Commit Graph

3445 Commits

Author SHA1 Message Date
Maya Lekova
84e078c6cf [fastcall] Support EnforceRange annotation
This CL implements checks in case EnforceRange is requested for a
given parameter by using TryTruncate* operators. It implements 2 such
truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
TryTruncateFloat64ToUint32.

Bug: chromium:1052746
Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81512}
2022-07-04 14:34:10 +00:00
Anton Bikineev
4f49b8a2ac cppgc: Fix undefined behaviour when decompressing
Shifting negative integrals is undefined behavior. The CL simply
switches to uint64_t when decompressing, which anyway results in
sign-extension (in standard terms, integral promotion must preserve the
value and the sign of the source operand).

The CL doesn't have any functional changes, the generated code is the
same. It only fixes the ubsan report.

Bug: chromium:1325007
Change-Id: I491a87b84d4e98b0225f76825dac2f9e85f168d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736442
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81452}
2022-06-29 20:08:47 +00:00
Anton Bikineev
2699e0c0e7 cppgc: Fix gcc build when pointer compression is enabled
GCC doesn't have __attribute__((require_constant_initialization)). Use
it only for clang.

Bug: chromium:1325007
Change-Id: Ide5d428ed107d3244072774c0031c042ed0cee31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735125
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81447}
2022-06-29 16:14:26 +00:00
Anton Bikineev
a1da14588a cppgc: shared-cage: Fix UaF when lsan is enabled
Before this CL, the caged heap was lazily initialized upon the first
call of HeapBase ctor. CagedHeap keeps a pointer to PageAllocator which
was provided from cppgc::Platform through the HeapBase ctor. This was
not generally safe: the platform is not enforced to be singleton. If it
happens to die first, then CagedHeap will have a stale pointer. The CL
fixes it simply by moving caged-heap initialization to
cppgc::InitializeProcess(), which already requires a constantly living
PageAllocator.

Bug: chromium:1338030
Change-Id: Ifb70a2db233ef36a99c919db09bed9ff9f3708ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732107
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81422}
2022-06-28 18:41:26 +00:00
Andreas Haas
5e55121e3a [wasm] Remove WasmModuleObjectBulderStreaming
The class is dead code, and has not been used for years. I tried to
deprecate the class first, but this caused build errors on GCC [1].
That's why this CL just deletes the class. Deleting the class is okay
because this class was part of the original implementation of streaming
compilation. There is only a single embedder who uses streaming
compilation, which is Chrome, and Chrome switched to the new API
already years ago. If there were other embedders that use this class,
then this embedder would already have no working implementation of
streaming compilation for years.

R=adamk@chromium.org

Bug: v8:12926
Change-Id: I3342167245822cf8ee52d9632cba236fb1b0646c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714236
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81421}
2022-06-28 18:17:37 +00:00
Seth Brenith
80575e2816 Allow embedder to provide source text during code cache deserialization
This change is only to get the API in place; the newly added functions
don't yet do anything.

Bug: v8:12808
Change-Id: Ic6a697d4f62c2b61761b2545dae6fcdf37653bbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3681880
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81418}
2022-06-28 16:18:20 +00:00
Samuel Groß
8ca93205cc [sandbox] Turn ExternalPointerTag into a template parameter
The ExternalPointerTags are assumed to be compile-time constants in most
cases, so turning them into template parameters enforces that. As
decisions such as whether to use the per-isolate or the shared external
pointer table are encoded into the tag values, forcing those to be
compile-time constants guarantees that the compiler will be able to
inline the correct logic when accessing an external pointer.

With this, there are now two (high-level) ways of accessing external pointer fields from C++: the Read/WriteExternalPointerField methods
which require the ExternalPointerTag to be a template parameter, and the
ExternalPointerSlot class which takes the tag as an argument. The latter
is for example used for snapshot deserialization and by the garbage
collector (more generally, by the ObjectVisitor::VisitExternalPointer
method), where the tag is not a compile-time constant.

Finally, this CL also introduces a new ExternalPointerHandle type which
represents the (opaque) on-heap representation of a reference to an
entry in an ExternalPointerTable when sandboxing is enabled. Making this
its own type makes the code a bit more readable.

Bug: v8:10391
Change-Id: I867b8ce41d15d485f1dc66786f233c710c56afcb
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720641
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81402}
2022-06-27 13:45:20 +00:00
Patrick Thier
ece27af693 [sandbox] Split ExternalPointerTag definitions for shared/non-shared
- Change definition to macro-style to be able to assert that masks/tags
  are correct.
- Split definition of shared/non-shared tags.
- Use bit 62 (for now) to indicate tags are shared.

Bug: v8:10391
Change-Id: Ia3ad6294cf5e6fd0c4dc2a328f976f295da762f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726009
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81400}
2022-06-27 13:05:00 +00:00
Anton Bikineev
28b5d29984 Move host/target detection macros to API
Since v8config.h already defines the related logic for OS detection, it
should be fine to move arch detection also there. The CL also makes
Oilpan use one of those macros to avoid discrepancy between the compiler
and custom macros (the discrepancy occurs for host tools, e.g. mksnapshot).

Bug: chromium:1336222
Change-Id: Ibe7d9116d27c3e816f4778fd4c149d8142d0f7a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726208
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81397}
2022-06-27 12:26:21 +00:00
Patrick Thier
8933f9fe8e [sandbox] Store waiter queue node of JS Atomic.Mutex in shared table
The waiter queue node of JS Atomics.Mutex is now stored in the shared
external pointer table.

Bug: v8:12547
Change-Id: I2f4ce1c705d5e710b49872942702f60edf6c4043
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721696
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81380}
2022-06-27 08:56:57 +00:00
Patrick Thier
6b4850484f [sandbox] Add shared external pointer table for strings
To be able to share external strings, we need to share the external
pointer table in sandbox builds.
To avoid branches at runtime all pointers for external strings are
stored in the shared external pointer table.

Bug: v8:12957
Change-Id: Iaa6be7839a2f5e50f80fd58c5b33fb9c6af61057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695263
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81324}
2022-06-23 11:30:39 +00:00
Samuel Groß
0d94a5144c [sandbox] Implement ReadExternalPointerField in v8-internal.h
Previously it was implemented in api.cc, therefore requiring an additional
function call when accessing external pointer fields from embedder code with
the sandbox enabled. Now ReadExternalPointerField can be inlined.

Bug: v8:10391
Change-Id: Ia8cb2df148ac96f979fd3e22989b0ff6177abcec
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714245
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81271}
2022-06-21 10:51:05 +00:00
Igor Sheludko
8487e66d75 [runtime] Inline Foreign fields into AccessorInfo
... to avoid additional indirection on every access.

Drive-by: given that AccessorInfo class now has a custom body visitor
it's no longer necessary to encode flags field as Smi.

Bug: v8:12949
Change-Id: I30eabee3cbc5ded2bf3f050dfe22208713a764bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701590
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81237}
2022-06-20 09:25:03 +00:00
Andreas Haas
ea0fa0c441 Revert "[wasm] Deprecate WasmModuleObjectBuilderSteraming"
This reverts commit be41754f9f.

Reason for revert: This change breaks the GCC component build (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug%20builder/1997/overview)

Original change's description:
> [wasm] Deprecate WasmModuleObjectBuilderSteraming
>
> This class is just dead code.
>
> Bug: v8:12926
> Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81169}

Bug: v8:12926
Change-Id: I8ef0dbd6ebaac0cbcc752338b7bfdf6049e6874c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707219
Owners-Override: Adam Klein <adamk@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81210}
2022-06-16 20:55:26 +00:00
Anton Bikineev
c6cec7c995 cppgc: young-gen: Avoid eager commits of the age-table
The CL fixes PMF regressions that happend after increasing
the AgeTable size.

Bug: chromium:1336529
Change-Id: If1f099b43bfcb3a8c7dd4a1c229fcb08735eb744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707098
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81180}
2022-06-15 12:14:52 +00:00
Samuel Groß
f789c6a020 [sandbox] Use correct define when testing for Android
It should be V8_TARGET_OS_ANDROID instead of V8_OS_ANDROID.

Bug: chromium:1218005
Change-Id: I4b92977c5d8b70ca5023e30a966508965ea9f0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706618
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81175}
2022-06-15 11:14:43 +00:00
Simon Zünd
21fe5e0fef Reland "[inspector] Allow Debugger.setScriptSource to edit top-most function"
This is a reland of commit dac6155649

This is a straight-up reland with no changes, because:
  1) The failure doesn't reproduce locally
  2) The failing flaky test that triggered the revert is not related
     to the code modified by this CL and should (in theory) not be
     impacted.

Original change's description:
> [inspector] Allow Debugger.setScriptSource to edit top-most function
>
> This CL adds a new boolean flag on the Debugger.setScriptSource CDP
> method that gets piped all the way through to the live-edit mechanism.
> The new flag enables live-editing of the top-most function while
> paused.
>
> The CL adds a couple of tests that cover the new core use cases for
> this flag.
>
> R=jarin@chromium.org
>
> Bug: chromium:1334484
> Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81127}

Bug: chromium:1334484
Change-Id: I9a9bf7e03d81c86adb4819b9756dd9afcf6fa021
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706398
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81171}
2022-06-15 07:48:30 +00:00
Andreas Haas
be41754f9f [wasm] Deprecate WasmModuleObjectBuilderSteraming
This class is just dead code.

Bug: v8:12926
Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81169}
2022-06-15 06:40:52 +00:00
Etienne Pierre-doray
1e0d18dc0b [task] Expose CreateJob in v8::Platform
CreateJob() is similar to PostJob() but doesn't schedule anything
until Join() or Notify*() is called.
This allows
- CreateJob().Join() without too many worker.
- Early 'empty' CreateJob() for initialization
  without causing spurious calls to GetMaxConcurrency()

Bug: chromium:1287665
Change-Id: I8fd8b139392ad30218f0cf8f580b2d76f1078777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668842
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81166}
2022-06-15 00:13:31 +00:00
Anton Bikineev
747930df30 cppgc: shared-cage: Fix M1 build.
This fixes an ODR violation: the macro V8_TARGET_ARCH_ARM64 was only
visible when building V8, but not outside it. The CL implements a quick
fix that relies on compiler-based macros (__aarch64__). The proper fix
would be to make these target macros be part of the public config.

Bug: chromium:1336222
Change-Id: I46ba6c1a3cd1ac4fcd3aced60ee112e6098eba6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705540
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81162}
2022-06-14 18:17:41 +00:00
Camillo
ed6be49813 [logging] Use short "JS:" prefix for function log events
"Function:" and "LazyCompile:" are confusing by now and use up too
much space.# Enter a description of the change.

This also changes the function names visible when using linux-perf

Change-Id: Ib2d4b7df39068c27b5b06db578fc550d2973ebb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693705
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81161}
2022-06-14 16:11:21 +00:00
Andreas Haas
7e0294dcfa [wasm][api] Introduce API to let the embedder resolve wasm promises
Asynchronous WebAssembly compilation returns the compilation result
through resolving a result promise. So far the result promise was
resolved through V8-internal APIs. This caused problems, because
resolving promises requires correct handling of microtasks, and
microtasks are controlled by the embedder, and not by V8.

This CL adds an API to allow the embedder to resolve the result
promise itself, and handle microtasks as necessary.

The use of the new API is available in a full CL, without API dance:
https://chromium-review.googlesource.com/c/v8/v8/+/3694975

R=cbruni@chromium.org

Bug: v8:12953
Change-Id: Ie9a56041f2d3e0c46664f1938e995f1e2c22f981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695584
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81141}
2022-06-14 11:41:22 +00:00
Tobias Tebbi
ec009ba29c Revert "[inspector] Allow Debugger.setScriptSource to edit top-most function"
This reverts commit dac6155649.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/9288/overview

Original change's description:
> [inspector] Allow Debugger.setScriptSource to edit top-most function
>
> This CL adds a new boolean flag on the Debugger.setScriptSource CDP
> method that gets piped all the way through to the live-edit mechanism.
> The new flag enables live-editing of the top-most function while
> paused.
>
> The CL adds a couple of tests that cover the new core use cases for
> this flag.
>
> R=​jarin@chromium.org
>
> Bug: chromium:1334484
> Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81127}

Bug: chromium:1334484
Change-Id: I165269d6c1b001b516f10ae3716ffb57b675ab39
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705378
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81130}
2022-06-14 10:07:31 +00:00
Simon Zünd
dac6155649 [inspector] Allow Debugger.setScriptSource to edit top-most function
This CL adds a new boolean flag on the Debugger.setScriptSource CDP
method that gets piped all the way through to the live-edit mechanism.
The new flag enables live-editing of the top-most function while
paused.

The CL adds a couple of tests that cover the new core use cases for
this flag.

R=jarin@chromium.org

Bug: chromium:1334484
Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81127}
2022-06-14 09:29:31 +00:00
Anton Bikineev
613c508ba3 cppgc: young-gen: Increase AgeTable size to 8MB
The CL aims to improve write-barrier filtering and thereby reduce the
current regressions. With 8MB AgeTable the card size becomes 512 bytes.
The memory overhead of the 8MB AgeTable is 0.2%.

Bug: chromium:1029379
Change-Id: I86f51361b9b9f0a1c22a1deef0b0540d1d9808bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700079
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81114}
2022-06-13 17:20:20 +00:00
Anton Bikineev
e786faaf10 cppgc: Reset age table only for pages containing young objects
We don't need to reset the entire age table, but merely the pages that
are known to contain young objects. This must improve memory use with
generational GC enabled.

The CL is a prerequisite for another CL that'll increase the size of
the age-table.

Bug: chromium:1029379
Change-Id: Ibb5b607af20380c3936b7396b3d9767f6f17c44b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695268
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81106}
2022-06-13 13:14:00 +00:00
Anton Bikineev
6f9df3e74e cppgc: young-gen: Support young generation with pointer compression
Currently, young generation assumes that all the on-heap pointers are
compressed, which is currently not the case due to the backing-store
pointers in Blink. Fixing collections to have Member<> is not easy,
because the inlined collections may have the semantics that
 backing_pointer_ == inlined_buffer_;
where the inlined_buffer_ can be off-heap (e.g. on stack).

The CL introduces another type of barrier specifically for uncompressed
pointers. The followup is to use that barrier from Blink.

Bug: chromium:1029379
Change-Id: If0f519220658268dbdf915235c2e5afd7887dc0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695358
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81105}
2022-06-13 12:42:30 +00:00
Clemens Backes
61a6fd84e1 [wasm] Rename "OnModuleCompiled" and related callbacks
Already after enabling Liftoff, the name did not match the semantics any
more. The callback was called after top-tier finished, not after initial
compilation of the module finished.
With dynamic tiering, the name is even less fitting.

This CL renames the "OnModuleCompiled" callback in the API to
"MoreFunctionsCanBeSerialized", which makes it more obvious what the
API should be used for. It also internally renames all related typedefs
and methods accordingly.

One call of the callback in the streaming decoder was already wrong
before this CL and is being removed.

R=jkummerow@chromium.org, cbruni@chromium.org

Bug: v8:12899
Change-Id: I95c0fc9e32442383e47e4370e31277cc065bf0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687689
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81093}
2022-06-13 08:13:00 +00:00
Clemens Backes
6723438813 [API] Deprecate LegacyOOMErrorCallback
Deprecate the LegacyOOMErrorCallback in the 10.5 branch. Embedders are
expected to switch to OOMErrorCallback.
The deprecated LegacyOOMErrorCallback will then be removed in the 10.6
branch.

R=mlippautz@chromium.org

Bug: chromium:1323177
Change-Id: I83001bec760848ef39f0638ed5c5c9eaa7cdb6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646014
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81092}
2022-06-13 07:58:36 +00:00
Igor Sheludko
7445a4fd2a [runtime] Inline Foreign fields into CallHandlerInfo
... to avoid additional indirection on every access.

Bug: v8:12949
Change-Id: I16840ac0517e86f1f70252153112ca3475527416
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693707
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81083}
2022-06-10 18:26:57 +00:00
Joyee Cheung
dd6d96c8cd [api] add v8::Module::GetStalledTopLevelAwaitMessage()
Adds Module::GetStalledTopLevelAwaitMessage() API which searches for
modules that have no pending async dependencies but have not yet
resolved. An embedder may call this API when they are about to exit
to check if TLA evaluation has stalled and provide a better error
message.

Change-Id: I3b88802f70cc84c973551f13d73ef3e3d06f4027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341765
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81080}
2022-06-10 16:46:57 +00:00
Anton Bikineev
04c1cbb8c9 cppgc: Support compaction only for uncompressed pointers
Compaction currently considers only backing store pointers as slots and
those are uncompressed. The CL fixes the tests to use raw pointers
instead of Members.

Bug: chromium:1325007
Change-Id: I2ddfffeeab396552bb7cf31b2bd8502ebc2921fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695590
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81056}
2022-06-10 07:55:37 +00:00
Camillo
6a0889817d [api] Make CanHaveInternalField inlineable
Drive-by-fix: Reduce one branch in the type compairison since
JS_OBJECT_TYPE and JS_FIRST_API_INSTANCE_TYPE are adjacent.

Bug: v8:11476
Change-Id: I621ef2df4da2858cb1652276f800ccedba4e3015
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695562
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81051}
2022-06-09 18:42:25 +00:00
Anton Bikineev
975c1085f7 cppgc: Optimize cage-base load
Add __attribute__((const)) so that the compiler may assume that the
variable doesn't change across calls (basically treat the variable as
const).

Bug: chromium:1325007
Change-Id: I1ecd9a6b7b142cbb9da20a44f568465e1ca45fe7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688400
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81043}
2022-06-09 15:46:44 +00:00
Michael Lippautz
4cf204da0a [api] Remove deprecated global handle APIs
Bug: v8:12819
Change-Id: I9150a8a8ffa38b0628eee0f399d403af6363c04d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695587
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81042}
2022-06-09 15:39:03 +00:00
Anton Bikineev
cda9a103de cppgc: Optimize compression by removing the branch and or-instruction
This is done by making sure that LSB of the cage-base is 1. This way we
know that on compression normal pointers after the shift will have the
MSB set to 1.

Bug: chromium:1325007
Change-Id: I8699aaa464f1a8c18d2092f5eb474266fb409fcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688399
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81039}
2022-06-09 15:04:34 +00:00
Anton Bikineev
8961f42fd4 cppgc: Fix caged-heap-local-data.h for the test-include script
This wraps CagedHeapLocalData in #if defined(CPPGC_CAGED_HEAP)

Bug: v8:12231
Change-Id: I462ddbbde2308e8d786fb99d6a557c1dcaea8a4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695586
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81038}
2022-06-09 14:45:53 +00:00
Anton Bikineev
5e17b84d57 cpgpc: pointer-compression: Use global variable for base pointer
Now that the cage is shared, we can remove the thread-local base and
instead use a simple global.

Bug: chromium:1325007
Change-Id: I05019de83868f823c66003740e277578f2a1d439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688051
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81037}
2022-06-09 13:41:23 +00:00
Simon Zünd
31850be1c2 [inspector] Introduce status result for Debugger.setScriptSource
This CL introduces a new `status` enum returned by setScriptSource.
We'll use the information in the DevTools frontend to show more
meaningful error messages as well as disambiguate compilation errors
from failed live edits.

Drive-by: Deprecate the sync and async stack traces in the result.
Currently `setScriptSource` is guaranteed to stay paused so there
is no need to send along the same information from the
preceeding `Debugger.paused` event.
In the future we will restart the top-most frame once we allow
the top-most frame to be edited. In that case the inspector
fires Debugger.resumed + Debugger.paused events following the
live edit also making the info returned here superfluous.

R=jarin@chromium.org

Bug: chromium:1334484
Change-Id: I4226491caed72013a00927273c523213d797a766
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691850
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81031}
2022-06-09 12:18:32 +00:00
V8 Autoroll
e9d54c53d1 Version 10.5.0.2
Change-Id: I2ab701b6d1da8c0284ff9cc7d9d912feaaed33e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695965
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81028}
2022-06-09 11:02:42 +00:00
Anton Bikineev
897c5618aa cppgc: shared-cage: Introduce shared cage for all heaps
The CL does the following:
1) Globalizes CagedHeap for all HeapBases;
2) Adds the global variable representing the cage base;
3) Changes all write-barriers to use this global variable for value/slot
   checks;
4) Removes no longer needed functionality introduced in previous CLs.

Bug: v8:12231
Change-Id: I281a7b0bf67e349c988486fc2d43ec6d703fd292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688050
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81027}
2022-06-09 10:42:32 +00:00
Michael Lippautz
50683aa68d [api] Deprecate PersistentValueVector
Users can just use std::vector<Global<T>>.

Bug: v8:12915
Change-Id: I59fc8458e336df0dfaa3524f1197d4423482530e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695578
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81023}
2022-06-09 08:44:13 +00:00
Anton Bikineev
cd21627b16 cppgc: Fix caged-heap.h for the test-include script
This wraps CagedHeap in #if defined(CPPGC_CAGED_HEAP)

Bug: v8:12231
Change-Id: I8407abdd88c6a96b6c79c08e7039b5eb6f8175f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695384
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81010}
2022-06-08 18:22:47 +00:00
Anton Bikineev
62159ea316 cppgc: shared-cage: Remove heap-specific metadata from cage-header
The CL is a prerequisite for the shared cage. Instead of storing
state variables (is_incremental_marking_in_progress,
is_young_generation_enabled) in the cage metadata, the CL moves them to
HeapHandle. The HeapHandle pointer is now retrieved from page-headers.

To make sure that the write-barrier code is better optimized, the
HeapHandle definition is moved to internal/ headers. The part of
BasePage that contains HeapBase (i.e. HeapHandle) pointer is also
extracted and moved to the headers.

Bug: v8:12231
Change-Id: I44bf65d99a621d9548e4250386cf87476ca186ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689730
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81005}
2022-06-08 16:13:53 +00:00
Leszek Swirski
c51a81e705 [api] Deprecate CopyablePersistentTraits
Anyone using CopyablePersistentTraits should be using v8::Global, so
deprecate it and fix the uses in V8.

Bug: v8:12915
Change-Id: I25e6f2a03e070db9e9af9bbd9ea8cbc0f838c5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669254
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81001}
2022-06-08 14:15:12 +00:00
Dominik Inführ
e50d19cb11 [heap] Remove write barrier builtin for incremental marking
https://crrev.com/c/3471854 already disabled the RecordWrite builtin
specifically for incremental marking. Since this didn't regress performance as expected, we can now remove those versions of the
builtin.

This will simplify the barrier implementation a bit, but is also
required for the shared heap write barrier. Unlike the generational barrier, the shared heap barrier can't be elided for map values.

Bug: v8:11708
Change-Id: I44bc6ee79006a5be8c1b593dee7fc30c3b9cfa85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683341
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80966}
2022-06-07 07:57:05 +00:00
Anton Bikineev
d8da11ae05 cppgc: shared-cage: Use dedicated reservations for normal/large pages
The CL splits the Oilpan giga-cage in two 2GB reservations: one for
normal pages and the other for large ones. The split enables fast
page-header lookup (assuming most objects reside on normal pages), which
is needed for:
1) the young generation project, where the remembered set will move to
   pages;
2) the shared-cage project, to find HeapBase* from page-headers.

Bug: v8:12231, chromium:1029379
Change-Id: I4ae9e8a75a307ed0dff9a2ec4f1247b80e17ebd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688519
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80950}
2022-06-05 14:32:01 +00:00
Shu-yu Guo
7ff1857560 Reland "[shared-struct] Add Atomics.Mutex"
This is a reland of commit ea9a1f1cbe

Changes since revert:
- Make the state field uintptr-aligned since arm64 faults on
  atomic accesses to non-naturally aligned addresses.

Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}

Bug: v8:12547
Change-Id: I776cbf6ea860dcc6cb0ac51694a9b584b53d255c
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673354
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80875}
2022-06-01 01:12:07 +00:00
Clemens Backes
ca7e0c669b [wasm] Remove sampling on top tier finished
Remove code size and compilation time sampling for the "top tier
finished" event. With dynamic tiering, this event will never be reached.

R=ahaas@chromium.org

Bug: v8:12899
Change-Id: I1b0d053e31fe8cd1f8ba3b23bfff4c5879569b45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647691
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80867}
2022-05-31 16:20:58 +00:00
Clemens Backes
d5d3ecaeea [API] Avoid macro list for defining API methods
The macro list makes it difficult to impossible to deprecate individual
methods (like the one receiving a {WasmModuleTieredUp} struct).
Hence avoid the macro list and instead call the macro explicitly for
each definition.

R=cbruni@chromium.org

Bug: v8:12899
Change-Id: I4139de7721c4a1450920c5be312e91e7478e6fa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667076
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80865}
2022-05-31 16:12:37 +00:00
Clark DuVall
5cabf1b800 Allow BackgroundStreamingCompileTask to eager compile scripts
Bug: chromium:1328448
Change-Id: If0c3d02070071b5bb25df5bca51cf8c4cfc424d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673420
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Clark DuVall <cduvall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80827}
2022-05-30 16:59:57 +00:00
Shu-yu Guo
60e02cfb0c Revert "[shared-struct] Add Atomics.Mutex"
This reverts commit ea9a1f1cbe.

Reason for revert: arm64 pointer alignment issue
https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8812962856609920785/+/u/Check/mutex-workers

Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}

Bug: v8:12547
Change-Id: I226e16b743dc4b157fac33a9cbabab4d72cf290b
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673353
Owners-Override: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80790}
2022-05-28 01:31:54 +00:00
Shu-yu Guo
ea9a1f1cbe [shared-struct] Add Atomics.Mutex
This CL adds a moving GC-safe, JS-exposed mutex behind the
--harmony-struct flag. It uses a ParkingLot-inspired algorithm and
each mutex manages its own waiter queue.

For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing

Bug: v8:12547
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80789}
2022-05-28 01:04:34 +00:00
Igor Sheludko
c90cdd167f [api] Add more comments about interceptor callbacks
When a callback does not intercept the request
1) it should not call info.GetReturnValue().Set(),
2) it must not produce side effects.

Bug: v8:12873, chromium:1310062
Change-Id: If02994f24f1a68eb96c1af7cdd6dd7109f0617c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652786
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80742}
2022-05-25 11:38:44 +00:00
Stephen Roettger
4d6ddf1b5f Remove deprecated AccessorSignatures
Bug: chromium:1310790
Change-Id: I739161f47fc1fc32d832f106d5ef6b7df4aed213
Fixed: chromium:1310790
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3654096
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#80639}
2022-05-19 14:15:54 +00:00
Samuel Groß
d812c9a977 [sandbox] Shrink sandbox on Android to 128GB
The majority of 64-bit Android devices appear to be using a 40-bit
address space, i.e. 512GB for userspace. Allocating a 256GB sandbox
(plus 2x 32GB guard regions) may take too much of the address space and
cause the creation of other address space reservations (e.g. the cppgc
caged heap), which are created per worker, to fail later on.

In general, we should try to limit the sandbox size to less than 1/4 of
the address space, so this CL shinks the sandbox on Android to 128GB.

Bug: chromium:1327131
Change-Id: Ib48b45506ad6a7a5e15b95115c7642bf62a68fa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652783
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80636}
2022-05-19 11:35:23 +00:00
Clemens Backes
6a977bd1fd [wasm] Deprecate "dynamic tiering enabled" callback
Dynamic tiering is now enabled by default, and the origin trial is
expired, so the callback can be removed.
The callback was already never called, because the flag value is always
checked first.

R=ahaas@chromium.org, mlippautz@chromium.org

Bug: v8:12281
Change-Id: I58eaa210c86024128328a13ba07bb8fc1b437841
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644951
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80633}
2022-05-19 09:59:43 +00:00
Clemens Backes
7eacc4d552 [API] Enforce that ShouldYield == true is respected
There is a DCHECK in the gin platform that {ShouldYield} is not called
again after it already returned {true}.
This CL adds a similar DCHECK to the default platform to catch bugs
earlier (in d8).

R=ahaas@chromium.org, mlippautz@chromium.org

Bug: chromium:1277962
Change-Id: I4dc9d880cf6d36e3e497c5324aaf44889fe7fcee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644801
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80611}
2022-05-18 10:33:28 +00:00
Anton Bikineev
5c416ad2c3 cppgc: Avoid compression/decompression in Member operators/ctors
1) In copy/move ctors and operator=() we can just copy raw compressed
   value;
2) For null check we don't need to decompress the value;
3) Same for operator==().
4) Hashing can also be optimized in a followup.

Bug: chromium:1325007
Change-Id: Ic1bf2c5049802c078b3e0121dcbe62d9ecea83b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647359
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80571}
2022-05-16 22:17:47 +00:00
Clemens Backes
b33179ae4d [API] Pass OOMDetails to OOMErrorCallback
This adds a new struct "OOMDetails" which is passed to the
OOMErrorCallback. It currently holds the "is_heap_oom" bool that was
also passed before, plus an optional "detail" string.
The struct can later be extended without having to change the signature
of the OOMErrorCallback. Removing fields will have to follow the
standard deprecation rules, but this is also easily possible without the
hassle for this initial change.

We modify the deprecated OOMErrorCallback definition and un-deprecate it,
which can be seen as removing a deprecated API and adding a new one in
one CL.

R=mlippautz@chromium.org, jkummerow@chromium.org

Bug: chromium:1323177
Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80565}
2022-05-16 16:43:07 +00:00
Samuel Groß
b15aa56c82 [sandbox] Clean up sandbox API
This CL removes some deprecated sandbox APIs and introduces new ones, in
particular IsSandboxInitialized and GetSandboxReservationSizeInBytes. In
additon, this CL also adds comments to the various public methods of the
Sandbox class.

Bug: v8:10391
Change-Id: If5c3081a0b9f7f192966150a0d2716099357363a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647362
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80544}
2022-05-16 09:50:36 +00:00
Michael Lippautz
008c488889 [api] Advance deprecations around global handles
Forward deprecations of methods that are not supported anymore.

Bug: v8:12819
Change-Id: I304ff159fa7e3936b5b12a5e43bb2a580576dd4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644792
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80535}
2022-05-15 19:45:15 +00:00
Simon Zünd
9ca7491b35 Reland "[inspector] Re-enable Debugger#restartFrame"
This is a reland of commit 8278cb5015

The reland adds the RestartFrameTrampoline to the list of
builtins that the deoptimizer is allowed to return from for
control flow integrity.

Original change's description:
> [inspector] Re-enable Debugger#restartFrame
>
> Doc: https://bit.ly/revive-restart-frame
>
> This CL "undeprecates" Debugger#restartFrame and adds a new optional
> "mode" parameter for back-wards compatibility. Moreover, the return
> values are all deprecated. They were never actually used in the
> DevTools frontend and the same information is available from the
> Debugger#paused event that fires once execution stops at the
> beginning of the restarted function.
>
> The CL also re-baselines all the restart-frame inspector tests that
> now run successfully.
>
> R=bmeurer@chromium.org, kimanh@chromium.org
>
> Bug: chromium:1303521
> Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80491}

Bug: chromium:1303521
Change-Id: I13e2f8b5011795a38e541310622b8333a3d08049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644624
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80534}
2022-05-14 09:32:14 +00:00
Samuel Groß
6f5f5662cc [sandbox] Turn V8_SANDBOX into V8_ENABLE_SANDBOX
This is more consistent with similar features, for example
V8_ENABLE_WEBASSEMBLY or V8_ENABLE_MAGLEV.

Drive-by: remove V8_SANDBOX_IS_AVAILABLE as it's no longer needed.

Bug: v8:10391
Change-Id: I8658c5b0c331a4c73892737083b2c2f9b8f84056
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647355
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80530}
2022-05-13 16:23:23 +00:00
Anton Bikineev
2c40f3af4f cppgc: Speed up pointer decompression
With this CL, the decompression simply becomes:
       movsxd  rax, edi
       add     rax, rax
       and     rax, qword ptr fs:[base@TPOFF]

Bug: chromium:1325007

Change-Id: I931e4e667a9b9697671bccf14575420f8cb705e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629871
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80521}
2022-05-13 12:38:43 +00:00
Anton Bikineev
19b6e5f468 cppgc: Introduce pointer compression based on thread-local base
With caged heap enabled, we can halve Member<> by storing only the least
significant half. The base of the heap is stored in a thread local
variable. The feature has therefore an implication that only single heap
is allowed per thread.

The feature is gated by the new GN arg:
  cppgc_enable_pointer_compression.

Bug: chromium:1325007

Change-Id: Ic7f1ecb7b9ded57caad63d95bbc8e8ad6ad65031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739979
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80518}
2022-05-13 11:15:43 +00:00
Francis McCabe
c31105569f Revert "[inspector] Re-enable Debugger#restartFrame"
This reverts commit 8278cb5015.

Reason for revert: breaking https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/10778/overview

Original change's description:
> [inspector] Re-enable Debugger#restartFrame
>
> Doc: https://bit.ly/revive-restart-frame
>
> This CL "undeprecates" Debugger#restartFrame and adds a new optional
> "mode" parameter for back-wards compatibility. Moreover, the return
> values are all deprecated. They were never actually used in the
> DevTools frontend and the same information is available from the
> Debugger#paused event that fires once execution stops at the
> beginning of the restarted function.
>
> The CL also re-baselines all the restart-frame inspector tests that
> now run successfully.
>
> R=​bmeurer@chromium.org, kimanh@chromium.org
>
> Bug: chromium:1303521
> Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80491}

Bug: chromium:1303521
Change-Id: Ibc33328c31a4b6ea736d07ce5e5ee109039eec8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645767
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80495}
2022-05-12 16:38:03 +00:00
Simon Zünd
8278cb5015 [inspector] Re-enable Debugger#restartFrame
Doc: https://bit.ly/revive-restart-frame

This CL "undeprecates" Debugger#restartFrame and adds a new optional
"mode" parameter for back-wards compatibility. Moreover, the return
values are all deprecated. They were never actually used in the
DevTools frontend and the same information is available from the
Debugger#paused event that fires once execution stops at the
beginning of the restarted function.

The CL also re-baselines all the restart-frame inspector tests that
now run successfully.

R=bmeurer@chromium.org, kimanh@chromium.org

Bug: chromium:1303521
Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80491}
2022-05-12 14:24:58 +00:00
V8 Autoroll
2422673526 Version 10.4.0.1
Change-Id: If91de8dd11bdd2207bf88cad376c626964bfd162
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644848
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80488}
2022-05-12 13:22:25 +00:00
Michael Lippautz
09f39ae00d Inspector protocol: Add optional parameter to expose internals
Deprecate the existing parameter to treat global objects as roots as
this is implied by exposing internals.

Bug: chromium:1321620
Change-Id: I73a8124d63f87599dee7080980844c418eb3b5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637797
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80456}
2022-05-10 16:43:25 +00:00
Clemens Backes
e57f4bb3fc [API] Deprecate OOMErrorCallback
Deprecate the OOMErrorCallback such that we can add a new parameter for
OOM details.

R=mlippautz@chromium.org

Bug: chromium:1323177
Change-Id: I72c931ad0d1b75cda46e8815387098acbe091c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632106
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80453}
2022-05-10 15:36:15 +00:00
henrika
fee2336535 [api] Adds script column number to code-creation events in CodeEventLogger
Bug: v8:11043
Change-Id: I8cbdd8a5f68bdadbe7fc44414c6d46cdd57e6802
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3627512
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Henrik Andreasson <henrika@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80429}
2022-05-09 14:29:24 +00:00
Clemens Backes
44c7484742 [API] Add LegacyOOMErrorCallback
This adds a typedef for LegacyOOMErrorCallback, which is identical to
OOMErrorCallback. Embedders will need to switch to
LegacyOOMErrorCallback so that we can change the definition of
OOMErrorCallback (see https://crbug.com/1323177).

R=mlippautz@chromium.org

Bug: chromium:1323177
Change-Id: I92312a577ca49e0174f2bb6b914cc11c3a0b0fc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632305
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80424}
2022-05-09 12:32:51 +00:00
Anton Bikineev
070b5f309f cppgc: young-gen: Return range size for AgeTable to 4KB
Allocation granularity (8 bytes on 64bit platforms) is already subsumed
by whatever range size we choose.

Bug: chromium:1029379
Change-Id: Iab95e6f36955c9ffbbe9ea0c98cb9d1f8dd0337b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629869
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80415}
2022-05-09 08:42:44 +00:00
Michael Lippautz
08348dba4e [api] Rework heap snapshot exposing internals
- Repurpose flag `treat_global_objects_as_roots` when taking a heap
  snapshot for toggling whether internals should be exposed (to
  `hide_internals`).
- Use the toggle in creating heap snapshots for exposing class names
  as object names for C++ objects that have not explicitly been given a
  name.

Change-Id: I77d71babfdfe53269964fe81ed985037a431c28b
Bug: chromium:1321620
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623740
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80391}
2022-05-06 08:10:40 +00:00
Michael Lippautz
e9244f379c cppgc: Fix official build
Bug: chromium:1322318
Change-Id: Id3899a493eb1519e2f7498dcad1e607cc2b6a5db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3627509
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80353}
2022-05-04 08:34:38 +00:00
Danil Somsikov
c42e620355 Distinguish untrusted clients in v8 inspector and disable Profiler, HeapProfiler and Schema CDP domains for them.
Bug: chromium:1313437
Change-Id: I7544c64acb4bc368392ba5f6a87ed62176828304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616517
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Danil Somsikov <dsv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80340}
2022-05-03 12:38:17 +00:00
Michael Lippautz
b0fbe1aff3 cppgc: Allow overriding heap object name at runtime
Before this CL, the heap object name of unnamed objects(those not
inheriting from NameProvider) would be solely determined by whether the
build-time configuration cppgc_enable_object_names is enabled.

This patch adds a way to override that value at runtime. This is
useful for preserving default behavior with custom builds but at the
same time allow them to still enable the feature.

Bug: chromium:1321620
Change-Id: I3aa06db15e58d9ba9773be6797572f17f007e9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620279
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80338}
2022-05-03 12:19:57 +00:00
Camillo Bruni
46224e75f3 [api] Advance API deprecation for V8 version v10.2
Previously marked V8_DEPRECATED_SOON that are now V8_DEPRECATED:

File                                    Version  Date        Commit
include/v8-initialization.h:208            v9.9  2021-12-15  277fdd1d
include/v8-initialization.h:226            v9.9  2021-12-15  277fdd1d
include/v8-initialization.h:236            v9.9  2021-12-15  277fdd1d
include/v8-initialization.h:250            v9.9  2021-12-15  277fdd1d
include/v8-locker.h:130                   v10.0  2022-01-20  116ca00f
include/v8-message.h:90                    v9.8  2021-11-09  2b3df06b


Previously marked V8_DEPRECATED that are now removed:

File                                    Version  Date        Commit
include/v8-fast-api-calls.h:886            v9.8  2021-11-11  b295d0b0
include/v8-fast-api-calls.h:893            v9.8  2021-11-11  b295d0b0
include/v8-fast-api-calls.h:902            v9.8  2021-11-11  b295d0b0
include/v8-initialization.h:186           v10.0  2022-01-26  36707481
include/v8-isolate.h:639                  v10.0  2022-01-26  36707481
include/v8-locker.h:132                    v9.8  2021-11-11  b295d0b0
include/v8-object.h:597                    v9.9  2022-01-18  0a61fa51
include/v8-object.h:609                    v9.8  2021-11-11  b295d0b0
include/v8-script.h:50                    v10.0  2022-01-26  36707481
include/v8-script.h:653                   v10.0  2022-01-18  9cf4f131


Output generated by ./tools/release/list_deprecated.py

Bug: v8:11165, chromium:1166077
Change-Id: Ie0d435f7a10f362ed714bdc30ad899ee9c485cb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571804
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80337}
2022-05-03 12:16:28 +00:00
jameslahm
f2ff0d5065 [api] Fix MaybeLocal::ToLocal documentation when it's empty
This CL changes MaybeLocal::ToLocal documentation to assign |out|
with nullptr when the MaybeLocal is empty to be consistent with
the behavior.

Bug: v8:12845
Change-Id: I8145d6604c51b79f137b686b3e9b4f328534e0a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616432
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80329}
2022-05-03 10:03:24 +00:00
Camillo Bruni
35fc0c17c9 [snapshot][api] Expose the snapshot checksum as crash key
Due to the consistent overhead of snapshot checksum verification
we ideally want to avoid it all-together. However there are still enough
devices out there that suffer from corrupted snapshots that might
cause hard to debug heap corruptions.

This CL exposes the calculated (dummy value for now) and the expected
snapshot checksum as a crash key, so it can be easily consulted during
investigation.

Note: The calculated crash key contains 0x0 for now as a dummy value. We
will come up with a strategy later-on to limit the overhead of
calculating the checksum.

Bug: v8:12195
Change-Id: I6da6d74c035cb6f9b0edae212a36e6c41c048a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605813
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80325}
2022-05-03 08:30:07 +00:00
Rob Paveza
5e1f856d18 Add support for source hashing in stack traces.
This change adds support for computing SHA-256 hashes in the stack
output of errors by adding a function to the prototype of the
`CallSite` object, passed to `Error.prepareStackTrace`. Additionally,
it updates the `hash` property from `Debugger.scriptParsed` and
`Debugger.scriptFailedToParse` to be SHA-256 instead of the
proprietary hash it is today.

It is intended to be an advancement in indexing source maps to
support improved tooling, especially for post-hoc or in-production
diagnostics scenarios.

The explainer can be found here:
https://docs.google.com/document/d/13hNeeLC2Ve_FVieNndZUUUP15x2O4ltvjnGWwOsMlrU/edit?usp=sharing

Change-Id: Ifbbed4b22c8256e74e6d79974d2dd1e444143eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229957
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Robert Paveza <Rob.Paveza@microsoft.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80320}
2022-05-03 00:57:46 +00:00
Anton Bikineev
5c92b06ead cppgc: young-gen: Fix compilation and tests with cppgc_enable_young_gen
The CL prepares the sources and the tests for enabling
cppgc_enable_young_generation by default. The static initializer
in YoungGenerationEnabler (due to v8::base::Mutex) changed to be lazy.
The tests are now checking the runtime flag.

Bug: chromium:1029379
Change-Id: I1497a3dd2b8d62c1acd48496821f07324b7944d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616726
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80304}
2022-05-02 13:34:04 +00:00
Maksim Sadym
c674a1f608 Follow-up after https://crrev.com/c/3472077
1. Use `StringBuffer` instead of `StringView` in `WebDriverValue`.
2. Add some `DCHECK`s.
3. Reserve vector size.
4. Respect properties with `undefined` values.
5. Minor clean-ups.

Change-Id: Ic109acb1e3adf2d950767173c17a9203e3c816dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596173
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Maksim Sadym <sadym@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80296}
2022-05-02 09:54:03 +00:00
Anton Bikineev
2655d3d18d api: Allow v8::Maybe<MovableType>.
Change-Id: I29bcdf3302f37568e8c8925e70a01ba342c17925
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606229
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80288}
2022-04-30 21:47:24 +00:00
Anton Bikineev
c7dfa3fac8 cppgc: young-gen: Add runtime option for young generation
The CL introduces a new option --cppgc-young-generation. This option
can't be enabled statically, because V8 options are parsed after heap
initialization. The CL changes minor GC so that it can be enabled
dynamically. The way it works is as follows:
- the user calls YoungGenerationEnabler::Enable();
- a heap checks in the next atomic pause whether the flag was enabled;
- if so, the heap enables young generation for itself.

To avoid barrier regressions without young-generation enabled, the CL changes the meaning of the global flag is-any-incremental-or-concurrent-marking to is-barrier-enabled.

The runtime option would enable us to test young generation on try-
and performance-bots.

Bug: chromium:1029379
Change-Id: I664cccdcd208225ffcbf9901f1284b56d088c5c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607993
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80274}
2022-04-29 08:39:08 +00:00
Camillo Bruni
759e841a05 [api] Rename isolate variables
* Prefix all isolate variables with i_ for i::Isolate and
  v8_ for v8::Isolate
* Change _DO_NOT_USE macro suffix to _INTERNAL

Change-Id: I005efbe0192cf202741448c63a4263e6a4b1fa1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80252}
2022-04-28 12:51:08 +00:00
Samuel Groß
18159ba610 [base] Abort on unexpected failures in OS::SetPermissions
It is expected that changing page permissions can fail due to the system
running out of memory. However, any other failure is unexpected and
likely indicates a bug in the caller, such as changing the permissions
of an invalid memory region. To allow distinguishing between these
unexpected failures and expected OOM failures, this CL adds CHECKs into
the low-level memory management routines to abort when an unexpected
failure occurs.

Similar logic could later be added to other low-level memory management
routines that can legitimately fail due to OOM as well.

Bug: chromium:1320126
Change-Id: I3de6f4b2aed8962c91770b81382df34384584501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610445
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80245}
2022-04-28 08:12:20 +00:00
Anton Bikineev
d69ac35e4b cppgc: young-gen: Simplify generational barrier
If the following conditions hold:
1) value is kSentinel,
2) slot is on stack,
3) stack is allocated below 4GB,
then the generational barrier would be erroneously triggered for the
stack object object. This CL fixes it. At the same time, it aims to
simplify the code and potentially optimizes it (by having 'and' instead
of 'sub').

Bug: chromium:1029379
Change-Id: Iafd91d50b0a1c3d97647f7bf3643dfcc7e9fb48f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608629
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80202}
2022-04-27 08:25:44 +00:00
Igor Sheludko
3e2d5bfafa [rwx][mac] Extend PageAllocator API with RecommitPages()
It's necessary to support fast W^X permission switching on MacOS on
ARM64 ("Apple M1"/Apple Silicon) where permission modification of RWX
pages to anything else is prohibited.

On all the other architectures/platforms RecommitPages() is equivalent
to SetPermissions().

The new API will be used in a follow-up CLs.

Bug: v8:12797
Change-Id: Id0d8b8c42c81b80cd8fa6b47c227680d7d1f9b10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606231
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80190}
2022-04-26 16:17:43 +00:00
Anton Bikineev
7ae52c1521 cppgc: young-gen: Take into account ages of adjacent cards
When setting a range for a newly allocated lab, consider adjacent cards.
If either is young, don't mark it as kMixed.

Bug: chromium:1029379
Change-Id: If7d1d920dd5769679de68800eae61f3a8dc1eb17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584116
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80175}
2022-04-26 10:36:12 +00:00
Seth Brenith
ee72b7a11f Categorize object shape info in heap snapshots
One of the biggest categories in heap snapshots is named “(system)”,
which gives developers no indication of why all that memory is used or
what they might do to reduce it. In this change, I propose that we
create a new category for Maps, DescriptorArrays, and related objects,
and call this new category “(object shape)” in the devtools. I think
that this category name would be more meaningful, while still grouping
those objects together so that they mostly stay out of the way.

Bug: v8:12769
Doc: https://docs.google.com/document/d/1a-6V_2LIJuRcsppwh6E18g8OSnC9j6gN4ao2gq--BiU
Change-Id: I282a7b87c34ca6ed371ff32f3c7332d794ae42ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3587974
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80123}
2022-04-22 16:19:26 +00:00
Michael Lippautz
015632a0a8 [handles] Simplify global handle state machine
Remove PENDING state as handles were always immediately transitioned
into FREE or NEAR_DEATH state.

Bug: v8:12672
Change-Id: I9a9d40b573e862282d41d7a4a3f9c8c8ed21b9e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599473
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80119}
2022-04-22 15:14:46 +00:00
Michael Lippautz
91badec697 [api] Deprecate unused GlobalHandles APIs that peek into internals
When moving forward and optimizing internals, these APIs cannot be
trusted anymore as their semantics are tangled to the current
implementation.

Bug: v8:12819
Change-Id: I0e3370724307a420ee42fed8070b55542be9400d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599475
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80082}
2022-04-21 12:55:15 +00:00
Michael Lippautz
2ae2aa92b1 [api] Remove APIs for resurrecting finalizers
Removes support for specifying weak handles with finalizers that allow
for object resurrection.

This CL removes the public facing APIs. Internal support will be
removed in a follow up.

Bug: v8:12672
Change-Id: Ia6ea269093aaa128caadb7508aca2e5a1254923c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596174
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80070}
2022-04-21 07:05:25 +00:00
Simon Zünd
ec41a70e38 [inspector] Add 'canBeRestarted' flag to CallFrames when debugger pauses
Doc: https://bit.ly/revive-restart-frame
Context: https://crrev.com/c/3582395 (whole feature)

This CL adds a new optional flag `canBeRestarted` to every call frame
in Debugger.paused events. As the name suggests, the flag indicates
whether we can restart a particular frame through Debugger.restartFrame
once implemented.

We are not able to safely restart all frames:
  * We don't support WASM frames
  * We don't support frames where resumable functions (async fns,
    generators) and embedder C++ frames are between the top-most
    frame and the to-be-restarted frame.

Note that from a CDP perspective the flag doesn't actually guarantee
a successful restart. CDP clients can issue
CDP commands between the Debugger.paused event and before a user
decides to restart a frame, which can potentially mess
with the stack.

The `canBeRestarted` flag tests are folded into the
Debugger.restartFrame tests. As the feature is not yet fully
implemented we short-circuit most of the tests for now and only
run them up until the first Debugger.restartFrame call fails
(except "fails-for-resumables.js").
This means the tests exercise the `canBeRestarted` flag, but not
the restarting functionality itself.

R=bmeurer@chromium.org, kimanh@chromium.org

Bug: chromium:1303521
Change-Id: I01ab46dc3557ab8383960969fbe03e00604cc5e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596160
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80046}
2022-04-20 12:40:34 +00:00
V8 Autoroll
01af3a6529 Version 10.3.0.1
Change-Id: Idb40d6a544cebbdd127eb3c8d71f11adf6ac6a97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3586227
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79986}
2022-04-14 10:28:26 +00:00
Anton Bikineev
0d57754cbf cppgc: young-gen: Pack AgeTable knowing allocation granularity
This reduces card granularity from 4096 to 512 bytes with the goal to
improve write barrier filtering.

Bug: chromium:1029379
Change-Id: I22e2a9c61ef4c36c3db65404370213d0a8048e08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582393
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79960}
2022-04-13 14:58:17 +00:00
Maksim Sadym
a913a75b8c Add WebDriverBiDi serialization to CDP
1. Added `generateWebDriverValue` flag to `Runtime.evaluate` and `Runtime.callFunctionOn`.
2. Added `webDriverValue` field to `RemoteObject`, and set it in case of the `generateWebDriverValue` flag was set.
3. Added virtual method `bidiSerialize` to allow embedder-implemented serialization (like in https://crrev.com/c/3472491).
4. Implemented V8 serialization in a separate class `V8WebDriverSerializer`.
5. Hardcode `max_depth=1`.
6. Added tests.

Not implemented yet:
1. `objectId`.
2. Test of embedder-implemented serialization.

Tested automatically by:
```
python3 tools/run-tests.py --outdir out/foo inspector/runtime/add-web-driver-value
```

Naming to be discussed. Suggestions are very welcome.

Design doc: http://go/bidi-serialization

Change-Id: Ib35ed8ff58e40b3304423cc2139050136d844e2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472077
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maksim Sadym <sadym@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79922}
2022-04-11 15:51:54 +00:00
Michael Lippautz
cce601bae6 [heap] Split off changes for concurrently processing TracedReference
Trivial changes from https://crrev.com/c/3571887.

Bug: v8:12600
Change-Id: I0a6f36d32f72a6c3817a4390645ccf5a690c5580
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579161
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79885}
2022-04-08 13:08:05 +00:00
Corentin Pescheloche
ca51ae3ac8 [api][profiler] Get StartProfiling, StopProfiling to accept integer ID rather than string
This CL adds support for interacting with CpuProfile with their integer
id.
A String ID is problematic because it forces an allocation when stopping
or cancelling a Profiler which can happen during a GC when this
is not allowed.

Change-Id: I9a8e754bd67214be0bbc5ca051bcadf52bf71a68
Bug: chromium:1297283
Co-Authored-By: Nicolas Dubus <nicodubus@fb.com>
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522896
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Commit-Queue: Corentin Pescheloche <cpescheloche@fb.com>
Cr-Commit-Position: refs/heads/main@{#79835}
2022-04-06 19:29:14 +00:00
Kevin Babbitt
9238afb0c0 Allow embedder to set global OOM handler
Embedders can currently specify a callback for OOM errors during
Isolate initialization. However, there are cases where an OOM error can
be thrown in a context where we don't have access to an Isolate, for
example on a task posted to a worker thread. This CL introduces an
initialization API to allow the embedder to specify a process-wide OOM
callback.

Bug: chromium:614440
Change-Id: I326753d80767679f677e85104d9edeef92e19086
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3561916
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79832}
2022-04-06 17:27:33 +00:00
Leszek Swirski
0ff8205261 [test] Add a unittest platform setup mixin
Change the unittest runner to no longer uncondtionally set up a default
platform in the "environment", but to instead make platform set-up part
of the "mixin" framework for test fixtures.

Requires modifying some tests that expect the platform to be available,
and all flag implications resolved, before the mixin constructors run.

We still keep the environment for setting up the process for cppgc. This
process setup can only be done once per process, so it can no longer use
the platform -- that's ok though, the page allocator used by cppgc's
process initialisation doesn't have to be the same as the platform's so
we can just pass in a separate new one.

Change-Id: Ic8ccf39722e8212962c5bba87350c4b304388a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571886
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79820}
2022-04-06 13:07:43 +00:00
Clemens Backes
6806378ce4 [cppgc] Remove custom void_t, use std
Remove the pre-C++17 implementation of void_t, just use std::void_t now.

R=omerkatz@chromium.org

Bug: v8:12425
Change-Id: Iabf72f1540ddb4db666e5a74f169f73546241c1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571888
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79812}
2022-04-06 09:48:21 +00:00
Stephen Roettger
cff2b5000a Deprecate signature checks in Set{Accessor,NativeDataProperty}
Change from V8_DEPRECATE_SOON to V8_DEPRECATED. It turned out that we
don't have to make changes in chrome code, so we can go to deprecated
right away.

Bug: chromium:1310790
Change-Id: I1bd529536d3a0098f11f13b3e44fe3dbc80eed04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571897
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#79811}
2022-04-06 09:43:37 +00:00
Anton Bikineev
7dd391cb6c cppgc: young-gen: Extract and report metrics for young GC cycles
The CL makes sure to extract and copy Oilpan young GC metrics to
v8::metrics::GarbageCollectionYoungCycle. In addition, it makes sure
that metrics are not reported twice by bailing out from
GCTracer::NotifyCppGCCompleted() for young GC cycles (the metrics are
reported later in Heap::CollectGarbage() by calling
GCTracer::StopCycle()).

Bug: chromium:1029379
Change-Id: I07bf51e85a76a7cdbeeb8d87c9072edf2634158b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545168
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79766}
2022-04-04 18:33:08 +00:00
Jakob Gruber
1ff685d8b1 [deoptimizer] Remove soft deopts
.. since they are the same as eager deopts (% an unused counter).

Fixed: v8:12765
Change-Id: I2be6210e476ead4ac6629a49259f28321e965867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565717
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79729}
2022-04-04 10:26:36 +00:00
Stephen Roettger
a8beac553b Deprecate some signature checks
Deprecate signature checks in
* Template::SetNativeDataProperty
* ObjectTemplate::SetAccessor
These are not used in Chrome and require some complicated check in the IC code, which we want to remove.

Change-Id: I413fafc8658e922fd590e7fe200600a624f019a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557253
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#79689}
2022-03-31 12:11:21 +00:00
Benedikt Meurer
56cfdd68c7 [inspector] Add custom error dispatch machinery for debug evaluate.
This introduces a `V8InspectorClient::dispatchError()` callback that
embedders can use to dispatch errors from scripts injected by DevTools
(via debug evaluate). The idea here being that while these errors are
technically caught by the inspector logic, the DevTools UX presents them
just like other uncaught errors, with the exception that they don't
trigger error handlers installed by the page. The latter can be quite
confusing to developers, and surprising when for example testing these
error handlers from DevTools. So this adds the foundations on the V8
side to enable triggering error handlers for these technically caught,
but morally uncaught, exceptions.

On the Chromium side https://crrev.com/c/3560458 will implement and
use the hook. And that CL also adds a web tests to check the behavior.

Bug: chromium:1295750
Change-Id: I945c8a9e9b4ec5705fc7f1891dcda185b04c8310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557234
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79673}
2022-03-30 11:58:10 +00:00
Nikolaos Papaspyrou
7ff07f6ec5 heap: Add incremental mark/sweep step events
Report fine-grain incremental mark/sweep statistics to the Recorder API.
These will be used by Blink to populate UMA histograms such as
V8.GC.Event.MainThread.Full.Incremental.(Mark|Sweep).

Bug: chromium:1154636
Change-Id: I1cbdcb2ffa49bd01d04a2e1d43921cebf956ac84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545070
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79596}
2022-03-24 10:05:16 +00:00
Michael Lippautz
f6386018d4 [api] Remove TracedGlobal<>
Remove deprecated TracedGlobal<>, greatly simplifying handling of
traced references in general.

Also saves a word per v8::TracedReference as there's no need to keep a
possible callback around.

Bug: v8:12603
Change-Id: Ice35d7906775b912d02e97a27a722b3e1cec28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532251
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79589}
2022-03-23 21:04:51 +00:00
Michael Lippautz
ffae028b37 Forward deprecation for resurrecting finalizer
Bug: v8:12672
Change-Id: Ib4f53086436e028b4ea32fbc960f57e91709d184
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532256
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79581}
2022-03-23 15:54:22 +00:00
Jakob Gruber
b2978927d8 Remove dynamic map checks and custom deoptimization kinds
This CL removes:

- Dynamic map checks aka minimorphic property loads (TF support,
  builtins).
- "Bailout" deopts (= drop to the interpreter once, but don't
  throw out optimized code).
- "EagerWithResume" deopts (= part of dynamic map check
  functionality, we call a builtin for the deopt check and deopt
  or resume based on the result).

Fixed: v8:12552
Change-Id: I492cf1667e0f54586690b2f72a65ea804224b840
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401585
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79544}
2022-03-21 13:01:16 +00:00
Michael Lippautz
f46c4858b0 Revert "cppgc: Rework prefinalizers"
This reverts commit cf25b3bc53.

Reason for revert: https://crbug.com/1307471. TraceTrait must only be used during marking.

Original change's description:
> cppgc: Rework prefinalizers
>
> Move the check for whether an object is live or dead out of the
> prefinalizer trampoline. Moving it into the backend allows for
> inlining the check which avoids a call to the trampoline for live
> objects.
>
> On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
> ~2k finalizers registered. In order to avoid memory overhead in the
> range of a few KB, we store the fact whether the object points to the
> base object payload in the LSB of the pointer. For caged builds this
> is replaced with just storing the index into the cage for both object
> and base object payload.
>
> Locally saves around ~10% of atomic sweeping processing time which is
> in the order of .05ms.
>
> Bug: v8:12698
> Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79442}

Bug: v8:12698, chromium:1307471
Change-Id: I5c4e70d46cb99af66c77f0c013625b6af6c6eb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535781
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79527}
2022-03-18 08:33:04 +00:00
V8 Autoroll
a0204ff9ae Version 10.2.0
Change-Id: I3485e5d41cbafae1318c285bf564bc7df4a8c0f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532189
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79510}
2022-03-17 10:35:56 +00:00
Clemens Backes
44c02e18f6 [wasm] Fix some WASM comments and outputs
In text, we should use the properly capitalized "Wasm" instead of
"WASM". In particular for frame output, other frames typically use
CamelCase (like "JsToWasmFrame", "ExitFrame", "InternalFrame"), so Wasm
should do the same.
The "0xa" comment in some assemblers is also outdated, the current tag
we emit for StackFrame::WASM is 0x8 (0x4 shifted by one).

R=jkummerow@chromium.org

Bug: v8:12425
Change-Id: Ic3e00c401b219c28b5424c82efb0f1a9df51690f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3525195
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79498}
2022-03-16 12:57:38 +00:00
Samuel Groß
d16de30137 Add ObjectSerializer::VisitExternalPointer
This method now handles external pointers in HeapObjects during
serialization by encoding the representation of the external pointer
(sandboxed, raw), the origin (internal, api) and potentially the
external pointer tag. It is currently only used to handle
JSExternalObjects but could, in the future, be extended to handle all
external pointers that need special handling during
serialization/deserialization.

Bug: v8:12700
Change-Id: Ib0747d765ddc632e4ca4ee94521616d0271be0bc
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521904
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79496}
2022-03-16 11:07:30 +00:00
Samuel Groß
5a968b08b3 Refactor ExternalObjects
Instead of implementing ExternalObjects as plain JSObjects with a single
EmbedderDataSlot pointing to a Foreign containing the actual raw
pointer, this CL now creates a new JSExternalObject type that directly
contains the external pointer.

As a side-effect of this refactoring, nullptr values are now no longer
valid for ExternalObjects.

Change-Id: Ic8ff334681c966e823ca70f34dd1efaaa21a0789
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513234
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79459}
2022-03-14 10:50:58 +00:00
Michael Lippautz
cf25b3bc53 cppgc: Rework prefinalizers
Move the check for whether an object is live or dead out of the
prefinalizer trampoline. Moving it into the backend allows for
inlining the check which avoids a call to the trampoline for live
objects.

On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
~2k finalizers registered. In order to avoid memory overhead in the
range of a few KB, we store the fact whether the object points to the
base object payload in the LSB of the pointer. For caged builds this
is replaced with just storing the index into the cage for both object
and base object payload.

Locally saves around ~10% of atomic sweeping processing time which is
in the order of .05ms.

Bug: v8:12698
Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79442}
2022-03-10 12:53:32 +00:00
Michael Lippautz
7ef1fc1565 testing: OverrideEmbedderStackStateScope should only affect implicit GCs
The only user of OverrideEmbedderStackStateScope is Blink where it is
used to override stack state of top-level tasks. Adjust the behavior
here to allow using this scope broadly while still supporting explicit
garbage collection calls.

Bug: chromium:1300492
Change-Id: I78c418c5f08991bf6857147cd4a537246bfcc556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497744
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79420}
2022-03-09 14:29:34 +00:00
Nikolaos Papaspyrou
924cc89384 heap: Migrate full GC cycle UMA metrics
Report full GC statistics to the Recorder API. These will be used by
Blink to populate UMA histograms. Existing UMA reporting in V8 remains
as is for now and will be removed in a followup.

With this CL, most full GC statistics are reported as part of
V8.GC.Cycle.*.Full.*. Also V8.GCMarkCompactReason is migrated to
V8.GC.Cycle.Reason.Full.

This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3353448

Bug: chromium:1154636
Change-Id: I199be75e75144a59e5f56a6872268d0ecad3a885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3356195
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79408}
2022-03-08 18:27:13 +00:00
Michael Lippautz
1e9f077576 heap,api: Deprecate resurrecting finalizers
Resurrecting finalizers cause all sorts of problems, from performance
penalties when used to hard-to-debug memory leaks.

There's no more usage left in Blink as well as V8 internally, so
deprecate resurrecting finalizers.

Bug: v8:12672
Change-Id: I998373d6468bbd3bd581a41dec8904de80561f43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507991
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79394}
2022-03-07 20:43:02 +00:00
Leszek Swirski
426233a118 [counter] Add use counts for f.arguments and .caller
Change-Id: I29b48de9e0f6d6db5fba50d4a081656d869d9892
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506309
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79389}
2022-03-07 17:56:32 +00:00
Samuel Groß
f43f8a0bb5 [base] Don't return bool from VirtualAddressSpace::Free* routines
Instead of returning a boolean success/failure value, the Free* methods
of the VirtualAddressSpace API now terminate the process on failure, as
this implies a bug in the caller. This is simpler than CHECKing for
success in all callers and also provides more details about the possible
cause of the failure.

Bug: v8:12656
Change-Id: I5b469ae2c564068cff74e60b7e98f6a4776a239d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506992
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79388}
2022-03-07 16:53:23 +00:00
Michael Lippautz
6b197b0ac1 cppgc: Refactor prefinalizers
- Add a comment on the macro that registers a prefinalizer.
- Refactor the API to avoid exposing internal types needlessly.

Change-Id: Ia88e786304616848556263410a8f5398c5374533
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497766
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79334}
2022-03-02 19:14:39 +00:00
Michael Lippautz
8d55cd6c0e cppgc-js: Respect --single-threaded-gc
Before this CL Oilpan would schedule concurrent marking and sweeping
even in the presence of --single-threaded-gc. This e.g. flakily breaks
Blink tests that do not set up a thread-pool in certain configurations
where they pass --single-threaded (implying --single-threaded-gc).

Bug: chromium:1300492
Change-Id: I64f0c6a20f9c29d689a62e63cc5a8d024962ff2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497760
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79321}
2022-03-01 17:12:59 +00:00
Samuel Groß
418b5fc2ce [sandbox] Store external pointers in EmbedderDataSlots in shifted form
Similar to other external pointers, the indices into the external
pointer table are stored shifted to the left to guarantee an upper
bound.

Bug: v8:10391
Change-Id: I079dc1568f49ae349c326a8e83fc32c93bdb35cf
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455152
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79209}
2022-02-22 13:40:35 +00:00
Michael Lippautz
df696e72b1 api: Forward deprecations around EmbedderHeapTracer
- TracedGlobal is now fully deprecated
- Removed GarbageCollectionForTesting

Bug: v8:12603
Change-Id: Iaaea924888d60f936c34461654d78d74792919f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3471557
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79207}
2022-02-22 13:25:45 +00:00
Tobias Tebbi
079ef09f4e Revert "[profiler] opt-in tracing setting"
This reverts commit 38db63b2b8.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/42484/overview

Original change's description:
> [profiler] opt-in tracing setting
>
> CpuProfiler includes logic tracing that is only relevant in
> the context of TracingCpuProfiler.
> Adds a setting to disable tracing for SamplingCpuProfiler.
>
> Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79190}

Change-Id: Ib39f3790c5ba63ba2609cd8e5f6c218cd8e96ef7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3477102
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79191}
2022-02-21 13:27:23 +00:00
Corentin Pescheloche
38db63b2b8 [profiler] opt-in tracing setting
CpuProfiler includes logic tracing that is only relevant in
the context of TracingCpuProfiler.
Adds a setting to disable tracing for SamplingCpuProfiler.

Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79190}
2022-02-21 11:58:33 +00:00
Samuel Groß
a1faaf06a4 Split V8_OS_MACOSX into V8_OS_DARWIN and V8_OS_MACOS
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS.
With this CL, V8_OS_DARWIN will be set on both macOS and iOS,
V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS.

This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and
renames platform-xnu.cc to platform-darwin.cc.

Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79167}
2022-02-18 10:24:59 +00:00
Omer Katz
6f8b501c31 cppgc: Informative message in case of delete
Outside of unittests, if someone tried to delete a GCed object manually
they would get a silent crash without a stacktrace or any error
messages. This CL replaces the silent crash with an informative message.

Change-Id: Ied8895dab43ce7e3a9bf778b13e77d377d269fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468346
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79141}
2022-02-17 13:35:16 +00:00
V8 Autoroll
d571cf7c2f Version 10.1.0
Change-Id: I2c4bcabe00d85188675441dc242cd2efc90c5fca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3470561
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79136}
2022-02-17 13:28:30 +00:00
Samuel Groß
ccc6890112 [base] Fix iOS build after AllocateSharedPages introduction
The new shared memory API should only be used on macOS, but
platform-macos.cc was also included on iOS, causing build failures. This
CL splits platform-macos.cc into platform-xnu.cc (common code for macOS
and iOS) and platform-macos.cc (the macOS specific parts)

Bug: chromium:1218005
Change-Id: Iab332865ffd8990ddd246bb9c08802909464d7e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468895
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79131}
2022-02-16 17:11:16 +00:00
Samuel Groß
a76e7b4b38 [base] Add VirtualAddressSpace::AllocateSharedPages
This API allows allocating shared memory mappings inside a virtual
address space from a platform-specific handle to a shared memory object.
This will make it possible to allocate shared memory inside the sandbox,
for example as backing memory for ArrayBuffers.

Bug: chromium:1218005
Change-Id: I4f1f50baec50734e846496cff78046e4fffe75c5
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383777
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79123}
2022-02-16 11:35:23 +00:00
Samuel Groß
6e06d756b7 [sandbox] Disallow executable pages inside the sandbox
These should not be allowed inside the sandbox as they could be
corrupted by an attacker, thus posing a security risk. Furthermore,
executable pages require MAP_JIT on macOS, which causes fork() to become
excessively slow, in turn causing tests to time out.
Due to this, the sandbox now requires the external code space.

In addition, this CL adds a max_page_permissions member to the
VirtualAddressSpace API to make it possible to verify the maximum
permissions of a subspace.

Bug: v8:10391
Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79119}
2022-02-16 09:48:29 +00:00
Harshil Jain
0bca3b4563 [message] Remove deprecated PrintCurrentStackTrace function which take a FILE*
Change-Id: I598b3e7b0ad349c504d8729eb288d19b14319253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439336
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Harshil Jain <twitharshil@gmail.com>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79074}
2022-02-14 14:36:38 +00:00
Anton Bikineev
3f5c2dda67 cppgc: young-gen: Implement GenerationalBarrier for source objects
The generational barrier for source objects records the entire source
object to be processed later during remembered set visitation. It's
planned to be used for Blink backing stores when an inlined object (or a
range thereof) is added (HeapAllocator::NotifyNewObject(s)).

An alternative approach would be to eagerly process the inlined objects
using a custom callback. However, this requires changing Visitors to
bring slots into the context. This approach should better work for
scenarios where small ranges or single elements are added, to avoid
processing potentially large backing stores. The followup CL implements
this idea.

Bug: chromium:1029379
Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79073}
2022-02-14 13:58:07 +00:00
Kevin Babbitt
e08f7ae558 Allow setting fatal error callbacks during Isolate initialization
This will enable proper reporting of OOM errors during snapshot
deserialization, for example https://crbug.com/614440#c27.

Bug: chromium:614440
Change-Id: I226fb763d2630d0b21f7552070ed1a4cc222f69b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445203
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79055}
2022-02-11 17:54:03 +00:00
Alex Turner
05643c76f5 Make empty V8DebuggerId ctor public
This will allow users to create invalid V8DebuggerIds, e.g. to handle
error cases.

Bug: v8:12528
Change-Id: I6efbea934d444b520fc43531b910f4f80c718630
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445742
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79000}
2022-02-08 16:41:31 +00:00
Alex Turner
e3ca1f1a73 Add V8Inspector::uniqueDebuggerId method
This method returns the unique debugger ID for a v8::Context (i.e. the
V8DebuggerID), serialized to a pair of int64_ts.

Bug: v8:12528
Change-Id: Ib2cdda73447f8233f9afb773fed4a634d4618aef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3369124
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78958}
2022-02-04 18:23:05 +00:00
Michael Lippautz
d3038386e8 api: Deprecate v8::TracedGlobal
Replacement is v8::TracedReference in combination with v8::Global if a
callback is really needed.

Bug: v8:12603
Change-Id: Iae48fee2e6588a594d430c5f3a71ff0b3e67e5b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439873
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78950}
2022-02-04 15:38:17 +00:00
Anton Bikineev
4c2b5f4d30 cppgc: Provide API to test if object is marked or freed
This is needed to support minor gc tests on the Blink side.

Bug: chromium:1029379
Change-Id: Ic7ce1ae8e626b87738d76663ceecf7198e425d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437050
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78943}
2022-02-04 12:30:05 +00:00
Omer Katz
ef53e0a0d2 cppgc: Prevent misuse of explicit_management.h
The methods in explicit_management.h should be called via the public
variants in the subtle namespace. Calling the variants in the internal
namespace directly skips asserts and required size coversions. Doing so
may cause misuse of the api that may break GC inernals

Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78920}
2022-02-03 11:18:34 +00:00
Anton Bikineev
8370387f21 cppgc: young-gen: Prepare infra for young generation
The CL does following:
1) Makes sure young generation works and tests pass;
2) Provides CollectGarbageInYoungGenerationForTesting() that is needed
   to support remaining tests in Blink;
3) Moved cppgc_enable_young_generation GN flag to v8.gni to refer to it
   from Blink;
4) Bails out from marking TracedReferences in UnifiedHeapMarkingState;
5) Disables (temporarily) prompt freeing for young generation;
6) Fixes remembered set visitation for nullptr|kSentinel slots.

Bug: chromium:1029379
Change-Id: I5165fa22c8a0eaa708ef7a35a9978cb12e1cb13e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429202
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78901}
2022-02-02 10:29:55 +00:00
Michael Lippautz
d1afc53107 cppgc: Fix benign data race in MemberBase
The ctors dispatch between atomic and non-atomic writes; there's no
need for a default initializer.

Bug: chromium:1292728
Change-Id: I2b4c3341ee2d2682ba0113c8366456147ebc717e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429201
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78884}
2022-02-01 11:12:28 +00:00
Samuel Groß
e7f7c4bbda [sandbox] Store external pointer table indices shifted to the left
This guarantees that they are smaller than the maximum external pointer
table index when shifted to the right on load.

Bug: v8:10391
Change-Id: I601f37fbb9640ee4b5215958afcc474c5e0eb9af
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359631
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78873}
2022-01-31 15:25:27 +00:00
Camillo Bruni
36707481ff [api] Advance API deprecation for methods last changed in v9.8
Part I: V8_DEPRECATED_SOON => V8_DEPRECATED

Bug: v8:11165
Change-Id: I1f7191436ea03d341a0adcb29c8e0c811a12c51d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417434
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78812}
2022-01-27 14:03:56 +00:00
Shu-yu Guo
fc23bc1de2 Reland^2 "[string] Support shared strings in Value{Serializer,Deserializer}"
This is a reland of 5320fe8d58

Changes since revert:
- Remove stale DCHECK in deserializer

Original change's description:
> Reland "[string] Support shared strings in Value{Serializer,Deserializer}"
>
> This is a reland of 3cb4039cd1
>
> Changes since revert:
> - Fix FLAG_stress_scavenge interaction with shared Isolate
> - Use the shared Isolate's global handles to keep shared values
>   alive in transit during a postMessage
>
> Original change's description:
> > [string] Support shared strings in Value{Serializer,Deserializer}
> >
> > When FLAG_shared_string_table is true, postMessaging strings will share
> > instead of copy.
> >
> > Note that not all operations on shared strings are supported, and shared
> > strings may be slower than non-shared strings for some operations.

Bug: v8:12007
Change-Id: I70782978ed05558615eca03bafc4c12eba3644ca
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417189
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78791}
2022-01-26 21:00:12 +00:00
Camillo Bruni
9cf4f1319d [api] Advance API deprecation for methods last changed in v9.7
Bug: v8:11165
Change-Id: I6d21b5ace124b6a47df983d5e3370d241f58f056
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395880
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78785}
2022-01-26 17:30:21 +00:00
Nico Hartmann
199f1c2a92 Revert "Reland "[string] Support shared strings in Value{Serializer,Deserializer}""
This reverts commit 5320fe8d58.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/38175/overview

Original change's description:
> Reland "[string] Support shared strings in Value{Serializer,Deserializer}"
>
> This is a reland of 3cb4039cd1
>
> Changes since revert:
> - Fix FLAG_stress_scavenge interaction with shared Isolate
> - Use the shared Isolate's global handles to keep shared values
>   alive in transit during a postMessage
>
> Original change's description:
> > [string] Support shared strings in Value{Serializer,Deserializer}
> >
> > When FLAG_shared_string_table is true, postMessaging strings will share
> > instead of copy.
> >
> > Note that not all operations on shared strings are supported, and shared
> > strings may be slower than non-shared strings for some operations.
> >
> > Bug: v8:12007
> > Change-Id: I3462128e15410d2568868143571571b3025722c1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Shu-yu Guo <syg@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78614}
>
> Bug: v8:12007
> Change-Id: I5d9b99b2dac6f26d5ef046d7aec94f1a1d219419
> Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389533
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78761}

Bug: v8:12007
Change-Id: Ie8e54b30055324e6592562450b51d5a11e11c9d0
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3416232
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78762}
2022-01-26 09:12:18 +00:00
Shu-yu Guo
5320fe8d58 Reland "[string] Support shared strings in Value{Serializer,Deserializer}"
This is a reland of 3cb4039cd1

Changes since revert:
- Fix FLAG_stress_scavenge interaction with shared Isolate
- Use the shared Isolate's global handles to keep shared values
  alive in transit during a postMessage

Original change's description:
> [string] Support shared strings in Value{Serializer,Deserializer}
>
> When FLAG_shared_string_table is true, postMessaging strings will share
> instead of copy.
>
> Note that not all operations on shared strings are supported, and shared
> strings may be slower than non-shared strings for some operations.
>
> Bug: v8:12007
> Change-Id: I3462128e15410d2568868143571571b3025722c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78614}

Bug: v8:12007
Change-Id: I5d9b99b2dac6f26d5ef046d7aec94f1a1d219419
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389533
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78761}
2022-01-26 01:00:36 +00:00
legendecas
10a777ee7e [ShadowRealm] Part 1 - Skeleton
1. Expose all the functions to empty builtins.
2. Wire up the basic structure of ShadowRealm and internal slots.

Bug: v8:11989
Change-Id: If7545fe18a74b2bd4b70a1a25776e41f03aaff89
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195532
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#78757}
2022-01-25 18:10:57 +00:00
Michael Lippautz
c1d39129f9 cppgc: Fix hello world
The hello world sample needs to initialize V8's default platform in case
it is not built as stand-alone example.

Bug: v8:12427
Change-Id: I78b68fbed2c2a25b0ff03675beb94dfc5b9b4135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412088
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78756}
2022-01-25 16:34:14 +00:00
Samuel Groß
df3ebe5dcc [sandbox] Shrink ExternalPointer_t to 32 bits
When sandboxed external pointers are enabled, external pointers now only
require 32 bits of storage space in a HeapObject. This CL does not shrink
the size of EmbedderDataSlots, which will happen in a follow-up CL.

Bug: v8:10391
Change-Id: I3cf8b68c3b985cf806a45183717f50462a88c281
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359629
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78754}
2022-01-25 12:03:28 +00:00
Michael Lippautz
40db472a32 api: Remove deprecated write barrier API
Bug: v8:12356
Change-Id: Ib9e99c8b05e24a8983c5ff3d36ca534a262738a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404774
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78717}
2022-01-21 11:36:48 +00:00
Dominik Inführ
116ca00f20 [execution] Move v8::Locker::WasEverUsed() flag into Isolate
So far this flag was process-global, so if one isolate used v8::Locker
all isolates were forced to use v8::Locker. With the shared isolate
now being a thing that routinely gets migrated between different
threads, all users of the shared isolate would be forced to use
v8::Locker. So we now store that flag on the isolate such that using
v8::Locker for the shared isolate does not affect other isolates.

Deprecate v8::Locker::WasEverUsed() at the same time.

Bug: v8:11708
Change-Id: I60531f084cc1b1b113620c46f5bed20511f52c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401595
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78712}
2022-01-20 19:08:49 +00:00
Samuel Groß
4a3e41c5ca [sandbox] Implement GC for the external pointer table
The external pointer table is now managed by the GC, which marks entries
that are alive during major GC, then sweeps the table afterwards to free
all dead entries and build a free list from them. For now, only major GCs
are supported, Scavenger GCs do not interact with the external pointer table.

In more detail, garbage collection of the external pointer table works
as follows:

1. The external pointer table now reserves a large region of virtual
   address space for its backing buffer and is then never reallocated,
   only grown in place until the maximum size is reached.
2. When the GC's marking visitor marks a HeapObject with an external
   pointer as alive, it also marks the corresponding external pointer
   table entry as alive. This can happen on a background thread.
3. For that, it uses the MSB of each entry in the table to indicate
   whether the entry has been marked or not. This works because the MSB
   is always cleared during the AND-based type check performed when
   accessing an external pointer.
4. After marking, the external pointer table is swept while the mutator
   is stopped. This builds an inline, singly-linked freelist of all
   newly-dead and previously-free entries.
5. When allocating an entry from the table, the first entry on the
   freelist is used. If the freelist is empty, the table grows,
   populating the freelist with the new entries.
6. Every newly-allocated entry is marked as alive, and every store to an
   existing entry also automatically marks that entry as alive (by also
   setting the MSB). This simplifies the design of the table GC with
   regards to concurrency (See ExternalPointerTable::Mark).

Bug: v8:10391
Change-Id: I8877fdf5576af3761bde65298951bb09e601bd14
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359625
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78708}
2022-01-20 17:39:49 +00:00
Liviu Rau
dc97b45058 Version 10.0
Change-Id: I5114f6975563a59c586c9a28711034cdd35a9b31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401870
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Lutz Vahl <vahl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78707}
2022-01-20 17:18:59 +00:00
Lutz Vahl
1d95b0b897 Revert "Version 9.10.0"
This reverts commit 519ee9d66c.

Reason for revert: Need to adjust to 10.0

Original change's description:
> Version 9.10.0
>
> Change-Id: I1be4d945e1ba2c1816b5fd335e7fe08eb4aca4c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404534
> Reviewed-by: Lutz Vahl <vahl@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Liviu Rau <liviurau@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78702}

Change-Id: I2f6f8b64123d477f7c982e2623aca43fc8b245ae
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404771
Auto-Submit: Lutz Vahl <vahl@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78703}
2022-01-20 15:55:49 +00:00
V8 Autoroll
519ee9d66c Version 9.10.0
Change-Id: I1be4d945e1ba2c1816b5fd335e7fe08eb4aca4c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404534
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78702}
2022-01-20 15:50:29 +00:00
Marja Hölttä
2eb253764f [rab/gsab] Re-enable serializing flags with ValueSerializer
Also:
- Refactor the ValueSerializer tests using raw data, so that we test all
valid versions for each test (not only one hard-coded one)
- Mark some tests as backwards compatibility tests, to make it less
likely that somebody updates them not realizing they are backwards
compatibility tests.

Bug: v8:11111, v8:12532
Change-Id: I670849de07742c8d442249ef4f013781e4ee9255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386802
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78681}
2022-01-19 12:45:39 +00:00
Simon Zünd
1f53cbf197 [inspector] Add Runtime#getExceptionDetails CDP method
CDP has a "ExceptionDetails" structure that is attached to various
CDP commands, e.g. "Runtime#exceptionThrown" or "Runtime#evaluate".
The stack trace in the "ExceptionDetails" structure is used in
various places in DevTools. The information in the "ExceptionDetails"
structure is extracted from a v8::Message object. Message objects
are normally created at the exception throw site and may augment
the error with manually inspecting the stack (both to capture a fresh
stack trace in some cases, as well as to calculate location info).

The problem is that in some cases we want to get an "ExceptionDetails"
structure after the fact, e.g. when logging a JS "Error" object in
a catch block. To help in this case, this CL introduces a new
CDP method "Runtime#getExceptionDetails" that behaves exactly as
advertised: It provides a populated "ExceptionDetails" structure
from a JS Error object.

R=bmeurer@chromium.org

Doc: https://bit.ly/runtime-get-exception-details
Bug: chromium:1278650
Change-Id: I084be10c1d852d3b7cac8d88e7f820e867be4722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337258
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78676}
2022-01-19 09:38:31 +00:00
Camillo Bruni
0a61fa5184 [api] Deprecate Local<v8::Context> v8::Object::CreationContext()
Bug: v8:11165
Change-Id: I7c00d2dc87b232b24c4760922936580347358778
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3395881
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78663}
2022-01-18 10:33:01 +00:00
Simon Zünd
44a8a7d685 Introduce v8::StackTrace::CurrentScriptNameOrSourceURL
This CL introduces a dedicated API to retrieve the current (w.r.t. the
JS stack) script name or sourceURL. Currently, API clients will
collect multiple stack traces in increasing sizes to accomplish the
same goal. The new method walks the JS stack in the same way as the
stack trace collection mechanic but doesn't create/allocate stack info
or callsite objects along the way.

R=bmeurer@chromium.org, yangguo@chromium.org

Doc: https://bit.ly/v8-current-script-name
Bug: chromium:1286677
Change-Id: Id53e4f04bf17349d34f3d581bc712b1f4aa055db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3382818
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78645}
2022-01-17 11:34:28 +00:00
Leszek Swirski
3051f8abc0 Revert "[string] Support shared strings in Value{Serializer,Deserializer}"
This reverts commit 3cb4039cd1.

Reason for revert: TSAN failure in newly added test: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/18086/overview

Original change's description:
> [string] Support shared strings in Value{Serializer,Deserializer}
>
> When FLAG_shared_string_table is true, postMessaging strings will share
> instead of copy.
>
> Note that not all operations on shared strings are supported, and shared
> strings may be slower than non-shared strings for some operations.
>
> Bug: v8:12007
> Change-Id: I3462128e15410d2568868143571571b3025722c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78614}

Bug: v8:12007
Change-Id: I5bb8f9b4e9b641c6d5cb16f963e9dbc1b13ac56a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386799
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78615}
2022-01-14 08:44:24 +00:00
Shu-yu Guo
3cb4039cd1 [string] Support shared strings in Value{Serializer,Deserializer}
When FLAG_shared_string_table is true, postMessaging strings will share
instead of copy.

Note that not all operations on shared strings are supported, and shared
strings may be slower than non-shared strings for some operations.

Bug: v8:12007
Change-Id: I3462128e15410d2568868143571571b3025722c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78614}
2022-01-14 02:59:51 +00:00
Lei Zhang
87cf0bdddf Remove many superfluous STL includes in headers.
Use grep to check for obviously unneeded includes. e.g. headers that
include <vector> but does not contain "std::vector".

Change-Id: I43a9e9f01e072fd495918d28ca4cdad5cfa0294c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3354400
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78613}
2022-01-13 20:56:45 +00:00
Nikolaos Papaspyrou
638993ae22 heap: Add total wall time for UMA events
The total wall time for GC reported to Blink is explicitly included in
UMA events. For the C++ managed heap, it is equal to the sum of the four
phases (mark, sweep, compact, weak). For the JS heap, it will be greater
than or equal to that sum in general.

Bug: chromium:1154636
Change-Id: Id710702b8e9d8db5c8d1eb4917deb6b760a77306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386596
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78611}
2022-01-13 19:29:06 +00:00
Yang Guo
e784cbd12b Add comment to startup snapshot
R=leszeks@chromium.org

Change-Id: I8e5930d9ed946ae12cad98b3456055aefcef7d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386593
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Yang Guo <yangguo@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78601}
2022-01-13 13:57:06 +00:00
Corentin Pescheloche
747cdba92b Shift EmbedderState values next to each other
For consistency with the other enums values, avoid gaps between
EmbedderState values.

Bug: chromium:1263871
Change-Id: I22c58700f292b007ced7c12db219f578f82d77d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3370081
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78549}
2022-01-10 17:43:47 +00:00
Omer Katz
86aa8e4093 cppgc: Avoid using members on stack in cppgc
Bug: chromium:1283720
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Change-Id: Ifd9982a9315ebbed8765bc9f15ac3ffcbf04612f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368269
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78506}
2022-01-06 08:30:35 +00:00
Aleksei Koziatinskii
a66b09e551 fix(cppgc): removed deleted cstors in CppHeapCreateParams
In the C++20 a following paper was implemented [1]. This
paper makes code below illformed. The high level idea is
that as soon as class gets non default constructor - all
default initializations are not added implicitly.

class A {
public:
  A(const A&) = delete;
};

int main() {
  A a{};
  return 0;
}

So if V8 embedder is building its code with C++20 it can
not initialize v8::CppHeapCreateParams struct and as a
result can not create a CppHeap.

One of the possible mitigations (3.3) from the paper is
to add non copyable field into class. Luckily there
is std::vector<std::unique_ptr>> in this class already.

[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1008r1.pdf

Change-Id: I8a2dc35784d7646b5f73a5e178716e9bf2ffe601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348007
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78504}
2022-01-06 02:49:44 +00:00
Omer Katz
04952cd2f1 cppgc: Update Oilpan README with design details
New text is moved over from BlinkGCDesign.md

Bug: chromium:1283934
Change-Id: I10a84c91a642e96c494d6e523d6d89059afaa1ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366658
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78498}
2022-01-05 18:16:03 +00:00
Samuel Groß
406d65d3bc [base] Add VirtualAddressSpace::AllocateGuardRegion
Previously, guard regions were created by allocating pages with
PROT_NONE and relying on an allocation hint. This could fail however,
for example on Fuchsia (where it would allocate a VMO to back the guard
region) and possibly on Windows (where a placeholder mapping was
replaced by a "real" mapping).

Introducing an explicit VirtualAddressSpace::AllocateGuardRegion routine
now makes this operation more efficient and effectively guarantees that
it cannot fail if used correctly: in a regular subspace, there is no
need to allocate anything when creating guard regions since the address
space reservation backing the subspace is guaranteed to be inaccessible
when no pages are allocated in it.

Bug: chromium:1218005
Change-Id: I6945f17616b6b8dad47241af96d4cb1f660e8858
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366237
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78480}
2022-01-04 15:50:08 +00:00
Benedikt Meurer
2feba8d29e [owners] Adjust ownership for v8-debug.h.
The v8-debug.h and its implementations in api.cc are effectively owned
by the DevTools team.

Bug: none
Change-Id: I0eacb901bad771fca9aff19ded6bde0c34753174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361835
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78453}
2021-12-30 08:04:21 +00:00
Benedikt Meurer
ed7b66400e [inspector] Introduce v8::StackFrame::GetLocation() API.
This introduces a new `GetLocation()` method for `v8::StackFrame`s,
which returns both line and column number at the same time (using the
existing `v8::Location` class). Since `v8::StackFrame` instances store
only the source position (per https://bit.ly/v8-stack-frame), we
currently need to look up the source position in the Script's line table
twice, once when we request the line number, and another time when we
request the column number.

With `GetLocation()` we perform only a single lookup in the Script's
line table and return both line and column number at the same time. This
cuts roughly 8% of the average execution time from the `standalone.js`
benchmark mentioned in crbug.com/1280519.

Bug: chromium:1280519, chromium:1278650, chromium:1069425
Bug: chromium:1077657, chromium:1283162
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: Ia3a0502990b6230363112a358b59875283399404
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359628
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78452}
2021-12-30 06:21:21 +00:00
Nikolaos Papaspyrou
e608acf40a heap: Migrate young GC cycle UMA metrics
Report young generation GC statistics to the Recorder API.
These will be used by Blink to populate UMA histograms.
Existing UMA reporting in V8 remains as is for now and will be removed
in a followup.

With this CL, minor mark-compaction statistics are reported as part
of V8.GC.Cycle.*.Young. Also V8.GCScavengeReason is migrated to
V8.GC.Cycle.Reason.Young.

This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3320388

Bug: chromium:1154636
Change-Id: Ia1030c80d4bc75ac6e176ed60f838929ddb9b20f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320430
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78416}
2021-12-20 16:57:02 +00:00
Benedikt Meurer
890b1866f1 [inspector] Mark Debugger.CallFrame.url as deprecated.
This is the first step towards moving away from sending `url` with every
call frame when emitting the `Debugger.paused` event.

Bug: chromium:1270316, chromium:1271078
Change-Id: I2f57f21e15bf908ffb53f5c7b5862d3efa329c86
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344946
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78392}
2021-12-16 12:58:38 +00:00
Samuel Groß
277fdd1de7 V8 Sandbox rebranding
This CL renames a number of things related to the V8 sandbox.
Mainly, what used to be under V8_HEAP_SANDBOX is now under
V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
is now simply the V8 Sandbox:

V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
V8VirtualMemoryCage => Sandbox
CagedPointer => SandboxedPointer
fake cage => partially reserved sandbox
src/security => src/sandbox

This naming scheme should simplify things: the sandbox is now the large
region of virtual address space inside which V8 mainly operates and
which should be considered untrusted. Mechanisms like sandboxed pointers
are then used to attempt to prevent escapes from the sandbox (i.e.
corruption of memory outside of it). Furthermore, the new naming scheme
avoids the confusion with the various other "cages" in V8, in
particular, the VirtualMemoryCage class, by dropping that name entirely.

Future sandbox features are developed under their own V8_SANDBOX_X flag,
and will, once final, be merged into V8_SANDBOX. Current future features
are sandboxed external pointers (using the external pointer table), and
sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
because they are encoded as offsets). This CL then also introduces a new
build flag, v8_enable_sandbox_future, which enables all future features.

Bug: v8:10391
Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78384}
2021-12-15 17:09:36 +00:00
Corentin Pescheloche
79a9d2eb34 Fix destructor for EmbedderStateScope
EmbedderState is forward declared in public header for
EmbedderStateScope. Default std::unique_ptr's destructor needs a fully
defined class. Defining default destructor in implementation file fixes
this.

Bug: chromium:1263871
Change-Id: I8ccc58f56a758927dc5d7a39387188185e7d3827
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3338697
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78363}
2021-12-14 11:54:09 +00:00
Michael Lippautz
3afcbf5c3c cppgc: Advance deprecation arounds write barrier
Advance deprecations and remove fully deprecated code.

Bug: v8:12165
Change-Id: I2cf1715d6878ff65e5b9beaddb8df7aec780b21e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3328781
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78329}
2021-12-09 21:42:16 +00:00
V8 Autoroll
002e39e97a Version 9.9.0
Change-Id: I3e803b880574fa17b276f8f3e3e78198a2920866
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3326439
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Commit-Queue: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78324}
2021-12-09 13:08:31 +00:00
Camillo Bruni
ce02d2f452 [api] Add LongTaskStats::v8_execute_us
The execute_us is now tied to the --slow-histograms flag.
This currently enabled on a small population as a persistent finch study
which should give us enough coverage for now.

Drive-by-fixes:
- Rename counter: execute_precise() to execute()
- Avoid Leave/Enter overhead in NestedTimedHistogramScope if the
  histogram is not enabled
- Only stop timers in debug mode for NestedTimedHistogramScope

Bug: chromium:1275056
Change-Id: Id6a492bdd68edb5194cb191c7083829a9f90283f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320431
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78318}
2021-12-09 11:38:04 +00:00
JianxiaoLuIntel
272cf914f0 [heap] trace heap layout before and after gc
Change-Id: Ic79f5829ae47cb4217d424aa6582f4686751ff1a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299279
Auto-Submit: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78287}
2021-12-08 10:18:16 +00:00
Corentin Pescheloche
e155881f24 Reland "[profiler] Surface VM & Embedder State"
This is a reland of 2d087f237e

The changes are :
* Fix redundant reinterpret_cast in test file for MSVC failure
https://crbug.com/v8/12476
* Fix flaky test
https://crbug.com/v8/12475
If a sample is captured during a GC, no embedder context is obtained
defaulting to EMPTY. This is the expected behavior, made it in clear
in implementation and in test.
* Synchronized the embedder context filter behavior with existing
native context filter.

Original change's description:

> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}

Bug: chromium:1263871
Change-Id: Ief891b05da99c695e9fb70f94ed7ebdecc6c3b7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320037
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78281}
2021-12-07 19:00:07 +00:00
Michael Lippautz
3902ffbba4 cppgc: Persistent: Check thread usage on slow path
Checks whether a Persistent is used from the creation thread on slow
path allocations. In practice, these currently happen every 256
Persistent allocations. This is a best effort check that may help to
flush out issues that are missed with DCHECK builds.

Bug: chromium:1276570
Change-Id: Ia868ca436341b1b5ef427d5b3ec04926c1394e41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318658
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78276}
2021-12-07 14:32:47 +00:00
Camillo Bruni
480a917d8e Revert "[profiler] Surface VM & Embedder State"
This reverts commit 2d087f237e.

Reason for revert: 
- Causing MSVC build failures: https://crbug.com/v8/12476
- Causing flaky failures: https://crbug.com/v8/12475

Original change's description:
> [profiler] Surface VM & Embedder State
>
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState: 
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}

Bug: chromium:1263871, v8:12475, v8:12476
Change-Id: I02670b1ed3bb863033208369227642a7419fce00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78256}
2021-12-06 17:02:05 +00:00
Shu-yu Guo
6e2078d659 [string] Extend StringShape to query the shared bit
Rename StringShape::full_representation_tag to
StringShape::representation_and_encoding_tag, since the full
representation tag now includes the shared bit.

There are no users of the new method in this CL; this is split out to
make subsequent shared string CLs smaller.

Bug: v8:12007
Change-Id: Ic4ac0241fd9846241e85b4a094dfee6d201ba42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313428
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78253}
2021-12-06 16:35:15 +00:00
Corentin Pescheloche
2d087f237e [profiler] Surface VM & Embedder State
Add APIs to surface VMState and new EmbedderState to CpuProfile samples.

EmbedderState:
* An EmbedderState is defined as a value uint8_t and a v8::context used
for filtering.
* EmbedderStates are stack allocated by the embedder, construction and
destruction set/unset the state to the isolate thread local top.
* A v8::context is used to filter states that are added to a CpuProfile,
if the CpuProfile do not have a ContextFilter set or if contexts do not
match, state defaults to Empty.

* v8:StateTag is already propagated all the way to a Sample, simply add
an API to surface it.

VMState: 
Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
Bug: chromium:1263871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78250}
2021-12-06 15:29:06 +00:00
Michael Lippautz
e4b585eae1 cppgc: Revert diagnosing CHECKs for Persistent
This CL reverts two diagnosing CLs that introduced same-thread CHECKS,
recovering all introduced performance regressions.

We will try to add less performance-sensitive checks again in a follow
up.

This reverts commit 0c2bbfd5bb.
This reverts commit 6643c05940.

Bug: chromium:1253650, chromium:1243257, chromium:1274201
Change-Id: I96c41c39c4f58b062574fa11c4a2d76ad030bcf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315437
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78245}
2021-12-06 13:23:45 +00:00
Samuel Groß
a7cb30b0e9 Introduce VirtualAddressSpace interface
This interface is meant to eventually replace the existing
v8::PageAllocator interface. Beyond general refactoring of the
PageAllocator APIs, the new interface now supports the concept of
(contiguous) address space reservations, which previously had to be
implemented through page allocations. These reservations now make better
use of provided OS primitives on Fuchsia (VMARs) and Windows
(placeholder mappings) and can be used to back many of the cages and
virtual memory regions that V8 creates.

The new interface is not yet stable and may change at any time without
deprecating the old version first.

Bug: chromium:1218005
Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78235}
2021-12-04 21:42:04 +00:00
Samuel Groß
42ed4928cd Use CagedPointers for ArrayBuffer backing stores
This CL turns references to ArrayBuffer backing stores from
JSArrayBuffers, JSTypedArrays, and JSDataViews into CagedPointers
when those are enabled.

CagedPointers cannot generally represent nullptr, as NULL usually lies
outside the cage. As such, nullptr backing stores are replaced with a
special empty backing store value, which, in the current implementation,
points to the end of the cage, right in front of the trailing guard
regions. Due to this, it is no longer correct to compare a backing store
pointer against nullptr.

Bug: chromium:1218005
Change-Id: I4a6c7a82aabb4debcb6bb2babe4035ba2da8e79f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244419
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78218}
2021-12-02 17:07:15 +00:00
Adam Klein
138605e631 Fix MSVC C++17 build config
MSVC doesn't define __cplusplus appropriately, so use _MSVC_LANG instead.

Bug: chromium:1274247
Change-Id: I40ef9f42f4e55b3410f89ff23c228f1b1201c4ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308423
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Adam Klein <adamk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78180}
2021-12-01 11:14:39 +00:00
Anton Bikineev
38f97cae6b platform: Provide hooks for disabling allocation quarantining
Some performance sensitive paths in V8 (compilation/json parsing) or
paths with high allocation/freeing throughput can suffer from not being
able to reuse recently freed allocations. These paths can also
significantly increase the working set and cause large number of page
faults. For such paths (at least as an initial measure) we are planning
to disable allocation quarantining.

The CL provides a way for the embedder to hook in *Scan functions that
disable/enable quarantining. It also disables *Scan for json parsing and
compilation jobs.

Bug: chromium:1249550
Change-Id: I0274f66010435f3d4d091fe70fabcd20f46dc0d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306389
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78178}
2021-12-01 10:37:49 +00:00
Camillo Bruni
44166c6091 [api] V8::Initialize cleanup
- V8::Deprecate ShutdownPlatform in favor of V8::DisposePlatform
- Rename i::V8::TearDown to i::V8::Dispose
- Clean up i::V8::Initialize
- Remove needless V8::Initialize() calls in cctests
- Remove CcTest::DisableAutomaticDispose()
- Add checks to Isolate::Allocate and Isolate::Dispose that there is
  and active platform

Change-Id: Iac84f9ade9d1781e9e8b8c88ea8fe74013f51c4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306482
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78162}
2021-11-30 14:30:38 +00:00
Leszek Swirski
f4e02f266b [turbofan] Remove defn of constexpr vars for C++17
It's deprecated in C++17 and not needed (it was needed for static const,
but not for constexpr). It's needed in C++14, but can trigger
deprecation errors in C++17, so include it conditionally on __cplusplus.

Bug: chromium:1274247
Change-Id: I92524f377bb92ac2aa008f15830920786a1c1432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308795
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78157}
2021-11-30 13:01:31 +00:00
legendecas
25cd6f26b4 [api] Inline ScriptOrigin methods as declaration
These methods were declared as inlined functions but the implementation
were moved to api.cc.

Change-Id: I49071aca9c94e52930c362e85206dbda402ab29b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308375
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78148}
2021-11-30 10:39:28 +00:00
Michael Lippautz
6643c05940 Reland "cppgc: Add targeted CHECK for diagnosing Peristent issue"
This is a reland of 4997ce58dd

Original change's description:
> cppgc: Add targeted CHECK for diagnosing Peristent issue
>
> The added CHECK aims at finding problems where Peristent is used off
> the owning thread.
>
> Bug: chromium:1253650, chromium:1243257
> Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78137}

Bug: chromium:1253650, chromium:1243257
Change-Id: I9ef72d3f649c1a4504417c4cd7728e5000675405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306487
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78146}
2021-11-30 09:56:28 +00:00
Adam Klein
5d787082b1 Revert "cppgc: Add targeted CHECK for diagnosing Peristent issue"
This reverts commit 4997ce58dd.

Reason for revert: CHECK triggers on content_browsertests, blocking V8 roll
https://cr-buildbucket.appspot.com/build/8829191878491185313

Original change's description:
> cppgc: Add targeted CHECK for diagnosing Peristent issue
>
> The added CHECK aims at finding problems where Peristent is used off
> the owning thread.
>
> Bug: chromium:1253650, chromium:1243257
> Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78137}

Bug: chromium:1253650, chromium:1243257
Change-Id: I6b5c3d3ac0a01e1e3de31a10d5903ea26cf5ae9a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308373
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78142}
2021-11-30 04:09:20 +00:00