Since https://crrev.com/c/4044221, Projections are emitted fairly
eagerly in turboshaft, which prevented
BinopOverflow+Branch/DeoptimizeIf fusion in some cases. This CL
improves the InstructionSelector ability to fuse BinopOverflow with
their following branch-on-overflow instruction.
Bug: chromium:1393640
Change-Id: I12fb57f5080c99a1b16804bd3982a37b24b1cf6d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4068126
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84713}
With this CL, the context of stacks corresponding to all client isolates
are saved, so that conservative stack scanning can be used correctly
during a shared garbage collection. This happens:
1) in Heap::PerformSharedGarbageCollection, for the stacks of the shared
isolate and the initiator;
2) when an isolate's main thread is waiting in a safepoint; and
3) when an isolate's main thread is parked.
Bug: v8:13257
Change-Id: I9ff060f2c0c1ec12977c70d67d65d9c543e2d165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4027210
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84712}
Inner pointer resolution should never return free space or filler
objects. In some tests, however, there is free space or filler objects
in large pages. This CL fixes this case.
Bug: v8:13257
Change-Id: Id5b4875052843184cbe1777e3324e5b09771af49
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4069704
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84709}
Client isolates only need to mark shared heap objects unlike the
shared space isolate. Introduce a separate visitor for them.
In addition MarkingVisitorBase::VisitMapPointer cannot just mark
an object unconditionally.
Bug: v8:13267
Change-Id: Id099d0beec3a4cb44ab803f5033bc06059f21942
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4085005
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84707}
Promoted pages are iterated to record slots containing old to new and
old to shared references. This takes a significant amount of time during
the atomic pause.
Instead we offload this task to the concurrent sweepers, record slots to
a local cache, and merge it when finalizing sweeping.
Array buffer sweeping depends on iteration of promoted pages, so it is
frozen until iteration is done.
See design doc at https://docs.google.com/document/d/1JzXZHguAnNAZUfS7kLeaPVXFfCYbf5bGCtyKgyiMDH4/edit?usp=sharing
Bug: v8:12612
Change-Id: Icdc79a7a70c53352e3a1b3961cfe369e8563b65b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4062041
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84706}
The test is failing due to a bug in dbghelp.dll. I don't think there's
anything we can do about that except disable the test until we've
upgraded to a fixed version.
Bug: v8:13484
Change-Id: I8017c3ad2c934701985adadc6ba3f68d2d53099d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4061543
Reviewed-by: Emanuel Ziegler <ecmziegler@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#84704}
Adds new `br_on_cast null <branch depth> <heap type>` instruction
with opcode 0xfb4a.
The instruction branches on null.
The heap type may be any concreate heap type index or an abstract
type like `(ref null eq)`.
Bug: v8:7748
Change-Id: I0f1debacc80a304f7cfc262fd2cde7f43fc804d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075086
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84703}
When a new space object is promoted into the shared heap during a
scavenger GC, client isolates need to drop that object from the
worklist. However, in the shared space isolate need to keep such
objects in the worklist since this isolate also marks the shared space.
Bug: v8:13267
Change-Id: Id644cb1153e3b330eb8308d18a49c864e2b5cd4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4083704
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84701}
Rolling v8/build: 139c800..810e142
Rolling v8/buildtools/third_party/libunwind/trunk: 2b51e6f..fd5b3b5
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d8be2db..8fd5368
Rolling v8/third_party/depot_tools: 25334bb..107142a
Rolling v8/tools/clang: 64ab83c..9f615fd
Rolling v8/tools/luci-go: git_revision:4814885a05fd7cc925933f614dc6fcc58bc83e4b..git_revision:bac571b5399502fa16ac48a1d3820e1117505085
Rolling v8/tools/luci-go: git_revision:4814885a05fd7cc925933f614dc6fcc58bc83e4b..git_revision:bac571b5399502fa16ac48a1d3820e1117505085
Change-Id: Ie9e3ff075a3b992bbae1c8f862365831aea3bf5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4082193
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#84700}
Avoid the test run breaking over time by continuously running it side
by side with the normal runs.
Depends on infra side:
https://crrev.com/c/4075909
Bug: v8:12660
Change-Id: I2234100ca4007717c5a5dbdde56e457357c24d4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075707
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84695}
Drive-By: Replace Add with Adds when we need flags set and use 32 bit registers in CheckInt32IsSmi.
Bug: v8:7700
Change-Id: I28971b9cf3b18703c2882ce2e3ffff8e1b938da6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079627
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84694}
The main culprit has been found, hence we can remove the CHECKs
iterating over all handles.
Bug: chromium:1380114
Change-Id: I85f9b6261482c55d7018343b32767ca5bae28d47
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080469
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84692}
It turned out that executing 1 million (wasm) instructions can take way
over a minute on a simulator.
Thus changing this back to 16k instructions (as it was before
https://crrev.com/c/4078983). This takes around 5 seconds on my machine.
R=jkummerow@chromium.org
Bug: chromium:1396351, chromium:1396237
Change-Id: Ibf2ae2c81816be93807e564876b75aec18a57c42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079195
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84691}
The zone should just be a member of {WasmModule} instead of a
heap-allocated second object.
R=ahaas@chromium.org
Change-Id: I9cf7d5145ea9131a5ae3382c6f5aa63b816d9aa4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080032
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84690}
Reorder the struct definition to put fields first, then constructors,
then accessors.
R=ahaas@chromium.org
Change-Id: I9242e2f6e70b36bc62649369e9c6997d0a3d8dfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079216
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84689}
The allocator used for the signature zone in WasmModule is always the
WasmEngine's allocator. So remove the accessor and get the allocator
from the WasmEngine directly instead.
R=ahaas@chromium.org
Change-Id: Id8bf0644b7e8aabaaf1d0e246a074c17d0154bbc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4078964
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84688}
This is a reland of commit eeed2ebadb
Changes since revert:
- Disable test for builds that don't support shared heap.
Original change's description:
> [heap] Invoke GC callbacks in safepoint for shared GCs
>
> After a shared GC, trigger all registered callbacks while the global
> safepoint is active.
>
> Bug: chromium:1395117
> Change-Id: I16c61533d44fbeddda18414d2256203848420a99
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079624
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84653}
Bug: chromium:1395117
Change-Id: I145dadac39d81342d7fbc2bad8b87f3518b0100e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4081130
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84687}
... so that we can check that we correctly installed a maglev
code during OSR.
Bug: v8:7700
Change-Id: I6f1d12e8b43cb7c0639e75c43400c5000c090a00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4078937
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84686}
The write barrier for DescriptorArray needs to handle stores into
shared objects as well. In such cases the gc epoch from the shared
heap isolate needs to be used.
This CL also adds a DCHECK that the write barrier for JSArrayBuffers
is never used for shared objects.
Bug: v8:13267
Change-Id: I15bd227bd7352913bc53c88f46353859cca3146f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079091
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84684}
Shared heap is not available without write barriers, therefore skip all
tests that require shared heap when write barriers are disabled.
Change-Id: I66a9a94941ffab792ced964f12df6930b13c92cb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079120
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84682}
We import baseline push according to our needs.
Bug: v8:7700
Change-Id: I2a9d8c2453d44d2da38a9bc32247af1bc3d0c22a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080467
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84681}
Analagous to crbug.com/v8/9534, record the size of potential deopts and
include these in the stack check (so that a deopt can't overflow the
stack).
Bug: v8:7700
Change-Id: I8ca9489c5bd758506f3a0797222de3284fc0d281
Fixed: chromium:1395112
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079226
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84678}
To be able to retrieve structured stacktrace information like the
functionName of single stack frames outsite of v8, this cl adds a
V8StackFrame class and a function to retrieve them from V8StacKFrames.
Bug: chromium:1393317
Change-Id: Idae150aeb03f7b65294c4c6a6979c298a569e6d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4067040
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Judith Hemp <hempjudith@google.com>
Cr-Commit-Position: refs/heads/main@{#84676}
This adds new modes to run gcmole on multiple hosts:
- collect: Parse source files and store partial raw call graph in
a binary output file.
- merge: Read multiple partial call graphs stored by 'collect', merge
them and store the gc-suspect information.
- check: Use the stored suspect information to check source files for
problems.
The modes 'collect' and 'check' support sharding parameters, so that
each shard runs on a deterministic fraction of the source files.
The previous way of running gcmole locally is unchanged as 'full'
run. All modes also support the --test-run parameter, running against
a test double.
The parameter to reuse suspects is removed as the new 'check' mode
makes it redundant.
This also adds python tests to verify most additions for merging
call graphs and for distributing source files to shards.
The new API is used on the infra side via the gcmole_v3 config, which
we configure now in parallel to the previous version to test for
equality.
Based on the builders.pyl change, these additions also run on the
v8_linux_rel trybot on this CL.
Bug: v8:12660
Change-Id: Ibe66292cb00830fa1c23451081a8de4cbc4766a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075907
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84674}
This change enabled constant-folding for parseInt when input is a string constant and radix is a known value.
Change-Id: Iea105af34648077451d272958e484a20651d8013
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4060352
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Fanchen Kong <fanchen.kong@intel.com>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84671}
Drive by: refactor framework_name propagation. The property was already injected in the TestSuite objects. Since it finally got attached to the result record it was natural to have it attached on the TestCase object at creation time. This eliminates the need to inject it through progress objects.
Change-Id: Ic4028d24589a241fb6225dc53ccef2215728d569
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079228
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Liviu Rau <liviurau@google.com>
Cr-Commit-Position: refs/heads/main@{#84670}
Apart from JSApiObject, there are other JS types with other visitor-ids
that may contain embedder fields. The CL adds support for embedder fields
visitation for such types.
Bug: v8:13475
Change-Id: Ifa6f947964d7900245287b35beab19f5b11347ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079015
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84669}
This reverts part of crrev.com/c/4020425, because it turns out that the
runtime call pays off for strings above a certain length.
Bug: v8:12868
Change-Id: I1c4d5a01bb0f1303c2385c7707b3e5fff6936b02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4075728
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84668}
We make sure the number of stack slots in the graph will yield
an aligned stack in the prologue.
We also guarantee the number of extra slots used in a safepoint is
even.
Bug: v8:7700
Change-Id: Ib59fdc5e81dc8f0cf97b7122346cb2decbc58609
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4079164
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84667}
MSVC has trouble with macro expansion in this case. Avoid the issue by
simply writing out 2 separate DCHECKs.
Change-Id: Ib379db95fab91ff7f29b817f1ebcad9b64806787
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4074286
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84666}
This reverts commit 7b138dd30d.
Reason for revert: Causes multiple flakes:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/22932/overviewhttps://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20debug/41934/overview
Original change's description:
> [wasm] Compile debug code lazily
>
> Currently V8 recompiles all functions of a WebAssembly module when a
> debugging session starts. This is outdated behavior and
> causes OOMs for developers. With this CL all compiled code just gets
> removed when a debugging session starts, and debugging code gets
> compiled lazily.
>
> This behavior may lead to small delays whenever a new function gets
> entered by the debugger. However, developers are used to debugging code
> being slightly slower, and the small delays should be in the order of
> few milliseconds. On the other hand, debug modules can be big,
> sometimes even more than 1'000'000 functions, and developers reported
> OOMs when debugging.
>
> R=clemensb@chromium.org
>
> Bug: v8:13541, chromium:1372621, v8:13224
> Change-Id: Ia36d9b8743523b1c89221c59f989268e27f6ce98
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4067302
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#84662}
Bug: v8:13541, chromium:1372621, v8:13224
Change-Id: Ic5442462d158618f2d43b8e0ebdfb90017ed378a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4080034
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Owners-Override: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84665}
