The test ensures that in-construction objects that have been found
through a write barrier are properly processed (marked + trace) when
finalizing the collection conservatively with a different stack.
This is a test for https://crrev.com/c/2744074
Bug: chromium:1056170
Change-Id: I8099bca1fb9025a315a8f0a3530aac822d1c45d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745334
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73306}
It could happen that a background thread expands the heap by one page,
but by the time the thread tries to allocate on it the space is already
used by other background threads. If this happens three times in a row,
V8 would crash with an OOM error. This CL prevents such situations by
always allocating the object immediately at area_start().
Bug: v8:10315
Change-Id: I6390c84e742bf4105e70e930c21557ff1f4d952d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743881
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73305}
The wasm instance will initially be in kWasmInstanceRegister, and for
each call we also need to put it in that register. Hence, when getting a
new register to cache the instance, prefer that register, if it is
available.
R=thibaudm@chromium.org
Bug: v8:11336
Change-Id: Ie7026c4c7c5e4b825b9ab310839f0273bd3ce7f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743885
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73303}
... and after creating the debug side table entry. The safepoint and the
debug side table entry should be generated right after the call, so that
they are associated with the return address of the previous call.
R=clemensb@chromium.org
Bug: v8:11453
Change-Id: I71395851c5a7f4e2c873907454245c9d04f972f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739629
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73302}
The generated Torque files class-verifiers.cc and class-debug-readers.cc
currently include files which are part of v8_initializers, despite being
used in unrelated build targets. This change removes the unnecessary
inclusions. There is still a lot of code included via all-objects-inl.h,
but that's because these files require full class definitions for every
object type.
Bug: v8:11528
Change-Id: Ib26496f2a30ef576f1101636e0aca2cafbfd1f37
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743087
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73301}
This CL removes the caching of the stack slot used for the fallback mechanism
in V8, as the current implementation is incorrect and needs to be reworked.
Bug: chromium:1185753
Change-Id: I9f77bc42bfd649e0dbcd294b000b48c928cf99d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743886
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73300}
Lazy native accessors require special handling to rewrite
the accessor into a data property, so transition to a
slow handler for this case.
Bug: v8:11485
Change-Id: I01636c6e624562619a216fea5e836ae85c7da93f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743882
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73299}
This ensures that after the function-entry stack check, the instance
will still be available in a register. The cost is having to reload it
from the stack in the OOL code for the stack check, even though it is
not clear if that register will still be used.
This does not affect code size significantly (~0.25% reduction), but can
improve performance a little bit if there are memory accesses or other
instructions that require the instance right at the beginning of the
function.
R=thibaudm@chromium.org
Bug: v8:11336
Change-Id: Ib72db172813d55120f527b31014b69a734934ff3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743878
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73298}
Reading the descriptor array from a map has been safe for a while.
Bug: v8:7790
Change-Id: Ib06e12727b7da26c09822db45530addc11e2cf00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739637
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73296}
Push the caught exception on the value stack, so that we can access it
from an inner catch block and rethrow it.
R=clemensb@chromium.org
Bug: v8:11453
Change-Id: Ibc5e653a07c3e4436e252c001b53bc2d3402abc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739974
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73295}
With the value stack refactoring in 1b5c7e15 / r73193, the
combination of helper functions called by PeekArgs() ended
up checking the stack height repeatedly. This CL avoids that
by introducing a ValidateArgType() helper that does not check
stack height.
Bonus: achieve a small speedup by special-casing two of the
most common opcodes in the decoder's main dispatcher.
Fixed: chromium:1185082
Change-Id: I6d51aca844ef9377d203147f74ff8137e12a23e7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745341
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73294}
This is a reland of a8b61ef521
The main reason for the revert was not related to this CL and was fixed
with https://crrev.com/c/2739646
In addition debug output in d8.test.verifySourcePositions was removed
due to TSAN complaints.
Original change's description:
> [sparkplug] Change bytecode offset mapping and introduce iterator.
>
> Previously, we recorded pairs of (bytecode offset, sparkplug pc) to
> create a mapping of bytecode offset <-> sparkplug pc.
> These pairs were only recorded after builtin/runtime calls.
> In preparation for deoptimizing to Sparkplug, we need a more precise
> mapping.
> With this CL, we record positions for every bytecode. Instead of storing
> a pair of (bytecode offset, sparkplug pc), we store only the pc,
> calculating the bytecode offset from the index in the mapping table.
> For easier use an iterator to access the mapping is introduced.
>
> Drive-by: Reduce sampling interval in cpu-profiler cctest to get rid of
flaky failures.
>
> Bug: v8:11420, v8:11429
> Change-Id: I36a9171f43a574eb67880cbca6cf9ff7ab291e60
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720189
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Auto-Submit: Patrick Thier <pthier@chromium.org>
> Commit-Queue: Patrick Thier <pthier@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73186}
>
> Change-Id: I9ab4cb60da002ef130f8a21ad10ba69e2826a7b6
Change-Id: I9ab4cb60da002ef130f8a21ad10ba69e2826a7b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2745335
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73293}
Do --always-sparkplug compilations in a separate function, and
allow that function to return false if a sparkplug compilation
fails. Similarly, don't assert that --always-sparkplug requires
a function to have baseline code, in case a previous sparkplug
compilation failed.
Fixed: chromium:1185735, chromium:1185739
Change-Id: I363fcf271395afa2ec47228fff7a28a76c157f0f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744735
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73292}
Removes unneeded dependency on src/builtins/torque-csa-header-includes.h
from debug-macros.h and adds swiss-name-dictionary.h and
ordered-hash-table.h to debug-macros.cc.
Additionally adds a v8_libbase dep to torque_generated_definitions. As
a result, gn check errors are reduced by 2.
Bug: v8:7330
Change-Id: I0ff666eebd6814e4d52d776e455fd269db36b589
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744040
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73291}
This excludes more targets and tests that won't work without
webassembly:
- wee8
- multi_return_fuzzer
- wasm-js
- wasm-spec-tests
- wasm-api-tests
- several cctests
R=jkummerow@chromium.org
Bug: v8:11238
Change-Id: I6d6ac43869a2b4a91e5b0e7e3183a476a98bf0af
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742617
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73288}
These functions do the same thing, but Fuchsia will eventually remove
support for protect2.
Change-Id: I9f2b4153efa2f78238eb020e9f422f666ae5b7bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2743635
Auto-Submit: Adam Barth <abarth@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73287}
Instead of using addresses of prototype and constructor (which can be
movedby GC) when computing the hash of a Map, we use the addresses of the
prototype map (which won't be compacted).
The prototype map is in a 1:1 relation with the prototype.
In addition the prototype points to the constructor in most cases.
Bug: v8:11519
Change-Id: Ibc47e5870955d7721509be07fae7719a93da9a26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739646
Commit-Queue: Patrick Thier <pthier@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73286}
This reverts commit 19b62d0b4e.
Reason for revert: Undefined behavior
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/15449
Original change's description:
> [v8windbg] Add more items in the Locals pane
>
> Add more items in the Locals pane representing the JS function name,
> source file name, and character offset within the source file, so
> that the user doesn’t need to dig through the shared_function_info to
> find them.
>
> Change-Id: I5d42b3c9542885a72e81613503d1d5abf51870b5
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712310
> Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
> Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/master@{#73282}
Change-Id: I616cd642379b97dff5fb0c66aeb6488e2f9b298b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744420
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73284}
Add more items in the Locals pane representing the JS function name,
source file name, and character offset within the source file, so
that the user doesn’t need to dig through the shared_function_info to
find them.
Change-Id: I5d42b3c9542885a72e81613503d1d5abf51870b5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2712310
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#73282}
When objects are recorded for conservative handling and the GC is
finalized conservatively, with a different stack, we rely on
MarkNotFullyConstructedObjects(). In this method, the objects are
initially marked, only to be forwarded to handlers that try to mark
them again.
Bug: chromium:1056170
Change-Id: I942e7b0ec88aae08e3fe06b7cb3ff4a86dc42f36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2744074
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73281}
... where TF doesn't see that the property is deleted and re-added.
Bug: chromium:1161847
Change-Id: I599a25fa8d29154b5bfede45f6655a1eac44a0f7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739592
Auto-Submit: Georg Neis <neis@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73280}
- Adds some missing types, to appease the fuzzers.
Bug: chromium:1185464
Change-Id: I08c4ebe5f4ae0d036da9819b805aeac93be384fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742017
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73279}
This change relands the last part of https://crrev.com/c/2601880 .
ScopeInfo has a vestigial 'length' field from when it used to be a
FixedArray. This change removes that field, which saves some memory.
More specifically:
- Make ScopeInfo inherit from HeapObject, not FixedArrayBase which
supplied the 'length' field.
- Change FactoryBase::NewScopeInfo to allocate the updated object shape.
It maintains the existing behavior of filling the newly-allocated
object with undefined, even though that's not a valid ScopeInfo and
further initialization is required.
- Change a few length computations to use HeapObject::kHeaderSize rather
than FixedArray::kHeaderSize.
- Remove an unnecessary heap verifier function.
Change-Id: I9b3980157568fdb0402fa31660949966b401fd31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2733037
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#73278}
Resize() may be used to adjust additional trailing bytes of an object.
It is up to the embedder to ensure correctness in case of shrinking.
Bug: chromium:1056170
Change-Id: I954df6c7440b77275cd62e4b802e8f5d39c06f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739652
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73277}
- arm64 aligns the frame, which guarantees an even
number of return slots. Change RoundUp call to DCHECK.
Bug: v8:9198
Change-Id: I9a6949b93d14109f83f09800ffe75ebba6387b04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2740481
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73274}
Port c2a1d633a2
Drive-by: port code-generator-s390.cc changes
Change-Id: I2090cf136d62cc9db1f17d158b88a1e58cc430d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2740341
Reviewed-by: Milad Fa <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/master@{#73273}
Rather than doing a set lookup for each bytecode offset during
iteration, rely on the fact that bytecode offsets are monotonically
increasing, and store the handler offsets in a sorted array with a
"next offset" cursor that the iteration can increment when a handler
is found.
Bug: v8:11420
Change-Id: I50e40043540d37e6c6ecb3e39a9a92c28b65e3d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742621
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73272}
This CL enables full csa optimization for wasm code. To take advantage
of csa load elimination, it switches from Load/Store to LoadFromObject/
StoreToObject operators in the wasm compiler (where possible).
Bug: v8:11510
Change-Id: Ibecd8ba81e89a76553b12ad2671ecad520e9e066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2727407
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73268}
This CL adds missing locks to the PersistentRegions for
(Weak)CrossThreadPersistents.
To make sure no locks are missed in the future, this CL also splits
PersistentRegion and introduces CrossThreadPersistentRegion that checks
whether a lock is taken whenever it is accessed.
Bug: chromium:1056170
Change-Id: Iaaef4a28af0f02bcb896706e9abf1ee5ad2ee1e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737299
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73264}
Before dropping a value we should validate that there is indeed a value
on the stack.
R=jkummerow@chromium.org
Bug: chromium:1184964
Change-Id: Iec3ac061df2545717749e664b10c383765d67c9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739588
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73263}
Add an explicit FreeUnreferencedObject() call that can be used to
reclaim objects that are guaranteed to not be referenced anymore
by the embedder. It is up to the embedder to ensure correctness.
Change-Id: I7f2d86d9639e8b805f79a8fd0a346903f63171e5
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737301
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73262}
This removes all includes of src/wasm from src/deoptimizer, by #if'ing
out wasm-related parts. This will allow to later exclude the whole
src/wasm directory from compilation.
Drive-by: Inline DecodeWasmReturnKind and EncodeWasmReturnKind to avoid
more #ifs.
R=jgruber@chromium.org
Bug: v8:11238
Change-Id: Ia49ed26fc217b3e80756a363dcd397d9060f6835
Cq-Include-Trybots: luci.v8.try:v8_linux64_no_wasm_compile_rel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739653
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73261}
Instead of checking for the null TNode, we can use base::Optional.
Bug: v8:6949
Change-Id: I550b2fdb507c61ea6128a0631351b22a8542d4d3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737296
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73260}
This fixes a null pointer access in FindSharedFunctionInfo that
was introduced when adding a guard to top level function
compilation.
Bug: chromium:1185540
Change-Id: I24b9752637aba0e660bd8f20be83522e1009b69f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2742194
Commit-Queue: Kim-Anh Tran <kimanh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73258}
