When cross realm invoke PromiseConstructor and realm not
allowed to CrossRealmAccess, PromiseConstructor will
silently return undefined, which will cause crash in
ConstructJSWithTarget type cast, Change to throw type
error when HasAccessCheck failed.
Bug: v8:12705
Change-Id: I18f697a1897c31163dd60522db12449033419f9a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521174
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79548}
Originally, 'Promise()' without 'new' will throw "undefined is not a
promise". Now it will throw "Promise constructor cannot be invoked
without 'new'".
Bug: v8:10817
Change-Id: Ic8b72a902ed395e44dbb32ccf96a2130a4a9422f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3459924
Reviewed-by: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79547}
This CL removes:
- Dynamic map checks aka minimorphic property loads (TF support,
builtins).
- "Bailout" deopts (= drop to the interpreter once, but don't
throw out optimized code).
- "EagerWithResume" deopts (= part of dynamic map check
functionality, we call a builtin for the deopt check and deopt
or resume based on the result).
Fixed: v8:12552
Change-Id: I492cf1667e0f54586690b2f72a65ea804224b840
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3401585
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79544}
This implements the last bits of basic concurrent Maglev compilation.
When jobs have been processed, schedule an interrupt to trigger codegen
and building the Code object on the main thread.
Changed since the initial version:
- Put the include behind V8_ENABLE_MAGLEV.
- Skip 18.js until we have deterministic test helpers for concurrent
tiering.
Bug: v8:7700
Change-Id: Ibc103f097fe00f7df93a33a785939e43901f3734
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536662
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79539}
Avoid instruction selector to emit sign extension instruction after most
`xxx.w` instructions in RV64I and RV64M, because `xxx.w` instructions
will automatically sign-extend the result
Change-Id: Ia4291242dc3e51f49be1e6dda2d5a3365b5e7bfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3536845
Reviewed-by: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79537}
Will re-enable once a few issues have been resolved.
Change-Id: Ieed60efcb6d59cc5ca10931913dd4d9ffea8b9f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3532202
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79533}
This is a reland of 48b443f692.
While fixing the initial CL, we stumbled upon a few bugs that
we had to fix:
- CommonOperatorReducer and SimplifiedOperatorReducer were applied
before and after SimplifiedLowering, but always assumed that it
was before SimplifiedLowering, and thus had the wrong semantics
for branches in some cases. They now have an added parameter to
know which semantics of branch they should use.
- The lowering of StaticAssert was wrong and could leave kHeapConstant
in the assert (instead of machine Booleans).
Original change's description:
> [compiler] Simplify "==0" branches in MachineOperatorReducer
>
> Bug: v8:12484
> Change-Id: I0667c7464c0dd71338bc199a24a69248a7a0a525
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497303
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Owners-Override: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79379}
Bug: v8:12484
Change-Id: Ibbf5df96fce5ccb04868dc517539479bf69f5703
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516869
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79528}
This reverts commit cf25b3bc53.
Reason for revert: https://crbug.com/1307471. TraceTrait must only be used during marking.
Original change's description:
> cppgc: Rework prefinalizers
>
> Move the check for whether an object is live or dead out of the
> prefinalizer trampoline. Moving it into the backend allows for
> inlining the check which avoids a call to the trampoline for live
> objects.
>
> On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
> ~2k finalizers registered. In order to avoid memory overhead in the
> range of a few KB, we store the fact whether the object points to the
> base object payload in the LSB of the pointer. For caged builds this
> is replaced with just storing the index into the cage for both object
> and base object payload.
>
> Locally saves around ~10% of atomic sweeping processing time which is
> in the order of .05ms.
>
> Bug: v8:12698
> Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79442}
Bug: v8:12698, chromium:1307471
Change-Id: I5c4e70d46cb99af66c77f0c013625b6af6c6eb8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3535781
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79527}
There are problems calling WaitForRunningWorkers when we
call quit().
First, suppose the main thread first calls quit(),
and the worker thread calls quit() after the main
thread calls quit(), then sched_yield to wait for
quit_once_ updated to ONCE_STATE_DONE. However
the main thread is WaitForRunningWorkers to wait
for the worker thread to join, thus causing deadlock.
Second, suppose the worker thread calls quit() and empty
the running_workers_ by WaitForRunningWorkers, then
the main thread calls `onExit(isolate, true)` to dispose
the platform and other global data, which will crash other
running workers.
Bug: v8:12219
Change-Id: I333e5aad431daefb1c163f69e66d8e9d5e9bf754
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3518908
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79525}
This implements the last bits of basic concurrent Maglev compilation.
When jobs have been processed, schedule an interrupt to trigger codegen
and building the Code object on the main thread.
Bug: v8:7700
Change-Id: I348ade4777ddddf7c3a6b0575d9f51e5fa00c9fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528494
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79516}
.. into new virtual subclass TurbofanCompilationJob. Update all TF code
to derive from this class. Specifically, the OptimizedCompilationInfo is
TF-specific and now lives in TurbofanCompilationJob.
The motivation behind this is that Maglev now also uses this
infrastructure.
Drive-by: Replace CompilationMode with ConcurrencyMode.
Bug: v8:7700
Change-Id: Iae6d1ffd1c810e2e45cad6c9b4e43d4c82ac54a7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528493
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79515}
In JSCallReducer::ReduceArrayPrototypeShift, add Unsigned32
TypeGuard for index Node used in fast path, avoid representing
kRepFloat64 (Range(1, inf)) to kRepWord64 when converting
input for kLoadElement.
Bug: v8:12632
Change-Id: I2e4b00840dc5462e4351e13a372c33b6272b9ea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528373
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79514}
This started out as a minor code move of early-osr logic, but
became a more general refactor of the tiering decisions.
Early-OSR: the intent here is to trigger OSR as soon as possible
when matching OSR'd code is cached. Move this out of ShouldOptimize
(since it has side effects), and into a dedicated function that's
called early in the decision process.
Note that with this change, we no longer trigger normal TF optimization
along with the OSR request - TF tiering heuristics are already complex
enough, let's not add yet another special case right now.
Other refactors:
- Clarify terminology around OSR. None of the functions in TM actually
perform OSR; instead, they only increase the OSR urgency, effectively
increasing the set of loops that will trigger OSR compilation.
- Clarify the control flow through the tiering decisions. Notably,
we only increment OSR urgency when normal tierup has previously been
requested. Also, there is a bytecode size limit involved. These
conditions were previously hidden inside other functions.
Bug: v8:12161
Change-Id: I8f58b4332bd9851c6b299655ce840555fb7efa92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3529448
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79512}
- Restructure the runtime function implementation.
- Rename osr_loop_nesting_level to osr_urgency and add helpers.
The motivation for the latter: I've always struggled with the
`osr_loop_nesting_level` term; it neither matches terminology of
what it's compared against (= the loop depth), nor implies what it's
used for (= osr is triggered when `loop depth < osr nesting level`).
In this CL it's renamed to `osr_urgency` to reflect that as urgency
rises, we consider more and more loops as OSR candidates.
Bug: v8:12161
Change-Id: I194ec5a3f1f02526641af1c7796ee0956b6fd3a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528735
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79509}
CL https://chromium-review.googlesource.com/c/v8/v8/+/3514072 tried to
improve code generation for patterns like "x >> n == k" when n and k
are constant, and to generate instead "x == k << n" (with "k << n"
being computed at compile time).
However, this was also done when "x >> n" was reused later, which
caused "x" to be kept alive longer that it could have, which could
increase register pressure.
This CL thus ensures that this optimization is done only if "x >> n"
has a single use.
Bug: chromium:1305389
Change-Id: I377e120c4825e2a0deb4a5478138da838bcebc77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528987
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79502}
We check if debugger needs to hook into every call when we enqueue
the function to batch and when we compile, but we do not check it
when we install it (that is, set_baseline_code), which is done in
the main thread.
Bug: v8:12713
Change-Id: I81ba221caed1060976e8865174d392a861f2ab24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528988
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79500}
Please revert this CL if it causes any trouble!
Bug: v8:11111
Change-Id: I6061fdc0aed82952f093ede9ecd252be1ac99519
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3528495
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79499}
In text, we should use the properly capitalized "Wasm" instead of
"WASM". In particular for frame output, other frames typically use
CamelCase (like "JsToWasmFrame", "ExitFrame", "InternalFrame"), so Wasm
should do the same.
The "0xa" comment in some assemblers is also outdated, the current tag
we emit for StackFrame::WASM is 0x8 (0x4 shifted by one).
R=jkummerow@chromium.org
Bug: v8:12425
Change-Id: Ic3e00c401b219c28b5424c82efb0f1a9df51690f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3525195
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79498}
JSObject::InitializeBody now checks whether the instance type of the
object being initialized can have embedder data slots around the
initialization logic for these slots. This fixes a performance
regression on certain benchmarks.
To perform this check efficiently, a new instance type,
JSObjectWithEmbedderSlots, is introduced so that the check becomes a
simple range check.
Bug: chromium:1304139
Change-Id: I00c892bc2276e950b59602257ca1c2435c10e517
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507712
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79497}
This method now handles external pointers in HeapObjects during
serialization by encoding the representation of the external pointer
(sandboxed, raw), the origin (internal, api) and potentially the
external pointer tag. It is currently only used to handle
JSExternalObjects but could, in the future, be extended to handle all
external pointers that need special handling during
serialization/deserialization.
Bug: v8:12700
Change-Id: Ib0747d765ddc632e4ca4ee94521616d0271be0bc
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3521904
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79496}
This CL implements most parts of the concurrent maglev pipeline.
- MaglevConcurrentDispatcher: controls concurrent jobs.
- MaglevCompilationInfo: holds job-global data, controls handle
fiddling between the main isolate and local isolates, owns
job-global state like the Zone.
- MaglevCompilationUnit: same as before, holds per-unit data.
Still missing: job finalization.
Bug: v8:7700
Change-Id: I281178d945e79a0ba97fa2ac7023285d84a16641
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516036
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79489}
This is necessary due to the indirect call to memfd_create. The function
is only used for testing though.
Bug: v8:12682
Change-Id: Ifb9fd855213064165fa4c2125846ff592368b625
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3525534
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79487}
The use of memfd_create causes V8 to require glibc 2.27 which wasn't
previously needed. This CL rewrites the affected code to check at
runtime whether memfd_create is available and otherwise use mkstemp.
Bug: v8:12682
Change-Id: I84dc3f5ab7504cec2b599bc92501ddecc2ae22cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516870
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79486}
Port 8a0d1b6fe5
Original Commit Message:
Modernise the RegList interface to be a proper class, rather than a
typedef to an integer, and add proper methods onto it rather than ad-hoc
bit manipulation.
In particular, this makes RegList typesafe, adding a DoubleRegList for
DoubleRegisters.
The Arm64 CPURegList isn't updated to use (or extend) the new RegList
interface, because of its weird type-erasing semantics (it can store
Registers and VRegisters). Maybe in the future we'll want to get rid of
CPURegList entirely and use RegList/DoubleRegList directly.
R=leszeks@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I997156fe4f4f2ccc40b2631d5cb752efdc8a5ad2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3525084
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79484}
It turned out that on arm and arm64 we over-estimated the code size of a
Wasm module quite a bit. This CL adds some more output for the
--trace-wasm-compilation-times flag, and adds a script to compute the
factors we use for code size estimates from that output.
I ran the script on a few benchmarks (an older Epic module, the current
Photoshop module, and the benchmark from the linked bug), and adjusted
the constants accordingly.
Also, simplify the API of {ReservationSize} to only return a single
number, and fail internally if we need to allocate more than the engine
supports (which would only fail for artificially large modules).
R=jkummerow@chromium.org
Bug: chromium:1302310
Change-Id: I5b2c27ff3e360fb6738cf5dd697bcee09e106b6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522067
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79482}
This CL fixed cmpq in TestMoveSmi by using cmp_tagged and further
optimizes Move(Register, Smi) for 31-bit negative Smi.
To move a Smi of -1 to register, the disassembly before the commit is as:
48c7c0feffffff REX.W movq rax, 0xfffffffe
The disassembly after the commit is as:
b8feffffff movl rax, 0xfffffffe
Bug: v8:12696
Change-Id: I6fafeec7959491ba8b084acf797c58910c2928fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3514654
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Haoyu Zhang <haoyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#79475}
This CL moves the call to GCTracer::StopCycle for the full GC from
Heap::CompleteSweeping full, which is called to force sweeping to
finish, to GCTracer::NotifySweepingComplete, which is called as soon
as sweeping finishes --- and symmetrically to a new method
GCTracer::NotifyCppGCCompleted, which is called as soon as sweeping
of the managed C++ heap finishes. In this way, a full GC cycle is
reported as soon as sweeping is finished both for the V8 and the C++
managed heap.
The changes introduced in this CL are essentially a partial revert of
https://crrev.com/c/3456563, fixed in such a way that when the full
GC cycle is reported, the current tracer event will be the correct
one corresponding to that cycle.
Bug: v8:12503
Bug: chromium:1154636
Change-Id: Icea07cf35a9565994e798b0500e9da72cd95f9ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497318
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79470}
Running `OS::AllocatePageSize()` on PPC simulator (which
runs on x64 Linux) will make a `sysconf(_SC_PAGESIZE)` call
which returns the native x64 Linux page size and not the PPC
specific page size.
This can cause a problem if used along side the current value of
`kPageSizeBits` which is set to use PPC value even on Sim.
As an example a newly added DHCECK under https://crrev.com/c/3497363
was failing on PPC Sim as a call to `AllocatableMemoryInDataPage`
was being made which used kPageSizeBits on Sim.
Meanwhile another function was using the `page_size_bits` value which
gets set by _SC_PAGESIZE. The mismatch caused an incorrect final value
being generated which failed the DCHECK.
Change-Id: Iaf2d9cff16bbe5f6be5f3ec6a13b99be94776f48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3519758
Reviewed-by: Junliang Yan <junyan@redhat.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79465}
The fuzzers were passing the flag --es-staging which doesn't exist. This
CL updates them to pass the flag --harmony which does exist.
Change-Id: I02c83026e5b9bdf49e51e700f16702bf56cd49e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522064
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79464}
If a value is in multiple registers, pick one of them to be freed.
Bug: v8:7700
Change-Id: I1886b977187b4d8e939ff106edde4ccf716661d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3522063
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79463}
Modernise the RegList interface to be a proper class, rather than a
typedef to an integer, and add proper methods onto it rather than ad-hoc
bit manipulation.
In particular, this makes RegList typesafe, adding a DoubleRegList for
DoubleRegisters.
The Arm64 CPURegList isn't updated to use (or extend) the new RegList
interface, because of its weird type-erasing semantics (it can store
Registers and VRegisters). Maybe in the future we'll want to get rid of
CPURegList entirely and use RegList/DoubleRegList directly.
Change-Id: I3cb2a4d386cb92a4dcd2edbdd3fba9ef71f354d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516747
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79460}
Instead of implementing ExternalObjects as plain JSObjects with a single
EmbedderDataSlot pointing to a Foreign containing the actual raw
pointer, this CL now creates a new JSExternalObject type that directly
contains the external pointer.
As a side-effect of this refactoring, nullptr values are now no longer
valid for ExternalObjects.
Change-Id: Ic8ff334681c966e823ca70f34dd1efaaa21a0789
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513234
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79459}
This CL fixes a deopt loop that might happen in case of mixing
Number with BigInt in bitwise binary operations.
Bug: v8:12693
Change-Id: Ib6a08d0c74a954ade3719bd6bd49ca2988d88e69
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3505542
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jianxiao Lu <jianxiao.lu@intel.com>
Cr-Commit-Position: refs/heads/main@{#79456}
vector register has different register file from float register in Risc64 rvv extension.
So this cl add third FPalising kind INDEPENDENT to allocate independently simd register.
Bug: v8:11976
doc: https://docs.google.com/document/d/1UwmUwOI3eeIMYzZFRmeXmfyNXRFHNZAQ4BcN0ODdMmo/edit?usp=sharing
Change-Id: I0fb8901294b4bc44b0bee55e630b60460e42bef2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3383513
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79449}
when BuildCreateArrayLiteral
In spread calls, create array literal boilerplates for
BuildCreateArrayLiteral rather than emit array literals
without any boilerplates
Bug: v8:11582
Change-Id: Ia0538bd043eab040c3059440e982c7f0037d1a3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507126
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79447}
The scope can be (and is) used by compiler threads, i.e. not just by the
main thread; update the comment.
Change-Id: Ifbeb414761cee4ab12dd953f0cd544f35c92fc8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3516037
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79445}
Store the total committed physical memory in
SemiSpace::committed_physical_memory_ and keep it up-to-date when
adding/removing pages from it, similar to the PagedSpace.
So far we were iterating all pages in the SemiSpace to calculate this
value.
Bug: v8:12691
Change-Id: Iaf3c5eadd60db561a6ddb06014f82703b0df6873
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513836
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79444}
Move the check for whether an object is live or dead out of the
prefinalizer trampoline. Moving it into the backend allows for
inlining the check which avoids a call to the trampoline for live
objects.
On catapult benchmarks (e.g. cnn:2021, nytimes:2020), there's often
~2k finalizers registered. In order to avoid memory overhead in the
range of a few KB, we store the fact whether the object points to the
base object payload in the LSB of the pointer. For caged builds this
is replaced with just storing the index into the cage for both object
and base object payload.
Locally saves around ~10% of atomic sweeping processing time which is
in the order of .05ms.
Bug: v8:12698
Change-Id: I198205a6b1d57fc2df821ee4e73e53dc6f825ff5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497764
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79442}
The CL runs Oilpan minor GCs after each Scavenger cycle.
Bug: chromium:1029379
Change-Id: Ic67cf4dc9158759207f0209640f1720bf188cc1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472500
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79440}
When the Isolate is already available, there is no need to fetch it
through GetIsolate.
Change-Id: I3ddc3d46924b401f154360564b203406a9b9e8e5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3510389
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79439}
... for 32-bit Windows.
When the TLS value is not set the TlsExpansionSlots field of the TEB
struct might be NULL in which case the InternalGetExistingThreadLocal
should return NULL too.
Bug: v8:12653
Change-Id: Ic6c6d8e51e2447551c372720fad0967e9201f3dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513835
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79437}
When compiled with `target_cpu = "x86"` several
VirtualAddressSpaceTest's crashed with segmentation fault when calling
VirtualAlloc2. Explicitly specifying calling convention fixed the issue.
Change-Id: Ie505006be0d44525c935c89b84caa2c373cea566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3501836
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Dmitrii Tsykunov <dtsykunov1@yandex-team.ru>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79436}
This reverts commit 190b5d959b.
Reason for revert: We should understand & fix regressions, see crbug.com/1304870#c9.
Original change's description:
> [compiler] Don't remove OSR code cache if deoptimizing at out of loop
>
> The main purpose of OSR compilation is fasten inner loop execution, the
> OSR code cache is still correct for loop if optimizing at out of loop,
> keep OSR code cache can reduce unnecessary slow bytecode execution with
> feedback collection and avoid re-OSR compilation.
> This CL can improve JetStream2 case navier-stokes by ~6%.
>
> Change-Id: I9518317fb922071b131cab5b56998a0fc198804a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494981
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Tao Pan <tao.pan@intel.com>
> Cr-Commit-Position: refs/heads/main@{#79413}
Bug: chromium:1304870
Change-Id: I8791edc34b66ef9dd0b477d3e340e85b0617ef59
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3515732
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79435}
Don't rely on register_values[index] == nullptr for checking if a
register is free, but instead re-use the free register list, and iterate
the allocatable_register & ~free_register list when iterating used
registers.
This also changes the indexing of register_values to be by register
code, not allocatable register index. The register state stored on the
InterpreterFrameState, however, stays compact (allocatable register
count). A new wrapper class + iterator keeps iteration over it and the
register_values array in sync.
Bug: v8:7700
Change-Id: I7815aa2d4a1f7b7ebafaaafe0727219adcc4dcfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512792
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79434}
Atomics.load and Atomics.store now accept string field names as the
2nd argument when the 1st argument is a shared struct.
Currently these are implemented in C++ and not yet in CSA.
Bug: v8:12547
Change-Id: Ideeafc13fb6a925540edf3dc17428c8e50bcee79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3510837
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79431}
Instead of using the high water mark for determining this metric, we use
a bitset for all active/used system pages on a V8 heap page. Each time
when allocating a LAB on a page, we add the pages of that memory range
to that bitset. During sweeping we rebuild that bitset from scratch and
replace it with the old one in case free pages are discarded by the GC.
We DCHECK here that the sweeper only ever removes pages. This has the
nice benefit of ensuring that we don't miss any allocations (like we
do now for concurrent allocations).
CommittedPhysicalMemory for a page is then calculated by counting the
set bits in the bitset and multiplying it with the system page size.
This should be simpler to verify and track the "real" effective size
more precisely.
One case where we are partially less precise than the current
implementation is for LABs. In order to reduce complexity we now treat
all pages of a LAB allocation as active immediately. In the current
implementation we tried to only account the actual used part of the LAB
when changing the LAB later. This is more complex to track correctly
but also doesn't account the currently used LAB in effective size.
Change-Id: Ia83df9ad5fbb852f0717c4c396b5074604bd21e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497363
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79428}
NewSpace page operations like RemovePage, PrependPage, and
EnsureCurrentCapacity should account for committed page size.
This may happen when a page was promoted from the new space to
old space on mark-compact.
Also, add DCHECKs on Commit and Uncommit to ensure the final
committed page size is the same as the current state.
Bug: v8:12657
Change-Id: I7aebc1fd3f51f177ae2ef6420f757f0c573e126b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504766
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79426}
HeapObjectIterator creates a SafepointScope which requires the heap to
allow garbage collection. This collides with the outer
DisallowGarbageCollection scope. HeapObjectIterator already ensures
there is no allocation during its lifetime, so there is no need to
create an outer DisallowGarbageCollection scope.
Code::source_position_table requires their kind not equals to
CodeKind::BASELINE.
This also exposes the statistics extension through flag
--expose-statistics.
Bug: v8:12657
Change-Id: I1bf11cf499285a742dd99ec8c228ebc36152b597
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3496552
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79425}
This is a reland of commit a664aef0ca.
The test is made ~25x faster by using integer parameters instead of
floating point.
Original change's description:
> [asm] Reject import calls with too many parameters
>
> The asm parser was missing a check for too many parameters for calls to
> imported functions. For regular functions this check implicitly existed
> because the limit was checked at the function declaration, and the call
> site needs to match the declared parameter count.
>
> R=mslekova@chromium.org
>
> Bug: chromium:1302596
> Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79415}
Bug: chromium:1302596
Change-Id: I138561742b38939a1c2c9a69a6fa508d4f3a028d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513613
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79424}
Allows incremental test, while some codegen paths are not available.
Bug: v8:7700
Change-Id: Icc24cf8e85464587f9eee6175107093a25b76da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512794
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79423}
Registers were supposed to fit in an int, but some register subclasses
added extra fields which made them too big. This fiddles around with
field sizes so that all the Register subclasses still fit inside of an
int (by making the Register code field 8-bit etc).
Change-Id: I31ffbc8f98b6a5e1f638fc59147009e5f81dff41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513612
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79421}
The only user of OverrideEmbedderStackStateScope is Blink where it is
used to override stack state of top-level tasks. Adjust the behavior
here to allow using this scope broadly while still supporting explicit
garbage collection calls.
Bug: chromium:1300492
Change-Id: I78c418c5f08991bf6857147cd4a537246bfcc556
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497744
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79420}
Replace all CONVERT_XXX_ARG_XXX() macros from runtime-util.h with direct
calls to Arguments or the fully expanded equivalent.
- This replaces many of the hard CHECKs with DCHECK (as is common
practice in most V8 code)
- Instead of relying on verbose comments we now have readable code
- Rename Arguments.::xxx_at with Arguments::xxx_value_at since these
methods don't return the Object but rather their double/int value
- Add Oddball::ToBool helper
- Add and use v8::internal::PropertyAttributesFromInt helper
- Add stronger DCHECK for PropertyAttributes returned in
GetPropertyAttributesWithInterceptorInternal
Bug: v8:11263
Change-Id: I8d531857e05d19f3198753b05af28d993a391854
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497768
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79418}
This reverts commit a664aef0ca.
Reason for revert: Times out on CFI: https://cr-buildbucket.appspot.com/build/8820170241901030897
Original change's description:
> [asm] Reject import calls with too many parameters
>
> The asm parser was missing a check for too many parameters for calls to
> imported functions. For regular functions this check implicitly existed
> because the limit was checked at the function declaration, and the call
> site needs to match the declared parameter count.
>
> R=mslekova@chromium.org
>
> Bug: chromium:1302596
> Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
> Reviewed-by: Maya Lekova <mslekova@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79415}
Bug: chromium:1302596
Change-Id: I743647f739e0cc93b2e99145086dbbb7d2660c79
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3512853
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79417}
The asm parser was missing a check for too many parameters for calls to
imported functions. For regular functions this check implicitly existed
because the limit was checked at the function declaration, and the call
site needs to match the declared parameter count.
R=mslekova@chromium.org
Bug: chromium:1302596
Change-Id: I0d35e70a66d682ee8fdecf5c8ea4d2b1419ce684
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509393
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79415}
The main purpose of OSR compilation is fasten inner loop execution, the
OSR code cache is still correct for loop if optimizing at out of loop,
keep OSR code cache can reduce unnecessary slow bytecode execution with
feedback collection and avoid re-OSR compilation.
This CL can improve JetStream2 case navier-stokes by ~6%.
Change-Id: I9518317fb922071b131cab5b56998a0fc198804a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494981
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Tao Pan <tao.pan@intel.com>
Cr-Commit-Position: refs/heads/main@{#79413}
When I was looking at the v8 Promise source, I noticed that some of the links that needed to point to ECMA262 were broken, some were deprecated, some were not legitimate, so I tried to fix them.
Bug: no
Change-Id: I26deeb635d8c293245e7cdb62089f60557547846
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3462029
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79411}
For background and reasoning, see
https://docs.google.com/document/d/1jvSEvXFHRkxg4JX-j6ho3nRqAF8vZI2Ai7RI8AY54gM/edit
This is the first step towards pulling the DefineNamedOwn operation out
of StoreIC.
Summary of the renamed identifiers:
Bytecodes:
- StaNamedProperty -> SetNamedProperty: calls StoreIC and emitted for
normal named property sets like obj.x = 1.
- StaNamedOwnProperty -> DefineNamedOwnProperty: calls
DefineNamedOwnIC (previously StoreOwnIC), and emitted for
initialization of named properties in object literals and named
public class fields.
- StaKeyedProperty -> SetKeyedProperty: calls KeyedStoreIC and emitted
for keyed property sets like obj[x] = 1.
- StaKeyedPropertyAsDefine -> DefineKeyedOwnProperty: calls
DefineKeyedOwnIC (previously KeyedDefineOwnIC) and emitted for
initialization of private class fields and computed public class
fields.
- StaDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral: calls
DefineKeyedOwnPropertyInLiteral runtime function (previously
DefineDataPropertyInLiteral) and emitted for initialization of keyed
properties in object literals and static class initializers. (note
that previously the StoreDataPropertyInLiteral runtime function name
was taken by object spreads and array literal creation instead)
- LdaKeyedProperty -> GetKeyedProperty, LdaNamedProperty ->
GetNamedProperty, LdaNamedPropertyFromSuper ->
GetNamedPropertyFromSuper: we drop the Sta prefix for the property
store operations since the accumulator use is implicit and to make
the wording more natural, for symmetry the Lda prefix for the
property load operations is also dropped.
opcodes:
- (JS)StoreNamed -> (JS)SetNamedProperty: implements set semantics for
named properties, compiled from SetNamedProperty (previously
StaNamedProperty) and lowers to StoreIC or Runtime::kSetNamedProperty
- (JS)StoreNamedOwn -> (JS)DefineNamedOwnProperty: implements define
semantics for initializing named own properties in object literal and
public class fields, compiled from DefineNamedOwnProperty (previously
StaNamedOwnProperty) and lowers to DefineNamedOwnIC
(previously StoreOwnIC)
- (JS)StoreProperty -> (JS)SetKeyedProperty: implements set semantics
for keyed properties, only compiled from SetKeyedProperty(previously
StaKeyedProperty) and lowers to KeyedStoreIC
- (JS)DefineProperty -> (JS)DefineKeyedOwnProperty: implements define
semantics for initialization of private class fields and computed
public class fields, compiled from DefineKeyedOwnProperty (previously
StaKeyedPropertyAsDefine) and calls DefineKeyedOwnIC (previously
KeyedDefineOwnIC).
- (JS)StoreDataPropertyInLiteral ->
(JS)DefineKeyedOwnPropertyInLiteral: implements define semantics for
initialization of keyed properties in object literals and static
class initializers, compiled from DefineKeyedOwnPropertyInLiteral
(previously StaDataPropertyInLiteral) and calls the
DefineKeyedOwnPropertyInLiteral runtime function (previously
DefineDataPropertyInLiteral).
Runtime:
- DefineDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral:
following the bytecode/opcodes change, this is used by
DefineKeyedOwnPropertyInLiteral (previously StaDataPropertyInLiteral)
for object and class literal initialization.
- StoreDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral_Simple:
it's just a simplified version of DefineDataPropertyInLiteral that
does not update feedback or perform function name configuration.
This is used by object spread and array literal creation. Since we
are renaming DefineDataPropertyInLiteral to
DefineKeyedOwnPropertyInLiteral, rename this simplified version with
a `_Simple` suffix. We can consider merging it into
DefineKeyedOwnPropertyInLiteral in the future. See
https://docs.google.com/document/d/1jvSEvXFHRkxg4JX-j6ho3nRqAF8vZI2Ai7RI8AY54gM/edit?disco=AAAAQQIz6mU
- Other changes following the bytecode/IR changes
IC:
- StoreOwn -> DefineNamedOwn: used for initialization of named
properties in object literals and named public class fields.
- StoreOwnIC -> DefineNamedOwnIC
- StoreMode::kStoreOwn -> StoreMode::kDefineNamedOwn
- StoreICMode::kStoreOwn -> StoreICMode::kDefineNamedOwn
- IsStoreOwn() -> IsDefineNamedOwn()
- DefineOwn -> DefineKeyedOwn: IsDefineOwnIC() was already just
IsDefineKeyedOwnIC(), and IsAnyDefineOwn() includes both named and
keyed defines so we don't need an extra generic predicate.
- StoreMode::kDefineOwn -> StoreMode::kDefineKeyedOwn
- StoreICMode::kDefineOwn -> StoreICMode::kDefineKeyedOwn
- IsDefineOwn() -> IsDefineKeyedOwn()
- IsDefineOwnIC() -> IsDefineKeyedOwnIC()
- Removing IsKeyedDefineOwnIC() as its now a duplicate of
IsDefineKeyedOwnIC()
- KeyedDefineOwnIC -> DefineKeyedOwnIC,
KeyedDefineOwnGenericGenerator() -> DefineKeyedOwnGenericGenerator:
make the ordering of terms more consistent
- IsAnyStoreOwn() -> IsAnyDefineOwn(): this includes the renamed and
DefineNamedOwn and DefineKeyedOwn. Also is_any_store_own() is
removed since it's just a duplicate of this.
- IsKeyedStoreOwn() -> IsDefineNamedOwn(): it's unclear where the
"keyed" part came from, but it's only used when DefineNamedOwnIC
(previously StoreOwnIC) reuses KeyedStoreIC, so rename it accordingly
Interpreter & compiler:
- BytecodeArrayBuilder: following bytecode changes
- StoreNamedProperty -> SetNamedProperty
- StoreNamedOwnProperty -> DefineNamedOwnProperty
- StoreKeyedProperty -> SetKeyedProperty
- DefineKeyedProperty -> DefineKeyedOwnProperty
- StoreDataPropertyInLiteral -> DefineKeyedOwnPropertyInLiteral
- FeedbackSlotKind:
- kDefineOwnKeyed -> kDefineKeyedOwn: make the ordering of terms more
consistent
- kStoreOwnNamed -> kDefineNamedOwn: following the IC change
- kStoreNamed{Sloppy|Strict} -> kSetNamed{Sloppy|Strict}: only
used in StoreIC for set semantics
- kStoreKeyed{Sloppy|Strict} -> kSetKeyed{Sloppy|Strict}: only used
in KeyedStoreIC for set semantics
- kStoreDataPropertyInLiteral -> kDefineKeyedOwnPropertyInLiteral:
following the IC change
- BytecodeGraphBuilder
- StoreMode::kNormal, kOwn -> NamedStoreMode::kSet, kDefineOwn: this
is only used by BytecodeGraphBuilder::BuildNamedStore() to tell the
difference between SetNamedProperty and DefineNamedOwnProperty
operations.
Not changed:
- StoreIC and KeyedStoreIC currently contain mixed logic for both Set
and Define operations, and the paths are controlled by feedback. The
plan is to refactor the hierarchy like this:
```
- StoreIC
- DefineNamedOwnIC
- SetNamedIC (there could also be a NamedStoreIC if that's helpful)
- KeyedStoreIC
- SetKeyedIC
- DefineKeyedOwnIC
- DefineKeyedOwnICLiteral (could be merged into DefineKeyedOwnIC)
- StoreInArrayLiteralIC
- ...
```
StoreIC and KeyedStoreIC would then contain helpers shared by their
subclasses, therefore it still makes sense to keep the word "Store"
in their names since they would be generic base classes for both set
and define operations.
- The Lda and Sta prefixes of bytecodes not involving object properties
(e.g. Ldar, Star, LdaZero) are kept, since this patch focuses on
property operations, and distinction between Set and Define might be
less relevant or nonexistent for bytecodes not involving object
properties. We could consider rename some of them in future patches
if that's helpful though.
Bug: v8:12548
Change-Id: Ia36997b02f59a87da3247f20e0560a7eb13077f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3481475
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/main@{#79409}
Report full GC statistics to the Recorder API. These will be used by
Blink to populate UMA histograms. Existing UMA reporting in V8 remains
as is for now and will be removed in a followup.
With this CL, most full GC statistics are reported as part of
V8.GC.Cycle.*.Full.*. Also V8.GCMarkCompactReason is migrated to
V8.GC.Cycle.Reason.Full.
This CL goes together with:
https://chromium-review.googlesource.com/c/chromium/src/+/3353448
Bug: chromium:1154636
Change-Id: I199be75e75144a59e5f56a6872268d0ecad3a885
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3356195
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79408}
Before a young GC, the scavenger finalizes a pending full GC sweeping,
in case there are no more running sweeping jobs, to avoid unnecessarily
pausing sweeping and then resuming it.
This CL moves this sweeping finalization from
ScavengerCollector::CollectGarbage to Heap::CompleteSweepingYoung, so
that it is also performed for the minor mark-compactor and that sweeping
is correctly attributed to the previous full GC cycle (instead of the
beginning young cycle). Furthermore, it also finalizes CppGC sweeping
if there are no more running sweeping jobs.
Bug: chromium:1154636
Change-Id: Ic9ba4803f49db32c0a539f080329f012859bc8bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3508011
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79407}
We can cache this in a static field during V8 initialization such that
we don't need to cache this method's result for each use-case that
might benefit.
Bug: v8:12691
Change-Id: I4391a5e306646465ce96fb7e354be996d9fe8b44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506375
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79406}
If we hit an OOM when allocating the code space for a Wasm module,
include the code size we tried to allocate in the error message. This
should make crash reports easier to diagnose.
R=ecmziegler@chromium.org
Bug: chromium:1302310
Change-Id: I0a85caff65efcad122664765c07f78b35095097e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506993
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79402}
and delete extra asm_comment
Change-Id: Ia22f4bc622387e7c9a1c830b9f213d9554f0029e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507121
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#79401}
Always use the top tier register allocator when statically compiling
code as we want the best performance and aren't as concerned about
compile time.
This also avoids a current bug when the mid-tier register allocator
is used with statically compiled code.
Bug: chromium:1299793
Change-Id: I74175d75847d092d1d5373661d536a299a7da1b0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484316
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79400}
Define dummy BranchIfCompare, a conditional control node
that accepts more than one input node.
Bug: v8:7700
Change-Id: If29b6e9531e8a75a4e94fb2057d8e8d36cf0d9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506376
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79399}
This rename better reflects that heap_base is both used in cppgc but
also V8's GC.
Bug: v8:12691
Change-Id: Ia18ecba462d1b55cee6722452ceb28b25490a066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506374
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79398}
Clean up two flags which control features shipped in m99
harmony_intl_locale_info
harmony_intl_enumeration
Bug: v8:10743, v8:11638
Change-Id: I856afaceb0972052d1bcc70b162e8f9ee9071dd6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3508169
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79397}
Resurrecting finalizers cause all sorts of problems, from performance
penalties when used to hard-to-debug memory leaks.
There's no more usage left in Blink as well as V8 internally, so
deprecate resurrecting finalizers.
Bug: v8:12672
Change-Id: I998373d6468bbd3bd581a41dec8904de80561f43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3507991
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79394}
Fix typo which should check y match -∞ but checked -0
Bug: v8:10776
Change-Id: I6bddbf91dbee2411d47a5e3b8ccbc456a0602bf7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504646
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79391}
Instead of returning a boolean success/failure value, the Free* methods
of the VirtualAddressSpace API now terminate the process on failure, as
this implies a bug in the caller. This is simpler than CHECKing for
success in all callers and also provides more details about the possible
cause of the failure.
Bug: v8:12656
Change-Id: I5b469ae2c564068cff74e60b7e98f6a4776a239d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3506992
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79388}
This simplifies various bits of logic around EmbedderDataSlots as the
raw part will now always contain a valid index into an external pointer
table entry.
This CL also unifies the initialization of EmbedderDataSlots by
providing a EmbedderDataSlots::Initialize method and adds more
documentation about the layout of EmbedderDataSlots in the different
configurations.
Bug: v8:10391
Change-Id: Ie952598898a7a6c9d40b28d3a7370bfc1291bcf0
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3472495
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79384}
This decreases the snapshot size (we don't need to write the ID for the
string) and speeds up deserialization.
Bug: v8:11525
Change-Id: I8f48d2344a7fd895c746e6a3d26f6dbbdd11a062
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494539
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79381}
Currently ClobberDoubleRegisters is implemented in C++ and is
not guaranteed to clobber all registers. Rewritten in assembly
to clobber all double registers
Bug: v8:11798
Change-Id: I11c09bd247c929d251e6e509ea5cc76b9981ea98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490715
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79380}
xorl + setcc is more efficient than setcc + movzxbl and encodes one byte
shorter.
Change-Id: Ib6679ce9ab0ac0d34701daba5c3d4d8bb57a8fc6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492946
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#79377}
HeapNumbers that are in the shared heap were incorrectly considered
!IsShared().
TBR=jkummerow@chromium.org
Bug: v8:12547
Change-Id: Ie4b9575445d841a7045c947ff4439bf53a22869d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3504085
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79372}
Start allowing heavier testing of maglev by allowing graph building to
bail out if passed an unsupported bytecode.
Bug: v8:7700
Change-Id: I7e3d2c5a8896d4f4e0da5ef444c95a286f9ac117
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500417
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79371}
The newly optimised CopyDataPropertiesWithExcludedProperties acceses the
excluded properties directly on the stack, to avoid pushing them twice.
This meant that we had to pass a stack pointer into the runtime, which
we couldn't do directly because all arguments to runtime functions
should be tagged.
We tried to work around this by passing the stack pointer in a Foreign,
but this violated the V8 sandbox. Fortunately, the stack pointer is
aligned, so it looks like a Smi to the GC. So, we can pass it directly
on the stack as a runtime argument but doing a bit of bitcasting.
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Bug: v8:11614
Change-Id: I87c4a34a15ae863277142aa29f48b1dd546014e0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497745
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79369}
The heap snapshot generator is meant to apply descriptive names to Code
objects, but was using CodeDataContainer instead. Attempting to set the
name of the CodeDataContainer instances did nothing because they already
had the name "system / CodeDataContainer".
Bug: v8:11880
Change-Id: If7bd115bde36386d283d319c1ee28df565a39569
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3498849
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79368}
Previously, the inspector would resurrect `v8::internal::Script` objects
when the weak callback is invoked, in order to access their fields and
read out the source (either a String in case of JavaScript or the module
bytes in case of WebAssembly). With https://crrev.com/c/3494242 we no
longer need to access the `v8::internal::Script` now, and so we can stop
relying on the `WeakCallbackType::kFinalizer` logic.
Bug: chromium:1295659
Fixed: chromium:1302195
Doc: https://bit.ly/v8-inspector-script-caching
Change-Id: I6a444bfcdf6cd23b30043f7386d6c18b7afec659
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497324
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79366}
This introduces a new (inspector-only) `v8::debug::ScriptSource`,
which represents the source for a given `v8::debug::Script` (in
case of JavaScript it's a `v8::internal::String` while in case of
WebAssembly it's a `Managed<v8::internal::wasm::NativeModule>`).
Every `v8_inspector::V8DebuggerScript` now holds on weakly to the
`v8::debug::Script` and strongly to its `ScriptSource`, making it
possible to access the source even after the `Script` dies.
This is preliminary work to allow for the removal of the special
GC feature that a `WeakCallbackType::kFinalizer` callback can
resurrect the object (this change is split into a separate follow
up CL https://crrev.com/c/3497324).
Bug: chromium:1295659, chromium:1302195
Doc: https://bit.ly/v8-inspector-script-caching
Change-Id: I503d0d9283e2da392023f06f79b8ff35953e7935
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494242
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79363}
This proposal adds i32 and i64 addition, subtraction, and multiplication
to the list of constant expressions.
See https://github.com/WebAssembly/extended-const.
Bug: v8:12089
Change-Id: I23a27a54a15fd37ee1d553992ab3b355eb9d317c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497665
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79362}
In x64, the result of WordAnd with a positive integer constant is known
to be sign(zero)-extended. Comparing this result with another positive
integer constant can have narrowed op according to the value of the
constants.
This CL do this narrow for WordAnd. It also makes the narrow in Word
comparison to deal with X64Cmp and X64Test.
Bug: v8:12650
Change-Id: I77f4ada9a9f94d78b3a78911e279a647c561cce4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3462081
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#79361}
Prepare gcmole.cc for the next update:
- Print possible GC locations when discovering stale/dead variables
- Make error messages less confusing for the modern V8 engineer
- Prepare gcmole to read suspects.allowlist instead of .whitelist
- Use more readable variable names
- Only log non-found types with --verbose
- Change the currently unusued gccauses format in gcmole.py and
support loading it back in gcmole.cc
- Implemented first basic gc call-chain printing (disabled by default)
GCmole packaging:
- Add debug mode to bootstrap.sh build script
- Update gcmole.py run instructions in bootstrap.sh and package.sh
Bug: v8:10009
Change-Id: I369d48baa2980455d2e8f57e7a803d0384fe83f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3480095
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79357}
When the function is created with FunctionTemplate and set name with
native data property accessors, binding the function should throw
immediately if the native accessor throws.
Bug: v8:11989
Change-Id: Ief282202aa5b8515f581fd5478886ed5f001fd4f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492966
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Chengzhong Wu <legendecas@gmail.com>
Cr-Commit-Position: refs/heads/main@{#79356}
Prototype F32x4Relaxed(Min/Max) and F64x2Relaxed(Min/Max)
operations for ARM. F32x4 variants map directly to vmin/vmax
hardware instructions which are also used for F32x4(Min/Max)
operations. The F64x2 variants are mapped in this implementation
to Pmin/Pmax instructions as detailed in the github issue.
https://github.com/WebAssembly/relaxed-simd/issues/33
Bug: v8:12284
Change-Id: I5ea939385fa0ae97bbdf776fc0b763cabb1b293c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3501347
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79355}
A dispatcher that currently does nothing, installed on the Isolate.
The implementation is close to the baseline concurrent compiler; but
boilerplate is short enough that a common base class is not worth the
additional complexity.
Bug: v8:7700
Change-Id: Ia34781e24cb6b1f72e5560fb0afe107bb0486092
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497690
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79353}
With the previous change to using the mask as the first
input to the node, the lane select ARM codegen is equivalent
to V128Select. Also enable cctests to run on ARM.
Bug: v8:12284
Change-Id: I5572f4845307ff20cc2a0a58d3ccf162caa436b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500655
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79352}
A TrapUnless after an IfTrue, and conversely, a TrapIf after an IfFalse,
should not optimize away the respective Branch node.
Bug: v8:12624
Change-Id: I250b2f84c38295ca35e440589901ed5a58bb4e75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500303
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79349}
The utility type is independent of V8 and useful for cppgc as well.
Move to base/ to allow reusing.
Change-Id: I9de9b4a87bb113fb4c2232d90253afb0f38faa68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497336
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79346}
This renaming was missed in
https://chromium-review.googlesource.com/c/v8/v8/+/3468577, because the
code adding these #ifdef blocks landed in-between the renaming change
being uploaded and landed.
Bug: chromium:1298417
Change-Id: I8c2e951099dafcce7e19a59e40e36f308e2ed867
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3498349
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Benoit Lize <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79345}
Store the free registers as a RegList rather than stack of Register
values. This allows us to simplify some of the register freeing logic,
including passing the current free set to nodes for use as temporaries.
Drive-by: Replace ALWAYS_ALLOCATABLE_GENERAL_REGISTERS with
ALLOCATABLE_GENERAL_REGISTERS, which is the more general list (the former
is an implementation detail for optionally reserving a register for
the cage register).
Bug: v8:7700
Change-Id: I666e9a7547c2f4f4e578fbcbb4bd3fe3cb06dac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497767
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79344}
having cached_property_name
When call function_template accessor in Generic/NoFeedback,
if the function template has cached_property_name,
the holder will have data property with the cached_property_name,
we can use GetProperty to get it rather than bailout.
Bug: v8:10179
Change-Id: I8b878fff969d05eeab1c95fc4b73df6079496840
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492396
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79343}
Isolate::isolate_key_ and Isolate::per_isolate_thread_data_key_ are
created in Isolate::InitializeOncePerProcess() and should be deleted in
Isolate::DisposeOncePerProcess().
Bug: v8:11914
Change-Id: Ic3000d21f86a9d419373ef7c777c21661f544fee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490712
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79341}
Now that only ppc lacks support, state that explicitly s.t. it's clear
which platforms are still missing.
Bug: v8:11420
Change-Id: I22a91270aaa389fc27ce5c7a3f8e8b9c44f01eb4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497544
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79340}
LiveNodeInfo was stored in a Node->LiveNodeInfo map, which was never
copied or merged alongside control flow. Lookups in this map were a bit
part of register allocation time, and it was mostly duplicating data
that was already in the ValueNode.
So, instead of a separate LiveNodeInfo, store the current register
allocation state directly on the ValueNode. This involves a bit of
clobbering of state (in particular, we have to clobber the next_use id),
but that doesn't matter since regalloc is a forward pass and with this
change, it's less memory and zero map lookups.
Measuring on a (very large) function, this reduces compile time from
300ms to 200ms.
Bug: v8:7700
Change-Id: I02620f1a795bd308d1de03d694c102cb5ea3ff50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500617
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79339}
The movq instruction with 8 immediate bytes is used for moving negative
Smi to register previously. This CL reduce the immediate bytes by using
mov imm32 with sign extension.
To move a Smi of -1 to register, the disassembly before the commit is as:
48b8feffffffffffffff REX.W movq rax, 0xfffffffffffffffe
The disassembly after the commit is as:
48c7c0feffffff REX.W movq rax, 0xfffffffe
Change-Id: Ib54a4fbe66f59f86b9f13a72431ceb38470f1017
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500205
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Haoyu Zhang <haoyu.zhang@intel.com>
Cr-Commit-Position: refs/heads/main@{#79337}
This reverts commit 7d4c264e0e.
Reason for revert: Blocking chromium roll, failures in ASAN unittests:
https://ci.chromium.org/ui/p/chromium/builders/try/linux_chromium_asan_rel_ng/1104768/test-results
Original change's description:
> Reland "heap: Force incremental marking in C++ only workloads"
>
> This is a reland of commit 4fde332811
>
> Most recent fix made Oilpan aware of --single-threaded-gc which
> is necessary as GCs are more eagerly scheduled in tests.
>
> Original change's description:
> > heap: Force incremental marking in C++ only workloads
> >
> > ... when above a certain minimum threshold. This is to guard against
> > memory running away in scenarios where the JS heap is empty and
> > there's only high throughput C++ allocations that don't allow for a
> > memory reducer GC to kick in.
> >
> > This logic should be revisited after Oilpan's young generation
> > collector is implemented which may allow switching to a more efficient
> > shrinking strategy for initial heap setup.
> >
> > Bug: chromium:1029379, chromium:1300028, chromium:1300492
> > Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#79255}
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: Ia0c443248b951240cce6dbe1f68581ff1061a7d9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500301
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79327}
Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: I3fd0a5d4ded7d3ce7cd74a50a11b3a0367477d06
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500656
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#79335}
- Add a comment on the macro that registers a prefinalizer.
- Refactor the API to avoid exposing internal types needlessly.
Change-Id: Ia88e786304616848556263410a8f5398c5374533
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497766
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79334}
GetConstructorName might allocate and thus triggers gcmole warnings.
This is a temporary workaround until the called function is cleanly
fixed.
Bug: v8:12674
Change-Id: I43bd190d887abcd79116e8c328ceedfb0c9fad79
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497769
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79333}
.. to distinguish between Maglev and Turbofan targets. Also move one
tracing function to tiering-manager. We may want to move all
--trace-opt code into one place in the future (it's currently split
between here and compiler.cc).
Bug: v8:7700
Change-Id: I9756460124b14fc3213296d083071f338421966a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500612
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79332}
Currently, a streamed script which specifies 'use strict' is stored in
the isolate script cache with a key indicating that it is strict mode.
However, the keys should be based on the context executing the script,
not the content of the script, so that the next lookup can find the
entry without having to parse the script first.
Bug: v8:12668
Change-Id: Iaa76c00c431ad54a86ffd18b61cb4f67dc457b03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3498220
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#79331}
When --maglev is set, tier up to Maglev from unoptimized tiers based on
--interrupt-budget-for-maglev, initially set to 40KB (which should very
roughly by 1/10th of the time until the TF tierup decision is made).
On the first interrupt, a non-concurrent optimization to Maglev is
requested, which the next call to the marked function will perform.
- There is no support for tiering from Maglev to TF yet.
- Maglev's language support is minimal and tests are not expected to
pass with --maglev.
- Disable --maglev by default for now.
Drive-by: fixes related to Maglev flag definitions.
Bug: v8:7700
Change-Id: I121bb3f4f3830fdd20e1d4a12d3e04f08a99be38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500302
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79328}
This is a reland of commit 4fde332811
Most recent fix made Oilpan aware of --single-threaded-gc which
is necessary as GCs are more eagerly scheduled in tests.
Original change's description:
> heap: Force incremental marking in C++ only workloads
>
> ... when above a certain minimum threshold. This is to guard against
> memory running away in scenarios where the JS heap is empty and
> there's only high throughput C++ allocations that don't allow for a
> memory reducer GC to kick in.
>
> This logic should be revisited after Oilpan's young generation
> collector is implemented which may allow switching to a more efficient
> shrinking strategy for initial heap setup.
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79255}
Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: Ia0c443248b951240cce6dbe1f68581ff1061a7d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500301
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79327}
OptimizationDecision holds the optimization {reason, code kind,
concurrency mode}. We centralize it to avoid having to recalculate in
Optimize when we already know everything in ShouldOptimize.
Bug: v8:7700
Change-Id: Ifcd902e86f844ce045bcefd4ae72ac17b42acb3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3500300
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79326}
According to the latest changes in wasm-gc, externref will be renamed
to anyref, and will be assigned as the top of the reference type
hierarchy. Since in the current wasm type system funcref is not a
subtype of anyref, subtyping is now dependent on whether wasm-gc is
enabled.
Bug: v8:7748
Change-Id: I0c0ae3dd5523e624d4490ca33d1fba4c2ae59393
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3468345
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79322}
Before this CL Oilpan would schedule concurrent marking and sweeping
even in the presence of --single-threaded-gc. This e.g. flakily breaks
Blink tests that do not set up a thread-pool in certain configurations
where they pass --single-threaded (implying --single-threaded-gc).
Bug: chromium:1300492
Change-Id: I64f0c6a20f9c29d689a62e63cc5a8d024962ff2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497760
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79321}
InitialValue needs to have a spill slot (e.g. for deopts) but shouldn't
emit an actual spill (since they're already on stack).
Drive-by, fix printing of Checkpoint and CheckMaps parameters.
Bug: v8:7700
Change-Id: I3c1acfce6638b1ad604f7c7a1938694814c326ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497371
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79320}
GetFreeRegisters is supposed to find some number of free registers that
the current node can use as safe temporaries, but they shouldn't be
considered "allocated", as they will be free as soon as the node's code
completes.
Now we no longer decrement free_register_count_ in GetFreeRegisters, to
avoid leaking registers allocated for temporaries.
Bug: v8:7700
Change-Id: I485607fedec79fbeca4675781923b7ad3a6bfc6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497381
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79319}
- Add the Isolate as an explicit param (we already have it at all
callsites)
- Pass an explicit CodeKind param to MarkForOptimization in preparation
for Maglev.
- Split EnsureFeedbackVector into that, plus
CreateAndAttachFeedbackVector for when we know it has to be created.
Bug: v8:7700
Change-Id: Ie9022deccd31d472d6df3d442b25583af5569ab0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3497383
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79318}
When running with the simulator, Assembler::debug() can record an inline
comment to be printed when the simulator encounters it. We need to make
sure pools are not emitted while the comment is recorded in the code
stream.
However the BlockPoolsScope was missing its margin argument to tell it
how much code we're going to generate, and could forget to emit pools
when it should have, causing crashes later on when a branch cannot jump
over the code comment.
Bug: v8:12637
Change-Id: I39e50f176d87c781c865b81fb9aca57d69c8c019
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494544
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Cr-Commit-Position: refs/heads/main@{#79317}
gcc builds seem to have troubles with this:
error: call to non-constexpr function
Remove the UNREACHABLE() calls for now but keep a TODO to
potentially re-enable them again once we've figured this out.
Bug: v8:7700,v8:12667
Change-Id: I9628a1326c1c4200b90aad25cd2eabfeb06608fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494237
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79314}
1) add relaxed version of Code::main_cage_base accessors and use them
from in those cases where they can be called from backround thread,
2) pass the main cage base value to IsCode() predicate to avoid
accessing non-acomic Heap pointer value in page headers from
background compilation thread.
Drive-by cleanup: use MarkingVerifier::cage_base() instead of
Code::main_cage_base().
Bug: v8:11880, v8:12611
Change-Id: I9fd28c1a3babb862d08fec09f6cfc369beaad231
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494238
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79313}
Don't expose the line end table logic to V8DebuggerScript, but instead
use the existing Script::GetPositionInfo() logic to resolve end line and
column numbers for scripts. This also avoids having to copy (the
potentially huge) line ends tables to std::vector's twice per script.
Bug: chromium:1162229
Change-Id: I03365d42c320d462360bacc444f7fa97904a9748
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494240
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79311}
LiftoffAssembler::RecordSpillsInSafepoint
use Safepoint will be mistaken for v8::internal::Safepoint,
which cause build failure on riscv64, change it to use
SafepointTableBuilder::Safepoint
Bug: v8:12665
Change-Id: I597ea04b0c8b466c2f5a322d22ed989d00bedc5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492397
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79310}
The following histograms have been deprecated, as they are superseded
by V8.GC.Cycle.*.Young or not needed anymore (next to each, the
corresponding isolate counter):
- V8.GCScavenger (gc_scavenger)
- V8.GCScavengerBackground (gc_scavenger_background)
- V8.GCScavengeReason (scavenge_reason)
- V8.GCScavengerForeground (gc_scavenger_foreground)
- V8.GCBackgroundScavenger (background_scavenger)
- V8.GCMarkCompactor (gc_mark_compactor)
This CL removes the corresponding instrumentation in the code and the
isolate counters.
Bug: chromium:1154636
Bug: chromium:1299555
Change-Id: I62d28ff60ef47a058fe148c7855af8e2c1cc0aed
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487548
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79308}
This was originally introduced to address http://crbug.com/794941,
to make the disassembly generation for WebAssembly modules lazy.
Nowadays we no longer generate a text representation for the Wasm
disassembly in V8, and this method always returns `false`.
Bug: chromium:794941, chromium:1162229
Change-Id: I8b67e451a3657bf732615585577525aeea2b2f55
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494236
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79304}
Otherwise std::allocator is used and there is no conversion.
Bug: chromium:819294
Change-Id: Ic93e75a3facef96dc901dda29a6be3b4539b68e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3492523
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Stephan Hartmann <stha09@googlemail.com>
Cr-Commit-Position: refs/heads/main@{#79302}
Nowadays these methods allocate a single handle, so there's no point in
having a dedicated handle scope just to close it immediately and escape
the single allocated handle.
Bug: chromium:1162229
Change-Id: I695d8c5577db43b8974b28bdfa6e0600eb41cce9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3494156
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79301}
The CL gets rid of the assumption that WeakCallbackItem::parameter
always points to an object with a custom callback, which might not be
the case for weak containers. This fixes failures in cppgc-non-default
bot.
Bug: chromium:1029379
Change-Id: I9ab6cb357153801efaa0d902c9eedff07d12ffe7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490932
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79296}
This CL assures scratch registers are passed where needed
and cleans up Simd functions shared between TF and LO.
Change-Id: Ib7633e0d51f3aa92d2bcdfc69d0efe779062af62
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3489239
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#79295}
This reverts commit 679c373eb2.
Reason for revert: DCHECK failures in post_job.cc when running Chromium gtests, blocking V8 roll into Chromium.
See https://ci.chromium.org/ui/p/chromium/builders/try/mac-rel/928210/overview for example failures/stacks.
Original change's description:
> Reland "heap: Force incremental marking in C++ only workloads"
>
> This is a reland of 4fde332811
>
> Another Blink-related test fix landed, see chromium:1300492.
>
> Original change's description:
> > heap: Force incremental marking in C++ only workloads
> >
> > ... when above a certain minimum threshold. This is to guard against
> > memory running away in scenarios where the JS heap is empty and
> > there's only high throughput C++ allocations that don't allow for a
> > memory reducer GC to kick in.
> >
> > This logic should be revisited after Oilpan's young generation
> > collector is implemented which may allow switching to a more efficient
> > shrinking strategy for initial heap setup.
> >
> > Bug: chromium:1029379, chromium:1300028, chromium:1300492
> > Change-Id: I93924fc2fe77d6226c29358d3afb1cc9d6fbf3b1
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484319
> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> > Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#79255}
>
> Bug: chromium:1029379, chromium:1300028, chromium:1300492
> Change-Id: Ida66e0c944094472b4856d5fecef2d199d29549b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487991
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#79281}
Bug: chromium:1029379, chromium:1300028, chromium:1300492
Change-Id: Ifbdcf996a91cbdb5cce3b07059c333a7f1a9444a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3491187
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79294}
The main change is the section name, which is now 'metadata.code.branch_hint'.
The binary format has also a couple of minor changes.
Semantics remain unchanged.
Change-Id: I056c9f672ae494979e8ea55266fa766139b71d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487788
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79292}
After https://crrev.com/c/3484317, passing {nullptr} to the
{CodeSpaceWriteScope} won't work any more. Since the tests do not have a
{NativeModule} to pass instead, make them use
{pthread_jit_write_protect_np} directly.
The jump-table assembler tests have dedicated threads for writing and
executing the code, so we just switch once per thread. The icache test
switches between writing and executing, so we use a little struct for
switching.
R=jkummerow@chromium.org, tebbi@chromium.org
Bug: v8:12644, v8:11974
Change-Id: I116f3ad75454f749cdc4635802a4617ff91548b2
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487995
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79290}
Instead of storing a single register, store the entire RegList. This
simplifies a lot of things. We will use RegLists for free registers etc
too later.
Bug: v8:7700
Change-Id: I32146023c7b9bc9e553e3db98fe034e8cef7d09d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487994
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79289}
When we can eliminate a branch-on-type instruction based on statically
available type information and replace it with an unconditional branch,
we have to mark the rest of the current block as unreachable.
Change-Id: I9b8cc2f8e76da0b1b7cdf72b150ec675e9aae1a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3490931
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79288}
{Invoke} is the central bottleneck for calling into generated code.
Check that at this point, no {CodeSpaceWriteScope} is open, otherwise
the JS code could write to the code space once it gains access to an
arbitrary-write gadget.
R=jkummerow@chromium.org
Bug: v8:11974
Change-Id: Ie323cea442a5ea355a1c975b300a1cc5a6edf433
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3487787
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79287}
In very rare cases we open CodeSpaceWriteScopes for multiple native
modules at the same time, e.g. for tier down (debugging) via
ExecuteCompilationUnits
--> PublishCompilationResults
--> OnFinishedUnits
--> TriggerCallbacks
--> AsyncCompileJob::CompilationStateCallback::call
--> WasmEngine::UpdateNativeModuleCache
--> RecompileNativeModule [for tier down]
--> InitializeRecompilation
--> FindFunctionsToRecompile
--> CodeSpaceWriteScope
Fixing this would be difficult because we actually want to keep the
CodeSpaceWriteScope open during subsequent publishing. So instead,
remove the assumption that scopes are always only open for one module at
a time.
In order to do this, we remove the {code_space_write_nesting_level_}
counter and instead use the {current_native_module_} field in all
configurations to check whether a scope is currently open, and for which
module.
R=jkummerow@chromium.org
Bug: v8:12644, v8:11974
Change-Id: Idd24c87f5938c43e867c41fa1cd3879def6f3873
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3484317
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79286}
