Upon destroying a v8::TracedReference while concurrent marking is
running, we merely reset the object pointer but do not get rid of the
global handle.
We were also restting the parameter which would read the internal
state for a DCHECK. Remove this clearing as the parameter field is not
used for v8::TracedReference.
Bug: chromium:1324074
Change-Id: Ic21bad78deba0925e12c3fc1215b087d0ef5dd7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637796
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80459}
This prevents "ambiguous call" warnings when compiling in C++20 mode.
Bug: chromium:1284275
Change-Id: I52f782aaddfad1920e4b2df5e916b2c292cc7cff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630346
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80458}
UnsafePointerAdd is unnecessary as long as a proper bitcast is used
before the addition. The bitcast is already in the effect chain and
prevents the addition from floating before a GC operation.
Change-Id: Ieadb8a51d2d24eaa1132a62c77c674954f7e2644
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616727
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80457}
Deprecate the existing parameter to treat global objects as roots as
this is implied by exposing internals.
Bug: chromium:1321620
Change-Id: I73a8124d63f87599dee7080980844c418eb3b5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637797
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80456}
Deprecate the OOMErrorCallback such that we can add a new parameter for
OOM details.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I72c931ad0d1b75cda46e8815387098acbe091c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632106
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80453}
This is a reland of commit e8cac3776e
Broken jitless mode is fixed in a separate CL.
Original change's description:
> [rwx][mac] Enable fast W^X on Apple Silicon (M1)
>
> Bug: v8:12797
> Change-Id: I53bb803dd77db5bdd42b1a1b4b568e63857adf31
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3598861
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80396}
Bug: v8:12797
Change-Id: I5436ceced5d4673f3b80d9cacdb3d6e84012c6e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635720
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80450}
This CL adds the array type flag to distinguish between
sparse array and dense array and adds serialization
and deserialization for sparse array.
Bug: v8:11525
Change-Id: Ia302af017d6f52924256a2b3fa9e3d2b34caa442
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629739
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80449}
Since we now promote all young objects into old space on full GCs, we
don't need to sweep pages for iterability anymore in new space.
Minor MC doesn't need to make a page iterable when promoting the full
page into the new space. This is because maps are not reclaimed during
a minor GC.
Bug: v8:12760
Change-Id: I16d666e417d00ebf450453864cbd87afd6606afc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635723
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80447}
Objects might be in a partially initialized state during deserialization
which makes collecting gc-stats tricky.
Bug: v8:12678
Change-Id: I154328adda432bf8e3588c96455c1bd8d527ef43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635722
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80446}
Doc: https://bit.ly/revive-restart-frame
This CL implements support for the Debugger's "restart frame"
functionality in the unwinder. When the debugger wants to restart
a frame, we throw a termination exception. The unwinder checks if we
are currently in "restart frame mode", and if so, drops execution
into a special builtin instead of trying to find a catch handler.
Optimized frames are handled similarly, but the deoptimizer has to
materialize the frames first before also dropping into the
special builtin.
Drive-by: Rename `ShouldRestartFrame` to `IsRestartFrameScheduled`, so
we can reuse the name `ShouldRestartFrame` as a query method to check
if a specific frame is the frame we want to restart.
R=jarin@chromium.org, tebbi@chromium.org
Bug: chromium:1303521
Change-Id: Iff4f5761f970b65e22485f78ee0fd85da620ce66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613397
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80443}
In some cases we were still trying to change permissions of RWX pages
which is not allowed.
Bug: v8:12797
Change-Id: I9f4ca319d842c524fc6f60bfd3bb3726f8d3029d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635719
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80442}
URLs can be fairly long and the original 512 char limit is not enough
for many google pages.
Change-Id: Id4f81214e3fedebc80f26c49034c0997397e10fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634779
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80439}
Avoid zapping freed memory in NotifyObjectSizeChange. This fixes the
linked performance regression introduced with
https://crrrev.com/c/3607992. Beginning with that CL we would always
zap freed memory on the main thread, while previously we only did this
in CreateFillerForArray when the FixedArray could actually contain
references.
While we could restore the previous behaviour as well, we simply stop
zapping freed memory in NotifyObjectSizeChange altogether for better
throughput. The reason for zapping was to reduce floating garbage.
However this is only relevant for incremental marking which is only
enabled for about <1% of the overall runtime.
Bug: v8:12578, chromium:1322882
Change-Id: I004ee712b924c53edac87810504d04aa7f4a50d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634960
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80438}
This way we can use it later in the pipeline for optimizations.
Change-Id: I0e97d061fd3d474ca7033ed2b68f43b52617d3e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634961
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80437}
Add new opcode numbers for relaxed-simd opcodes as in:
https://github.com/WebAssembly/relaxed-simd/pull/61, and updates
for decoded opcodes larger than two bytes.
Bug: v8:12284
Change-Id: I0bff22812243a39599bfeee3c0bc69171dd3c7d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3625835
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80432}
Port 3e43010abb
Original Commit Message:
New trace events:
- finished OSR compilation.
- entry into OSR code.
Since the latter now happens without a trip into runtime, tracing is a
bit more involved - we need to check FLAG_trace_osr in generated code,
and call a runtime function if it is set.
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I2f09eb755dd5986d94f736280ad38574129085e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635717
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80431}
Builtins are not snapshotted, but instead we insert "builtin wrappers"
into the snapshot, and create references to the corresponding builtin
when deserializing.
Subclassing builtins will be implemented in a follow-up CL.
First version: https://chromium-review.googlesource.com/c/v8/v8/+/3630080
Fix: initialize builtin_objects_handle_
Bug: v8:11525,v8:12820
Change-Id: Ia2b5d41af5d7f577f1b02356b22a8760963009e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635718
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80430}
Many uses of "volatile" are deprecated in C++20 because they don't
actually do anything. Remove "volatile" in these cases.
Bug: chromium:1284275
Change-Id: I64a3989d73f25e0cd933375dd6fa0b3f2b3acb54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630343
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80428}
In the previous refactoring --filter was accidentally filtering out
paths that matched <regexp>. This CL restores the original behavior
where only the matching paths are kept.
Bug: v8:12821, v8:11113
Change-Id: I7e7d7b793107fbf9b4944b1674874150803f4bb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623539
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80426}
Multiple code spaces are cheaper on 32-bit systems, because we can
directly call between them. Over-reservation on the other hand increases
the chance for OOMs. Hence reduce the code space estimation (used for
the initial reservation) on 32-bit systems.
Numbers were obtained from an older Epic module, Photoshop, and AutoCAD.
I'll keep an eye on the {V8.WasmModuleNumberOfCodeSpaces} counter.
R=ahaas@chromium.org
Change-Id: Ide804eaf46e8ba9bb48fcb41f23f1facc910645e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634778
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80425}
This adds a typedef for LegacyOOMErrorCallback, which is identical to
OOMErrorCallback. Embedders will need to switch to
LegacyOOMErrorCallback so that we can change the definition of
OOMErrorCallback (see https://crbug.com/1323177).
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I92312a577ca49e0174f2bb6b914cc11c3a0b0fc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632305
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80424}
... Profiler::Remove.
In Profiler::Insert and Profiler::Remove, TSAN cannot
figure out that when head_ and tail_ equals, Profiler::Insert
will always execute before Profiler::Remove, and tsan
will report data race between buffer_[head] write and
buffer_[base::Relaxed_Load(&tail_)]. This CL changes the
tail_ atomic load and store memory order to gurantee that
buffer_ read and write always after and before tail_ load
and store, which gives tsan more constraint.
Bug: v8:12838
Change-Id: I50296ffa4606b288e9ad9edc15d42f21ca1c7d2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3626454
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Cr-Commit-Position: refs/heads/main@{#80421}
New trace events:
- finished OSR compilation.
- entry into OSR code.
Since the latter now happens without a trip into runtime, tracing is a
bit more involved - we need to check FLAG_trace_osr in generated code,
and call a runtime function if it is set.
Drive-by: Slightly reorganize other OSR tracing.
Bug: v8:12161
Change-Id: I3096424ca7d47a19802281a0e0a39f7f3394c12b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629331
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80420}
Builtins are not snapshotted, but instead we insert "builtin wrappers"
into the snapshot, and create references to the corresponding builtin
when deserializing.
Subclassing builtins will be implemented in a follow-up CL.
Bug: v8:11525,v8:12820
Change-Id: If72695d46bdfc8bf7e477471be1264b668551854
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630080
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80419}
There are currently several flags to tune V8's optimisation level:
--sparkplug, --maglev, --opt
This CL tries to make this simpler by introducing yet another flag.
--max-opt limits the maximum optimisation tier and avoids the common
error to mistake --no-opt with no dynamic optimisations.
Settings:
--max-opt=999 Allow all optimisations, default configuration.
Any number > 3 will do, as long as no other tier will be
added.
--max-opt=0 Allow only ignition
--max-opt=1 Allow up to sparkplug
--max-opt=2 Allow up to maglev
--max-opt=3 Allow up to turbofan
Bug: v8:12825
Change-Id: Iff9a0fcccdf05e9770168053a1430303613a7299
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605816
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80418}
Turn on fuzzing for Maglev to get additional test coverage.
Bug: v8:7700
Change-Id: I5b72d851639e31dff1bd91361cd81ad448c2d69e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629334
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80416}
Allocation granularity (8 bytes on 64bit platforms) is already subsumed
by whatever range size we choose.
Bug: chromium:1029379
Change-Id: Iab95e6f36955c9ffbbe9ea0c98cb9d1f8dd0337b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629869
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80415}
With the introduction of the StringForwardingTable, there are no
concurrent transitions of strings happening anymore.
- Remove String migration sentinel maps + helper methods
- Remove CanMigrateInParallel()
- Remove MigrateStringMapUnderLockIfNeeded() and simplify MakeThin()
There is still unused code I didn't remove in this CL, as we might need
it later for shared struct features: YIELD_PROCESSOR for spinlocks and
Relaxed_Memcmp().
Bug: v8:12007
Change-Id: Iaa09ef93d2ee612e42cd73395a06eada22fe7dae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629545
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80414}
Change kUTCTimeZoneIndex to int32_t from uint32_t
And compare index against 0.
Bug: v8:11544
Change-Id: Ib7dd55cab796d1d9a4b0e2869b098520265a04f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632678
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80412}
