This CL refactors WasmContinuationObject to have a direct
ExternalPointer to the jmpbuf structure instead of using a Foreign.
This in turn makes it possible to use a unique pointer tag for that
external pointer when the sandbox is enabled.
Bug: v8:10391, v8:12949
Change-Id: I25528bd8aaffb32dd617440d3ccb77d319894a38
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805061
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82238}
This bit may not get cleared automatically and could show
results from older executed instructions.
Change-Id: I5976f9a6c5bf87b1a63ef0f35493b222729e20f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812037
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82237}
The compiler is free to spill intermediate results of
compression|decompression on stack. With our scheme, the only
intermediate result can be a truncated but non-shifted pointer.
Bug: chromium:1325007
Change-Id: Ibec1f80b9d214d1c1e7cb8368c094fc262237642
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793615
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82236}
This is a reland of commit ccde420538
Added a test case for terminating optimized bigint multiply and attached frame_state to the runtime call to provide deopt information to determine the throw location
Original change's description:
> [TurboFan] Support BigIntMultiply
>
> Bug: v8:9407
> Change-Id: Iab0a4ca8dd5d83444d1addd6043a5c8e3a8577a7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3773773
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82140}
Bug: v8:9407
Change-Id: Ia691d758265148da1de291365d41c7c1d1f98ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810391
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82232}
The infrastructure runs everything already in Python3, so this is
mostly a clean-up.
For MB, a python2 holdover was removed and new lint errors were
fixed.
The renames were automated with:
git grep -e "/usr/bin/python$" |
cut -d':' -f1 |
xargs
sed -i 's/#!\/usr\/bin\/python$/#!\/usr\/bin\/python3/1'
and
git grep -e "/usr/bin/env python$" |
cut -d':' -f1 |
xargs
sed -i 's/#!\/usr\/bin\/env python$/#!\/usr\/bin\/env python3/1'
Bug: v8:13148
Change-Id: If4f3c7635e72fa134798d55314ac1aa92ddd01bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811499
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82231}
Move the translation array building to the "compile" rather than
"generate code" phase of maglev compilation, as a graph processor after
register allocation. This allows it to be done on a background thread.
Drive-by: Use the new OptimizedOut functionality of the translation
array builder.
Bug: v8:7700
Change-Id: If4202737f1eeb38281f306c23f408105c5fb0ef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811501
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82228}
Several small optimisations for TranslationArray:
a) Store opcodes and register codes as unsigned values (no need to
shift in the sign bit when encoding/decoding). Note that skips over
register codes will decode them as if they were signed -- this is
ok since we don't use the skipped value.
b) Use the static knowledge that opcodes and register codes need 7
bits to avoid the VLQEncode loop when building (still use a
VLQDecode when decoding since decode time matters less).
c) Add a special opcode for "optimized out", instead of using a
literal, since this will be a common case.
Change-Id: I9758e5b889ecc3f1a3fa4d840867f2a3d481e75f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812040
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82227}
This is a reland of commit 2055c3b482
Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}
Bug: v8:13058
Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82221}
The "Deoptimized function count" displayed in profview tool
should be the sum of deopt-eager, deopt-lazy and deopt-soft.
Change-Id: I42252930c3685f1ca721691f983abb8adeb492e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3793469
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Jialu Zhang <jialu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82220}
Introduces a CheckSymbol to guard a reference equality for values in an
equality comparison with Symbol feedback.
Bug: v8:7700
Change-Id: Ieb012b292f2d955faf76e485e6636a2d293fa007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811500
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82219}
If the same WebAssembly module gets compiled multiple times, the
compilation result of the first compilation gets reused for later
compilations. With streaming compilation functions get compiled before
the whole module got downloaded, so it cannot be determined if the
currently compiled module has already been compiled or not. Therefore,
to check if the WebAssembly module has already been compiled, we compare
if the hash of the header section matches the hash of any of the already
compiled modules. If so, no function gets compiled until all bytes were
received. Then a full module check can be done, and either an existing
module can be reused, or the whole module gets compiled.
While compilation is avoided after a prefix_cache_hit, decoding still has
to happen. In the existing implementation, validation for lazy
compilation also happened in addition to decoding. This lead to the
problem that validation of lazy compilation could post a foreground task
when an error was detected, and later another foreground task got posted
when all bytes were received to do the full module check. Having two
foreground tasks at the same time violates an invariant in the
AsyncCompileJob.
With this CL we avoid the initial function validation after a
prefix_cache_hit to avoid the task for the error handling. Validation
will anyways happen again if the full module check fails later, or
validation is unnecessary if the full module check succeeds, as the
module has already been validated before.
R=clemensb@chromium.org
Bug: v8:13147, v8:12852
Change-Id: Iae24c056057f3a5dfd2f61accd1f9f0d35412996
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812038
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82218}
In the previous CL
(https://chromium-review.googlesource.com/c/v8/v8/+/3778969), we
executed i::Compiler::Compile regardless of the function has been
compiled or not. That caused DCHECK failures in the Compile function,
which allows to compile only once.
Bug: chromium:1347319
Change-Id: I240591cbec46dc4fac4028a80a8ba5ab2f05c450
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3806929
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82217}
This CL fixes a crash when we build the scope chain after re-parsing
for Debugger.evaluateOnCallFrame.
The following script causes the crash:
class A {
test(){
debugger;
}
f = (x) => {}
}
let a = new A()
a.test()
The current scope search tries to be smart and descends deeper
into the scope tree based on source position. That is not a sound
approach as V8 doesn't guarantee that sibling scopes don't overlap.
In the above case V8 creates an instance initializer scope where
f is assigned (and the initializer scope is the parent scope for
the arrow function). The problem is that the initializer scope
uses the same source range as the class `A` itself, so when we
look for the scope for `test`, we descend wrongly into the
initializer scope and can't recover.
The solution is to not try and be too smart:
- First, find the closure scope with a straight-up DFS.
- Once we have that, descend from there and try to find the
closest fitting scope around the break position.
R=bmeurer@chromium.org, jarin@chromium.org
Bug: chromium:1348186
Change-Id: Ic5e20c4d12b3d768f76a17367dc0f87bcc73763b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807594
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82216}
There are a same name field equivalence_id_ in both
BytecodeRegisterOptimizer and RegisterInfo, but one of them is int,
another one is uint32_t, it's better to change them as same type
to avoid addtional or potential type casting.
Change-Id: I509f850d82a9a0fc30168fae83a0bd6565b7000e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811138
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Wenqin Yang <wenqin.yang@intel.com>
Cr-Commit-Position: refs/heads/main@{#82214}
Factory::CopyCode was using ProcessBlackAllocatedObject and
WriteBarrierForCode(Code) to handle write barriers for that newly
created code object. But even when used in tandem with each other they
would miss OLD_TO_NEW references in the code object header.
This CL simplifies Factory::CopyCode by letting
WriteBarrierForCode(Code) handle all outgoing pointers of that code
object (not just a subset of RelocInfos) by implementing an
ObjectVisitor. This removes the need for ProcessBlackAllocatedObject.
Since Factory::CopyCode was the only user of
ProcessBlackAllocatedObject, we can also remove all the object
revisiting logic in the main thread marker.
Bug: v8:11708
Change-Id: I7d9b12eb0a76ba41a38efc147f44556ddc941a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810186
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82212}
While it is not required to invoke the full barrier in this case, we
can invoke the full write barrier which improves verification but also
makes the code easier to understand by relying less on GC
implementation details.
Bug: v8:11708
Change-Id: I4d2f6640bc0efb5b763ccd5ca99e573421be3a06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807592
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82208}
- Update parse processor to use new async log-reader functions
- Fix some typos
- Add more desciptions to the output
- Update bytes and time formatting to use common helper.mjs functions
Bug: v8:13146
Change-Id: Idf58a394aa493b7f50ad5282533c1b6d326117be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810233
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82206}
When calculating the GC collection rate, we assume that the start object
size (before GC) is non zero. It appears that this is not always the
case, not only because of tests that explicitly trigger GC, but also in
Chrome, when the --gc-interval flag is used with a small interval value.
Furthermore, efficiency calculation (freed bytes over GC duration)
assumes that the duration of the GC is non zero. However, if the clock
resolution is not small enough and the entire GC is very short, the
timed value appears to be zero. This again leads to NaN values showing
in metrics and CHECKs failing and has already been fixed for Oilpan
(crrev.com/c/3723499).
This CL fixes these two issues.
Change-Id: I902b2e9740d9750a2b6463a00289625500c4c0d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810393
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82205}
It introduces GetSecondReturnedValue node, which must be added
immediately after a node that calls a builtin that expects 2
returned values.
It simply binds kReturnRegister1 to a value node. Since the previous
node must have been a builtin call, kReturnRegister1 is free in
the register allocator. No gap moves will be emitted between these
two nodes.
Bug: v8:7700
Change-Id: Iddd81ef534a6397bad5682fa1430a94d2075b746
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810183
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82204}
Resolve the TODO to avoid the push/pop of the cycle break temporary
value, by keeping track of whether the scratch register currently holds
the temporary value and spill it if the register is needed for stack
slot moves instead.
Bug: v8:7700
Change-Id: If4119e63312bdc2b89987f92328ae646a46543ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810185
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82203}
Pass WriteBarrierMode to the code object write barrier and DCHECK WriteBarrier::IsRequired when using SKIP_WRITE_BARRIER.
Bug: v8:11708
Change-Id: I457d0fa07e830d6831fb95a4ae9311f6066215e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810171
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82201}
Memory limits are difference on 32-bit and 64-bit systems, so foozzie
finds differences in Wasm execution.
This can be avoided by always setting the same (lower) limit.
R=machenbach@chromium.org
Bug: chromium:1348335
Change-Id: I452d257fd78730b4113bfe67120dbed2e8ba5878
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804696
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82200}
This is a reland of commit 491de34bcc
co-authors: Ji Qiu <qiuji@iscas.ac.cn>
Alvise De Faveri Tron <elvisilde@gmail.com>
Usman Zain <uszain@gmail.com>
Zheng Quan <vitalyankh@gmail.com>
Original change's description:
> [riscv32] Add RISCV32 backend
>
> This very large changeset adds support for RISCV32.
>
> Bug: v8:13025
> Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82053}
Bug: v8:13025
Change-Id: I220fae4b8e2679bdc111724e08817b079b373bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807124
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82198}
As part of revising MinorMC, it would soon be broken and bots should
not be red because of it.
Bug: v8:12612
Change-Id: I0551d0a115ac2f4fa7fc32190458850f80b84cf5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810353
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82197}
This is a reland of commit 4bab7a8ee6
The reland changes the way how we install the async stack tagging API
on the console object. Instead of using `v8::Object::Set`, we use
`createDataProperty` which is sufficient. With `Set`, arbitrary
JS could run via accessors, which might not be allowed depending on
when the API is installed.
Original change's description:
> [inspector] Enable async stack tagging API by default
>
> R=bmeurer@chromium.org
>
> Fixed: chromium:1334585
> Change-Id: Id79a60bac1731ea9c60654ff15c8e23f958c6e57
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3799431
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82161}
Change-Id: I9b8c8e643705f8f043acac5af14307f2dbdb5a68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3809692
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82190}