- Swap() was not necessary as all uses merely required Merge()
- Remove unused empty Local ctor
- Use refrence for backref as it's always supposed to be non-null
Bug: v8:13193
Change-Id: Ide0a0de15185a67d028890371ae30528fd55a058
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846863
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82648}
This change adds support for new table element types besides the
existing support for func and extern.
The newly supported types are the generic types of the 'any' subtype
hierarchy: any, eq, data and array.
All these table types are also usable and accessible via JavaScript,
causing implicit internalization and externalization of the elements
on Table::get() and Table::set().
Bug: v8:7748
Change-Id: Ie85d8f5e1d70471360dd2fb8a39cd38efaac2c22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838729
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82643}
We found there are redundant load context operations in
some bytecode array.
like this:
LdaImmutableCurrentContextSlot [1]
Star0
...... (don’t edit accumulator)
LdaImmutableCurrentContextSlot [1]
Star1
Add r1
In that case, we could modify this bytecode array as:
LdaImmutableCurrentContextSlot [1]
Star0
...... (don’t edit accumulator)
Add r0
This CL will elide these redundant bytecodes
(LdaImmutableCurrentContextSlot and Star1), because there is no
side effect for loading context, and this context slot is immutable.
Change-Id: Ia26f4b934d3bd1d48c50c0c4699ba7942939991c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3816221
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82641}
This CL refines https://crrev.com/c/3829539 to only apply to let and
const declared variables. `var`s should stay `undefined`.
R=jarin@chromium.org
Bug: chromium:1328681
Change-Id: I35778c89fb04439348a4f6aebcdeb2db6234f9d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3848960
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82640}
FastForwardSchedule() was the only operation left which need the
StepResult. However, we can also invoke that method from
AdvanceOnAllocation(). That way we can remove all uses of StepResult.
Bug: v8:12775
Change-Id: If91d76906f0f75342abce1456ea7d4a6fe089bee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843142
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82639}
When you use the IntelliJ IDE, all the project-specific
settings for the project are stored under the .idea folder.
This patch add .idea to .gitignore to support IntelliJ IDE.
Change-Id: I55ca6530f00fd64f088485f7c856ad602b145f63
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3813066
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82637}
Per-context mode marking segregates worklists per context. Upon doing
so, Worklist::Local's move ctor was invoked which cleared the back
pointer to worklist. This break switching to that context which
happens in rare secnarios.
Rework Local marking worklists avoiding the move ctor which is also
removed.
Bug: chromium:1355545
Change-Id: If0e8c7f08df564b2a1e27e4a3fc5a6a40e46ee46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845630
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82636}
The generational barrier isn't supported on the background thread at the
moment. Make sure it isn't used on such threads by accident.
Bug: v8:13203
Change-Id: I5577f3802c1aba246955519c8c778fa741d56d96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840300
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82635}
The concurrent marker needs an override for JSObject subclasses with
their own visitor id and body descriptor. Implement the missing
VisitJSSynchronizationPrimitive.
Bug: v8:13214
Change-Id: Ie4f64e2b4e9b211f9661da75bf8d2d012f8d16ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3846320
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82634}
In collator and localeCompare, we have an incorrect optimization
for zero length string that compare the length and ignore the
fact some non zero length string could be considered as equal to
a zero length string because the content are all ignoreable.
Took out this incorrect optimization with test cases.
The regression is introduced in
6fbb8bc806 which first appeared in 97.0.4665.0
Bug: chromium:1347690
Change-Id: Ie70feb9598b1842f8a8744c38f33b3397865abfd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832526
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82632}
Namely:
- AccessorInfo::getter and AccessorInfo::js_getter,
- CallHandlerInfo::callback and CallHandlerInfo::js_callback.
The redirected/non-redirected callback distinction is required only
for simulated builds but we wasted memory also for all native builds.
Now we store these fields in "redirected" form which allows us to call
them directly from builtins or generated code. In case it's necessary
to call a callback from C++ code the C function address is read from
the redirection. This additional indirection makes the callback calls
from C++ code in simulated builds slower but saves memory for native
builds.
This CL should recover a part of memory regression caused by inlining
Foreign fields into AccessorInfo and CallHandlerInfo.
Bug: v8:12949, chromium:1336105, chromium:1335930
Change-Id: I38470ed21ee23b281247c11a9531542c7e4acca1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835686
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82631}
This changeset include:
1. [prepare for migrate] move `cctest/compiler/value-helper.h`,
`cctest/compiler/c-signature.h`, and `cctest/compiler/call-tester.h` to
`test/common` directory because both `test-codegen` and a lot of cctest file
include it.
2. [prepare for migrate] separate the tester helper part of `test-codegen`
into a new `codegen-tester` file.
3. finally, migrate test-codegen.cc to `codegen-unittest.cc`
Bug: v8:12781
Change-Id: Ia2f52c1d3b6b62501066dc1c4308a2c09d699e92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831146
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82630}
We used to treat Heap::ReportExternalMemoryPressure just like
allocation observer marking steps. Which means that we advance
incremental marking but never finalize here immediately. This is
now problematic without a separate COMPLETE phase when we don't reach
the stack guard because we are stuck in C++ for awhile. In such cases
we might perform way more marking work than we used to.
We can fix this by finalizing marking immediately at this point when
the stack guard was already armed. Otherwise we prefer to finalize
marking in a task where we don't have a stack at all.
For this we add a new method
IncrementalMarking::AdvanceAndFinalizeIfNecessary. AdvanceFromTask
is renamed to AdvanceAndFinalizeIfComplete to make the difference
between those methods more clear.
Bug: v8:12775, chromium:1354911
Change-Id: If57bedb1a5f87923ccb8ad3fe2b60952e3843975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3845082
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82626}
The load for external reference should be a full pointer load
instead of tagged size.
Change-Id: I3460a26abea5053ba6daa5c6ed908cb93431654a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842348
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82625}
This is a reland of commit 9b0d5cb14b
The newly added check does not allow comparisons with stale or
invalid pointers because attempt to access the page header might
crash.
Original change's description:
> [ext-code-space] Fix Code vs non-Code comparisons
>
> When external code space is enabled comparing Code and non-Code objects
> by looking at compressed values is not always correct. Such an approach
> works only for comparing Code vs Code objects or non-Code vs non-Code
> objects.
>
> This CL instroduces SLOW_DCHECK into Object comparison operators to
> ensure that such a comparison is allowed. Also, this CL instroduces
> an Object::SafeEquals() method which compares uncompressed values
> and thus is safe to be used for comparing Code with non-Code objects.
>
> Bug: v8:11880
> Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82611}
Bug: v8:11880
Change-Id: Iab3c8fe49cb954b2dc9171b3fc4b189e84763e73
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842932
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82624}
This check leads to quadratic runtime, which is problematic on huge
stacks (>10000 entries in the reproducer).
Typically stacks are small, so we check the first 16 entries one by one,
and then increase the step size. This still gives fuzzers and other
tests a good chance to find bugs, but avoids quadratic runtime.
R=thibaudm@chromium.org
Bug: chromium:1344481
Change-Id: Iaa3684410939d4c56177eed62787b29e409c3136
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842154
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82621}
Currently, when the input ArrayBuffer is detached during DataView
construction, the code will create an invalid DataView object whose
length, offset, and data_pointer are all incorrect. While this is
currently ok as the DataView is never exposed to JavaScript in that
case, it does cause issues as setting the data_pointer to a value
outside of the V8 sandbox leads to a CHECK failure. This CL now ensures
that the constructed DataView is always in a sane state to fix this.
Bug: chromium:1354429
Change-Id: I04260a5cf5547a420956d7a75e77f41408aa4f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841931
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82619}
This reverts commit 9b0d5cb14b.
Reason for revert: Seems to fail on gc-stress bots (e.g. https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20GC%20Stress%20-%20custom%20snapshot/43472/overview)
Original change's description:
> [ext-code-space] Fix Code vs non-Code comparisons
>
> When external code space is enabled comparing Code and non-Code objects
> by looking at compressed values is not always correct. Such an approach
> works only for comparing Code vs Code objects or non-Code vs non-Code
> objects.
>
> This CL instroduces SLOW_DCHECK into Object comparison operators to
> ensure that such a comparison is allowed. Also, this CL instroduces
> an Object::SafeEquals() method which compares uncompressed values
> and thus is safe to be used for comparing Code with non-Code objects.
>
> Bug: v8:11880
> Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
> Reviewed-by: Jakob Linke <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82611}
Bug: v8:11880
Change-Id: Ie34af0135625eff2975f78f4d2901a76b8517eb7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842930
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82616}
This CL shuffles around some code in `ScopeIterator` to better reflect
the two (internal) iteration modes:
- While "inside" the paused function we iterate based on lexical
scopes.
- Once we move past the paused function we iterate based on runtime
contexts.
This CL renames the advancing functions to `AdvanceScope` and
`AdvanceContext` respectively which operate in the following way:
- `AdvanceScope` first checks if the current lexical scope requires
a context. If so, we move one context up the chain, since the next
lexical scope belongs to that next context. Then we move up one
lexical scope.
- `AdvanceContext` moves one context up the context chain. Then we
we move up through all the lexical scopes until we find the next
lexical scope that requires a context.
The tricky bit is the transition from scope iteration mode to context
iteration mode. This is where the bug fix comes in. After doing one
standard `AdvanceScope` from the `closure_scope_` to the next
lexical scope, we need to keep moving up through the lexical scope
until we find the next lexical scope that requires a context.
The CL also changes how we collect the locals blocklist. The
locals blocklist is always put on the current context. So every
time we move up one context we reset the locals blocklist and
every time we move up the lexical scope we collect the scope
locals into the blocklist.
R=bmeurer@chromium.org, jarin@chromium.org
Fixed: chromium:1354464
Change-Id: I7b37687a8827c20d0660a25413d2c9117b5fe5ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3842158
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82615}
AdvanceWithDeadline() was only used from AdvanceFromTask(). So we can
move this method into AdvanceFromTask().
AdvanceFromTask() and AdvanceOnAllocation() share quite some code,
there is already a common bottleneck for both methods: Step(). So we
can move that code into Step().
Bug: v8:12775
Change-Id: I0f749f52df05d951f4310f05ff0d3977c6b2a9aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843143
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82614}
The generational write-barrier currently does not support background threads. As a result, building in the background a ConsString that
points to a young string can lead to bugs, since the young string could
be freed.
Bug: v8:13203
Change-Id: I0df7c8cca8712d765eff0b1e918379f5477fdee5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840940
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82612}
When external code space is enabled comparing Code and non-Code objects
by looking at compressed values is not always correct. Such an approach
works only for comparing Code vs Code objects or non-Code vs non-Code
objects.
This CL instroduces SLOW_DCHECK into Object comparison operators to
ensure that such a comparison is allowed. Also, this CL instroduces
an Object::SafeEquals() method which compares uncompressed values
and thus is safe to be used for comparing Code with non-Code objects.
Bug: v8:11880
Change-Id: I7ccf1f90f927beb2bb9f45efb303e902b1838d02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838172
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82611}
Write barrier was only used in Factory::CopyCode for the
InterpreterEntryTrampolineForProfiling. This was removed in
in https://crrev.com/c/3811287.
Change-Id: I4cd0863fc2629d2d564af6a269e722d1a9e128f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843141
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82609}
Turns out parking the outer Isolate needs to encompass the entire
lifetime of the inner Isolate during snapshot stress. Isolate
initialization locks the shared Isolate's client mutex to prevent shared
GCs. This mutex is also taken on Heap teardown on Isolate shutdown
during the shared heap verification, which may end up waiting in a
safepoint, causing deadlock.
Bug: v8:13217
Change-Id: I3893ae883ab345a9d36c9437ea15e90f18951057
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3843288
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82607}
This reverts commit abd0adf106.
Reason for revert: Test times out on Win64
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20msvc/23024/overview
Original change's description:
> [compiler] Make ReduceWord32EqualForConstantRhs work for Word64Equal
>
> Adds reduction case in MachineOperatorReducer for when the left-hand side of a
> Word64Equals is based on a 64-bit shift-and-mask operation, as is the case
> when Torque accesses 64-bit bitfields.
>
> This improves Speedometer2 by 0.15% on a Neoverse-N1 machine, with
> React-Redux being improved by 0.4%.
>
> Change-Id: Icd0451c00c1b25f7d370e81bddcfd668a5b2523c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834027
> Commit-Queue: George Wort <george.wort@arm.com>
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82593}
Change-Id: I26515348a3d8de58445ecddc0486d9fcc2711cec
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3839048
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82603}
The mutex is there to protect against concurrent compilation of the same
function. It can be avoided by accumulating the vector of call targets
locally in the LiftoffCompiler, and only transferring it to the stored
type feedback once at the end (under the mutex).
Also, choose slightly better data structures: base::OwnedVector uses
less memory that std::vector (because it never over-reserves), and
std::unordered_map is more memory efficient and faster to lookup that
{std::map}.
R=jkummerow@chromium.org
Bug: v8:13209
Change-Id: I7aa82560a83cbac5c019effc7fd38c9b1495a42c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840294
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82602}
WaiterQueueNodes as used by JS synchronization primitives are per-main
thread, and external pointer handles to those nodes are 1-1. That
1-1-ness is captured by each main thread Isolate having a
waiter_queue_node_external_pointer_ field.
The current logic is incorrect on unlock paths as the Isolate that
requested the unlock can point its own
waiter_queue_node_external_pointer_ to another Isolate's
WaiterQueueNode. This CL fixes this by having each WaiterQueueNode hold onto its own external pointer handle.
This CL also fixes an embarrassing bug where the WaiterQueueNode was not correctly dequeued on timeout.
Bug: v8:13189, v8:12547
Change-Id: I8db16ae6d653d2e71989ad003faae20fcee06a25
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3832298
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82601}
