- Show commit hash
- Show V8 version number
- Update to py3
Bug: v8:11165
Change-Id: I170000a77532dfb54b0261fc5de06a556f0de30c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081612
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76188}
Following up on https://crrev.com/c/3067319 (V8 call site) and
https://crrev.com/c/3080920 (Blink override), we can now safely remove
the formatAccessorsAsProperties() predicate in the inspector API. V8 now
consistently applies the logic to all "inherited", native accessor
properties (which means both Blink IDL attributes and V8 builtins).
Bug: chromium:1076820, chromium:1199247
Change-Id: I156ee43eb87ffd7b1ba69900fe11283f37241dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080568
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76187}
1. Adds EmbeddedObjectMatches
Port 6bf0b70490
2. Fallback to handle references on heap compilation
Port 642a467338
3. Remove initial relocation when compiling on heap
Port 7ac3b55a20
4. Retry compiling on-heap when growing buffer
Port fb4f89aede
5. 208854bb14
Port 208854bb14
Bug: v8:11872
Change-Id: I43118c3acea1d174d2b826e5ed2823ec5388569c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081606
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Reviewed-by: Brice Dobry <brice.dobry@futurewei.com>
Commit-Queue: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76185}
This reverts commit 1c0cca0f56.
Reason for revert: this made tree closed. (https://crbug.com/1238174)
Original change's description:
> Reland: [wasm] Check correctness of thread-local write protection
>
> The fix landed as a separate CL: https://crrev.com/c/3081522
> This is an unmodified reland.
>
> Original description:
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=jkummerow@chromium.org
>
> Bug: v8:11974
> Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
> Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
> Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76177}
Bug: v8:11974, 1238174
Change-Id: I74d8723344e4b9015d956ebfe3fda492280356b6
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3084041
Auto-Submit: Minoru Chikamune <chikamune@google.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76184}
This reverts commit c1f45d816e.
Reason for revert: Not the true culprit
Original change's description:
> Revert "[wasm] fix float to/from int reinterpretation tests"
>
> This reverts commit e6f7a3470f.
>
> Reason for revert: This appears to be causing failures on linux and arm. E.g., https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket.appspot.com/8839349751927275456/+/u/Check/bound-functions-serialize and https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/5605/overview
>
>
> Original change's description:
> > [wasm] fix float to/from int reinterpretation tests
> >
> > F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
> > floating point values involved during testing and only use
> > integers.
> >
> > This CL adds FP values as well as fixes the test names to match
> > their operation.
> >
> > Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
> > Reviewed-by: Zhi An Ng <zhin@chromium.org>
> > Commit-Queue: Milad Fa <mfarazma@redhat.com>
> > Cr-Commit-Position: refs/heads/master@{#76181}
>
> Change-Id: Ie333028bdc7b11f982ac1464bcd8ce1c1ca41657
> No-Presubmit: true
> No-Tree-Checks: true
> No-Try: true
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082747
> Auto-Submit: Francis McCabe <fgm@chromium.org>
> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
> Cr-Commit-Position: refs/heads/master@{#76182}
Change-Id: I15f3e8727c600ed517f7fa3e09f57dd23f89b384
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3082751
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76183}
F32ReinterpretI32 and I32ReinterpretF32 tests don't actually have
floating point values involved during testing and only use
integers.
This CL adds FP values as well as fixes the test names to match
their operation.
Change-Id: I321a7f7af8ae93f6eae4fa263f8e8d0b7bf4d672
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078381
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/master@{#76181}
This is a reland of fffcbaea55
Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}
In gdbbjit's event handler, we return early if code_type is not
JIT_CODE. Unfortunately, in all CodeLinePosInfo event, we memset the
struct, so code_type is always BYTE_CODE, so no line information was
getting saved.
Drive-by clean up to aggregate initialize JitCodeEvent. Since the
initializer list is empty, all members are value-initialized, and in
this case, zero-initialized.
Bug: v8:12035
Change-Id: I67df2688f13fafbb0806546568eb2574ac8d5e2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071909
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76179}
Since array.new_with_rtt implicitly introduces a loop, we should mark
any loop including this instruction as non-innermost.
Bug: chromium:1236958
Change-Id: I2d92b5fdba748df0e4ac1d6cbc524428b1042578
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080574
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76178}
The fix landed as a separate CL: https://crrev.com/c/3081522
This is an unmodified reland.
Original description:
We make an undocumented assumption in {CodeSpaceWriteScope} that a
single thread will only work on one module at a time. If this is
violated, the thread-local {code_space_write_nesting_level_} would
prevent the second module from being switched to writable.
This CL adds a second thread local (in debug only) to check that if
there is already a {CodeSpaceWriteScope} open that it contains the same
{NativeModule} as any nested scope.
R=jkummerow@chromium.org
Bug: v8:11974
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Change-Id: Id827b6ca472f695e4500584349aba159aa07eed1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080578
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76177}
We currently print reference type indices as unsigned LEB. This will not
work properly for large indices (>=64), as they will be interpreted as
negative indices when read back. They may also alias with builtin types.
In this CL, we fix this by defining builtin types as negative numbers.
We add positive byte constants that can be used in function bodies.
We adapt wasm-module-builder and tests to the above changes.
Bug: v8:7748
Change-Id: I4dfaa65d4cbf77a6731ca2283148bd842ea5c56b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080569
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76176}
Check that the tag argument matches the exception's own tag, and throw a
type error if not.
R=jkummerow@chromium.org
Bug: chromium:1237751, v8:11992
Change-Id: Ia404b83c202a247791583f0252833c36801e9ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081523
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76175}
Code freeing can happen at any point in time where a GC might be
triggered. Hence it's difficult to ensure that no other
{CodeSpaceWriteScope} is already open at that point. The way these scope
objects are implemented forbids multiple scopes for different modules
though.
To solve this, this CL just avoids the code zapping in
{WasmCodeAllocator::FreeCode}, which is the only place that actually
writes to the code space. Without this, we do not need the
{CodeSpaceWriteScope} in {NativeModule::FreeCode} any more.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I1f01979e1eaea6c311c9ad568d605aabeef3bfc4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081522
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76174}
On OSes other than Windows and Fuchsia the write barrier assumes that
the caged heap is allocated below the stack.
Add CHECK that the assumption holds.
Bug: chromium:1056170
Change-Id: I64c790e61b4cfa2adb8274ed74111f0433e9aefb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080570
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76173}
This is a partial fix to mitigate immediate issues. The code needs some
overhaul to match the recent spec changes.
Drive-by-fix: Partially update comments to match spec
Bug: v8:11949
Change-Id: I6b03d38c758176e29e8951af21c43d030bbb684d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3075360
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76172}
Excluded keys should not be performed with GetOwnPropertyDescriptor on
source object in CopyDataProperties.
The key values fetch in CopyDataProperties might be arbitrary kind. It
may be smi, string, and symbol. Yet the proxy keys collected by
KeyAccumulator are not expected types for numeric keys. Those keys
should be converted to expected types.
Also updates a typo in comments of
BytecodeGenerator::BuildDestructuringObjectAssignment. The elements in
rest_runtime_callargs should be [value, ...excluded_properties].
Refs: https://tc39.es/ecma262/#sec-copydataproperties
Bug: v8:11532
Change-Id: If71bfedf8272ce8405e8566a016fae66b3007dd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060275
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76171}
The previous CL https://crrev.com/c/3069152 only did a pointer equality
check for host defined options. This broke code caching for chrome.
This CL extends the check to use a shallow strict equals check on the
host defined options elements.
Bug: v8:10284, chromium:1237242
Change-Id: Ie0ab17a5f5abe024061b6c3d3d68367d9e92b78b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081607
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76169}
This is no longer useful since the SerializeForBackgroundCompilation is
gone.
Bug: v8:7790
Change-Id: Icb4858a5863daca740fc13c52b7ee0bb7ec0f155
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081608
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76167}
Design doc: https://bit.ly/36MfD6Y, section "Improving Computational
Complexity of CSALoadElimination".
We optimize CsaLoadElimination::AbstractState::KillField() by
fine-graining AbstractState. We now represent it with 6 maps
corresponding to (object kind, offset kind) pairs. This makes it
possible for KillField() to manipulate the state faster. For more
information consult the above design doc.
Bug: v8:11510
Change-Id: I7d991cd47f946edb20e746bc7e6792ae3c70004f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3038521
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76165}
The getter and setter members may be set after initialization; in that
case, use acquire-release semantics.
Bug: v8:7790, chromium:1236965
Change-Id: Ia28c89b664787ff92a56a2f6dcc4d76655df5ff3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080567
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76164}
On Windows, the overhead of {SetPermissions} (which maps to a
{VirtualAlloc} call) heavily depends on the amount of memory on which
permissions are switched. Hence this CL changes permission switching
to only switch the code regions that are actually needed. This will
increase the number of system calls, but reduce the total size of
switched memory.
On a Unity benchmark, this reduced the lazy compilation time on Windows
from 13.7 seconds to 3.6 seconds (3.0 seconds without write protection).
On Linux, there is no measurable effect, but permission switching
generally seems to have way less overhead on Linux.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: I46dd4ae9997587226b3d81166cf2e1128383ab34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077144
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76163}
Rather than depending on slow signature checks, receiver type checks are
performed using fast numeric instance type checks.
This CL adds a instance type range for embedders to assign values and
uses these to perform type checks.
Bug: v8:11476
Change-Id: Ie8236ae47ca0ba93ae76a7e690b81aa0a2b0f3e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883623
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76162}
BoundedPageAllocator was added in https://crrev.com/c/1226915 with lots
of CHECKs. There was no special reason given for that, and it's
inconsistent with the default choice for DCHECKs that we have in other
parts of the code.
Hence this CL degrades most of these CHECKs to DCHECKs, except for the
{SetPermissions} calls which we need to execute in all configurations,
and where checking the return value makes sense to detect memory bugs or
OOM situations.
R=ishell@chromium.orgCC=bikineev@chromium.org
Bug: v8:11879
Change-Id: I23e3a961f2f5a6893bceaa4fb75be61fe895d5f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3059691
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76159}
Port edc349dbf5
Port 593fbb69c4
Bug: v8:11235
Change-Id: I19dd21a14f6475b0cf212728c4124f3b8f6c9c3b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3076770
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn>
Cr-Commit-Position: refs/heads/master@{#76156}
To consume a code cache off-thread
1. The embedder creates a CachedData object wrapping the data blob.
2. The embedder calls ScriptCompiler::StartConsumingCodeCache with the
CachedData, and receives a ScriptCompiler::CodeCacheConsumeTask
which takes ownership of the CachedData.
3. The embedder calls ScriptCompiler::CodeCacheConsumeTask::Run
on a different thread.
4. Once this completes, the embedded passes the completed task as an
optional argument into Source constructor, and calls Compile as
before.
This is roughly similar to how streaming compilation works, with the
QoL improvement that Source owns the CodeCacheConsumeTask and therefore
we can reuse the same Compile method and do the off-thread finalization
behind the scenes inside Compile.
On the v8::internal side, ScriptCompiler::CodeCacheConsumeTask wraps a
v8::internal::BackgroundDeserializeTask, which has a Run and a Finish
method. The Run creates a LocalIsolate (again, similar to
BackgroundCompileTask), calls some helpers on CodeSerializer, and stores
the pre-finalization result in a OffThreadDeserializeData structure.
This stores Persistent Handles to the off-thread initialized SFI and
a vector of Scripts needing fixing up, and it owns the PersistentHandles
object which owns those Handles. Finally, the Finish method consumes
this OffThreadDeserializeData structure, fixes up Scripts, moves the
SFI Handle into the caller HandleScope, and that's it.
Since we don't yet have the source at off-thread deserialization time,
the various code cache sanity checks are done without the source hash
when deserializing, and the Finish method re-does them now that the
source is available.
Bug: chromium:1075999
Change-Id: If1faf35ba3ef840fa4e735581d0b29c96c1d5fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067322
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76155}
Alternatively, the CHECK and load could be removed.
Bug: v8:7790,chromium:1237309
Change-Id: I45b1495002a47f2f4ff2915c7997e34c79c1aed2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080561
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76154}
.. in AccessInfoFactory. In order to be read safely, they must pass
the IsPendingAllocation predicate, called internally from TryMakeRef.
In a follow-up, DescriptorArrayRef methods should also be updated
similarly.
Bug: v8:7790,chromium:1236373
Change-Id: I96b59458033c327e3d2e01e8e4496e2c91609eb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080560
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76153}
.. namely:
AllocationSite::nested_site
CodeHandlerInfo::data
ScopeInfo::OuterScopeInfo
These are all immutable after initialization.
Bug: v8:7790,chromium:1237387
Change-Id: I73f1c366d9f4fa9ad721051dea668227ba987e63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080559
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76152}
Rolling v8/build: 1ed6f53..db33878
Rolling v8/third_party/aemu-linux-x64: Nw0OOp4j9l4Sj0WpOmaRhNeJ137UfsLg0P1YrF8uzKwC..SwiFc4HfyqrpEgrdH7vFxbez4XNv6ZZoVOjUMszAYo8C
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/2e0d77d..c71b1c7
Rolling v8/third_party/depot_tools: bbf0599..e989bf9
Rolling v8/tools/luci-go: git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b..git_revision:e7749d37e8e52fd6eb9c79266a17d7fcb6f6ec04
Rolling v8/tools/luci-go: git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b..git_revision:e7749d37e8e52fd6eb9c79266a17d7fcb6f6ec04
Rolling v8/tools/luci-go: git_revision:467ab48f5ed9f3ef32ae17f5b73a117e0c86566b..git_revision:e7749d37e8e52fd6eb9c79266a17d7fcb6f6ec04
TBR=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: Ic61d8afe7af10676c065dd31f46142635b5491dd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077358
Reviewed-by: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76148}
This reverts commit fee168ce06.
Reason for revert: The DCHECK fails when freeing code
(https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/38292/overview),
which means that the current code is not correct. The added DCHECK
makes the bots red though, so the state before this CL was still
better.
Original change's description:
> [wasm] Check correctness of thread-local write protection
>
> We make an undocumented assumption in {CodeSpaceWriteScope} that a
> single thread will only work on one module at a time. If this is
> violated, the thread-local {code_space_write_nesting_level_} would
> prevent the second module from being switched to writable.
>
> This CL adds a second thread local (in debug only) to check that if
> there is already a {CodeSpaceWriteScope} open that it contains the same
> {NativeModule} as any nested scope.
>
> R=jkummerow@chromium.org
>
> Change-Id: I43fa886d9d0fdf0e1846137dc411745fcca471fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074477
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76134}
TBR=jkummerow@chromium.org
Change-Id: I5262b0e886f99a64452966345fc084a1ab750459
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078360
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76146}
Adds a minimum estimated size.
Data suggests that estimated instruction size (+ relocation info size)
is linear to bytecode array length. This CL adds a constant for this
equation. The ratio remains the same.
This is important, because we want to increase success rate of
estimation when compiling on-heap.
When off-heap, we round up the assembler buffer to 4kB, so this CL
will only impact JS functions with more than 585 bytecodes, i.e, the
new added constant will be negligible.
Note: Relocation info (for Sparkplug) is usually so small that it is
not useful to have a separate zone for this.
Bug: v8:11872
Change-Id: I789e72f80b970d1f541965e7ae808b61c8174326
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069155
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76144}
pthread_jit_write_protect* functions are only available on arm64 Mac,
not on iOS (which also sets V8_{TARGET_,}OS_MACOSX).
This CL refactors the logic to detect whether pthread_jit_write_protect
and MAP_JIT are available and defines a global preprocessor macro which
can subsequently be used instead of the existing complex condition.
R=jkummerow@chromium.org, mlippautz@chromium.org
Change-Id: I63894f42df35406d6eee90a4ce5070c2fde7b566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76143}
C++ frames can get quite big in sanitizer builds. In the linked bug it
was an ASan debug build, which overflowed the stack by more than 8kB
just from C++ frames (when entering the runtime, there was no overflow
yet).
Hence increase the allowed stack overflow a bit for sanitizer builds,
from 8kB to 32kB.
R=jkummerow@chromium.org
Bug: chromium:1236560
Change-Id: I119fdb859f7ab5e6a0a4174cf79f0a16baa39432
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3078359
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76142}
So that it is possible to differentiate modules in the stack trace even
when they are anonymous.
R=kimanh@chromium.org
Bug: v8:11808
Change-Id: I12a1f07accdf62c404052f32624e9914381a7451
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3074472
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76141}
