Splits the 64bit operation to a seperate function since there are
different return types depending upon whether the architecture is
64-bit or 32-bit.
BUG=v8:6949,v8:11074
Change-Id: If196cf658298ca0a1e5a13e1db812178307e7d12
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531789
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71132}
The new predicate allows a background thread to check if the given
object was recently allocated and may potentially be unsafe to read
from the background thread.
The current implementation has relatively high overhead as it loads
two pointers per heap space. It will be optimized in the future.
Bug: v8:11148
Change-Id: I2a9dfb2c70de4b8214b8f8a35681a8bab1a63ca8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532296
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71130}
Splits the 64bit operation to a seperate function since there are different
return types depending upon whether the architecture is 64-bit or 32-bit.
BUG=v8:6949,v8:11074
Change-Id: I47c84a0104f71ec8865f12cbfa201f2f76cf08bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529911
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71128}
Previously, we performed "is A subtype of B?" checks by walking
A's supertypes list and comparing every found type to B.
This CL stores not just A's immediate parent type on A, but its
entire list of supertypes, and uses that list plus compile-time
knowledge of B's distance to the root type in order to compare
only exactly one of A's supertypes to B.
Bug: v8:7748
Change-Id: I0011b72c4b54440b16494918f64d8fb119bef8b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527097
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71127}
With --always-opt / %OptimizeFunctionOnNextCall it is also possible
that we see CompileOptimizedConcurrent marker when we install optimized
code. For example,
1. Mark function for concurrent optimization and trigger a job.
2. Create a new JSClosure and with --always-opt we optimize concurrently
and install optimized code. This clears the marker.
3. The installed optimized code is GCed or deopts and we re-mark the
function for concurrent optimization.
4. The optimize job created in step 1 finishes.
Bug: v8:11139, chromium:1146714
Change-Id: Ic2aa456b76d74d939441a84528bc5c27d9ea9381
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529450
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Mythri Alle <mythria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71126}
Address a few bits of code review feedback that came in after landing
https://chromium-review.googlesource.com/c/v8/v8/+/2493060:
- Add ModuleRequest:kAssertionEntrySize and use in place of a numeric
literal.
- Get rid of ModuleRequestLocation and separate module_request_positions
FixedArray, and merge these into AstModuleRequest and
v8::internal::ModuleRequest.
Change-Id: If6d628d29bfa6fbd9933c6cdaa706623128ccc5d
Bug: v8:10958
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2530478
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Dan Clark <daniec@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71125}
On builds without pointer compression enabled, v8windbg currently fails
to display information about objects in the Locals pane. This is because
some important code to get a type name was hidden behind a
COMPRESS_POINTERS_BOOL check. The existing cctest
test-v8windbg/V8windbg is sufficient to catch this error, but apparently
nobody ever runs that test in the failing configuration (Windows,
symbol_level = 2, v8_enable_pointer_compression = false).
Change-Id: Ia4e2714b11e6854b3f4f6b72da4ae8c352e8cddc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2530413
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#71124}
This CL lets Torque generate the Context C++ class and BodyDescriptor
for Context.
This requires two Torque changes:
- Allow @generateBodyDescriptor on @abstract classes, since all Context
classes share the same BodyDescriptor.
- Add a new annotation @relaxedWrite, which makes C++ setters
use WRITE_RELAXED_FIELD instead of WRITE_FIELD.
Attention: As a side-effect, this CL disables using
WRITE_RELAXED_FIELD by default for all non-array fields. If this
causes problems, we should manually add @relaxedWrite to the
corresponding fields.
Bug: v8:7793
Change-Id: I735b310bcb36a3612d86c22efa9c0bfc108d4ca6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529453
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71123}
This adds support for OrderedHashSet, OrderedHashMap, and
OrderedNameDictionary to Object::Print.
It also refactors the existing printing of (unordered) hash sets, maps,
and dictionaries to increase code reuse.
Bug: v8:7569
Change-Id: I598f6a025f4170e440d3840ce18234772068a7ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523320
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71122}
Adds traits for checking for Member,WeakMember, and UntracedMember
types.
This allows the embedder to specify its own traits and restrictions
around cppgc types.
Bug: chromium:1056170
Change-Id: Ibe60b774128f72f1398267edd81233c50fca6eb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2532299
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71121}
Splits the 64bit operations to a seperate function since there are different
return types depending upon whether the architecture is 64-bit or 32-bit.
BUG=v8:6949,v8:11074
Change-Id: I13cc576a26f60288281c42df3326ba902fd36dbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529910
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71120}
Replace by explicitly deleting the copy constructor and copy assignment
operator.
R=zhin@chromium.org
Bug: v8:11074
Change-Id: Ifbfaad91d555649f586f37c251c6f4c378dcba46
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523317
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71118}
... instead of FLAG_concurrent_recompilation. The
optimizing_compile_dispatcher may be nullptr despite the flag being
set.
Bug: v8:8888,chromium:1145988
Change-Id: Ia3a6b1a95dde2b8cdd43dd2beebf04c66f145f78
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2531781
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71116}
Replace by explicitly deleting the copy constructor and copy assignment
operator.
R=zhin@chromium.org
Bug: v8:11074
Change-Id: I30f4ff5ace47622cfb9891ee6a4d4f815ceb0ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523314
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71115}
This CL
* renames Name::hash_field field to raw_hash_field.
* all local variables that store raw_hash_field value are also renamed
to raw_hash_field where possible.
Bug: chromium:1133527, v8:11074
Change-Id: I17313f386110b33a64f629cc2b9d4afd1e06c6c0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2471999
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71114}
After https://crrev.com/c/2529140, the actual data race should already
be fixed. This CL updates documentation (by moving the field to the
fields protected by {mutex_}), and updates {SetHighPriority} to also
take the mutex. This change is not strictly necessary, because this
method is only called right after creating the object, so no other
threads have access to it yet. But relying on that seems brittle, and
moving the initialization to the constructor is a bigger refactoring
that I don't consider worth it at the moment. The whole priority
management will probably be refactored again soon anyway.
R=ahaas@chromium.org
Bug: v8:11141
Change-Id: I496b619d551aeb584bd6e777c04ed4df076c3ae9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529143
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71113}
This contains more changes to ordered hash tables towards using them as
property dictionaries.
Most notably, this CL makes the type of the used isolates a template
parameter for certain operations. This is already the case for
unordered hash tables, and necessary in follow-up CLs where ordered
name dictionaries are used with LocalIsolate as the isolate type.
Bug: v8:7569
Change-Id: I5c938425a2c196ccd0866b66318a350ebeac8be2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523319
Commit-Queue: Frank Emrich <emrich@google.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71112}
The message on the DCHECK says that no compilation should have started
when adding js-to-wasm units, but the check itself then also allows for
situations where the job was created but is already done. This is
unnecessarily permissive.
This CL fixes the DCHECK to check what the comment says.
R=ahaas@chromium.org
Change-Id: I6de8af33869fd11ae91ce2009c360b8d4ed54e9e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529142
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71111}
Introduces an AtomicUint64 type and a seperate AtomicLoad64 due to the
different types returned by loading 64-bit atomic values on 32-bit vs
64-bit architectures.
BUG=v8:6949,v8:11074
Change-Id: I95de994df9639847cd6b5fd56ea2a6585189ed3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529455
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71110}
Port 366d30c990
Original Commit Message:
- don't restore the context register after InvokeFunction unless we need
to for throwing exceptions.
- manually manage the frame to improve code layout for the fast path
R=verwaest@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I2db3ccd8948c21bc7c5be34237f016be305d7e72
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2530873
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71109}
Replace by explicitly deleting the copy constructor and copy assignment
operator.
R=zhin@chromium.org
Bug: v8:11074
Change-Id: I5accd5d3d4ecfd20d497d16a3cfd189d17314479
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523315
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71108}
.. in which the given map already matched the default map provided by
SharedFunctionInfo::function_map_index().
Bug: v8:8888,v8:11147
Change-Id: I43f51219e1c9534760c653049ac64bc6021c6a75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2530876
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71107}
Replace by explicitly deleting the copy constructor and copy assignment
operator.
R=zhin@chromium.org
Bug: v8:11074
Change-Id: If312e920b1ef42f8ef667f3b81066ff2aad054e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523316
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71104}
This CL aims at avoiding compilation of the same js-to-wasm wrapper
multiple times by iterating over all exported functions in the export
table and replacing the wrapper for all functions that share the same
signature with the function that tiered up.
Bug: v8:10982
Change-Id: I721de2f48844349de8a5d12f512a74957c66a0e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527082
Commit-Queue: Vicky Kontoura <vkont@google.com>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71103}
* Replace deprecated Factory::NewFunction* calls with JSFunctionBuilder.
* Drive-by: rename Factory::NewFunctionForTest to ..ForTesting (this is
the correct suffix recognized by our tooling to ensure it's only
called from tests).
Tbr: clemensb@chromium.org
Bug: v8:8888
Change-Id: I110063803e5b467bd91b75fe8fea2ca4174f2bcc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529129
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71101}
By keeping the SharedFunctionInfo around for modules with the kErrored
status, we don't need the additional script field anymore. The script
can thus be always accessed indirectly through the code object.
Removing the script field fixes context serialization of modules.
Bug: v8:11073
Change-Id: I9bb3c6b129a41e9d708547ceeb35e6d921c8eea0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504256
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71096}
- don't restore the context register after InvokeFunction unless we need
to for throwing exceptions.
- manually manage the frame to improve code layout for the fast path
Change-Id: Ibccb3bf604085bd470c4279d0348edcf6f18d796
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2523196
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71094}
When comparing a decoded i33 value (v) to an expected value (ex) given
as a 7-bit unsigned byte, we first truncated (v) to 7 bits. This
resulted in values which coincide with (ex) only in the last 7 digits to
erroneously be accepted.
Bug: v8:7748
Change-Id: Iaf40d5be7bbfa80535cec9109c7dd19a9d96edaf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2526387
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71091}
- It also fixes padding issues in the deoptimizer
Change-Id: Icac62892657830d067b7c21ff45b43ba58e350d9
Bug: v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2498694
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71090}
A new compile job can be scheduled from any thread, and
{current_compile_job_} is documented to be protected by {mutex_}. Hence
take the mutex before writing that field.
R=thibaudm@chromium.org, ahaas@chromium.org
Bug: v8:11089
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_isolates_rel_ng
Change-Id: I2d3b2c51a7d24c7e827bb7ddc9c76b718c2ccb4c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529140
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71089}
The tests assert that funcs are optimized / deoptimized a certain way.
Bug: v8:9237, v8:11138
Change-Id: Ia4879e722e442be52de0bf93919eb03fecb88147
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529136
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71087}
Also moves CallStubN to be a private member of code-assembler.
BUG=v8:6949,v8:11074
Change-Id: I88a36819aead919cc4f4deff201925562fc9f74f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527061
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Auto-Submit: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71086}
This is a reland of e3ec228c0a
Original change's description:
> Temporary compilation failure to test tree closing
>
> This will be reverted after testing the new tree closer.
>
> No-Try: true
> Bug: v8:10661
> Change-Id: I1b47976ee38cda447e2960ca4b6bd274f16425fe
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529131
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Liviu Rau <liviurau@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Michael Achenbach <machenbach@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#71081}
No-Try: true
Bug: v8:10661
Change-Id: Ia628c5eb7609b57c9ad7ebe042e63d056e0ff85f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2529144
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71085}
Construction of JSFunction objects is complex, mostly due to the
existence of multiple functions kinds (JS, wasm, builtin, test, ...)
that are all created slightly differently. For example, JS functions
may come with an existing FeedbackCell (and FeedbackVector), while
builtins and wasm functions always use the many_closures_cell (without
a vector).
Prior to this CL, construction logic was scattered over a family of
7 functions, without a clearly defined chokepoint for header
initialization. This was hard to understand, hard to modify, and
needlessly inefficient (by setting some fields twice).
This CL fixes all that by introducing JSFunctionBuilder. The BuildRaw
method is the chokepoint for allocation and initialization, and Build
performs common pre- and post-work.
Future work:
- Remove now-deprecated functions.
- Untangle SFI/Map/JSFunction construction and remove
Factory::NewFunction and NewFunctionArgs.
Bug: v8:8888
Change-Id: I709a2a44ee02e10593a4c9afe43d4d2c6d6351c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2527098
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71084}