When trying to understand why a given module fails to validate, it
can be helpful to disassemble it as far as possible until reaching
the erroneous byte(s).
Change-Id: I0056ba1a81b85a486c0446d15bbf54ccb2e8332e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827866
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82433}
Worklist uses a singly-linked list of segments to hold entries.
Segment size was based on a compile-time constant but already stored
in the segment itself.
Rework the segments to query `malloc_usable_size()` on allocation and
adjust the capacity properly. For PartitionAlloc, it turns out that
there's ~20% more capacity available for the 64-element segments.
This slows down actual allocation of the segments with the upside of
improving utilization and requiring 20% less segments.
Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82432}
This adds `extern.internalize(ref null extern): ref null any` to wasm
which unpacks the wrapped wasm object if the js-interop flag is not set.
I31 values are still wrapped in object wrappers and don't use SMIs.
Bug: v8:7748
Change-Id: Ie4a4507961d0ad41caf430054a3d341f474b8e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819645
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82426}
This has been broken even prior to the any <-> extern split.
The code decided to use the generic wrapper for type any even though
the generic wrapper doesn't support wrapping the return value of functions
and unwrapping arguments passed to it.
Bug: v8:7748
Change-Id: I9dbb893cc4bc4f2bb789b3b3a9addd0208d526ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826056
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82424}
Instead of defining one global (FLAG_foo) per flag, define all flag
values as fields in a global {v8_flags} struct. This guarantees that the
memory is contiguous, and together with proper alignment allows us to
later memory-protect that memory space.
In order to avoid rewriting all existing code that uses the {FLAG_foo}
syntax, we define global aliases: {FLAG_foo} is a reference to
{v8_flags.foo}.
After the next branch cut (v10.6), follow-up CLs will rewrite all
existing code to use the {v8_flags.foo} syntax, and after another branch
cut (v10.7) the aliases will be removed.
This should allow us to merge back most fixes to the previous branch
(N-1). Merges to stable (N-2) might still require resolving merge
conflicts manually, if they modify code that reads flags.
R=cbruni@chromium.org
CC=sroettger@chromium.org
Bug: v8:12887
Change-Id: I8bc44429767f611484fe345d7268af1d55c98124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810187
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82423}
This reverts commit 01aed57e68.
Reason for revert: Might have caused some regressions, see https://crbug.com/1351991.
Original change's description:
> [heap] Add IncrementalMarking::AdvanceOnTask as new bottleneck
>
> Introduce common bottleneck for all incremental marking step
> invocations from a task context. This will later be used to move
> code out of IncrementalMarking::Step.
>
> Bug: v8:11708
> Change-Id: Iba2dc2402083f8b4152ded56eaf0e13d473442a8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822682
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82343}
Bug: v8:11708
Change-Id: I1ec74974d90b865baf223f9820f5bf346f113d86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827865
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82422}
Port 8b4272c2ca
Original Commit Message:
There's no need to decode the tiering state in generated code - merge
these runtime functions and decode in the new generic CompileOptimized
runtime function instead.
CompileMaglev_Synchronized
CompileMaglev_Concurrent
CompileTurbofan_Synchronized
CompileTurbofan_Concurrent
->
CompileOptimized
R=jgruber@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ia61852825fc747ad7fec9983a18bf4e9d4245ad0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826053
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82417}
Port de04959f17
Original Commit Message:
StringConstantXXX were introduced when we switched to concurrent
compilation, as a way to build strings in Turbofan in a background
thread, without having to actually allocate them on the main heap
from the background. See https://crrev.com/c/1221807.
Now that we have local heaps, we can actually allocate strings from
the background, making StringConstantXXX useless.
Moreover, we would fold constant string concatenations into
ConsString, which sounds a bit dubious for performance. Now, small
constant string concatenations will be folded into SeqStrings, while
larger ones will remain ConsString, just to avoid the quadratic
worst-case.
R=dmercadier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I0fb010dfda4a94ba8c5d09de96fa1932c6c91113
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826049
Reviewed-by: Darius Mercadier <dmercadier@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82416}
Bug: v8:13181
Change-Id: I8eaa84ffc408225ee28dca17607b940fd3f34977
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826068
Commit-Queue: Adam Klein <adamk@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82414}
This reverts commit cf765fc348.
Reason for revert: fixes more tests than expected in test262:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/49412/overview
Original change's description:
> [Temporal] Use double instead of int32_t for input of BalanceTime
>
> To avoid overflow int32_t in the math of balancing time.
>
> Bug: v8:13182, v8:11544
> Change-Id: Ib76cf95bbd4f9b47efd6921a67b09d3024e72b13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827310
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82409}
Bug: v8:13182, v8:11544
Change-Id: Id7dd491b4485d13b0e2cc6aae8603479c7949ce8
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827670
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82413}
This is a reland of commit 6e0251f9e2
No changes since revert. Was reverted on suspicion of breaking node integration, but was not the culprit.
Original change's description:
> [turboshaft] Print operator properties as custom data for turbolizer
>
> Bug: v8:12783
> Change-Id: Ie5812217b3e858d94174087fc492887b00dd2e9a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820581
> Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82401}
Bug: v8:12783
Change-Id: I3d220e031d89f960b8cd23860f82ec0a8f147aa2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827665
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82412}
Change-Id: I877a5ebe8e8dff51d7bbd49d203cf71131e4d9fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805821
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82411}
Change-Id: I7ecdfa6ee865d87851bf1975ddd48bd0bfcd39ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805822
Reviewed-by: Frank Tang <ftang@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82410}
To avoid overflow int32_t in the math of balancing time.
Bug: v8:13182, v8:11544
Change-Id: Ib76cf95bbd4f9b47efd6921a67b09d3024e72b13
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827310
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82409}
in AdjustRoundedDurationDays
Bug: v8:11544
Change-Id: I5067aba802b5051312afdd38b0f9c71bfdc14c2a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825617
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82404}
Remove the unnecessary int64_t version of RoundNumberToIncrement
and remove the unneeded RoundHalfAwayFromZero. Change the type of the
increment to double from int64_t.
split from cl/3750098
Bug: v8:11544
Change-Id: I591486c472e9c1343306ff9a1d0384d06fe01835
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824194
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82403}
So far, we decoded instructions with the 0xFB prefix as two-byte, i.e.
a single "u8" byte following the prefix.
This patch changes that to 0xFB + LEB, which is how all prefixed
instructions are supposed to do it. Currently this makes a difference
only for the stringref proposal (instructions 0x80 through 0xb3).
It has the unfortunate consequence that all stringref instructions need
three bytes for now. We expect them to go back to a two-byte encoding
scheme (while remaining LEB compliant) when their final encoding is
decided.
Bug: v8:12868
Change-Id: I603f60adae88e9b985cb65288d9eeb7f98da8138
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825887
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82400}
Port c5d4812196
Original Commit Message:
This CL adds the shared barrier to the RecordWrite builtin which is
used in generated code for builtins, interpreted and optimized code.
The out-of-line part of the barrier now checks whether either the
POINTERS_TO_HERE_ARE_INTERESTING or the IN_SHARED_HEAP bit is set in
the value object's page flags.
Outside of marking the RecordWrite builtin now needs to check whether
to insert into the generational or shared remembered set. Inserting
into the shared remembered set will always call into C++ code.
During marking the RecordWrite builtin now also needs to check whether
this store created an old-to-shared pointer.
R=dinfuehr@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: I850fc234fa34868c6320fc64c6dac7e2f24af1c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825891
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82399}
This is a reland of commit 9d36b2dd0d.
The test case is fixed to actually protect a part of the data section
instead of the stack (which was unintended and could lead to segfaults).
Original change's description:
> [base] Add new API to protect data memory
>
> This adds a new {base::OS::SetDataReadOnly} method, which is similar to
> {SetPermissions(kRead)}, but using another system call on Windows such
> that it works on pages in the data segment.
> {VirtualAlloc} will fail if called on a page of the data section,
> whereas {VirtualProtect} succeeds. For the general {SetPermissions}
> API we still want to use {VirtualAlloc} though, as it also changes the "committed" state of the pages.
>
> Note that we do not add a platform API for this, as the memory was
> never allocated through the platform. We just directly protect it in
> V8.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: If83bf6e5c500cc5cf08c76d04dfac5e2b4d35a2d
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820482
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82349}
Bug: v8:12887
Change-Id: Ib7c24b43b53d568dafb4a56cf8db7479c784e8d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825889
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82398}
The buggy version was introduced in crrev.com/c/3629149. Currently we
only use this OSR mechanic for a Turbofan target tier.
Bug: v8:7700,chromium:1352010
Change-Id: I5e6d5803c489360a6fa5cca6cca1966dd4bb5c48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825890
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82397}
Explicitly check that the memento is not in the unallocated portion of
the current LAB.
Bug: v8:12612
Change-Id: Ie060f44187d2280e72e2eebb0f3c284e2d6c7446
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824337
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82396}
Two inputs might alias the same node. If one input is assigned
any location before the second input is assigned a register, we
might have two inputs in the node in different locations.
Assigning any location later forces the inputs to point to the
same location (either a register or a stack slot).
Bug: v8:7700
Change-Id: I53e35e5d5afa7e82e2a62a9b0c551b609079c79b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825886
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82395}
... in compiler and other components.
Bug: v8:11880
Change-Id: I3a51c33499e7c7169f171c4be0600d7822dafc27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825883
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82391}
Updates when moving a whole page were done only on new to new moves.
For MinorMC we need to update on new to old moves.
Bug: v8:12612
Change-Id: Icf7b98a005ec2f9ee3863ffa15ebe44fdfc64289
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3824338
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82389}
This CL removes the bailout when trying to collect the scope info
for the class member initializer function. While this might not have
worked previously, now we only need to tweak the scope search
slightly to fix this. Class member initializer functions never
have their own context but instead us the class context. That means
that most of the logic in debug-scopes.cc doesn't really matter and we
only need to initialize the ScopeIterator properly with the class
context and the member initializer JSFunction.
Note that this still does not fully fix bug 1350842. That is because
we still run into a DCHECk when paused at a `new class { ... }`
statement. We'll fix that in a separate CL.
R=bmeurer@chromium.org
Bug: chromium:1350842
Change-Id: Id128b10676a5aa8a77309735e755e485f2c14446
Fixed: chromium:1246889
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825881
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82387}
This function should properly forward any exceptions it encounters,
instead of silently swallowing them. Being an API function, that
means moving them from "pending" to "scheduled" state.
Fixed: v8:13123
Change-Id: I20b0782fd806e456f14dda84100000c857481d09
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825880
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82386}
Heap::ReportExternalMemoryPressure() uses a slightly different
behavior for incremental marking steps than AdvanceFromTask() or
AdvanceOnAllocation(). This CL switches this method to use
AdvanceOnAllocation().
Bug: v8:12775
Change-Id: If9bb2c2cf3048196286e4b1443129025fbfdf984
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825780
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82385}
