mark-compact.cc: Iterate over all new space pages.
heap-layout-tracer.cc: Iterate over the paged new space.
Bug: v8:12612
Change-Id: I4d8dfc48632908a80793a77c211020452c675ecf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823134
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82365}
Currently a deadlock can result on heap teardown during the shared heap
verification which performs a global safepoint. The heap teardown awaits
compile tasks, while the compile helper thread is waiting on a
global safepoint.
Bug: v8:11708
Change-Id: I8328a4b142cb9045bfaf592ac4f4dd259ba0d397
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820354
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82364}
This is a reland of commit 5592bad963
- Disable timeout signal handler with --fuzzing
- Properly initialize sigaction object
Original change's description:
> [d8] Dump stack trace on d8 tests timeouts on posix systems
>
> - Add a SIGTERM handler in d8 that dupms the stack trace
> - Send SIGTERM before SIGKILL in the test runner
>
> Bug: v8:13115
> Change-Id: I75285f33caabab61ff6ae83c1fbc6faf45cf595a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3791906
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82173}
Bug: v8:13115
Change-Id: I115cc3f671ebe11ba204e75a6fc358ca3477e950
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820221
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82361}
This reverts commit 9d36b2dd0d.
Reason for revert: Win64 crashes
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20debug/43496/overview
Original change's description:
> [base] Add new API to protect data memory
>
> This adds a new {base::OS::SetDataReadOnly} method, which is similar to
> {SetPermissions(kRead)}, but using another system call on Windows such
> that it works on pages in the data segment.
> {VirtualAlloc} will fail if called on a page of the data section,
> whereas {VirtualProtect} succeeds. For the general {SetPermissions}
> API we still want to use {VirtualAlloc} though, as it also changes the "committed" state of the pages.
>
> Note that we do not add a platform API for this, as the memory was
> never allocated through the platform. We just directly protect it in
> V8.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: If83bf6e5c500cc5cf08c76d04dfac5e2b4d35a2d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820482
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82349}
Bug: v8:12887
Change-Id: I86fffa60d6766dcdaf44f57f18266fec22eb9016
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824409
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82360}
The system analyzer relies on server-side processing to symbolize C++
addresses, using lws-middleware.js:
ws --stack system-analyzer/lws-middleware.js lws-static cors
This does not work on Android however, given the log file refers to the
stripped apk file rather than the unstripped libchrome.so binary. This
CL adds the --apk-embedded-library option to the middleware script to
make this work:
ws --stack system-analyzer/lws-middleware.js lws-static cors \
--apk-embedded-library=/path/to/out/android/lib.unstripped/libchrome.so
Also, for completeness, add the --target option to set targetRootFS.
Bug: v8:10644
Change-Id: I7bb73adf49e3af8eaa88a5e2c81ec913023ac1a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823133
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82359}
The zone-allocated objects, the destructor is never called. Such
objects must therefore never contain members that themselves have
non-trivial destructors, e.g. std containers.
Fix occurrences of this antipattern in Maglev.
Bug: v8:7700
Change-Id: I6892cf5203bb6e842397fd4292918b18134f97cc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822672
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82358}
PagedNewSpace requires a different way of iterating over new space.
This is because we can no longer assume that everything before top is
allocated and everything after is free.
Bug: v8:12612
Change-Id: Iedd36a6d3dc5019553f58f1ba9f5d06529a7ce9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823129
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82357}
... which will be necessary once builtins become Code-less.
Bug: v8:11880
Change-Id: If48739c3a058e6baf3c2e062d8eaace062c27592
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822686
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82352}
ML-TF tiering remains very similar to Ignition-TF tiering:
- When the interrupt budget is exhausted, enter the TieringManager
which potentially decides to tier up and sets the appropriate
TieringState on the FeedbackVector.
- The prologue on ML function entry recognizes the TieringState (and
also available cached TF code) and starts compilation and/or jumps
into optimized code.
TODOs:
- ML-to-TF OSR is not yet supported.
- ML code is no longer cached on the FeedbackVector.
- Tracing is rudimentary.
- The generated function-entry prologue is fairly large and must be
either minimized or extracted into a builtin.
- Tiering involving Sparkplug is not entirely robust yet (Sparkplug
code may be installed with unexpected timing).
Bug: v8:7700
Change-Id: I86b0692477f51b9967f318a4093bc874344120b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629149
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82351}
- Add explicit --turbo-profiling-output and --turbo-profiling-input
- Rename --turbo-profiling-log-file to --turbo-profiling-input
- No longer log PGO data to v8.log
- Add runtime %GetAndResetTurboProfilingData helper function for
more controlled logging within chrome
- Rewrite generate.py script to use more python3
Bug: v8:10470
Change-Id: Ib817b5c3793a0a7ae77103075ea2d6f6d0282150
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820381
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82350}
This adds a new {base::OS::SetDataReadOnly} method, which is similar to
{SetPermissions(kRead)}, but using another system call on Windows such
that it works on pages in the data segment.
{VirtualAlloc} will fail if called on a page of the data section,
whereas {VirtualProtect} succeeds. For the general {SetPermissions}
API we still want to use {VirtualAlloc} though, as it also changes the "committed" state of the pages.
Note that we do not add a platform API for this, as the memory was
never allocated through the platform. We just directly protect it in
V8.
R=mlippautz@chromium.org
Bug: v8:12887
Change-Id: If83bf6e5c500cc5cf08c76d04dfac5e2b4d35a2d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820482
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82349}
This reverts https://crrev.com/c/3778717, and also switches "Promise"
to a boolean enum.
The underlying clang crash is fixed, see linked issue.
R=thibaudm@chromium.org
Bug: chromium:1344641
Change-Id: I7fac50eb4f1155aca1c101f01892df78cdde46e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823128
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82348}
Port c3ca815877
Original Commit Message:
In release builds, FLAG_debug_code is statically false. Without LTO,
this information is not available to callers of the various Assert
functions though.
This CL defines the methods as empty if V8_ENABLE_DEBUG_CODE is not set.
This removes some calls from non-LTO builds, and might even slightly
improve LTO builds if we enable more optimizations earlier in the
pipeline.
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I5c82eed38db6a2f49e833410554231bc61518b18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820068
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82344}
Introduce common bottleneck for all incremental marking step
invocations from a task context. This will later be used to move
code out of IncrementalMarking::Step.
Bug: v8:11708
Change-Id: Iba2dc2402083f8b4152ded56eaf0e13d473442a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822682
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82343}
This is a reland of commit 6953b5550e
The reland fixes tests that retrieved the stack start from a
non-inlined frame's fp. This does not work in certain configurations
as the resulting marker is too low to consider the first local
variables in subsequent calls.
The fix uses an inline frame address for the tests to get an upper
bound of stack addresses to consider.
Original change's description:
> [handles] Remove precise on-stack representation of global handles
>
> Since https://crrev.com/c/3806439 on-stack traced handles are marked
> conservatively when being used in combination with CppHeap.
>
> This change removes the precise on-stack representation of the
> internal traced nodes as they nodes would anyways be marked
> conservatively. The effects are:
> - cheaper representation (just a single node space);
> - uniform handling: no checks to distinguish on-stack vs on-heap;
> - no brittleness around cleaning on-stack handles when the event loop
> is empty;
>
> Change-Id: Id859623bfed77a66bdd064ea8065536264515eae
> Bug: v8:13141
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3812039
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82306}
Bug: v8:13141
Change-Id: I53ece36220e99d02be6df18f83c18450e5d5037b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820585
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82342}
Growing Wasm memory is allowed to fail nondeterministically.
I checked locally that this is indeed what is making this test fail in
--verify-predictable mode.
R=jkummerow@chromium.org
Bug: v8:13167
Change-Id: I91d21c91481ac692a9f6000be45d43d517e76cd4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822684
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82341}
This is a reland of commit b67385d22f
The fix landed in https://chromium-review.googlesource.com/c/v8/v8/+/3819643
Original change's description:
> [wasm] Enable lazy compilation on --future
>
> This should increase test coverage of lazy compilation.
>
> R=clemensb@chromium.org
>
> Bug: v8:12852
> Change-Id: I205f4b642576add07db5851126370becdad52fb8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3784597
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82291}
Bug: v8:12852
Change-Id: I97c0aa7962b79e04dd778520e4c3108e20b83c10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819641
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82339}
This CL adds a small inspector test to verify that Runtime.evaluate
with silent on/off can be interleaved while replMode is true for all
evaluations.
This is to check that the interaction between console and live
expressions works as expected when the user enables
"Pause on exceptions".
R=bmeurer@chromium.org
Bug: chromium:1335439
Change-Id: Iebd3f9f207312dc6dcd3d0b9a8483ef09608528f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822685
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82337}
The original CL triggered a fail in a test that was actually broken.
This broken test has now been disabled.
Original CL description:
> In a subsequent CL, I'll need to do String allocations in Turbofan (in
> the background), where only a LocalFactory is available. By moving
> those string allocation functions to FactoryBase, they will also be
> available in the LocalFactory.
>
> Change-Id: I066bbd4b5016645de183633ef237986e0ae50f5d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3811581
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82262}
Change-Id: I89108038bd7b3d1e99ad16837fd730b7703d3c9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816669
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82335}
as part of --instruction-stats.
Change-Id: I4504514fa291a28bc04dec31d8a444b316e7d7b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823123
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82334}
Since targets might not yet exist, we skip them.
Bug: v8:7700
Change-Id: I6ae8a4fd7cbba3ead1f1a13865841d631796090d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823121
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82332}
In order to support a larger heap cage (8GB, 16GB), the cage offset
will take up more than 32 bits. As a consequence, for 8GB cages, the
least significant bit of the cage offset will overlap with the most
significant bit of the tagged offset. To avoid this, allocations need
to be aligned to 8 bytes to free up one bit from the offset.
All changes are deactivated behind the build flag
`v8_enable_pointer_compression_8gb`. Allocation folding is not yet
supported.
Bug: v8:13070
Change-Id: I602c71232e98eac4e2701b0922704a7adc31a662
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3817741
Commit-Queue: Teo Dutu <teodutu@google.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82331}
... which affect how builtin calls are generated.
This CL replaces the following boolean options
- builtin_calls_as_table_load,
- inline_offheap_trampolines,
- short_builtin_calls,
- use_pc_relative_calls_and_jumps,
with an enum BuiltinCallJumpMode and a boolean option
use_pc_relative_calls_and_jumps_for_mksnapshot.
Bug: v8:11880, v8:11527
Change-Id: Ia842b1d126c99dbe83e5b4f6118dcd44082ed168
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820063
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82330}
This CL includes:
1) Using 1 full GC instead of 2 young GCs to force object promotion.
2) A couple of needed bailouts.
3) Using manual evacuation candidates in old space to ensure an object
is evacuted (moved to a different address) instead of relying on
Scavenger.
And some other minor tweaks
Bug: v8:12612
Change-Id: Idfd925ccdf30215998ab6e7cc632ce750fa2077a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816661
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82327}
{memory-protection-unittest} assumes that code objects exist after
compilation. This is not true with lazy compilation. Therefore this
CL disables lazy compilation in the test.
R=clemensb@chromium.org
Bug: v8:12852
Change-Id: I66039319fdfe4354afb32064e3e9105d334f5b07
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819643
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82325}
This CL tries to improve readability of TryMarkingComplete() by
splitting it up into multiple smaller methods.
It also removes StepResult::kWaitingForFinalization since this was
only used in one test which could easily be rewritten to not need this
value. This makes CombineStepResult() and Step()s return value simpler
to understand.
Bug: v8:12775
Change-Id: I981bc7b736246ab53058d1e61e3c67db0d1130b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816668
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82319}
Port e5524920a6
Original Commit Message:
This might or might not give clang-tidy a hint that the reported case
(see issue) cannot happen. It might also generate slightly better code
by giving hints to the compiler.
Note that V8_ASSUME is actually a DCHECK in DEBUG builds, so we do not
loose any checks here.
Some DCHECKs were removed because they are redundant
(RegisterBase::code() assumes to be only called on valid registers).
R=clemensb@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I653d398eb4b6b10fa769de62a9900edda95dd5db
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820583
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82318}
Port 1067c6accc
Original Commit Message:
... - a code range size agnostic version of InterpreterEntryTrampoline
builtin. The new builtin is fully compatible with the default version
and used as a template for creating interpreter entry trampoline
Code objects when --interpreted-frames-native-stack is enabled.
This CL introduces a new assembler option "position_independent_code"
which affects the way builtin calls are generated.
This mode is enabled only for InterpreterEntryTrampolineForProfiling.
Motivation:
* InterpreterEntryTrampoline uses RelocInfo::CODE_TARGET for calling
other builtins which requires the code range to be small enough to
allow PC-relative jumps/calls between Code objects. This is the
reason why --interpreted-frames-native-stack was not supported on
arm and might not work on arm64 because the code range is bigger
than the max PC-relative distance for call/jump instructions.
The new builtin calls other builtins via builtins entry table which
makes the code fully relocatable and usable for any code range size.
* RelocInfo::CODE_TARGET requires a target code to be materialized
as a Code object which contradicts the Code-less builtins goal.
* The --interpreted-frames-native-stack is rarely used in the wild but
we have to pay the price of deserializing InterpreterEntryTrampoline
builtin as a Code object which consumes address space in the code
range and thus limits the number of V8 isolates that can be created
because of code range exhaustion. Now the pointer compression cage
becomes the limiting factor instead of the code range.
* We can remove complicated logic of Factory::CopyCode() and respective
support on GC side.
R=ishell@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I2ed5edbffc5c33717f4becf8370369f7a4d000fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816765
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82317}
