This is no longer needed as all backing store allocations must now be
located inside the sandbox after sandboxed pointers were enabled by
default when the sandbox is enabled.
Bug: chromium:1218005
Change-Id: Id2d5feba878e1a6a5775ae3fef4012d0e7fe667a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738742
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81488}
This was already removed as part of the lazy api accessor work, but
was never cleaned up throughout v8.
Change-Id: I00621d0e0f33c58efaed0f6b55cd22f1f8803825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735131
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81481}
The previous combination of a conditional and an unconditional move
produced an incorrect value when dst == rhs and lhs contained the
expected result.
Fixed: chromium:1338980
Change-Id: If3f722999ed9c0ffd687736280d048d232d75736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3738219
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81475}
This is a performance improvement; no change in functional
behavior is intended.
AdaptiveMap is an abstraction over a std::map or a std::vector:
after being initialized iteratively with a set of entries, it
can switch to dense vector-based storage if that would be more
efficient.
The motivation is that we expect most name sections, if they
are present at all, to give fairly complete information, so the
dense mode will likely be the typical case. However, it's easy
enough to support sparse mode as well, and parsing the name
section into a std::map at first is particularly convenient for
cases where we can't guess the expected number of entries, such
as for function locals.
Change-Id: Ia17f27576a3061eb05c912f7081411d6f38137e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726150
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81474}
If the WordAnd aims to take low 8/16/32 bits of an oprand for later cmp8/cmp16/cmp32, it can be removed.
Change-Id: I0040e596ab65a6a9255ddbdb4fca573fd765879e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3731488
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81473}
This is a partial reland of https://crrev.com/c/3597106
With this change, an existing Script from the compilation cache can be
reused after its top-level SharedFunctionInfo was discarded, but only if
the new script is parsed on the main thread (not deserialized from code
cache data, and not parsed on a background thread).
Bug: v8:12808
Change-Id: I1edaee2095306a89e2c3b91f2fd01ac053f3c770
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689348
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81472}
This reverts commit a618a4a341.
Reason for revert: Original CL got reverted, we don't need the suppression anymore.
Original change's description:
> [foozzie] Silence a frequently occuring correctness bug
>
> This CL adds back a patch of Math.pow for correctness fuzzing, which
> drops some precision and hides a difference on the fast path.
>
> The same suppression was previously used on https://crbug.com/693426.
>
> No-Try: true
> Bug: chromium:1339320
> Change-Id: Id52f25f8a2b6b5aeca956587b16a10c61aa68e36
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726295
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Auto-Submit: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81408}
Bug: chromium:1339320
Change-Id: Id4cf04f9480b3052978ee7ca3dd83d7ee16845c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736446
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81470}
MinorMC maintained a separate marking state to support interleaved GCs.
Since MinorMC now assumes that interleaving is not possible, MinorMC can
use the same marking state as the full GC.
Bug: v8:12612
Change-Id: Ibeb7df2eb24e448f811b497c9d16b3b132f87ec2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735163
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81468}
The set of registers used for Pop/PushCallerSaved is a superset of the
ABI caller-saved registers. In the past it may have been the case that
these extra registers had to be saved, but at this point
Pop/PushCallerSaved is only used for fast C calls from JS, so we can
rely on the C-compiled functions saving callee-saved registers
correctly, and only save ABI-required registers ourselves.
Change-Id: I2a172bdbb381a1485654e54e3561d695b6672ed0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735130
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81467}
This file uses inline assembly, but inline assembly does not work
for cross-compilation. As this file only contains debug code, no-oping
this file for cross-compilation seems acceptable.
R=ishell@chromium.org
Bug: v8:12926
Change-Id: I01276cf019e8c31e4db6f7f61a3d91526f660578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735165
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81466}
This is a necessary assumption for concurrent marking in MinorMC and
will simplify the code as it allows MinorMC to reuse the same marking
bitmap as full GCs.
Bug: v8:12612
Change-Id: I5e9be45c7d84320721ce7f7578dee1eb972d6f6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732933
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81465}
This reverts commit 83470dee90.
Reason for revert: Introduced inconsistencies with the runtime (https://crbug.com/chromium/1339320) and increased inaccuracy
(https://crbug.com/v8/12996). Even though this is currently not specified, the speed improvement doesn't seem to be worth the
lower precision.
Bug: chromium:1339320, v8:12996
Original change's description:
> [turbofan] Add fast path for Math.pow with small positive integer exponent
>
> For small positive integer exponents, calculate the result with an inlined loop.
>
> This change may improve the average runtime of JetStream2/raytrace for ~8%.
>
> Change-Id: I0e3939dc9c21b0c392c04d61fd197bf618004ab4
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3708024
> Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81341}
Change-Id: Idfaa229b3d37a1831f016453c6091d2498cb6bcd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735129
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#81463}
On old iPhones, jscvt is not availale. This CL diables jscvt on iOS in
general.
R=tebbi@chromium.org
Bug: v8:13004
Change-Id: Ib2651d7fa43892c06dc8c36e497a8c76344b5051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3726297
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81462}
We need this to expand the max input count to be big enough for our
biggest calls (and to add more bits to the op properties).
Bug: v8:7700
Change-Id: I6d63cf39b3079c3c85a32f208ce925ae795ef5a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3734811
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81461}
Stack scan during marking for shared heap broke in
https://crrev.com/c/3703837
This CL re-adds the client Isolate handling which is necessary as
those client Isolates may refer to the shared Isolate from stack.
Bug: v8:13019
Change-Id: I1ee27fb8bab173087a98a0b79f4126612427b016
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736444
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81460}
Waiting for a background thread to finish a task isn't going to
work when there are no background threads. Luckily, we can sidestep
the problem by compiling with Turbofan immediately, instead of
triggering dynamic tier-up through repeated execution. As a nice bonus,
this makes the test faster in non-predictable modes too.
Fixed: v8:13020
Change-Id: I2d47bc07bbde48a210c6ea59551ae16e63bdae05
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736443
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81459}
In DebugPropertyIterator::iterator() we were assuming that the call to
JSReceiver::GetOwnPropertyDescriptor() would always yield either an
exception or a valid property descriptor. But that's not guaranteed to
be the case (anymore), because JSReceiver::GetOwnPropertyDescriptor()
nowadays can chicken out with `false` for many different reasons.
Coincidentally the callsites to DebugPropertyIterator::iterator() are
already equipped to handle the case where of an empty property
descriptor, which is basically what we get out here. So this CL adjusts
the DebugPropertyIterator to return an empty descriptor in this case.
Fixed: chromium:1291240
Change-Id: I22a9d0cde2b2c6d3966a85478ed0b87fb4c5d232
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736445
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81458}
port commit b9c4a84955
Change-Id: Id2764f7b37b287a76bd9b22e55f4153b9b619bd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736554
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#81454}
Shifting negative integrals is undefined behavior. The CL simply
switches to uint64_t when decompressing, which anyway results in
sign-extension (in standard terms, integral promotion must preserve the
value and the sign of the source operand).
The CL doesn't have any functional changes, the generated code is the
same. It only fixes the ubsan report.
Bug: chromium:1325007
Change-Id: I491a87b84d4e98b0225f76825dac2f9e85f168d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3736442
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81452}
GCC doesn't have __attribute__((require_constant_initialization)). Use
it only for clang.
Bug: chromium:1325007
Change-Id: Ide5d428ed107d3244072774c0031c042ed0cee31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735125
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81447}
NamesProvider class:
This consolidates logic used so far for the debugger interface.
It also adds support for the "extended name section" proposal:
https://github.com/WebAssembly/extended-name-section
StringBuilder class:
Like std::ostringstream, but 4x faster for this use case.
This lays the groundwork for an updated Wasm disassembler.
Bug: v8:12917
Change-Id: I98aa258147834bc0e314ba98c5927b4cd6070b8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3720714
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81446}
We might be racing with code that resets the age to 0, causing CAS to
fail (or us to read an already reset value).
Change-Id: I3ba555d64d48c4e2d2399978427c764c0e6e7128
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735167
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81445}
This reverts commit 4cf08c1ac6.
Reason for revert: broke ubsan.
Original change's description:
> cppgc: Enable pointer compression by default on Desktop
>
> The CL enables pointer compression in Oilpan.
>
> For sherrifs: the CL may cause some slight perf regressions (likely
> blink_perf.*), due to slightly higher cost of compression and
> decomrpession.
>
> Speedometer2 is not expected to regress, as was checked locally. Such a
> slight performance degradation is compensated by memory savings that are
> expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
> PMF).
>
> Bug: chromium:1325007
> Change-Id: I2e31fc56250dbe6354a7614fa1f9e926260d842b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695565
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81442}
Bug: chromium:1325007
Change-Id: Iabc31ed683841ba0189dee9028da330dc03d7e09
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735168
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81443}
The CL enables pointer compression in Oilpan.
For sherrifs: the CL may cause some slight perf regressions (likely
blink_perf.*), due to slightly higher cost of compression and
decomrpession.
Speedometer2 is not expected to regress, as was checked locally. Such a
slight performance degradation is compensated by memory savings that are
expected to be around 10-20% of Oilpan committed size (~2.5-5% of Renderer
PMF).
Bug: chromium:1325007
Change-Id: I2e31fc56250dbe6354a7614fa1f9e926260d842b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695565
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81442}
gcc warns against passing a nullptr to a printf '%s' string print, and
the default args of varint consuming functions in the wasm decoder were
providing a null name.
Bug: chromium:1307180
Change-Id: I7a4e7a38119c2568025a597423d391a7c2c573f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3735123
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81441}
Add parser support for wasm instructions that create stringrefs from GC
arrays, and which encode strings to GC arrays.
Bug: v8:12868
Change-Id: I38446855b7a55366f8107970811aec935defcdb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3732935
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andy Wingo <wingo@igalia.com>
Cr-Commit-Position: refs/heads/main@{#81440}
