Instead of implementing ExternalObjects as plain JSObjects with a single
EmbedderDataSlot pointing to a Foreign containing the actual raw
pointer, this CL now creates a new JSExternalObject type that directly
contains the external pointer.
As a side-effect of this refactoring, nullptr values are now no longer
valid for ExternalObjects.
Change-Id: Ic8ff334681c966e823ca70f34dd1efaaa21a0789
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513234
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79459}
This CL fixes a deopt loop that might happen in case of mixing
Number with BigInt in bitwise binary operations.
Bug: v8:12693
Change-Id: Ib6a08d0c74a954ade3719bd6bd49ca2988d88e69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3505542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Cr-Commit-Position: refs/heads/main@{#79456}
vector register has different register file from float register in Risc64 rvv extension.
So this cl add third FPalising kind INDEPENDENT to allocate independently simd register.
Bug: v8:11976
doc: https://docs.google.com/document/d/1UwmUwOI3eeIMYzZFRmeXmfyNXRFHNZAQ4BcN0ODdMmo/edit?usp=sharing
Change-Id: I0fb8901294b4bc44b0bee55e630b60460e42bef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383513
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79449}
when BuildCreateArrayLiteral
In spread calls, create array literal boilerplates for
BuildCreateArrayLiteral rather than emit array literals
without any boilerplates
Bug: v8:11582
Change-Id: Ia0538bd043eab040c3059440e982c7f0037d1a3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507126
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79447}
The scope can be (and is) used by compiler threads, i.e. not just by the
main thread; update the comment.
Change-Id: Ifbeb414761cee4ab12dd953f0cd544f35c92fc8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516037
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79445}
Store the total committed physical memory in
SemiSpace::committed_physical_memory_ and keep it up-to-date when
adding/removing pages from it, similar to the PagedSpace.
So far we were iterating all pages in the SemiSpace to calculate this
value.
Bug: v8:12691
Change-Id: Iaf3c5eadd60db561a6ddb06014f82703b0df6873
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513836
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79444}
Move the check for whether an object is live or dead out of the
prefinalizer trampoline. Moving it into the backend allows for
inlining the check which avoids a call to the trampoline for live
objects.
On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
~2k finalizers registered. In order to avoid memory overhead in the
range of a few KB, we store the fact whether the object points to the
base object payload in the LSB of the pointer. For caged builds this
is replaced with just storing the index into the cage for both object
and base object payload.
Locally saves around ~10% of atomic sweeping processing time which is
in the order of .05ms.
Bug: v8:12698
Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79442}
The CL runs Oilpan minor GCs after each Scavenger cycle.
Bug: chromium:1029379
Change-Id: Ic67cf4dc9158759207f0209640f1720bf188cc1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472500
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79440}
When the Isolate is already available, there is no need to fetch it
through GetIsolate.
Change-Id: I3ddc3d46924b401f154360564b203406a9b9e8e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3510389
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79439}
... for 32-bit Windows.
When the TLS value is not set the TlsExpansionSlots field of the TEB
struct might be NULL in which case the InternalGetExistingThreadLocal
should return NULL too.
Bug: v8:12653
Change-Id: Ic6c6d8e51e2447551c372720fad0967e9201f3dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513835
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79437}
When compiled with `target_cpu = "x86"` several
VirtualAddressSpaceTest's crashed with segmentation fault when calling
VirtualAlloc2. Explicitly specifying calling convention fixed the issue.
Change-Id: Ie505006be0d44525c935c89b84caa2c373cea566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3501836
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dmitrii Tsykunov <dtsykunov1@yandex-team.ru>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79436}
This reverts commit 190b5d959b.
Reason for revert: We should understand & fix regressions, see crbug.com/1304870#c9.
Original change's description:
> [compiler] Don't remove OSR code cache if deoptimizing at out of loop
>
> The main purpose of OSR compilation is fasten inner loop execution, the
> OSR code cache is still correct for loop if optimizing at out of loop,
> keep OSR code cache can reduce unnecessary slow bytecode execution with
> feedback collection and avoid re-OSR compilation.
> This CL can improve JetStream2 case navier-stokes by ~6%.
>
> Change-Id: I9518317fb922071b131cab5b56998a0fc198804a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494981
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Tao Pan <tao.pan@intel.com>
> Cr-Commit-Position: refs/heads/main@{#79413}
Bug: chromium:1304870
Change-Id: I8791edc34b66ef9dd0b477d3e340e85b0617ef59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3515732
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79435}
Don't rely on register_values[index] == nullptr for checking if a
register is free, but instead re-use the free register list, and iterate
the allocatable_register & ~free_register list when iterating used
registers.
This also changes the indexing of register_values to be by register
code, not allocatable register index. The register state stored on the
InterpreterFrameState, however, stays compact (allocatable register
count). A new wrapper class + iterator keeps iteration over it and the
register_values array in sync.
Bug: v8:7700
Change-Id: I7815aa2d4a1f7b7ebafaaafe0727219adcc4dcfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512792
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79434}
Atomics.load and Atomics.store now accept string field names as the
2nd argument when the 1st argument is a shared struct.
Currently these are implemented in C++ and not yet in CSA.
Bug: v8:12547
Change-Id: Ideeafc13fb6a925540edf3dc17428c8e50bcee79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3510837
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79431}
- Roll forward to Update google_benchmark
- Add export header that is usually generated by the build system of
google benchmark. We can ignore the export macro as we always just use
the library in a source set.
Bug: v8:12666
Change-Id: Ifec570745c0258aa541b7aea41ba557a7e0fe563
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512575
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79429}
Instead of using the high water mark for determining this metric, we use
a bitset for all active/used system pages on a V8 heap page. Each time
when allocating a LAB on a page, we add the pages of that memory range
to that bitset. During sweeping we rebuild that bitset from scratch and
replace it with the old one in case free pages are discarded by the GC.
We DCHECK here that the sweeper only ever removes pages. This has the
nice benefit of ensuring that we don't miss any allocations (like we
do now for concurrent allocations).
CommittedPhysicalMemory for a page is then calculated by counting the
set bits in the bitset and multiplying it with the system page size.
This should be simpler to verify and track the "real" effective size
more precisely.
One case where we are partially less precise than the current
implementation is for LABs. In order to reduce complexity we now treat
all pages of a LAB allocation as active immediately. In the current
implementation we tried to only account the actual used part of the LAB
when changing the LAB later. This is more complex to track correctly
but also doesn't account the currently used LAB in effective size.
Change-Id: Ia83df9ad5fbb852f0717c4c396b5074604bd21e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497363
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79428}
NewSpace page operations like RemovePage, PrependPage, and
EnsureCurrentCapacity should account for committed page size.
This may happen when a page was promoted from the new space to
old space on mark-compact.
Also, add DCHECKs on Commit and Uncommit to ensure the final
committed page size is the same as the current state.
Bug: v8:12657
Change-Id: I7aebc1fd3f51f177ae2ef6420f757f0c573e126b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504766
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79426}
HeapObjectIterator creates a SafepointScope which requires the heap to
allow garbage collection. This collides with the outer
DisallowGarbageCollection scope. HeapObjectIterator already ensures
there is no allocation during its lifetime, so there is no need to
create an outer DisallowGarbageCollection scope.
Code::source_position_table requires their kind not equals to
CodeKind::BASELINE.
This also exposes the statistics extension through flag
--expose-statistics.
Bug: v8:12657
Change-Id: I1bf11cf499285a742dd99ec8c228ebc36152b597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3496552
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79425}
This is a reland of commit a664aef0ca.
The test is made ~25x faster by using integer parameters instead of
floating point.
Original change's description:
> [asm] Reject import calls with too many parameters
>
> The asm parser was missing a check for too many parameters for calls to
> imported functions. For regular functions this check implicitly existed
> because the limit was checked at the function declaration, and the call
> site needs to match the declared parameter count.
>
> R=mslekova@chromium.org
>
> Bug: chromium:1302596
> Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79415}
Bug: chromium:1302596
Change-Id: I138561742b38939a1c2c9a69a6fa508d4f3a028d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513613
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79424}
Allows incremental test, while some codegen paths are not available.
Bug: v8:7700
Change-Id: Icc24cf8e85464587f9eee6175107093a25b76da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512794
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79423}
Registers were supposed to fit in an int, but some register subclasses
added extra fields which made them too big. This fiddles around with
field sizes so that all the Register subclasses still fit inside of an
int (by making the Register code field 8-bit etc).
Change-Id: I31ffbc8f98b6a5e1f638fc59147009e5f81dff41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513612
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79421}
The only user of OverrideEmbedderStackStateScope is Blink where it is
used to override stack state of top-level tasks. Adjust the behavior
here to allow using this scope broadly while still supporting explicit
garbage collection calls.
Bug: chromium:1300492
Change-Id: I78c418c5f08991bf6857147cd4a537246bfcc556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497744
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79420}
Replace all CONVERT_XXX_ARG_XXX() macros from runtime-util.h with direct
calls to Arguments or the fully expanded equivalent.
- This replaces many of the hard CHECKs with DCHECK (as is common
practice in most V8 code)
- Instead of relying on verbose comments we now have readable code
- Rename Arguments.::xxx_at with Arguments::xxx_value_at since these
methods don't return the Object but rather their double/int value
- Add Oddball::ToBool helper
- Add and use v8::internal::PropertyAttributesFromInt helper
- Add stronger DCHECK for PropertyAttributes returned in
GetPropertyAttributesWithInterceptorInternal
Bug: v8:11263
Change-Id: I8d531857e05d19f3198753b05af28d993a391854
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497768
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79418}
This reverts commit a664aef0ca.
Reason for revert: Times out on CFI: https://cr-buildbucket.appspot.com/build/8820170241901030897
Original change's description:
> [asm] Reject import calls with too many parameters
>
> The asm parser was missing a check for too many parameters for calls to
> imported functions. For regular functions this check implicitly existed
> because the limit was checked at the function declaration, and the call
> site needs to match the declared parameter count.
>
> R=mslekova@chromium.org
>
> Bug: chromium:1302596
> Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79415}
Bug: chromium:1302596
Change-Id: I743647f739e0cc93b2e99145086dbbb7d2660c79
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512853
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79417}
The asm parser was missing a check for too many parameters for calls to
imported functions. For regular functions this check implicitly existed
because the limit was checked at the function declaration, and the call
site needs to match the declared parameter count.
R=mslekova@chromium.org
Bug: chromium:1302596
Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79415}
The main purpose of OSR compilation is fasten inner loop execution, the
OSR code cache is still correct for loop if optimizing at out of loop,
keep OSR code cache can reduce unnecessary slow bytecode execution with
feedback collection and avoid re-OSR compilation.
This CL can improve JetStream2 case navier-stokes by ~6%.
Change-Id: I9518317fb922071b131cab5b56998a0fc198804a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494981
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#79413}
When I was looking at the v8 Promise source, I noticed that some of the links that needed to point to ECMA262 were broken, some were deprecated, some were not legitimate, so I tried to fix them.
Bug: no
Change-Id: I26deeb635d8c293245e7cdb62089f60557547846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3462029
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79411}
