Forward reference resolution writes didn't have a write barrier,
which means the slot wouldn't be recorded if there was an active
slot recording marker running.
Now use the same SlotAccessor interface as the other deserializer
writes, to make sure that the correct write barrier is called.
As a drive-by, clean up SlotAccessorForHeapObject into two static
constructors, to differentiate between access by slot index and
offset.
Fixed: v8:11065
Bug: v8:10460
Change-Id: I5b3a3d94057763324d6e1727d96b65c73ba5d7b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504263
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70839}
The flag has been enabled by default for two version now, so it is time
to remove it.
R=binji@chromium.org
Bug: v8:9921
Change-Id: I833e04a3f9d238e7bcf27e93148c9492776af3c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2402034
Reviewed-by: Ben Smith <binji@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70838}
This is a reland of 397ddfee06
The benchmark does not expect the counter anymore, so we can reland
the CL now.
Original change's description:
> [wasm] Remove V8.LiftoffCompileMicroSeconds counter
>
> The counter gets created but isn't used anywhere.
>
> R=clemensb@chromium.org
>
> Bug: v8:10933
> Change-Id: I480e601f8118475a3ce750ba97fdae6780342d49
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497166
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70756}
Bug: v8:10933
Change-Id: I74c490916efa8ddf80491097fe358865d3bfab2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498697
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70837}
This replaces kBytecodeToBuiltinsMapping (an array with currently 549
32-bit integers = 2196 bytes) with kWideBytecodeToBuiltinsMapping which
is an array of uint8_t with only 183 values. The new array contains just
the mappings from wide handlers to builtins but only once since the
mapping is the same for extra wide handlers. (No mapping array is
required for normal handlers since they map 1:1).
This reduces d8's binary size by 2008 bytes on x64.
As a result Interpreter::GetBytecodeHandler will be slightly slower than
before, but its only use in non-test code is in
Runtime_DebugBreakOnBytecode which does not need to be fast.
Bug: v8:11066
Change-Id: Iafc28fba2d1b62c1d49ceabe731d8b52a82dd2fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502291
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70836}
Within "ExecuteCompilationUnits", we now have separate events for
baseline compilation and top-tier compilation. But there is still a
larger chunk that is not reflected in the default "v8.wasm" category
yet: wrapper compilation.
This CL adds a trace event for that.
R=ahaas@chromium.org
Change-Id: I0e74b8f5f95f7a6d674582f2d386cc58d4ad547a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502344
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70835}
This is a reland of d7ece57e20 with
a fix to failures on NumFuzz.
Original change's description:
> [turboprop] Add a slot for optimization marker in feedback vector
>
> Optimization marker and the optimized code used to share the same slot
> in the feedback vector as they were mutually exclusive. With turboprop
> we would want to mark the function for tier up to Turbofan while holding
> the optimized code for Turboprop. So this cl uses the existing padding
> field to hold the optimization marker instead.
>
> As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function
> and fixes a minor bug in Runtime_GetOptimizationStatus.
>
> Bug: v8:9684
> Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70789}
Bug: v8:9684
Change-Id: Ie6aa3c061a852bb047b5921e4e747d43505568e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502871
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70834}
The value of a node was accessed without prior HasValue check. With
WebAssembly this node is not guaranteed to be a value.
R=mslekova@chromium.org
Change-Id: I62170183f3940a04b0550dfbb78cb49d2f5d7f72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504250
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70833}
The current tracing (in the "v8.wasm" category) has no indication about
the compilation tiers, which makes it hard to see when baseline
compilation finished and how long top tier compilation takes. The
disabled-by-default "v8.wasm.detailed" category on the other hand is
much too detailed for bigger modules, such that we run into a tracing
buffer overflow pretty quickly, and lose subsequent events.
This CL adds general trace events for baseline compilation and top tier
compilation, which are not per-unit but per-thread. Hence their number
is much lower than the number of events in "v8.wasm.detailed". Because
the events for baseline compilation and top tier compilation have
different colors, it's pretty easy to see whether baseline compilation
or top-tier compilation happens.
R=ahaas@chromium.org
Change-Id: Ic581a335f74018681fa552d14b81c48217b5a80c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502337
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70832}
We made array-concat run faster in https://crrev.com/c/2504853.
Bug: v8:7783
Change-Id: Iabefb58f92e24ffa4e0589a7c8b9e2b3e12c6e47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504859
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70831}
.. if --enable-embedded-constant-pool (ppc-only) is not set. In this
case, the field simply doesn't exist, so we shouldn't read from it,
and definitely not write to it.
Tbr: leszeks@chromium.org
Bug: v8:11036
Change-Id: I8b2cf8cdd084f29060377790c882850bd9ec43c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504255
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70830}
The immediate might not be 2 bytes from start of instruction, because
the opcode is leb encoded.
Bug: chromium:1143053
Change-Id: I3c514e771419470ce34e02d4faa24e9e59676aa6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504852
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70828}
.. and add a --text-is-readable flag to support non-readable .text
sections.
This splits the embedded blob hash into two dedicated hashes for data
and code sections. The main benefit is that we can now keep at least a
partial hash even with non-readable .text sections.
The second part of this CL adds a --text-is-readable runtime flag to
support such platforms (with non-readable .text).
It currently doesn't do much; setting it enables a few additional
DCHECKs, disables the constant pool on x64, and and disables
verification of the embedded blob's *code* hash.
Bug: v8:10707
Change-Id: Ib91ed8b50b50f2cd81677f62920bea6fb92af453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504251
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70827}
Currently MockPlatformForUnmapper has shorter lifetime than the isolate that
uses it. This leads to use-after-free races in concurrent tasks that fetch
the mock platform just before it is freed.
This CL ensures that MockPlatformForUnmapper is valid throughout the whole
lifetime of the isolate
Change-Id: I94a658bf7eb70d924a19522dab09744f21782972
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502809
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70826}
This test creates an array that is 500000 elements long. Calling
assertEquals on this with another array is really slow, especially on
simulator runs. Most of this array is empty, only the first few elements
and last few elements contain meaningful items, so we check those
specific indices.
On a local run this test goes from ~250s (--jitless) or ~111s to <1s.
out/arm64.build/d8 --test test/mjsunit/mjsunit.js
test/mjsunit/array-concat.js --random-seed=1 --nohard-abort
--testing-d8-test-runner [--jitless]
(using --jitless makes the test even slower)
Bug: v8:7783
Change-Id: I660d3a9f1b3fe3afaa58fce28f493641059ba226
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504853
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70825}
When switching buffers, the last_call_pc_ should be adjusted like
pc_, because the buffer's start address is changed.
Besides, add a missing BlockTrampolinePoolScope.
Change-Id: Iee6d9795a256e041bb2dbf7d8ca63f346a248539
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504855
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#70823}
The embedded metadata section is the off-heap equivalent to an on-heap
Code object's metadata section. It contains no executable data, thus
.rodata is the natural home for it. Another motivation is that some
platforms do not grant read permissions on the .text section.
Embedded blob stats before:
EmbeddedData:
Total size: 1322944
Data size: 25952
Code size: 1296992
And after:
EmbeddedData:
Total size: 1323372
Data size: 121452
Code size: 1201920
(Slight size increase due to additional padding.)
Bug: v8:11036,v8:10707
Change-Id: Ib6b54a7e947966c7bd2fcc1e7e44c85e352f0063
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502334
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70822}
This CL extracts some functionality from inspector-test.cc to be reused
by the inspector fuzzer.
It also puts all functions in the v8::internal namespace, and adds
separate functions in v8::internal to be called by ::main such that
we have direct access to the full namespace there.
R=szuend@chromium.org
Bug: chromium:1142437
Change-Id: I671317822bdc1c721334469811893affcc460f8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501847
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70821}
This is a reland of df34fb9534
Original change's description:
> [wasm-simd] Add more test cases for load lane
>
> Test load lane using memarg offset immediate, and also test all
> supported alignments.
>
> Bug: v8:10975
> Change-Id: Iac7e9f7e335bd86528a8723b04df97a17d7a7f66
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500928
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70816}
TBR=bbudge@chromium.org
Bug: v8:10975
Change-Id: I286776b351ecd3c78d56bec20c02a3ba283213df
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504851
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70820}
This reverts commit df34fb9534.
Reason for revert: Broke msvc compile https://ci.chromium.org/p/v8/builders/ci/V8%20Win64%20-%20msvc/15566
Original change's description:
> [wasm-simd] Add more test cases for load lane
>
> Test load lane using memarg offset immediate, and also test all
> supported alignments.
>
> Bug: v8:10975
> Change-Id: Iac7e9f7e335bd86528a8723b04df97a17d7a7f66
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500928
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Reviewed-by: Bill Budge <bbudge@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70816}
TBR=bbudge@chromium.org,zhin@chromium.org
Change-Id: Ia80d167846dac99070e6e9d280dd4ea53455af30
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:10975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504850
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70817}
Test load lane using memarg offset immediate, and also test all
supported alignments.
Bug: v8:10975
Change-Id: Iac7e9f7e335bd86528a8723b04df97a17d7a7f66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500928
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70816}
SSE instructions which access 16 bytes of data from the memory
requires aligned access. So we force these instructions to be
registers, since we don't have the correct memory alignment yet.
Bug: v8:9198
Change-Id: I0f654efb95da26b1adc27022747ff45c4d6c5d04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500934
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70815}
This is a follow up change to https://crrev.com/c/2499294.
SSE instructions require memory operands to be 16-byte aligned, which we
cannot guarantee yet. So we force the operands to be registers in the
instruction selector.
AVX instructiosn (VEX-encoded) support unaligned memory operands, but
can have performance reductions if it crosses cache lines. For
simplicity we also force the operands to be registers.
In the codegen we can remove the case where the operand is not a
register, and also for SSE assert that dst == src.
Bug: v8:9198
Change-Id: Ibee33896dc9cc4e97d792c5b7bdf5e66ce34de9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500924
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70814}
pshufb is a SSSE3 feature and so requires the scope before using.
Change-Id: I42cf252079ba9aa9b09c2197a0e20b90ebc27b5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500927
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70813}
And remove all ifdefs guarding the tests.
Bug: v8:11038
Change-Id: I91487a4bd60b6f2e327d1c2348289e446d6e93d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501967
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70811}
This is a reland of dde9376860
Original change's description:
> Add int64_t min and max to value helpers for test
>
> And also fix up a truncate float to int test that was using
> int list as input instead of a float list.
>
> Change-Id: I544e38b2d212f8d11dfb5758db4fe6b283acae0d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2419654
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70774}
Change-Id: Id196ea40eaf616d784d644346b912f1561fd97a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2500926
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70810}
The displacement for vlbr and vstbr is a 12-bit unsigned integer.
If a greater offset is passed we must fall back to using
lrvg and strvg.
Change-Id: I34107b82960a4d4de99fbf8b9324b13d9a455e67
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504190
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Joran Siu <joransiu@ca.ibm.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70809}
- Created status enum with statuses kStarted, kAlreadyStarted and
kErrorTooManyProfilers, returning when StartProfiling is invoked
- Tests spin up one profiler, check kStarted returned; spin up
another with same name, check kAlreadyStarted returned; Spin up 99
more profilers (100 total), check each returning kStarted, and
one more, expecting 101st to return kErrorTooManyProfilers
R=acomminos@fb.com, petermarshall@chromium.org, ulan@chromium.org
Change-Id: I64e2e6396775f90f9f49f75331a075a47efa7fca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2486240
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70808}
Port 965916c7ec
Original Commit Message:
The actual number of double regs available on arm depends on the
current CPU. In some cases, we care about the max count of double regs
(e.g. around Save/RestoreFPRegs which always reserves spaces for the
max); in others, we care about the actual count.
Use DwVfpRegister::kNumRegisters to fetch the max (= 32).
Use DwVfpRegister::SupportedRegisterCount() for the actual count (16
or 32).
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I55ef4a14b4a7676d9773f57ea66149a069c70448
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502810
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#70807}
- Adds a method to tell V8 that the process is cross-origin-isolated
under COOP+COEP. In this case, SharedArrayBuffer can be enabled.
Bug: chromium:923807
Change-Id: I729093665a50d2b3667c028e05b42d21d76b12d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502448
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70805}
Wrapper nodes are merged into their corresponding C++ object nodes
when the reference between C++ and JS object has a wrapper class id
set.
Instead of iterating all global handles and checking for those with
class ids, the new algorithm discovers them while iterating C++
objects.
Note: Additional wrapper nodes, e.g., those from isolated worlds in
Blink are not merged.
Bug: chromium:1056170
Change-Id: I6dff8992e41d7a1a2c3b99a115a53df6b6fbb64c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2499661
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70804}
This reverts commit d7ece57e20.
Reason for revert: failures on NumFuzz
https://ci.chromium.org/p/v8/builders/ci/V8%20NumFuzz%20-%20debug/11818?
Original change's description:
> [turboprop] Add a slot for optimization marker in feedback vector
>
> Optimization marker and the optimized code used to share the same slot
> in the feedback vector as they were mutually exclusive. With turboprop
> we would want to mark the function for tier up to Turbofan while holding
> the optimized code for Turboprop. So this cl uses the existing padding
> field to hold the optimization marker instead.
>
> As a driveby, removes unused JSFunction::ClearOptimizedCodeSlot function
> and fixes a minor bug in Runtime_GetOptimizationStatus.
>
> Bug: v8:9684
> Change-Id: I18c551a69648a0837d16c5453d023c0b295b1521
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2467836
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70789}
TBR=rmcilroy@chromium.org,mythria@chromium.org,jgruber@chromium.org
Change-Id: Ia9894fef713a522b9c3d349bef4abcde3e1e1832
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502870
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70803}
cppgc must support the same feature set as the existing unified heap
system, which requires support for wrapper-specific handling (drop on
Scavenge, merge in snapshot).
Replace JSMember by TracedReference to support IsRootForNonTracingGC()
optimizations out of the box. cppgc support for wrapper/wrappable
pairs will be added as followup.
Change-Id: I3c6eff2b8dce5b71b04b2bd75182eb8672079a64
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498685
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70801}
Add an initializer to the Serializer::allocation_size_ field so that the
array is value-initialized to zero.
Change-Id: I3bd9ecae63d9083e41cce4fbbfedc36ff5f0f741
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502868
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70800}
- Remove ic-processor.html since it's been fully integrated in the
system-analyzer
- Use new tools/system-analyzer/processor.mjs for command line
ic-processor
- Update tools landing page
- Partially fix dependencies on web specific components in helper.mjs
Bug: v8:10644
Change-Id: I0c99ff7c7859684e53aa3ab22489b1a8242e1a6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498606
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70799}
This reverts commit 7ce5dd6e5a.
Reason for revert: Clusterfuzz saw an issue, which is an m87 blocker.
Reverting and will re-assess & reland later.
Bug: v8:7790, chromium:1137594
Original change's description:
> Reland "[compiler] Replace Symbol with direct reads"
>
> This is a reland of d3b295fa52
>
> Got speculatively reverted in https://crrev.com/c/v8/v8/+/2403256 but
> doesn't seem to have been causing the TSAN failures
>
> Original change's description:
> > [compiler] Replace Symbol with direct reads
> >
> > Bug: v8:7790
> > Change-Id: I49120a6349777fd992a97d697940e79b2e71dbd1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2400988
> > Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> > Reviewed-by: Georg Neis <neis@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#69812}
>
> Bug: v8:7790
> Change-Id: I459f4bfc881c641258dcc46fc55fce21f9e03dec
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2403921
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Commit-Queue: Georg Neis <neis@chromium.org>
> Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#69822}
TBR=neis@chromium.org,solanes@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:7790
Change-Id: Iec7d708510702a9168c6ad9a7373584f107af739
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502333
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Auto-Submit: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70798}
This CL provides synchronized get/set to feedback vector slots.
The FeedbackNexus is set up to use order preserving reads when used
on the background thread, and a lock to ensure coherent read
of information for ICKinds with two slots. The main thread takes
the lock on sets.
This test provides patterns to be followed by concurrent TurboFan.
We don't yet access the FeedbackVector on the background thread.
This CL only makes it safe to do so. The next step will come when
the optimizing compiler begins to query the the vector from the
background thread. Currently, with --concurrent-inlining turned on
this is done in bytecode serialization on the main thread. Without
concurrent inlining, it's also done on the main thread, in both
cases using the FeedbackNexus.
Bug: v8:7790
Change-Id: I49d8b8031190f91a0da1c24f375b6b6d8a9fe038
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2276210
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70797}
The number of available double registers depends on supported CPU
features on arm. Any code that applies to all double regs must be
extra-careful to correctly handle either 16 or 32 registers.
This was not the case for deopt entries, which were recently moved
from a runtime-generated code stub to a mksnapshot-time-generated
builtin.
This CL fixes the issue by inspecting the runtime value of cpu
features and acting on it.
Bug: v8:8661,chromium:1142158
Change-Id: I6f4d2e6ee6a80217b9110194b8e1edbe8670d8d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498686
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70796}
The actual number of double regs available on arm depends on the
current CPU. In some cases, we care about the max count of double regs
(e.g. around Save/RestoreFPRegs which always reserves spaces for the
max); in others, we care about the actual count.
Use DwVfpRegister::kNumRegisters to fetch the max (= 32).
Use DwVfpRegister::SupportedRegisterCount() for the actual count (16
or 32).
Bug: v8:11062
Change-Id: I7d0c3f1263433ef5dc8efa69a68dff92a7168ae6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501842
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70795}
This reverts commit 44f46defcf.
Reason for revert: Causes failure in linux 64 fyi bots.
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20fyi/18646?
Original change's description:
> [turboprop] Pass required parameters as value inputs to TierUpCheck node
>
> TierUpCheck node tail calls interpreter entry trampoline when additional
> processing is needed for tiering up. Calling IET requires target,
> new_target, input count and context as parameters. Earlier these were
> created as parameter nodes in effect-control-linearizer. This causes
> problems with Turboprop since TurboProp doesn't use the second scheduler
> and cannot reschedule these nodes to the start block. We should instead
> create these parameter nodes in bytecode-graph-builder and pass them
> as value inputs to TierUpCheck node.
>
> Bug: v8:9684
> Change-Id: Icfe5a33b4e628d5a3ba9a3121b2b0746be6aed5c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498695
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Commit-Queue: Mythri Alle <mythria@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#70790}
TBR=rmcilroy@chromium.org,mythria@chromium.org,jgruber@chromium.org
Change-Id: I66cd8a90efb39378c99e18f35548a1490b5e413a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: v8:9684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501846
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70794}
This addresses comments from [0] by extending comments to also
describe embedded builtins in code.h, and by improving language
around various meaning of 'metadata':
- The Code object's metadata section is still called 'metadata'.
- The embedded blob's table of layout descriptions for builtins is
now called 'layout descriptions'.
- The embedded blob's data section (containing hashes and layout
descriptions) is now called 'data' section.
[0] chromium-review.googlesource.com/c/v8/v8/+/2491025
Bug: v8:11036
Change-Id: Ibe84fddb9784cc5d3b66482612dcdb7a2e8d14ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501284
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70793}
We kept the CodeMap filled with entries between profiles, even in
kLazyLogging mode which will re-fill the CodeMap when profiling starts
again. See the bug for more details.
This fix manually clears the CodeMap after the last profile is deleted.
We already call DisableLogging() when the last profile is stopped. At
this point we still need the CodeMap alive because the profile object
we expose via the API is backed by the CodeEntry objects in the CodeMap.
Once the last profile is deleted though, we can empty the CodeMap.
There is still another bug, which is that we never delete CodeEntry
objects for deleted code, as there are no CodeDeleteEvents from the GC.
We will work on that separately, but this fix should stop those leaks
accumulating between profiles as we wipe the CodeMap entirely between
profiles (at least for kLazyLogging mode). kEagerLogging mode still has
this problem and will only be fixed by introducing CodeDelete events or
similar.
Bug: v8:11051
Change-Id: Iab9570747d17c657e6e318d434f935af8047d05f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491033
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70792}
