Currently V8 recompiles all functions of a WebAssembly module with
TurboFan when a debugging session ends. This is outdated behavior and
causes OOMs for developers. With this CL all debugging code gets removed
when a debugging session ends, and functions get re-compiled lazily.
This behavior may lead to slightly worse performance for some time after
debugging finishes, but it avoids OOMs, and developers are used to
debugging code being not as performant as production code.
R=clemensb@chromium.org
Bug: chromium:1372621, v8:13224
Change-Id: I9fc97408ef92ad5564f2a9743213762226c2b25e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055923
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84509}
This simplifies some call sites as they do not need to worry about
stores to external pointer fields (especially lazily initialized ones)
triggering GCs. This also keeps the sandbox and non-sandbox mode more
consistent, as these stores will never trigger GC in non-sandbox builds.
Since there must be millions of objects that own the external pointer
table entries, the chances are quite high that GCs will anyway be
scheduled. If not, we should instead see if we can introduce an API
to only schedule incremental marking but not perform GC finalization.
Bug: v8:13535
Change-Id: Ie3c82b51194746107d4b0ed61d47abf87d28ba63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061688
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84508}
With shared strings we can't get the isolate/heap from the heap object
itself, so we need to pass this as additional argument instead.
Luckily enough all callers already know the current isolate.
Bug: v8:13267, chromium:1392755
Change-Id: I7c40f7a38da8ad57fcdaa575451b8f5ac2272b1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4059026
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84507}
Performing actions such as changing page permissions can fail under
memory pressure, as such, these DCHECKs can sometimes trigger and should
be removed. Instead, this CL adds V8_WARN_UNUSED_RESULT to these APIs to
ensure that callers check the return value.
Bug: chromium:1382075
Change-Id: I678d3fb41ee465feda7d677678d3462dbc4c5940
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4031633
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84506}
One of the kMips64MulOvf should be kMips64DMulOvf.
Change-Id: Ie333da46b443513c58d78bc092a3245ce612efbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061106
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#84505}
Rolling v8/build: abd061c..3542a5d
Rolling v8/buildtools: 8641823..4a1666e
Rolling v8/buildtools/third_party/libc++/trunk: 8a91ae4..0488dfb
Rolling v8/buildtools/third_party/libc++abi/trunk: 83cce21..7362046
Rolling v8/third_party/depot_tools: 73a2624..0115386
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221123.1.1..version:10.20221126.2.1
Change-Id: Ib645e3757a280b9ffbd542b428560f7734a05520
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4058468
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84503}
This CL moves the architecture-dependent Word32ShiftIsSafe() check
from C++ code to CSA graph in order to ensure that the builtins control
flow structure is architecture-independent.
Since the constant value is known at compile-time TurboFan will remove
the check and delete the dead code so in the end the generated code
will be the same and when the check was on C++ side.
However, having these checks in the CSA graph keeps the initial state
of graph structure the same for all architectures of the same bitness.
This allows reusing the x64/x86 builtins PGO profiles on arm64/arm
builds respectively.
Bug: v8:10470
Change-Id: I5a7a10dfbf905e542d14f05193ff3b3990288b87
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055606
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84497}
Now that 1618cb9f99
has landed, BranchElimination should work again.
Bug: v8:12783
Change-Id: I6c1f148d1ce97a45107bfed2da41b387ad9bf1ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055113
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84496}
As this is by now equivalent to v8_enable_sandbox.
Bug: v8:10391
Change-Id: I1eef40a86b984a1867de3513a108ece0d43ec394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055273
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84494}
PPC has a smaller wasm code space compared to other platforms and
as a result can't execute modules with large number of functions.
More details are available under the comment section of
crrev.com/c/4027963
Change-Id: I0531ec855ee9ffa5542bf0527287a3e49e1cdb0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4053377
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#84491}
This test had to be updated for --shared-space because the main isolate
is always parked when the client isolate requests a GC. In such cases
the GC isn't performed and therefore the weak handle not reset.
The CL moves the client isolate into a proper thread which allows the
main isolate to remain in the running state.
In addition this CL adds the BasicMemoryChunk::ComputeMarkBit
methods. These methods make it easy during debugging to compute
the MarkBit (cell + mask) for an object.
Bug: v8:13267
Change-Id: I6680d8d1d8b36d86b22c43399abbd4325f64ccb2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4054622
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84488}
This is consistent with the bottom value type.
Bug: v8:13525
Change-Id: Ib413c67a3b79b27280e2ea6b8ba3d48d3786cdf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4053553
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84485}
If a value is used after a try-block finishes, we need to make sure that
the catch-block can restore its value. Otherwise we'd accidentally drop
the value on register merge thinking we're in a liveness hole on the
merge after the catch (since the catch cleared all the registers). This
then breaks JumpLoops that need to restore the value in a specific
register.
Bug: v8:7700, chromium:1392061
Change-Id: I7255ccf9b36bf36583ad612882137b251c48caed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055111
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84483}
The flag --harmony-struct changes the global object which is
observable when doing differential fuzzing. The flag will now be
ignored to close ongoing false positives. It could be enabled in
the future if the global object stays equal in all compared
configurations, which could be faked behind the flag:
--correctness-fuzzer-suppressions.
No-Try: true
Bug: chromium:1393020
Change-Id: Ib5f3325a742dd32cac34febca58bf99e0184ac97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055627
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84478}
This uses arch-specific config keys for gcmole prepared by:
https://crrev.com/c/4055685
In a follow up, we can move the runs to bots with the respective
architecture.
Bug: v8:9287
Change-Id: Iedbb44490195b49d560658451263a1abdc2d3258
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055320
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84477}
HeapTest.GrowAndShrinkNewSpace emulates a GC cycle for shrinking new
space. Starting a new MinorMC cycle should first finalize sweeping from
the previous GC cycle.
Bug: v8:12612
Change-Id: Iea35b54ba0f7be3b7870c557c92042a8d9896045
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055625
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84475}
There are still tests that use EmbedderHeapTracer, which would crash
with --minor-gc enabled. Bail out from PerformWrapperTracing() if
there is no cpp marking worklist to MarkingWorklists (i.e. Publish()
returns false).
Bug: v8:13475
Change-Id: I04708ffe8ebaf18f94f1a3fc60d9f6afeef13e03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055505
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84473}
This DCHECK doesn't hold anymore since we are comparing the old
and the new target objects.
Bug: v8:13267
Change-Id: I7fe1ec58f165555eab003bf021b856a5095e8daf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4056256
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84472}
Objects in shared space cannot have pointers to objects outside
the shared heap (apart from read only space). Improve heap
verification to also handle this invariant.
Bug: v8:13267
Change-Id: I28c5987bd6f74658eb75329be7c2d011f9569913
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055683
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84470}
During a shared garbage collection, the heap was verified both in
Heap::PerformGarbageCollection and Heap::PerformSharedGarbageCollection
and concurrent marking was paused/resumed twice. This CL removes what
is not necessary and fixes the order: pause, verify, GC, verify, resume.
Change-Id: I0f687a37785cbb99691fc83c0c80c8ca4a30bb71
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4042242
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84466}
The WasmModuleBuilder is used in tests for creating Wasm modules. It can
be pretty slow for huge modules, in particular in simulator builds or in
slow variants like gc-stress.
This CL adds a fast path to the code section creation, for functions
without locals. This makes the wasm-max-functions test 1.45x faster in
the arm64 simulator (generation of the code section alone gets 2.2x
faster).
R=ahaas@chromium.org
Change-Id: I993542448fb4f0b5fdadca13c59691d86844e2a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4051606
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84465}
Maps might be allocated in the shared space as well when using
--shared-space.
Bug: v8:13267
Change-Id: I8e5e0742d0dc519d676d1adb3f2fffc8a17ca3c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055503
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84464}
Pass the map list into BuildCheckMaps as a base::Vector (a non-owning
span type) rather than ZoneVector, so that it can accept either an
existing ZoneVector, or an on-stack array.
Bug: v8:7700
Change-Id: Iaef0986433bc7984ee28883c6f1e9fb32f538ecb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4004959
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84463}
Make the process-wide code range a once-initialised leaky object, rather
than having a global weak_ptr + per-heap shared pointers and allowing it
to be collected when all Isolates die.
These weak pointers add locking overhead when accessing the code range,
which shows up in GC and deoptimization traces when attempting to
calculate Code objects from PCs. The process-wide pointer compression
cage is already leaky, so it makes sense for the code range to be
similar.
Bug: v8:11460
Change-Id: Ibebd468ebad9eafe8aec49f575cdbf604e4b6cc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4051201
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84462}
This validity cell is already invalidated from its creation, which
means this object is actually immutable. Move it into RO space to make
use of this property.
There was one store to that object which simply overwrote that
invalid marker with the same value. This CL changes this into a
conditional store.
Bug: v8:13267
Change-Id: I12ab5a41bd9fc0a62523a4ac35607c4b38b2acee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055895
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84461}
We do not record OLD_TO_SHARED slots in the shared heap itself. This
invariant can be checked in the heap verifier.
Bug: v8:13267
Change-Id: Ie2f3fb0923c597c962a1139d2986258a65998648
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055663
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84460}
