Reland of https://crrev.com/c/3998633.
Each thread has its own MarkingBarrier instance for incremental
marking. A thread local variable is used to get the current thread's
instance on background threads.
However on main threads this thread local variable was always
set to nullptr. The main thread would get to its own instance through
the heap_ field in the host object's page header. This was solved this
way because setting current_marking_barrier on the main thread
seemed quite complex. Multiple isolates may be run on the same thread
and isolates may even be migrated between threads.
However, with --shared-space loading the heap_ field for a shared
object would return the main isolate's heap and we end up with
the wrong MarkingBarrier instance on client isolates. So this
CL makes main and background threads more uniform by setting the
thread local field also on the main thread. The field is set by
the already existing v8::Isolate::Scope API. Some embedders might have
to add these scopes if they don't use them properly already.
Bug: v8:13267
Change-Id: Idc257ecf6b6af09a379bdd7cd7c1d4a5e46689c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4016715
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84237}
This is a reland of commit 2adc620152
Rebased on fix which changes Int32 from always being checked as Smi,
to being explicitly checked as Smi when used by SignedSmall (and not
checked to be Smi in the new truncating code, but instead allowing
overflow into a HeapNumber).
Original change's description:
> [maglev] Float64 bitwise ops as truncation + Int32
>
> Implement truncating bitwise ops (ops that treat their input as a number
> truncated to int32) for Float64 representation, by adding truncation
> operations for Float64 and tagged Number.
>
> Bug: v8:7700
> Change-Id: I36f423ba8d5332e8eb8c3d6357bbaed7ea4bbb37
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013685
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84182}
Bug: v8:7700
Change-Id: I518f3414aa98eb1d2edf61980554e4682bd83c8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4022710
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84234}
... which checks if we need to add deoptinfo at runtime.
This allows us to delay SetAccumulator and remove the boolean
argument in the ReduceCall functions.
Bug: v8:7700
Change-Id: I87cc8937ae05dce13c80b3e2fe00d031a483ef19
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4023066
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84233}
This constant wasn't really used anymore anymore, so we can drop
this constant and initialize the --concurrent-marking flag from
V8_ATOMIC_OBJECT_FIELD_WRITES instead.
Bug: v8:13267
Change-Id: I2533d80cd08fd799441a7dba764fd392bb9151d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020428
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84232}
For SignedSmall binary ops, we know that the output has to fit in a Smi.
So, emit a Smi check eagerly after these operations, so that future Smi
untagging knows that it doesn't need to do a check.
Bug: v8:7700
Change-Id: I117c55caa5e2ebe870fd964908564d74df726546
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020434
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84223}
After a cache hit we need to get a fresh pointer to the {WasmModule}
from the {NativeModule}. The old {NativeModule} might have died at that
point, including the old {WasmModule}.
R=ahaas@chromium.org
Bug: v8:13472
Change-Id: I101a2bb6e381d09a87d8de352030c5533541270e
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020244
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84222}
This reverts commit 936b61a209.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20no%20pointer%20compression/2000/overview
Original change's description:
> [wasm-gc] Canonicalize JS Numbers as i31ref at the boundary
>
> JS numbers flowing into Wasm as i31ref should be canonicalized at the
> boundary. In-range numbers get canonicalized to Smis, and out-of-range
> numbers to HeapNumbers. This way, casting to i31ref, or checking for
> i31ref when casting to other types, is reduced to a Smi check.
>
> Bug: v8:7748
> Change-Id: Icd2bbca7870c094f32ddc9cba1d2be16207e80d1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008345
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84219}
Bug: v8:7748
Change-Id: Ia74e49147d230f9217ebeb2bf435d10d8f93126e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020457
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84221}
This is a reland of commit 109e19554b
Original change's description:
> [maglev] Unify call building functions
>
> ... so that we have more reduce/inline opportunities.
> It changes CallArguments to hold a vector of ValueNodes.
>
> Change-Id: I9c282631c0dcc2756edc2e2c1f892c3855e1286d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020381
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Victor Gomes <victorgomes@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84205}
Change-Id: Ib27cdcc05b45ea5366c7790f849dcfed4300bbb8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4023067
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84220}
JS numbers flowing into Wasm as i31ref should be canonicalized at the
boundary. In-range numbers get canonicalized to Smis, and out-of-range
numbers to HeapNumbers. This way, casting to i31ref, or checking for
i31ref when casting to other types, is reduced to a Smi check.
Bug: v8:7748
Change-Id: Icd2bbca7870c094f32ddc9cba1d2be16207e80d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4008345
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84219}
This CL fixes the bug where x ^ x is reduced to Int32Constant(0) for
both word32 and word64.
Bug: chromium:1383362, v8:9407
Change-Id: I8a2ed879f0626071f560cc5ba8c21ef2d4107e62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020424
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#84218}
This CL adds a check that the actual arguments passed to runtime
functions (via `VarState`s) match the declared parameters in the
signature.
We have many mismatches, which are probably harmless now but can easily
lead to bugs in the future.
In turn, we remove a few DCHECKs that are redundant now.
R=ahaas@chromium.org
Change-Id: I4038cc24e3a9b44ae9fdfc5a204be351784ae5e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020294
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84216}
{kPointerKind} is misleading, and can be confused with {kRef}. Rename to
{kIntPtrKind} to make it clear that this is a pointer-sized integer
type.
Also rename {kTaggedKind} to {kIntTaggedPtrKind}, which is a bit bulky
but again prevents against confusion with {kRef}.
This is a pure rename, without auditing if all uses are correct.
R=ahaas@chromium.org
Change-Id: I2c512be1510f102422bb78e5bc8a46523c4fa0ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020412
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84213}
Previously, once after an error was reported, following errors were ignored
even if they had occured in prior lines. Strict octal error and conflicting
variable declarations error could be missed under this implementation.
This patch solves this problem by making an error replaceable.
Bug: v8:13187
Change-Id: I8295baf0db757a5c1b504920cb274cdee78f5055
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4019398
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84212}
Since the introduction of actual references, we should either use {kRef}
for tagged values or {kSmiKind} for tagged values that are known to be
Smis. {kTaggedKind} is misleading as it looks like it would be treated
as a tagged references, but it is actually not.
R=ahaas@chromium.org
Change-Id: Ib74d8365497eeaa9ff9e9bbcbd204233451b498f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020510
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84210}
The bug was introduced in https://crrev.com/c/4014299; we should only
validate lazily compiled functions here, as the comment above explains.
R=ahaas@chromium.org
Bug: v8:13447, chromium:1383190
Change-Id: Icfdaf052bee49544c8e204a55bc83bd9e9ca068a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020295
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84209}
When the c-api gets called back from WebAssembly, the context set in the
isolate may not be valid. It is therefore necessary to set the context
when the c-api gets entered from WebAssembly.
R=jkummerow@chromium.org
Bug: v8:12852
Change-Id: I279c22bbfb2468133732b611e1bdf00f04807e0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020382
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84206}
... so that we have more reduce/inline opportunities.
It changes CallArguments to hold a vector of ValueNodes.
Change-Id: I9c282631c0dcc2756edc2e2c1f892c3855e1286d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020381
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84205}
Client isolates need the incremental marking barrier for objects in
the shared heap. The marking barrier for the shared heap can be
enabled either with or without incremental marking in the client
isolate's local heap.
Client isolates get a new marking worklist in the MarkingBarrier
class for marking of shared objects. Shared objects will always be
pushed into that worklist for tracing. MarkingBarrier can be enabled
for shared marking and/or marking of local isolates.
Bug: v8:13267
Change-Id: I0b60134432de9af3c76e24620816555ee49da1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4001768
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84202}
The wrapper obects for the debugger displayed e.g. in dev tools
contain a proper `null` value already.
Note: This only affects the printing of wasm tables in the test.
Change-Id: I3c2e9580b0a3983b66b9c3e2e16e5a2b322a9ff7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020261
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84201}
To avoid requiring optimized code to do too extensive checking, this CL
reduces the extent to which we recognise similar values as the same
value for const fields. For smi/tagged/heap-object fields we only
support the exact same object; also if we might have a new reboxed
version of a double. For double fields we only support the exact same
bit patterns.
Change-Id: Ifd136aa442054fe9059d0de47e31455d6e1e25ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020509
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84198}
Rolling v8/build: 875cb19..088aeb2
Rolling v8/buildtools: 49ac7cf..c3244c4
Rolling v8/buildtools/linux64: git_revision:a4d67be044b42963de801001e7146f9657c7fad4..git_revision:1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41
Rolling v8/buildtools/reclient: re_client_version:0.83.0.da55f4f-gomaip..re_client_version:0.85.0.91db7be-gomaip
Rolling v8/buildtools/third_party/libc++/trunk: 4218f35..b343ccb
Rolling v8/buildtools/third_party/libunwind/trunk: a318d6a..86213b7
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/f0b1196..037b0ac
Rolling v8/third_party/depot_tools: ae1a708..f9c1305
Rolling v8/third_party/fuchsia-sdk/sdk: version:10.20221109.1.1..version:10.20221110.0.1
Change-Id: I16f27b7820f05f78665c2913a27de8aea425a9a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4021826
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84197}
Shared object constructors' .prototype are null and aren't used for
instance creation. Set them to read-only so as to not trigger code that
tries to invalidate code due to instance prototype changes.
Bug: v8:12547, chromium:1381398
Change-Id: I2b712d1eb60d6d10c76a5f94b12e9f9010cabd5b
Fixed: chromium:1381398
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4018916
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84195}
Use USE(), (void) is void with GCC.
Bug: chromium:1352175
Change-Id: Ic254a5d0ca2bb6d8179dfe5ba74f1d0753d456ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4022027
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84193}
MinorMC uses now the standard white->grey->black process, so expect
worklist entries to be either grey or black.
The DCHECK likely never triggered because all the draining happened
in MarkRootSetInParallel(). Now with the unified-young-gen prototype
we see the dcheck triggers after performing wrapper tracing.
Drive-by: Fix flag MinorMC::FinishConcurrentMarking
Bug: v8:13475
Change-Id: I490d2ccefd13a09887111142e39d2e49fead4da3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020296
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84192}
This introduces a barrier that ensures that
`V8InspectorClient::runIfWaitingForDebugger()` is only invoked once all
sessions that requested a paused have invoked runIfWaitingForDebugger.
Downstream change: https://chromium-review.googlesource.com/c/chromium/src/+/3977348
Bug: chromium:1352175
Change-Id: I9049c2de6da8e690ad4312cd6cb799619125bb62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976353
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84191}
This is required for wasm loop peeling to not split immutable loads
into every loop iteration.
Bug: v8:7748
Change-Id: I05432812235475150a1ce8be1a6a6b5eaed08de7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013552
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84190}
