This is a reland of commit 25e3225286
Original change's description:
> Reland "[heap] Refactor atomic marking phase"
>
> This is a reland of commit a3f66927f9
>
> The reland addresses a few CHECKs that were too agressive and also
> properly adjusts Oilpan's marking configurations depending on V8's
> flags.
>
> Original change's description:
> > [heap] Refactor atomic marking phase
> >
> > The atomic marking phase was organized in many distinct smaller
> > phases. In particular, before http://crrev.com/c/3584115 the marking
> > phase split into two large separate phases.
> >
> > This CL reorganizes marking into two phases that perform regular V8
> > heap marking, Oilpan, and ephemerons:
> > - A parallel phase that likely drains all marking worklists;
> > - A single-threaded final phase to catch any left overs;
> >
> > This avoids artificial splitting in phases and also avoids repeated
> > starting and joining of jobs.
> >
> > Change-Id: I5cccfc5777837d9ece10d8f4925781bf2d07d9da
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3602507
> > Reviewed-by: Omer Katz <omerkatz@chromium.org>
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#80265}
>
> Change-Id: I26648da361b92d787c173aa9d390100ce8958728
> Bug: chromium:1320896
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616519
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80301}
Bug: chromium:1320896
Change-Id: I7ebb3bde9f0d3497f46c728bfbc380c1bd4bc021
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641167
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80485}
This CL introduces SideEffectDetectorScope which requires explicit
allowlisting of cases when side effects are allowed after calling
interceptor callbacks.
Side effects are not allowed when the callback does not intercept
the request.
The side effects detector is not enabled yet, it will be enabled in
a follow-up CL.
Bug: chromium:1310062
Change-Id: I805764920ed016cb37390aef7bb02cbdf5f72846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641172
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80484}
NewSpace is renamed to SemiSpaceNewSpace and NewSpaceBase is renamed to
NewSpace (the new PagedSpace new space implementation will be named
PagedNewSpace).
Most usecases are updated to use the base class rather than the concrete
semi space based implementation. To that end, the base class is extended
with additional virtual methods (for delegating to the concrete class).
This CL follows these guidelines:
(*) If at a method callsite we should know the exact new space
implementation we use, we cast to the concrete class. This is the case
for example for callsites in scavenger.*.
(*) If a method is called from outside the heap implementation or should
be present regardless of the concrete implementation, that method is
made virtual.
(*) Other cases are usually methods that are specific to a concrete
implementation but the concrete implementation is not known at the
callsite and there's no clear way to nicely abstract the method. In such
cases we cast to the concrete SemiSpaceNewSpace implementation for now
and we will revisit these cases once PagedNewSpace exists.
Bug: v8:12612
Change-Id: I7b85626774ce0d785b0257bf8d32b9f50eeaf292
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3625975
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80482}
Prototype the instruction on the interpreter, and Arm64. Details of
instruction lowerings on all relevant architectures can be found at:
https://github.com/WebAssembly/relaxed-simd/issues/40
Bug: v8:12284
Change-Id: Id4cb3889d94cf0bb7169ea068efe5ca68cfcbad9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3636365
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80475}
- Make sure the viewport size of the svg is adjusted properly when
scaling
- Fix an off-by-one when calculating Chunk groups
Bug: v8:10644
Change-Id: I56e857a8aa1a67e408bcfb08ed126e6bfdb0ce1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641177
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80473}
Once the root SharedFunctionInfo for any Script gets its bytecode
flushed, the Isolate's compilation cache currently evicts that entry, to
reduce memory usage. However, the associated Script is likely still
alive, since scripts often declare functions which outlive the initial
evaluation of the script. If an identical script is loaded later, a
duplicate Script is created for it, which can waste memory.
In this change, I propose that the compilation cache keys can refer
weakly to the Script. When the root SharedFunctionInfo gets old, instead
of deleting the cache entry entirely, we can just drop the strong
reference to the SharedFunctionInfo. A subsequent lookup in the cache
will retrieve the Script instead of the root SharedFunctionInfo,
indicating an opportunity to save some memory by reusing the existing
Script.
Eventually, all callers to CompilationCache::LookupScript should reuse
the Script if possible. This change implements only the easy case of
reusing the Script for synchronous parsing. Follow-up changes will be
required for the TODO comments left by this change.
Bug: v8:12808
Change-Id: Ia8b0389441a682de9a43e73329049fd2e7835d3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3597106
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80472}
This adds a non-standard, unsafe instruction for performance
experiments: ref.cast_nop_static behaves like ref.cast_static
as far as static types are concerned, but emits no code.
Bug: v8:7748
Change-Id: Ic5797a941146a06d7c6ff249d8e29919145d8ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3639206
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80471}
The issue is that a thread_local variable used in RwxMemoryWriteScope
can't be directly accessed from another component, so the workaround is
to avoid inlining accesses the variable into other components.
Bug: v8:12797, chromium:1324333
Change-Id: I0f83358ac0c663c92ef7b3dff54a068472d61aed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641169
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80470}
CIPD provides both amd64 and arm64 binaries for GN, download the correct
one. This way we get the correct GN when checking out V8 on an AArch64
linux host.
Change-Id: I39c2d7a0062eb330bccac9bc71068bc02bf6958b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637798
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80469}
This filters the flags --maglev and --no-use-map-space when passed to
foozzie. Most open bugs are known or spurious, but all take up the
limited hashes for correctness bugs, which prevents finding other
bugs. Filtering on the source-side will make those reports appear
as fixed.
Bug: chromium:1324097, chromium:1317880
Change-Id: Ibf1b04bdfdd2395c3bda5787b4843c6bb5ca8f8e
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3641171
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80468}
They are causing failures in the Linux ChromiumOS MSan bot.
Bug: chromium:1324301
Change-Id: I7a7bcd111a9f0e0e652d38e107027c51e51bd4bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3639205
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80463}
Doc: https://bit.ly/revive-restart-frame
This CL implements support for the Debugger's "restart frame"
functionality in the deoptimizer. When the debugger wants to restart
a frame, we throw a termination exception.
If the restarted frame is an optimized frame or was inlined into
an optimized frame, the deoptimizer has to materialize all the
frames up to (and including) the frame we want to restart. This
is similar to materializing all the frames up until the frame
with a catch handler.
The main difference is that we do not jump into the middle of the
top-most materialized frame, but instead use the
RestartFrameTrampolone to immediatly exit, and then re-invoke the
top-most materialized frame.
R=jarin@chromium.org, tebbi@chromium.org
Bug: chromium:1303521
Change-Id: I74ee412bc67f027be81fe56e529b5e5161e97153
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616504
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80462}
Upon destroying a v8::TracedReference while concurrent marking is
running, we merely reset the object pointer but do not get rid of the
global handle.
We were also restting the parameter which would read the internal
state for a DCHECK. Remove this clearing as the parameter field is not
used for v8::TracedReference.
Bug: chromium:1324074
Change-Id: Ic21bad78deba0925e12c3fc1215b087d0ef5dd7a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637796
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80459}
This prevents "ambiguous call" warnings when compiling in C++20 mode.
Bug: chromium:1284275
Change-Id: I52f782aaddfad1920e4b2df5e916b2c292cc7cff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3630346
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80458}
UnsafePointerAdd is unnecessary as long as a proper bitcast is used
before the addition. The bitcast is already in the effect chain and
prevents the addition from floating before a GC operation.
Change-Id: Ieadb8a51d2d24eaa1132a62c77c674954f7e2644
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616727
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80457}
Deprecate the existing parameter to treat global objects as roots as
this is implied by exposing internals.
Bug: chromium:1321620
Change-Id: I73a8124d63f87599dee7080980844c418eb3b5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637797
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80456}
Deprecate the OOMErrorCallback such that we can add a new parameter for
OOM details.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I72c931ad0d1b75cda46e8815387098acbe091c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632106
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80453}
This is a reland of commit e8cac3776e
Broken jitless mode is fixed in a separate CL.
Original change's description:
> [rwx][mac] Enable fast W^X on Apple Silicon (M1)
>
> Bug: v8:12797
> Change-Id: I53bb803dd77db5bdd42b1a1b4b568e63857adf31
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3598861
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80396}
Bug: v8:12797
Change-Id: I5436ceced5d4673f3b80d9cacdb3d6e84012c6e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635720
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80450}
This CL adds the array type flag to distinguish between
sparse array and dense array and adds serialization
and deserialization for sparse array.
Bug: v8:11525
Change-Id: Ia302af017d6f52924256a2b3fa9e3d2b34caa442
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629739
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80449}
Since we now promote all young objects into old space on full GCs, we
don't need to sweep pages for iterability anymore in new space.
Minor MC doesn't need to make a page iterable when promoting the full
page into the new space. This is because maps are not reclaimed during
a minor GC.
Bug: v8:12760
Change-Id: I16d666e417d00ebf450453864cbd87afd6606afc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635723
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80447}
Objects might be in a partially initialized state during deserialization
which makes collecting gc-stats tricky.
Bug: v8:12678
Change-Id: I154328adda432bf8e3588c96455c1bd8d527ef43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635722
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80446}
Doc: https://bit.ly/revive-restart-frame
This CL implements support for the Debugger's "restart frame"
functionality in the unwinder. When the debugger wants to restart
a frame, we throw a termination exception. The unwinder checks if we
are currently in "restart frame mode", and if so, drops execution
into a special builtin instead of trying to find a catch handler.
Optimized frames are handled similarly, but the deoptimizer has to
materialize the frames first before also dropping into the
special builtin.
Drive-by: Rename `ShouldRestartFrame` to `IsRestartFrameScheduled`, so
we can reuse the name `ShouldRestartFrame` as a query method to check
if a specific frame is the frame we want to restart.
R=jarin@chromium.org, tebbi@chromium.org
Bug: chromium:1303521
Change-Id: Iff4f5761f970b65e22485f78ee0fd85da620ce66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3613397
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80443}
In some cases we were still trying to change permissions of RWX pages
which is not allowed.
Bug: v8:12797
Change-Id: I9f4ca319d842c524fc6f60bfd3bb3726f8d3029d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3635719
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80442}
URLs can be fairly long and the original 512 char limit is not enough
for many google pages.
Change-Id: Id4f81214e3fedebc80f26c49034c0997397e10fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634779
Reviewed-by: Marja Hölttä <marja@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80439}
Avoid zapping freed memory in NotifyObjectSizeChange. This fixes the
linked performance regression introduced with
https://crrrev.com/c/3607992. Beginning with that CL we would always
zap freed memory on the main thread, while previously we only did this
in CreateFillerForArray when the FixedArray could actually contain
references.
While we could restore the previous behaviour as well, we simply stop
zapping freed memory in NotifyObjectSizeChange altogether for better
throughput. The reason for zapping was to reduce floating garbage.
However this is only relevant for incremental marking which is only
enabled for about <1% of the overall runtime.
Bug: v8:12578, chromium:1322882
Change-Id: I004ee712b924c53edac87810504d04aa7f4a50d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634960
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80438}
This way we can use it later in the pipeline for optimizations.
Change-Id: I0e97d061fd3d474ca7033ed2b68f43b52617d3e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634961
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80437}
