, but we
also want the metadata available when the ExceptionDetails are
requested explicitly for any Error object.
R=bmeurer@chromium.org
Bug: chromium:1280141
Change-Id: I1b1514207b9e146fda3452c3f7991cd7dc9a387b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477098
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79199}
On 32-bit platforms, we generally don't over-allocate backing stores
for Wasm memories. That leads to quadratic overall complexity of
repeated growth operations by a few pages each though. To fix that,
this patch introduces a small over-allocation factor: when we have
to reallocate to grow a memory, we now grow by at least 1/8th of the
memory's previous size.
Bug: chromium:1294262
Change-Id: I89b5e974c75aac78bece8fcd72fb7a2184345153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472496
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79193}
CpuProfiler includes logic tracing that is only relevant in
the context of TracingCpuProfiler.
Adds a setting to disable tracing for SamplingCpuProfiler.
Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79190}
... to reduce compilation overhead on the main thread for OSR
Bug: v8:12161
Change-Id: I54ca5fa6201405daf92dac9cf51d5de4b46577b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3369361
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Cr-Commit-Position: refs/heads/main@{#79188}
Weak containers are retraced if they are found through the stack using
the conservative scanner, possibly resulting in a race with the
concurrent marker.
Bug: v8:12648
Change-Id: I0936a2953e3e2151cea4191f335a091b0e334e6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474678
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79184}
Currently the Isolate is gotten off of the object that the operation is
being performed on. GetDataProperty may end up using a per-Isolate
lookup cache, which is not threadsafe when the Isolate is shared. Plumb
the executing, non-shared Isolate through.
Bug: v8:12646, v8:12547
Change-Id: Ia08ece9a9e8cbd7eba9ea38b01caa511895f5bf4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3475084
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79180}
This reverts commit 1025bf26e3.
Reason for revert: https://crbug.com/v8/12645
Original change's description:
> [shared-struct] Prototype JS shared structs
>
> Unlike the Stage 1 proposal, for simplicity the prototype does not add
> any new syntax, instead opting for exposing a SharedStructType
> constructor which takes an array of field names. This type constructor
> returns constructors for shared structs.
>
> Shared structs can be shared across Isolates, are fixed layout, have no
> prototype, have no .constructor, and can only store primitives and
> other shared structs.
>
> The initial prototype does not have TurboFan support.
>
> Bug: v8:12547
> Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79156}
Bug: v8:12547
Change-Id: I44f2b8bb7487b4d39ba1282585e0b2282501230f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474676
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79170}
This reverts commit a183895687.
Reason for revert: https://bugs.chromium.org/p/v8/issues/detail?id=12642
Original change's description:
> [heap] Allow shared references in WeakMap
>
> Shared references can also be stored in WeakMaps and during marking we
> need to be able to deal with such references. In a client GC shared
> objects are treated as live, so we don't need to update or check mark
> bits for such objects.
>
> Bug: v8:11708
> Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79153}
Bug: v8:11708
Change-Id: I113672aceba0ef5aa71f6fbedda7e0df854a437d
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474673
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79168}
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS.
With this CL, V8_OS_DARWIN will be set on both macOS and iOS,
V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS.
This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and
renames platform-xnu.cc to platform-darwin.cc.
Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79167}
Now that we are able to compact map space, we can also get rid of the
map space and allocate maps in the old space instead. This CL introduces
a FLAG_map_space for enabling/disabling the map space but the map space
remains enabled by default for now.
Without a separate space for maps, the GC can't prevent relocation of
maps anymore. Therefore this CL always allows compaction of maps when
running without a map space. Rename flag to --compact-maps to better fit
this scenario.
mkgrokdump and debug_helper also need to be updated to look for maps
also in the old space. The map space is now optional.
Bug: v8:12578
Change-Id: Ic4e4abd0b58bee26e64329b1c92dbccb07d8105a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424483
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79165}
Message tests check the output of a test against an expected file.
Executing with --stress-opt changes the output, since the test will be
run multiple times. For that reason, most message tests explicitly add
the --no-stress-opt flag.
Since this is redundant, and not a per-test setting, just configure this
globally for all message tests instead.
R=machenbach@chromium.org
Bug: v8:12425
Change-Id: I52f1b43da2781fcb6f6bd37e67d483ca69c1c929
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471637
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79164}
When a terminate_exception is raised while executing one of the promise
related jobs on the microtask queue, we don't clean up properly, leaving
the async stack in the inspector in an inconsistent state, not cleaning
up the promise stack on the Isolate, and also not resetting the global
current_microtask slot. This CL adds appropriate logic to perform the
correct cleanup.
Fixed: chromium:1297964
Change-Id: I4ec64405d4c66bfe1f0115e7039866447fb10f02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471815
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79162}
Unlike the Stage 1 proposal, for simplicity the prototype does not add
any new syntax, instead opting for exposing a SharedStructType
constructor which takes an array of field names. This type constructor
returns constructors for shared structs.
Shared structs can be shared across Isolates, are fixed layout, have no
prototype, have no .constructor, and can only store primitives and
other shared structs.
The initial prototype does not have TurboFan support.
Bug: v8:12547
Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79156}
Shared references can also be stored in WeakMaps and during marking we
need to be able to deal with such references. In a client GC shared
objects are treated as live, so we don't need to update or check mark
bits for such objects.
Bug: v8:11708
Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79153}
Guard pages are 4k areas at the beginning and end of each oilpan page
(128kiB) which are meant to be inaccessible. However on ARM64 macOS, the
OS page size is 16kiB, meaning that these are not inaccessible. But we
do pay for these, as they are part of the first and last OS
page. Meaning that we effectively waste 2 * 4kiB = 6.25% of each Oilpan
page.
Since these are not serving their purpose, disable them on this
platform. Another fix could be to make the guard page 16kiB, but given
that the entire oilpan page is 128kiB, this may have adverse effects on
e.g. fragmentation.
Note that this doesn't regress security, as the regions were never
protected to begin with on this platform.
Bug: chromium:1298417
Change-Id: Iad5d05670962780e6d1eeab2bb8a331deb7aa1f3
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471558
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79151}
Use the existing generic js-to-wasm wrapper to handle arguments in
the stack-switching export wrapper, by combining them into a single
helper function parameterized by a boolean.
If the stack_switch parameter is false, the generated js-to-wasm wrapper
is the same as before.
If the stack_switch parameter is true, we allocate and switch to the new
stack before starting to process the parameters. To load the parameters,
we also keep a pointer to the old stack.
After the call, we convert the return value according to the return type
as usual, and then switch back to the parent stack (which may be
different than the original stack, but has a compatible stack frame
layout).
If the stack suspends during the call, control-flow jumps right before
we deconstruct and leave the frame, and returns the Promise as an
externref in the return register.
R=ahaas@chromium.org,jkummerow@chromium.org
CC=fgm@chromium.org
Bug: v8:12191
Change-Id: If3f8eaba8edebe6e98d4738f79f895fdb5322adc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460410
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79148}
This is a reland of 9ae463bc43
- Don't run the heap stats during bootstrapping
Original change's description:
> [heap-stats] Fix heap-stats with ptr-cage
>
> - Heap-stats was trying to load the map without explicitly passing in
> the PtrComprBase causing failures with Code objects in external code
> space
> - Extend the debugPrint.js tests to run with some more debugging and
> testing flags to prevent future regressions
>
> Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78919}
Bug: chromium:1297436
Change-Id: Ib42ae7b8c5f4a427abbce633a1b3ac36ad32994b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437046
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79127}
Allow Wasm to generate calls directly to Fast API C functions.
Also fixes a problem when calling a Fast Api C function with no
FastApiCallbackOptions from JS.
This is a rebase of
https://chromium-review.googlesource.com/c/v8/v8/+/3364356,
which was a rebase of the work originally done by devsnek in:
https://chromium-review.googlesource.com/c/v8/v8/+/2718666.
Bug: chromium:1052746, chromium:1292333
Change-Id: Ic56268e7723f80f7ea9e6799e777786d3a50222f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440694
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79125}
This API allows allocating shared memory mappings inside a virtual
address space from a platform-specific handle to a shared memory object.
This will make it possible to allocate shared memory inside the sandbox,
for example as backing memory for ArrayBuffers.
Bug: chromium:1218005
Change-Id: I4f1f50baec50734e846496cff78046e4fffe75c5
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383777
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79123}
The information was previously kept heap-global but is really only
used by spaces when refilling their LABs.
Bug: v8:12615
Change-Id: Iee256d35ffa0112c93ec721bc3afdc2881c4743b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3465898
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79122}
These should not be allowed inside the sandbox as they could be
corrupted by an attacker, thus posing a security risk. Furthermore,
executable pages require MAP_JIT on macOS, which causes fork() to become
excessively slow, in turn causing tests to time out.
Due to this, the sandbox now requires the external code space.
In addition, this CL adds a max_page_permissions member to the
VirtualAddressSpace API to make it possible to verify the maximum
permissions of a subspace.
Bug: v8:10391
Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79119}
This was mostly unused. We should simply be able to use CodeKind plus
related predicates instead.
Replace FeedbackVector::optimization_tier with
maybe_has_optimized_code, which states whether the optimized code
cache is filled. The value is updated lazily and may lag behind the
actual code cache state. We only use this field for quick cache-empty?
checks from generated code.
Bug: v8:7700,v8:12552
Change-Id: Ibfc5c0128eac56167a68ecba5690eab2e9369640
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460741
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79107}
Data segments were missing in the output of --wasm-fuzzer-gen-test.
R=manoskouk@chromium.org
Bug: v8:11863
Change-Id: I40e60ef8626125ca9df6bead688607215d9e5b58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461932
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79106}
Split small chunks of assembly instructions into separate functions.
This makes the code easier to follow and to maintain, especially for
register allocation.
Drive-by: simplify stack-switching test.
R=ahaas@chromium.org
Bug: v8:12191
Change-Id: Id7544a3b2d16085540d9f1863a0eabd1f72f22bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3461929
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79105}
LocalAllocator was already renamed to EvacuationAllocator some time ago.
Rename files now as well.
Bug: v8:10315
Change-Id: I337f693998aaf5187a5ba05842cdb2474837b68d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463719
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79104}
Originally, 'Promise.allSettled.call()' will throw
"Promise.all called on non-object". It should be
"Promise.allSettled called on non-object". Add test
for it.
Bug: v8:12122
Change-Id: I496a7c9d31baeb5b99012461387cfbccc4100d2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463063
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79096}
The module builder was outputting the address as an unsigned LEB value
instead of a signed value, leading to wrong results.
R=manoskouk@chromium.org
Bug: v8:11863
Change-Id: I547ca98defcae0ba15b4004a506b65387534b08a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3463715
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79090}
Originally, the accessors wont be copied into global object from
deserialized global. And the accessors in serialized global object
will be lost. Fix to copy accessors in deserialized global
into global object when recreating new global object using passed
global proxy template.
Tests credited to xiangyangemail@gmail.comhttps://chromium-review.googlesource.com/c/v8/v8/+/3405405
Bug: v8:12564
Change-Id: Iefb3a6dbfa5445b227d87c26eb423cf1b924dbb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3459937
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79087}
Adding ldflags for aix. This is a todo item noticed
Change-Id: I09dc86a3e956408edb1bfeba6b60bf67843caf4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439339
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79086}
Since we do not yet have canonicalization for types, when emitting
ref.func in the fuzzer, it is not enough to pick a function whose
signature is equivalent with the requested type; we have to pick a
function that is declared exactly with the requested signature index.
Bug: chromium:1296936
Change-Id: Ie307a9a370bb9ba2c8c334ddf05268ed9c7077d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460411
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79081}
Various cleanups around young generation GCs.
These include:
(*) Repalce minor_mark_compact_collector_ with a unique_ptr and merge
initialization with the mark_compact_collector_ and
scavenger_collector_.
(*) Rename IncrementalMarking::UpdateMarkingWorklistAfterScavenge to
IncrementalMarking::UpdateMarkingWorklistAfterYoungGenGC.
(*) Remove redundant MarkingTreatmentMode parameter from
MakeIterable.
Bug: v8:12612
Change-Id: Ifac7006d3425808a4b9e4c8e1af054a60c073180
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448380
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79077}
This CL simplifies the reporting of full GC cycles and the connection
between the GC of the managed C++ heap and the managed Javascript heap.
It moves the call to GCTracer::RecordFullCycleToRecorder to be part of
GCTracer::StopCycle.
Bug: v8:12503
Bug: chromium:1154636
Change-Id: I332dbcd81d2e5bdda83f3353c6526fc18e23ebd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456563
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79075}
The generational barrier for source objects records the entire source
object to be processed later during remembered set visitation. It's
planned to be used for Blink backing stores when an inlined object (or a
range thereof) is added (HeapAllocator::NotifyNewObject(s)).
An alternative approach would be to eagerly process the inlined objects
using a custom callback. However, this requires changing Visitors to
bring slots into the context. This approach should better work for
scenarios where small ranges or single elements are added, to avoid
processing potentially large backing stores. The followup CL implements
this idea.
Bug: chromium:1029379
Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79073}
Replace the Advance/Done methods on BitVector::Iterator with
STL-compatible operator overloads, and add begin/end methods to
BitVector itself, so that BitVectors can be iterated with ranged for
loops.
As a drive-by cleanup, make GrowableBitVector hold the BitVector by
value (to avoid needing to allocate one for empty iteration), and remove
its unused (and inefficient) Union method.
Change-Id: Idcd34e26bfb087e3ec8297b4a769a51bfab4b6e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455803
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79071}
This is a reland of 2694b75eb9
The reason for the revert was fixed and landed in
https://crrrev.com/c/3456023, together with all changes in d8.cc. This
reland itself doesn't change the CL apart from rebasing.
Original change's description:
> Reland "Reland "[heap] Support client-to-shared refs in Code objects""
>
> This is a reland of 4b8f1b1cff
>
> After landing https://crrev.com/c/3447371, we can reland this CL as-is
> correctness-wise.
>
> What's new in this CL is that we now treat references from client
> objects into the shared heap as roots for the --track-retaining-path
> feature.
>
> Original change's description:
> > Reland "[heap] Support client-to-shared refs in Code objects"
> >
> > This is a reland of 12e46091a0
> >
> > Original change's description:
> > > [heap] Support client-to-shared refs in Code objects
> > >
> > > Support references from code objects in the client heaps to shared heap objects. Such references are stored in a remembered set during marking, which is later used for updating pointers.
> > >
> > > Bug: v8:11708
> > > Change-Id: I8aeb508ddd14514ca65fa5acf3030dd8c2040168
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401588
> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > > Cr-Commit-Position: refs/heads/main@{#78819}
> >
> > Bug: v8:11708
> > Change-Id: I47bcf44b452fcffe8675fba03244b736ede14247
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3422630
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78838}
>
> Bug: v8:11708
> Change-Id: I5b48e942fa469eabb40e797e221d06c25af16443
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3425358
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79023}
Bug: v8:11708
Change-Id: I83de1dc4dc4701cba4936a68923f6d9b97f7a6a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455242
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79070}
This is a reland of c927ada76c
Fix: Recalculate encoding after an allocation (that can potentially
trigger GC) in EnsureHasFullTransitionArray.
Original change's description:
> [runtime] Refactor TransitionsAccessor
>
> Problems:
> - The class uses a bare Map field, but some methods can trigger GC
> causing it to have a potential dangling pointer in case of map
> compaction.
> - Some methods invalidate the object state and should not be used again.
> - Complicate logic with a no_gc and a gc aware constructors. Some
> methods can only be called if the object is constructed with a
> particular constructor (e.g, Insert and PutPrototypeTransition).
>
> Note: Most usages of this class is done by constructing an object and
> calling a single method:
> `TransitionAccessor(...).Method(...)`
> So we can easily change them to a static method.
>
> This CL:
> 1. Adds DISALLOW_GARBAGE_COLLECTION to the class.
> 2. Makes methods that can trigger GC static.
> 3. Creates static helper functions that wrap the class in a different
> scope, since TransitionsAccessor now forces the scope to disallow gc.
> 4. Removes now unnecessary "Reload" logic.
>
> Bug: chromium:1295133, v8:12578
> Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79051}
Bug: chromium:1295133, v8:12578
Change-Id: If3880c2480433b78567870c8d14508d6ad9eccbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460405
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79069}
Previously, the accumulator was at the end of liveness bitvectors, which
meant that checking for accumulator liveness required a length lookup.
This CL moves it to the start of the bitvector, with registers starting
at index 1 -- the assumption is that the addition of 1 to the index on
register liveness access can be constant folded away.
As a cleanup, replace all the custom liveness printing code with a
single unified ToString. This places the accumulator at the end of the
printed liveness, to avoid having to change test expectations (also, the
position of the accumulator is now an implementation detail). As a
similar cleanup, change StateValue node building to use the
BytecodeLivenessState interface rather than the underlying bitvector.
These two cleanups allow us to remove the raw bitvector accessor from
liveness entirely.
Change-Id: Ic2744b5e8e16b8527e6a4e8d3b4ddad7096289d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455144
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79066}
Allows separating out the allocator from Heap without requiring a
heap.h include.
Drive-by:
- Rename "Retry" to "Failure".
- Avoid implicit constructors.
- Rename "RetrySpace" to "GarbageCollectionSpace" which is its only
use.
Bug: v8:12615
Change-Id: Idac17cded8f0b2b645a2be9045ab31ffd71999b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456562
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79063}
We optimize trivial type checks in the function body decoder, i.e.,
ref.as_<type> and ref.is_<type> when invoked on a value that is
statically known to be of typeable as <type>.
Bug: v8:7748
Change-Id: Ieee608a965ba44c4cadd9c7171ed8bdc129fce8b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447375
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79061}
Changes:
- GenerateInitExpr should emit a function reference to a function that
is known to exist when funcref is expected.
- Add functions by signature index to the WasmModuleBuilder, so we avoid
signature canonicalization, which currently does not work for wasm-gc.
- Remove printing of recursive groups in the WasmModuleBuilder. Instead,
restrict type definitions to only refer to previous types.
- Some local restructuring of code, comments.
Bug: chromium:1296162
Change-Id: I5abd9bf8ec21ef6a51f00bc960b78519f2ec94f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452433
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79054}
This changes the way how we are handling instrumentation breakpoints.
Motivation:
with instrumentation breakpoints, we need a way to break
on (conditional) breakpoints that were just set by the client on
the instrumentation pause.
How:
We want to first find out if we have an instrumentation break, and
trigger a pause. For this to work, we need to distinguish between
regular and instrumentation breakpoints in the debugger back-end.
On resume, we want to check if we have hit any breakpoints (may
now contain new breakpoints due to the client setting new breakpoints
at the previous instrumentation pause) and trigger a separate pause
for them.
Fixed: chromium:1292930
Change-Id: Idaadd276c44c693f856c4b08c7a72ea67271f420
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442676
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79053}
This reverts commit c927ada76c.
Reason for revert: GC stress failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/37276/overview
Original change's description:
> [runtime] Refactor TransitionsAccessor
>
> Problems:
> - The class uses a bare Map field, but some methods can trigger GC
> causing it to have a potential dangling pointer in case of map
> compaction.
> - Some methods invalidate the object state and should not be used again.
> - Complicate logic with a no_gc and a gc aware constructors. Some
> methods can only be called if the object is constructed with a
> particular constructor (e.g, Insert and PutPrototypeTransition).
>
> Note: Most usages of this class is done by constructing an object and
> calling a single method:
> `TransitionAccessor(...).Method(...)`
> So we can easily change them to a static method.
>
> This CL:
> 1. Adds DISALLOW_GARBAGE_COLLECTION to the class.
> 2. Makes methods that can trigger GC static.
> 3. Creates static helper functions that wrap the class in a different
> scope, since TransitionsAccessor now forces the scope to disallow gc.
> 4. Removes now unnecessary "Reload" logic.
>
> Bug: chromium:1295133, v8:12578
> Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79051}
Bug: chromium:1295133, v8:12578
Change-Id: Ia567cdcae73bc7fdfaf08b62eeeb899d6a933e21
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3456682
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79052}
Problems:
- The class uses a bare Map field, but some methods can trigger GC
causing it to have a potential dangling pointer in case of map
compaction.
- Some methods invalidate the object state and should not be used again.
- Complicate logic with a no_gc and a gc aware constructors. Some
methods can only be called if the object is constructed with a
particular constructor (e.g, Insert and PutPrototypeTransition).
Note: Most usages of this class is done by constructing an object and
calling a single method:
`TransitionAccessor(...).Method(...)`
So we can easily change them to a static method.
This CL:
1. Adds DISALLOW_GARBAGE_COLLECTION to the class.
2. Makes methods that can trigger GC static.
3. Creates static helper functions that wrap the class in a different
scope, since TransitionsAccessor now forces the scope to disallow gc.
4. Removes now unnecessary "Reload" logic.
Bug: chromium:1295133, v8:12578
Change-Id: I85484e7235fbd5e69894e26f5e1c491c6f69635e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450416
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79051}
The flag has been turned on for a long time and we do not intend to
support a mode without young LO objects.
A side effect is that it removes a branch in AllocateRaw for the young
generation.
Drive-by: Reinstantiate the LO space verifier checking that only
certain types can appear as large objects.
Bug: v8:12615
Change-Id: I8c33019a04670f20459ea2faa9dc2f98b8cda40b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450420
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79044}
This CL fixes a bug in the tracing of full GC cycles that was introduced
by https://crrev.com/3432211. In doing so, it refactors the tracing of
cycles by introducing an explicit state in GC tracing events, which
follows the phase within the GC cycle as perceived by the tracer. Two
new methods, (Start|Stop)AtomicPause are introduced; together with
(Start|Stop)Cycle they mark the state transitions. The existing methods
(Start|Stop)ObservablePause are now disentangled from cycles and state
transitions.
Bug: v8:12503
Bug: chromium:1154636
Change-Id: Ie4b863bc27f81dd6858103a8988874d89e6e8517
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440663
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79043}
The build flag is on by default and the actual functionality is guarded
by a runtime flag.
Bug: v8:12612
Change-Id: I6adbd5b766f502400af32eeeb035edca3a3606ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3448383
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79036}
Handle the case of nested super() by checking if the class scope
contains a private brand. In this case the ContextScope chain
is different from the actual context chain so this added back
the AddPrivateBrand() runtime function but with the additional
step of walking the context chain to get the correct class
context that will be stored as the value of the brand property
for the debugger.
Bug: v8:12354
Change-Id: Ieeb9b9d6372bfbb1a39c4c2dc9e9848e9109f02a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275137
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79032}
NaN detection is implemented on arm and arm64, so we can enable fuzzing
with Liftoff as the reference implementation on these architectures.
R=manoskouk@chromium.org
Bug: v8:11856, v8:11954
Change-Id: If80c2f16f52af59705d914396cfe029cb85e7293
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3451718
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79031}
