Currently, JSFinalizationRegistry has a BodyDescriptor that iterates
next_dirty as a custom weak field, and it has a WeakListVisitor that
cleans up any items from the list that should be removed. However, none
of that code is used, because JSFinalizationRegistry objects are created
with visitor ID kVisitJSObjectFast. This change gives them a custom
visitor ID so that next_dirty can be treated as weak.
Bug: v8:12430
Change-Id: I31c1935257ad508b13a3e684662d2ca406d8ed19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3307096
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78167}
Add an approximate bailout for sweeping on allocation to avoid
reporting scopes when no work is being done.
Bug: v8:12286
Change-Id: I7589429805af702c35d51f9a37eae596268dedc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306983
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78166}
Instead of potentially mapping a larger region than requested, then
unmapping parts of it to obtain a mapping with the desired alignment, we
now compute the ZX_VM_ALIGN_X constant corresponding to the specified
alignment and use that in the call to zx_vmar_map.
Bug: chromium:1218005
Change-Id: Ia36de6a06f3f2d625d177320d7e46fd29331f711
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3307054
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78164}
- V8::Deprecate ShutdownPlatform in favor of V8::DisposePlatform
- Rename i::V8::TearDown to i::V8::Dispose
- Clean up i::V8::Initialize
- Remove needless V8::Initialize() calls in cctests
- Remove CcTest::DisableAutomaticDispose()
- Add checks to Isolate::Allocate and Isolate::Dispose that there is
and active platform
Change-Id: Iac84f9ade9d1781e9e8b8c88ea8fe74013f51c4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306482
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78162}
... by using cage-friendly versions of HeapObject::IsBlah(),
HeapObject::map(), HeapObject::map_word() and HeapObject::Size()
on hot paths.
Bug: v8:11880
Change-Id: I70b72e46cc867b6b2ddbc48cd5e6a74ae4208397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308800
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78161}
The logic for printing a safepoint table is currently duplicated for
Wasm code and on-heap code, with slight differences.
This CL provides a central {SafepointTable::Print} method that is used
in both scenarios.
The format is slightly changed to explicitly specify which bitmap
corresponds to stack slots and which one to registers.
R=jkummerow@chromium.org
Bug: v8:12401
Change-Id: I67366b1f9a92450a6ebec4210ab4811800a54f34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306976
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78159}
--predictable requires deterministic heap allocation sequences.
Guarantee these for compilation dependency installation by sorting the
dependency list if --predictable is enabled.
Bug: v8:12397
Change-Id: Ia4660f2249a1c3390a932ae057a5b4d4537497ab
Fixed: v8:12447
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306488
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78158}
It's deprecated in C++17 and not needed (it was needed for static const,
but not for constexpr). It's needed in C++14, but can trigger
deprecation errors in C++17, so include it conditionally on __cplusplus.
Bug: chromium:1274247
Change-Id: I92524f377bb92ac2aa008f15830920786a1c1432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308795
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78157}
This will allow making HeapObject::IsBlah() checks faster when external
code space is enabled.
Bug: v8:11880
Change-Id: I68473ba88063c555c90330c9748462adeb35aa0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308797
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78156}
While debugging, we discovered a Blink misconfiguration in the
navigator.mimeTypes object. We fixed the issue in
https://crrev.com/c/3303674, but let's also document on the V8 side when
you can hit the DCHECK and where to look next.
R=yangguo@chromium.org
Bug: chromium:1262066
Change-Id: I256331ec4296963deb152485d8c6699b75c42e37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302804
Auto-Submit: Tim Van der Lippe <tvanderlippe@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Tim Van der Lippe <tvanderlippe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78154}
This will allow making HeapObject::IsBlah() checks faster when external
code space is enabled.
Bug: v8:11880
Change-Id: Ibee4e19859c23f11316e3cfd7961f58d8e58240a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301478
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78153}
The CL converts uses of v8::internal::Worklist to heap::base::Worklist
which does not require to know the number of tasks working with the
work list upfront. heap::base::Worklist is the common implementation
for V8's heap and cppgc and should be used/optimized going forward.
Bug: v8:12426
Change-Id: Id6ef1aa05df858b01df90d653b6421a9bb68b997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306382
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78151}
It's deprecated in C++17 and not needed (it was needed for
static const, but not for constexpr)
Bug: chromium:1274247
Change-Id: If92d7b6300493cb186ff2ade8f6b6a4820d5a264
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306429
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78149}
These methods were declared as inlined functions but the implementation
were moved to api.cc.
Change-Id: I49071aca9c94e52930c362e85206dbda402ab29b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308375
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78148}
This saves a lot of memory on bigger Wasm functions, which typically do
not contain a lot of references (and no deoptimization data). Most
entries can be collapsed there. We might also see some improvements on
JavaScript code.
R=jkummerow@chromium.org
Bug: v8:12401
Change-Id: Ia12611de52c1ccd755d0a48ea0569ceb18716884
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306975
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78147}
This is a reland of 4997ce58dd
Original change's description:
> cppgc: Add targeted CHECK for diagnosing Peristent issue
>
> The added CHECK aims at finding problems where Peristent is used off
> the owning thread.
>
> Bug: chromium:1253650, chromium:1243257
> Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78137}
Bug: chromium:1253650, chromium:1243257
Change-Id: I9ef72d3f649c1a4504417c4cd7728e5000675405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306487
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78146}
Previously when hitting a debugger statement we would ignore reporting
the hit breakpoints.
Bug: chromium:1229541, chromium:1133307
Change-Id: I47427a541391a27fc7783930e5e7eb41fbf2bb6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306373
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78145}
Current Baseline compiler generates calls to Binop_Baseline for both
Binop and Binop with Smi rhs. This CL make BinopSmi calls to
BinopSmi_Baseline which does not do speculation for rhs.
Bug: v8:12442
Change-Id: Ied786af028429aa0842b9b6d2a5736779f24b568
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303807
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#78141}
--experimental-wasm-mv has been removed, and --wasm-loop-unrolling is on
by default.
Change-Id: I094870765031ef46fcec95e9071333e4e80f407b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302805
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78140}
{WasmInternalFunction::external} might return a function that is not
a WasmExportedFunction, at which point the code in ProcessTypeFeedback
fails.
See crrev.com/c/3277878 for context.
Bug: v8:12436, v8:12166
Change-Id: I09ef96df3fc051586044dd9c2ce88d6aeeb34b9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306391
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78139}
result needs to byte-swapped as it's currently in machine
native order and Wasm requires LE ordering.
Change-Id: Ib29e26985b122a4c1ebba715c47a4d4477bbad54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301460
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78138}
The added CHECK aims at finding problems where Peristent is used off
the owning thread.
Bug: chromium:1253650, chromium:1243257
Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78137}
memory[1] needs to be set in LE order even on BE platforms.
Change-Id: I44620c30a25719d0d61e0f14490342ee930dbbb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302852
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78136}
It's not yet understood how this worked with c++14. Add the workaround,
so that we can figure this out in parallel with -std=c++17 enablement.
Bug: chromium:1273966
Change-Id: I7098d345a5df6e208dfd582eeaecab22e52fecb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304143
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78135}
JSWeakRef and WeakCell both have weak pointers, which should be marked
as such in heap profiler snapshots.
Bug: v8:12112
Change-Id: Ie7aaa2cd3e44552427679e650e462d64704725d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299592
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78133}
This CL removes registration of CppHeap as a remote tracer, and
revises LocalEmbedderHeapTracer as a switching point between CppHeap
and a remote tracer. Currently it is assumed that CppHeap and a remote
tracer are mutually exclusive and only one can be used at any given
time.
Bug: v8:12407
Change-Id: I53513d181ab63f56a88f05c3b76b47ac4dffe86f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289167
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78132}
This low-level API implements virtual address space reservations on the
supported platforms. An AddressSpaceReservation supports similar
functionality as the global page management APIs in the OS class but
operates inside a continuous region of previously reserved virtual
address space. A reservation is backed by regular mmap mappings on
Posix, by placeholder mappings on Windows, and by VMARs on Fuchsia.
Bug: chromium:1218005
Change-Id: I99bc6bcbc26eb4aa3b54a31c671c9e06e92c471b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270540
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78130}
We had IsJSHandlerOnTop and IsExternalHandlerOnTop, which were almost
opposites but not quite. We often did the same computation repeatedly
for determining which kind of a handler is at the top (if any).
This CL simplifies the logic, and only does the three-way logic once:
either there's an external handler, a JS handler, or neither.
It also removes dead code from Isolate::ReportPendingExceptions: we
already do an early return if there's a JS handler on top, so we don't
need to re-check.
Bug: v8:12437
Change-Id: Ic15675bf2177772037d9fcec31c79019e4f0e02c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302802
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78129}
This method should make it easier to debug memory leaks or out-of-memory
errors with d8.
Bug: v8:12198
Change-Id: I66d0ce8e04732badb7902453a1cd95ba9c29f3e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303801
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78128}
With https://crrev.com/c/3272577 we introduced a `StackFrame` cache for
the inspector, which is keyed on the script ID, line and column number,
so the syntactic properties of the function. However, the name that we
report for functions is dynamic and can change (per closure) by
explicitly reconfiguring the "name" property via
```js
var f = function() { /* ... */ }
Object.defineProperty(f, "name", {value: "super duper function"});
```
for example, so we need to take that into account as well, and only use
the cached `StackFrame` instance if the dynamic names still match up.
Otherwise we just overwrite the cached entry with a new instance (the
assumption here is that "name" isn't reconfigured often).
Fixed: chromium:1274529
Bug: chromium:1268436
Change-Id: I519017c762aed5b4f93b9dc4553fa81d5979f1a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306376
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78127}
{WasmInternalFunction::external} might return a function that is not
a WasmExportedFunction, at which point the code in ProcessTypeFeedback
fails.
See crrev.com/c/3277878 for context.
Bug: v8:12436
Change-Id: I447710cfa2dbdb64cba27922da85871d18bc79a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303613
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78126}
Until now, histograms associated with isolate counters were created
at the time of isolate initialization. This is too early because it
happens before persistent memory is configured. Histograms created
before persistent memory is set up are retrieved periodically but
infrequently and are not "flushed" on process termination. As a result,
a lot of samples from V8 are lost.
This CL implements lazy creation of counter histograms, the first time
that they are used.
Bug: chromium:1270428
Change-Id: I8540b50b6c3dde1f477853a011b6c3f2c2c6ef9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284888
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78125}
To trigger speculative inlining, a function needs to run a few times on
Liftoff-tier, and then tier-up to Turbofan. We make sure this happens
by enabling --wasm-dynamic-tiering with a small budget, and running
the critical functions until {%IsLiftoffFunction} is false.
We also add an additional test.
Bug: v8:12166
Change-Id: I6c5e0d3f1e3ba0df8510ae6850d8e9af1d01c179
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306372
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78123}
Previously, we would encode 'other' as a reason for pausing when
stepping too, however, it would not show as such in case it would
overlap with another reason. This CL makes sure that we always report
'other' as a reason if we are stepping.
Drive-by: only encode 'other' as a reason once
Bug: chromium:1229541
Change-Id: Id73822dff68d1d54a2f1fafdf2a097e1377ece75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295346
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78118}
