Commit Graph

3491 Commits

Author SHA1 Message Date
Nico Hartmann
79efc8f090 Revert "[wasm-gc] Introduce wasm null object"
This reverts commit 2e357c4814.

Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux%20MSAN%20no%20origins/33231/overview

Original change's description:
> [wasm-gc] Introduce wasm null object
>
> We introduce a wasm null object, separate from JS null. Its purpose is
> to support trapping null accesses for wasm objects.
> This will be achieved by allocating a large payload for it (larger than
> any wasm struct) and memory-protecting it (see linked CL). The two null
> objects get mapped to each other at the wasm-JS boundary.
> Since externref objects live on the JS side of the boundary,
> null-related instructions in wasm now need an additional type argument
> to handle the correct null object.
>
> Bug: v8:7748
> Change-Id: I06da00fcd279cc5376e69ab7858e3782f5b5081e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200639
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85648}

Bug: v8:7748
Change-Id: Ie53febf49b946217e0057959c757d811a97ca1eb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4219105
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85649}
2023-02-03 16:57:44 +00:00
Manos Koukoutos
2e357c4814 [wasm-gc] Introduce wasm null object
We introduce a wasm null object, separate from JS null. Its purpose is
to support trapping null accesses for wasm objects.
This will be achieved by allocating a large payload for it (larger than
any wasm struct) and memory-protecting it (see linked CL). The two null
objects get mapped to each other at the wasm-JS boundary.
Since externref objects live on the JS side of the boundary,
null-related instructions in wasm now need an additional type argument
to handle the correct null object.

Bug: v8:7748
Change-Id: I06da00fcd279cc5376e69ab7858e3782f5b5081e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4200639
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85648}
2023-02-03 16:06:12 +00:00
Leszek Swirski
81aa89592b [ptrcomp] Remove the distinction of TaggedAny and TaggedPointer
Known-pointer decompression used to be distinct from any-tagged-value
decompression, since the latter used to detect Smis and decompress them
with sign extension. However, we got rid of this distinction when we
introduced Smi-corrupting loads (allowing the top 32-bits of
uncompressed Smis to be undefined), which means that the TaggedPointer
and TaggedAny decompression is now identical.

We can remove a bunch of duplicate code by removing this distinction.

Change-Id: Id66671497d63ed885f9e537494c011317dfd4788
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221398
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85647}
2023-02-03 15:46:34 +00:00
pthier
5080c7727a [regexp] Add UseCounter for invalid regexp with /v, but valid with /u
Some patterns that were valid with /u are invalid with /v.
This CL adds a UseCounter for such usages in /u to get an idea how often
they are used in the wild.
This is important information w.r.t the proposal to use /v instead of /u
for the pattern attribute (http://go/gh/whatwg/html/pull/7908).

Chromium CL: https://crrev.com/c/4221395

Bug: v8:11935
Change-Id: Idc023ceba9ce03eee578d6c387ce8a8f37db292f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4212393
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85639}
2023-02-03 09:49:49 +00:00
Clemens Backes
e33c3a09b3 Disable the use of preserve_most on arm64 Windows
We see crashes on arm64 on Windows. Disable the use of preserve_most
there, until we figure out (and fix) the root cause.

R=mlippautz@chromium.org

Bug: chromium:1409934
Change-Id: Ic913039d36d158fb5ad368915d95c250d8724a07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4218354
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85634}
2023-02-02 16:37:59 +00:00
Anton Bikineev
d469a70049 cppgc: Fix CombinedWriteBarrierSlow()
The function relied on passed pointers always being compressed, which
is no longer the case with subtle::UncompressedMember<>.

Bug: chromium:1412021, chromium:1412221

Change-Id: I531e41d24fcab34e527db99f8047123f254e8a74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4217411
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85623}
2023-02-02 13:38:39 +00:00
Clemens Backes
8b231d80ca [wasm] Remove deprecated CPU timings in metrics
The fields were deprecated in https://crrev.com/c/4079227; remove them
now.

R=mlippautz@chromium.org

Bug: v8:13565
Change-Id: I02429bd050fde42873fc77de9151337cccb16411
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4083069
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85594}
2023-02-01 14:29:41 +00:00
Anton Bikineev
02afcd6b05 cppgc: Introduce subtle::UncompressedMember
Some very hot getters in Blink can spend many cycles on decompression.
We're planning to optimize such paths by selectively using uncompressed
pointers.

Change-Id: I78af751c423c56010a794448450032c66f8fa244
Bug: chromium:1410145
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4191778
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85508}
2023-01-26 23:51:28 +00:00
V8 Autoroll
d60b62b0af Version 11.2.0
Change-Id: I6955fe190f0abf431d55ab13283df95e60b867cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4196119
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85489}
2023-01-26 12:22:26 +00:00
Marja Hölttä
0ea9064e39 [compile hints] Collect compile hints data in v8
This adds the APIs for the embedder to
1) request compile hints collection for a script
2) retrieve the compile hint data

Bug: chromium:1406506
Change-Id: Ic23430d3cff9fe71faa71f4c7be6635467e14268
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4154427
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85461}
2023-01-24 16:14:23 +00:00
Tobias Tebbi
b691cca3de [runtime] add protector for String/Number prototype @@replace lookup
This improves performance of `String.prototype.replace` by avoiding
a runtime call in the case of strings.

Change-Id: Id2339defa660b28ffde3d2e116c0a666ad1bfb1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173577
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85437}
2023-01-23 15:55:52 +00:00
Jakob Kummerow
4724f988ae [profiler] Support WasmGC objects in heap snapshots
Since the heap snapshot generator is based on generic objects-visiting
infrastructure, it already reported all objects, but it showed WasmGC
objects as generic "system" objects. This patch adds proper categorization,
including support for named types and fields.

Bug: v8:7748
Change-Id: I1b0997059c9cf0290fe5d6c5402412ba09ecf143
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4181031
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85435}
2023-01-23 14:21:36 +00:00
Michael Lippautz
48e79783ee cppgc: Optimize MakeGarbageCollected
Annotate slow path call for creating a new GCInfo accordingly. This
path will only hit for the first object allocation for a given type.
All subsequent allocations will use the fast path.

Bug: chromium:1408821
Change-Id: Ifc1d3491a94b30dfeee1a2c9679c64939025fefe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4161752
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85408}
2023-01-19 18:46:28 +00:00
Paolo Severini
11a63fa8d2 [sandbox] Reduce max size of ExternalPointerTable on Android
Bug: v8:13661
Change-Id: Iec08bc81fc2d42b728a05bbbe51c765d3982427c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4173595
Reviewed-by: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#85347}
2023-01-17 16:58:54 +00:00
Clemens Backes
cfdb4e0791 Reland "Use preserve_most calling conventions for Zone::Expand"
This is a reland of commit 48fee7d232.
We now use the "COMPONENT_BUILD" macro to disable preserve_all, which
covers more uses (like building libbase or libplatform, where we would
otherwise have to check for BUILDING_V8_BASE_SHARED or
BUILDING_V8_PLATFORM_SHARED).

Original change's description:
> Use preserve_most calling conventions for Zone::NewExpand
>
> The zone uses bump allocation in the fast-path, and falls back to
> allocating a new segment if there is not enough space.
> Since this is rarely executed and zone allocations happen a lot, we
> should mark `Zone::NewExpand` as "preserve_most" to make
> `Zone::Allocate` as fast and slim as possible.
>
> R=bikineev@chromium.org, leszeks@chromium.org
>
> Change-Id: I0d592a35440bc3d61ca04425fc2f98c8a8bbbaae
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4146436
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85258}

Change-Id: I1413d47d84f384a724850a6f5b60adf75bba84f8
Cq-Include-Trybots: luci.v8.try:v8_win64_dbg
Cq-Include-Trybots: luci.v8.try:v8_win_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162931
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85310}
2023-01-16 11:46:54 +00:00
Matthias Liedtke
debcabf7b5 [wasm-gc] Add callback for Wasm GC origin trial
The callback can be used to enable / disable Wasm GC from Chrome or
other users. For more simplicity and as many users of Wasm GC also use
stringrefs, enabling it via the callback will also stringrefs.

Bug: v8:7748
Change-Id: I474034eabe438f0ce9759c1d34dda12a99aa491e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4165090
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85306}
2023-01-16 09:49:46 +00:00
Michael Lippautz
c020a31092 cppgc: Change calling convention for slow write barrier bailout
Change the calling convention for the slow write barrier call to allow
callers to avoid saving caller-saved registers.

Bug: chromium:1406464
Change-Id: I314bdacb235727e0e78a192ed7cbff09e9bc6b4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156476
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85254}
2023-01-12 14:23:01 +00:00
Paolo Severini
1ef43e7ba9 [sandbox] Increase max size of ExternalPointerTable
Bug: v8:13640
Change-Id: I017a067d775c71977054b772ead8853e4df0cd51
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4159852
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85249}
2023-01-12 12:31:10 +00:00
Dominik Inführ
7777e0321d [api] Deprecate memory savings mode
This mode was used for an experiment and isn't used anymore.
IsolateInBackgroundNotification() can be used to achieve the same
memory savings mode.

Bug: v8:13653
Change-Id: I4bc0b0bd7ceac43f22e16b234b9482af9fe03152
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156054
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85239}
2023-01-12 09:14:01 +00:00
Michael Lippautz
24ca73004e cppgc: Implement slim write barrier
Introduces a slim write barrier for Oilpan behind
`cppgc_enable_slim_write_barrier` that is enabled by default. The slim
write barrier only performs a single approximate global check for
whether the write barrier is needed and delegates all other checks to
a slow path call. This is beneficial in configurations that do not need
many checks for the barrier overall, i.e., configurations without
young generation. Young generation is off by default which is why this
approach is beneficial.

On Speedometer the write barrier is hit 75M times with a fast bailout
of 99.3%. Progression on Speedometer2 is somewhere around 0.2-0.5%.

The resulting code embedded in another function is only 34 bytes
compared to 128 bytes before. See attached bug for detailed assembly
snippet.

Change-Id: I6869513186e7a26104c46f1f2ac2cfa855689f64
Bug: chromium:1406464
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4152488
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85232}
2023-01-11 18:54:57 +00:00
Clemens Backes
080e281820 Reland "[x64] Make {Assembler::GrowBuffer} preserve most registers"
This is a reland of commit 8fe57bf641.
We restrict the use of "preserve_most" to x64 and arm64 in
non-component builds for now.

Original change's description:
> [x64] Make {Assembler::GrowBuffer} preserve most registers
>
> This makes many callers of {GrowBuffer} a lot slimmer, by avoiding the
> need to push and pop all values in otherwise caller-saved registers.
> E.g. {emit_mov(Register, Operand)} was measured to be ~2x faster (from
> 2.3% of Liftoff compilation time to 1.2%).
>
> R=bikineev@chromium.org
> CC=dlehmann@chromium.org
>
> Bug: v8:13565
> Change-Id: I681747a491548adf1374187cd9f37520c153ef1a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127230
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85147}

Bug: v8:13565
Change-Id: I273e222b423786fdc0338c7dfab3d95c8af6ff13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147788
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85231}
2023-01-11 17:53:05 +00:00
Leszek Swirski
b985e8d83b Revert "[x64] Make {Assembler::GrowBuffer} preserve most registers"
This reverts commit 8fe57bf641.

Reason for revert: Looks like preserve_most is too experimental after all: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20shared/24208/overview

Original change's description:
> [x64] Make {Assembler::GrowBuffer} preserve most registers
>
> This makes many callers of {GrowBuffer} a lot slimmer, by avoiding the
> need to push and pop all values in otherwise caller-saved registers.
> E.g. {emit_mov(Register, Operand)} was measured to be ~2x faster (from
> 2.3% of Liftoff compilation time to 1.2%).
>
> R=​bikineev@chromium.org
> CC=​dlehmann@chromium.org
>
> Bug: v8:13565
> Change-Id: I681747a491548adf1374187cd9f37520c153ef1a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127230
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#85147}

Bug: v8:13565
Change-Id: I80207ab3cc84958c3c453e63cc4062a408e05a27
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4147787
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#85149}
2023-01-09 15:13:11 +00:00
Clemens Backes
8fe57bf641 [x64] Make {Assembler::GrowBuffer} preserve most registers
This makes many callers of {GrowBuffer} a lot slimmer, by avoiding the
need to push and pop all values in otherwise caller-saved registers.
E.g. {emit_mov(Register, Operand)} was measured to be ~2x faster (from
2.3% of Liftoff compilation time to 1.2%).

R=bikineev@chromium.org
CC=dlehmann@chromium.org

Bug: v8:13565
Change-Id: I681747a491548adf1374187cd9f37520c153ef1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4127230
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85147}
2023-01-09 14:33:52 +00:00
Vladimir Nechaev
ca3a939da8 [inspector] Provide more details about destroyed context
Runtime.executionContextCreated provides many details in
ExecutionContextDescription structure while
Runtime.executionContextDestroyed provides only executionContextId. This
information is insufficient for the clients that use uniqueContextId.

Bug: v8:12896
Change-Id: I31df0ed618dc1c8b55c7eba8f96eeaef2d4de6c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3657439
Commit-Queue: Simon Zünd <szuend@chromium.org>
Auto-Submit: Vladimir Nechaev <nechaev@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85110}
2023-01-05 09:27:47 +00:00
gengjiawen
166fd2f38f [cppgc]: Fix build on msvc
Fixes compilation with msvc 2019 toolchain.

See: nodejs/node#37330 (comment)

Bug: v8:12661
Change-Id: I7cfd87a3dd531a2e4913d82b743fb8ecdfdb5ed8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3533019
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85087}
2023-01-04 10:12:56 +00:00
Michael Lippautz
a8a1805e12 [api, heap, handles] Remove deprecated EmbedderHeapTracer
This removes EmbedderHeapTracer from V8's API. Going forward
v8::TracedReference is only supported with using CppHeap (Oilpan).

Bug: v8:13207
Change-Id: I4e0efa94890ed147293b5df69fd7e0edad45abb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111546
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85061}
2023-01-02 15:17:40 +00:00
Vladimir Nechaev
28cb67cdec Runtime.callFunctionOn supports uniqueContextId
Bug: v8:13620
Change-Id: I802deb3325a5c8ac9e7e378d60be591af66e6fee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4126215
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Vladimir Nechaev <nechaev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85027}
2022-12-28 10:45:28 +00:00
Olivier Flückiger
f6d85958e0 [static-roots] Use operator== in HeapObject::Is##Type
Replace SafeEquals with normal equals operator in `IsUndefined` and
friends. This will allow us to have more efficient checks with static
roots, since pointers do not need to be decompressed.

After this change calling Is##Type on CodeObjects is no longer possible.
This is ensured by dchecks in operator==. The change might reveal more
callers that need to be fixed.

Bug: v8:13466
Change-Id: I3353d10aebb7a192a77281c44e4159f0da336297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4106849
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84974}
2022-12-21 12:33:34 +00:00
Anton Bikineev
e29e64e729 unified-young-gen: Filter custom weak callbacks
Oilpan young generation currently remembers all weak callbacks to be
processed on each GC. This is needed to support UntracedMembers in the
old space. If the old object with UntracedMember (e.g.
ActiveScriptWrappableManager) holds a pointer to a young object, the
custom weak callback must be reexecuted on each minor GC, because the
custom callback is responsible for clearing UntracedMembers.

This is not necessary for weak containers. They hold WeakMembers, for
which we issue the regular write barrier. The CL distinguishes between
callbacks for weak containers and for custom objects. This aims to
speeds up weak processing, which currently may take >10ms.

Bug: v8:13475
Change-Id: I6964a6835dc84febddbefb5e2952d57f108d1232
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080470
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84895}
2022-12-16 10:15:12 +00:00
Clemens Backes
4b451843fd [wasm] Deprecate CPU timings in metrics
We do not collect them any more since https://crrev.com/c/4078966
(landed in v11.0), so deprecate the fields now for v11.1.

R=mlippautz@chromium.org

Bug: v8:13565
Change-Id: I6b454cd6591c6489043002226f3c4fd19fdeb7e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079227
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84871}
2022-12-15 14:25:48 +00:00
V8 Autoroll
5b84df0b99 Version 11.1.0
Change-Id: I9250e6a62e5606197a3f08d886d1f1c8f28bbe1e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4108798
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84861}
2022-12-15 10:26:39 +00:00
Shu-yu Guo
4757205b3c [rab/gsab,api] Add resizable BackingStore creation
This CL adds v8::ArrayBuffer::NewResizableBackingStore.

This API is needed to support Mojo cross-process serialization of
resizable buffers. See https://chromium-review.googlesource.com/c/chromium/src/+/4086949

Bug: chromium:1396361, v8:11111
Change-Id: I1d3ad367f28015184fd80fd2f05a37a3659d3a66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4093555
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84826}
2022-12-14 01:54:00 +00:00
Shu-yu Guo
08e95d81d5 [rab/gsab,api] Add v8::BackingStore::MaxByteLength
I originally thought MaxByteLength would only be needed for
v8::ArrayBuffer and v8::SharedArrayBuffer, but it is also needed on
v8::BackingStore.

In particular, blink uses Mojo to serialize ArrayBuffers' contents via
v8::BackingStore when doing cross-process postMessage.

Bug: chromium:1396361, v8:11111
Change-Id: I86d44829175ad760fb43294d386483a16044fc3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4090708
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84767}
2022-12-09 22:45:18 +00:00
Anna Henningsen
ccddea063b [api] mark readonly usage of StartupData as const
This doesn’t have much practical effect, since the actual
byte contents referred to by `StartupData` are already marked
`const`, but adding the qualifier communicates more clearly
to users that V8 does not perform modifications on the object.

Practically speaking, this also allows for cases in which the
startup data is included as readonly data in the current executable
without requiring a `const_cast`.

Refs: https://github.com/nodejs/node/pull/45786#discussion_r1043489245
Change-Id: I53075ebb493c3617e470decb601b803f5294848d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4089203
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84764}
2022-12-09 16:58:44 +00:00
Clemens Backes
068536f109 [wasm] Remove thread timings (CPU time)
On Mac, we spend around 30% of lazy compile time in {ThreadTicks::Now}.
On Linux it's less severe, but still around 10%.
That's too much overhead for measurements that only show up in UKM, so
remove that.

The unused fields will be removed from the UKM events after the plumbing
on the chromium side has been removed.

R=ahaas@chromium.org, mlippautz@chromium.org
CC=​ecmziegler@chromium.org

Bug: v8:13565
Change-Id: I2dad88d899482801888940499d2d1761ff075578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4078966
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84754}
2022-12-09 12:11:22 +00:00
Jaroslav Sevcik
f4fb8fc1f7 [inspector] Introduce debugger session stop API
We introduce V8InspectorSession::stop API to enable safe
detach from the session. In particular, after calling 'stop',
the session will leave any instrumentation pause it might
be in and disarm all its instrumentation breakpoints.

This is useful when the session disconnect request is registered
on V8 interrupt (so it is unsafe to disconnect at that point),
and the execution should first get to the message loop
where the disconnect can be handled safely.

Bug: chromium:1354043
Change-Id: I3caab12a21b123229835e8374efadc1f4c9954c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4085143
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84753}
2022-12-09 12:08:58 +00:00
Shu-yu Guo
90742c6040 [api] Add resizable getters to ArrayBuffer APIs
Adds v8::[Shared]ArrayBuffer::MaxByteLength and
v8::BackingStore::IsResizableByUserJavaScript.

This is needed for embedders who need to check if a buffer is resizable
by user JS, like blink, to check for the [AllowResizable] WebIDL
extended attribute.

Bug: v8:11111
Change-Id: Ie7e03979ef3884123df8a3eeb5c3516c4a6967c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4082276
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84715}
2022-12-07 21:32:31 +00:00
Judith Hemp
8ef8a016dc Add V8StackFrame export
To be able to retrieve structured stacktrace information like the
functionName of single stack frames outsite of v8, this cl adds a
V8StackFrame class and a function to retrieve them from V8StacKFrames.

Bug: chromium:1393317
Change-Id: Idae150aeb03f7b65294c4c6a6979c298a569e6d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4067040
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Judith Hemp <hempjudith@google.com>
Cr-Commit-Position: refs/heads/main@{#84676}
2022-12-06 09:40:43 +00:00
Igor Sheludko
b296ab30f7 [ptr-compr] Mark base() as V8_CONST
... which is an alias for __attribute__((const)) when it's available.

Bug: v8:7703
Change-Id: Ic585f48bc764ccf0c920ff82ba788cf1e88e0cdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4076525
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84633}
2022-12-05 10:43:25 +00:00
Aapo Alasuutari
744570e583 [fastcall] Support external pointers in fast api calls
Bug: chromium:1052746

Change-Id: I3de37ca453b640b7f714e585848ccd068dd9ddbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3957815
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84597}
2022-12-01 14:19:33 +00:00
Mikhail Khokhlov
224cbd2179 [Tracing w/SDK] Replace TraceStateObserver with TrackEventSessionObserver
With v8_use_perfetto = true, tracing sessions are controlled by
Perfetto, not TraceLog. This can lead to inconsistencies, e.g.
TraceLog signalling trace start while V8's TrackEvent datasource
hasn't been initialized yet.

This CL removes the TraceStateObserver interface and replaces its
uses with perfetto::TrackEventSessionObserver which correctly tracks
Perfetto tracing sessions start and end.

See also crrev.com/c/4066184 for the corresponding Chrome change.

Bug: chromium:1006766
Change-Id: I94b2189c8b28aec8b17ec8fc1246e27c904e4ee9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062038
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Mikhail Khokhlov <khokhlov@google.com>
Cr-Commit-Position: refs/heads/main@{#84590}
2022-12-01 11:18:24 +00:00
Divy Srivastava
bc831f8ba3 [fastcall] Implement support for onebyte string arguments
This CL adds one byte string specialization support for fast API call arguments.
It introduces a kOneByteString variant to CTypeInfo.

We see a ~6x improvement in Deno's TextEncoder#encode microbenchmark.
Rendered results: https://divy-v8-patches.deno.dev/

Bug: chromium:1052746
Change-Id: I47c3a9e101cd18ddc6ad58f627db3a34231b60f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4036884
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84552}
2022-11-29 17:03:45 +00:00
Samuel Groß
8ca9f77d0f [sandbox] Sandboxify JSArrayBuffer::extension external pointer
Bug: chromium:1335043
Change-Id: Id8e6883fc652b144f6380ff09b1c18e777e041c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706626
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84544}
2022-11-29 15:46:23 +00:00
Qifan Pan
2301870e75 [turboshaft] Implement SignedMulOverflow64
This CL implements SignedMulOverflow64 to enable constant folding
of 64-bit SignedMul in machine optimization reducer.

Bug: chromium:1392928, v8:9407
Change-Id: I3a46198b2e2a0b59ca33f5a333fb8ea3d8f89340
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4055684
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84495}
2022-11-25 15:44:06 +00:00
Samuel Groß
06aaa9625f Remove support for unsandboxed ExternalPointers
Now that the external pointer sandboxing rollout has completed, the
machinery to support unsandboxed external pointers is no longer needed.

Bug: v8:10391
Change-Id: I5cec4b9bfca41a7db670b93d984f3cfc5a2adbfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4034166
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84360}
2022-11-18 14:29:54 +00:00
Dominik Inführ
a59ca18634 [builtins, heap] Implement shared barrier for JS write barrier
This CL invokes Heap::SetIsMarkingFlag for all client isolates to
force the RecordWrite builtin into the marking barrier code path. That
way the RecordWrite builtin can run the marking barrier for objects
in the shared heap even when incremental marking in the that
particular client isolate isn't enabled at the moment.

The marking barrier then splits code path for shared vs. local
objects. Without a shared heap or when running on the shared space
isolate we know without checking page headers that all objects are
local. For client isolates it will also check whether incremental
marking is enabled for that particular space.

Bug: v8:13267
Change-Id: Iaa98d25c4c855769f95ee0ddf5540fb0ada55574
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4020176
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84339}
2022-11-17 17:48:47 +00:00
Andrey Kosyakov
aa684004d0 DevTools: use a barrier to sync runIfWaitingForDebugger from multiple sessions
This introduces a barrier that ensures that
`V8InspectorClient::runIfWaitingForDebugger()` is only invoked once all
sessions that requested a paused have invoked runIfWaitingForDebugger.

Downstream change: https://chromium-review.googlesource.com/c/chromium/src/+/3977348

Bug: chromium:1352175
Change-Id: I9049c2de6da8e690ad4312cd6cb799619125bb62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3976353
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Andrey Kosyakov <caseq@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84191}
2022-11-10 20:23:01 +00:00
Yuki Shiino
dbc6e56580 api: Expose %MapIteratorPrototype% and %SetIteratorPrototype%
In order to allow Blink (and potentially other embedders) to
implement Web IDL maplike and setlike in a more spec-conformant
way, exposes %MapIteratorPrototype% and %SetIteratorPrototype%.

Bug: chromium:1354546
Change-Id: Ife97c4d99168779e56ce95fc774692a125bf6ea5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4005924
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84185}
2022-11-10 15:50:48 +00:00
V8 Autoroll
d7f28a4369 Version 11.0.0
Change-Id: I14a24e13142a46674c652b6bf804e87fe6a8c4f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4016898
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84167}
2022-11-10 10:04:59 +00:00
Benedikt Meurer
97924c16ff [inspector] Allow to break only on caught exceptions.
This introduces a new "caught" case for Debugger.setPauseOnExceptions,
which instructs the V8 Debugger to only break on exceptions that are
predicted as caught. Previously it wasn't possible to express this with
Chrome DevTools Protocol.

Bug: chromium:1324920, chromium:1346231
Change-Id: I507cfb6058148b2e238b8f66e9720ab68cb81575
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4013330
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84137}
2022-11-09 07:44:28 +00:00