All uses of the build flag will be removed in a follow-up CL.
Bug: v8:11112
Change-Id: Ifc3d9ed5d642646edeba51aa6d60924796d0f788
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322769
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78294}
Ensure the bytecode array is available, before we put it to the
PendingOptimizationTable.
Bug: v8:12416
Change-Id: Ie4eb1a8a2ebdcdc0cfbfd7884eb081e156635a59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313108
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78293}
Make the block defining the counter names more organized, and mostly
clang-formatted.
This slightly changes the name of the CODE_TYPE and FIXED_ARRAY
counters ('-' -> '_'), but none of them are used in chrome or in
benchmarks, so this should be fine.
R=mlippautz@chromium.org
Bug: v8:12482
Change-Id: I4aa7d4e11a4f498f9adb092e3b98e1edf68401dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320454
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78292}
Treat all stack pointers as roots:
- Maintain a global linked-list of StackMemories
- Update StackFrameIterator to process inactive stacks
- Visit roots in all inactive stacks (including root marking and root
pointer updating).
Drive-by:
- Fix some issues uncovered by the test
- Refactor the builtin constants
R=mlippautz@chromium.org,ahaas@chromium.org
Bug: v8:12191
Change-Id: I5b6381f9818166e2eabf80dd59135673dddb2afc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310932
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78291}
Introduce a ReusableUnoptimizedCompileState class, passed to ParseInfo,
which stores a couple of pointers and most importantly the Zone and
AstValueFactory of the parse. This allows the Zone and AstValueFactory
to be reused across multiple parses, rather than re-initialising
per-Parse.
With this, we can amend the LazyCompileDispatcher to initialise one
LocalIsolate, Zone and AstValueFactory per background thread loop,
rather than one per compile task, which allows us to reduce per-task
costs and re-use the AstValueFactory's string table and previous String
internalizations.
Change-Id: Ia0e29c4e31fbe29af57674ebb10916865d38b2ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313106
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78289}
This reverts commit 5853165291.
Reason for revert: Breaks on gc stress variant - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/36600/blamelist
Original change's description:
> [wasm-gc] Allocate supertype arrays in old space
>
> We fix an inconsistency where supertype arrays for wasm-gc object maps
> were not always allocated in old space. To do so we add an
> AllocationType argument to a couple of factory helpers.
>
> Bug: v8:7748
> Change-Id: I8b16032b8504c17e0f730cfc86e30b172645b67b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320455
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78285}
Bug: v8:7748
Change-Id: I74cf52c4f4da8948134f00bcf5415e9c65e509eb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322752
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78286}
We fix an inconsistency where supertype arrays for wasm-gc object maps
were not always allocated in old space. To do so we add an
AllocationType argument to a couple of factory helpers.
Bug: v8:7748
Change-Id: I8b16032b8504c17e0f730cfc86e30b172645b67b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320455
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78285}
On the way to a cheaper and more scalable stack frame representation
for the inspector (crbug/1258599), this removes the need to expose
both what was called "function name" and what was called "function
debug name" on a v8::StackFrame instance.
The reason to having a distinction between that the V8 API exposes
and what the inspector exposes as frame function name is that after
the initial refactoring around v8::internal::StackFrameInfo, some
wasm cctests would still dig into the implementation details and
insist on seeing the "function name" rather than the "function
debug name". This CL now addresses that detail in the wasm cctests
and going forward unifies the function names used by the inspector
and the V8 API (which is not only needed for internal consistency
and reduced storage requirements in the future, but also because
Blink for example uses v8 API and v8_inspector API interchangeably
and assumes that they agree, even though at this point Blink
luckily wasn't paying attention to the function name):
- The so-called "detailed stack trace", which is produced for the
inspector and exposed by the v8 API, always yields the "function
debug name" (which for example in case of wasm will be a WAT
compatible name),
- while the so-called "simple stack trace", which is what is used
to implement the CallSite API and underlies Error.stack continues
to stick to the "function name" which in case of wasm is not
WAT compatible).
Bug: chromium:1258599
Change-Id: Ib15d038f3ec893703d0f7b03f6e7573a38e82b39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312274
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78283}
With the TLA flag removed, EvaluateMaybeAsync is a misleading name. This
CL renamed EvaluateMaybeAsync to Evaluate and consolidate it with the
sync Evaluate method.
Bug: v8:9344
Change-Id: I376ba9b9af0ac9e40a226cc8454f042ab7d9fb50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3309233
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78282}
This is a reland of 2d087f237e
The changes are :
* Fix redundant reinterpret_cast in test file for MSVC failure
https://crbug.com/v8/12476
* Fix flaky test
https://crbug.com/v8/12475
If a sample is captured during a GC, no embedder context is obtained
defaulting to EMPTY. This is the expected behavior, made it in clear
in implementation and in test.
* Synchronized the embedder context filter behavior with existing
native context filter.
Original change's description:
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}
Bug: chromium:1263871
Change-Id: Ief891b05da99c695e9fb70f94ed7ebdecc6c3b7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320037
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78281}
We introduce a minimum length for the supertype array of gc maps. When
the depth of the rtt is known to be smaller than that length, we can
type check without bounds checking the supertype array of the object
map.
Bug: v8:7748, v8:11510
Change-Id: I88e67871040a8c4dd219e48a84527f7f3f3d0a96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312487
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78280}
Counter updates were already atomic, but reading the counter values was
not. This lead to data races if one isolate called `quit` while other
isolates were still running.
This makes counters fully atomic, and reflects that by making the fields
{std::atomic<int>}.
R=mlippautz@chromium.org
Bug: v8:12481, v8:12482
Change-Id: I6fc78ad6461b93c4b3e87bec052b0a67694539e3
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320428
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78279}
D8 shares counters across isolates, so even if they are only updated
from the main thread, they need to be thread-safe.
This CL removes the distinction between {StatsCounter} and
{StatsCounterThreadSafe}, and just makes all {StatsCounter} use (cheap)
atomic operations for counter updates. This will make previously
thread-safe counters cheaper, because no Mutex is involved. It might
make previously not-thread-safe counters slightly more expensive, but
it's not expected to be a significant regression.
R=mlippautz@chromium.org
Bug: v8:12481, v8:12482
Change-Id: I47b8681c1cf26d142e1ccfafa0c192e3fdcb7d2a
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_ubsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320427
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78278}
This reverts commit 863bc2b88a.
Reason for revert: https://crbug.com/1276923
Original change's description:
> [turbofan] Improve StoreStoreElimination
>
> Previously, StoreStoreElimination handled allocations as
> "can observe anything". This is pretty conservative and prohibits
> elimination of repeated double stores to the same field.
> With this CL allocations are changed to "observes initializing or
> transitioning stores".
> This way it is guaranteed that initializing stores to a freshly created
> object or stores that are part of a map transition are not eliminated
> before allocations (that can trigger GC), but allows elimination of
> non-initializing, non-transitioning, unobservable stores in the
> presence of allocations.
>
> Bug: v8:12200
> Change-Id: Ie1419696b9c8cb7c39aecf38d9f08102177b2c0f
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295449
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78230}
Bug: chromium:1276923
Change-Id: I43dc3572ce1ef1fda42b7551ce8210d9f03e36ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318666
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78277}
Checks whether a Persistent is used from the creation thread on slow
path allocations. In practice, these currently happen every 256
Persistent allocations. This is a best effort check that may help to
flush out issues that are missed with DCHECK builds.
Bug: chromium:1276570
Change-Id: Ia868ca436341b1b5ef427d5b3ec04926c1394e41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318658
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78276}
Allocating a temp register in a conditional branch confuses
the LiftoffAssembler's state tracking, so this patch moves
allocation of the register into the unconditional part of the
control flow.
Fixed: chromium:1275711
Change-Id: Ic83ba8c098c5edb33d035c1a93931d54cc1f1caa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320423
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78275}
This CL adds the following specific cases, to make sure they are
correctly handled by the slow path:
- the backing store of a TypedArray gets detached after optimisation
- passing null instead of a TA doesn't lead to a deopt
Bug: v8:11739, chromium:1052746
Change-Id: I7dfd3da9f535831901998ca6fad854af6e93e9f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320425
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78274}
Field used to be atomic for AssertActive() but now that this method
uses another approach, we can make that field non-atomic again.
Bug: v8:11708
Change-Id: I5254aa5e655844739082144fc75ba9f0c13d1ba0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317424
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78273}
This removes the additional call to `didPause` solely for
instrumentation breakpoints. They will be reported along with any
other pause reasons, and if several apply, 'ambiguous' will be
reported as a reason.
Bug: chromium:1229541
Change-Id: I38557248dc2274c2ff2c396aa19073f4a5c5abd5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300134
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78271}
MSVC disallows inline assembly on x64 and arm64, and instead requires
use of compiler intrinsics [0]. This CL checks for MSVC and uses
intrinsics for yield/pause, where available.
[0] https://docs.microsoft.com/en-us/cpp/intrinsics/compiler-intrinsics?view=msvc-170
Cq-Include-Trybots: luci.v8.try:v8_win64_msvc_rel_ng
Change-Id: I3b9cbd998e91b391a21f1443e83758e7242425c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318721
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78268}
This is a reland of 3ee4804f83.
The CL was originally reverted for blink test failures. Since the
revert, the blink top-level await flag has been removed.
Original change's description:
> [top-level-await] Remove --harmony-top-level-await
>
> TLA has been shipped since v8.9.
>
> Bug: v8:9344, chromium:1271114
> Change-Id: Ibebf21da8bacb1f0d212390133847495ad8553e5
> Reviewed-on:
https://chromium-review.googlesource.com/c/v8/v8/+/3307103
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78169}
Bug: v8:9344, chromium:1271114
Change-Id: I96a9641967a23a12ba2467a69e5859ad8647f3e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3318717
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78261}
Avoid verifying the stack when running with TSAN as the TSAN runtime
changes stack contents when e.g. working with locks.
Specifically, the marker uses locks in slow path operations which
results in stack changes throughout marking. This means that the
conservative iteration in the verifier may find more objects then the
regular marker. The difference is benign as the delta of objects is
not reachable from user code but it prevents verification.
Bug: chromium:1275581
Change-Id: Ie316ab65a5b90a1b72c09966f72d61af91224091
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3317976
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78260}
This aligns the Torque semantics of catch with the JavaScript behavior:
When we catch an exception, we also reset the pending exception.
This also fixes a long-standing bug that we didn't restore the original
pending message after executing arbitrary JS in IteratorCloseOnException
Bug: v8:12439
Change-Id: I268d9d639d09023a424f352547cdce03428f983a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303805
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78259}
This CL separates checks for hardware support from checks for software
configuration. We unconditionally allocate a protection key to know
whether hardware support is there, but then only use it if PKU is
enabled via flags.
This will allow us to collect statistics on hardware availability even
if PKU cannot be used yet on ChromeOS. Allocation should always be fine,
and has been finched for several weeks now. The remaining kernel issue
on ChromeOS does not affect allocation and deallocation of protection
keys, so it is safe to unconditionally enable that.
R=ahaas@chromium.org
Bug: v8:11974
Change-Id: I62fd48e6302aecae9843a62861d978f86ea52141
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315446
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78258}
For shared strings, String::MakeThin is protected by using the map word
of the string being migrated as a spinlock.
Note that this CL does not make it safe yet to access character data
from multiple threads. The spinlock here only protects write-write races
in String::MakeThin.
For more information, see the following two design docs:
https://docs.google.com/document/d/1c5i8f2EfKIQygGZ23hNiGxouvRISjUMnJjNsOodj6z0/edithttps://docs.google.com/document/d/1Drzigf17t4ofy0evDmaIL5p0MDZuAl95c9fSeX-QjVg/edit
Bug: v8:12007
Change-Id: I9c47412c6ec7360a672b65a8576b4f6156ee5846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313429
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78257}
This reverts commit 2d087f237e.
Reason for revert:
- Causing MSVC build failures: https://crbug.com/v8/12476
- Causing flaky failures: https://crbug.com/v8/12475
Original change's description:
> [profiler] Surface VM & Embedder State
>
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}
Bug: chromium:1263871, v8:12475, v8:12476
Change-Id: I02670b1ed3bb863033208369227642a7419fce00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78256}
On Intel chips, MAP_JIT is required when the hardened runtime is
enabled, which it is in Chrome. Without MAP_JIT, it is then not possible
to allocate executable pages in an address space reservation.
Bug: chromium:1276887
Change-Id: I632fdfc9e6cf02bac95e630e6404fea7d8f4c176
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310913
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78255}
Currently atomic ops on TF are using machine native byte order
and cannot be used by Wasm calls.
This Cl adds support for Little Endian enforced Wasm atomic ops
to S390 by reversing bytes where needed.
This CL does not change the behaviour on S390 simulator.
Change-Id: Iedb2c05a55f495409ee21a76713bf15e21108997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313444
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78254}
Rename StringShape::full_representation_tag to
StringShape::representation_and_encoding_tag, since the full
representation tag now includes the shared bit.
There are no users of the new method in this CL; this is split out to
make subsequent shared string CLs smaller.
Bug: v8:12007
Change-Id: Ic4ac0241fd9846241e85b4a094dfee6d201ba42b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3313428
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78253}
When leak sanitizer is active, an LsanVirtualAddressSpace is used and
takes care of marking the allocated pages as lsan root regions.
Bug: chromium:1276767
Change-Id: I3d8a61f7d3c59e4574e46707d2217031a32e3f0e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314828
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78251}
Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
EmbedderState:
* An EmbedderState is defined as a value uint8_t and a v8::context used
for filtering.
* EmbedderStates are stack allocated by the embedder, construction and
destruction set/unset the state to the isolate thread local top.
* A v8::context is used to filter states that are added to a CpuProfile,
if the CpuProfile do not have a ContextFilter set or if contexts do not
match, state defaults to Empty.
* v8:StateTag is already propagated all the way to a Sample, simply add
an API to surface it.
VMState:
Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
Bug: chromium:1263871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78250}
Like https://crrev.com/c/3283074; iterating the unordered set is not
deterministic, so sort compile deps before iterating if --predictable is
set.
Bug: v8:12465,v8:12397
Change-Id: Ia0cc299b197e9c84f4fd3fbc70d592656cf4bd43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3310911
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78249}
--dump-counters and --dump-counters-nvp are only functional in d8, thus
they should be d8-only flags.
R=mlippautz@chromium.org
Bug: v8:12464
Change-Id: Ie3295990a1b4691ab95f8403ff6d9932543b03cd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3312275
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78247}
