The previous code incorrectly rounded down the number of entries to free
to kBlockSize (expressed in KB) instead of kEntriesPerBlock (expressed
in # of entries) to compute the start of the evacuation area. Further,
depending on the block sized used, the previous heuristics does not
necessarily guarantee that at least one full block would be evacuated.
This CL fixes both of these issues.
Bug: v8:10391
Change-Id: I5ddecd5d582bcf89e1c52df431f006889685320a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837860
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82557}
In existing implementation, of MethodLoad event,
the method name passed to ETW is coming from
CodeEventLogger::CodeCreateEvent, and includes
the source file or URL, column and line numbers, method name
and a marker for the kind of code generation.
This is partially redundant, as the reference to source ID
will point to the already generated SourceLoad event, with
the file information. Also, Windows Performance Analyzer will
already pick line and column number for the stack representation.
So, for those cases, we just need to send to ETW the script
method name. Even better, this changeset uses the DebugNameCStr
logic to retrieve the inferred name in case there is no name
available.
Bug: v8:12987
Change-Id: If09c1fedc9da158a3c72932655e2e6b09e818d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763862
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#82555}
Introducing IncrementalMarking::AdvanceForTesting as last bottleneck
for driving incremental marking in addition to AdvanceFromTask
and AdvanceOnAllocation.
Now that we have those 3 bottlenecks, Step() and AdvanceWithDeadline()
can become private methods in IncrementalMarking. We also don't need
the StepResult return value in Step() anymore, which allows us to
remove CombineStepResult.
Bug: v8:12775
Change-Id: I702714439ef7ea4b9abf2156387503d4d00a7a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823131
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82552}
This is a reland of commit ee89a26977
Original change's description:
> [wasm-gc] Add extern.externalize
>
> This adds `extern.externalize(ref null any): ref null extern` to wasm
> which packs wasm objects into JS objects if the js-interop flag is not set.
> This is the counterpart to extern.internalize introduced in
> 50ec8a11f2.
>
> Bug: v8:7748
> Change-Id: I67b8fe6d70b9f526ff6c43b0a4d7861c7ff5dad0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825879
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82492}
Bug: v8:7748
Change-Id: Ie13cfd6464006dcadc2a53f2dbf77f76ab185504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829940
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82551}
This fixes a compile error in C++20.
Bug: chromium:1284275
Change-Id: If7f634f56bea94d594bd7a1e660b902dbebbab1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835291
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82550}
Maglev write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.
Bug: v8:11708
Change-Id: I9ff5ead0517e9682672452f9868b16fa0dd94be2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834256
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82549}
Pass OrdinaryObjectCreate(*null*) to DifferenceISODateTime in NanosecondsToDays
and to DifferenceZonedDateTime in AddDuration
https://github.com/tc39/proposal-temporal/pull/2295
Bug: v8:11544
Change-Id: Ied1860b755b1cebd0fbcbc4bd574cd525f108378
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835263
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82547}
When a string is in a local or on the value stack at a breakpoint,
DevTools should be able to show its value.
Bug: v8:12868
Change-Id: I79014d74c8ef7b212469382bdedca85568b3bcc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834038
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82542}
This reverts commit e50472d6a3.
Reason for revert: compilation-hints-decoder breakage
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20ASAN/45708/overview
Original change's description:
> [wasm] Refactor compilation tier computations
>
> The way we initialized the "compilation progress" was pretty convoluted,
> with multiple levels of functions being called for initializing every
> single slot.
>
> This CL refactors this to compute one default value for the whole
> module, and only modifies those slots that need special handling (e.g.
> because of compilation hints, or lazy/eager compilation after
> deserialization).
>
> We also rename "liftoff_functions" to "eager_functions" in the
> deserialization path; the idea is that those functions should get
> eagerly compiled because we expect them to be needed during execution.
> Usually they would be Liftoff-compiled, but it's more consistent to use
> the existing logic to choose the baseline tier. In the default
> configuration, this will still use Liftoff, but if Liftoff is disabled
> we will use TurboFan instead.
>
> R=jkummerow@chromium.org, ahaas@chromium.org
>
> Bug: v8:12425
> Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82521}
Bug: v8:12425
Change-Id: I45cef01ea40c50c3b86fbceca9b482a9bded535e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835290
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82541}
This is a reland of commit 9cca4e60f1
This CL disables the mjsunit tests as well in single generation mode.
Original change's description:
> [heap] Handle old-to-new slot promotion to shared heap
>
> The GC might promote an in-place internalizable string from new space
> directly into the shared heap. This means that the GC might need to
> create OLD_TO_SHARED slots when updating OLD_TO_NEW slots.
>
> This CL implements this both for minor and full GCs.
>
> Bug: v8:11708
> Change-Id: I6102b9024d1dd5dd602d654b006ea5897ab5baa6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804604
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82298}
Bug: v8:11708
Change-Id: I9e96fe7c3f263d4088536d3a15af6d00fa82625e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828099
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82540}
This fixes C++20 compile errors due to math between disparate enum types
being deprecated (e.g. ENUM_A_VAL | ENUM_B_VAL).
Bug: chromium:1284275
Change-Id: I7fc83888bb9c8156909cbc3ea1b30ef94d4a2c1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830986
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82539}
Baseline write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.
Bug: v8:11708
Change-Id: I955f30376f3de912b418298cdcf1e38dd2adda2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834254
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82538}
That entails that V8 built with bazel does not support
snapshot compression.
NOTE: Snapshot compression has always been supported, but it has never
been enabled. We do not even have a flag for it.
Change-Id: I4b67db618be2c62e6a6f34e71eb0dac2ec26fa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834031
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82537}
The "length" field of strings should never be mutated once it has
been initialized. This means that the checks done by StringRef::length
were never really useful. This CL thus removes them.
Bug: chromium:1352386
Change-Id: I49f681daad119553eb0d4f1c2315bff5138197d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829541
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82536}
This reverts commit 6ec7be21e6.
Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64/47984/overview
Original change's description:
> [sandbox] Sandboxify WasmExportedFunctionData::sig
>
> This CL changes the WasmExportedFunctionData class to store a direct
> ExternalPointer to the wasm::FunctionSig instead of referencing it
> through a Foreign. This in turn makes it possible to use a unique
> pointer tag for that external pointer when the sandbox is enabled.
>
> Drive-by: move WasmInternalFunction::call_target external pointer to the
> end of the object, in line with other external pointer fields.
>
> Bug: v8:10391, v8:12949
> Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82523}
Bug: v8:10391, v8:12949
Change-Id: I18a7c9603e30d7cd78fd599e59596015260a5818
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834259
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82535}
Port 00746406cf
Original Commit Message:
... which affect how builtin calls are generated.
This CL replaces the following boolean options
- builtin_calls_as_table_load,
- inline_offheap_trampolines,
- short_builtin_calls,
- use_pc_relative_calls_and_jumps,
with an enum BuiltinCallJumpMode and a boolean option
use_pc_relative_calls_and_jumps_for_mksnapshot.
BUG=
LOG=N
Change-Id: I9ad83d27fc5b295ca4827e9608d4be10f7b10551
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831638
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82534}
.. at which time, the standard ML frame is not yet set up. Instead, an
INTERNAL frame with a few fixed tagged stack slots is created in
preparation for the runtime call in GenerateTailCallToReturnedCode.
Bug: v8:7700
Fixed: v8:13192
Change-Id: Icd7adbc25aa6a5446a43a0fb3ee70c65ee33cc5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835683
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82533}
The range barrier needs to update the old-to-shared remembered set as
well.
Bug: v8:11708
Change-Id: I79c077bb0131f026bd8c6726100df8c5b576eaca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828100
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82532}
A switch can only produce a hole if it does not have fallthrough.
This actually only happens for SwitchOnGeneratorState bytecode.
We calculate the highest post dominating hole by traversing each
target.
Bug: v8:7700
Change-Id: Ia86ac08b1062dc48296e24beb95b3e3c3418ea6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826045
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82529}
due the different offset values on BE vs LE, the field_index
is incorrect on BE causing the visited_fields_ not to be set
to false during reference iteration.
Change-Id: I8f451cee7f9a18990de7ff2c67c904b1769b4f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831639
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82528}
This allows V8 to be compiled without zlib.
Currently we use zlib for 3 features:
1. Snapshot compression. The cl asserts v8_snapshot_compression
implies v8_use_zlib.
2. Compression of translation arrays (experimental flag). The runtime
flag is only enabled if v8_use_zlib.
3. Snapshot checksums. We fallback to a simple Fletcher algorithm if
v8_use_zlib is false.
Change-Id: If043c3c21bba4d734573d7e1199d3ddf17b84f41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833817
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82527}
When a name's hash is a forwarding index, HasHashCode() and hash() now
implicitly retreive the hash from the string forwarding table.
Bug: v8:12957
Change-Id: Ibb278df16b1ae6a54c7cbe757c65d3a5210168e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827880
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82525}
This CL changes the WasmExportedFunctionData class to store a direct
ExternalPointer to the wasm::FunctionSig instead of referencing it
through a Foreign. This in turn makes it possible to use a unique
pointer tag for that external pointer when the sandbox is enabled.
Drive-by: move WasmInternalFunction::call_target external pointer to the
end of the object, in line with other external pointer fields.
Bug: v8:10391, v8:12949
Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82523}
Very small change to the arm64 macro assembler.
This improves Preact by 0.8% on a Neoverse-N1 machine.
Change-Id: I867e73eb9b999e6f74fd54d72c6bf3f139d3b62f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833819
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82522}
The way we initialized the "compilation progress" was pretty convoluted,
with multiple levels of functions being called for initializing every
single slot.
This CL refactors this to compute one default value for the whole
module, and only modifies those slots that need special handling (e.g.
because of compilation hints, or lazy/eager compilation after
deserialization).
We also rename "liftoff_functions" to "eager_functions" in the
deserialization path; the idea is that those functions should get
eagerly compiled because we expect them to be needed during execution.
Usually they would be Liftoff-compiled, but it's more consistent to use
the existing logic to choose the baseline tier. In the default
configuration, this will still use Liftoff, but if Liftoff is disabled
we will use TurboFan instead.
R=jkummerow@chromium.org, ahaas@chromium.org
Bug: v8:12425
Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82521}
The Code-less builtins mode is still disabled.
Bug: v8:11880
Change-Id: I725ae4187bb394f79c69d5d0d971961e3ea406e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827879
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82520}
We should only tier to Sparkplug from Ignition. Previously, the
'!ActiveTierIsSparkplug' condition was correct since only Ignition (and
Sparkplug itself) entered the TieringManager. But now that Maglev is
also present, the condition must be clarified to 'ActiveTierIsIgnition'.
Bug: v8:7700
Change-Id: Ic7ea898facf9ce65407d09cead35e0181e49db31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835562
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82519}
.. just because it's convenient to see the object type and code kind for
short prints.
Before:
- code: 0x014c00257515 <Other heap object (CODE_DATA_CONTAINER_TYPE)>
After:
- code: 0x39b7002573b1 <CodeDataContainer MAGLEV>
Bug: v8:11880
Change-Id: I02576ffdef509ed021fc5632ea19448387188130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826255
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82518}
M1 is known to have regression in MotionMark.
Fuchsia fails due to binary size increase.
Bug: chromium:1325007
Change-Id: I599c53bf1318dfcc7b40764e89df81b972374ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835682
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82517}
- Move InnerPointerToCodeCache to using internal callbacks.
- Refactor internal and external callbacks to use a unified interface.
Bug: v8:13184
Change-Id: If0006d324b0433f5d6bbf00b6d0fc1a2589227bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834583
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82515}
Distinguish internalized forwarding indices from external forwarding
indices stored in a strings hash.
Bug: v8:12957
Change-Id: Ic01386a3291ac8d618cf4282aa7112e74e1b9169
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829471
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82513}
