... to avoid additional indirection on every access.
Drive-by: given that AccessorInfo class now has a custom body visitor
it's no longer necessary to encode flags field as Smi.
Bug: v8:12949
Change-Id: I30eabee3cbc5ded2bf3f050dfe22208713a764bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3701590
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81237}
Remove finalization step of incremental marking. The step was
historically used to process embedder/weak work on the main thread
before invoking the atomic pause. Remove the infrastructure as the
step is not needed anymore and actually required a safepoint.
Change-Id: I208767bbac3d9a06a0b3c67aa9779f8a5fa07328
Bug: v8:12775
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702801
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81234}
... in order to distinguish OOMs caused by code range exhaustion from
other OOMs.
Bug: v8:11880
Change-Id: Ic27242bee7dd7b68673ea478d5972a055ec58943
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707289
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81232}
f8(fs0) is callee saved so that we should not use it to hold return value in the float_min_max test case.
Change-Id: I7039918cc434462dd956339d4263811543e23a94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3711284
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81230}
Rolling v8/build: 7e8d64b..5ee7989
Rolling v8/buildtools: 8b16338..34f9ff8
Rolling v8/buildtools/third_party/libc++/trunk: 1a63708..b126981
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/0eef537..b83d69f
Rolling v8/third_party/depot_tools: c5c4853..9a3c4bc
Rolling v8/tools/clang: aab5788..f68dc6b
Rolling v8/tools/luci-go: git_revision:de014227dd270df7c61bfab740eb4ae4b52ac2a7..git_revision:df39938896c4603fb2a214a2430450a85d9cca81
Rolling v8/tools/luci-go: git_revision:de014227dd270df7c61bfab740eb4ae4b52ac2a7..git_revision:df39938896c4603fb2a214a2430450a85d9cca81
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I11e049b61608a0f43f04dfa4b88ca569dfc56d6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712646
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81229}
This CL corrects the selection and print of fcfid variations
(singe and double precision).
Change-Id: I438a76793ec5fdb814ea6bc46bd0a2b0c9b2acd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3712063
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81226}
Due to shared GCs it's easy to accidentally deadlock V8 by forgetting to
park a thread before blocking.
This CL does the following:
- Adds ParkingConditionVariable and ParkingSemaphore, which hide
the Wait[For] methods in favor of ParkedWait[For], which parks the
thread before blocking the thread.
- Migrate to the Parking* variants in JS shared memory tests.
Bug: v8:11708
Change-Id: I6d1b2b26a05e7df0a69a1614c03308f538a8782f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708017
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81225}
In addition to checking that a node is owned, CanCover() also needs to
check if there are any side-effects in between the current node and
the merged node. When merging inputs of inputs, this check was done
with the wrong side-effect level of the in-between node.
We partially fixed this before with `CanCoverTransitively`.
This CL addresses the issue by always comparing to the side-effect
level of the node from which we started, making `CanCoverTransitively`
superfluous.
Bug: chromium:1336869
Change-Id: I78479b32461ede81138f8b5d48d60058cfb5fa0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707277
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81217}
Drive-by: include the right header in sandboxed-pointer-inl.h and fix
missing sandbox initialization in generate-bytecode-expectations.cc.
Bug: v8:10391
Change-Id: Ic39ba04b7c98eaa58ea3943189c23b297f581f5a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630082
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81216}
This enables the --freeze-flags-after-init flag globally. Note that
tests, fuzzers, Node and other still explicitly disable the flag. The
chrome renderer process and default d8 execution will have it enabled
though.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I9a15ef64227e5e6e04779d8d671a2c50d99c9097
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695264
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81214}
This reverts commit 8325f86df3.
Reason for revert: Speculative revert for chromium:1336850.
Original change's description:
> [heap] Sweep code pages on the background thread
>
> We already make code pages writable & executable for concurrent
> Sparkplug. We can use the same mechanism for sweeping of code pages on
> the background thread, instead of scheduling incremental tasks on the
> main thread. This allows us to remove almost all special
> handling for code pages in the sweeper and allows us to off-load more
> work from the main thread.
>
> Bug: v8:12967
> Change-Id: Idb8e9f8e2eadbec26a386f2de683a80087f671f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695557
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81139}
Bug: v8:12967, chromium:1336850
Change-Id: I1fb775892c2679984221efa7ceb682800c88cb2f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707274
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81213}
This reverts commit 035ba1d8f5.
Reason for revert: fails on Blink Linux Debug bots:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux%20Debug/14932/overview
Original change's description:
> [wasm] Use the API callback to resolve the wasm result promise
>
> This CL switches resolving and rejecting the wasm result promise from
> the V8-internal API to the external API added in
> https://chromium-review.googlesource.com/c/v8/v8/+/3695584.
>
> This CL can land once Chrome provided an implementation of the callback.
>
> R=jkummerow@chromium.org
>
> Bug: v8:12953
> Change-Id: I3ca395594b4e7b5018fdcdac8c215dd4d6bf8de0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695589
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81206}
Bug: v8:12953
Change-Id: I35f85d056e2c9063f5b1280c7a3e96a20d67fcad
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3709409
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81211}
This reverts commit be41754f9f.
Reason for revert: This change breaks the GCC component build (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20gcc%20-%20debug%20builder/1997/overview)
Original change's description:
> [wasm] Deprecate WasmModuleObjectBuilderSteraming
>
> This class is just dead code.
>
> Bug: v8:12926
> Change-Id: Ic780c0b1bf5b1e517aa919b820fad4ec083d9ef7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689581
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81169}
Bug: v8:12926
Change-Id: I8ef0dbd6ebaac0cbcc752338b7bfdf6049e6874c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707219
Owners-Override: Adam Klein <adamk@chromium.org>
Auto-Submit: Andreas Haas <ahaas@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81210}
Exceptions should propagate inside the logical stack, which can consist
of multiple wasm stack segments. When the outermost frame of the current
segment is reached, pick up the parent stack and continue the search
from there, and update the state to reflect the implicit stack switch.
Drive-by: cleanups.
R=ahaas@chromium.org
CC=fgm@chromium.org
Bug: v8:12191, v8:12960
Change-Id: Ia5cb39a6ae197fb68e635f986952419dc43c7b98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695376
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81208}
This CL switches resolving and rejecting the wasm result promise from
the V8-internal API to the external API added in
https://chromium-review.googlesource.com/c/v8/v8/+/3695584.
This CL can land once Chrome provided an implementation of the callback.
R=jkummerow@chromium.org
Bug: v8:12953
Change-Id: I3ca395594b4e7b5018fdcdac8c215dd4d6bf8de0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695589
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81206}
Changes:
- Rename InitExpression -> ConstantExpression in places which reference
the ConstantExpression type.
- Move ConstantExpression to its own file, along with ValueOrError and
EvaluateConstantExpression.
Change-Id: Ife572d783531216b6ea3d2626e4fbf4048463253
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3702798
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81204}
Rolling v8/build: 4be7c7b..7e8d64b
Rolling v8/buildtools/linux64: git_revision:2ecd43a10266bd091c98e6dcde507c64f6a0dad3..git_revision:e62d4e1938a45babc9afb6db543f388cd1802a52
Rolling v8/buildtools/third_party/libc++/trunk: b126981..1a63708
Rolling v8/buildtools/third_party/libc++abi/trunk: 013bcd8..2dba7d2
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d854027..0eef537
Rolling v8/third_party/depot_tools: b603090..c5c4853
Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220613.2.1..version:8.20220614.2.1
Rolling v8/tools/clang: 30892fa..aab5788R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I97d4ae83dccc42a36734fd2ae3b047632fac8be6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708478
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81203}
This is useful for cases where we're calling a Maybe-returning
function only for its side effects and possible exception-throwing.
Change-Id: I64e73598d40b3565d83cb17166c762d8affd7a84
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708022
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81201}
This is a reland of commit 76a07814b2
Changes compared to original:
- Add WasmArray::SetTaggedElement, which uses write barriers.
- In Factory::NewWasmArrayFromElementSegment, the new array may have
moved to OldSpace until it is initialized. Therefore, it needs write
barriers; use the new method for that.
- Small readability improvements.
Original change's description:
> [wasm-gc] Implement array.init_from_elem
>
> Bug: v8:7748
> Change-Id: I65dbb496302045820063bd0f4f9ea054e6a645bd
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695580
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81128}
Bug: v8:7748
Change-Id: Ic5def1886f662bddce72b8eaea274eb5e8ec0c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3704513
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81196}
This moves constant nodes to separate data structures on the graph so
they can be looked up there. Graph processors walk the constants before
walking other nodes.
Bug: v8:7700
Change-Id: Id4bec2c2a26011dcacf3355fe17d821451f79397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706625
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81195}
In addition change DCHECKs to CHECKs in StringForwardingTable.
The added CHECKs hopefully make it easier to reason about crashes on
canary.
Bug: chromium:1336516
Change-Id: I30bbabbc2a9186eaeac42c2963e7ae8dbb9fb527
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707103
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81194}
This is a partial reland of https://crrev.com/c/3597106 , except for the
changes in compiler.cc, which are just the minimal possible changes to
make the code compile.
With this change, it is possible that a call to
CompilationCache::LookupScript returns any of:
1. A Script and a toplevel SharedFunctionInfo (cache hit)
2. A Script but no toplevel SharedFunctionInfo (partial cache hit)
3. Nothing (cache miss)
Bug: v8:12808
Change-Id: Id33a4cd0cb28562d6b862fbb113ea9d03f255b2b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687425
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81193}
Namely the ones that might be locked for a second time by the sampling
profiler while iterating the call stack.
Bug: v8:12966
Change-Id: I081de804143e5ca4da4e2296919428b2c1bff1b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707105
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81192}
SIGABRT is harmless as it indicates a CHECK failure. Further, memory
access violations at non-canonical addresses and memory permission
violations should be ignored as well as they can legitimately be
triggered from memory corruption inside the sandbox and are not directly
exploitable. See code comments for more details.
Bug: v8:12878
Change-Id: Idddd805f5d52c87f2b67a974716acd5d5abf11cf
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707106
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81191}
