CodeBuilder allows much simpler building of Code objects. The current
approach uses a large number of default parameters, which makes it difficult
to use and add any new ones. Large chunks of code are also duplicated across
TryNewCode and NewCode. The follow up CL completely removes these methods.
Bug: v8:9183
Change-Id: I6e988fd00bb89b871346100fe56dd01a9bd46073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585736
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Maciej Goszczycki <goszczycki@google.com>
Cr-Commit-Position: refs/heads/master@{#61079}
This is a reland of 7a2651cbf5
x18 is not allocatable nor callee-saved in v8, so stop comparing
the before/after value in tests.
Presumably the Nexus failure was due to printf on that platform
clobbering x18.
This can be reproduced locally by modifying `CorruptAllCallerSavedCPURegister`
to also corrupt x18.
CQ_INCLUDE_TRYBOTS=luci.v8.try:v8_android_arm64_n5x_rel_ng
Original change's description:
> [arm64] Cleanup TODO around handling of x18
>
> Use `padreg` instead of x18 to maintain alignment in the CPURegList.
>
> Also clean up some comments and tidy up RequiredStackSizeForCallerSaved
> and PushCallerSaved.
>
> Change-Id: I80a780e5649e69a1746c43f37c2d1d875120c7a0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581609
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
> Cr-Commit-Position: refs/heads/master@{#60987}
Change-Id: I7c023a4706a98bcb9aa5acd37016a6d01e3979a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583762
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Cr-Commit-Position: refs/heads/master@{#61078}
Allow for a third compilation strategy that compiles baseline code
lazily but initiates top tier compilation immediately. The strategy aims
at reducing startup time.
Bug: v8:9003
Change-Id: Ifd2060b25386c5221a45f6038c3849afeb956e69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571620
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Frederik Gossen <frgossen@google.com>
Cr-Commit-Position: refs/heads/master@{#61077}
New enum RelocInfo::COMPRESSED_EMBEDDED_OBJECT created to support
compressed pointers in generated code. Enum name EMBEDDED_OBJECT
changed to FULL_EMBEDDED_OBJECT.
RelocInfo::[set_]target_object() abstract away the difference between
FULL_EMBEDDED_OBJECT and COMPRESSED_EMBEDDED_OBJECT.
Compressed embedded objects can only be created at this time on
x64 with pointer compression turned on. Arm64 constant pools don't
support compressed objects at this time.
Bug: v8:7703
Change-Id: I03bfd84effa33c65cf9bcefa5df680ab7eace9dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1547661
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61076}
This adds a flag to print a message on important GC events, like
triggering a GC, reporting live code per isolate, and finally deleting
dead code.
This helps debugging issues with wasm code gc.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I901199bc19b2a8718728a9e4918c30e295e0e92a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585842
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61075}
One fundamental assumption of the wasm code GC is that code becomes
"potentially dead" at most once; if the ref counts drops to zero later,
it should be freed for real.
In the current implementation, it happens that code becomes potentially
dead, then becomes dead for real (it's removed from the set of
potentially dead code), and then we remove the last reference. At that
point, we re-add the code to the potentially dead code, considering it
for garbage collection again. This can lead to an endless loop.
This CL fixes that by remembering which code was already detected as
dead, and does not consider this code for another GC.
This requires freeing code via the {WasmEngine} such that the set of
dead code can be cleaned up.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: If6a95a7918db2ad82edfad5447c536593243db7d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585845
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61073}
- Rename (and negate) "stack_check" to the more descriptive
"skip_first_stack_check".
- Pass call frequency by value rather than mutable(!) reference.
- Embed some things directly into BytecodeGraphBuilder,
instead of stack-allocating them and then storing a pointer.
- Don't pass things to OsrIteratorState that it can already access via
the graph builder parameter.
Change-Id: Id852df1ce521a6eefb6047cf76a0882a4c6e95b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587375
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61072}
Remove Isolate versions of
Value::ToNumber/ToString/ToObject/ToInteger/ToInt32 and Context versions
of ToBoolean and BooleanValue (which could never throw anyway).
Bug: v8:7279, v8:9183
Change-Id: Ib144f8894a2b37c44216ba2d0cb298e8f0c72a3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585735
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61071}
This CL removes the flag '--turbo-preprocess-ranges' and enables it by
default.
If FLAG_turbo_control_flow_aware_allocation is set,
--turbo-preprocess-ranges is disabled and control flow aware
allocation is enabled instead.
Bug: v8:9088
Change-Id: I81d56f15efc8f765e317aa828d27f415f8b7fd40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585725
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61070}
This CL removes a build script that was used to create ANTLR visitors
for Torque parsing. As Torque rolls its own parser now, this script
can safely be removed.
R=tebbi@chromium.org
Bug: v8:9183
Change-Id: Id56ee590d79e5c849ac111e8825cd3733cd55d90
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587379
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61069}
All we really need to expose is a single function that builds the graph.
This change drastically simplifies the header file.
Change-Id: If185687b8220bdd253f967be9ab2ea3b088e5423
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585856
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61068}
This CL fixes an issue where a comment was not highlighted correctly
after a class definition.
Bug: v8:7793
Notry: true
Change-Id: I378a1373c8f4a6c8d48c4bb2ee4a4c3b39b2341f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585733
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61067}
Previously it was possible for this function to fall back to the
ArrayBuffer methods to free the memory in the cases where the
is_wasm_memory flag on the JSArrayBuffer is not propagated.
This is no longer the case, as we check for the actual allocation
so all memory allocated by the WasmMemoryTracker should be freed by
it as well. Rename the method to match the existing implementation.
Change-Id: I50c9844bfdae1c378812df5add2253752532d0ad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587795
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61066}
This tests calling Debugger.getPossibleBreakpoints on a user function
embedded into the startup snapshot.
Currently, this fails because inspector does not know how to handle
scripts without an associated context. The test should be updated
once we have a fix.
Bug: v8:9029
Change-Id: Id2391a2df203fa7f119f39ea1c34da6a7c54206f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581643
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61063}
This is a reland of 4f9d7a94a1
Original change's description:
> [snapshot] Align internal snapshot data
>
> When the snapshot blob is not aligned properly, loading it can cause a
> crash on platforms such as arm.
>
> This was exposed by a SIGBUS/BUS_ADRALN crash on arm when accessing
> the blob_data symbol (declared as a byte array) through a reinterpret
> cast to uintptr_t in an internal snapshot build.
>
> Thanks to florian.dold@gmail.com for the initial patch.
>
> Bug: v8:9171
> Change-Id: I99b071dec3733416f2f01b58a770e30d8f2dcdf2
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1582402
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Auto-Submit: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61000}
Tbr: delphick@chromium.org
Bug: v8:9171
Change-Id: I36f53647ff5c45bcc512147f082fdd069723175d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1587377
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61062}
This CL just updates the map to its non-deprecated counterpart
before adding the integrity level transition.
Bug: chromium:956426
Change-Id: I0aaaeb0451aed28c8893968bbcd9f6eb327da18b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585858
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61057}
This enables constant field tracking unconditionally.
TBR=jgruber@chromium.org
Bug: v8:8361
Change-Id: I02f35827d860c3e0f18a3d55cb156c088d48bc94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585730
Commit-Queue: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61055}
This is a reland of 2974a184fd
Added expectation for the case that caused the revert in:
https://chromium-review.googlesource.com/c/chromium/src/+/1585814
Original change's description:
> [Inspector] Adjust the length of some of the console functions.
>
> The function lengths on a number of the console methods was set to 1.
> The arguments to these functions are either variadic or optional so they
> should have length of 0.
>
> R=dgozman@chromium.org,ulan@chromium.org
> BUG=chromium:948678
>
> Change-Id: I183262e230145a565732396688a0541034931500
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1548948
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Pavel Feldman OOO <pfeldman@chromium.org>
> Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
> Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61021}
Bug: chromium:948678
Change-Id: I092139117ee2b08f40a7c0ee4df49603cf383579
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585533
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61053}
For a few double value above the max float, we have to round down
to that max float rather than rounding up to infinity.
Bug: chromium:956564
Change-Id: I34be1def5330bd4c3352b792d20dd500f108d9e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585852
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61052}
Instead of recording dependencies during ComputePropertyAccessInfo(s),
store off-the-record dependencies in the resulting PropertyAccessInfo(s)
and record them when the PropertyAccessInfo(s) are consumed. This will
enable us to do the ComputePropertyAccessInfo(s) during serialization.
Bug: v8:7790
Change-Id: I2a3918eb3bc2c795061ca7969c0053b68a53aea7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581610
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61051}
- Removes Utf8Iterator
- Replaces Utf8Decoder with something based on ValueOfIncremental +
NonAsciiStart and moves it into v8/internal.
- Internalizes utf8 strings by first converting them to one or two byte
- Removes IsUtf8EqualsTo and replaces current uses with IsOneByteEqualsTo
Tbr: jgruber@chromium.org
Change-Id: I16e08d910a745e78d6fd465718fc69ad731fd217
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585840
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61049}
This also makes processing immediate, i.e. outputs are parsed into results as
soon as test run is finished, which will allow us to implement logic that checks
whether we have enough runs based on already-accumulated results.
Since we process each output immediately, we do not need Measurement class any
longer and its ConsumeOutput is now integrated directly into TraceConfig.
Similarly AccumulateResults is replaced with RunnableConfig.ProcessOutput as we
do not accumulate results any longer.
R=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Bug: chromium:880724
Change-Id: I0fc4846024c43258c10ba8d568312aa4746d746f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584325
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61048}
Add a WasmCodeRefScope around _v8_internal_Print_Code() because that
is needed for debugging.
R=clemensh@chromium.org
Change-Id: Ifdb7a32695163e0a109567ec00a52196e79e03db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585844
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61047}
I missed these cases when adding the branchful decompression on codegen.
Cq-Include-Trybots: luci.v8.try:v8_linux64_pointer_compression_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_arm64_pointer_compression_rel_ng
Bug: v8:7703
Change-Id: Idb3f5ca81e00bb17fa08ba2b2506b642ffbd7b4b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571623
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61045}
If a {NativeModule} dies while a GC is running, we could leave behind
references to code of that deleted module. This CL fixes that.
This issue was found by running with --stress-wasm-code-gc.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I7f0d98977e6510899170306952936c4a7f7d3c10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585722
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61041}
The function {memory_copy_wrapper} is called directly from WebAssembly.
Before calling {memory_copy_wrapper} we do not reset the
tread-in-wasm flag. On asan builds on Windows this causes the problem
observed in the crash report.
My theory is the following: asan on Windows uses exceptions to allocate
shadow memory lazily. When {memory_copy_wrapper} accesses memory, asan
causes an exception to allocate shadow memory. This exception is first
caught by the WebAssembly trap handler, which resets the
thread-in-wasm flag but then does not handle the exception because it
cannot find a proper landing pad. Asan then handles the exception and
continues execution. However. the thread-in-wasm flag is not set
anymore. A later check of the thread-in-wasm flag then fails.
This CL disables asan for {memory_copy_wrapper} and thereby fixes the
problem. As indicated above, another solution would be to reset and set
the thread-in-wasm flag before and after the call to the C function,
respectively. However, we do not do that for other uses of direct calls
to C.
R=binji@chromium.org
Bug: chromium:952342
Change-Id: I2adb2eccf2ac25be58392d21f8f43a04414c7811
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1584326
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61040}
Add a flag which causes wasm code gc to be triggered whenever any code
is found to be potentially dead. This mode found several bugs already,
and I plan to enable it in 'gc-stress' mode once all issues are fixed.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: If28d980ded98b77b9efe7446da74d857e3c5e1b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585720
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61039}
This reverts commit da7322c05f.
Reason for revert: Breaking the pointer compression bots, e.g.:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20-%20pointer%20compression/3047
Original change's description:
> [csa] verify skipped write-barriers in MemoryOptimizer
>
> With very few exceptions, this verifies all skipped write-barriers in
> CSA and Torque, showing that the MemoryOptimizer together with some
> type information on the stored value are enough to avoid unsafe skipped
> write-barriers.
>
> Changes to CSA:
> SKIP_WRITE_BARRIER and Store*NoWriteBarrier are verified by the
> MemoryOptimizer by default.
> Type information about the stored values (TNode<Smi>) is exploited to
> safely skip write barriers for stored Smi values.
> In some cases, the code is re-structured to make it easier to consume
> for the MemoryOptimizer (manual branch and load elimination).
>
> Changes to the MemoryOptimizer:
> Improve the MemoryOptimizer to remove write barriers:
> - When the store happens to a CSA-generated InnerAllocate, by ignoring
> Bitcasts and additions.
> - When the stored value is the HeapConstant of an immortal immovable root.
> - When the stored value is a SmiConstant (recognized by BitcastToTaggedSigned).
> - Fast C-calls are treated as non-allocating.
> - Runtime calls can be white-listed as non-allocating.
>
> Remaining missing cases:
> - C++-style iterator loops with inner pointers.
> - Inner allocates that are reloaded from a field where they were just stored
> (for example an elements backing store). Load elimination would fix that.
> - Safe stored value types that cannot be expressed in CSA (e.g., Smi|Hole).
> We could handle that in Torque.
> - Double-aligned allocations, which are not lowered in the MemoryOptimizer
> but in CSA.
>
> Drive-by change: Avoid Smi suffix for StoreFixedArrayElement since this
> can be handled by overload resolution (in Torque and C++).
>
> R=jarin@chromium.org
> TBR=mvstanton@chromium.org
>
> Change-Id: I0af9b710673f350e0fe81c2e59f37da93c024b7c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1571414
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#61016}
TBR=mvstanton@chromium.org,jarin@chromium.org,tebbi@chromium.org
Change-Id: I36877cd6d08761726ef8dce8a3e3f2ce3eebe6cf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1585732
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61038}
This is part of the refactoring needed to implement a feature that allows
re-running benchmarks until needed confidence is reached.
R=machenbach@chromium.org
No-Try: true
No-Tree-Checks: true
Bug: chromium:880724
Change-Id: I45f584a3503ecf567f4c2661a302a74fc5e516af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1581605
Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61037}
The `Script::InitLineEnds(Handle<Script>(script, isolate));` line
may lead to objects being moved around on the heap, so it’s necessary
to use a `Handle` to track that.
This was causing crashes in Node.js in Debug mode when using the
code cache in combination with the CPU profiler.
Refs: https://github.com/nodejs/node/issues/27307
Change-Id: I392b4c00c6ebad44753f87fcbf2e3278ea7799a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1575698
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61036}
Peeling away layers of indirection. More to follow.
Change-Id: Ide15b9ece926f51d957de8fdc37829f02d86ca49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1573700
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61035}
This fixes a deadlock that was detected by layout tests executing with
--future (hence enabling wasm code gc). It did not fail anywhere in v8
because GC is only triggered once we have > 1MB potentially dead code.
I plan to add a '--stress-wasm-code-gc' flag, which lowers this limit
to zero, thereby triggering GC when finding a single potentially dead
code. This mode found this issue, but also finds more, so I need to fix
other issues before enabling these stress tests.
R=mstarzinger@chromium.org
Bug: v8:8217
Change-Id: I373955b90c8b79d7b9e16184729f45db947eeeab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1583728
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61034}
