Commit Graph

3092 Commits

Author SHA1 Message Date
Anton Bikineev
7d9a440510 cppgc: Don't compress pointers on M1
The CL aims to check if PC is causing a Speedometer regression. The
previous reland was part of the roll that broke builtin PGOs, which
cause large Speedometer2 regression. Now we want to disable and then
reenable pointer compression on M1 just to make sure that there are no
performance regressions caused by PC.

Bug: chromium:1325007
Change-Id: I2442218322d3b045bc5518b03730f57aa2091ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827875
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82435}
2022-08-12 12:53:43 +00:00
Darius M
de04959f17 [compiler] Remove delayed string constants
StringConstantXXX were introduced when we switched to concurrent
compilation, as a way to build strings in Turbofan in a background
thread, without having to actually allocate them on the main heap
from the background. See https://crrev.com/c/1221807.

Now that we have local heaps, we can actually allocate strings from
the background, making StringConstantXXX useless.

Moreover, we would fold constant string concatenations into
ConsString, which sounds a bit dubious for performance. Now, small
constant string concatenations will be folded into SeqStrings, while
larger ones will remain ConsString, just to avoid the quadratic
worst-case.

Change-Id: I0479d16aa5691c9d774187c4cc0d03ff4fe2b4f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811291
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82381}
2022-08-11 07:41:53 +00:00
Camillo
012fa89948 [runtime] Improve builtins PGO logging
- Add explicit --turbo-profiling-output and --turbo-profiling-input
- Rename --turbo-profiling-log-file to --turbo-profiling-input
- No longer log PGO data to v8.log
- Add runtime %GetAndResetTurboProfilingData helper function for
  more controlled logging within chrome
- Rewrite generate.py script to use more python3

Bug: v8:10470
Change-Id: Ib817b5c3793a0a7ae77103075ea2d6f6d0282150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820381
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82350}
2022-08-10 13:55:54 +00:00
Michael Lippautz
65d43890f3 Reland "[handles] Remove precise on-stack representation of global handles"
This is a reland of commit 6953b5550e

The reland fixes tests that retrieved the stack start from a
non-inlined frame's fp. This does not work in certain configurations
as the resulting marker is too low to consider the first local
variables in subsequent calls.

The fix uses an inline frame address for the tests to get an upper
bound of stack addresses to consider.

Original change's description:
> [handles] Remove precise on-stack representation of global handles
>
> Since https://crrev.com/c/3806439 on-stack traced handles are marked
> conservatively when being used in combination with CppHeap.
>
> This change removes the precise on-stack representation of the
> internal traced nodes as they nodes would anyways be marked
> conservatively. The effects are:
> - cheaper representation (just a single node space);
> - uniform handling: no checks to distinguish on-stack vs on-heap;
> - no brittleness around cleaning on-stack handles when the event loop
>  is empty;
>
> Change-Id: Id859623bfed77a66bdd064ea8065536264515eae
> Bug: v8:13141
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82306}

Bug: v8:13141
Change-Id: I53ece36220e99d02be6df18f83c18450e5d5037b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820585
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82342}
2022-08-10 11:59:24 +00:00
Michael Lippautz
850b225033 Revert "[handles] Remove precise on-stack representation of global handles"
This reverts commit 6953b5550e.

Reason for revert: Failing on CI: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20full%20debug/22876/overview

Original change's description:
> [handles] Remove precise on-stack representation of global handles
>
> Since https://crrev.com/c/3806439 on-stack traced handles are marked
> conservatively when being used in combination with CppHeap.
>
> This change removes the precise on-stack representation of the
> internal traced nodes as they nodes would anyways be marked
> conservatively. The effects are:
> - cheaper representation (just a single node space);
> - uniform handling: no checks to distinguish on-stack vs on-heap;
> - no brittleness around cleaning on-stack handles when the event loop
>  is empty;
>
> Change-Id: Id859623bfed77a66bdd064ea8065536264515eae
> Bug: v8:13141
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82306}

Bug: v8:13141
Change-Id: I5ebb2ed9eeec1394c2dd48504e91f6ff789b0711
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820584
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82313}
2022-08-09 17:21:54 +00:00
Michael Lippautz
6953b5550e [handles] Remove precise on-stack representation of global handles
Since https://crrev.com/c/3806439 on-stack traced handles are marked
conservatively when being used in combination with CppHeap.

This change removes the precise on-stack representation of the
internal traced nodes as they nodes would anyways be marked
conservatively. The effects are:
- cheaper representation (just a single node space);
- uniform handling: no checks to distinguish on-stack vs on-heap;
- no brittleness around cleaning on-stack handles when the event loop
 is empty;

Change-Id: Id859623bfed77a66bdd064ea8065536264515eae
Bug: v8:13141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82306}
2022-08-09 15:04:31 +00:00
Anton Bikineev
557a84d620 Reland "cppgc: Enable pointer compression by default on Desktop"
All the known issues (GPU bot failures) have been fixed.

Original change's description:
> cppgc: Enable pointer compression by default on Desktop
>
> The CL enables pointer compression in Oilpan.
>
> For sherrifs: the CL may cause some slight perf regressions (likely
> blink_perf.*), due to slightly higher cost of compression and
> decomrpession.
>
> Speedometer2 is not expected to regress, as was checked locally. Such a
> slight performance degradation is compensated by memory savings that are
> expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> PMF).

Bug: chromium:1325007
Change-Id: I52572ba30459dcdfd6219cfdc9e8f2f836fb95ab
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791061
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82260}
2022-08-08 11:29:32 +00:00
Lu Yahan
d631c1efda [riscv64] disable fp multiply and accumulate instructions
Some wasm interpreter tests are failing since instructions generated
by gcc such as *multiply and and* (fmadds) create intermediate
results bigger than 8 bytes which doesn't match other architectures,
hence the resulting output differs.

Port commit 13314a207e

co-authors: Jun Yuan Tan <junyuan.tan@starfivetech.com>

Change-Id: I18c0b659f30df84bb30daa176368a7e81b51063e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811139
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82240}
2022-08-06 00:47:22 +00:00
Al Muthanna Athamina
e6bcabd10c Revert "Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off""
This reverts commit fe327545e3.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/8615/overview

Original change's description:
> Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"
>
> This is a reland of commit 2055c3b482
>
> Original change's description:
> > [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
> >
> > Bug: v8:13058
> > Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> > Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> > Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#82213}
>
> Bug: v8:13058
> Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
> Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82221}

Bug: v8:13058
Change-Id: Icb621fac3758384e0b04520585f5c998563c1f6f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811289
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82224}
2022-08-05 13:28:58 +00:00
Al Muthanna Athamina
fe327545e3 Reland "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"
This is a reland of commit 2055c3b482

Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}

Bug: v8:13058
Change-Id: I315fd1cd5c36464b1a15c635c8f31825769c3eb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812042
Auto-Submit: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82221}
2022-08-05 11:47:24 +00:00
Nico Hartmann
9179ea3ca1 Revert "[infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off"
This reverts commit 2055c3b482.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Clusterfuzz%20Linux64%20-%20release%20builder/29801/overview

Original change's description:
> [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
>
> Bug: v8:13058
> Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82213}

Bug: v8:13058
Change-Id: I63b86420d12fb4bf0333e9e52b17763c9d80afce
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811498
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82215}
2022-08-05 08:45:13 +00:00
Al Muthanna Athamina
2055c3b482 [infra] Enable sandbox for x64 and arm64 builders and add a set of builders with Sandbox off
Bug: v8:13058
Change-Id: If9d500f46f02ed3588d2b0e3904567c61aaddd12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810184
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82213}
2022-08-05 08:19:04 +00:00
Lu Yahan
942a67ca01 Reland "[riscv32] Add RISCV32 backend"
This is a reland of commit 491de34bcc

co-authors: Ji Qiu <qiuji@iscas.ac.cn>
            Alvise De Faveri Tron <elvisilde@gmail.com>
            Usman Zain <uszain@gmail.com>
            Zheng Quan <vitalyankh@gmail.com>

Original change's description:
> [riscv32] Add RISCV32 backend
>
> This very large changeset adds support for RISCV32.
>
> Bug: v8:13025
> Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82053}

Bug: v8:13025
Change-Id: I220fae4b8e2679bdc111724e08817b079b373bd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3807124
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82198}
2022-08-04 12:47:44 +00:00
Lu Yahan
c0d5d4d60a Revert "[riscv32] Add RISCV32 backend"
This reverts commit 491de34bcc.

Reason for revert: Lose co-authors information

Original change's description:
> [riscv32] Add RISCV32 backend
>
> This very large changeset adds support for RISCV32.
>
> Bug: v8:13025
> Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
> Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Hannes Payer <hpayer@chromium.org>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82053}

Bug: v8:13025
Change-Id: I6abea32c8ea43b080a938782dc643c97a123f1d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803994
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#82163}
2022-08-03 11:20:54 +00:00
Omer Katz
68b3b65ef3 [heap] Eliminate fast promotion mode
Bug: v8:12612
Change-Id: Iaf967da524413b6701aa93fa471d79e2a82e43e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805064
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82147}
2022-08-02 15:15:43 +00:00
Simon Zünd
33dfda38e7 [liveedit] Move live edit diffing code into separate file
This is a strictly code moving change. We move the diffing algorithm
out of liveedit.cc into its own file.

We want to replace the current diffing algorithm and to stay safe we
will ship old and new algorithm side-by-side for a release for easy
revertability. Given that liveedit.cc is already large enough we
extract the diffing algo into a separate file.

R=kimanh@chromium.org

Bug: chromium:1205288
Change-Id: If5ebb6c2dff2f00387c9e2ab87e4bb61d1f1484a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3802687
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82124}
2022-08-02 07:32:13 +00:00
Darius M
ba7d9e5fa0 [turboshaft] port value numbering optimization
Bug: v8:12783
Change-Id: I5b7acf2445b0f898158448dde206a0cecdab6a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3764345
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82097}
2022-08-01 13:30:12 +00:00
Lu Yahan
491de34bcc [riscv32] Add RISCV32 backend
This very large changeset adds support for RISCV32.

Bug: v8:13025
Change-Id: Ieacc857131e6620f0fcfd7daa88a0f8d77056aa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736732
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82053}
2022-07-29 00:59:06 +00:00
Seth Brenith
766b2a4d52 Reland "Background merging of deserialized scripts"
This is a reland of commit e895b7af73

The unit test has been updated to work correctly when
--stress-incremental-marking is enabled.

Original change's description:
> Background merging of deserialized scripts
>
> Recently, https://crrev.com/c/v8/v8/+/3681880 added new API functions
> with which an embedder could request that V8 merge newly deserialized
> script data into an existing Script from the Isolate's compilation
> cache. This change implements those new functions. This functionality is
> still disabled by default due to the flag
> merge_background_deserialized_script_with_compilation_cache.
>
> The goal of this new functionality is to reduce memory usage when
> multiple frames load the same script with a long delay between (long
> enough for the script to have been evicted from Blink's in-memory cache
> and for the top-level SharedFunctionInfo to be flushed). In that case,
> there are two Script objects for the same script: one which was found in
> the Isolate compilation cache (the "old" script), and one which was
> recently deserialized (the "new" script). The new script's object graph
> is essentially standalone: it may point to internalized strings and
> readonly objects such as the empty feedback metadata, but otherwise
> it is unconnected to the rest of the heap. The merging logic takes any
> useful data from the new script's object graph and attaches it into the
> old script's object graph, so that the new Script object and any other
> duplicated objects can be discarded. More specifically:
>
> 1. If the new Script has a SharedFunctionInfo for a particular function
>    literal, and the old Script does not, then the old Script is updated
>    to refer to the new SharedFunctionInfo.
> 2. If the new Script has a compiled SharedFunctionInfo for a particular
>    function literal, and the old Script has an uncompiled
>    SharedFunctionInfo, then the old SharedFunctionInfo is updated to
>    point to the function_data and feedback_metadata from the new
>    SharedFunctionInfo.
> 3. If any used object from the new object graph points to a
>    SharedFunctionInfo, where the old object graph contains a matching
>    SharedFunctionInfo for the same function literal, then that pointer
>    is updated to point to the old SharedFunctionInfo.
>
> The document at [0] includes diagrams showing an example merge on a very
> small script.
>
> Steps 1 and 2 above are pretty simple, but step 3 requires walking a
> possibly large set of objects, so this new API lets the embedder run
> step 3 from a background thread. Steps 1 and 2 are performed later, on
> the main thread.
>
> The next important question is: in what ways can the old script's object
> graph be modified during the background execution of step 3, or during
> the time after step 3 but before steps 1 and 2?
>
> A. SharedFunctionInfos can go from compiled to uncompiled due to
>    flushing. This is okay; the worst outcome is that the function would
>    need to be compiled again later. Such a risk is already present,
>    since V8 doesn't keep IsCompiledScopes for every compiled function in
>    a background-deserialized script.
> B. SharedFunctionInfos can go from uncompiled to compiled due to lazy
>    compilation. This is also okay; the merge completion logic on the
>    main thread will just keep this lazily compiled data rather than
>    inserting compiled data from the newly deserialized object graph.
> C. SharedFunctionInfos can be cleared from the Script's weak array if
>    they are no longer referenced. This is mostly okay, because any
>    SharedFunctionInfo that is needed by the background merge is strongly
>    referenced and therefore can't be cleared. The only problem arises if
>    the top-level SharedFunctionInfo gets cleared, so the merge task must
>    deliberately keep a reference to that one.
> D. SharedFunctionInfos can be created if they are needed due to lazy
>    compilation of a parent function. This change is somewhat troublesome
>    because it invalidates the background thread's work and requires a
>    re-traversal on the main thread to update any pointers that should
>    point to this lazily compiled SharedFunctionInfo.
>
> At a high level, this change implements three previously unimplemented
> functions in BackgroundDeserializeTask (in compiler.cc) and updates one:
>
> - BackgroundDeserializeTask::SourceTextAvailable, run on the main
>   thread, checks whether there is a matching Script in the Isolate
>   compilation cache which doesn't already have a top-level
>   SharedFunctionInfo. If so, it saves that Script in a persistent
>   handle.
> - BackgroundDeserializeTask::ShouldMergeWithExistingScript checks
>   whether the persistent handle from the first step exists (a fast
>   operation which can be called from any thread).
> - BackgroundDeserializeTask::MergeWithExistingScript, run on a
>   background thread, performs step 3 of the merge described above and
>   generates lists of persistent data describing how the main thread can
>   complete the merge.
> - BackgroundDeserializeTask::Finish is updated to perform the merge
>   steps 1 and 2 listed above, as well as a possible re-traversal of the
>   graph if required due to newly created SharedFunctionInfos in the old
>   Script.
>
> The merge logic has nothing to do with deserialization, and indeed I
> hope to reuse it for background compilation tasks as well, so it is all
> contained within a new class BackgroundMergeTask (in compiler.h,cc). It
> uses a second class, ForwardPointersVisitor (in compiler.cc) to perform
> the object visitation that updates pointers to SharedFunctionInfos.
>
> [0] https://docs.google.com/document/d/1UksB5Vm7TT1-f3S9W1dK_rP9jKn_ly0WVm_UDPpWuBw/edit
>
> Bug: v8:12808
> Change-Id: Id405869e9d5b106ca7afd9c4b08cb5813e6852c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3739232
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#81941}

Bug: v8:12808
Change-Id: Id2036dfa4eba8670cac899773d7a906825fa2c50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3787266
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#82045}
2022-07-28 17:02:55 +00:00
Hannes Payer
1036f176ab Only zap handles on debug and ASAN builds.
Change-Id: I07eaf3e1cfdff8190b91adfc3c428fe356e5f7a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791060
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82025}
2022-07-28 10:51:08 +00:00
Igor Sheludko
8626a1bd27 [builtins] Add builtins PGO profile for arm64
Bug: v8:10470
Change-Id: Icbd4c052b8d39300e45ab6fbee422839d852132b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3788207
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82010}
2022-07-27 18:16:18 +00:00
Anton Bikineev
8ad95397fe Revert "Reland "cppgc: Enable pointer compression by default on Desktop""
This reverts commit 4c8f742ee6.

Reason for revert: Looks like it causes another gpu bot failure, see
the reland commit.

Original change's description:
> Reland "cppgc: Enable pointer compression by default on Desktop"
>
> Now that the marking verifier doesn't verify stack, reenable PC.
>
> Bug: chromium:1325007
> Change-Id: I85c4ed0a76cf84992781966d3694211e8ea36a1d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3785147
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82001}

Bug: chromium:1325007
Change-Id: Ic19810cc2e3e67bd7691465ca5be7bf724501213
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3789501
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82002}
2022-07-27 12:52:18 +00:00
Anton Bikineev
4c8f742ee6 Reland "cppgc: Enable pointer compression by default on Desktop"
Now that the marking verifier doesn't verify stack, reenable PC.

Bug: chromium:1325007
Change-Id: I85c4ed0a76cf84992781966d3694211e8ea36a1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3785147
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82001}
2022-07-27 12:41:18 +00:00
Shu-yu Guo
3767ca8be5 [change-array-by-copy] Remove TypedArray.prototype.toSpliced
Normative update from
https://github.com/tc39/proposal-change-array-by-copy/issues/88

Bug: v8:13035
Change-Id: I939cebc13b4ab3cafbfb96a45d93b50453fd07e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3785282
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81989}
2022-07-27 07:51:12 +00:00
Tobias Tebbi
3064727d68 [builtins] fix builtins PGO gn config and update x64
This is a follow-up to https://chromium-review.googlesource.com/c/v8/v8/+/3776693
The previous CL accidentally didn't manage to enable
the PGO build because `v8_optimized_debug` is true in
release builds.

Bug: v8:10470
Change-Id: I66ec74e71eb697aa48b981d78ad526f4b8c5a917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784989
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81971}
2022-07-26 14:45:50 +00:00
Clemens Backes
6e72b810c5 [API] Allow copying of structs with deprecated fields
The implicit copy constructor triggers a deprecation warning if the
struct contains a deprecated field. We can fix this by explicitly
declaring the copy and move constructors and assignment operators
with the deprecation warning disabled.

This CL also adds a test to check that we can indeed call the
constructors and assignment operators, which did not work before.

R=leszeks@chromium.org

Bug: v8:13092
Change-Id: Ia63ff9375de13fc6e5b5a8d59d827a742c99fb39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3785145
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81962}
2022-07-26 11:47:25 +00:00
Deepti Gandluri
44fc1fdac2 Revert "Background merging of deserialized scripts"
This reverts commit e895b7af73.

Reason for revert: TSAN failures: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/8468/overview

Original change's description:
> Background merging of deserialized scripts
>
> Recently, https://crrev.com/c/v8/v8/+/3681880 added new API functions
> with which an embedder could request that V8 merge newly deserialized
> script data into an existing Script from the Isolate's compilation
> cache. This change implements those new functions. This functionality is
> still disabled by default due to the flag
> merge_background_deserialized_script_with_compilation_cache.
>
> The goal of this new functionality is to reduce memory usage when
> multiple frames load the same script with a long delay between (long
> enough for the script to have been evicted from Blink's in-memory cache
> and for the top-level SharedFunctionInfo to be flushed). In that case,
> there are two Script objects for the same script: one which was found in
> the Isolate compilation cache (the "old" script), and one which was
> recently deserialized (the "new" script). The new script's object graph
> is essentially standalone: it may point to internalized strings and
> readonly objects such as the empty feedback metadata, but otherwise
> it is unconnected to the rest of the heap. The merging logic takes any
> useful data from the new script's object graph and attaches it into the
> old script's object graph, so that the new Script object and any other
> duplicated objects can be discarded. More specifically:
>
> 1. If the new Script has a SharedFunctionInfo for a particular function
>    literal, and the old Script does not, then the old Script is updated
>    to refer to the new SharedFunctionInfo.
> 2. If the new Script has a compiled SharedFunctionInfo for a particular
>    function literal, and the old Script has an uncompiled
>    SharedFunctionInfo, then the old SharedFunctionInfo is updated to
>    point to the function_data and feedback_metadata from the new
>    SharedFunctionInfo.
> 3. If any used object from the new object graph points to a
>    SharedFunctionInfo, where the old object graph contains a matching
>    SharedFunctionInfo for the same function literal, then that pointer
>    is updated to point to the old SharedFunctionInfo.
>
> The document at [0] includes diagrams showing an example merge on a very
> small script.
>
> Steps 1 and 2 above are pretty simple, but step 3 requires walking a
> possibly large set of objects, so this new API lets the embedder run
> step 3 from a background thread. Steps 1 and 2 are performed later, on
> the main thread.
>
> The next important question is: in what ways can the old script's object
> graph be modified during the background execution of step 3, or during
> the time after step 3 but before steps 1 and 2?
>
> A. SharedFunctionInfos can go from compiled to uncompiled due to
>    flushing. This is okay; the worst outcome is that the function would
>    need to be compiled again later. Such a risk is already present,
>    since V8 doesn't keep IsCompiledScopes for every compiled function in
>    a background-deserialized script.
> B. SharedFunctionInfos can go from uncompiled to compiled due to lazy
>    compilation. This is also okay; the merge completion logic on the
>    main thread will just keep this lazily compiled data rather than
>    inserting compiled data from the newly deserialized object graph.
> C. SharedFunctionInfos can be cleared from the Script's weak array if
>    they are no longer referenced. This is mostly okay, because any
>    SharedFunctionInfo that is needed by the background merge is strongly
>    referenced and therefore can't be cleared. The only problem arises if
>    the top-level SharedFunctionInfo gets cleared, so the merge task must
>    deliberately keep a reference to that one.
> D. SharedFunctionInfos can be created if they are needed due to lazy
>    compilation of a parent function. This change is somewhat troublesome
>    because it invalidates the background thread's work and requires a
>    re-traversal on the main thread to update any pointers that should
>    point to this lazily compiled SharedFunctionInfo.
>
> At a high level, this change implements three previously unimplemented
> functions in BackgroundDeserializeTask (in compiler.cc) and updates one:
>
> - BackgroundDeserializeTask::SourceTextAvailable, run on the main
>   thread, checks whether there is a matching Script in the Isolate
>   compilation cache which doesn't already have a top-level
>   SharedFunctionInfo. If so, it saves that Script in a persistent
>   handle.
> - BackgroundDeserializeTask::ShouldMergeWithExistingScript checks
>   whether the persistent handle from the first step exists (a fast
>   operation which can be called from any thread).
> - BackgroundDeserializeTask::MergeWithExistingScript, run on a
>   background thread, performs step 3 of the merge described above and
>   generates lists of persistent data describing how the main thread can
>   complete the merge.
> - BackgroundDeserializeTask::Finish is updated to perform the merge
>   steps 1 and 2 listed above, as well as a possible re-traversal of the
>   graph if required due to newly created SharedFunctionInfos in the old
>   Script.
>
> The merge logic has nothing to do with deserialization, and indeed I
> hope to reuse it for background compilation tasks as well, so it is all
> contained within a new class BackgroundMergeTask (in compiler.h,cc). It
> uses a second class, ForwardPointersVisitor (in compiler.cc) to perform
> the object visitation that updates pointers to SharedFunctionInfos.
>
> [0] https://docs.google.com/document/d/1UksB5Vm7TT1-f3S9W1dK_rP9jKn_ly0WVm_UDPpWuBw/edit
>
> Bug: v8:12808
> Change-Id: Id405869e9d5b106ca7afd9c4b08cb5813e6852c6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3739232
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#81941}

Bug: v8:12808
Change-Id: I82a080e6287828445293cb6b4b94a5e8f15eb8f3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3787213
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81943}
2022-07-25 23:01:07 +00:00
Seth Brenith
e895b7af73 Background merging of deserialized scripts
Recently, https://crrev.com/c/v8/v8/+/3681880 added new API functions
with which an embedder could request that V8 merge newly deserialized
script data into an existing Script from the Isolate's compilation
cache. This change implements those new functions. This functionality is
still disabled by default due to the flag
merge_background_deserialized_script_with_compilation_cache.

The goal of this new functionality is to reduce memory usage when
multiple frames load the same script with a long delay between (long
enough for the script to have been evicted from Blink's in-memory cache
and for the top-level SharedFunctionInfo to be flushed). In that case,
there are two Script objects for the same script: one which was found in
the Isolate compilation cache (the "old" script), and one which was
recently deserialized (the "new" script). The new script's object graph
is essentially standalone: it may point to internalized strings and
readonly objects such as the empty feedback metadata, but otherwise
it is unconnected to the rest of the heap. The merging logic takes any
useful data from the new script's object graph and attaches it into the
old script's object graph, so that the new Script object and any other
duplicated objects can be discarded. More specifically:

1. If the new Script has a SharedFunctionInfo for a particular function
   literal, and the old Script does not, then the old Script is updated
   to refer to the new SharedFunctionInfo.
2. If the new Script has a compiled SharedFunctionInfo for a particular
   function literal, and the old Script has an uncompiled
   SharedFunctionInfo, then the old SharedFunctionInfo is updated to
   point to the function_data and feedback_metadata from the new
   SharedFunctionInfo.
3. If any used object from the new object graph points to a
   SharedFunctionInfo, where the old object graph contains a matching
   SharedFunctionInfo for the same function literal, then that pointer
   is updated to point to the old SharedFunctionInfo.

The document at [0] includes diagrams showing an example merge on a very
small script.

Steps 1 and 2 above are pretty simple, but step 3 requires walking a
possibly large set of objects, so this new API lets the embedder run
step 3 from a background thread. Steps 1 and 2 are performed later, on
the main thread.

The next important question is: in what ways can the old script's object
graph be modified during the background execution of step 3, or during
the time after step 3 but before steps 1 and 2?

A. SharedFunctionInfos can go from compiled to uncompiled due to
   flushing. This is okay; the worst outcome is that the function would
   need to be compiled again later. Such a risk is already present,
   since V8 doesn't keep IsCompiledScopes for every compiled function in
   a background-deserialized script.
B. SharedFunctionInfos can go from uncompiled to compiled due to lazy
   compilation. This is also okay; the merge completion logic on the
   main thread will just keep this lazily compiled data rather than
   inserting compiled data from the newly deserialized object graph.
C. SharedFunctionInfos can be cleared from the Script's weak array if
   they are no longer referenced. This is mostly okay, because any
   SharedFunctionInfo that is needed by the background merge is strongly
   referenced and therefore can't be cleared. The only problem arises if
   the top-level SharedFunctionInfo gets cleared, so the merge task must
   deliberately keep a reference to that one.
D. SharedFunctionInfos can be created if they are needed due to lazy
   compilation of a parent function. This change is somewhat troublesome
   because it invalidates the background thread's work and requires a
   re-traversal on the main thread to update any pointers that should
   point to this lazily compiled SharedFunctionInfo.

At a high level, this change implements three previously unimplemented
functions in BackgroundDeserializeTask (in compiler.cc) and updates one:

- BackgroundDeserializeTask::SourceTextAvailable, run on the main
  thread, checks whether there is a matching Script in the Isolate
  compilation cache which doesn't already have a top-level
  SharedFunctionInfo. If so, it saves that Script in a persistent
  handle.
- BackgroundDeserializeTask::ShouldMergeWithExistingScript checks
  whether the persistent handle from the first step exists (a fast
  operation which can be called from any thread).
- BackgroundDeserializeTask::MergeWithExistingScript, run on a
  background thread, performs step 3 of the merge described above and
  generates lists of persistent data describing how the main thread can
  complete the merge.
- BackgroundDeserializeTask::Finish is updated to perform the merge
  steps 1 and 2 listed above, as well as a possible re-traversal of the
  graph if required due to newly created SharedFunctionInfos in the old
  Script.

The merge logic has nothing to do with deserialization, and indeed I
hope to reuse it for background compilation tasks as well, so it is all
contained within a new class BackgroundMergeTask (in compiler.h,cc). It
uses a second class, ForwardPointersVisitor (in compiler.cc) to perform
the object visitation that updates pointers to SharedFunctionInfos.

[0] https://docs.google.com/document/d/1UksB5Vm7TT1-f3S9W1dK_rP9jKn_ly0WVm_UDPpWuBw/edit

Bug: v8:12808
Change-Id: Id405869e9d5b106ca7afd9c4b08cb5813e6852c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3739232
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81941}
2022-07-25 17:29:06 +00:00
Tobias Tebbi
3e6ad9f2b6 [builtins] add builtins PGO profiling data for x64
Bug: v8:10470
Change-Id: I67e1962c17caecdf7cd9e8ac64ce7e4c0d694a21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776693
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81938}
2022-07-25 16:12:21 +00:00
Leszek Swirski
e93a09c212 Revert "Reland "cppgc: Enable pointer compression by default on Desktop""
This reverts commit c3f18ae6ab.

Reason for revert: Speculative revert for https://luci-milo.appspot.com/ui/inv/build-8807661142690641489/test-results?q=conformance%2Fogles%2FGL%2FgreaterThanEqual%2FgreaterThanEqual_001_to_008.html

Original change's description:
> Reland "cppgc: Enable pointer compression by default on Desktop"
>
> - The data race on atomic memcpying/memsetting was fixed;
> - All the known alignment issues in Blink were fixed;
> - Several perf optimizations were applied.
>
> Original change's description:
> > cppgc: Enable pointer compression by default on Desktop
> >
> > The CL enables pointer compression in Oilpan.
> >
> > For sherrifs: the CL may cause some slight perf regressions (likely
> > blink_perf.*), due to slightly higher cost of compression and
> > decomrpession.
> >
> > Speedometer2 is not expected to regress, as was checked locally. Such a
> > slight performance degradation is compensated by memory savings that are
> > expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> > PMF).
>
> Bug: chromium:1325007
> Change-Id: I5fa9a06cb1fa5141f4e2b22e710007e2404a176b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762567
> Auto-Submit: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81914}

Bug: chromium:1325007
Change-Id: I15baa011500a2156871277c644a004b9cacfd5f4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3783991
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81930}
2022-07-25 15:17:20 +00:00
Anton Bikineev
c3f18ae6ab Reland "cppgc: Enable pointer compression by default on Desktop"
- The data race on atomic memcpying/memsetting was fixed;
- All the known alignment issues in Blink were fixed;
- Several perf optimizations were applied.

Original change's description:
> cppgc: Enable pointer compression by default on Desktop
>
> The CL enables pointer compression in Oilpan.
>
> For sherrifs: the CL may cause some slight perf regressions (likely
> blink_perf.*), due to slightly higher cost of compression and
> decomrpession.
>
> Speedometer2 is not expected to regress, as was checked locally. Such a
> slight performance degradation is compensated by memory savings that are
> expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> PMF).

Bug: chromium:1325007
Change-Id: I5fa9a06cb1fa5141f4e2b22e710007e2404a176b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762567
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81914}
2022-07-25 10:37:46 +00:00
Suraj Sharma
4baf6a2fde Separates ETW Stack Walking Events from Generic ETW Events
All ETW Events are controlled by v8_enable_system_instrumentation.
This flag is turned off when perfetto is enabled since traces events
flowing through TRACE_EVENT macros can't be intercepted by Recorder.

Since, stack walking Events don't use TRACE_EVENT it can be turned
back on, when using perfetto. Hence, creating a separate Build Flag
for emitting stack walking event until the recorder is ported.


Bug: v8:11043
Change-Id: I6cdb81400780e54fddf6d6e2476cad29c60483d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704465
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Suraj Sharma <surshar@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81879}
2022-07-22 04:25:37 +00:00
Andreas Haas
9e45c43327 Add the wasm-streaming fuzzer to the v8_fuzzers build group
R=clemens@chromium.org

Bug: v8:12926
Change-Id: Ie0744464f0f849e2ee4ec09cfc318bbf1f8b2dc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757890
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81867}
2022-07-21 11:55:26 +00:00
Clemens Backes
7b4c2ff5a3 [build] Enable -Wctad-maybe-unsupported
Enable a clang warning that embedders might enable, and fix issues
found by it.

R=ahaas@chromium.org, nicohartmann@chromium.org, mlippautz@chromium.org

Bug: v8:13069
Change-Id: I935f18872178f4421b441f33ef8ab1d8f030dfc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3760443
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81853}
2022-07-20 13:27:51 +00:00
Jakob Kummerow
3fd930a4a8 [build][win] Fix static lib builds
By making "v8_heap_base_headers" a "v8_header_set" instead of
a "v8_source_set".
Reported by Paul Harris on v8-users@.

Change-Id: I33263230631766e73f5d13aab497c47c98f807b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3776339
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81845}
2022-07-20 09:12:01 +00:00
Jakob Kummerow
966e6f02c1 [wasm] Expose disassembler to DevTools
Bug: v8:12917
Change-Id: I8942664831c591f9b5566ee5b1609f68948601e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749208
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81826}
2022-07-19 17:43:16 +00:00
Michael Lippautz
509ee760d9 cppgc: Avoid decompression for Member write barriers
Thread through compressed pointer into write barrier to allow to delay
compression after checking whether a write barrier is actually needed.

Change-Id: If7e6cbb69a57cc9aeeb551c11f685bace4e56c4c
Bug: chromium:1325007
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769826
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81816}
2022-07-19 15:23:16 +00:00
Samuel Groß
a7329344e5 [sandbox] Disable the sandbox by default outside of Chromium builds
To work properly and securely, the sandbox requires cooperation from the
Embedder, for example in the form of a custom ArrayBufferAllocator and
later on custom type tags for external objects. As such, it likely does
not make sense to enable the sandbox by default everywhere.

Bug: v8:10391, v8:13058
Change-Id: Ief2720122f70b9a1bc3f2e6802e60b5b95b855d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3771841
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81805}
2022-07-19 12:37:56 +00:00
Teodor Dutu
80d1dbe60b [build] Add build flag that enables pointer compression for 8GB heaps
Add the build flag `v8_enable_pointer_compression_8gb` which will enable
aligning all alocations to at least 8 bytes, instead of 4. The build
flag will affect tagged values (Smis and compressed pointers) that are
now aligned to 4 bytes. This new alignment is needed to support larger
V8 cages, with sizes of 8GB and larger.

Bug: v8:13070
Change-Id: I15fe1e0c8e0a105e831b756f502a4fcbf72f45a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3757891
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Teo Dutu <teodutu@google.com>
Cr-Commit-Position: refs/heads/main@{#81748}
2022-07-15 09:45:15 +00:00
ishell@chromium.org
2be2109032 [pku] Move PKU support from Wasm to base/platform
The header is only slightly refactored:
* function names are slightly shortened,
* global functions and enums are converted to static methods and enums
  of a MemoryProtectionKey class.

This is a first step towards adding PKU support for V8 code space.

Bug: v8:13023
Change-Id: Iebcb075b07286d18d6834fbcf6697327f08c9f50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3762584
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81732}
2022-07-14 21:54:29 +00:00
Samuel Groß
8a59678b83 [sandbox] Prepare ExternalPointerTable rollout
This CL does the following:
- It enables (i.e. allocates and initializes) the per-Isolate
  ExternalPointerTable when the sandbox is enabled.
- It refactors the list of external pointer tags to mark them as
  "sandboxed" or "unsandboxed". An unsandboxed external pointer has a
  null tag.
- It changes V8_SANDBOXED_EXTERNAL_POINTERS to now essentially just
  enable sandboxing for all available tags.
- It modifies all low-level external pointer accessors to perform the
  ExternalPointerLookup only if the tag is non-zero and otherwise treat
  the slot as containing a raw pointer.

This now allows rolling out external pointer sandboxing incrementally
(separately for each external pointer type), which will in turn allow
for more precise performance measurements of the impact of the sandbox.

Note: when an external pointer tag is now marked as sandboxed (and
V8_SANDBOXED_EXTERNAL_POINTERS is not enabled), the underlying slots are
still 64-bits in size. This simplifies the implementation as we would
otherwise need to deal with variably-sized external pointer slots. Local
benchmarking suggests that the benefits from 32-bit external pointer
slots are insignificant on typical benchmarks, so this should be ok.

Drive-by: rename kExternalPointerSize to kExternalPointerSlotSize to
make it more clear what it refers to (the on-heap storage size). Also
delete CodeStubAssembler::InitializeExternalPointerField as it is not
currently used and the implementation is fairly inefficient.

Bug: v8:10391
Change-Id: I7c38729c7e9048d737a1a8ced84749f5b1f7feab
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736447
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81636}
2022-07-11 13:34:54 +00:00
Tobias Tebbi
9d45d274b1 [turboshaft] port decompression optimization
Bug: v8:12783
Change-Id: Ib23aa682054bfcf35efe1adef64fc97afe8f9619
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743642
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81615}
2022-07-08 16:34:30 +00:00
Michael Achenbach
01e00334ff [build] Create a group for light gcc targets.
Bug: v8:13005
Change-Id: I25f44231d936d7b3688898e6941d3877f31fafd3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751205
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81589}
2022-07-07 15:10:32 +00:00
Leszek Swirski
76356780aa [maglev] Add a maglev-specific safepoint mechanism
Maglev groups all its tagged spill slots together, and the number of
them doesn't change. This means that the generality of the existing
safepoint mechanism is massive overkill for maglev code.

This patch adds a maglev-specific safepoint table, which is the
safepoint of a code object if-and-only-if that code object has maglev
code. This safepoint stores the number of tagged and untagged slots
once, globally, and individual entries are just used for deopts and for
storing the state of pushed registers (this is currently unused, but
will be used in the future for pushing registers in deferred calls).

Bug: v8:7700
Change-Id: I15f84a6e957357825e84e33238f8a36f2e0b3012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747858
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81564}
2022-07-06 16:38:27 +00:00
Michael Achenbach
6639962a32 [build] Silence gcc warnings on coverage bot.
GCC warnings are already treated as failures on other bots. They don't
add value on the coverage bot and only block creating reports.

Bug: v8:13005
Change-Id: I2d55288a4790e8cd508cdb8340265c696e44b671
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747864
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81552}
2022-07-06 13:09:06 +00:00
Jakob Kummerow
7890a89d47 [wasm] Add FunctionBodyDisassembler
Unused as of this CL; users will follow.

Bug: v8:12917
Change-Id: I82658ea8a401834a5b3661068766bbdfec54d5a4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726214
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81533}
2022-07-05 14:47:31 +00:00
Anton Bikineev
603ab6593b Revert "Reland "cppgc: Enable pointer compression by default on Desktop""
This reverts commit 111d20bb7c.

Reason for revert:
- crashes
- flaky test failures
- ubsan errors
- Speedometer regression

Original change's description:
> Reland "cppgc: Enable pointer compression by default on Desktop"
>
> Reland since ubsan failures were fixed.
>
> Original change's description:
> > Revert "cppgc: Enable pointer compression by default on Desktop"
> >
> > This reverts commit 4cf08c1ac6.
> >
> > Reason for revert: broke ubsan.
> >
> > Original change's description:
> > > cppgc: Enable pointer compression by default on Desktop
> > >
> > > The CL enables pointer compression in Oilpan.
> > >
> > > For sherrifs: the CL may cause some slight perf regressions (likely
> > > blink_perf.*), due to slightly higher cost of compression and
> > > decomrpession.
> > >
> > > Speedometer2 is not expected to regress, as was checked locally. Such a
> > > slight performance degradation is compensated by memory savings that are
> > > expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> > > PMF).
> > >
> > > Bug: chromium:1325007
> > > Change-Id: I2e31fc56250dbe6354a7614fa1f9e926260d842b
> > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695565
> > > Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> > > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > > Cr-Commit-Position: refs/heads/main@{#81442}
> >
> > Bug: chromium:1325007
> > Change-Id: Iabc31ed683841ba0189dee9028da330dc03d7e09
> > No-Presubmit: true
> > No-Tree-Checks: true
> > No-Try: true
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735168
> > Auto-Submit: Anton Bikineev <bikineev@chromium.org>
> > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> > Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#81443}
>
> Bug: chromium:1325007
> Change-Id: Ifc8ea0e73e99d9be622e27d3d4c79d0e35fd459c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735128
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/main@{#81486}

Bug: chromium:1325007
Change-Id: I35d9085b9c39fd212002f098a3a015d0db7504a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743468
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81516}
2022-07-05 04:46:30 +00:00
Jakob Kummerow
f76486e60a [wasm][refactor] Move ModuleDecoderImpl to -impl.h
Ctrl+X, Ctrl+V. No change in behavior.
This is a preparational step for templatizing the module decoder
for disassembler purposes.

Bug: v8:12917
Change-Id: I08a5d2e666cd16a207e9862b2691446c0473ddb0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738221
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81489}
2022-07-01 11:43:09 +00:00
Anton Bikineev
111d20bb7c Reland "cppgc: Enable pointer compression by default on Desktop"
Reland since ubsan failures were fixed.

Original change's description:
> Revert "cppgc: Enable pointer compression by default on Desktop"
>
> This reverts commit 4cf08c1ac6.
>
> Reason for revert: broke ubsan.
>
> Original change's description:
> > cppgc: Enable pointer compression by default on Desktop
> >
> > The CL enables pointer compression in Oilpan.
> >
> > For sherrifs: the CL may cause some slight perf regressions (likely
> > blink_perf.*), due to slightly higher cost of compression and
> > decomrpession.
> >
> > Speedometer2 is not expected to regress, as was checked locally. Such a
> > slight performance degradation is compensated by memory savings that are
> > expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> > PMF).
> >
> > Bug: chromium:1325007
> > Change-Id: I2e31fc56250dbe6354a7614fa1f9e926260d842b
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695565
> > Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#81442}
>
> Bug: chromium:1325007
> Change-Id: Iabc31ed683841ba0189dee9028da330dc03d7e09
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735168
> Auto-Submit: Anton Bikineev <bikineev@chromium.org>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81443}

Bug: chromium:1325007
Change-Id: Ifc8ea0e73e99d9be622e27d3d4c79d0e35fd459c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735128
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81486}
2022-07-01 10:14:34 +00:00
Shu-yu Guo
0d6e95b43e [change-array-by-copy] Implement TypedArray.prototype.toSpliced
Bug: v8:12764
Change-Id: I5f915d1c4dad22f1ce12423f6149a85ad32d6725
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3733043
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81477}
2022-06-30 21:47:38 +00:00