This is needed for write-barrier and persistent-handle code that does
not otherwise get an instance of LocalHeap
Bug: v8:10315
Change-Id: I480e31f32141510f2f9e678af3449d5841e3156e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284492
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68720}
Rather than only removing the continuation range for the last return
statement prior to a synthetic return statement, remove the
continuation tracking for whatever statement occurs prior to the
synthetic return.
Bug: v8:10628
Change-Id: Ieb8e393479c9811cf1b9756840bbfdbe7f44a1b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280585
Commit-Queue: Benjamin Coe <bencoe@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68719}
By default the v8::MeasureMemory API forces GC after some timeout.
There are use cases that require low overhead measurements without
forcing GC at all.
Change-Id: I7d57c552d78d86800c4f37acb680c70c6422477f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2257856
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68718}
- Adds JSVisitor that is used for unified heap marking.
- Adds JSMember as supported reference type that also encapsulates a
write barrier in future. JSMember is a replacement for
TracedReference which can be deprecated with EmbedderHeapTracer once
the library is used to handle unified heap collections.
The dispatch for v8::JSMember on cppgc::Visitor is provided through a
specialization of TraceTrait.
Bug: chromium:1056170
Change-Id: I60d976ae66db3e5fa2e690a21627bdcb8c6871af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284488
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68716}
When rtt.sub is called repeatedly with the same arguments, it
should return the same result. This CL introduces a cache for
previously created sub-RTTs to achieve that.
Bug: v8:7748
Change-Id: Ie6c74eedf0df6f94cd973fdb0b6b6fc0130a9c41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2275967
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68715}
This lets us type the last VARIABLE. PrepareValueForWriteToTypedArray
still returns Node* for the non-templated version since it can return
Word32T or Float64T or Float32T or BigInt.
Bug: v8:6949
Change-Id: I90dee90d2e7eff08b1f69a57af371dec399b94c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282595
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68714}
Similar to the feedback vector, we cannot embed the native context as
a constant in NCI code (it is trivially native-context-dependent). In
NCI mode, load it from the current context. In default turbofan, we
keep the HeapConstant.
Bug: v8:8888
Change-Id: Iff95c673b25245c701c7755416abf2038b5fdf08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282532
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68712}
HasProperty and InstanceOf now both have a feedback vector input, and
collect feedback in generic lowering.
CreateClosure loads the feedback cell (in nci mode) instead of embedding
a heap constant.
Bug: v8:8888
Change-Id: Id479cda344684aeb5054f687b087c4fedeac05d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282530
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68711}
Turbofan now has support for generating generic code in two variants,
with and without feedback collection. Currently, feedback is collected
only for some load and store operators (historical reasons).
This CL enables feedback collection for (almost) all operators by
default. The exception in the default TF configuration are call and
construct variants (see also https://crrev.com/c/2276042). In NCI mode,
all operators collect feedback.
Regression have looked acceptable in our benchmarks so far. This is an
experiment to see impact on real world. If successful, the
non-collecting variants can be removed.
Bug: v8:8888
Change-Id: I0dddc7113ce94071552d5c4d992471db5ac5f989
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2239571
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68710}
This CL types almost all remaining VARIABLEs. Only one remains (in
PrepareValueForWriteToTypedArray) since it depends on a variable
MachineRepresentation. Will be done in a follow-up.
Bug: v8:6949
Change-Id: Icdec3d8fdc1459c0b35fc3d1f7e8816981bbccba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282594
Reviewed-by: Dan Elphick <delphick@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68709}
When marking the function for a deopt due a dependency change, we
only print the information about the code object. This isn't very
useful when looking at the output of --trace-deopt. This cl also adds
SharedFunctionInfo which makes it easier to see which function got
deoptimized. Also adds these events to the log file so they can be used
in profview to print more accurate deoptimization information.
Change-Id: I1b7a88b5cc2a1ad1ebb0863cf8a4f7d2e151b76a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2281001
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68705}
This CL implements two additional evaluator module proxy operations for
accessing globals and values on the wasm operand stack.
Drive-By: Also fix how the breakpoint position is computed in the evalutor
tests.
Bug: chromium:1020120
Change-Id: I161768da9e12586b2c710f5b26922b9600527814
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282526
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68704}
This moves marking write barrier related functions from Heap and
IncrementalMarking into a separate class: MarkingBarrier.
Additionally, a new WriteBarrier class is added at the heap API level
that dispatches to MarkingBarrier.
Future CLs will move slots recording in MarkingBarrier and apply
the same refactoring to the generational barrier. An instance of
MarkingBarrier will be added to each LocalHeap and enable it to
emit a write barrier from a background thread.
Bug: v8:10315
Change-Id: Icc147b48563d88c85d99ead99b1e201f523721d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280083
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68703}
In many cases, this simply requires early returning from tests which
rely on scavenger.
Bug: v8:10614
Change-Id: I5fc93b1cbc807b73bfbb113d087952e347001ddd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270548
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jake Hughes <jakehughes@google.com>
Cr-Commit-Position: refs/heads/master@{#68702}
Without this, the mac/arm64 linker complains:
ld: warning: arm64 function not 4-byte aligned:
_PushAllRegistersAndIterateStack from obj/v8/v8_cppgc_shared/push_registers_asm.o
ld: fatal warning(s) induced error (-fatal_warnings)
It's probably a good idea to use the same alignment on all platforms, so
do this everywhere, not just on mac.
Bug: chromium:1099892
Change-Id: I15ca7bac04e1a1a1de09ecdfeaddd9e788051755
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2283908
Auto-Submit: Nico Weber <thakis@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68701}
Rolling v8/build: 96a6783..89943b9
Rolling v8/buildtools: 6b95167..eb3987e
Rolling v8/buildtools/linux64: git_revision:b6203d186bff6b39ac25af6c1e80e1d3f96c949a..git_revision:d585128cdaf3e6ff7bfd58641965e60c12618eb1
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5f3007b..9ef36d0
Rolling v8/third_party/depot_tools: 49735e2..81923d6
Rolling v8/third_party/zlib: 8603eee..89bddfeTBR=machenbach@chromium.org,tmrts@chromium.org,v8-waterfall-sheriff@grotations.appspotmail.com
Change-Id: I8de85ef81724b55bac60cf1fc975170a1394fc4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282955
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#68699}
This will allow it to take an OffThreadIsolate in the future, without
requiring GetIsolate on SharedFunctionInfo.
Change-Id: I7db56d5f0587585f829b26e60683c133760d8ff1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282534
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68696}
This is the last batch of operators which used to embed the feedback
vector as a HeapConstant:
- CreateEmptyLiteralArray
- LoadGlobal
- LoadNamed
- StoreDataPropertyInLiteral
- StoreGlobal
- StoreInArrayLiteral
- StoreNamed
- StoreNamedOwn
They now take the vector as an input. In NCI mode, the vector is
loaded from the closure at the beginning of the function.
Bug: v8:8888
Change-Id: Ifd2d2a556db343512b61e099a73702822b1ba9f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282525
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68695}
The allocation step in FreeLinearAllocationArea may start incremental
marking and mark the area to be freed, which breaks the invariant
that all blocks in the free list are unmarked.
Bug: v8:10679
Tbr: dinfuehr@chromium.org
Change-Id: I23b92e402968361b57010a017b382747f7da673d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282537
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68694}
Prior to this CL, the construct node layout was:
{target, args..., new_target}
The new layout is:
{target, new_target, args..., feedback_vector}
Having new_target at index 1 brings it closer to call node layout,
which is now identical except that it has receiver at index 1. The new
feedback vector input will be needed for NCI code.
Affected node kinds are:
- JSConstruct
- JSConstructWithArrayLike
- JSConstructWithSpread
- JSConstructForwardVarargs (just the new_target position change)
Bug: v8:8888
Change-Id: I4c68a0901d01e8862fd276c8a858799d5f4ff024
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2278475
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68692}
Port 871183ea12
Original Commit Message:
- Add wasm opcode, decode and compiler code for v128.const
- Add codegen implementations for v128.const on x64/Arm64
- Reuse/Rename some shuffle specific methods to handle generic
128-bit immediates
- Tests
R=gdeepti@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
BUG=
LOG=N
Change-Id: Ia4990f768b6fac0ac72cf79129a53b531c9c2fa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280541
Reviewed-by: Junliang Yan <jyan@ca.ibm.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68691}
With https://crrev.com/c/2277142 adding unified
(de)serialization support, "cbor ParseUTF16String" is no longer
being used and byte orders remain in LE format.
This CL essentially reverts some of the changes made here:
https://crrev.com/c/2038716 and re-adds byte swapping
on BE machines.
Change-Id: I3e7be6ba182e7faada3bf31dff9a89c1343abbbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2281082
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#68690}
... in preparation for upcoming changes to 1. make construct node
layout more consistent with call nodes by placing new_target
(construct) in the same spot as receiver (call); and 2. adding the
feedback vector input.
Bug: v8:8888
Change-Id: I6cd7f50ed0b029de53af5cd82e7ecf4ba514ef65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2275963
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68689}
ForInNext can get lowered to a low-level call to the ForInFilter
builtin. We currently type low-level Call nodes simply as Any, leading
to a CHECK failure when the verifier expects a primitive.
This CL fixes the issue simply by manually setting the type as part of
the lowering. An alternative would be to have the Call typing inspect
its input similar to what the JSCall typing does. We can consider this
if we hit the same issue in other cases.
Bug: chromium:1102053
Change-Id: I6682d8cf95c6a3ebaff9c8de677aa20ca676573f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2282523
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68688}
Call counts (collected for call/construct feedback) are only reliable
in NCI mode and thus should not be collected in default TF mode.
Bug: v8:8888
Change-Id: Id83c7042f23a7390e5e00b736dfda47bdc7cf2b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276042
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68687}
Like in previous similar CLs, this also adds node wrapper classes for
both.
Bug: v8:8888
Change-Id: I9c83e98e3b665b72b944dec83b8854b9ef2c14a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2277805
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68683}
This change also makes it possible to create Torque references to
elements in the context.
Change-Id: I064b73dedf8463c8d92b94b0e59f3cb4e366611a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280084
Commit-Queue: Daniel Clifford <danno@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68677}
Split off MarkingWorklists and from Marker and introduce MarkerBase.
MarkerBase refers just to interfaces types for passing along visitors.
The concrete Marker provides the impl for these interfaces. Unified
heap marker uses different marking visitors internally but provides an
implementation for the same interface.
Change-Id: Ibc4b2c88e2e69bd303a95da7d167a701934f4a07
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270539
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68676}
This is another case of the known .caller difference that's now added
to the mapping of known issues.
No-Try: true
Bug: chromium:1101870
Change-Id: I6cfca6887362564f625648ba34820cb92a77efb6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280087
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68674}
This adds --gc-experiment-reduce-concurrent-marking-tasks to be used
in a Finch experiment.
Bug: v8:10442
Change-Id: Ie2adf4faa20c99d1793907dfc6857497743f8d5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280093
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68673}
To get the Isolate from a HeapObject, rather than masking off the
MemoryChunk and then loading the heap from the MemoryChunk (which won't
work when RO_SPACE is shared between Isolates), get the Isolate by
masking off the bottom 32 bits and apply the Isolate bias.
Also fixes up a stale comment and makes several methods in RootsTable
and Isolate const to support this change.
Bug: v8:10454
Change-Id: I5f8eb873d8486b699460223dbe3454a5dcf1854f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2280088
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68671}