Commit Graph

73785 Commits

Author SHA1 Message Date
legendecas
62155dbd3c [ShadowRealm] ShadowRealm.prototype.evaluate and WrappedFunction
Bootstrap ShadowRealm.prototype.evaluate, WrappedFunction
and WrappedFunction.[[Call]].

Bug: v8:11989
Change-Id: Id380acb71cd5719e783c8f5d741cc4ccf2a93e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432729
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79293}
2022-02-25 19:16:17 +00:00
Yuri Iozzelli
29f1c13849 Update WebAssembly Branch Hinting proposal
The main change is the section name, which is now 'metadata.code.branch_hint'.
The binary format has also a couple of minor changes.
Semantics remain unchanged.

Change-Id: I056c9f672ae494979e8ea55266fa766139b71d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487788
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79292}
2022-02-25 17:29:57 +00:00
Leszek Swirski
a3361beec4 [maglev] Emit parallel moves at ends of blocks
Defer reg->reg moves at end-of-block Phi resolution, and resolve them as
parallel moves using a recursive algorithm with cycle detection.

Bug: v8:7700
Change-Id: I74b9e451775595e6ec3bf1ca2f50e483b876f204
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487992
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79291}
2022-02-25 16:59:27 +00:00
Clemens Backes
5d4acc4eea [wasm] Avoid passing nullptr to CodeSpaceWriteScope
After https://crrev.com/c/3484317, passing {nullptr} to the
{CodeSpaceWriteScope} won't work any more. Since the tests do not have a
{NativeModule} to pass instead, make them use
{pthread_jit_write_protect_np} directly.

The jump-table assembler tests have dedicated threads for writing and
executing the code, so we just switch once per thread. The icache test
switches between writing and executing, so we use a little struct for
switching.

R=jkummerow@chromium.org, tebbi@chromium.org

Bug: v8:12644, v8:11974
Change-Id: I116f3ad75454f749cdc4635802a4617ff91548b2
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487995
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79290}
2022-02-25 16:49:17 +00:00
Toon Verwaest
2db140b513 [maglev] Replace LiveNodeInfo reg with registers
Instead of storing a single register, store the entire RegList. This
simplifies a lot of things. We will use RegLists for free registers etc
too later.

Bug: v8:7700
Change-Id: I32146023c7b9bc9e553e3db98fe034e8cef7d09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487994
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79289}
2022-02-25 15:51:18 +00:00
Jakob Kummerow
51e819824d [wasm] Fix reachability tracking for folded branches
When we can eliminate a branch-on-type instruction based on statically
available type information and replace it with an unconditional branch,
we have to mark the rest of the current block as unreachable.

Change-Id: I9b8cc2f8e76da0b1b7cdf72b150ec675e9aae1a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490931
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79288}
2022-02-25 15:23:02 +00:00
Clemens Backes
730d826e7d [wasm] Check for write-protection when executing JS
{Invoke} is the central bottleneck for calling into generated code.
Check that at this point, no {CodeSpaceWriteScope} is open, otherwise
the JS code could write to the code space once it gains access to an
arbitrary-write gadget.

R=jkummerow@chromium.org

Bug: v8:11974
Change-Id: Ie323cea442a5ea355a1c975b300a1cc5a6edf433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487787
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79287}
2022-02-25 14:39:37 +00:00
Clemens Backes
1023eceedd [wasm] Fix CodeSpaceWriteScope for different modules
In very rare cases we open CodeSpaceWriteScopes for multiple native
modules at the same time, e.g. for tier down (debugging) via

  ExecuteCompilationUnits
--> PublishCompilationResults
--> OnFinishedUnits
--> TriggerCallbacks
--> AsyncCompileJob::CompilationStateCallback::call
--> WasmEngine::UpdateNativeModuleCache
--> RecompileNativeModule [for tier down]
--> InitializeRecompilation
--> FindFunctionsToRecompile
--> CodeSpaceWriteScope

Fixing this would be difficult because we actually want to keep the
CodeSpaceWriteScope open during subsequent publishing. So instead,
remove the assumption that scopes are always only open for one module at
a time.
In order to do this, we remove the {code_space_write_nesting_level_}
counter and instead use the {current_native_module_} field in all
configurations to check whether a scope is currently open, and for which
module.

R=jkummerow@chromium.org

Bug: v8:12644, v8:11974
Change-Id: Idd24c87f5938c43e867c41fa1cd3879def6f3873
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484317
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79286}
2022-02-25 14:08:50 +00:00
jameslahm
8261497889 [symbol table] use plain hash table to implement symbol table in isolate
The per-Isolate Symbol tables are implemented using NameDictionary
before, which has additional property details overhead
And NameDictionary is limited to 2^23, which limits the Symbol
tables to be a maximum of 2^23.

- replace NameDictionary with SymbolTable in isolate

Bug: v8:12575
Change-Id: Ica4f05aac3494f7dfa3a074c240d4ba25df814e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3476897
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79285}
2022-02-25 13:40:20 +00:00
Toon Verwaest
c5ce66b1b3 [reg] Add RegisterBase::TakeAny(RegList*) helper
The helper function removes a register from the list and returns it

Bug: v8:7700
Change-Id: I3f9fe9d30113b9e6c7362dc8443e39ae3d1adf07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488372
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79284}
2022-02-25 13:39:18 +00:00
Clemens Backes
f0962559f1 [wasm] Avoid accessing vector after its end
When checking whether to merge a region with its surrounding regions in
{InsertIntoWritableRegions}, we did not check first whether the
determined {insert_pos} is within the vector. We were thus accessing
(reading) after the end of the vector.

The bug only happened on MSVC builds, suggesting that clang
deterministically read a value which is never equal to the end of the
new region, whereas for MSVC it sometimes happened that we read exactly
the {region.end()} value, and we tried to merge regions.

R=jkummerow@chromium.org

Bug: v8:12643
Change-Id: If30d910ed6e996f7b0e1d8c5b439c3d842a498f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487988
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79283}
2022-02-25 13:34:48 +00:00
Clemens Backes
f65a280628 [wasm] Remove dead argument of PeekArgs
R=manoskouk@chromium.org

Change-Id: I6db42a8d851ccccf262be05feb0a7d90369cb78c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487990
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79282}
2022-02-25 13:25:37 +00:00
Michael Lippautz
679c373eb2 Reland "heap: Force incremental marking in C++ only workloads"
This is a reland of 4fde332811

Another Blink-related test fix landed, see chromium:1300492.

Original change's description:
> heap: Force incremental marking in C++ only workloads
>
> ... when above a certain minimum threshold. This is to guard against
> memory running away in scenarios where the JS heap is empty and
> there's only high throughput C++ allocations that don't allow for a
> memory reducer GC to kick in.
>
> This logic should be revisited after Oilpan's young generation
> collector is implemented which may allow switching to a more efficient
> shrinking strategy for initial heap setup.
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79255}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: Ida66e0c944094472b4856d5fecef2d199d29549b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487991
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79281}
2022-02-25 13:22:00 +00:00
Clemens Backes
b6371cfc1d [wasm] Remove dead argument from Peek
The {index} argument to {Peek} is unused. Other {Peek} methods use it to
generate the error message, but {Peek} without expected type does not
type check anything so it stays unused.

R=manoskouk@chromium.org

Change-Id: I979063f707f7305987220d6c192db7e679d930ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490930
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79280}
2022-02-25 13:20:57 +00:00
Camillo Bruni
48fc6fa481 [snapshot] Microoptimise Deserializer
- Avoid handle derefs where possible
- Split off PostProcessNewJSReceiver to avoid additional instance-type
  checks
- Precompute should_rehash_ to avoid additional branches in
  PostProcessNewObject

Bug: v8:12195
Change-Id: Ib80e711ced48b9b43072ada4e7ed72eb11ab0b8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270537
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79279}
2022-02-25 11:44:37 +00:00
Toon Verwaest
785fc6bddc [maglev] Keep an array of free registers and a vector of stack slots
Instead of scanning the array of registers, keep an explicit list of
free registers. Stack slots are equally changed to use an std::vector of
free slots instead of a linked list. Now we only need to scan
- the list of free registers when we want to allocate a specific
  register,
- and scan the list of allocated registers to see if the free value is
  already in a different register,
- scan the list of allocated registers to free some register if we don't
  have enough registers (for input, output, or temp).

Bug: v8:7700
Change-Id: Iff41b06aae656b59e4ed25e9066671a21660a73e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489487
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79278}
2022-02-25 11:41:27 +00:00
Michael Lippautz
72f105fe93 Revert "Reland "heap: Force incremental marking in C++ only workloads""
This reverts commit fe822dc984.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/13306/overview

Original change's description:
> Reland "heap: Force incremental marking in C++ only workloads"
>
> This is a reland of 4fde332811
>
> Two issues in Blink tests have been fixed before this reland.
>
> Original change's description:
> > heap: Force incremental marking in C++ only workloads
> >
> > ... when above a certain minimum threshold. This is to guard against
> > memory running away in scenarios where the JS heap is empty and
> > there's only high throughput C++ allocations that don't allow for a
> > memory reducer GC to kick in.
> >
> > This logic should be revisited after Oilpan's young generation
> > collector is implemented which may allow switching to a more efficient
> > shrinking strategy for initial heap setup.
> >
> > Bug: chromium:1029379, chromium:1300028, chromium:1300492
> > Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#79255}
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I6cd4a4d358bc1a78f2f001ed50dd9bb3f376f49e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488370
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79274}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: If325d40455f433b7910b68b24bb1cf84337f177a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488373
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79277}
2022-02-25 10:17:07 +00:00
Clemens Backes
9091311fb0 [base] Never return false from PageAllocator::{Free,Release}Pages
Instead of returning false and failing in the caller, do fail inside the
PageAllocator directly. Failure to free pages should never happen, and
handling this case in the PageAllocator directly gives us better options
to surface more detailed information in follow-up patches.

R=mlippautz@chromium.org

Bug: v8:12656, chromium:1299735
Change-Id: I6d2aa3a5613c0f1102210fccbccc6ad0e522a6ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484323
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79276}
2022-02-25 10:01:13 +00:00
Patrick Thier
8264058c28 [test] Add gc-interval flag to deopt-pretenure test
mjsunit/compiler/deopt-pretenure.js is flaky due to --gc-interval in
some variants.
The flag can cause a variable to be promoted to old space before the
test can force allocation site pretenuring for that variable, which is
essential for the test case.

Bug: v8:12652
Change-Id: If7239deaa3026bb781d3ee96df28a1bbf3a5b6f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488371
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79275}
2022-02-25 10:00:07 +00:00
Michael Lippautz
fe822dc984 Reland "heap: Force incremental marking in C++ only workloads"
This is a reland of 4fde332811

Two issues in Blink tests have been fixed before this reland.

Original change's description:
> heap: Force incremental marking in C++ only workloads
>
> ... when above a certain minimum threshold. This is to guard against
> memory running away in scenarios where the JS heap is empty and
> there's only high throughput C++ allocations that don't allow for a
> memory reducer GC to kick in.
>
> This logic should be revisited after Oilpan's young generation
> collector is implemented which may allow switching to a more efficient
> shrinking strategy for initial heap setup.
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79255}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: I6cd4a4d358bc1a78f2f001ed50dd9bb3f376f49e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488370
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79274}
2022-02-25 09:12:47 +00:00
v8-ci-autoroll-builder
4180cc4fe7 Update ICU
Rolling v8/third_party/icu: 901474b..1fa4e39

Build a CPP file with ICU data for WASM. (Harry Terkelsen)
https://chromium.googlesource.com/chromium/deps/icu/+/1fa4e39

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I2f7b33496c3c6011d4b9b9909f54225116f0d262
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488700
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79273}
2022-02-25 05:57:39 +00:00
v8-ci-autoroll-builder
d9184a3303 Update V8 DEPS.
Rolling v8/build: 9a383ac..9e7c4ed

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/08a8050..57a228b

Rolling v8/third_party/depot_tools: 36d41ce..6b28c1d

Rolling v8/third_party/zlib: 4823a85..27dbe48

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: Ifafecb9a393a62a4e66c97d92a135619a2280525
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3488697
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79272}
2022-02-25 04:02:37 +00:00
Milad Fa
9bfbe79917 S390: Fix floating point offset calculation
During `WasmDebugBreak` we push the full 128-bit vector register
instead of only the 64-bit FP value. As a result offset calculation
must use kSimd128Size instead of kDoubleSize.

Change-Id: Icaa44d9663024b9740acbbf054f6c334ae349cf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487958
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79271}
2022-02-24 21:53:47 +00:00
Jakob Kummerow
647b41ef9c [wasm-gc] Use correct Context when wrapping objects
For creating and unpacking the wrapper objects we currently use
for WasmGC <-> JavaScript interop, we must read the Context from
the "WasmApiFunctionRef" rather than from the "instance_node_".

As a bonus, this patch also slightly improves generated code
for wasm-to-js wrappers by moving conditionally needed code to
labels (previously it was always executed but the results only
conditionally used).

Fixed: v8:12640
Change-Id: I55485cdb6a402f32ddc42ec6316dcbe23f1fcccb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489486
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79270}
2022-02-24 20:42:19 +00:00
Junliang Yan
04f6a1aa23 s390x: [baseline] Add baseline test for s390x
Change-Id: Iebe587955aad8445cd22598a3e2930ca9444e792
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484702
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79269}
2022-02-24 19:37:07 +00:00
Toon Verwaest
69a2565bff [maglev] Add an InputsUpdater to update next use and clear dead inputs
- First inputs are walked to update next_use and collect dead inputs
- If any dead values were collected, clear them from the registers
- Finally free the LiveNodeInfo from values_.

Bug: v8:7700
Change-Id: I4ae78820d4405470e73d3ec89948e46442286eeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487786
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79268}
2022-02-24 17:26:17 +00:00
Dominik Inführ
7768e9347b Reland "[heap] Allow shared references in WeakMap"
This is a reland of a183895687

Now that https://crrev.com/c/3485678 landed and fixed the deadlock
in the linked bug, we can reland this CL without changes.

Original change's description:
> [heap] Allow shared references in WeakMap
>
> Shared references can also be stored in WeakMaps and during marking we
> need to be able to deal with such references. In a client GC shared
> objects are treated as live, so we don't need to update or check mark
> bits for such objects.
>
> Bug: v8:11708
> Change-Id: I0dbf797472c4779f462750dab63cc9b012aad091
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3447365
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79153}

Bug: v8:11708, v8:12642
Change-Id: I5945a16255647c897a1df834267137bf73b6207f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485679
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79267}
2022-02-24 17:22:38 +00:00
Shu-yu Guo
1bf1aa4c1b Stage Array grouping
Bug: v8:12499
Change-Id: I41961dc689ff634fa141c8b15909ca57bdb401cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3482479
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79266}
2022-02-24 17:18:06 +00:00
Clemens Backes
b5003a3c63 [liftoff][x64] Fix bug in i32.atomic.sub32
{AtomicSub} on x64 first negates the {value} register, then does an
atomic addition. For that reason, {value} should be a unique register.
So far, we only checked that it's not used in the value stack, but we
should also check for overlap with the destination address or the offset
register.

Drive-by: Remove unneeded handling of non-unique register index on arm,
as that cannot happen (LiftoffCompiler ensures that the result register
is unique).

R=thibaudm@chromium.org

Bug: chromium:1296876
Change-Id: Ie6b97eec8e8dea07b0bcc644d261f47467cc5b8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487987
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79265}
2022-02-24 16:57:37 +00:00
Nico Hartmann
502fb22cd4 [turbofan] Verification pass for SimplifiedLowering
This CL introduces an additional verification pass at the end of
SimplifiedLowering. The verification checks consistency of the lowered
graph with respect to node types under the effect of used truncations.
Typing of additional, lower level nodes is required and added in this
CL.

The verification pass can be enabled using --verify-simplified-lowering.

Bug: v8:12619, v8:11682
Change-Id: I21e7ebcf40153e53108ddfad2a871c7cbd61a085
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3452029
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79264}
2022-02-24 16:33:37 +00:00
Tobias Tebbi
0860e24848 Revert "heap: Force incremental marking in C++ only workloads"
This reverts commit 4fde332811.

Reason for revert: causes crashes

Original change's description:
> heap: Force incremental marking in C++ only workloads
>
> ... when above a certain minimum threshold. This is to guard against
> memory running away in scenarios where the JS heap is empty and
> there's only high throughput C++ allocations that don't allow for a
> memory reducer GC to kick in.
>
> This logic should be revisited after Oilpan's young generation
> collector is implemented which may allow switching to a more efficient
> shrinking strategy for initial heap setup.
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79255}

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: I15e8d7b37b9f9b6ef4f72968c262a614618f1863
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487970
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79263}
2022-02-24 15:51:27 +00:00
Michael Lippautz
755e7521ea test: Fix test to use a proper interval >0
Previously, the interval was max(6, <interval_value>) which was
changed to actually consider the value of the flag.

Change-Id: Iec3cef19b6ec8528f03c36db6239b044ee90cde1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487969
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79262}
2022-02-24 15:44:27 +00:00
Dominik Inführ
17b3a623d7 [d8] Park thread before blocking in semaphore
We need to park the isolate's main thread before blocking in the
semaphore to allow a shared GC to happen in the meantime.

Bug: v8:11708, v8:12647
Change-Id: Ide215d2c811caee84663d8749b7d94a414c44bd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485678
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79261}
2022-02-24 15:33:57 +00:00
Michael Lippautz
a1b206dd2b heap: Call AllocateRawWith directly
Avoid going through Heap but rather call it directly on the allocator.

Bug: v8:12615
Change-Id: I395b96d08b685c63c4125245a76c3610acf1643b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485677
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79260}
2022-02-24 13:27:52 +00:00
Jakob Gruber
266f41aa24 Fix v8_enable_maglev = false compiles
Bug: v8:7700
Change-Id: I38251c42a06af554281879613b6424cf65fbbbd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487967
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79259}
2022-02-24 13:12:20 +00:00
Clemens Backes
f8379afa88 [base] Fail early in OS::Free and OS::Release
Instead of returning a boolean value, and then failing in the caller via
a CHECK, do fail directly inside OS::Free, OS::Release and similar
functions.

The PageAllocator methods still return a bool (which is always true) to
avoid changing the public API.

R=mlippautz@chromium.org

Bug: v8:12656, chromium:1299735
Cq-Include-Trybots: luci.v8.try:v8_fuchsia_compile_rel
Change-Id: Ide02e7d893e1603326c629797a7defac8bf258ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483671
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79258}
2022-02-24 12:56:34 +00:00
Nikolaos Papaspyrou
227434be22 heap: Refactor GC type timer methods
This CL refactors Heap::GCTypeTimer and Heap::GCTypePriorityTimer
and moves them to a GCTracer::RecordGCPhasesInfo class. This is
a necessary change for deprecating counters that are used for
old style GC metrics, like gc_scavenger. When all such counters
are deprecated, GCTracer::RecordGCPhasesInfo will no longer be
necessary and will be removed.

Bug: chromium:1154636
Change-Id: I04504a0f6c7a0955f4300a1c94c969aaeb23b77f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3486556
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79257}
2022-02-24 12:43:50 +00:00
Michael Lippautz
03e7e3e77a heap: Move headroom for allocation behind --random-gc-interval
Keep --gc-interval precise wrt to the # of allocations needed for a
GC.

Bug: v8:12615
Change-Id: I1ff45ef709013427b5f27643e3a6135dd0f4025d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485676
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79256}
2022-02-24 12:21:31 +00:00
Michael Lippautz
4fde332811 heap: Force incremental marking in C++ only workloads
... when above a certain minimum threshold. This is to guard against
memory running away in scenarios where the JS heap is empty and
there's only high throughput C++ allocations that don't allow for a
memory reducer GC to kick in.

This logic should be revisited after Oilpan's young generation
collector is implemented which may allow switching to a more efficient
shrinking strategy for initial heap setup.

Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79255}
2022-02-24 12:17:31 +00:00
Leszek Swirski
7cec18854b [maglev] Fix specializations in non-namespace scope
Bug: v8:7700
Change-Id: I801b482039b6f8ba19332747a8fee0fcdbcb8764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487553
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79254}
2022-02-24 12:05:31 +00:00
Jakob Gruber
46b7ed4704 Update WATCHLISTS
- Add a maglev watchlist and add jgruber,leszeks,verwaest.
- Remove unused lists csa/interpreter/torque.

Bug: v8:7700
Change-Id: Ib2d361fe0af298a39b2dc1d9bd96ff39e7b7c0fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487552
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79253}
2022-02-24 11:37:36 +00:00
Camillo Bruni
9be698ff39 [web-snapshot] Collect unsupported objects in the externals JSArray
With this change we can easily track and filter unsupported objects
for full-page snapshots.

Bug: v8:11525
Change-Id: Id75b6f4edf68b47d6dfbe79aed2b686aeec61068
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484320
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79252}
2022-02-24 11:20:11 +00:00
Leszek Swirski
88ddce15df [maglev] Fix x64 register includes
Bug: v8:7700
Change-Id: I221d77ddc43b5956e0b873900d1e92ec7c037103
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487550
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79251}
2022-02-24 10:47:41 +00:00
Maya Lekova
61a1d71db5 [turbofan] Remove concurrent_inlining flag
Bug: v8:12142
Change-Id: I700bae611cecb8bc26b476e35a1df407efd30331
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487549
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79250}
2022-02-24 10:46:14 +00:00
v8-ci-autoroll-builder
4d62c005f8 [tools] Update gcmole
R=machenbach@chromium.org

Change-Id: I9866742528d47210d39fcdeda522dcf29bdba38e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3486679
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79249}
2022-02-24 10:30:13 +00:00
Clemens Backes
205fb2958b Fail earlier on FreePages
{FreePages} is never expected to fail, and each caller wraps the call in
a CHECK macro. In order to learn more about failures, this CL moves the
CHECK inside of {::FreePages}, to fail whenever the {PageAllocator}
fails to free pages.

As a next step, I'll audit our {PageAllocator} implementations to ensure
that none of them return {false} for {FreePages}. Note that this is
already the case for the gin platform (chromium).

R=mlippautz@chromium.org

Bug: v8:12656, chromium:1299735
Change-Id: Ib61be6cc8da0110ead2db1ad005728bd061e0243
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484321
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79248}
2022-02-24 10:12:50 +00:00
Leszek Swirski
a5a87e1e87 [maglev] Initial Maglev commit
Maglev is mid-tier optimising compiler designed mainly for compilation
speed that can still generate good code for straightforward JS.

This initial commit is an MVP for Maglev which can compile and run some
very simple code, and sets up a framework that we can build upon.

Design:
https://docs.google.com/document/d/13CwgSL4yawxuYg3iNlM-4ZPCB8RgJya6b8H_E2F-Aek/edit#

Bug: v8:7700
Change-Id: I5ae074ae099126c2c0d50864ac9b3d6fa5c9e85a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483664
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79247}
2022-02-24 09:50:50 +00:00
Tobias Tebbi
4be0a3486c [test] skip mozilla/ecma/Array/15.4.4.5-3 (flaky)
Bug: v8:12655
Change-Id: I1ae4d546b7232fe30f716c5a9913f895637761f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487546
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79246}
2022-02-24 09:23:01 +00:00
Liu Yu
36663a0a53 [loong64][mips64][safepoints] Various refactors
Port commit c7e47c3033

Bug: v8:7700
Change-Id: I59d5e483867118fa8efc50cc52e00bd3321fa01a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487428
Auto-Submit: Yu Liu <liuyu@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#79245}
2022-02-24 07:41:10 +00:00
Anton Bikineev
de436c6945 heap: Fix by-word error in IsOnStack() for unsafe stack
Bug: chromium:1300105
Change-Id: I89d08662a81bec6da7f1565c8fc582edc69781d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3485682
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79244}
2022-02-24 06:22:00 +00:00