Port 1ff685d8b1
Change-Id: Ie60f3b9258114564d3e6a20a0049552694003d52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3573783
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79791}
If the name of a wasm function is empty, use wasm-function#id instead.
Change-Id: Ifdfb969a4d0ba5329fea0325397938e8274cf3db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3566229
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jie Pan <jie.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#79790}
The FastArray path for Array#groupBy and Array#groupByToMap does not
recheck the input array's length each iteration. This is incorrect since
the grouping callback can truncate the length, and we should deopt to the
generic path when this happens.
Bug: chromium:1312838, v8:12499
Change-Id: Id3a4973e9960500a2f29ed63281ea721777d4dd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570342
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79787}
- Double click on the current timeline selection to focus and zoom in
- Make timeline-tracks focusable by setting a tabindex
- Add back arrow-key navigation for the map panel (only when focused)
- Prepare code for adding keyboard-based horizontal scrolling
- Use --code-font CSS variable
Bug: v8:10644
Change-Id: Ic473695c9fcdc795d173cd064b4660e100ae8b24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568475
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79786}
The DCHECKs check that the metrics from previous cycles are extracted
for both young and full GCs.
Bug: chromium:1029379
Change-Id: I8390d474abc8bd698e7f02896383b6fe013d792e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570430
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79785}
Incremental finalization previously used to rescan roots to avoid any
new work showing up in the atomic pause.
With concurrent marking we should be way faster in finalizing, so that
we can save ourselves this work. In particular, if we finalize in the
same JS execution we would be doubling work as the atomic pause
anyways needs to rescan all roots.
Bug: v8:12775
Change-Id: I58a5a931da72c8d5c8aee4cd5dad4512954668b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570427
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79784}
Pass the context as an argument of the runtime function, instead
of using the stack frame iterator to find it.
R=jkummerow@chromium.org
Bug: v8:12191
Change-Id: I43c0cf74b1b83b9c1c63df99c3816bd3f3e94ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3562984
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79782}
This reverts commit 54e360d141.
Reason for revert: Waterfall failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/38922/overview
Original change's description:
> [wasm] --liftoff-only should disable --wasm-dynamic-tiering
>
> A Liftoff only configuration should never tier up to TurboFan, hence add
> a proper implication to disable dynamic tiering if --liftoff-only is
> set.
> Also, add a DCHECK to ensure we never accidentally compile with TurboFan
> if --liftoff-only is set.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12281
> Change-Id: Ia9b81add503cc939f59fde3f4d3bb67252facf2c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569741
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79779}
Bug: v8:12281
Change-Id: Ie1551a9c7b4491cf02995acd0b72a276c2f68eab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3572042
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79781}
When the heap is gracefully terminated, all the destructors are called.
CrossThreadPersistents must clear the back references (references from
CrossThreadPersistentRegion) so that further GCs on other threads will
not access freed CTPs.
To force destruction with young-gen enabled, the CL unmarks the heap on
termination.
Bug: chromium:1029379
Change-Id: I7f4a34a914ca20b50fe6d2ad493d56e0ba525ecc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568473
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79780}
A Liftoff only configuration should never tier up to TurboFan, hence add
a proper implication to disable dynamic tiering if --liftoff-only is
set.
Also, add a DCHECK to ensure we never accidentally compile with TurboFan
if --liftoff-only is set.
R=jkummerow@chromium.org
Bug: v8:12281
Change-Id: Ia9b81add503cc939f59fde3f4d3bb67252facf2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569741
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79779}
This reverts commit 1f0d7d2072.
Reason for revert: Speculative revert for roll failures in https://chromium-review.googlesource.com/c/chromium/src/+/3569445
Original change's description:
> cppgc-js: Concurrently process v8::TracedReference
>
> Adds concurrent marking for reaching through v8::TracedReference.
> Before this CL, a v8::TracedReference would always be processed on the
> main thread by pushing a callback for each encountered reference.
>
> This CL now wires up concurrent handling for such references. In particular:
> - Global handles are already marked as well and not repurposed during
> the same GC cycle.
> - Since global handles are not repurposed, it is enough to
> double-deref to the V8 object, checking for possible null pointers.
> - The bitmap for global handle flags is mostly non-atomic, with the
> markbit being the exception.
> - Finally, all state is wired up in CppHeap. Concurrent markers keep
> their own local worklist while the mutator marker directly pushes to
> the worklist owned by V8.
>
> Bug: v8:12600
> Change-Id: Ia67dbd18a57dbcccf4dfb9ccfdb9ee438d27fe71
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516255
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79736}
Bug: v8:12600
Change-Id: I8a91dcd6880580207bf8d315b264edbe42a794e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568474
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79778}
HeapAllocator didn't fall back to old space allocation when the
heap had no map space.
Bug: v8:12578, chromium:1313119
Change-Id: Ic02334f42f9fb80a8a9dcf99a94a7ac16da24053
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3570423
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79776}
If we have a smi operation in the feedback vector, we emit SmiTag
Int32AddWithOverflow and SmiUntag nodes, instead of a generic
operation binary node.
Change-Id: Idb9ce2b60289fbe492bf269793660b32de23e2b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560641
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79775}
... when enable V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE.
When enable V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE and
V8_EXTERNAL_CODE_SPACE, because of the external code space,
we could not get the isolate using RoundDown directly, which
may cause wrong isolate address. We should use memory chunk
like in V8_COMPRESS_POINTERS_IN_SHARED_CAGE instead.
Bug: v8:12664, v8:12715
Change-Id: Ib78770fdb66fa509d6d8acc836803ec9d6804ef1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532599
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#79774}
This includes two fixes:
1. For dynamic tiering, the budget must always be reduced when jumping
backwards, otherwise we might never trigger tier up, which makes the
loop non-interruptible (because the tier-up check replaces the stack
check).
2. The d8 worker implementation also needs to terminate the isolate via
an interrupt, in addition to scheduling a task, because the worker
might never return to the event queue.
This CL also fixes one of the failure modes of the inspector fuzzer
(see https://crbug.com/1180018).
R=jkummerow@chromium.org, marja@chromium.org
Bug: v8:12767, chromium:1180018
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ia01d1725fc14931d2ea54c4769c4ee93f866ed63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568470
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79773}
Remove cctest's ability to run multiple tests (which has long been
deprecated and mostly broken). We can then make platform & V8
initialisation be part of running the test's Run method.
In particular, this allows us to inject custom logic into the platform
initialisation, like setting up a platform wrapper. Add a
TEST_WITH_PLATFORM which exercises this by registering a platform
factory on the test, and wrapping the default platform using this
factory. This allows these tests to guarantee that the lifetime of the
platform is longer than the lifetime of the isolate.
As a result of this, we can also remove the complexity around draining
platform state in the TestPlatform (since it will now have a longer
lifetime than the Isolate using it), and as a drive-by clean up the
TestPlaform to use a CcTest-global "default platform" instead of trying
to scope over the "current" platform.
As another drive-by, change the linked-list of CcTests and the linear
search through it into an std::map of tests.
Change-Id: I610f6312fe042f29f45cc4dfba311e4184bc7759
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3569223
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79772}
The CL makes sure to extract and copy Oilpan young GC metrics to
v8::metrics::GarbageCollectionYoungCycle. In addition, it makes sure
that metrics are not reported twice by bailing out from
GCTracer::NotifyCppGCCompleted() for young GC cycles (the metrics are
reported later in Heap::CollectGarbage() by calling
GCTracer::StopCycle()).
Bug: chromium:1029379
Change-Id: I07bf51e85a76a7cdbeeb8d87c9072edf2634158b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545168
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79766}
.. to simplify logic within compiler.cc. GetOrCompileOptimized now only
returns Code object if the requested optimized Code object is available.
This change also required updating CompileLazy to install the
appropriate Code object before potentially calling CompileOptimized_*
runtime functions in order to satisfy the is_compiled precondition.
Bug: v8:12161
Change-Id: I991dbcc0ba8f3d635aa1e1f06e4cffd89e08a47b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3562978
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79762}
If we've already cached OSR'd code for the current function but with a
different osr offset, fall back to synchronous compilation. This avoids
degenerate cases where we repeatedly spawn OSR jobs but then fail to
install them.
Drive-by: More consistent --trace-osr output.
Drive-by: Rename kCompileForOnStackReplacement to kCompileOptimizeOSR
for name consistency.
Drive-by: Add JSFunction::DebugNameCStr() for more convenient PrintF's.
Bug: v8:12161
Change-Id: I2b4a65bc9e082d85d7048a3e92ef86b07d396687
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3560431
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79761}
cr_fuchsia_package is deprecated in favor of using the Fuchsia
SDK provided rules directly.
This CL adds a cmx file specifically for v8_unittests. CMX
files define fuchsia components, see
https://chromium-review.googlesource.com/c/chromium/src/+/3529652
for more info.
Bug: chromium:1092804
Change-Id: Ibf1d866ec6b94a0e1a7a7c7c443a6ee80e3b1042
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3537885
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Bryant Chandler <bryantchandler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79760}
Tweak a few names, remove a few GetIsolate calls, other minor
usability refactors.
It may be worth taking a closer look at the impl in the future,
currently the design choices don't seem ideal (see the added TODO
on top of the class).
The reland is unchanged from the original CL.
Bug: v8:12161
Change-Id: I9971f7f2fb08b7a1ec2d57b2a0e4accdc11191ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568444
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79759}
If the immediate is a 32-bit value, we can just write the lower half of
the target register, the upper half will automatically be zero-extended.
R=tebbi@chromium.org
Bug: v8:10005
Change-Id: Ib3c54c9f6ac2434c7345c507529298233d6b7d6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3563565
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79758}
Port the eager deopt handling in the use marker and register allocator
to do the same thing with lazy deopts. This requires moving the lazy
deopt info to be a pseudo-input before the node, same as eager deopt
info, so that the regalloc can read it without needing the Node's
opcode.
For now, this means that a node cannot both eager- and lazy-deopt; if we
need this in the future we can rethink it.
Bug: v8:7700
Change-Id: I96292af9c483f285b1e45bfb374c8dc600fa6347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568452
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79757}
Since the code is generated unconditionally, using a DCHECK to check
that shared RO heap is enabled breaks builds with
v8_enable_shared_ro_heap set to false, this patch turns that into a
CSA_DCHECK so it only crashes when V8 actually attempts to store into
a shared struct while the RO heap isn't shared at run time.
Refs: https://github.com/nodejs/node/pull/42115
Bug: v8:12547
Change-Id: I30d9a02b98a0b647097125c0a9d141e40d6348cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3561598
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79756}
Fail immediately when page allocation fails during deserialization. We
would crash immediately in the GC following the allocation failure but
with a less descriptive error message.
Bug: v8:12514
Change-Id: I688d9bac5978ca7af3b24830999c992e1df32dce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568458
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79755}
- Unhandlify OSROptimizedCodeCache::GetOptimizedCode.
- Unstatic-fy FeedbackVector::SetOptimizedCode.
- Remove frame-walking logic during the OSR tierup decision.
The reland is unchanged from the original CL.
Bug: v8:12161
Change-Id: Ibf03a9dd9a6fcd38c0664e5d5014a26d0240e035
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568463
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79752}
- Process the minidump in a separate function to avoid keeping
references to the mmapped file during disposal
- Clear all MinidumpReader variables before disposing the mmapped file
Change-Id: I0ce468597329d6f7d703a08309e4be378d9c27cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3568469
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79750}
This changes the logic for generating method names in `error.stack` to
prepend an inferred type name only when the function name is a valid
ECMAScript identifiers and does not equal the inferred type name, to
(1) give developers more control over the exact name shown in
`error.stack`, as well as
(2) avoid confusion in the presence of renaming of local variables.
Previously we'd leave the function name as-is if it was prefixed by the
inferred type name, but that condition is unnecessarily strict, and led
to a bunch of inconsistencies around special names like
`<instance_member_initializer>` where this dynamic approached often
prefixed it with the correct type name, but also sometimes got it wrong
and prepended `Object.`, which is very unfortunate and misleading.
Specifically for these special names, we'll add logic later in the
parser to infer a useful (complete) name.
The design doc (https://bit.ly/devtools-method-names-in-stack-traces)
contains more background and examples of why we do this change.
Doc: https://bit.ly/devtools-method-names-in-stack-traces
Fixed: chromium:1294619
Bug: chromium:1283435
Change-Id: Ib8b528ba25255dcd07e9d11044c562c11d699bcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565724
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79748}
This is a reland of commit 3ce690eef2
Changed for the reland:
- Remove the currently-unused BytecodeArray member to avoid MSAN
failures.
- s/return/continue/ in optimizing-compile-dispatcher.
Original change's description:
> [osr] Basic support for concurrent OSR
>
> This CL adds basic support behind --concurrent-osr,
> disabled by default.
>
> When enabled:
> 1) the first OSR request starts a concurrent OSR compile job.
> 2) on completion, the code object is inserted into the OSR cache.
> 3) the next OSR request picks up the cached code (assuming the request
> came from the same JumpLoop bytecode).
>
> We add a new osr optimization marker on the feedback vector to
> track whether an OSR compile is currently in progress.
>
> One fundamental issue remains: step 3) above is not guaranteed to
> hit the same JumpLoop, and a mismatch means the OSR'd code cannot
> be installed. This will be addressed in a followup by targeting
> specific bytecode offsets for the install request.
>
> This change is based on fanchen.kong@intel.com's earlier
> change crrev.com/c/3369361, thank you!
>
> Bug: v8:12161
> Change-Id: Ib162906dd4b6ba056f62870aea2990f1369df235
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3548820
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79685}
Bug: v8:12161
Change-Id: I48b100e5980c909ec5e79d190aaea730c83e9386
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565720
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79746}
