Currently the ability to create shared isolates is partially exposed to
API. Instead of fully exposing it, this CL makes shared isolate and
shared heap handling transparent to the embedder.
If a flag that requires the shared heap is true (currently
--shared-string-table and --harmony-struct), the first isolate created
in the process will create and attach to a process-wide shared isolate.
Subsequent isolates will attach to that shared isolate. When that first isolate is deleted, the shared isolate is also deleted.
Bug: v8:12547
Change-Id: Idaf2947bc354066c44f2d10243e10162b1b7e4d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848825
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82756}
This reverts commit a165e82ea7.
Reason for revert: SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/objects/js-temporal-objects.cc:3837:22
Original change's description:
> [Temporal] Use double/int32_t instead of int64_t for duration parsing
>
> Use double instead of int64_t and int32_t in duration parsing result
> so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
>
> Bug: v8:11544
> Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82754}
Bug: v8:11544
Change-Id: Ia9d0a014463b00640d43b051753a554f42171c2b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858575
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82755}
Use double instead of int64_t and int32_t in duration parsing result
so we can parse very large duration fields as infinity and throw RangeError in later stages. The three fractional parts can hold up value from 0 to 999,999,999 so we use int32_t to hold it. Other part could be infinity so we use double to hold it. Also rearrange the order of the three int32_t in the struct ParsedISO8601Duration after all the double
Bug: v8:11544
Change-Id: I7e5b02f7c7bbb60997f1419f016aed61dd3e0d6c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840761
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82754}
This change also modifies the way references are typed: Instead of
using the static type (which may be a generic type like anyref) the
actual type based on the referenced object is used.
While this is very useful for arrays and structs (and somewhat nice for
i31 not just being a number but also having some type information), it
means for non-null values that the reference type is "not nullable",
so it will show e.g. "ref $type0" although the static type might be
"ref null $type0".
Bug: v8:7748
Change-Id: I00c3258b0da6f89ec5efffd2a963889b1f341c3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852485
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82753}
This change follows up on 3cc931543f on which Table::grow() was missed.
Bug: v8:7748
Change-Id: I83dc4e4894354ad8c97e577da03d67a36f6d9443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3858227
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82752}
This reverts commit adb5e163ac.
Reason for revert: ClusterFuzz ain't happy. (crbug.com/1356461 and others)
Original change's description:
> [turbofan][x64] When spilling 32bit values, reload only 32 bits
>
> When we spill a register that we know contains only 32 interesting bits
> and then reload it from the spill slot, it's enough to reload its lower
> half. This may save a few bytes, and guards against accidental changes
> to the upper half (e.g. via pointer decompression).
>
> Bug: v8:13216
> Change-Id: I1d950d6e33d8ae94cf385af4f3e1db028bf333c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854506
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82704}
Bug: v8:13216
Change-Id: I8923cbe00c73191f2fdd51f361d7cd073f338a00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859323
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82750}
For the branching control flow structure we set up for feedback-directed
inlining-capable `call_ref` sequences, we have to manually take care of
the "instance cache nodes" in the SSA environment.
Drive-by: improve Runtime_WasmTierUpFunction to process type feedback,
making it usable for the included regression test.
Fixed: v8:13230
Change-Id: I06a449ad73af90b96d0cc15c3cb9a0e4bed87be6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859326
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82749}
Change the has-optimized FeedbackVector bit to two bits, one for Maglev
and one for Turbofan. Ignition and Sparkplug can check both bits, while
Maglev will only check the Turbofan one.
Bug: v8:7700
Change-Id: I95f6e4326180cac02f127a97438f960950f09d82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856569
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82748}
This is a left-over of the removal of the dynamic (rtt-based)
variants.
Bug: v8:7748
Change-Id: I93bb74a72543a5697f1102d283c7d65c6be99466
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856577
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82746}
Fixes undefined behavior, which manifests as a compiler error in C++20 in Google3.
This was caused by using members of vector<T> before T has been defined.
This change just massages the code a bit to get everything in the proper order.
See cl/468678068 on Google3.
Bug: chromium:1284275
Change-Id: I0b65e7f850e8dd1ed482be1b5cc0b8d9d77776eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3859343
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82745}
This is a reland of commit a31e8f242f
Remove the checking logic, which will be addressed in a separate CL.
Original change's description:
> [sandbox] Forbid double-initialization of ExternalPointerSlots
>
> Double initialization may cause the ExternalPointerTable compaction
> algorithm to behave non-optimally: Consider the case of an Entry E1 that
> is owned by a HeapObject O and is marked for evacuation during GC
> marking. In that case, a new entry E2 is allocated for it, and during
> sweeping, E1 will be evacuated into E2 and the Handle in O updated to
> point to E2. However, if a new entry E3 for O is allocated before
> sweeping, then during sweeping E3 (instead of E1) will be moved into E2.
> This may then violate the invariant that the compaction algorithms
> always evacuates an entry out of the evacuation area.
>
> This CL therefore forbids double initializaiton of external pointer
> slots and adds DCHECKs to attempt to catch these in debug builds.
>
> Bug: v8:10391
> Change-Id: I128dc930e8b3f863dab18ba648f34d68d8cb276b
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856563
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82729}
Bug: v8:10391
Change-Id: I6cef79f4adc340fdcdc291ad0f0c2210f5bf48cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857423
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82744}
This CL fixes a data race that was found using TSAN.
Bug: v8:13012
Change-Id: Ic29620edce116effea097a9f1d58532ba93b2224
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857424
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Cr-Commit-Position: refs/heads/main@{#82738}
This reverts commit a31e8f242f.
Reason for revert: Causes DCHECK failures with --stress-snapshot
Original change's description:
> [sandbox] Forbid double-initialization of ExternalPointerSlots
>
> Double initialization may cause the ExternalPointerTable compaction
> algorithm to behave non-optimally: Consider the case of an Entry E1 that
> is owned by a HeapObject O and is marked for evacuation during GC
> marking. In that case, a new entry E2 is allocated for it, and during
> sweeping, E1 will be evacuated into E2 and the Handle in O updated to
> point to E2. However, if a new entry E3 for O is allocated before
> sweeping, then during sweeping E3 (instead of E1) will be moved into E2.
> This may then violate the invariant that the compaction algorithms
> always evacuates an entry out of the evacuation area.
>
> This CL therefore forbids double initializaiton of external pointer
> slots and adds DCHECKs to attempt to catch these in debug builds.
>
> Bug: v8:10391
> Change-Id: I128dc930e8b3f863dab18ba648f34d68d8cb276b
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856563
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82729}
Bug: v8:10391
Change-Id: I37e6728cc16fe79fa7d743417dc9938d58fb0474
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3857422
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82732}
- Move StringForwardingTable implementation to own compilation unit.
- Refactoring preparing for layout change (Introduce explicit record
class to make transition from contiguous Tagged_t fields to a
heterogeneous record layout easier).
- Replace RootVisitor pattern for transitioning/cleanup during GC with
callback.
- Minor cleanups.
Bug: v8:12957
Change-Id: Iae343393f470130eac0c54148a1303b67fb95aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845635
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82730}
Double initialization may cause the ExternalPointerTable compaction
algorithm to behave non-optimally: Consider the case of an Entry E1 that
is owned by a HeapObject O and is marked for evacuation during GC
marking. In that case, a new entry E2 is allocated for it, and during
sweeping, E1 will be evacuated into E2 and the Handle in O updated to
point to E2. However, if a new entry E3 for O is allocated before
sweeping, then during sweeping E3 (instead of E1) will be moved into E2.
This may then violate the invariant that the compaction algorithms
always evacuates an entry out of the evacuation area.
This CL therefore forbids double initializaiton of external pointer
slots and adds DCHECKs to attempt to catch these in debug builds.
Bug: v8:10391
Change-Id: I128dc930e8b3f863dab18ba648f34d68d8cb276b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856563
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82729}
Bugs that are older than the switch of v8_foozzie.py to Python3
bisect to the switch commit unfortunately. This change attempts to
let bisect run longer if a python2 executable still exists.
No-Try: true
Bug: chromium:1355824
Change-Id: I457a50af21704ddd2985793861eee8be5601a673
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3856574
Reviewed-by: Liviu Rau <liviurau@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82728}
ThinStrings are not transitioned to other string representations, so we
shouldn't need the snapshotting protocol for them.
Change-Id: I17cee1a4171b10c441a005ac29bd232a0a065207
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852489
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82727}
This does not enable exception handlers yet, we still bail out in
MaglevCompiler::Compile if we have an exception handler table in
the bytecode array.
This CL:
- Generates code for exception handler blocks (which previously were
set as dead code)
- Creates a machinery for nodes to set the property CanThrow
- Reads the exception handler table from the bytecode array and
identifies if we're emitting nodes inside a try-block and for which
handler we should jump in case of an exception
- Generates an exception handler table for Maglev code
Change-Id: Ifc9d4cb7440d3222f4fda48a86e4e482340b3b15
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854061
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82726}
--stress-opt never did what we wanted it to; it ran its runs in
different contexts (therefore not able to share feedback across runs),
and even if it didn't, each run would create new closures for any
defined closures, so we'd still more than likely end up poly- or
mega-morphic.
Fuzzers cover this use case better than --stress-opt ever did, so now
it's just using precious bot time. We can get rid of it.
Bug: v8:10386
Change-Id: Ibbb9207d887b4b1dc4ec9093858d477c0f95eb37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3803228
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82722}
This CL simplifies the API calls by removing some instructions from
the most common path.
Bug: v8:11880
Change-Id: Id8a62c35af51947ad2c152e093346d03c8e2f508
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855039
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82718}
Add static asserts that we only use specific types for flag values.
Also, document that string values are not be frozen yet, and add TODOs
to fix that.
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: I7367108810f0c6463509f744c5cefd9392c469fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3852487
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82714}
This reverts commit d84b4664fa.
Reason for revert: Fails "Mutable Constants" check on android-binary-size: https://ci.chromium.org/ui/p/chromium/builders/try/android-binary-size/1211670/overview
For details about this check, see https://chromium.googlesource.com/chromium/src/+/main/docs/speed/binary_size/android_binary_size_trybot.md#Mutable-Constants
Original change's description:
> [flags] Rename v8_flags to FLAGS
>
> Team members expressed concerns that "v8_flags" is easier to miss in the
> code than the previous "FLAG_" syntax. After a poll and discussions we
> decided to rename the struct to "FLAGS", so the new syntax for
> addressing flag values is "FLAGS.foo" instead of the previous
> "FLAG_foo".
>
> R=cbruni@chromium.org
> CC=jkummerow@chromium.org
>
> Bug: v8:12887
> Change-Id: I51af4aa7fd5a3b3c29310c0cb4c4ff42086ff012
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3854508
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82701}
Bug: v8:12887
Change-Id: I75516a0be9bc475afa2bbaa96a05e8a9b5be9be7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855936
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82711}
Resident set size may be smaller than the recorded size in
StatsCollector due to discarded memory.
Change-Id: I7e052fc4412afc64dc1ed5be6ed7dc9271e6f9d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3855204
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82709}
