ICU 69 moved content of nb resources to no and let
nb fallback to no. This break our original design of checking
locale availability. Hard wire to check on no if nb fail for now
until we come out with a better fix.
Bug: chromium:1215606
Change-Id: I831529d29590cc643ee0109fb2ce8948dac75613
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3068010
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76044}
stress_flush_bytecode controls stress flushing of both bytecode and
baseline code. So rename the flag to better reflect its functionality
Bug: v8:11947
Change-Id: Ie6c124a476c3a7c6eabd1d75de030ee15fe78e32
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062567
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76043}
Previously, when the Load IC saw a deprecated map, it would migrate to
the new map but not update the feedback vector. This would lead to a
deopt the next time the same object was seen.
With this CL, the feedback vector will be updated to the target of the
deprecated map. In order to do this, we need to mark the IC for
recomputation. Without that call, the map and handler would look the
same to IC::UpdatePolymorphicIC amd would decline to update, causing
the IC to go megamorphic instead.
Bug: v8:10816
Change-Id: I0dcf97fb278bc0b167df6ce24d5db179f599f535
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3032983
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#76042}
The V8.Execute histogram is not free and can cause more overhead
than expected. This CL is guarding slower histograms behind a new
--slow-histograms flag.
For now --slow-histograms is enabled by default. Once all
chrome-side changes and benchmark changes have landed it will be
disabled by default.
--dump-counters will automatically enable --slow-histograms.
The goal is to not report slow histograms on UMA by default on stable:
- 100% reporting on canary/dev/beta
- 1% reporting on stable or specific finch experiments
Chrome-side feature: https://crrev.com/c/3065464
Bug: v8:11946
Change-Id: I23c782288e10ceb76323d72eceea9170739fd543
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067318
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76041}
This lands the CLs for creating V8 roll branches without TBR.
No-Try: true
Bug: chromium:1176141
Change-Id: I67defe7e0337f6beb3db2e198dc2cf87f1345ec1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067320
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76038}
Instead of throwing a fatal error when setting a value in an array with
index larger than FixedArray:kMaxLength, we now throw an exception.
This CL propagates the exception in StoreInArrayLiteralIC.
Bug: chromium:1235093, chromium:1201626
Change-Id: Iaffd4eff47ad689fce2fd641ce1beaddd02d1a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067220
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76036}
This avoids having all code writable while compiling functions. We only
need it writable for copying the code to the NativeModule and for
updating the jump table(s).
R=jkummerow@chromium.org
Change-Id: Ifb212b1cd3f7702fac4b1eb9e7bc7d5b5bd5198a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063221
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76035}
For large frames we are executing a special stack check that checks the
remaining stack space before allocating the new frame. Different
platforms used different limits for the frame size so far. Liftoff
already uses 4KB everywhere, hence use the same limit also for TurboFan.
Drive-by: Remove an outdated and misleading comment, and other minor
simplification.
R=ahaas@chromium.org
Bug: v8:12017
Change-Id: I6548b2293ec255349bf4e08c26fd05b7e0df0497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063501
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76034}
Regressed in crrev.com/152ecad8cd4d170e4091a79eaa8d70d10d94734d.
Fixed: chromium:1234931
Change-Id: I8f2b603a914fccaeaeb3dcffa63070cf8fb6f0e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064604
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76033}
Also:
* Remove forward declare and As##Name for never serialized Data classes
* Remove the Data classes
* Refactor macro list to encode being background or never serialized
Bug: v8:7790
Change-Id: Ide29d89072b247311f29948f04c4147c5c1103cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056458
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76032}
A JSFunction object may count as 'ObjectMayBeUninitialized', yet still
be safe to read for other reasons (e.g. because it has been loaded
through a chain of acquire-loads and immutable-after-initialization
guarantees).
Bug: chromium:1235071,v8:7790
Change-Id: I18c81695f001fd67e69d98dde641b71ed7b7e53d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3064606
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76031}
Lookup the corresponding details on the given map instead of the
owner map.
Change-Id: I2dcd0b24216c2bdc5860518d34d710b771f74973
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063234
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76030}
Change-Id: I0ba9c4bf13ff13e69d960fba44f93124be5a31a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063499
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76029}
wasm-code-manager.cc is no longer included if v8_enable_webassembly ==
false, so we can remove this guard.
Bug: v8:11879
Change-Id: Ide77e7e334d2711c1cbbbbedc34c2796ffaf793d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3061358
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76024}
Since recently, the WebAssembly instance gets cached in Liftoff code
to avoid reloading it from the stack whenever it is used. Typically the
cached instance gets invalidated at a function call and therefore does
not need to be recorded in safepoints.
However, when the DebugBreak builtin is called, the cached instance
was not invalidated. It is even incorrect to invalidate the cached
instance there because that would modify the CacheState of Liftoff.
Therefore this CL adds the register that caches the instance to the
safepoint of the call to the DebugBreak builtin.
R=clemensb@chromium.org
Bug: v8:11979
Change-Id: I7f9153e0c0e7e797b11b827111b4d61e29606071
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3063222
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76021}
With concurrent inlining, the TransitionDependency ctor can no
longer assume that the given map is not deprecated. This is not an
issue since IsValid will check it again.
Also remove some other outdated DCHECKs and turn a few DCHECKs into
CHECKs since the properties they check are not so obvious anymore with
concurrency.
Bug: v8:12033, v8:7790
Change-Id: I932f7f6440697d693b0c0e6472406329af29b46b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062576
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76020}
Replace the hard-coded blocklist ("Response.body" and "Request.body") in
the V8 inspector with proper side-effect free debug evaluate. This is
otherwise a non-functional change and in particular preserves the
behavior of reporting accessors as (own) data properties. That will be
tackled in a follow-up CL.
This CL is possible because with https://crrev.com/c/3056879 Blink now
properly marks accessors as side-effect free consistently with what the
V8 inspector had done before.
Doc: http://doc/1gLyyOlssS5zyCSEyybVC-5sp0UnNJj2hBoFyf6ryrTc
Bug: chromium:829571, chromium:1076820, chromium:1119900
Change-Id: Idb256accaf4cfb5db5982b3eb06ddcef588be635
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3062573
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76019}
The original CL was flaky because deserialization did not wait correctly
for the compilation of missing functions to finish. The baseline-finished
event was set even when there were still some functions missing. The
combination of deserialization and lazy compilation was also not handled
correctly.
Original change's description:
> [wasm] Support partial serialization of modules
>
> At the moment a WebAssembly module can be serialized successfully when
> all functions were compiled with TurboFan. However, for some functions
> it may not be necessary to be compiled with TurboFan, e.g. for functions
> where Liftoff code is as good as TurboFan code.
>
> With this CL we allow WebAssembly modules to get serialized even when
> not all functions are compiled with TurboFan. Missing functions are
> marked as missing in the serlialization. Upon deserialization, missing
> functions either get compiled by Liftoff, or initialized with a
> lazy-compilation stub, depending on the V8 configuration.
>
> Bug: v8:11862
Change-Id: I79a9e8e14199cff87fce6ae41a87087e047bbc65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060485
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76017}
Rename CopyAndConvertArrayToCppBuffer as
TryCopyAndConvertArrayToCppBuffer and implement type specialization for
int32_t and double in order to speed up V8 bindings with sequences.
This API is used by Blink code, for example see
https://chromium-review.googlesource.com/c/chromium/src/+/3027405.
Bug: v8:11739
Change-Id: I026a7f5e7833fb1afcc2ea9c296b66c7f733cbb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036407
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76016}
pthread_rwlock_t can deadlock on Mac if signals are sent to the process
in the wrong moment. Since we use processes e.g. for sampling profiling
(in both d8 and in Chrome), we hence cannot safely use pthread_rwlock_t
on Mac. Instead, fall back to a non-shared pthread_mutex_t.
Interestingly, this shows no measurable performance impact in Wasm
compilation on my MBP.
R=mlippautz@chromium.org
Bug: v8:11399
Change-Id: Ie8bfd5288bba8c4f3315ee4502b39b59d39c9bbd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060480
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76015}
Traces calls to Heap::IsAllocationPending that return true. This is
useful when debugging concurrent Turbofan.
Bug: v8:7790
Change-Id: If10e6f40c3bf03c768ad8b74403007fe86f860fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060488
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76012}
Cl also optimizes the usage on Power9 by using
mtvsrdd.
Change-Id: Ibd6b227111adc0c262c621be6ce4068d3de2e659
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060493
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76008}
Port 642a467338
Original Commit Message:
If a GC happens between Code object allocation and Code finalization,
we might have invalid embedded object references. We fallback and patch
the refernces back to handles, then unbox the handles and relocate.
R=victorgomes@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I680cc33fa9d06d7a00cc52c142599bb5536a9b88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060487
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76004}
Introduce a flush_baseline_code flag to control if baseline code is
flushed or not. Currently flush_baseline_code implies flush_bytecode
as well. So if flush_baseline_code is enabled both bytecode and baseline
code are flushed. If the flag is disabled we only flush bytecode and
not baseline code.
In a follow-up CL we will add support to control baseline and bytecode
flushing independently i.e. we can flush only bytecode / only baseline
code / both.
Bug: v8:11947
Change-Id: I5a90ed38469de64ed1d736d1eaaeabc2985f0783
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059684
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76003}
When calling the {Isolate::StackOverflow} method, we should not have
overflown the stack limit by too much. Otherwise there might not be
enough space on the stack for handling the stack overflow exception.
This DCHECK would have failed before landing https://crrev.com/c/3059074
and https://crrev.com/c/3059075. If it fails, we might need to add more
special stack checks also in other places. Such failures should not be
considered security issues per se, but we should try to fix them to
avoid potential issues.
R=jkummerow@chromium.orgCC=ahaas@chromium.org
Bug: v8:12017
Change-Id: I25e42a20d3fcc981c266ae998f52b3f090237297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059076
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75998}
This reverts commit bce81d6be0.
Reason for revert: Newly introduced test is flaking, e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20ASAN/41030/overview or https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux/43171/overview
Original change's description:
> [wasm] Support partial serialization of modules
>
> At the moment a WebAssembly module can be serialized successfully when
> all functions were compiled with TurboFan. However, for some functions
> it may not be necessary to be compiled with TurboFan, e.g. for functions
> where Liftoff code is as good as TurboFan code.
>
> With this CL we allow WebAssembly modules to get serialized even when
> not all functions are compiled with TurboFan. Missing functions are
> marked as missing in the serlialization. Upon deserialization, missing
> functions either get compiled by Liftoff, or initialized with a
> lazy-compilation stub, depending on the V8 configuration.
>
> Bug: v8:11862
> Change-Id: Ic833a17639bf841c5def6fe3c35173fe0376c246
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960209
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75987}
Bug: v8:11862
Change-Id: I5445c097ec47f407e5f951d4cf6d2168113f80e8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060484
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75997}
If a GC happens between Code object allocation and Code finalization,
we might have invalid embedded object references. We fallback and patch
the refernces back to handles, then unbox the handles and relocate.
Bug: v8:11872
Change-Id: I3a7b050c20179c1708eef343ec8266441ab5dca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059689
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75996}
