Rolling v8/build: 8b3f134..92221be
Rolling v8/buildtools: 600a615..134af4c
Rolling v8/buildtools/third_party/libc++/trunk: 7b20455..7c5e4b4
Rolling v8/buildtools/third_party/libc++abi/trunk: 123239c..df3cc8e
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1e43416..1651224
Rolling v8/third_party/depot_tools: 5decb17..cf31045
Rolling v8/third_party/fuchsia-sdk/sdk: version:11.20221219.3.1..version:11.20221221.3.1
Rolling v8/tools/clang: cab032b..3b54a13
Change-Id: Iac0610e49ec38efc0cebb8c1d09ba07941596561
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4121196
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84985}
This prevents blink leak detection from complaining when there is a
reference from SharedFunctionInfo to a blink object that is a target of
leak detection.
Bug: chromium:1393246
Change-Id: I9381f5e27e90c77e4ed721fcc3d257b5f6edd212
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114056
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84984}
It's failing regularly on the ubsan bot, closing the tree.
This CL also adds a 'variant == future' section in the mjsunit.status
file to enable easy disabling of maglev-specific failures.
No-Tree-Checks: true
Bug: v8:13612
Change-Id: I3c0f7725e1fb36577e97c662cd3830c64ba298e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4120554
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84982}
This will prevent building v8 arm code when all we want is the snapshot
file.
Bug: chromium:1402705
Change-Id: If8137e8ef79ff1943c24d5bd71d8374e59bdf561
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4117695
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Andrew Grieve <agrieve@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84981}
Clearing the exact amount of padding bytes apparently measurably
regresses some string operations. For freshly allocated strings we can
write into the payload area too, since that one is being written later.
This allows us to clear a statically known amount of padding bytes which
greatly speeds up the initialization.
Bug: chromium:1402898
Bug: v8:13466
Change-Id: Ib5fd4877a88c88fbf5247ed0e2c4b2de1775623d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4118772
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84980}
This reverts commit 8623fd473b.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/12508/overview
Original change's description:
> [maglev] Destroy jobs on BG thread
>
> Maglev job destruction is suprisingly expensive, taking up roughly a
> third of total finalization time. Rather than destroying jobs as part of
> finalization, re-post them to the concurrent dispatcher to be destroyed
> in the background
>
> Bug: v8:7700
> Change-Id: I450d8a7b49737504c2aaebbfa7754e0ae15e7f05
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111238
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84970}
Bug: v8:7700
Change-Id: I797a34529652c814b11cd13309b2d3a5ff68266e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4115747
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84977}
Replace SafeEquals with normal equals operator in `IsUndefined` and
friends. This will allow us to have more efficient checks with static
roots, since pointers do not need to be decompressed.
After this change calling Is##Type on CodeObjects is no longer possible.
This is ensured by dchecks in operator==. The change might reveal more
callers that need to be fixed.
Bug: v8:13466
Change-Id: I3353d10aebb7a192a77281c44e4159f0da336297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4106849
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84974}
This reverts commit 2a71e8637f.
Reason for revert: This probably blocked the V8 roll.
https://chromium-review.googlesource.com/c/chromium/src/+/4116621?tab=checks
Original change's description:
> Reland "[heap] Fix conservative stack scanning for client isolates"
>
> This is a reland of commit 36bac1bcae
>
> Original change's description:
> > [heap] Fix conservative stack scanning for client isolates
> >
> > With this CL, the context of stacks corresponding to all client isolates
> > are saved, so that conservative stack scanning can be used correctly
> > during a shared garbage collection. This happens:
> >
> > 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
> > isolate and the initiator;
> > 2) when an isolate's main thread is waiting in a safepoint; and
> > 3) when an isolate's main thread is parked.
> >
> > Bug: v8:13257
> > Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Reviewed-by: Omer Katz <omerkatz@chromium.org>
> > Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#84712}
>
> Bug: v8:13257
> Change-Id: I61df6eeca5a28e04eb3a858f7d601bc5f6312e49
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092737
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84963}
Bug: v8:13257
Change-Id: I3a235f11e5fe55c476591a5274946aeb6cc9bf6e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111178
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84973}
This reverts commit f51e0bb1db.
Reason for revert: Dependent on crrev.com/c/4092737 that is being reverted.
Original change's description:
> [heap] Merge mechanisms for disabling CSS
>
> EmbedderStackStateScope is used to disable conservative stack scanning
> for cppgc when the stack is known to not contain heap pointers. Also,
> DisableConservativeStackScanningScopeForTesting is used to disable CSS
> for the V8 heap in tests that assume a precise GC. Until now, these two
> have used two different mechanisms for disabling CSS. This CL merges
> the two mechanisms and implements the latter scope via the former.
>
> Bug: v8:13257
> Change-Id: Ieca082657854fe2eff9eb5d95a30d48bb8eab44f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111954
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84964}
Bug: v8:13257
Change-Id: Id769af6215a2ed319ec96b354734a5362b2384cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111179
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84972}
Maglev job destruction is suprisingly expensive, taking up roughly a
third of total finalization time. Rather than destroying jobs as part of
finalization, re-post them to the concurrent dispatcher to be destroyed
in the background
Bug: v8:7700
Change-Id: I450d8a7b49737504c2aaebbfa7754e0ae15e7f05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111238
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84970}
Usage of scratch registers acquired via scratch register scope in
deferred code is not valid, as the scope is not active within deferred
code.
Use proper temporaries (assigned by register allocation) instead.
Bug: v8:7700
Change-Id: If4ef4c09ea6f5a551f44bda15b8eeb1055d07070
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111170
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84969}
MakeHeapIterable() in a shared heap isolate requires a global
safepoint. OptimizedCodeIterator uses MakeHeapIterable() but always
entered a local safepoint.
This CL changes OptimizedCodeIterator to request a global safepoint
for shared heap isolates.
Bug: v8:13267
Change-Id: I642a7731f4294cc1558de92d4daf5a1e3603f6cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110854
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84967}
EmbedderStackStateScope is used to disable conservative stack scanning
for cppgc when the stack is known to not contain heap pointers. Also,
DisableConservativeStackScanningScopeForTesting is used to disable CSS
for the V8 heap in tests that assume a precise GC. Until now, these two
have used two different mechanisms for disabling CSS. This CL merges
the two mechanisms and implements the latter scope via the former.
Bug: v8:13257
Change-Id: Ieca082657854fe2eff9eb5d95a30d48bb8eab44f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111954
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84964}
This is a reland of commit 36bac1bcae
Original change's description:
> [heap] Fix conservative stack scanning for client isolates
>
> With this CL, the context of stacks corresponding to all client isolates
> are saved, so that conservative stack scanning can be used correctly
> during a shared garbage collection. This happens:
>
> 1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
> isolate and the initiator;
> 2) when an isolate's main thread is waiting in a safepoint; and
> 3) when an isolate's main thread is parked.
>
> Bug: v8:13257
> Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84712}
Bug: v8:13257
Change-Id: I61df6eeca5a28e04eb3a858f7d601bc5f6312e49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4092737
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84963}
The spec does not allow side effects on wrapping the exceptions
crossing the realm boundaries. We need to provide an easy way to inspect the exception-thrown cross-realms according to the last TC39 meeting
consensus.
Related spec change: https://github.com/tc39/proposal-shadowrealm/pull/382.
Bug: v8:11989
Change-Id: Ia78d94fd33cba689267aeacd028d662bd4a37fe9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3618759
Commit-Queue: Chengzhong Wu (legendecas) <legendecas@gmail.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84961}
The write barrier for DescriptorArray was skipping slot recording
unless is_compacting_ was set. However, that flag only applies to
local objects but not shared objects in client isolates.
This CL fixes this by using the same logic as the regular write
barrier for deciding whether to record slots or not.
Bug: v8:13267
Change-Id: Ib7c5567615aa04cf79225fc7613a9db1d4ae0f0e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4118866
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84958}
With this change property accesses on WasmObject and WasmArray return
undefined instead of throwing.
Furthermore retrieving the prototype of a WasmObject/WasmArray returns
null.
Bug: v8:13523
Change-Id: I12e3b9fb6ac9a7305f001a3b3835854068c3064f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110995
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84957}
This way we do not lose type information while optimizing.
Bug: v8:7748
Change-Id: I5c25a3863e4400f2f69431e73b30fd7c0e626a27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4117071
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Auto-Submit: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84956}
We add final types to wasm-gc.
- We introduce a `kWasmSubtypeFinalCode` as an alternative to
`kWasmSubtypeCode`.
- Behind a flag, we interpret types behind this code as final, as well
as types outside a subtype definition by default.
- For final types, type checks for call_indirect and ref.test etc. are
reduced to simple type identity checks.
Bug: v8:7748
Change-Id: Iabf147b2a15f43abc4c7d1c582f460dbdc645d66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4096478
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84955}
The SaveFPRegsMode::kSave specializations of CEntry were unused.
Remove this parameter to eliminate dead code.
Bug: v8:13606
Change-Id: If3d6f5382101acd477c5d9559a84c88b02a72123
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4114283
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84954}
- Add timing infos to TraceAbortedJob output since aborted jobs still
take time and resources:
[aborted optimizing ... - took 0.005, 17.757, 0.061 ms]
- Add the calling code kind to 'not marking ... for optimization'
since it matters which tier we're currently stuck in:
[not marking function ... (MAGLEV) for optimization: already queued]
Bug: v8:7700
Change-Id: I9a123ddaa58ed310605cd28473f53ce8ea004fd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110747
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84953}
Error mode: a TypedArray backed by RAB claims it's not backed by RAB.
Drive-by: disable resizability even harder when --harmony-rab-gsab is
not on.
Bug: v8:11111, chromium:1402139
Change-Id: I937c69f6124419cc8d29da0195686bc3b9a5c281
Fixed: chromium:1402139
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110751
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84952}
- Converts tests in EmbedderTracingTest to UnifiedHeapTest
- Move EmbedderRootsHandler tests to their own file
- Adds support for CppHeap in ManualGCScope
- Drive-by fix typo
Reland: Fix issue with attaching a CppHeap while incremental marking
is already running.
This reverts commit d90a98edc1.
Change-Id: Ifafa9145df3103578c4c7f1b3b0336b4bd9f34dd
Bug: v8:13207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110941
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84950}
This change reduce the TruncateInt64ToInt32 and BitcastWord32ToWord64 pair at machine operator reducer, since the upper 32 bits are not important.
With this change, a reduncant mov can be avoid e.g. at,
// script
function func() {
a = [];
for (j = 0; j < 13; j++) {
a[j] = j + 1;
}
return a;
}
// Assembly
// ...
movl rdi,[r8+0xb]
movl rbx,[r8+0xb] // can be removed
REX.W movq r9,rdi
sarl r9, 1
// ...
Change-Id: I6a128d9606c093df50fe9286201c1b979900864d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4115155
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84945}
ShadowRealms have a callable boundary: there cannot be any edges between
objects in the ShadowRealm and those from other realms. V8's
prepareCallStack API breaks this invariant via getFunction() and
getThis(). This CL makes those functions throw when called inside
ShadowRealms.
See also
https://docs.google.com/document/d/1aXEy4YCC9CduxLs7MGw-UOm0P4OuG7W-cScBnLG3ALI/edit?usp=sharing
Bug: v8:11989
Change-Id: I5a2b8fa735c0f10583c8cede4062645986b2d914
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4108810
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84944}
All IFS values of resumable loops are loop phis, so values from before
the loop can safely be dropped. In fact, if we don't drop them we might
not be able to restore them and crash in a safety check. Eagerly
dropping the values allows us to keep the safety check.
Bug: v8:7700
Change-Id: I99ef80e35db5aba965dc1c5c9d78f1d085e589fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110940
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84943}
Usually sharable strings are automatically promoted to shared old space
and can be shared in-place.
There are currently two exceptions:
- When using a non-moving GC (e.g. minor MC)
- Strings in LO space
Account for these exceptions by copying strings to the respective shared
space when sharing them.
Bug: chromium:1400048
Change-Id: I20713b5f32f449c14febd848e289b5767530a257
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4110752
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84942}
This is a reland of commit 833731b20b
Original change's description:
> [maglev] Fix %OptimizeOsr when called from Maglev frames
>
> This (test-only) runtime function only supported unoptimized frames as
> callers. Add support for Maglev frames as well by extracting the
> relevant BytecodeArray and bytecode offset.
>
> This reverts commit 955de73ee5.
>
> Bug: chromium:1400549,v8:7700
> Change-Id: I80f80f8736ff0400d6d47e355add2a07cdc4559e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111851
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84931}
Bug: chromium:1400549,v8:7700
Change-Id: I79fadaa0a82314a3fdd4970e9429d83ab06aff09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111950
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84938}
