This CL implements checks in case EnforceRange is requested for a
given parameter by using TryTruncate* operators. It implements 2 such
truncations on x64 and arm64 - TryTruncateFloat64ToInt32 and
TryTruncateFloat64ToUint32.
Bug: chromium:1052746
Change-Id: I32f34d9dc1265af568cc576663620a8f7f8245f6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721618
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81512}
Shifting negative integrals is undefined behavior. The CL simply
switches to uint64_t when decompressing, which anyway results in
sign-extension (in standard terms, integral promotion must preserve the
value and the sign of the source operand).
The CL doesn't have any functional changes, the generated code is the
same. It only fixes the ubsan report.
Bug: chromium:1325007
Change-Id: I491a87b84d4e98b0225f76825dac2f9e85f168d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736442
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81452}
GCC doesn't have __attribute__((require_constant_initialization)). Use
it only for clang.
Bug: chromium:1325007
Change-Id: Ide5d428ed107d3244072774c0031c042ed0cee31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735125
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81447}
Before this CL, the caged heap was lazily initialized upon the first
call of HeapBase ctor. CagedHeap keeps a pointer to PageAllocator which
was provided from cppgc::Platform through the HeapBase ctor. This was
not generally safe: the platform is not enforced to be singleton. If it
happens to die first, then CagedHeap will have a stale pointer. The CL
fixes it simply by moving caged-heap initialization to
cppgc::InitializeProcess(), which already requires a constantly living
PageAllocator.
Bug: chromium:1338030
Change-Id: Ifb70a2db233ef36a99c919db09bed9ff9f3708ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732107
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81422}
The class is dead code, and has not been used for years. I tried to
deprecate the class first, but this caused build errors on GCC [1].
That's why this CL just deletes the class. Deleting the class is okay
because this class was part of the original implementation of streaming
compilation. There is only a single embedder who uses streaming
compilation, which is Chrome, and Chrome switched to the new API
already years ago. If there were other embedders that use this class,
then this embedder would already have no working implementation of
streaming compilation for years.
R=adamk@chromium.org
Bug: v8:12926
Change-Id: I3342167245822cf8ee52d9632cba236fb1b0646c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714236
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81421}
This change is only to get the API in place; the newly added functions
don't yet do anything.
Bug: v8:12808
Change-Id: Ic6a697d4f62c2b61761b2545dae6fcdf37653bbf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3681880
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81418}
The ExternalPointerTags are assumed to be compile-time constants in most
cases, so turning them into template parameters enforces that. As
decisions such as whether to use the per-isolate or the shared external
pointer table are encoded into the tag values, forcing those to be
compile-time constants guarantees that the compiler will be able to
inline the correct logic when accessing an external pointer.
With this, there are now two (high-level) ways of accessing external pointer fields from C++: the Read/WriteExternalPointerField methods
which require the ExternalPointerTag to be a template parameter, and the
ExternalPointerSlot class which takes the tag as an argument. The latter
is for example used for snapshot deserialization and by the garbage
collector (more generally, by the ObjectVisitor::VisitExternalPointer
method), where the tag is not a compile-time constant.
Finally, this CL also introduces a new ExternalPointerHandle type which
represents the (opaque) on-heap representation of a reference to an
entry in an ExternalPointerTable when sandboxing is enabled. Making this
its own type makes the code a bit more readable.
Bug: v8:10391
Change-Id: I867b8ce41d15d485f1dc66786f233c710c56afcb
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720641
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81402}
- Change definition to macro-style to be able to assert that masks/tags
are correct.
- Split definition of shared/non-shared tags.
- Use bit 62 (for now) to indicate tags are shared.
Bug: v8:10391
Change-Id: Ia3ad6294cf5e6fd0c4dc2a328f976f295da762f5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726009
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81400}
Since v8config.h already defines the related logic for OS detection, it
should be fine to move arch detection also there. The CL also makes
Oilpan use one of those macros to avoid discrepancy between the compiler
and custom macros (the discrepancy occurs for host tools, e.g. mksnapshot).
Bug: chromium:1336222
Change-Id: Ibe7d9116d27c3e816f4778fd4c149d8142d0f7a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726208
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81397}
The waiter queue node of JS Atomics.Mutex is now stored in the shared
external pointer table.
Bug: v8:12547
Change-Id: I2f4ce1c705d5e710b49872942702f60edf6c4043
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3721696
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81380}
To be able to share external strings, we need to share the external
pointer table in sandbox builds.
To avoid branches at runtime all pointers for external strings are
stored in the shared external pointer table.
Bug: v8:12957
Change-Id: Iaa6be7839a2f5e50f80fd58c5b33fb9c6af61057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695263
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81324}
Previously it was implemented in api.cc, therefore requiring an additional
function call when accessing external pointer fields from embedder code with
the sandbox enabled. Now ReadExternalPointerField can be inlined.
Bug: v8:10391
Change-Id: Ia8cb2df148ac96f979fd3e22989b0ff6177abcec
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3714245
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81271}
... to avoid additional indirection on every access.
Drive-by: given that AccessorInfo class now has a custom body visitor
it's no longer necessary to encode flags field as Smi.
Bug: v8:12949
Change-Id: I30eabee3cbc5ded2bf3f050dfe22208713a764bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701590
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81237}
This reverts commit be41754f9f.
Reason for revert: This change breaks the GCC component build (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug%20builder/1997/overview)
Original change's description:
> [wasm] Deprecate WasmModuleObjectBuilderSteraming
>
> This class is just dead code.
>
> Bug: v8:12926
> Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81169}
Bug: v8:12926
Change-Id: I8ef0dbd6ebaac0cbcc752338b7bfdf6049e6874c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707219
Owners-Override: Adam Klein <adamk@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81210}
The CL fixes PMF regressions that happend after increasing
the AgeTable size.
Bug: chromium:1336529
Change-Id: If1f099b43bfcb3a8c7dd4a1c229fcb08735eb744
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707098
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81180}
It should be V8_TARGET_OS_ANDROID instead of V8_OS_ANDROID.
Bug: chromium:1218005
Change-Id: I4b92977c5d8b70ca5023e30a966508965ea9f0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706618
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81175}
This is a reland of commit dac6155649
This is a straight-up reland with no changes, because:
1) The failure doesn't reproduce locally
2) The failing flaky test that triggered the revert is not related
to the code modified by this CL and should (in theory) not be
impacted.
Original change's description:
> [inspector] Allow Debugger.setScriptSource to edit top-most function
>
> This CL adds a new boolean flag on the Debugger.setScriptSource CDP
> method that gets piped all the way through to the live-edit mechanism.
> The new flag enables live-editing of the top-most function while
> paused.
>
> The CL adds a couple of tests that cover the new core use cases for
> this flag.
>
> R=jarin@chromium.org
>
> Bug: chromium:1334484
> Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81127}
Bug: chromium:1334484
Change-Id: I9a9bf7e03d81c86adb4819b9756dd9afcf6fa021
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706398
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81171}
This class is just dead code.
Bug: v8:12926
Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81169}
CreateJob() is similar to PostJob() but doesn't schedule anything
until Join() or Notify*() is called.
This allows
- CreateJob().Join() without too many worker.
- Early 'empty' CreateJob() for initialization
without causing spurious calls to GetMaxConcurrency()
Bug: chromium:1287665
Change-Id: I8fd8b139392ad30218f0cf8f580b2d76f1078777
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3668842
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81166}
This fixes an ODR violation: the macro V8_TARGET_ARCH_ARM64 was only
visible when building V8, but not outside it. The CL implements a quick
fix that relies on compiler-based macros (__aarch64__). The proper fix
would be to make these target macros be part of the public config.
Bug: chromium:1336222
Change-Id: I46ba6c1a3cd1ac4fcd3aced60ee112e6098eba6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705540
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81162}
"Function:" and "LazyCompile:" are confusing by now and use up too
much space.# Enter a description of the change.
This also changes the function names visible when using linux-perf
Change-Id: Ib2d4b7df39068c27b5b06db578fc550d2973ebb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693705
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81161}
Asynchronous WebAssembly compilation returns the compilation result
through resolving a result promise. So far the result promise was
resolved through V8-internal APIs. This caused problems, because
resolving promises requires correct handling of microtasks, and
microtasks are controlled by the embedder, and not by V8.
This CL adds an API to allow the embedder to resolve the result
promise itself, and handle microtasks as necessary.
The use of the new API is available in a full CL, without API dance:
https://chromium-review.googlesource.com/c/v8/v8/+/3694975R=cbruni@chromium.org
Bug: v8:12953
Change-Id: Ie9a56041f2d3e0c46664f1938e995f1e2c22f981
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695584
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81141}
This reverts commit dac6155649.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20no-concurrent-marking/9288/overview
Original change's description:
> [inspector] Allow Debugger.setScriptSource to edit top-most function
>
> This CL adds a new boolean flag on the Debugger.setScriptSource CDP
> method that gets piped all the way through to the live-edit mechanism.
> The new flag enables live-editing of the top-most function while
> paused.
>
> The CL adds a couple of tests that cover the new core use cases for
> this flag.
>
> R=jarin@chromium.org
>
> Bug: chromium:1334484
> Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81127}
Bug: chromium:1334484
Change-Id: I165269d6c1b001b516f10ae3716ffb57b675ab39
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3705378
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Owners-Override: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81130}
This CL adds a new boolean flag on the Debugger.setScriptSource CDP
method that gets piped all the way through to the live-edit mechanism.
The new flag enables live-editing of the top-most function while
paused.
The CL adds a couple of tests that cover the new core use cases for
this flag.
R=jarin@chromium.org
Bug: chromium:1334484
Change-Id: I12fec591b2b6550d89748714620e629548e1b9c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695354
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81127}
The CL aims to improve write-barrier filtering and thereby reduce the
current regressions. With 8MB AgeTable the card size becomes 512 bytes.
The memory overhead of the 8MB AgeTable is 0.2%.
Bug: chromium:1029379
Change-Id: I86f51361b9b9f0a1c22a1deef0b0540d1d9808bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700079
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81114}
We don't need to reset the entire age table, but merely the pages that
are known to contain young objects. This must improve memory use with
generational GC enabled.
The CL is a prerequisite for another CL that'll increase the size of
the age-table.
Bug: chromium:1029379
Change-Id: Ibb5b607af20380c3936b7396b3d9767f6f17c44b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695268
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81106}
Currently, young generation assumes that all the on-heap pointers are
compressed, which is currently not the case due to the backing-store
pointers in Blink. Fixing collections to have Member<> is not easy,
because the inlined collections may have the semantics that
backing_pointer_ == inlined_buffer_;
where the inlined_buffer_ can be off-heap (e.g. on stack).
The CL introduces another type of barrier specifically for uncompressed
pointers. The followup is to use that barrier from Blink.
Bug: chromium:1029379
Change-Id: If0f519220658268dbdf915235c2e5afd7887dc0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695358
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81105}
Already after enabling Liftoff, the name did not match the semantics any
more. The callback was called after top-tier finished, not after initial
compilation of the module finished.
With dynamic tiering, the name is even less fitting.
This CL renames the "OnModuleCompiled" callback in the API to
"MoreFunctionsCanBeSerialized", which makes it more obvious what the
API should be used for. It also internally renames all related typedefs
and methods accordingly.
One call of the callback in the streaming decoder was already wrong
before this CL and is being removed.
R=jkummerow@chromium.org, cbruni@chromium.org
Bug: v8:12899
Change-Id: I95c0fc9e32442383e47e4370e31277cc065bf0fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687689
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81093}
Deprecate the LegacyOOMErrorCallback in the 10.5 branch. Embedders are
expected to switch to OOMErrorCallback.
The deprecated LegacyOOMErrorCallback will then be removed in the 10.6
branch.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I83001bec760848ef39f0638ed5c5c9eaa7cdb6eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3646014
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81092}
Adds Module::GetStalledTopLevelAwaitMessage() API which searches for
modules that have no pending async dependencies but have not yet
resolved. An embedder may call this API when they are about to exit
to check if TLA evaluation has stalled and provide a better error
message.
Change-Id: I3b88802f70cc84c973551f13d73ef3e3d06f4027
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2341765
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81080}
Compaction currently considers only backing store pointers as slots and
those are uncompressed. The CL fixes the tests to use raw pointers
instead of Members.
Bug: chromium:1325007
Change-Id: I2ddfffeeab396552bb7cf31b2bd8502ebc2921fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695590
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81056}
Drive-by-fix: Reduce one branch in the type compairison since
JS_OBJECT_TYPE and JS_FIRST_API_INSTANCE_TYPE are adjacent.
Bug: v8:11476
Change-Id: I621ef2df4da2858cb1652276f800ccedba4e3015
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695562
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81051}
Add __attribute__((const)) so that the compiler may assume that the
variable doesn't change across calls (basically treat the variable as
const).
Bug: chromium:1325007
Change-Id: I1ecd9a6b7b142cbb9da20a44f568465e1ca45fe7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688400
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81043}
This is done by making sure that LSB of the cage-base is 1. This way we
know that on compression normal pointers after the shift will have the
MSB set to 1.
Bug: chromium:1325007
Change-Id: I8699aaa464f1a8c18d2092f5eb474266fb409fcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688399
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81039}
Now that the cage is shared, we can remove the thread-local base and
instead use a simple global.
Bug: chromium:1325007
Change-Id: I05019de83868f823c66003740e277578f2a1d439
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688051
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81037}
This CL introduces a new `status` enum returned by setScriptSource.
We'll use the information in the DevTools frontend to show more
meaningful error messages as well as disambiguate compilation errors
from failed live edits.
Drive-by: Deprecate the sync and async stack traces in the result.
Currently `setScriptSource` is guaranteed to stay paused so there
is no need to send along the same information from the
preceeding `Debugger.paused` event.
In the future we will restart the top-most frame once we allow
the top-most frame to be edited. In that case the inspector
fires Debugger.resumed + Debugger.paused events following the
live edit also making the info returned here superfluous.
R=jarin@chromium.org
Bug: chromium:1334484
Change-Id: I4226491caed72013a00927273c523213d797a766
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691850
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81031}
The CL does the following:
1) Globalizes CagedHeap for all HeapBases;
2) Adds the global variable representing the cage base;
3) Changes all write-barriers to use this global variable for value/slot
checks;
4) Removes no longer needed functionality introduced in previous CLs.
Bug: v8:12231
Change-Id: I281a7b0bf67e349c988486fc2d43ec6d703fd292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688050
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81027}
This wraps CagedHeap in #if defined(CPPGC_CAGED_HEAP)
Bug: v8:12231
Change-Id: I8407abdd88c6a96b6c79c08e7039b5eb6f8175f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695384
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81010}
The CL is a prerequisite for the shared cage. Instead of storing
state variables (is_incremental_marking_in_progress,
is_young_generation_enabled) in the cage metadata, the CL moves them to
HeapHandle. The HeapHandle pointer is now retrieved from page-headers.
To make sure that the write-barrier code is better optimized, the
HeapHandle definition is moved to internal/ headers. The part of
BasePage that contains HeapBase (i.e. HeapHandle) pointer is also
extracted and moved to the headers.
Bug: v8:12231
Change-Id: I44bf65d99a621d9548e4250386cf87476ca186ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689730
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81005}
Anyone using CopyablePersistentTraits should be using v8::Global, so
deprecate it and fix the uses in V8.
Bug: v8:12915
Change-Id: I25e6f2a03e070db9e9af9bbd9ea8cbc0f838c5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669254
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81001}
https://crrev.com/c/3471854 already disabled the RecordWrite builtin
specifically for incremental marking. Since this didn't regress performance as expected, we can now remove those versions of the
builtin.
This will simplify the barrier implementation a bit, but is also
required for the shared heap write barrier. Unlike the generational barrier, the shared heap barrier can't be elided for map values.
Bug: v8:11708
Change-Id: I44bc6ee79006a5be8c1b593dee7fc30c3b9cfa85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683341
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80966}
The CL splits the Oilpan giga-cage in two 2GB reservations: one for
normal pages and the other for large ones. The split enables fast
page-header lookup (assuming most objects reside on normal pages), which
is needed for:
1) the young generation project, where the remembered set will move to
pages;
2) the shared-cage project, to find HeapBase* from page-headers.
Bug: v8:12231, chromium:1029379
Change-Id: I4ae9e8a75a307ed0dff9a2ec4f1247b80e17ebd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688519
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80950}
This is a reland of commit ea9a1f1cbe
Changes since revert:
- Make the state field uintptr-aligned since arm64 faults on
atomic accesses to non-naturally aligned addresses.
Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}
Bug: v8:12547
Change-Id: I776cbf6ea860dcc6cb0ac51694a9b584b53d255c
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673354
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80875}
Remove code size and compilation time sampling for the "top tier
finished" event. With dynamic tiering, this event will never be reached.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I1b0d053e31fe8cd1f8ba3b23bfff4c5879569b45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647691
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80867}
The macro list makes it difficult to impossible to deprecate individual
methods (like the one receiving a {WasmModuleTieredUp} struct).
Hence avoid the macro list and instead call the macro explicitly for
each definition.
R=cbruni@chromium.org
Bug: v8:12899
Change-Id: I4139de7721c4a1450920c5be312e91e7478e6fa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667076
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80865}
This CL adds a moving GC-safe, JS-exposed mutex behind the
--harmony-struct flag. It uses a ParkingLot-inspired algorithm and
each mutex manages its own waiter queue.
For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
Bug: v8:12547
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80789}
When a callback does not intercept the request
1) it should not call info.GetReturnValue().Set(),
2) it must not produce side effects.
Bug: v8:12873, chromium:1310062
Change-Id: If02994f24f1a68eb96c1af7cdd6dd7109f0617c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652786
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80742}
The majority of 64-bit Android devices appear to be using a 40-bit
address space, i.e. 512GB for userspace. Allocating a 256GB sandbox
(plus 2x 32GB guard regions) may take too much of the address space and
cause the creation of other address space reservations (e.g. the cppgc
caged heap), which are created per worker, to fail later on.
In general, we should try to limit the sandbox size to less than 1/4 of
the address space, so this CL shinks the sandbox on Android to 128GB.
Bug: chromium:1327131
Change-Id: Ib48b45506ad6a7a5e15b95115c7642bf62a68fa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652783
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80636}
Dynamic tiering is now enabled by default, and the origin trial is
expired, so the callback can be removed.
The callback was already never called, because the flag value is always
checked first.
R=ahaas@chromium.org, mlippautz@chromium.org
Bug: v8:12281
Change-Id: I58eaa210c86024128328a13ba07bb8fc1b437841
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644951
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80633}
There is a DCHECK in the gin platform that {ShouldYield} is not called
again after it already returned {true}.
This CL adds a similar DCHECK to the default platform to catch bugs
earlier (in d8).
R=ahaas@chromium.org, mlippautz@chromium.org
Bug: chromium:1277962
Change-Id: I4dc9d880cf6d36e3e497c5324aaf44889fe7fcee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644801
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80611}
1) In copy/move ctors and operator=() we can just copy raw compressed
value;
2) For null check we don't need to decompress the value;
3) Same for operator==().
4) Hashing can also be optimized in a followup.
Bug: chromium:1325007
Change-Id: Ic1bf2c5049802c078b3e0121dcbe62d9ecea83b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647359
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80571}
This adds a new struct "OOMDetails" which is passed to the
OOMErrorCallback. It currently holds the "is_heap_oom" bool that was
also passed before, plus an optional "detail" string.
The struct can later be extended without having to change the signature
of the OOMErrorCallback. Removing fields will have to follow the
standard deprecation rules, but this is also easily possible without the
hassle for this initial change.
We modify the deprecated OOMErrorCallback definition and un-deprecate it,
which can be seen as removing a deprecated API and adding a new one in
one CL.
R=mlippautz@chromium.org, jkummerow@chromium.org
Bug: chromium:1323177
Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80565}
This CL removes some deprecated sandbox APIs and introduces new ones, in
particular IsSandboxInitialized and GetSandboxReservationSizeInBytes. In
additon, this CL also adds comments to the various public methods of the
Sandbox class.
Bug: v8:10391
Change-Id: If5c3081a0b9f7f192966150a0d2716099357363a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647362
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80544}
This is a reland of commit 8278cb5015
The reland adds the RestartFrameTrampoline to the list of
builtins that the deoptimizer is allowed to return from for
control flow integrity.
Original change's description:
> [inspector] Re-enable Debugger#restartFrame
>
> Doc: https://bit.ly/revive-restart-frame
>
> This CL "undeprecates" Debugger#restartFrame and adds a new optional
> "mode" parameter for back-wards compatibility. Moreover, the return
> values are all deprecated. They were never actually used in the
> DevTools frontend and the same information is available from the
> Debugger#paused event that fires once execution stops at the
> beginning of the restarted function.
>
> The CL also re-baselines all the restart-frame inspector tests that
> now run successfully.
>
> R=bmeurer@chromium.org, kimanh@chromium.org
>
> Bug: chromium:1303521
> Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80491}
Bug: chromium:1303521
Change-Id: I13e2f8b5011795a38e541310622b8333a3d08049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644624
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80534}
This is more consistent with similar features, for example
V8_ENABLE_WEBASSEMBLY or V8_ENABLE_MAGLEV.
Drive-by: remove V8_SANDBOX_IS_AVAILABLE as it's no longer needed.
Bug: v8:10391
Change-Id: I8658c5b0c331a4c73892737083b2c2f9b8f84056
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647355
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80530}
With this CL, the decompression simply becomes:
movsxd rax, edi
add rax, rax
and rax, qword ptr fs:[base@TPOFF]
Bug: chromium:1325007
Change-Id: I931e4e667a9b9697671bccf14575420f8cb705e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629871
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80521}
With caged heap enabled, we can halve Member<> by storing only the least
significant half. The base of the heap is stored in a thread local
variable. The feature has therefore an implication that only single heap
is allowed per thread.
The feature is gated by the new GN arg:
cppgc_enable_pointer_compression.
Bug: chromium:1325007
Change-Id: Ic7f1ecb7b9ded57caad63d95bbc8e8ad6ad65031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739979
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80518}
This reverts commit 8278cb5015.
Reason for revert: breaking https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/10778/overview
Original change's description:
> [inspector] Re-enable Debugger#restartFrame
>
> Doc: https://bit.ly/revive-restart-frame
>
> This CL "undeprecates" Debugger#restartFrame and adds a new optional
> "mode" parameter for back-wards compatibility. Moreover, the return
> values are all deprecated. They were never actually used in the
> DevTools frontend and the same information is available from the
> Debugger#paused event that fires once execution stops at the
> beginning of the restarted function.
>
> The CL also re-baselines all the restart-frame inspector tests that
> now run successfully.
>
> R=bmeurer@chromium.org, kimanh@chromium.org
>
> Bug: chromium:1303521
> Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80491}
Bug: chromium:1303521
Change-Id: Ibc33328c31a4b6ea736d07ce5e5ee109039eec8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645767
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80495}
Doc: https://bit.ly/revive-restart-frame
This CL "undeprecates" Debugger#restartFrame and adds a new optional
"mode" parameter for back-wards compatibility. Moreover, the return
values are all deprecated. They were never actually used in the
DevTools frontend and the same information is available from the
Debugger#paused event that fires once execution stops at the
beginning of the restarted function.
The CL also re-baselines all the restart-frame inspector tests that
now run successfully.
R=bmeurer@chromium.org, kimanh@chromium.org
Bug: chromium:1303521
Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80491}
Deprecate the existing parameter to treat global objects as roots as
this is implied by exposing internals.
Bug: chromium:1321620
Change-Id: I73a8124d63f87599dee7080980844c418eb3b5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637797
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80456}
Deprecate the OOMErrorCallback such that we can add a new parameter for
OOM details.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I72c931ad0d1b75cda46e8815387098acbe091c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632106
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80453}
This adds a typedef for LegacyOOMErrorCallback, which is identical to
OOMErrorCallback. Embedders will need to switch to
LegacyOOMErrorCallback so that we can change the definition of
OOMErrorCallback (see https://crbug.com/1323177).
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I92312a577ca49e0174f2bb6b914cc11c3a0b0fc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632305
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80424}
Allocation granularity (8 bytes on 64bit platforms) is already subsumed
by whatever range size we choose.
Bug: chromium:1029379
Change-Id: Iab95e6f36955c9ffbbe9ea0c98cb9d1f8dd0337b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629869
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80415}
- Repurpose flag `treat_global_objects_as_roots` when taking a heap
snapshot for toggling whether internals should be exposed (to
`hide_internals`).
- Use the toggle in creating heap snapshots for exposing class names
as object names for C++ objects that have not explicitly been given a
name.
Change-Id: I77d71babfdfe53269964fe81ed985037a431c28b
Bug: chromium:1321620
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623740
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80391}
Before this CL, the heap object name of unnamed objects(those not
inheriting from NameProvider) would be solely determined by whether the
build-time configuration cppgc_enable_object_names is enabled.
This patch adds a way to override that value at runtime. This is
useful for preserving default behavior with custom builds but at the
same time allow them to still enable the feature.
Bug: chromium:1321620
Change-Id: I3aa06db15e58d9ba9773be6797572f17f007e9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620279
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80338}
This CL changes MaybeLocal::ToLocal documentation to assign |out|
with nullptr when the MaybeLocal is empty to be consistent with
the behavior.
Bug: v8:12845
Change-Id: I8145d6604c51b79f137b686b3e9b4f328534e0a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616432
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80329}
Due to the consistent overhead of snapshot checksum verification
we ideally want to avoid it all-together. However there are still enough
devices out there that suffer from corrupted snapshots that might
cause hard to debug heap corruptions.
This CL exposes the calculated (dummy value for now) and the expected
snapshot checksum as a crash key, so it can be easily consulted during
investigation.
Note: The calculated crash key contains 0x0 for now as a dummy value. We
will come up with a strategy later-on to limit the overhead of
calculating the checksum.
Bug: v8:12195
Change-Id: I6da6d74c035cb6f9b0edae212a36e6c41c048a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605813
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80325}
This change adds support for computing SHA-256 hashes in the stack
output of errors by adding a function to the prototype of the
`CallSite` object, passed to `Error.prepareStackTrace`. Additionally,
it updates the `hash` property from `Debugger.scriptParsed` and
`Debugger.scriptFailedToParse` to be SHA-256 instead of the
proprietary hash it is today.
It is intended to be an advancement in indexing source maps to
support improved tooling, especially for post-hoc or in-production
diagnostics scenarios.
The explainer can be found here:
https://docs.google.com/document/d/13hNeeLC2Ve_FVieNndZUUUP15x2O4ltvjnGWwOsMlrU/edit?usp=sharing
Change-Id: Ifbbed4b22c8256e74e6d79974d2dd1e444143eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229957
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Robert Paveza <Rob.Paveza@microsoft.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80320}
The CL prepares the sources and the tests for enabling
cppgc_enable_young_generation by default. The static initializer
in YoungGenerationEnabler (due to v8::base::Mutex) changed to be lazy.
The tests are now checking the runtime flag.
Bug: chromium:1029379
Change-Id: I1497a3dd2b8d62c1acd48496821f07324b7944d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616726
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80304}
The CL introduces a new option --cppgc-young-generation. This option
can't be enabled statically, because V8 options are parsed after heap
initialization. The CL changes minor GC so that it can be enabled
dynamically. The way it works is as follows:
- the user calls YoungGenerationEnabler::Enable();
- a heap checks in the next atomic pause whether the flag was enabled;
- if so, the heap enables young generation for itself.
To avoid barrier regressions without young-generation enabled, the CL changes the meaning of the global flag is-any-incremental-or-concurrent-marking to is-barrier-enabled.
The runtime option would enable us to test young generation on try-
and performance-bots.
Bug: chromium:1029379
Change-Id: I664cccdcd208225ffcbf9901f1284b56d088c5c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607993
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80274}
* Prefix all isolate variables with i_ for i::Isolate and
v8_ for v8::Isolate
* Change _DO_NOT_USE macro suffix to _INTERNAL
Change-Id: I005efbe0192cf202741448c63a4263e6a4b1fa1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80252}
It is expected that changing page permissions can fail due to the system
running out of memory. However, any other failure is unexpected and
likely indicates a bug in the caller, such as changing the permissions
of an invalid memory region. To allow distinguishing between these
unexpected failures and expected OOM failures, this CL adds CHECKs into
the low-level memory management routines to abort when an unexpected
failure occurs.
Similar logic could later be added to other low-level memory management
routines that can legitimately fail due to OOM as well.
Bug: chromium:1320126
Change-Id: I3de6f4b2aed8962c91770b81382df34384584501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610445
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80245}
If the following conditions hold:
1) value is kSentinel,
2) slot is on stack,
3) stack is allocated below 4GB,
then the generational barrier would be erroneously triggered for the
stack object object. This CL fixes it. At the same time, it aims to
simplify the code and potentially optimizes it (by having 'and' instead
of 'sub').
Bug: chromium:1029379
Change-Id: Iafd91d50b0a1c3d97647f7bf3643dfcc7e9fb48f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608629
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80202}
It's necessary to support fast W^X permission switching on MacOS on
ARM64 ("Apple M1"/Apple Silicon) where permission modification of RWX
pages to anything else is prohibited.
On all the other architectures/platforms RecommitPages() is equivalent
to SetPermissions().
The new API will be used in a follow-up CLs.
Bug: v8:12797
Change-Id: Id0d8b8c42c81b80cd8fa6b47c227680d7d1f9b10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606231
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80190}
When setting a range for a newly allocated lab, consider adjacent cards.
If either is young, don't mark it as kMixed.
Bug: chromium:1029379
Change-Id: If7d1d920dd5769679de68800eae61f3a8dc1eb17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584116
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80175}
One of the biggest categories in heap snapshots is named “(system)”,
which gives developers no indication of why all that memory is used or
what they might do to reduce it. In this change, I propose that we
create a new category for Maps, DescriptorArrays, and related objects,
and call this new category “(object shape)” in the devtools. I think
that this category name would be more meaningful, while still grouping
those objects together so that they mostly stay out of the way.
Bug: v8:12769
Doc: https://docs.google.com/document/d/1a-6V_2LIJuRcsppwh6E18g8OSnC9j6gN4ao2gq--BiU
Change-Id: I282a7b87c34ca6ed371ff32f3c7332d794ae42ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3587974
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80123}
Remove PENDING state as handles were always immediately transitioned
into FREE or NEAR_DEATH state.
Bug: v8:12672
Change-Id: I9a9d40b573e862282d41d7a4a3f9c8c8ed21b9e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599473
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80119}
When moving forward and optimizing internals, these APIs cannot be
trusted anymore as their semantics are tangled to the current
implementation.
Bug: v8:12819
Change-Id: I0e3370724307a420ee42fed8070b55542be9400d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599475
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80082}
Removes support for specifying weak handles with finalizers that allow
for object resurrection.
This CL removes the public facing APIs. Internal support will be
removed in a follow up.
Bug: v8:12672
Change-Id: Ia6ea269093aaa128caadb7508aca2e5a1254923c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596174
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80070}
Doc: https://bit.ly/revive-restart-frame
Context: https://crrev.com/c/3582395 (whole feature)
This CL adds a new optional flag `canBeRestarted` to every call frame
in Debugger.paused events. As the name suggests, the flag indicates
whether we can restart a particular frame through Debugger.restartFrame
once implemented.
We are not able to safely restart all frames:
* We don't support WASM frames
* We don't support frames where resumable functions (async fns,
generators) and embedder C++ frames are between the top-most
frame and the to-be-restarted frame.
Note that from a CDP perspective the flag doesn't actually guarantee
a successful restart. CDP clients can issue
CDP commands between the Debugger.paused event and before a user
decides to restart a frame, which can potentially mess
with the stack.
The `canBeRestarted` flag tests are folded into the
Debugger.restartFrame tests. As the feature is not yet fully
implemented we short-circuit most of the tests for now and only
run them up until the first Debugger.restartFrame call fails
(except "fails-for-resumables.js").
This means the tests exercise the `canBeRestarted` flag, but not
the restarting functionality itself.
R=bmeurer@chromium.org, kimanh@chromium.org
Bug: chromium:1303521
Change-Id: I01ab46dc3557ab8383960969fbe03e00604cc5e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596160
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80046}
This reduces card granularity from 4096 to 512 bytes with the goal to
improve write barrier filtering.
Bug: chromium:1029379
Change-Id: I22e2a9c61ef4c36c3db65404370213d0a8048e08
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3582393
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79960}
1. Added `generateWebDriverValue` flag to `Runtime.evaluate` and `Runtime.callFunctionOn`.
2. Added `webDriverValue` field to `RemoteObject`, and set it in case of the `generateWebDriverValue` flag was set.
3. Added virtual method `bidiSerialize` to allow embedder-implemented serialization (like in https://crrev.com/c/3472491).
4. Implemented V8 serialization in a separate class `V8WebDriverSerializer`.
5. Hardcode `max_depth=1`.
6. Added tests.
Not implemented yet:
1. `objectId`.
2. Test of embedder-implemented serialization.
Tested automatically by:
```
python3 tools/run-tests.py --outdir out/foo inspector/runtime/add-web-driver-value
```
Naming to be discussed. Suggestions are very welcome.
Design doc: http://go/bidi-serialization
Change-Id: Ib35ed8ff58e40b3304423cc2139050136d844e2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472077
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Maksim Sadym <sadym@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79922}
This CL adds support for interacting with CpuProfile with their integer
id.
A String ID is problematic because it forces an allocation when stopping
or cancelling a Profiler which can happen during a GC when this
is not allowed.
Change-Id: I9a8e754bd67214be0bbc5ca051bcadf52bf71a68
Bug: chromium:1297283
Co-Authored-By: Nicolas Dubus <nicodubus@fb.com>
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522896
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Commit-Queue: Corentin Pescheloche <cpescheloche@fb.com>
Cr-Commit-Position: refs/heads/main@{#79835}
Embedders can currently specify a callback for OOM errors during
Isolate initialization. However, there are cases where an OOM error can
be thrown in a context where we don't have access to an Isolate, for
example on a task posted to a worker thread. This CL introduces an
initialization API to allow the embedder to specify a process-wide OOM
callback.
Bug: chromium:614440
Change-Id: I326753d80767679f677e85104d9edeef92e19086
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3561916
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79832}
Change the unittest runner to no longer uncondtionally set up a default
platform in the "environment", but to instead make platform set-up part
of the "mixin" framework for test fixtures.
Requires modifying some tests that expect the platform to be available,
and all flag implications resolved, before the mixin constructors run.
We still keep the environment for setting up the process for cppgc. This
process setup can only be done once per process, so it can no longer use
the platform -- that's ok though, the page allocator used by cppgc's
process initialisation doesn't have to be the same as the platform's so
we can just pass in a separate new one.
Change-Id: Ic8ccf39722e8212962c5bba87350c4b304388a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571886
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79820}
Change from V8_DEPRECATE_SOON to V8_DEPRECATED. It turned out that we
don't have to make changes in chrome code, so we can go to deprecated
right away.
Bug: chromium:1310790
Change-Id: I1bd529536d3a0098f11f13b3e44fe3dbc80eed04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3571897
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#79811}
The CL makes sure to extract and copy Oilpan young GC metrics to
v8::metrics::GarbageCollectionYoungCycle. In addition, it makes sure
that metrics are not reported twice by bailing out from
GCTracer::NotifyCppGCCompleted() for young GC cycles (the metrics are
reported later in Heap::CollectGarbage() by calling
GCTracer::StopCycle()).
Bug: chromium:1029379
Change-Id: I07bf51e85a76a7cdbeeb8d87c9072edf2634158b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545168
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79766}
.. since they are the same as eager deopts (% an unused counter).
Fixed: v8:12765
Change-Id: I2be6210e476ead4ac6629a49259f28321e965867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3565717
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79729}
Deprecate signature checks in
* Template::SetNativeDataProperty
* ObjectTemplate::SetAccessor
These are not used in Chrome and require some complicated check in the IC code, which we want to remove.
Change-Id: I413fafc8658e922fd590e7fe200600a624f019a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557253
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Stephen Röttger <sroettger@google.com>
Cr-Commit-Position: refs/heads/main@{#79689}
This introduces a `V8InspectorClient::dispatchError()` callback that
embedders can use to dispatch errors from scripts injected by DevTools
(via debug evaluate). The idea here being that while these errors are
technically caught by the inspector logic, the DevTools UX presents them
just like other uncaught errors, with the exception that they don't
trigger error handlers installed by the page. The latter can be quite
confusing to developers, and surprising when for example testing these
error handlers from DevTools. So this adds the foundations on the V8
side to enable triggering error handlers for these technically caught,
but morally uncaught, exceptions.
On the Chromium side https://crrev.com/c/3560458 will implement and
use the hook. And that CL also adds a web tests to check the behavior.
Bug: chromium:1295750
Change-Id: I945c8a9e9b4ec5705fc7f1891dcda185b04c8310
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557234
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79673}
Report fine-grain incremental mark/sweep statistics to the Recorder API.
These will be used by Blink to populate UMA histograms such as
V8.GC.Event.MainThread.Full.Incremental.(Mark|Sweep).
Bug: chromium:1154636
Change-Id: I1cbdcb2ffa49bd01d04a2e1d43921cebf956ac84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3545070
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79596}
Remove deprecated TracedGlobal<>, greatly simplifying handling of
traced references in general.
Also saves a word per v8::TracedReference as there's no need to keep a
possible callback around.
Bug: v8:12603
Change-Id: Ice35d7906775b912d02e97a27a722b3e1cec28d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532251
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79589}
This CL removes:
- Dynamic map checks aka minimorphic property loads (TF support,
builtins).
- "Bailout" deopts (= drop to the interpreter once, but don't
throw out optimized code).
- "EagerWithResume" deopts (= part of dynamic map check
functionality, we call a builtin for the deopt check and deopt
or resume based on the result).
Fixed: v8:12552
Change-Id: I492cf1667e0f54586690b2f72a65ea804224b840
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401585
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79544}
This reverts commit cf25b3bc53.
Reason for revert: https://crbug.com/1307471. TraceTrait must only be used during marking.
Original change's description:
> cppgc: Rework prefinalizers
>
> Move the check for whether an object is live or dead out of the
> prefinalizer trampoline. Moving it into the backend allows for
> inlining the check which avoids a call to the trampoline for live
> objects.
>
> On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
> ~2k finalizers registered. In order to avoid memory overhead in the
> range of a few KB, we store the fact whether the object points to the
> base object payload in the LSB of the pointer. For caged builds this
> is replaced with just storing the index into the cage for both object
> and base object payload.
>
> Locally saves around ~10% of atomic sweeping processing time which is
> in the order of .05ms.
>
> Bug: v8:12698
> Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79442}
Bug: v8:12698, chromium:1307471
Change-Id: I5c4e70d46cb99af66c77f0c013625b6af6c6eb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535781
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79527}
In text, we should use the properly capitalized "Wasm" instead of
"WASM". In particular for frame output, other frames typically use
CamelCase (like "JsToWasmFrame", "ExitFrame", "InternalFrame"), so Wasm
should do the same.
The "0xa" comment in some assemblers is also outdated, the current tag
we emit for StackFrame::WASM is 0x8 (0x4 shifted by one).
R=jkummerow@chromium.org
Bug: v8:12425
Change-Id: Ic3e00c401b219c28b5424c82efb0f1a9df51690f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3525195
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79498}
This method now handles external pointers in HeapObjects during
serialization by encoding the representation of the external pointer
(sandboxed, raw), the origin (internal, api) and potentially the
external pointer tag. It is currently only used to handle
JSExternalObjects but could, in the future, be extended to handle all
external pointers that need special handling during
serialization/deserialization.
Bug: v8:12700
Change-Id: Ib0747d765ddc632e4ca4ee94521616d0271be0bc
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521904
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79496}
Instead of implementing ExternalObjects as plain JSObjects with a single
EmbedderDataSlot pointing to a Foreign containing the actual raw
pointer, this CL now creates a new JSExternalObject type that directly
contains the external pointer.
As a side-effect of this refactoring, nullptr values are now no longer
valid for ExternalObjects.
Change-Id: Ic8ff334681c966e823ca70f34dd1efaaa21a0789
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513234
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79459}
Move the check for whether an object is live or dead out of the
prefinalizer trampoline. Moving it into the backend allows for
inlining the check which avoids a call to the trampoline for live
objects.
On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
~2k finalizers registered. In order to avoid memory overhead in the
range of a few KB, we store the fact whether the object points to the
base object payload in the LSB of the pointer. For caged builds this
is replaced with just storing the index into the cage for both object
and base object payload.
Locally saves around ~10% of atomic sweeping processing time which is
in the order of .05ms.
Bug: v8:12698
Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79442}
The only user of OverrideEmbedderStackStateScope is Blink where it is
used to override stack state of top-level tasks. Adjust the behavior
here to allow using this scope broadly while still supporting explicit
garbage collection calls.
Bug: chromium:1300492
Change-Id: I78c418c5f08991bf6857147cd4a537246bfcc556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497744
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79420}
Report full GC statistics to the Recorder API. These will be used by
Blink to populate UMA histograms. Existing UMA reporting in V8 remains
as is for now and will be removed in a followup.
With this CL, most full GC statistics are reported as part of
V8.GC.Cycle.*.Full.*. Also V8.GCMarkCompactReason is migrated to
V8.GC.Cycle.Reason.Full.
This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3353448
Bug: chromium:1154636
Change-Id: I199be75e75144a59e5f56a6872268d0ecad3a885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3356195
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79408}
Resurrecting finalizers cause all sorts of problems, from performance
penalties when used to hard-to-debug memory leaks.
There's no more usage left in Blink as well as V8 internally, so
deprecate resurrecting finalizers.
Bug: v8:12672
Change-Id: I998373d6468bbd3bd581a41dec8904de80561f43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507991
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79394}
Instead of returning a boolean success/failure value, the Free* methods
of the VirtualAddressSpace API now terminate the process on failure, as
this implies a bug in the caller. This is simpler than CHECKing for
success in all callers and also provides more details about the possible
cause of the failure.
Bug: v8:12656
Change-Id: I5b469ae2c564068cff74e60b7e98f6a4776a239d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506992
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79388}
- Add a comment on the macro that registers a prefinalizer.
- Refactor the API to avoid exposing internal types needlessly.
Change-Id: Ia88e786304616848556263410a8f5398c5374533
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497766
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79334}
Before this CL Oilpan would schedule concurrent marking and sweeping
even in the presence of --single-threaded-gc. This e.g. flakily breaks
Blink tests that do not set up a thread-pool in certain configurations
where they pass --single-threaded (implying --single-threaded-gc).
Bug: chromium:1300492
Change-Id: I64f0c6a20f9c29d689a62e63cc5a8d024962ff2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497760
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79321}
Similar to other external pointers, the indices into the external
pointer table are stored shifted to the left to guarantee an upper
bound.
Bug: v8:10391
Change-Id: I079dc1568f49ae349c326a8e83fc32c93bdb35cf
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3455152
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79209}
CpuProfiler includes logic tracing that is only relevant in
the context of TracingCpuProfiler.
Adds a setting to disable tracing for SamplingCpuProfiler.
Change-Id: Idcac03dd3f368b5fcd48a532d5cfe60966a64003
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3433219
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79190}
Previously, V8_OS_MACOSX was, somewhat confusingly, also used for iOS.
With this CL, V8_OS_DARWIN will be set on both macOS and iOS,
V8_OS_MACOS only on macOS, and V8_OS_IOS only on iOS.
This CL also renames V8_TARGET_OS_MACOSX to V8_TARGET_OS_MACOS and
renames platform-xnu.cc to platform-darwin.cc.
Change-Id: I4bcafc7c337586662114144f6c7ccf47d978da1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468577
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79167}
Outside of unittests, if someone tried to delete a GCed object manually
they would get a silent crash without a stacktrace or any error
messages. This CL replaces the silent crash with an informative message.
Change-Id: Ied8895dab43ce7e3a9bf778b13e77d377d269fce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468346
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79141}
The new shared memory API should only be used on macOS, but
platform-macos.cc was also included on iOS, causing build failures. This
CL splits platform-macos.cc into platform-xnu.cc (common code for macOS
and iOS) and platform-macos.cc (the macOS specific parts)
Bug: chromium:1218005
Change-Id: Iab332865ffd8990ddd246bb9c08802909464d7e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468895
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79131}
This API allows allocating shared memory mappings inside a virtual
address space from a platform-specific handle to a shared memory object.
This will make it possible to allocate shared memory inside the sandbox,
for example as backing memory for ArrayBuffers.
Bug: chromium:1218005
Change-Id: I4f1f50baec50734e846496cff78046e4fffe75c5
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383777
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79123}
These should not be allowed inside the sandbox as they could be
corrupted by an attacker, thus posing a security risk. Furthermore,
executable pages require MAP_JIT on macOS, which causes fork() to become
excessively slow, in turn causing tests to time out.
Due to this, the sandbox now requires the external code space.
In addition, this CL adds a max_page_permissions member to the
VirtualAddressSpace API to make it possible to verify the maximum
permissions of a subspace.
Bug: v8:10391
Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79119}
The generational barrier for source objects records the entire source
object to be processed later during remembered set visitation. It's
planned to be used for Blink backing stores when an inlined object (or a
range thereof) is added (HeapAllocator::NotifyNewObject(s)).
An alternative approach would be to eagerly process the inlined objects
using a custom callback. However, this requires changing Visitors to
bring slots into the context. This approach should better work for
scenarios where small ranges or single elements are added, to avoid
processing potentially large backing stores. The followup CL implements
this idea.
Bug: chromium:1029379
Change-Id: Iacb59e4b10a66354526ed293d7f43f14d8761a8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460402
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79073}
This will enable proper reporting of OOM errors during snapshot
deserialization, for example https://crbug.com/614440#c27.
Bug: chromium:614440
Change-Id: I226fb763d2630d0b21f7552070ed1a4cc222f69b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445203
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Kevin Babbitt <kbabbitt@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79055}
This will allow users to create invalid V8DebuggerIds, e.g. to handle
error cases.
Bug: v8:12528
Change-Id: I6efbea934d444b520fc43531b910f4f80c718630
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3445742
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79000}
This method returns the unique debugger ID for a v8::Context (i.e. the
V8DebuggerID), serialized to a pair of int64_ts.
Bug: v8:12528
Change-Id: Ib2cdda73447f8233f9afb773fed4a634d4618aef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3369124
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Turner <alexmt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78958}
Replacement is v8::TracedReference in combination with v8::Global if a
callback is really needed.
Bug: v8:12603
Change-Id: Iae48fee2e6588a594d430c5f3a71ff0b3e67e5b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439873
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78950}
This is needed to support minor gc tests on the Blink side.
Bug: chromium:1029379
Change-Id: Ic7ce1ae8e626b87738d76663ceecf7198e425d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437050
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78943}
The methods in explicit_management.h should be called via the public
variants in the subtle namespace. Calling the variants in the internal
namespace directly skips asserts and required size coversions. Doing so
may cause misuse of the api that may break GC inernals
Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78920}
The CL does following:
1) Makes sure young generation works and tests pass;
2) Provides CollectGarbageInYoungGenerationForTesting() that is needed
to support remaining tests in Blink;
3) Moved cppgc_enable_young_generation GN flag to v8.gni to refer to it
from Blink;
4) Bails out from marking TracedReferences in UnifiedHeapMarkingState;
5) Disables (temporarily) prompt freeing for young generation;
6) Fixes remembered set visitation for nullptr|kSentinel slots.
Bug: chromium:1029379
Change-Id: I5165fa22c8a0eaa708ef7a35a9978cb12e1cb13e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429202
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78901}
The ctors dispatch between atomic and non-atomic writes; there's no
need for a default initializer.
Bug: chromium:1292728
Change-Id: I2b4c3341ee2d2682ba0113c8366456147ebc717e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429201
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78884}
This guarantees that they are smaller than the maximum external pointer
table index when shifted to the right on load.
Bug: v8:10391
Change-Id: I601f37fbb9640ee4b5215958afcc474c5e0eb9af
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359631
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78873}
This is a reland of 5320fe8d58
Changes since revert:
- Remove stale DCHECK in deserializer
Original change's description:
> Reland "[string] Support shared strings in Value{Serializer,Deserializer}"
>
> This is a reland of 3cb4039cd1
>
> Changes since revert:
> - Fix FLAG_stress_scavenge interaction with shared Isolate
> - Use the shared Isolate's global handles to keep shared values
> alive in transit during a postMessage
>
> Original change's description:
> > [string] Support shared strings in Value{Serializer,Deserializer}
> >
> > When FLAG_shared_string_table is true, postMessaging strings will share
> > instead of copy.
> >
> > Note that not all operations on shared strings are supported, and shared
> > strings may be slower than non-shared strings for some operations.
Bug: v8:12007
Change-Id: I70782978ed05558615eca03bafc4c12eba3644ca
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3417189
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78791}
This is a reland of 3cb4039cd1
Changes since revert:
- Fix FLAG_stress_scavenge interaction with shared Isolate
- Use the shared Isolate's global handles to keep shared values
alive in transit during a postMessage
Original change's description:
> [string] Support shared strings in Value{Serializer,Deserializer}
>
> When FLAG_shared_string_table is true, postMessaging strings will share
> instead of copy.
>
> Note that not all operations on shared strings are supported, and shared
> strings may be slower than non-shared strings for some operations.
>
> Bug: v8:12007
> Change-Id: I3462128e15410d2568868143571571b3025722c1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78614}
Bug: v8:12007
Change-Id: I5d9b99b2dac6f26d5ef046d7aec94f1a1d219419
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3389533
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78761}
The hello world sample needs to initialize V8's default platform in case
it is not built as stand-alone example.
Bug: v8:12427
Change-Id: I78b68fbed2c2a25b0ff03675beb94dfc5b9b4135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3412088
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78756}
When sandboxed external pointers are enabled, external pointers now only
require 32 bits of storage space in a HeapObject. This CL does not shrink
the size of EmbedderDataSlots, which will happen in a follow-up CL.
Bug: v8:10391
Change-Id: I3cf8b68c3b985cf806a45183717f50462a88c281
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359629
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78754}
So far this flag was process-global, so if one isolate used v8::Locker
all isolates were forced to use v8::Locker. With the shared isolate
now being a thing that routinely gets migrated between different
threads, all users of the shared isolate would be forced to use
v8::Locker. So we now store that flag on the isolate such that using
v8::Locker for the shared isolate does not affect other isolates.
Deprecate v8::Locker::WasEverUsed() at the same time.
Bug: v8:11708
Change-Id: I60531f084cc1b1b113620c46f5bed20511f52c26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401595
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78712}
The external pointer table is now managed by the GC, which marks entries
that are alive during major GC, then sweeps the table afterwards to free
all dead entries and build a free list from them. For now, only major GCs
are supported, Scavenger GCs do not interact with the external pointer table.
In more detail, garbage collection of the external pointer table works
as follows:
1. The external pointer table now reserves a large region of virtual
address space for its backing buffer and is then never reallocated,
only grown in place until the maximum size is reached.
2. When the GC's marking visitor marks a HeapObject with an external
pointer as alive, it also marks the corresponding external pointer
table entry as alive. This can happen on a background thread.
3. For that, it uses the MSB of each entry in the table to indicate
whether the entry has been marked or not. This works because the MSB
is always cleared during the AND-based type check performed when
accessing an external pointer.
4. After marking, the external pointer table is swept while the mutator
is stopped. This builds an inline, singly-linked freelist of all
newly-dead and previously-free entries.
5. When allocating an entry from the table, the first entry on the
freelist is used. If the freelist is empty, the table grows,
populating the freelist with the new entries.
6. Every newly-allocated entry is marked as alive, and every store to an
existing entry also automatically marks that entry as alive (by also
setting the MSB). This simplifies the design of the table GC with
regards to concurrency (See ExternalPointerTable::Mark).
Bug: v8:10391
Change-Id: I8877fdf5576af3761bde65298951bb09e601bd14
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359625
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78708}
Also:
- Refactor the ValueSerializer tests using raw data, so that we test all
valid versions for each test (not only one hard-coded one)
- Mark some tests as backwards compatibility tests, to make it less
likely that somebody updates them not realizing they are backwards
compatibility tests.
Bug: v8:11111, v8:12532
Change-Id: I670849de07742c8d442249ef4f013781e4ee9255
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386802
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78681}
CDP has a "ExceptionDetails" structure that is attached to various
CDP commands, e.g. "Runtime#exceptionThrown" or "Runtime#evaluate".
The stack trace in the "ExceptionDetails" structure is used in
various places in DevTools. The information in the "ExceptionDetails"
structure is extracted from a v8::Message object. Message objects
are normally created at the exception throw site and may augment
the error with manually inspecting the stack (both to capture a fresh
stack trace in some cases, as well as to calculate location info).
The problem is that in some cases we want to get an "ExceptionDetails"
structure after the fact, e.g. when logging a JS "Error" object in
a catch block. To help in this case, this CL introduces a new
CDP method "Runtime#getExceptionDetails" that behaves exactly as
advertised: It provides a populated "ExceptionDetails" structure
from a JS Error object.
R=bmeurer@chromium.org
Doc: https://bit.ly/runtime-get-exception-details
Bug: chromium:1278650
Change-Id: I084be10c1d852d3b7cac8d88e7f820e867be4722
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3337258
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78676}
This CL introduces a dedicated API to retrieve the current (w.r.t. the
JS stack) script name or sourceURL. Currently, API clients will
collect multiple stack traces in increasing sizes to accomplish the
same goal. The new method walks the JS stack in the same way as the
stack trace collection mechanic but doesn't create/allocate stack info
or callsite objects along the way.
R=bmeurer@chromium.org, yangguo@chromium.org
Doc: https://bit.ly/v8-current-script-name
Bug: chromium:1286677
Change-Id: Id53e4f04bf17349d34f3d581bc712b1f4aa055db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3382818
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78645}
When FLAG_shared_string_table is true, postMessaging strings will share
instead of copy.
Note that not all operations on shared strings are supported, and shared
strings may be slower than non-shared strings for some operations.
Bug: v8:12007
Change-Id: I3462128e15410d2568868143571571b3025722c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3277250
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78614}
Use grep to check for obviously unneeded includes. e.g. headers that
include <vector> but does not contain "std::vector".
Change-Id: I43a9e9f01e072fd495918d28ca4cdad5cfa0294c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3354400
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78613}
The total wall time for GC reported to Blink is explicitly included in
UMA events. For the C++ managed heap, it is equal to the sum of the four
phases (mark, sweep, compact, weak). For the JS heap, it will be greater
than or equal to that sum in general.
Bug: chromium:1154636
Change-Id: Id710702b8e9d8db5c8d1eb4917deb6b760a77306
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3386596
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78611}
In the C++20 a following paper was implemented [1]. This
paper makes code below illformed. The high level idea is
that as soon as class gets non default constructor - all
default initializations are not added implicitly.
class A {
public:
A(const A&) = delete;
};
int main() {
A a{};
return 0;
}
So if V8 embedder is building its code with C++20 it can
not initialize v8::CppHeapCreateParams struct and as a
result can not create a CppHeap.
One of the possible mitigations (3.3) from the paper is
to add non copyable field into class. Luckily there
is std::vector<std::unique_ptr>> in this class already.
[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1008r1.pdf
Change-Id: I8a2dc35784d7646b5f73a5e178716e9bf2ffe601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3348007
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Alexey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78504}
New text is moved over from BlinkGCDesign.md
Bug: chromium:1283934
Change-Id: I10a84c91a642e96c494d6e523d6d89059afaa1ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366658
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78498}
Previously, guard regions were created by allocating pages with
PROT_NONE and relying on an allocation hint. This could fail however,
for example on Fuchsia (where it would allocate a VMO to back the guard
region) and possibly on Windows (where a placeholder mapping was
replaced by a "real" mapping).
Introducing an explicit VirtualAddressSpace::AllocateGuardRegion routine
now makes this operation more efficient and effectively guarantees that
it cannot fail if used correctly: in a regular subspace, there is no
need to allocate anything when creating guard regions since the address
space reservation backing the subspace is guaranteed to be inaccessible
when no pages are allocated in it.
Bug: chromium:1218005
Change-Id: I6945f17616b6b8dad47241af96d4cb1f660e8858
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3366237
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78480}
The v8-debug.h and its implementations in api.cc are effectively owned
by the DevTools team.
Bug: none
Change-Id: I0eacb901bad771fca9aff19ded6bde0c34753174
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3361835
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78453}
This introduces a new `GetLocation()` method for `v8::StackFrame`s,
which returns both line and column number at the same time (using the
existing `v8::Location` class). Since `v8::StackFrame` instances store
only the source position (per https://bit.ly/v8-stack-frame), we
currently need to look up the source position in the Script's line table
twice, once when we request the line number, and another time when we
request the column number.
With `GetLocation()` we perform only a single lookup in the Script's
line table and return both line and column number at the same time. This
cuts roughly 8% of the average execution time from the `standalone.js`
benchmark mentioned in crbug.com/1280519.
Bug: chromium:1280519, chromium:1278650, chromium:1069425
Bug: chromium:1077657, chromium:1283162
Doc: https://bit.ly/v8-cheaper-inspector-stack-traces
Change-Id: Ia3a0502990b6230363112a358b59875283399404
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359628
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78452}
Report young generation GC statistics to the Recorder API.
These will be used by Blink to populate UMA histograms.
Existing UMA reporting in V8 remains as is for now and will be removed
in a followup.
With this CL, minor mark-compaction statistics are reported as part
of V8.GC.Cycle.*.Young. Also V8.GCScavengeReason is migrated to
V8.GC.Cycle.Reason.Young.
This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3320388
Bug: chromium:1154636
Change-Id: Ia1030c80d4bc75ac6e176ed60f838929ddb9b20f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320430
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78416}
This is the first step towards moving away from sending `url` with every
call frame when emitting the `Debugger.paused` event.
Bug: chromium:1270316, chromium:1271078
Change-Id: I2f57f21e15bf908ffb53f5c7b5862d3efa329c86
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3344946
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78392}
This CL renames a number of things related to the V8 sandbox.
Mainly, what used to be under V8_HEAP_SANDBOX is now under
V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage
is now simply the V8 Sandbox:
V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX
V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS
V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS
V8VirtualMemoryCage => Sandbox
CagedPointer => SandboxedPointer
fake cage => partially reserved sandbox
src/security => src/sandbox
This naming scheme should simplify things: the sandbox is now the large
region of virtual address space inside which V8 mainly operates and
which should be considered untrusted. Mechanisms like sandboxed pointers
are then used to attempt to prevent escapes from the sandbox (i.e.
corruption of memory outside of it). Furthermore, the new naming scheme
avoids the confusion with the various other "cages" in V8, in
particular, the VirtualMemoryCage class, by dropping that name entirely.
Future sandbox features are developed under their own V8_SANDBOX_X flag,
and will, once final, be merged into V8_SANDBOX. Current future features
are sandboxed external pointers (using the external pointer table), and
sandboxed pointers (pointers guaranteed to point into the sandbox, e.g.
because they are encoded as offsets). This CL then also introduces a new
build flag, v8_enable_sandbox_future, which enables all future features.
Bug: v8:10391
Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78384}
The execute_us is now tied to the --slow-histograms flag.
This currently enabled on a small population as a persistent finch study
which should give us enough coverage for now.
Drive-by-fixes:
- Rename counter: execute_precise() to execute()
- Avoid Leave/Enter overhead in NestedTimedHistogramScope if the
histogram is not enabled
- Only stop timers in debug mode for NestedTimedHistogramScope
Bug: chromium:1275056
Change-Id: Id6a492bdd68edb5194cb191c7083829a9f90283f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320431
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78318}
This is a reland of 2d087f237e
The changes are :
* Fix redundant reinterpret_cast in test file for MSVC failure
https://crbug.com/v8/12476
* Fix flaky test
https://crbug.com/v8/12475
If a sample is captured during a GC, no embedder context is obtained
defaulting to EMPTY. This is the expected behavior, made it in clear
in implementation and in test.
* Synchronized the embedder context filter behavior with existing
native context filter.
Original change's description:
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}
Bug: chromium:1263871
Change-Id: Ief891b05da99c695e9fb70f94ed7ebdecc6c3b7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320037
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78281}
Checks whether a Persistent is used from the creation thread on slow
path allocations. In practice, these currently happen every 256
Persistent allocations. This is a best effort check that may help to
flush out issues that are missed with DCHECK builds.
Bug: chromium:1276570
Change-Id: Ia868ca436341b1b5ef427d5b3ec04926c1394e41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318658
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78276}
This reverts commit 2d087f237e.
Reason for revert:
- Causing MSVC build failures: https://crbug.com/v8/12476
- Causing flaky failures: https://crbug.com/v8/12475
Original change's description:
> [profiler] Surface VM & Embedder State
>
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}
Bug: chromium:1263871, v8:12475, v8:12476
Change-Id: I02670b1ed3bb863033208369227642a7419fce00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78256}
Rename StringShape::full_representation_tag to
StringShape::representation_and_encoding_tag, since the full
representation tag now includes the shared bit.
There are no users of the new method in this CL; this is split out to
make subsequent shared string CLs smaller.
Bug: v8:12007
Change-Id: Ic4ac0241fd9846241e85b4a094dfee6d201ba42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313428
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78253}
Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
EmbedderState:
* An EmbedderState is defined as a value uint8_t and a v8::context used
for filtering.
* EmbedderStates are stack allocated by the embedder, construction and
destruction set/unset the state to the isolate thread local top.
* A v8::context is used to filter states that are added to a CpuProfile,
if the CpuProfile do not have a ContextFilter set or if contexts do not
match, state defaults to Empty.
* v8:StateTag is already propagated all the way to a Sample, simply add
an API to surface it.
VMState:
Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
Bug: chromium:1263871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78250}
This CL reverts two diagnosing CLs that introduced same-thread CHECKS,
recovering all introduced performance regressions.
We will try to add less performance-sensitive checks again in a follow
up.
This reverts commit 0c2bbfd5bb.
This reverts commit 6643c05940.
Bug: chromium:1253650, chromium:1243257, chromium:1274201
Change-Id: I96c41c39c4f58b062574fa11c4a2d76ad030bcf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315437
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78245}
This interface is meant to eventually replace the existing
v8::PageAllocator interface. Beyond general refactoring of the
PageAllocator APIs, the new interface now supports the concept of
(contiguous) address space reservations, which previously had to be
implemented through page allocations. These reservations now make better
use of provided OS primitives on Fuchsia (VMARs) and Windows
(placeholder mappings) and can be used to back many of the cages and
virtual memory regions that V8 creates.
The new interface is not yet stable and may change at any time without
deprecating the old version first.
Bug: chromium:1218005
Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78235}
This CL turns references to ArrayBuffer backing stores from
JSArrayBuffers, JSTypedArrays, and JSDataViews into CagedPointers
when those are enabled.
CagedPointers cannot generally represent nullptr, as NULL usually lies
outside the cage. As such, nullptr backing stores are replaced with a
special empty backing store value, which, in the current implementation,
points to the end of the cage, right in front of the trailing guard
regions. Due to this, it is no longer correct to compare a backing store
pointer against nullptr.
Bug: chromium:1218005
Change-Id: I4a6c7a82aabb4debcb6bb2babe4035ba2da8e79f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244419
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78218}
Some performance sensitive paths in V8 (compilation/json parsing) or
paths with high allocation/freeing throughput can suffer from not being
able to reuse recently freed allocations. These paths can also
significantly increase the working set and cause large number of page
faults. For such paths (at least as an initial measure) we are planning
to disable allocation quarantining.
The CL provides a way for the embedder to hook in *Scan functions that
disable/enable quarantining. It also disables *Scan for json parsing and
compilation jobs.
Bug: chromium:1249550
Change-Id: I0274f66010435f3d4d091fe70fabcd20f46dc0d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306389
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78178}
- V8::Deprecate ShutdownPlatform in favor of V8::DisposePlatform
- Rename i::V8::TearDown to i::V8::Dispose
- Clean up i::V8::Initialize
- Remove needless V8::Initialize() calls in cctests
- Remove CcTest::DisableAutomaticDispose()
- Add checks to Isolate::Allocate and Isolate::Dispose that there is
and active platform
Change-Id: Iac84f9ade9d1781e9e8b8c88ea8fe74013f51c4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306482
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78162}
It's deprecated in C++17 and not needed (it was needed for static const,
but not for constexpr). It's needed in C++14, but can trigger
deprecation errors in C++17, so include it conditionally on __cplusplus.
Bug: chromium:1274247
Change-Id: I92524f377bb92ac2aa008f15830920786a1c1432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308795
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78157}
These methods were declared as inlined functions but the implementation
were moved to api.cc.
Change-Id: I49071aca9c94e52930c362e85206dbda402ab29b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3308375
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78148}
This is a reland of 4997ce58dd
Original change's description:
> cppgc: Add targeted CHECK for diagnosing Peristent issue
>
> The added CHECK aims at finding problems where Peristent is used off
> the owning thread.
>
> Bug: chromium:1253650, chromium:1243257
> Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78137}
Bug: chromium:1253650, chromium:1243257
Change-Id: I9ef72d3f649c1a4504417c4cd7728e5000675405
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306487
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78146}