{WasmInternalFunction::external} might return a function that is not
a WasmExportedFunction, at which point the code in ProcessTypeFeedback
fails.
See crrev.com/c/3277878 for context.
Bug: v8:12436, v8:12166
Change-Id: I09ef96df3fc051586044dd9c2ce88d6aeeb34b9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306391
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78139}
result needs to byte-swapped as it's currently in machine
native order and Wasm requires LE ordering.
Change-Id: Ib29e26985b122a4c1ebba715c47a4d4477bbad54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301460
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78138}
The added CHECK aims at finding problems where Peristent is used off
the owning thread.
Bug: chromium:1253650, chromium:1243257
Change-Id: Ia0cbc6005aba38c0d98197ed18c3b40dd2dc33fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306972
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78137}
memory[1] needs to be set in LE order even on BE platforms.
Change-Id: I44620c30a25719d0d61e0f14490342ee930dbbb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302852
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78136}
It's not yet understood how this worked with c++14. Add the workaround,
so that we can figure this out in parallel with -std=c++17 enablement.
Bug: chromium:1273966
Change-Id: I7098d345a5df6e208dfd582eeaecab22e52fecb9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3304143
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78135}
JSWeakRef and WeakCell both have weak pointers, which should be marked
as such in heap profiler snapshots.
Bug: v8:12112
Change-Id: Ie7aaa2cd3e44552427679e650e462d64704725d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299592
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78133}
This CL removes registration of CppHeap as a remote tracer, and
revises LocalEmbedderHeapTracer as a switching point between CppHeap
and a remote tracer. Currently it is assumed that CppHeap and a remote
tracer are mutually exclusive and only one can be used at any given
time.
Bug: v8:12407
Change-Id: I53513d181ab63f56a88f05c3b76b47ac4dffe86f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289167
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78132}
This low-level API implements virtual address space reservations on the
supported platforms. An AddressSpaceReservation supports similar
functionality as the global page management APIs in the OS class but
operates inside a continuous region of previously reserved virtual
address space. A reservation is backed by regular mmap mappings on
Posix, by placeholder mappings on Windows, and by VMARs on Fuchsia.
Bug: chromium:1218005
Change-Id: I99bc6bcbc26eb4aa3b54a31c671c9e06e92c471b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270540
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78130}
We had IsJSHandlerOnTop and IsExternalHandlerOnTop, which were almost
opposites but not quite. We often did the same computation repeatedly
for determining which kind of a handler is at the top (if any).
This CL simplifies the logic, and only does the three-way logic once:
either there's an external handler, a JS handler, or neither.
It also removes dead code from Isolate::ReportPendingExceptions: we
already do an early return if there's a JS handler on top, so we don't
need to re-check.
Bug: v8:12437
Change-Id: Ic15675bf2177772037d9fcec31c79019e4f0e02c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302802
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78129}
This method should make it easier to debug memory leaks or out-of-memory
errors with d8.
Bug: v8:12198
Change-Id: I66d0ce8e04732badb7902453a1cd95ba9c29f3e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303801
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78128}
With https://crrev.com/c/3272577 we introduced a `StackFrame` cache for
the inspector, which is keyed on the script ID, line and column number,
so the syntactic properties of the function. However, the name that we
report for functions is dynamic and can change (per closure) by
explicitly reconfiguring the "name" property via
```js
var f = function() { /* ... */ }
Object.defineProperty(f, "name", {value: "super duper function"});
```
for example, so we need to take that into account as well, and only use
the cached `StackFrame` instance if the dynamic names still match up.
Otherwise we just overwrite the cached entry with a new instance (the
assumption here is that "name" isn't reconfigured often).
Fixed: chromium:1274529
Bug: chromium:1268436
Change-Id: I519017c762aed5b4f93b9dc4553fa81d5979f1a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306376
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78127}
{WasmInternalFunction::external} might return a function that is not
a WasmExportedFunction, at which point the code in ProcessTypeFeedback
fails.
See crrev.com/c/3277878 for context.
Bug: v8:12436
Change-Id: I447710cfa2dbdb64cba27922da85871d18bc79a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303613
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78126}
Until now, histograms associated with isolate counters were created
at the time of isolate initialization. This is too early because it
happens before persistent memory is configured. Histograms created
before persistent memory is set up are retrieved periodically but
infrequently and are not "flushed" on process termination. As a result,
a lot of samples from V8 are lost.
This CL implements lazy creation of counter histograms, the first time
that they are used.
Bug: chromium:1270428
Change-Id: I8540b50b6c3dde1f477853a011b6c3f2c2c6ef9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3284888
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78125}
To trigger speculative inlining, a function needs to run a few times on
Liftoff-tier, and then tier-up to Turbofan. We make sure this happens
by enabling --wasm-dynamic-tiering with a small budget, and running
the critical functions until {%IsLiftoffFunction} is false.
We also add an additional test.
Bug: v8:12166
Change-Id: I6c5e0d3f1e3ba0df8510ae6850d8e9af1d01c179
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306372
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78123}
Previously, we would encode 'other' as a reason for pausing when
stepping too, however, it would not show as such in case it would
overlap with another reason. This CL makes sure that we always report
'other' as a reason if we are stepping.
Drive-by: only encode 'other' as a reason once
Bug: chromium:1229541
Change-Id: Id73822dff68d1d54a2f1fafdf2a097e1377ece75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295346
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78118}
result needs to byte-swapped as it's currently in machine
native order and Wasm requires LE ordering.
Change-Id: I9c1d6752fbdaba18fb7a8d49a9848d04c1a21be8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303954
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78114}
This allows the embedder to determine whether some function has been
called from a destructor.
See discussion in
https://crrev.com/c/3302810
Bug: chromium:1273928
Change-Id: Icb5d98eff777574488a7d6de5e693c502c2fb53e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303793
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78113}
This also fuzzes values of --budget-for-feedback-vector-allocation.
Boundaries for the intervals are the default values in the code.
No-Try: true
Bug: v8:12434
Change-Id: I0a9d7421408a51c717c2edfe0e67c459f0a2834c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303792
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78111}
The CL converts uses of v8::internal::Worklist to heap::base::Worklist
which does not require to know the number of tasks working with the
work list upfront. heap::base::Worklist is the common implementation
for V8's heap and cppgc and should be used/optimized going forward.
Bug: v8:12426
Change-Id: If219edb8c0a8890c7bd0a131b8847b66256fdc21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302799
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78110}
See crrev.com/c/3277878 for context.
We should only transform extenral to internal function references when
passing a function value to a function-typed global or table. For their
externref counterparts, we should preserve the reference unchanged.
Bug: v8:11510, chromium:1273705
Change-Id: Ic1719c4d31e175f3a37ced6e4e4dfcd61a19ae57
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302790
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78108}
This fuzzes more values of interrupt-budget on numfuzz. For now
as a single instance. In a follow up we add it also to combined
flags.
No-Try: true
Bug: v8:12434
Change-Id: I836c5e829ffeabfa4a4686d4d3d2fd43fce1ee88
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302797
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78107}
... and thus avoid the need for special handling of objects located
in external code space.
This will also allow making HeapObject::IsBlah() checks faster when
external code space is enabled.
Bug: v8:11880
Change-Id: I12d07c05451ff198f0a6182d9b5849f76015e7fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300140
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78104}
SIMD tests moved from the proposal directory to the main spec test
directory. Test expectations needed to be adjusted therefore.
Change-Id: I02225da1f55ba173bbda22257edf45a3e987ba0d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302795
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78101}
Rolling v8/build: 44b802e..26881c1
Rolling v8/buildtools/third_party/libunwind/trunk: 038090f..f51a154
Rolling v8/third_party/aemu-linux-x64: R6v-hxhOQyZL9y_avAvE80v7II7utrI5Px4EUlMdtrAC..vRCm89BzABss-_H8vC-tLjcSf6uusZA9IBSSYtdw4_kC
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/5d7ccbf..75423c3
Rolling v8/third_party/depot_tools: afb82b2..2ffa1bd
Rolling v8/tools/luci-go: git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098..git_revision:03f7c59feeac59c211e5b06fbbbc7405861b482e
Rolling v8/tools/luci-go: git_revision:7972ced81286b7897c8712afe0f36eb9cf7bc098..git_revision:03f7c59feeac59c211e5b06fbbbc7405861b482e
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I16dd56334c813d03cdb2bf66f996e00966b47680
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3303151
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78098}
PTHREAD_STACK_MIN is an alias for __sysconf(__SC_THREAD_STACK_MIN_VALUE)
in glibc 2.34.
__sysconf() returns long, causing a -Werror,-Wsign-compare error build
error.
Change-Id: I15da8e7ee57a6979682ff7166990698965481586
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301464
Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78097}
After https://crrev.com/c/3301477 compilation with gcc could
fail with the following errors:
```
error: reference to 'MarkingType' is ambiguous
error: reference to 'SweepingType' is ambiguous
```
Change-Id: Idb0f52853d377ec0c0f373f2e908e6c7fa0da914
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302850
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78095}
ShouldVisit() uses obj.Size() to increment the live bytes counter after
the object was successfully marked grey. However, this re-reads the
length field which could have already been overwritten by a
concurrent left-trimming operation on the main thread. Fix this by
calculating the object size later with the length field we read before
marking that object black. That value is guaranteed to be a SMI.
Bug: chromium:1273352
Change-Id: I47e5a2df3eef61b4ef07af943f30123e5c2f7f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302793
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78093}
The bytecode can be flushed and/or the function can be
compiled and installed before the interruption to install
the new batch of compiled baseline code.
Bug: v8:12415, v8:12054
Change-Id: I092c8e0f31735119e6b2c6c46ce97ba8a4cdc91e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302788
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78091}