Simplify the checks in the C++ marking barrier that deal with
shared objects. The checks we now use here are the same we will be
using for the JS barrier in RecordWrite (see
https://crrev.com/c/4020176).
This CL also reworks WriteWithoutHost, the barrier used for traced
handles. It doesn't use MarkValue anymore since the logic is a
bit different to the regular marking barrier on objects.
Bug: v8:13267
Change-Id: If23b65ce5f06af99a5cea864ce28a68f8d5b37de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4031028
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84317}
GenPCRelativeJumpAndLink doesn't use BlockTrampolinePoolScope.
It inserts a BlockTrampolinePool which causes this error.
And also alter debug info format.
Change-Id: I160f13f4261fdcf1f7978bfce9b5169d363e6a10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4032016
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#84316}
We introduce {SignallingNanPropagation} in MachineOperatorReducer to
make the call-sites easier to read.
Change-Id: I61d46fda5f6156a87f8504c38cae6b014e4021ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026771
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84315}
This reverts commit 43f03448d3.
Reason for revert: Data race caught by TSAN:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/22640/overview
Original change's description:
> unified-young-gen: Trace cross-heap references
>
> The CL enables the marking visitor in CppGC to trace
> v8::TracedReferences (by just reusing the unified heap visitor from the
> full GC). In addition, it specifies VisitJSApiObject for
> NewSpaceVisitors to be able to trace wrappers from Minor MC in case
> --cppgc-young-generation is enabled.
>
> Bug: v8:13475
> Change-Id: I04ba1f2a22e05caebf53dc8d64f2488c42ab8579
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026896
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84313}
Bug: v8:13475
Change-Id: I8b8351774a121ca2296efa3c8d3a588fa7380d86
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4032053
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84314}
The CL enables the marking visitor in CppGC to trace
v8::TracedReferences (by just reusing the unified heap visitor from the
full GC). In addition, it specifies VisitJSApiObject for
NewSpaceVisitors to be able to trace wrappers from Minor MC in case
--cppgc-young-generation is enabled.
Bug: v8:13475
Change-Id: I04ba1f2a22e05caebf53dc8d64f2488c42ab8579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026896
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84313}
Cancel the unnecessary fix
https://chromium-review.googlesource.com/c/v8/v8/+/4028559
and fix the problem at its root, TypedArraySpeciesCreateByLength.
This fix also fixes other variants of this bug (see tests).
Drive by: harden by setting length = 0 (not only byte_length) for length
tracking TAs.
Bug: v8:11111,chromium:1384474
Change-Id: I3ba660f7f600c0b946c75e7f13276703394c7df2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030259
Auto-Submit: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84312}
This mirrors the following Chromium CL:
https://crrev.com/31c75523db83496571386484cc03510cef35038a
`instrumented_libraries_release` will be necessary while the
msan bots are upgraded from Xenial to Focal.
Bug: chromium:1260217
Change-Id: I116a9f516c695797433c7b719f2579c0bda95ec8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4029616
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84311}
This will make our generic fuzzers (wasm-fuzzer, wasm-code-fuzzer,
wasm-async-fuzzer, ...) fuzz wasm-gc opcodes.
We were already fuzzing specific instructions in the wasm-compile
fuzzer, but were missing fuzzer coverage for corner cases and
instructions not supported by that fuzzer.
R=jkummerow@chromium.orgCC=manoskouk@chromium.org
Bug: v8:13496
Change-Id: Iccca96e32a64d20c11bc425fb5b1e9a1e3aa7486
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030986
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84310}
This is needed to prepare for the landing of ICU72.
Allow U+202F in the Date String, which the toLocaleString("en-US")
will generate w/ ICU72.
Bug: v8:13494
Change-Id: I41b83c4094ce3d0737a72dcd6310b52c68fdcdca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027341
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84308}
The CL adds standalone Oilpan tracing to minor MC. No cross-heap
references are currently processed. In addition, the CL removes
wrapper iteration from Oilpan Minor MC.
Bug: v8:13475
Change-Id: I3a0670e1f3431a3aa723217d5361e4e74f9b0c0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027209
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84306}
The stack object is primarily used for conservative stack scanning, both
by the V8 and C++ garbage collectors. This CL introduces the notion of a
"stack context", which comprises of the current stack marker (the lowest
address on the stack that may contain interesting pointers) and the
values of the saved registers. It simplifies the way in which iteration
through the stack is invoked: the context must have previously been
saved and iteration always uses the stack marker.
Bug: v8:13257
Bug: v8:13493
Change-Id: Ia99ef702eb6ac67a3bcd006f0edf5e57d9975ab2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4017512
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84303}
Adding and removing the MicrotasksCompletedCallback should be
associated with the microtask queue of the Context. We store the
context as WeakPtr and always remove the callback when it completes
regardless of the state of the debugger.
BUG=v8:13450
Change-Id: I40d623b05952575febfb76accc15512a38d14ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004602
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84302}
Additionally:
- Remove the early data-count section from module-decoder and
wasm-module-builder.js.
- Move a test from gc-nominal.js to array-init-from-segment.js.
- Comment-out relevant tests.
Bug: v8:7748
Change-Id: I5e038e0b6227c28ce79ffe39529ada59c34187eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4028144
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84301}
Most wasm fuzzers live in the v8::internal::wasm::fuzzer namespace.
Thus also move the wasm-fuzzer there. Additionally
- use the C++20 syntax for declaring the namespace,
- skip unneeded full or partial classifications on types, and
- remove a redundant HandleScope.
R=ahaas@chromium.org
Bug: v8:13496
Change-Id: I31d948af449efd9708aa6b27f35e8f3c9280a3f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030579
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84300}
StackMemory::base() returned an approximate value for the root stack.
Ensure that it returns the exact value reported by the OS, so that
conservative stack scanning can use this method to determine the bounds
of each segment in a uniform way.
R=ahaas@chromium.org,nikolaos@chromium.org
Bug: v8:13493
Change-Id: I9f267a568494a7744882d148fd65fe42f7b119af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030316
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84298}
Now that lazy compilation is shipped, we effectively overwrite the
default (true) via the weak negative implication anyway. Hence switch
the default to false to avoid confusion.
R=ahaas@chromium.org
Bug: v8:12852
Change-Id: Idd662992930db8a5df565b967a6820d662681ec6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030480
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84297}
Create RegExpTextBuilder as a separate class to handle creation of text
elements in the regular expression parser.
The main motivation is to re-use the text builder for StringDisjunctions
in unicode sets mode (to be implemented).
Bug: v8:11935
Change-Id: Ice5f035f1638bb6d9c58f62ce2a133882da736ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3967901
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84296}
The isolate root is stored on the Wasm instance but also available
directly in the root register. Save (at least) one load and use the root
register directly.
R=jkummerow@chromium.org
Bug: v8:13449
Change-Id: I7426c6d2295e443e4971eea097b849ee50bf09c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026123
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84295}
With shipping lazy compilation, we lose the test coverage for eager
compilation. This is bad, because with PGO, eager compilation may have
a comeback. With this CL we enable eager compilation in the
nooptimization test variant. This variant seems to be the best fit, as
there are no conflicts with existing flags. The --liftoff flag is not a
problem, because Liftoff was anyways the default for eager compilation.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: I002ecb2a31ad2e2335a0469fdf5e3d5bda3b33bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027004
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84294}
Refactor the API to avoid passing in a pointer to a {shared_ptr}. In the
caller it's not always obvious that this can change the object that the
{shared_ptr} points to, which again can lead to UAF bugs.
Passing in a {shared_ptr} and receiving back a potentially updated
{shared_ptr} makes this more obvious.
R=ahaas@chromium.org, thibaudm@chromium.org
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Change-Id: Ib209c3c223df07446f0cd4472bc3f68f3897919f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020230
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84293}
So far the callback was not registered when the module got loaded from
the code cache.
R=clemensb@chromium.org
Bug: chromium:1384530
Change-Id: I9477ad50a2642e2268bfacf97a2eacda6610b25d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027927
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84292}
Don't re-use the same mechanism for non-tagged constants as we do for
tagged ones, since then we end up with untagged values in exception
phis.
Instead, emit constants along with other non-tagged materialisations --
however, avoid unnecessarily Push/Popping them on the stack, or calling
Builtin::kNewHeapNumber, but embed them directly as tagged values in the
code.
Bug: v8:7700
Change-Id: I8db1314c274104cec292178d37fac58ef45d769f
Fixed: chromium:1385271
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4030477
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84291}
Allow nodes to be considered dead as soon as they are visited during
input assignment, by updating uses immediately (rather than waiting
until all inputs are assigned). This helps the case of clobbered
registers, which now know whether they need to be saved or not.
Also, disallow using existing blocked registers when assigning clobbered
inputs, so that a clobbering input doesn't accidentally clobber a
non-clobbering one.
Bug: v8:7700
Change-Id: I9b91b66ac159f0dd20c9554a860fdbf2545c400d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020508
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84290}
EnsureTagged for Int32 and Uint32 uses NodeInfo::tagged_alternative, but
Float64 was still using the old "check next node" approach. Update this
to be inline with the others.
Bug: v8:7700
Change-Id: I682c48828753d98b740df0f6ac21ae1c6bda722c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4022708
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84288}
The interesting cases are already covered by !is_conversion() and
representation checks, so all these DCHECKs give us at this point is
clusterfuzz false positives.
Bug: v8:7700
Change-Id: I5d6b194ba57da2378f5b2eb3e71f520a53d6b5da
Fixed: chromium:1384318
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4028146
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84287}
I needed to do something similar in crrev/c/4024485.
Change-Id: I99c97b4bb1739fcc453659b10b378d1a04f18c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4022374
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: S Ganesh <ganesh@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84285}
Before we start unmarking, notify the stats collector about it as
otherwise it would assume that no GC is in progress and fail on a
DCHECK. In addition, fix standalone unmarking.
Bug: v8:13475
Change-Id: I028dadda60ab82b8a8769d84679d8e066f196da0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4026897
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84284}
shared_space() and shared_lo_space() weren't verified so far when
using --shared-space.
Bug: v8:13267
Change-Id: Ibe956d3f506651576815b3a3d84d531019419a3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027208
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84283}
If Int64Constant[value] can be casted from an Int32Constant(value>=int32_min and value<=int32_max), we can reduce the redundant Int32ToInt64:
-------------------------------------------------
Int64LessThan(Int32ToInt64(a), Int64Constant[value])
====>
Int32LessThan(a,Int32Constant[value])
-------------------------------------------------
Otherwise, if value<int32_min:
-------------------------------------------------
Int64LessThan(Int32ToInt64(a), Int64Constant[value])
====>
# Always false
Int32Constant[0]
-------------------------------------------------
If value>int32_max:
-------------------------------------------------
Int64LessThan(Int32ToInt64(a), Int64Constant[value])
====>
# Always true
Int32Constant[1]
-------------------------------------------------
Change-Id: Id0de1dacad99d1f17b8e652472c2f4bc9ae79c15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3967835
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84281}
These tests were needed when missing features were implemented in
Liftoff, and the in-progress implementation was disabled by default.
Since the Liftoff code is enabled by default now, the test copy can be
deleted.
R=jkummerow@chromium.org
Bug: v8:12926
Change-Id: Iecdf02645a63e93a51f6ce297d168e149d68be26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027928
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84279}
Otherwise compilation could fail with this error:
```
{standard input}: Error: instruction address is not a
multiple of 4
```
Note the number parameter specifies the log base 2.
Change-Id: I2571bc5ba58e90ccc45e1c3f34da768b82d91b3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027072
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84277}
A surrogate pair split by an "always succeeding" backreference
(backreference capturing undefined, because it hasn't captured anything
yet) was incorrectly combined into a surrogate pair, resulting in
incorrect matches.
Bug: v8:13410
Change-Id: I2faf9ca5f9fcfd55cd6933a1ea038c88f8d3f524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013159
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84276}
The CL add no-op hooks into MinorMC that calls into CppHeap young gen.
The unified-young-gen is gated behind the --cppgc-young-generation flag,
which implies --minor-mc.
The CL also removes then call into standalone CppHeap::RunMinorGC().
Bug: v8:13475
Change-Id: I854efdac29642a0667ccd18451807e9bfab6777e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020435
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84275}
Since crrev.com/30c19f3292fed9c499dd5a8f852bc76a481d6368, we always
allocate the wasm_internal_functions array on WasmInstanceObject
creation. This patch initializes that array with zero bits, so we
can use a Smi check (instead of a comparison to Undefined) to check
whether a given slot has been initialized already. This makes the
code generated for `ref.func` slightly smaller and more efficient.
Bug: v8:7748
Change-Id: I9d2b8fba4dc61d27e96b6e917c77133519af43ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4028561
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84272}
Speculation during builtin inlining doesn't have associated feedback,
so failures of speculation in such inlined builtins can cause deopt
loops.
The proper way of handling this is disabling speculation for these
calls, but a workaround is to not speculate and rely on type inference
for the inlined builtins (which is mostly sufficient for the ones we
have so far).
Bug: v8:7700
Change-Id: I6d88885fb13f744013c3b68508ec34d3022914cb
Fixed: chromium:1384428
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4028238
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84270}
Unlike the default scheme the ExternalCodeCompressionScheme allows
the cage to cross 4GB boundary at a price of making decompression
slightly more complex. The former outweighs the latter because it
gives us more flexibility in allocating the code range closer to
the .text section in the process address space. At the same time
decompression of the external code field happens relatively rarely
during GC.
Bug: v8:11880
Change-Id: Ia62bedd318f88c2147534ff000ab9fad354777f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3899307
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84269}
