... to distinguish them from blocks that happen to be empty, and since
they may not always be actually empty (due to interrupt budget
modification).
Bug: v8:7700
Change-Id: I5774cd5d675fbfd1acd04a8a5358e0d3a7dd1373
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952672
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83681}
Drive-by fix: reorder members of RandomAccessStackDominatorNode to
save 8 bytes on the total size of Block.
Bug: v8:12783
Change-Id: I4923490b0d2f4de22ea001eeba44c950c6451633
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3893853
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83679}
This reverts commit 237de893e1.
Reason for revert: breaks flake bisect:
https://ci.chromium.org/ui/p/v8/builders/try.triggered/v8_flako/b8800423657665797553/overview
The change added the implicit requirement to run testing with
vpython3, which is not given everywhere.
Original change's description:
> [resultdb] Add ResultDB indicator
>
> Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
>
> If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
>
> To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
>
>
> V8-Recipe-Flags: resultdb
> Bug: v8:13316
> Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
> Commit-Queue: Liviu Rau <liviurau@google.com>
> Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83672}
Bug: v8:13316
Change-Id: I7e55668e365475298ed46d2fc8ee0fe1282c3e8e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952131
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#83677}
In production we will only compile Wasm code with TurboFan after it has
already been executed via Liftoff. Hence we know that the code is valid,
and can skip validation. This will save some binary size, and (minimal)
run time.
Under exotic circumstances (no Liftoff, Liftoff bailed out, ...) we did
not run validation yet. In that case, run it explicitly.
Note that the {kNoValidation} mode still has the validation checks as
DCHECKs, so fuzzers can find bugs in the new logic.
R=jkummerow@chromium.org
Bug: v8:13361, v8:13371
Change-Id: I2d0896bee44a80a9d09d9c273ec5fdbe9ab8da62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941891
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83676}
A polymorphic IC can have a single access info if all maps have the same
behaviour (e.g. the polymorphism is on subclasses but the load loads
from a shared superclass). Bail out for these cases for now, with a TODO
to handle this polymorphism in the future.
Bug: v8:7700
Change-Id: I05ae764524a741ccecace0feb469380d1e0a1917
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3952130
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83675}
In order to drop validation from TurboFan, we need to know which
functions have already been validated when starting TurboFan
compilation. Under normal circumstances, that would be all of them. In a
TurboFan-only configuration, or for new code where Liftoff bails out, we
could need to run validation before TurboFan compilation though.
R=jkummerow@chromium.org
Bug: v8:13361, v8:13371
Change-Id: Ia59bdb1c25e4fc4300ca3d8cfe3ac3caf4985fa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942090
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83674}
After an error is encounterd during RegExp parsing, indicate that there
is no more work to do.
Bug: chromium:1374042
Change-Id: Ib547a06de855028e862933897930d8ba78f8f320
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3950294
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83673}
Adds a new indicator that will send every result to ResultDB (and ultimately in a bq table; to be configured later).
If we are not running in a ResultDB context we introduce only a minimal overhead by exiting early from indicator.
To test these changes in a luci context with ResultDB we activated resultdb feature flag via V8-Recipe-Flags. This feature got implemented in https://crrev.com/c/3925576 .
V8-Recipe-Flags: resultdb
Bug: v8:13316
Change-Id: I5d98e8f27531b536686a8d63b993313b9d6f62c5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905385
Commit-Queue: Liviu Rau <liviurau@google.com>
Reviewed-by: Alexander Schulze <alexschulze@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83672}
After the let instruction was removed again, the number and types of
locals stays constant throughout the decoding of a function. Hence store
it in a plain array instead of a ZoneVector. This makes the decoder
smaller and saves bounds checks for the "safe libc++".
R=thibaudm@chromium.org
Bug: chromium:1358853
Change-Id: Iad69aa0cfdc254710e1c2219cfb2c972241ef473
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944929
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83671}
Avoid the deprecated FLAG_* syntax, access flag values via the
{v8_flags} struct instead.
R=jkummerow@chromium.org
Bug: v8:12887
Change-Id: Iaf36c486f73ec4c4d18cacd912cd92d37c155cc0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941711
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83669}
This CL implements the heavy lifting for re-using block lists:
- On local debug-evaluate, we check if the paused function already
has a block list. If not, we do a full re-parse, calculate the
block lists and stash them in the global map.
- On a context lookup, we do the lookup slightly differently. The
block lists now store "outer" locals, so we need to check the
block list before we advance to the next context, not before we
do the lookup in the current context.
The CL also duplicates the debugger test that checks most of these
shadowing edge cases. While we keep working on the new feature
we still want to check both configurations, but the feature is too
small to warrant a separate bot. Note that the file with the flag
enabled has one additional test case that fails with the old
implementation. Unfortunately it's non-trivial to fix in the old
implementation.
This CL drastically improves performance for conditional breakpoints
as they use local debug-evaluate under the hood. The worst case
example (https://crbug.com/1072939#c15) improves from 6.5 seconds
to 100ms.
R=jarin@chromium.org
Bug: chromium:1363561
Change-Id: I85f3d908d246f0d2e31ed272f4db6a852b9dbc39
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941584
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83665}
... and ClassSet to ClassSetExpression to match the spec (changed with
the introduction of unicode sets).
Bug: v8:11935
Change-Id: I73b50de0a3436df7b2282c6168410ee2f7045978
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3929039
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83662}
Output of type UnsignedBigInt64 can be out of the range of small
BigInts. This CL inserts necessary conversion and checks for it.
Bug: chromium:1371935, v8:9407
Change-Id: I2553679452caa63111b97c89d072dd5fcc98aa7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3939668
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Cr-Commit-Position: refs/heads/main@{#83661}
Uses the same infrastructure from Loads to implement property stores.
Drive-by: PropertyAccessInfo cannot be invalid in BuildPropertyLoad.
Bug: v8:7700
Change-Id: Ib30498a2a0c60722b0308b11a82c91ad027a803a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948666
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83659}
Reset() calls from the destructor of an Oilpan object were not
supported. There was no check that would prohibit such a call though
which would yield in a memory corruption.
Going forward, we support bailing out on such Reset() calls in a
graceful way, i.e., such calls are nops and merely reset the pointer
to the global handle. A subsequent GC would clean up unused nodes.
Bug: chromium:1371512, v8:13372
Change-Id: Icc86b442183fc2ab9ecd83b9a675266719acdad4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3941890
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83656}
New space of all client isolates need to be iterable in a shared GC.
With Minor MC sweeping for new space might need to be finished as
well. In addition, iterating OLD_TO_SHARED remembered sets might
conflict with concurrent sweeping in all client isolates.
Therefore we simply invoke MakeHeapIterable() on each client heap. We
might be able to relax this in the future by e.g. pausing sweeping
instead of finishing it completely.
Bug: v8:13267
Change-Id: I6c4cc100c207e996ba6099bfd5e628e2c123917b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942387
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83655}
No need to use 'cpcp' or 'cpm' now, simple 'print' shall work:
Instead of:
{
<cppgc::internal::MemberBase> = {raw_ = {value_ = 2300193596}},
<cppgc::internal::DisabledCheckingPolicy> = {<No data fields>},
<No data fields>
}
the output becomes:
cppgc::Member<GCed> pointing to 0xbbbbbbbb12345678
Bug: chromium:1373391
Change-Id: I72645d372ee830e20ec02b991ddff94851c4a49f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948607
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83654}
Move PagedSpace::RawAllocateBackground into the ConcurrentAllocator.
This removes most allocation logic in PagedSpace. The eventual goal
is that PagedSpace only provides free list allocation and all the
additional logic around it (e.g. supporting sweeping or growing the
space) will be implemented by the allocator.
Bug: v8:13375
Change-Id: Ied21d6253e78406633154258eb491a522b1cfd3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945051
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83652}
This CL hides the blocklist calculation logic in the ScopeIterator.
The blocklists can only be calculated when the iterator reached
the closure_scope_. We shouldn't expose this fact to callers. Lets
have a new "Reparse" strategy that makes this a bit more explicit.
Creating the ScopeIterator with the new strategy guarantees that the
blocklists are calculated after iteration and we skip re-parsing the
whole script if blocklists are already present.
R=kimanh@chromium.org
Bug: chromium:1363561
Change-Id: Ia55a8ae81147cf7fe7b4850fc74495235f13cadc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944918
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83651}
The SamplingHeapProfiler allows the caller to configure whether it
should retain samples for objects which were collected by major or minor
GC cycles. There is not a separate option for minor mark-compact cycles.
Currently, objects collected by minor MC are reported as collected by
major GC. In this change, I propose that such objects should be reported
in the minor GC category instead, since minor MC has "minor" in the
name. I believe that this change will also fix a test which is flaky
when minor MC is enabled.
Bug: v8:13369
Change-Id: I0314dc22c816aae57fc9cd4db35c0b2baa4b91d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3946898
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83650}
Error message was:
v8\v8\src/compiler/turboshaft/representations.h(206): error C3615: constexpr function 'v8::internal::compiler::turboshaft::WordRepresentation::WordRepresentation' cannot result in a constant expression
v8\v8\src/compiler/turboshaft/representations.h(208): note: failure was caused by call of undefined function or one not declared 'constexpr'
v8\v8\src/compiler/turboshaft/representations.h(208): note: see usage of 'v8::internal::compiler::turboshaft::RegisterRepresentation::IsWord'
Change-Id: Ia72d00abf2d79cd579983452c27f17a8b7abe315
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948604
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83649}
Implement all PropertyAccessInfo kind for property load.
- Changes if-chain to a switch to make it clear we implemented all
PropertyAccessInfo kinds.
- Adds StringLength to do a Int32 field load.
- Adds UnsafeSmiTag to tag StringLength, since we know it fits in a Smi.
Bug: v8:7700
Change-Id: I671b98ead141efa22beab86094e901c9f0c29928
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948605
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83648}
Using PropertyAccessInfo will allows us to encapsulate property
monomorphic/polymorphic load/store logic similar to TF.
Bug: v8:7700
Change-Id: I63099e39c7696e85adea801f953717a30786783d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3948622
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83646}
A lot of deferred code doesn't want to return, or jumps to a different
label than the return_label. Remove this from the interface and require
callers to pass in an explicit ZoneLabelRef for the return label if they
need one.
Also, clean up the deferred code handling, in particular adding a static
assert that the deferred arguments match the passed function pointer to
make these errors more explicit.
Bug: v8:7700
Change-Id: I06652e56fbff790569d6c23cebe8b8dfbbafd939
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944916
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83643}
Switch to LinearAllocationArea instead of LocalAllocationBuffer for
tracking the LAB in ConcurrentAllocator.
Eventually this should make it easier to replace the spaces LABs with
the ConcurrentAllocator class since those use LinearAllocationArea
as well.
Bug: v8:13375
Change-Id: I4574a30d54fa74b054c5bab2e8a2ab398112c028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3942256
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83641}
Emit deferred code in a nested loop, until all deferred code is emitted,
to allow deferred code to additionally defer code. Otherwise, trying to
emit deferred code from deferred code invalidates the deferred code
vector iterator.
Bug: v8:7700
Change-Id: Ida5c801a678273eae738bac7ac743d587471ff0a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945020
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83640}
Simplify catching code access errors (e.g. binding Labels that fell off
the stack) by checking that addr_of(pos) is within the generated code
range.
Change-Id: I34b96bc49a79ecc0b68a2d580eb8d6bcfeb8b5f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3944917
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83639}
MinorMC cannot shrink the space while concurrent sweeping is active.
This results in races between sweeping empty pages concurrently and
releasing them on the main thread.
Without concurrent sweeping, MinorMC sweeps all empty pages, then
preallocates more pages if needed, then shrinks by releasing some of
those empty/new pages.
MinorMC can instead shrink during sweeping/evacuation in the atomic
pause, before concurrent sweeping is active.
This resolves the conflict between concurrent sweeping and shrinking and
generally reduces the amount of work the GC has to do (i.e. don't
sweep/preallocate pages that will then be released by shrinking).
Bug: v8:12612
Change-Id: If898e5111c65b0b11d6ee9ee5dcd45751024650b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3933056
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83638}
AsyncGeneratorYieldNoAwait is equivalent to AsyncGeneratorResolve with
the constant false passed as the last argument. Remove it in favor of
calling AsyncGeneratorResolve directly.
Bug: v8:13275
Change-Id: Ie6a47e1f152285bccdc00ec1b7140e82460caf31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3947530
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83637}
The linked test sometimes fails with an OOM failure. In order to
investigate such failures more easily, we can log more information
about in what way allocation failed.
Bug: v8:13329
Change-Id: Idecddaa20f8f49a44d1eb3f32ae171e68352270a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945498
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83636}
This is a reland of commit ed8953b695
Changes since revert:
- Work around recorded slot bug for external strings.
Original change's description:
> [strings] Fix dictionary forwarded string hash lookup
>
> Strings forwarded to external resources have their real hashes stored in
> the forwarding table. Dictionary mode lookups currently do not correctly
> load the hash for these tables, causing misses for properties that are
> in fact in the object.
>
> Bug: v8:12007
> Change-Id: I60ca4c084db7ddf6d2b7f7be8f63519c9cf3bc73
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3935218
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#83577}
Bug: v8:12007
Change-Id: Ifef5f99a46c239b2113aefa4efcdda1df1b4b6a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3940294
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83635}
This CL adds the following gdb commands:
cpcp <compressed-pointer> # prints compressed pointer
cpm <member> # prints member value
Bug: chromium:1373391
Change-Id: If5cc121883afbe64f4b95965a48b52647179b9f8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3945108
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83633}
