Currently, young generation assumes that all the on-heap pointers are
compressed, which is currently not the case due to the backing-store
pointers in Blink. Fixing collections to have Member<> is not easy,
because the inlined collections may have the semantics that
backing_pointer_ == inlined_buffer_;
where the inlined_buffer_ can be off-heap (e.g. on stack).
The CL introduces another type of barrier specifically for uncompressed
pointers. The followup is to use that barrier from Blink.
Bug: chromium:1029379
Change-Id: If0f519220658268dbdf915235c2e5afd7887dc0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695358
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81105}
Add a new --wasm-max-module-size flag to replace the unused and more
specific --experimental-wasm-allow-huge-modules flag.
The new flag can be used in fuzzers to reduce the maximum allowed module
size, avoiding OOM on some systems (like 32-bit ASan builds).
R=ahaas@chromium.org
Bug: chromium:1334577
Change-Id: I2830d407c5b01be21a47b21392c1210061c40b20
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695267
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81102}
This is just a minor refactoring: We include the kUnknownSectionCode in
the set of valid sections. There are only two uses of that function: The
first one already checks for kUnknownSectionCode in a separate
condition, the second one can be simplified with this refactoring.
R=ahaas@chromium.org
Bug: chromium:1335023
Change-Id: Ie1ae316db41f8111fff0af0d97a6c775f527156c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698556
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81101}
When profiling V8 code generated with snapshot using ETW, there is a
huge difference enabling system instrumentation. This is because, for
populating the ETW tracing (when --interpreted-frames-native-stack is
enabled), we need the scripts line ends. But these are only generated if
log functions are enabled.
To prevent the problem, this CL also initializes script line ends for
the case interpreted frames native stacks are enabled.
Bug: v8:12910
Change-Id: I89eab727574a68a8b2fbc2575faf540218370e7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669698
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81098}
This CL extends the live edit mechanism to allow editing the function
that is currently on top of the stack, as long as that call frame is
the only activation of that function.
The CL changes how we look for functions on the current JS stack:
Instead of starting at thread_local_top we start at the frame we
are currently paused in. This is possible since there can not be any
JavaScript frames above the current "break frame", only C++ frames
which are not relevant for live edit.
If the edited script modifes the top-most function, the inspector
will trigger a restart of that call frame. That is why we check
if we can actually restart the function and only allow the live
edit to go through if that is the case.
Note that this CL also adds a kill switch in the form of a runtime
flag for this feature, in case we need to pull the plug and disable
this feature again via back-merge.
R=jarin@chromium.org
Bug: chromium:1334484
Change-Id: I711913df96c8acc786ad4de28de804d2f90e1847
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695353
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81097}
... which might fail because usual operator== for tagged values compares
only lower 32 bits of the pointer.
Bug: v8:11880, v8:12958
Change-Id: I0978d6c510424aecfee2f044c40ea424b6cb3ab9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695593
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81096}
Already after enabling Liftoff, the name did not match the semantics any
more. The callback was called after top-tier finished, not after initial
compilation of the module finished.
With dynamic tiering, the name is even less fitting.
This CL renames the "OnModuleCompiled" callback in the API to
"MoreFunctionsCanBeSerialized", which makes it more obvious what the
API should be used for. It also internally renames all related typedefs
and methods accordingly.
One call of the callback in the streaming decoder was already wrong
before this CL and is being removed.
R=jkummerow@chromium.org, cbruni@chromium.org
Bug: v8:12899
Change-Id: I95c0fc9e32442383e47e4370e31277cc065bf0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687689
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81093}
Deprecate the LegacyOOMErrorCallback in the 10.5 branch. Embedders are
expected to switch to OOMErrorCallback.
The deprecated LegacyOOMErrorCallback will then be removed in the 10.6
branch.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I83001bec760848ef39f0638ed5c5c9eaa7cdb6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646014
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81092}
This causes crashes on Windows, as x18 is the "platform register",
holding a pointer to thread-local storage.
R=jkummerow@chromium.orgCC=seth.brenith@microsoft.com
Bug: v8:12959
Change-Id: I20b8bee145d4ab3a40d8d140d98572df8300251c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695569
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81090}
This is a partial reland of https://crrev.com/c/3597106
With this change, an old entry in the script compilation cache is not
completely removed by CompilationCacheScript::Age(). Instead, its value
is replaced with undefined. In that way, the Script is still accessible
from the table until the garbage collector destroys it and clears the
weak pointer.
Bug: v8:12808
Change-Id: Ib494674e67d0fec455e1fed40499c5cca3b7c0a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673426
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81084}
Adds Module::GetStalledTopLevelAwaitMessage() API which searches for
modules that have no pending async dependencies but have not yet
resolved. An embedder may call this API when they are about to exit
to check if TLA evaluation has stalled and provide a better error
message.
Change-Id: I3b88802f70cc84c973551f13d73ef3e3d06f4027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341765
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81080}
Remove internal slot of LocalizedNumberRangeFormatter
in NumberFormat and PluralRules and converted from
LocalizedNumberFormatter on the calls require it instead.
Bug: chromium:1307699, chromium:1307698
Change-Id: I9be1b7dd1c931f273d845359ca4de1273ea837a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3555261
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81078}
Use the field index to look up the descriptor for double fields, and add
a dependency on them.
Drive-by, fix store field optimisation to only emit the optimised direct
store for tagged fields, so that we don't accidentally insert
HeapNumbers into double fields (making them mutable).
Bug: v8:7700
Change-Id: I699c2a2e4e13194045139b9c995d05eb138c0e7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700071
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81077}
In particular, this CL adds support for:
- exception handling
- source positions
- OSR
- various numeric operations and conversions
Since the test suite now passes with `--turboshaft`, this also adds a
new variant for Turboshaft and enables it on some bots.
Bug: v8:12783
Change-Id: Ia2dd2e16f56fc955d49e51f86d050218e70cb575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669251
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81074}
This method was intended to run single-threaded, so with parallel
marking disabled. While correctness isn't an issue here (simply because
we will later run this method single-threaded as well), some CHECKs do
not hold when parallel marking is active.
Bug: chromium:1325628
Change-Id: Iedebcf6241835011982217b1452271e38a36ce9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700074
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81073}
roll_merge.py manually checks out V8 into a temporary directory, locally
builds a cherrypick, and uploads this to Gerrit. However, Gerrit has its
own REST API which allows cherrypicking. Using this API directly has two
advantages:
1) We don't need to perform any local checkouts, so it's much faster,
and
2) The cherry-picked commit is marked as a cherry-pick by Gerrit,
which means Rubber-Stamper-Bot will treat it as a cherry-pick.
The implementation for now is very simple, and doesn't support things
like cherry-picking multiple revisions or applying an additional local
patch. It does, however, increment the patch value in v8-version.h, and
tries to set Owners-Override +1.
Bug: v8:12849
Change-Id: Ie242dbec6b3d24f5118d601e9d326465d190a8f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644609
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81072}
Add a missing check to reject illegal sections.
The test is added in three forms, to give fuzzers more food: A fuzzer
regression test for the streaming fuzzer, a unit test for the streaming
decoder, and an mjsunit test for streaming compilation.
Drive-by: Remove a redundant line in the synchronous decoder (this is
already handled by the following statement.
R=ahaas@chromium.org
Bug: chromium:1335023
Change-Id: Ic8c3b301f1b58981c7d68eafcffc89531ed2c64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698549
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81071}
The mid-tier register allocator keeps values in stack slots for too
long. This is incompatible with left-trimming, therefore we cannot
enable it for JS functions.
Bug: chromium:1335054
Change-Id: I61ab97d4fbfcbb81319e611a64a6454e050a1d65
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695266
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81070}
This CL splits two mjsunit files and skips the ones
which take the longest on the simulator and cause a timeout.
Change-Id: I89be764dc2d7684b401690a23bf53a3ef6384d16
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693667
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81065}
GCC fails to compile extract_first_nonzero_index because of the
signedness type mismatch in the NEON intrinsics.
Bug: chromium:819294
Change-Id: I9b73e5fa1d5fbf161740ab1b5d77f5c494369dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693709
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81063}
Use the "convert" parameter to SequentialStringKey to construct one-byte
strings out of two-byte input vectors, where appropriate.
Change-Id: I8a214b3960c677614d6f82ed3b29405e2e493e81
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2557981
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81062}
Run mem in simulator may be occurs segments fault. This cl to fix it.
If value of reg is small int, it should be smi.
Change-Id: I60b4eb8c959bc9f86ae28718ff6dd54ecf40a6ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3698757
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81061}
The module's "prefix hash" is based on a prefix of the module bytes that
starts at the beginning of the module and stops at the code section.
In the case of the streaming decoder, if the code section is empty,
`AsyncStreamingProcessor::ProcessCodeSectionHeader()` is never called,
and we keep accumulating bytes in the hash after the code section. Fix
this by always calling into the streaming processor even if the code
section is empty.
R=ahaas@chromium.orgCC=clemensb@chromium.org
Bug: chromium:1334651
Change-Id: Id2a03468b355867868e589523c994c268c7b4eaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695564
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81060}
Currently, PageAllocator assumes that FreePages(start, size) will always
be called on the same region that was passed to AllocatePages(start,
size). This assumption is made in:
1) leak-sanitizer (LsanPageAllocator) that checks it explicitly,
2) on Windows, FreePages() calls VirtualFree() with zero-size and
MEM_RELEASE, which causes the entire reservation to be freed.
The CL temporarily fixes the bot failures just by holding the unneeded
half and adds a TODO to return the unneded part back to the OS.
Bug: chromium:1325007
Change-Id: I2bd878876d43d693cf2138020f410ffe1615b4e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695363
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81059}
Compaction currently considers only backing store pointers as slots and
those are uncompressed. The CL fixes the tests to use raw pointers
instead of Members.
Bug: chromium:1325007
Change-Id: I2ddfffeeab396552bb7cf31b2bd8502ebc2921fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695590
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81056}
