Bug: v8:13181
Change-Id: I8eaa84ffc408225ee28dca17607b940fd3f34977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826068
Commit-Queue: Adam Klein <adamk@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82414}
This reverts commit cf765fc348.
Reason for revert: fixes more tests than expected in test262:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/49412/overview
Original change's description:
> [Temporal] Use double instead of int32_t for input of BalanceTime
>
> To avoid overflow int32_t in the math of balancing time.
>
> Bug: v8:13182, v8:11544
> Change-Id: Ib76cf95bbd4f9b47efd6921a67b09d3024e72b13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827310
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82409}
Bug: v8:13182, v8:11544
Change-Id: Id7dd491b4485d13b0e2cc6aae8603479c7949ce8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827670
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82413}
This is a reland of commit 6e0251f9e2
No changes since revert. Was reverted on suspicion of breaking node integration, but was not the culprit.
Original change's description:
> [turboshaft] Print operator properties as custom data for turbolizer
>
> Bug: v8:12783
> Change-Id: Ie5812217b3e858d94174087fc492887b00dd2e9a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820581
> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82401}
Bug: v8:12783
Change-Id: I3d220e031d89f960b8cd23860f82ec0a8f147aa2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827665
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82412}
Change-Id: I877a5ebe8e8dff51d7bbd49d203cf71131e4d9fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805821
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82411}
Change-Id: I7ecdfa6ee865d87851bf1975ddd48bd0bfcd39ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805822
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82410}
To avoid overflow int32_t in the math of balancing time.
Bug: v8:13182, v8:11544
Change-Id: Ib76cf95bbd4f9b47efd6921a67b09d3024e72b13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827310
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82409}
in AdjustRoundedDurationDays
Bug: v8:11544
Change-Id: I5067aba802b5051312afdd38b0f9c71bfdc14c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825617
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82404}
Remove the unnecessary int64_t version of RoundNumberToIncrement
and remove the unneeded RoundHalfAwayFromZero. Change the type of the
increment to double from int64_t.
split from cl/3750098
Bug: v8:11544
Change-Id: I591486c472e9c1343306ff9a1d0384d06fe01835
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824194
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82403}
So far, we decoded instructions with the 0xFB prefix as two-byte, i.e.
a single "u8" byte following the prefix.
This patch changes that to 0xFB + LEB, which is how all prefixed
instructions are supposed to do it. Currently this makes a difference
only for the stringref proposal (instructions 0x80 through 0xb3).
It has the unfortunate consequence that all stringref instructions need
three bytes for now. We expect them to go back to a two-byte encoding
scheme (while remaining LEB compliant) when their final encoding is
decided.
Bug: v8:12868
Change-Id: I603f60adae88e9b985cb65288d9eeb7f98da8138
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825887
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82400}
Port c5d4812196
Original Commit Message:
This CL adds the shared barrier to the RecordWrite builtin which is
used in generated code for builtins, interpreted and optimized code.
The out-of-line part of the barrier now checks whether either the
POINTERS_TO_HERE_ARE_INTERESTING or the IN_SHARED_HEAP bit is set in
the value object's page flags.
Outside of marking the RecordWrite builtin now needs to check whether
to insert into the generational or shared remembered set. Inserting
into the shared remembered set will always call into C++ code.
During marking the RecordWrite builtin now also needs to check whether
this store created an old-to-shared pointer.
R=dinfuehr@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I850fc234fa34868c6320fc64c6dac7e2f24af1c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825891
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82399}
This is a reland of commit 9d36b2dd0d.
The test case is fixed to actually protect a part of the data section
instead of the stack (which was unintended and could lead to segfaults).
Original change's description:
> [base] Add new API to protect data memory
>
> This adds a new {base::OS::SetDataReadOnly} method, which is similar to
> {SetPermissions(kRead)}, but using another system call on Windows such
> that it works on pages in the data segment.
> {VirtualAlloc} will fail if called on a page of the data section,
> whereas {VirtualProtect} succeeds. For the general {SetPermissions}
> API we still want to use {VirtualAlloc} though, as it also changes the "committed" state of the pages.
>
> Note that we do not add a platform API for this, as the memory was
> never allocated through the platform. We just directly protect it in
> V8.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: If83bf6e5c500cc5cf08c76d04dfac5e2b4d35a2d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820482
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82349}
Bug: v8:12887
Change-Id: Ib7c24b43b53d568dafb4a56cf8db7479c784e8d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825889
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82398}
The buggy version was introduced in crrev.com/c/3629149. Currently we
only use this OSR mechanic for a Turbofan target tier.
Bug: v8:7700,chromium:1352010
Change-Id: I5e6d5803c489360a6fa5cca6cca1966dd4bb5c48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825890
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82397}
Explicitly check that the memento is not in the unallocated portion of
the current LAB.
Bug: v8:12612
Change-Id: Ie060f44187d2280e72e2eebb0f3c284e2d6c7446
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824337
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82396}
Two inputs might alias the same node. If one input is assigned
any location before the second input is assigned a register, we
might have two inputs in the node in different locations.
Assigning any location later forces the inputs to point to the
same location (either a register or a stack slot).
Bug: v8:7700
Change-Id: I53e35e5d5afa7e82e2a62a9b0c551b609079c79b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825886
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82395}
... in compiler and other components.
Bug: v8:11880
Change-Id: I3a51c33499e7c7169f171c4be0600d7822dafc27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825883
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82391}
Updates when moving a whole page were done only on new to new moves.
For MinorMC we need to update on new to old moves.
Bug: v8:12612
Change-Id: Icf7b98a005ec2f9ee3863ffa15ebe44fdfc64289
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824338
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82389}
This CL removes the bailout when trying to collect the scope info
for the class member initializer function. While this might not have
worked previously, now we only need to tweak the scope search
slightly to fix this. Class member initializer functions never
have their own context but instead us the class context. That means
that most of the logic in debug-scopes.cc doesn't really matter and we
only need to initialize the ScopeIterator properly with the class
context and the member initializer JSFunction.
Note that this still does not fully fix bug 1350842. That is because
we still run into a DCHECk when paused at a `new class { ... }`
statement. We'll fix that in a separate CL.
R=bmeurer@chromium.org
Bug: chromium:1350842
Change-Id: Id128b10676a5aa8a77309735e755e485f2c14446
Fixed: chromium:1246889
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825881
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82387}
This function should properly forward any exceptions it encounters,
instead of silently swallowing them. Being an API function, that
means moving them from "pending" to "scheduled" state.
Fixed: v8:13123
Change-Id: I20b0782fd806e456f14dda84100000c857481d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825880
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82386}
Heap::ReportExternalMemoryPressure() uses a slightly different
behavior for incremental marking steps than AdvanceFromTask() or
AdvanceOnAllocation(). This CL switches this method to use
AdvanceOnAllocation().
Bug: v8:12775
Change-Id: If9bb2c2cf3048196286e4b1443129025fbfdf984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825780
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82385}
There's no need to decode the tiering state in generated code - merge
these runtime functions and decode in the new generic CompileOptimized
runtime function instead.
CompileMaglev_Synchronized
CompileMaglev_Concurrent
CompileTurbofan_Synchronized
CompileTurbofan_Concurrent
->
CompileOptimized
Bug: v8:7700
Change-Id: I36f3964bb5bb72b35f65f454c3ad3db0656c14bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825877
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82383}
StringConstantXXX were introduced when we switched to concurrent
compilation, as a way to build strings in Turbofan in a background
thread, without having to actually allocate them on the main heap
from the background. See https://crrev.com/c/1221807.
Now that we have local heaps, we can actually allocate strings from
the background, making StringConstantXXX useless.
Moreover, we would fold constant string concatenations into
ConsString, which sounds a bit dubious for performance. Now, small
constant string concatenations will be folded into SeqStrings, while
larger ones will remain ConsString, just to avoid the quadratic
worst-case.
Change-Id: I0479d16aa5691c9d774187c4cc0d03ff4fe2b4f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811291
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82381}
This is a reland of commit 532ca59910
Fix interger overflow when result_location is invalid in
MaglevCompiler::InReturnValues.
Original change's description:
> [maglev] Support LdaModuleVariable and StaModuleVariable
>
> Bug: v8:7700
> Change-Id: I036ac71324e0c1c96a4da4aacdb5a6718726db31
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3821203
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: 王澳 <wangao.james@bytedance.com>
> Cr-Commit-Position: refs/heads/main@{#82347}
Bug: v8:7700
Change-Id: I24f56691eefd1c6cb695fedd3b5c14264bb17943
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824942
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82379}
Add tracing for ML compilation begin and end events.
Drive-by: Slight refactors of related tracing functions for other tiers.
Bug: v8:7700
Change-Id: I8d7633c63642fc6d4418c71d87955cf3bcf1d496
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825779
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82378}
The CL https://crrev.com/c/3807594 changed the scope retrieval search
to a DFS over the scope tree. This makes it no longer necessary to
special case for the `DefaultBaseConstructor` scope so we can delete
that code.
A separate follow-up will prune the DFS slightly but not as much as
we tried to initially.
R=kimanh@chromium.org
Bug: chromium:1348186
Change-Id: Ia54bd5e301aaeb195953b1384077cd30b6b6ef59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825777
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82377}
.. and allow recompilation attempts in the future. This roughly matches
Turbofan behavior, which also aborts and may later recompile.
Deps can fail e.g. when the heap state changes concurrently during the
compilation process.
Bug: v8:7700
Change-Id: I517adcca7ec5a7dff14b7ca7dba766e74564bd01
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825778
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82376}
This CL adds the shared barrier to the RecordWrite builtin which is
used in generated code for builtins, interpreted and optimized code.
The out-of-line part of the barrier now checks whether either the
POINTERS_TO_HERE_ARE_INTERESTING or the IN_SHARED_HEAP bit is set in
the value object's page flags.
Outside of marking the RecordWrite builtin now needs to check whether
to insert into the generational or shared remembered set. Inserting
into the shared remembered set will always call into C++ code.
During marking the RecordWrite builtin now also needs to check whether
this store created an old-to-shared pointer.
Bug: v8:11708
Change-Id: Iaca4c3c0650aece4326936d7d63754a23cd0a028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779679
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82375}
.. to match behavior. According to the old signatures, the functions
returned bool (they actually returned CompilationJob::Status). This only
worked because return values are unused. Change to void return type
instead.
Drive-by: Code reuse in FinalizeMaglevCompilationJob.
Bug: v8:7700
Change-Id: I45f75121c230063dec96a5197cc9fdc3b64aae6f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822683
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82373}
We have a bug report from 2018 that no longer reproduces on ToT.
This CL adds a regression bug regardless to make sure we don't
re-introduce the bug that got fixed as a side-effect.
R=kimanh@chromium.org
Fixed: chromium:1246896
Change-Id: I8f9fdcbf7051b23e03cbbfc572771a410f70ad37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822668
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82372}
- Unify old Pool interface with the new context related interface
- Add single threaded execution pool
- Defer task killing back to OS context
- Defer process listing in indicators back to OS context
Bug: v8:12785
Cq-Include-Trybots: luci.v8.try:v8_numfuzz_dbg_ng,v8_numfuzz_ng,v8_numfuzz_tsan_ng,v8_android_arm64_n5x_rel_ng
Change-Id: I8ffe01c5d567411203f69ecc451c718ff35d81c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3781347
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#82371}
This is a reland of commit b1020a4345
Changes since revert:
- Fixed global safepoint interrupts in
https://chromium-review.googlesource.com/c/v8/v8/+/3820913
Original change's description:
> Reland "[shared-struct] Add Atomics.Condition"
>
> This is a reland of commit e2066ff6bf
>
> Changes since revert:
> - Rebased against c991852491, which
> uses the external pointer table for the WaiterQueueNode stored
> in the state field when compressing pointers. This relaxes
> the alignment requirement of the state field to be 4-bytes when
> compressing pointers.
> - Moved the state field into the JSSynchronizationPrimitive base
> class, since alignment and padding can now be made simpler.
>
> Original change's description:
> > [shared-struct] Add Atomics.Condition
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630350
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Reviewed-by: Adam Klein <adamk@chromium.org>
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763787
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Bug: v8:12547
Change-Id: Ibc6de74c7853e4ea766ff2c70f92339ba69f2675
Cq-Include-Trybots: luci.v8.try:v8_linux_arm64_rel_ng,v8_linux64_tsan_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820901
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82368}