Having interrupt budget updates be part of register allocation caused
various difficulties around gap moves for temporaries vs. gap moves for
phis. This patch splits them off into a separate node which is
separately allocated, and adds invariant checks that phi-updating nodes
don't do any other tricky register allocation.
Bug: v8:7700
Change-Id: I5a454fe4c5a5adff08d5a327ee34fbb43cda97ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751196
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81604}
This is a reland of commit 1ed7d0b8d1.
The (hopefully) last issue in chromium is fixed in https://crrev.com/c/3745533.
Original change's description:
> [flags] Enable freezing of flags
>
> This enables the --freeze-flags-after-init flag globally. Note that
> tests, fuzzers, Node and other still explicitly disable the flag. The
> chrome renderer process and default d8 execution will have it enabled
> though.
>
> R=cbruni@chromium.org
>
> Bug: v8:12887
> Change-Id: I9a15ef64227e5e6e04779d8d671a2c50d99c9097
> Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695264
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#81214}
Bug: v8:12887
Change-Id: I6445c04abc55242d6e2f204d45ec9ce22c6ece34
Cq-Include-Trybots: luci.v8.try:v8_linux_blink_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707284
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81603}
Limit the allowed module size in the streaming decoder to 256kiB to
avoid OOMs on systems that are very memory constained (32-bit ASan
builds).
Drive-by: Skip linting wasm fuzzer input files, as those are binary
files.
R=ahaas@chromium.org
Bug: chromium:1334577, chromium:1337558
Change-Id: Ie5599088fd25c0bc7c8f9f1a953d31fe61a21844
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3700073
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81602}
Parallel marking is running at the beginning of the atomic pause, so the
extraction of these objects must happen atomically.
Bug: v8:13045
Change-Id: I90d489597847e76ade7185cd7120816eddcdc9fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749204
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81593}
Now that we have block-lists this isn't strictly necessary anymore.
As a side-effect, AllocateRegister for results now can't use registers
used as inputs anymore either. We could explicitly use
FreeSomeRegister without blocklist in that case, but this CL doesn't
do that yet.
Bug: v8:7700
Change-Id: If4aef1face138e528dc4f8da674326805e4af67c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749194
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81592}
Merging typed slots in the marking barrier may require allocating a
new typed slots set. We need a CodePageHeaderModificationScope since
that slot set is actually written into the code page.
Bug: chromium:1336850, v8:12797
Change-Id: If3f7d2bb179c2554ea2888c5ad92f098bd29b1c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751210
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81590}
The test mjsunit/wasm/shared-memory-worker-gc is too slow on the gcov
bot.
No-Try: true
Bug: v8:13005
Change-Id: Idac2a6df836c981195d61f9c2737c06d548edb28
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3751204
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81587}
std::is_same is the wrong predicate to use because `unsigned long` need
not be equivalent to either `unsigned int` or `unsigned long long`.
Fixes: https://github.com/nodejs/node-v8/issues/229
Bug: v8:12982
Change-Id: Iafff3c6a33f841490fa66d48649d24f720c869f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749192
Auto-Submit: Ben Noordhuis <info@bnoordhuis.nl>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81581}
Refactor register saving (both general and double registers) as using a
PushAll helper taking a RegList.
Change-Id: I0ccdec091f60988cbdb6893eb9cdda11efd8e1eb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749176
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81580}
This field points to the start of an ArrayBuffer backing store, which
is guaranteed to be located inside the sandbox if it is enabled. As
such, this simply turns the field into a sandboxed pointer field.
Bug: chromium:1342548
Change-Id: I5a76e23cfc83b2a04cd461def1cd04337ccf5cf7
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749190
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81579}
Page allocation in a partially-reserved sandbox is generally best-effort
once the reserved part is fully allocated, which happens in this test.
As such, there is no guarantee that this test succeeds, and it does seem
to fail in practice on some bots with memory sanitizers enabled. The
same logic is essentially tested by the
VirtualAddressSpaceTest.TestEmulatedSubspace test so simply deleting
this test should be fine.
Bug: v8:13040
Change-Id: I1469bd9d2e330a6e834bb565ce4e7f5985be28a9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3749180
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81578}
Instead of just failing with a CHECK failure, do print the actual cycle.
Before:
# Check failed: iteration++ < 1000.
After:
# Cycle in flag implications:
--assert-types -> --no-concurrent-recompilation
--stress-concurrent-inlining -> --concurrent-recompilation
R=tebbi@chromium.org
Bug: chromium:1336577
Change-Id: I9707fbe19fbc3c27b54cf2ef7626a5f8825e8c60
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3707275
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81577}
To implement this, this cl introduces explicit check smi/heapobject
nodes that we use for the value (and also separate from CheckMaps
now). This will allow us to remove duplicate checks later.
The performance of StoreField itself isn't vastly better due to fixed
register requirements though.
Bug: v8:7700
Change-Id: I98caa290c88be64f41154fd232bde98fb46ce497
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747870
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81576}
This adds support for a better error message when wasm code generation
is not allowed. Chrome will use this new API here: https://chromium-review.googlesource.com/c/chromium/src/+/3738183.
Bug: chromium:1255058
Change-Id: I8c9639c4fd08d1dff0a5a2fc6a8360f40a7e140e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3740721
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Paul Semel <paulsemel@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81573}
Unused as of this CL; users will follow.
Bug: v8:12917
Change-Id: I6c615fc53e782f7f00c8a20a00aabea08f3e4605
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3742699
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81566}
Maglev groups all its tagged spill slots together, and the number of
them doesn't change. This means that the generality of the existing
safepoint mechanism is massive overkill for maglev code.
This patch adds a maglev-specific safepoint table, which is the
safepoint of a code object if-and-only-if that code object has maglev
code. This safepoint stores the number of tagged and untagged slots
once, globally, and individual entries are just used for deopts and for
storing the state of pushed registers (this is currently unused, but
will be used in the future for pushing registers in deferred calls).
Bug: v8:7700
Change-Id: I15f84a6e957357825e84e33238f8a36f2e0b3012
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747858
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81564}
We don't build with bundled sysroot on gcc builders, hence we need to
match the sysroot on tester bots. There is already a number of
Focal bots in chromium.tests and the capacity needed for these gcc
bots is insignificant.
No-Try: true
Bug: chromium:1307180
Change-Id: Id9d3d08bdb09923cf919b17286c949c6ac9005ed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747872
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81563}
We currently don't have a way to visit parameter stack slots being
passed from Wasm to the runtime during GC, so while we usually access
them as if they were handles, they're not actually GC-safe in this
case. Until we find a way to fix this differently, force manual creation
of safe handles.
Bug: v8:13036
Change-Id: I9ffec58348d912bd56fb199e9d0bc90bf753b87c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3745372
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81562}
Remove configs for bots that were removed. Dedicated focal bots and
x86 gcc bots.
Bug: chromium:1307180, v8:13005
Change-Id: I482829f6644642b3d9fe1b380b2a3edaba2045d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3747869
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81561}
Code in client heaps can embed pointers to shared objects. In non-shared
GC, these pointers can be weak. During shared GC, unconditionally
consider Code-embedded client->shared pointers as strong so we don't
have to deoptimize and clear embedded objects in all client Isolates'
Code instances.
Bug: v8:13027
Change-Id: Id34d7e707153191639e8e531fc12d917b9382a26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3739231
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81559}
When the failed access callback is configured but it doesn't throw,
we should return instead of expecting an exception, otherwise
it would crash because there isn't one.
This patch also adds --throw-on-failed-access-check and
--noop-on-failed-access-check in d8 to mimic the behavior
of the failed access check callback in chromium.
Bug: chromium:1339722
Change-Id: Ie1db9d2fb364c6f8259eb9b8d81a21071c280a80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3737305
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81557}
Fix some issues with nested suspenders:
- Fix scratch register conflict when returning from an inner suspender
- The outer suspender should stay in 'Active' state
- Suspenders should become 'Inactive' when they return
CC=ahaas@chromium.org
Bug: v8:12191
Change-Id: Ic6c6108c4f8df3d32417d7813eb04e0e2a46d27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3743386
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81555}
