Concurrent marking jobs were only joined in Heap::TearDown and
therefore may still update counters while DumpAndResetStats() emits
stats.
This CL stops concurrent marking tasks in Heap::StartTearDown when
also stopping other concurrent tasks like sweeping or unmapping of
pages.
Bug: v8:13175, v8:12775
Change-Id: Iccddbfce5e30002e0db63ba0bdea5ea6b2d5cc40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827869
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82849}
After https://crrev.com/c/3854501 has landed, we no longer have to
handle the case that we do not find a function's context in the
scope iterator even though the function requires one.
This CL renames `NeedsAndHasContext` to `NeedsContext` since we
always find a scope's context now. Additionally we turn this
assumption into a dedicated check.
R=bmeurer@chromium.org
Bug: chromium:1246907
Change-Id: I6458df76689c0bfa6d6b2f8c421f9ce481855547
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865153
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82848}
Rolling v8/build: adc338f..d74c524
Rolling v8/buildtools: cf8185c..69f262d
Rolling v8/buildtools/third_party/libc++/trunk: 26e3467..e5670a0
Rolling v8/third_party/depot_tools: bbb66d7..b0fb8d5
Rolling v8/third_party/fuchsia-sdk/sdk: version:9.20220826.3.1..version:9.20220830.2.1
Rolling v8/tools/clang: ad4caa4..b72e51aR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I642b0da0a35c541f74246b668c86b4448ce3dc09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866212
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82847}
So far Oilpan garbage collection was only ever triggered via growing
strategies in either V8 or stand-alone heap growing. This CL
implements a fallback for GC on allocation.
- Stand-alone implementation will defer to GCInvoker which is aware of
stack support.
- CppHeap implementation will just trigger a full V8 GC.
Bug: chromium:1352649
Change-Id: If92f705b4e272290ca7022864fd7b90f0fcb809e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865148
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82844}
The representation of `options.data` was previously refactored to
`v8::Value` when removing `v8::ApiObject`, but this is invalid for a
number of reasons (SMIs, v8::Value being a ZST, etc). To fix this, it
has been changed to `Local<Value>`, which also matches the
representation used for other fastcall parameters.
Bug: chromium:1052746
Change-Id: Ia4450bf3d908d4e1b7a85d6bd7ab45ea5f5f08f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3844662
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: snek <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82843}
Fix for 75391be247.
The fuzzer should not generate type immediates for the new array len
opcode. As the old opcode was renamed in C++, the fuzzer switched to the
new opcode automatically.
Bug: v8:7748
Change-Id: Ife2d420e8ce5486f683f00bfff168f47745a86d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866171
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82842}
Test names should be separated by "." but not "/". This CL fixes all
test names which are separated by "."
Bug: v8:13240
Change-Id: I4d97b0cc4b647f28cc2af9685c35b45b7d4561e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864190
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82840}
Per https://github.com/WebAssembly/function-references/pull/76,
call_ref and return_call_ref should consume type immediates specifying
the signature of the funcref. This is a breaking change.
To ease the migration, this patch introduces a temporary alternative
binary encoding for call_ref:
- 0x14 continues to *not* take a type immediate for now.
- 0x17 (formerly "let") is the new call_ref *with* type immediate. Module
producers are encouraged to emit this encoding ASAP.
- After a few weeks of transitionary period, we'll update 0x14 to
take a type immediate as well. At this point, module producers will be
encouraged to switch back to 0x14.
- After a few more weeks of transitionary period, we'll drop 0x17 again.
We're not doing the same dance for return_call_ref because it currently
has no uses that we know of.
Bug: v8:7748,v8:9495
Change-Id: Id8d468be3949f84571efff713c937ffd1addff70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863280
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82839}
- move cctest/test-parsing -> unittests/parser/parsing-unittest
- move common/{scope-test-helper, unicode-helper} to unittests/parser
directory because these are only be used by tests in unittests/parser
Bug: v8:12781
Change-Id: Ie0fb043d5df6178bbe088d140a76f606454bbf29
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855313
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Feng Yu <f3n67u@gmail.com>
Cr-Commit-Position: refs/heads/main@{#82837}
The 2GB cage caused new OOMs on M106. While those issues are being
investigated, this CL returns the 4GB back. The pointer compression is
still enabled.
Bug: chromium:1325007, chromium:1354660
Change-Id: I4fa4fabece2910ca84913d8df201acfbdf4b26e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865004
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82834}
This will help catching issues with tests that require SIMD and
might need skipping on bots without SIMD support.
Bug: v8:13008
Change-Id: I44a5b3094059c7661a6cb3d90ab96f9e79b55ca2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865159
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82830}
With --verify-heap verify all client heaps before and after a shared
GC. This ensures that the OLD_TO_SHARED remembered set is properly
filled for each client isolate.
Bug: v8:11708
Change-Id: I1506a419c7a91c5baa87ce251da9861d8ad9e066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857559
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82829}
Port af62c4f0e5
Original Commit Message:
Adapted from https://crrev.com/c/3862264.
Add a new teardown trampoline for the case where a Sparkplug function is
deoptimized during its function entry stack check. In these cases, the
stack is in an incomplete setup state, so instead of forwarding to
interpreter re-entry, we undo the partial stack setup and forward to
the standard interpreter entry.
R=szuend@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I6e3b906938dc9a297b602290e762426e56fb8d9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864189
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82828}
Port ed90ea5cf7
Original Commit Message:
This implementation sticks closely to what Ignition-to-Turbofan (and now
Sparkplug-to-TF) does. OSR is detected in the TieringManager by having
optimized code available, without having entered it. The osr_urgency is
increased to enable OSR for increasing loop depths. When a candidate
JumpLoop backedge is reached, we call into runtime to trigger OSR
compilation.
JumpLoop also detects the availability of cached OSR'd code. When a
matching OSR code object is available, Maglev 1) deoptimizes s.t. the
unoptimized frame layout is reconstructed, and 2) delegates the actual
OSR tierup to the unoptimized tier. For purposes of 1), we add a new
DeoptimizeReason that causes a one-time eager deopt without invalidating
any code.
into a generic spot that both SP and ML can use.
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I2de3ef530b9d1aac97e499fee75716a958cd9d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3863277
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82827}
This CL introduces a new ExternalPointerTable::Entry class and moves all
low-level logic related to entry management into this class.
Bug: v8:10391
Change-Id: Ib7eb05da1d277cb665503e98b3f074520e572bad
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829485
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82825}
This CL changes debug breaks that are triggered via interrupts (i.e.
via stack check). One client of this behavior is the `Debugger.pause`
CDP method.
The problem is that when we pause so early, the JSFunction didn't have
time yet to create and push it's context. This requires special
handling in the ScopeIterator and makes an upcoming change unnecessary
complex.
Another (minor) problem is that local debug-evaluate can't change
context-allocated local variables (see changed regression bug). Since
the context is not yet created and pushed, variables are written to
the DebugEvaluateContext that goes away after the evaluation.
The solution is to mirror what `BreakOnNextFunction` does. Instead
of staying paused in the middle of the function entry, we trigger
a "step in" and pause at the first valid breakable position instead.
This ensures that the function context is already created and pushed.
Note that we do this only in case for JSFunctions. In all other cases
we keep the existing behavior and stay paused in the entry.
R=jgruber@chromium.org
Fixed: chromium:1246907
Change-Id: I0cd8ae6e049a3b55bdd44858e769682a1ca47064
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854501
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82817}
This implementation sticks closely to what Ignition-to-Turbofan (and now
Sparkplug-to-TF) does. OSR is detected in the TieringManager by having
optimized code available, without having entered it. The osr_urgency is
increased to enable OSR for increasing loop depths. When a candidate
JumpLoop backedge is reached, we call into runtime to trigger OSR
compilation.
JumpLoop also detects the availability of cached OSR'd code. When a
matching OSR code object is available, Maglev 1) deoptimizes s.t. the
unoptimized frame layout is reconstructed, and 2) delegates the actual
OSR tierup to the unoptimized tier. For purposes of 1), we add a new
DeoptimizeReason that causes a one-time eager deopt without invalidating
any code.
Drive-by: Annotate OSR for more --trace-opt output.
Todo: Refactor non-Sparkplug-specific bits of the BaselineAssembler
into a generic spot that both SP and ML can use.
Bug: v8:7700
Change-Id: I6ebab2df8b87f9f70ffb78162a3c1226ec545468
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859850
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82816}
...to honor the {pinned} list under all circumstances.
Drive-by: DEBUG-mode helpers to print FunctionSig and LiftoffRegList
objects to stdout.
Fixed: chromium:1356718
Change-Id: I487db12294f687790cec1d658d7a7d754f3c2f99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859752
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82815}
This class is only used for heap verification and doesn't need to be
public.
Bug: v8:11708
Change-Id: I9d1750a6f701ed0d9a106f8d93ab3ff82bbf4f3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862208
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82814}
Only Internalized and Thin strings should be accessed from the
background. My CL "[compiler] Remove map check in StringRef::length"
removed a check, and, while doing so, made it possible to read Cons
strings in the background, which is incorrect because such strings can
be mutated by the main threads.
Fixed: chromium:1357438
Change-Id: I3a5445f91d10e5ceab62ac208a04be5ed71798ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862007
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82813}
Adapted from https://crrev.com/c/3862264.
Add a new teardown trampoline for the case where a Sparkplug function is
deoptimized during its function entry stack check. In these cases, the
stack is in an incomplete setup state, so instead of forwarding to
interpreter re-entry, we undo the partial stack setup and forward to
the standard interpreter entry.
R=leszeks@chromium.org
Bug: chromium:1246907, chromium:1357554
Change-Id: I0795b20cdc60d3ba28bc32cd55bdf82d72f83aac
Also-by: leszeks@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865144
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82811}
Methods are now defined in heap-verifier.h in the HeapVerifier class.
Bug: v8:11708
Change-Id: I13e7f1760598f3659ad6aa31082840caf2e44038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857558
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82810}
This CL:
- Separates Wasm frame pointer iteration from TypedFrame iteration
- Introduces the frame StubWithContext that correspond to a TF-optimized
code without JS linkage
- Fixes WasmToJsFrame to be a WasmFrame
- Fixes the hack with JsToWasmFrame that calls TypedFrame when not
the right builtin
- Cleans up TypedFrame::Iterate
Change-Id: Ie238df5188f2e2f081f5353b4538b75b6e79f64a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859787
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82809}
... when deserializing.
EphemeronHashTables require valid HeapObject keys, however
EphemeronHashTables are filled with Smi::uninitialized_deserialization_value
when deserializing. We could fill EphemeronHashTable's elements
with "the initial filler" which is undefined value to make sure
the elements are valid.
Bug: v8:13232
Change-Id: I268cdbd4303fbe9afa2f9a5d8aafcace397c8164
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3864185
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82808}
Add a flag for disabling FastForwardSchedule() during incremental
marking.
This CL disables "schedule fast forwarding" by default to experiment
with this setup for a few days and to see whether this causes
performance regressions.
Bug: v8:12775
Change-Id: Id2c0a62f4b67b3a2379816581800cfb62361b40c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865003
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82806}
This CL adjusts a DCHECK that verifies a bytecode offset when looking
for the closest breakpoint given that offset. When we pause on
function entry via interrupt, then the offset is
kFunctionEntryBytecodeOffset (-1), which is still a valid offset.
R=jarin@chromium.org
Fixed: chromium:1357554
Change-Id: I5b25b58f02be0e605191c38e9d1d93e334664c63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862265
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82805}
This is a reland of commit 40901824d7
The reason for revert was regressions in `blink_gc:effective_size`
buckets of `system_health.memory_desktop` benchmarks.
See http://crbug/1356329#c51.
Memory Perf Sheriffs: This CL shifts GC times which regresses
`blink_gc:effective_size` but improves `v8:effective_size` bucket by
a similar amount. The `private_footprint_size` metric stays neutral
for the majority of the stories and for certain load stories it even
improves.
Original change's description:
> [ext-code-space] Enable Code-less embedded builtins
>
> Bug: v8:11880, v8:12592
> Change-Id: I8d3d6ad0a4c26eb1fea2a998ffeddd1d96afa690
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784593
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82642}
Bug: v8:11880, v8:12592, chromium:1356329, chromium:1356763
Change-Id: Ia9150ecb1f16581e249e4e3e566be20ac4591e78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3862503
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82803}
