Drive-by: Pointer to reference conversions and other smaller cleanups.
Change-Id: I83ed114e4b27d5986a389a9753333716b0e20524
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3133146
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76615}
Double-checked locking pattern for destruction was missing the acquire
barrier for the initial load.
TSAN complained with a data race where:
T1: ClearAllUsedNodes(), clearing out the node
T2: a. if(GetNodeSafe()) { Lock; ... }
T2: b. operator delete
Since GetNodeSafe() was a relaxed load, operator delete was allowed to
be reordered which raced with ClearAllUsedNodes().
Bug: chromium:1239081, chromium:1242795
Change-Id: I3906555b13cc51538a1a54b7ca481a96d81fd84e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3132264
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76599}
This avoids a benign race in setting the raw pointer inside CTP
destructor by not emitting the write at all. The handle is destructed
which means that we only need to destroy any backing node but may
leave the handle untouched.
Drive-by:
- Add a few more docs.
- Make Clear() thread-safe.
- Make assignment of a sentinel pointer thread-safe.
- Make assignment of a nullptr thread-safe.
Depends on the Blink change: https://crrev.com/c/3116259
Bug: chromium:1242795, chromium:1243350
Change-Id: I8d76da30893c165e3946322b6d02f6ea2c8e529e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114064
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76493}
In a follow-up CL, the backing stores will, when the sandbox is enabled,
be referenced from V8 objects through offsets rather than raw pointers.
For that to work, all backing stores must be located inside the virtual
memory cage. This CL prepares for that.
Bug: chromium:1218005
Change-Id: Ibb989626ed7094bd4f02ca15464539f4e2bda90f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114136
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76486}
This reverts commit 5a6c7dee4e.
Reason for revert: Speculative: Lots of Chrome crashes:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Blink%20Linux/13353/overview
Original change's description:
> cppgc: Fix CTP for destruction
>
> This avoids a benign race in setting the raw pointer inside CTP
> destructor by not emitting the write at all. The handle is destructed
> which means that we only need to destroy any backing node but may
> leave the handle untouched.
>
> Drive-by:
> - Add a few more docs.
> - Make Clear() thread-safe.
> - Make assignment of a sentinel pointer thread-safe.
> - Make assignment of a nullptr thread-safe.
>
> Bug: chromium:1242795
> Change-Id: I0d9dafa31c298053e87ba1eb75f99fa6e33fa10b
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114134
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76455}
Bug: chromium:1242795
Change-Id: Ia96d66f4908894091a4e498116d9568bd7b0e0a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114058
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76482}
This is a reland of d1b27019d3
Fixes include:
Adding missing file to bazel build
Forward-declaring classing before friend-classing them to fix win/gcc
Add missing v8-isolate.h include for vtune builds
Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}
Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit
Bug: v8:11965
Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76460}
Give a little bit of introduction to Oilpan and provide a few links to
navigate the project.
Bug: chromium:1056170
Change-Id: I4ef8c256c8de7932e3393017be6c58ba48ca45f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114141
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76457}
This avoids a benign race in setting the raw pointer inside CTP
destructor by not emitting the write at all. The handle is destructed
which means that we only need to destroy any backing node but may
leave the handle untouched.
Drive-by:
- Add a few more docs.
- Make Clear() thread-safe.
- Make assignment of a sentinel pointer thread-safe.
- Make assignment of a nullptr thread-safe.
Bug: chromium:1242795
Change-Id: I0d9dafa31c298053e87ba1eb75f99fa6e33fa10b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3114134
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76455}
This reverts commit d1b27019d3.
Reason for revert: Broke vtune build, tsan build and possibly others
Original change's description:
> [include] Split out v8.h
>
> This moves every single class/function out of include/v8.h into a
> separate header in include/, which v8.h then includes so that
> externally nothing appears to have changed.
>
> Every include of v8.h from inside v8 has been changed to a more
> fine-grained include.
>
> Previously inline functions defined at the bottom of v8.h would call
> private non-inline functions in the V8 class. Since that class is now
> in v8-initialization.h and is rarely included (as that would create
> dependency cycles), this is not possible and so those methods have been
> moved out of the V8 class into the namespace v8::api_internal.
>
> None of the previous files in include/ now #include v8.h, which means
> if embedders were relying on this transitive dependency then it will
> give compile failures.
>
> v8-inspector.h does depend on v8-scripts.h for the time being to ensure
> that Chrome continue to compile but that change will be reverted once
> those transitive #includes in chrome are changed to include it directly.
>
> Full design:
> https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
>
> Bug: v8:11965
> Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76424}
Bug: v8:11965
Change-Id: Id57313ae992e720c8b19abc975cd69729e1344aa
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113627
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76428}
This moves every single class/function out of include/v8.h into a
separate header in include/, which v8.h then includes so that
externally nothing appears to have changed.
Every include of v8.h from inside v8 has been changed to a more
fine-grained include.
Previously inline functions defined at the bottom of v8.h would call
private non-inline functions in the V8 class. Since that class is now
in v8-initialization.h and is rarely included (as that would create
dependency cycles), this is not possible and so those methods have been
moved out of the V8 class into the namespace v8::api_internal.
None of the previous files in include/ now #include v8.h, which means
if embedders were relying on this transitive dependency then it will
give compile failures.
v8-inspector.h does depend on v8-scripts.h for the time being to ensure
that Chrome continue to compile but that change will be reverted once
those transitive #includes in chrome are changed to include it directly.
Full design:
https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing
Bug: v8:11965
Change-Id: I53b84b29581632710edc80eb11f819c2097a2877
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76424}
Consider reading the internal node pointer instead of the actual pointer
when trying to figure out whether a node needs to be destroyed. This
preserves the non-atomiticity of the actual pointer which highlights
races using TSAN while fixing destruction.
Bug: chromium:1239081
Change-Id: I1d1fa29d40d86e4b156269abc90142ee71a8d8f4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3110199
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76415}
This is an internal property that should not be used publicly.
The following methods are going to be deprecated:
- v8::TryCatch::JSStackComparableAddress
- v8::BackupIncumbentScope::JSStackComparableAddress
Change-Id: Iaecfdece4660eaf1aef88121ff0f0c501c0ced5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097451
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76363}
This introduces a new, optional `nonIndexedPropertiesOnly` flag to the
`Runtime.getProperties` inspector request, which tells the inspector to
only report properties whose name is not an (typed) array index. This is
to support retrieving all properties except for the indexed ones when
the DevTools front-end decides to use the array bucketing mechanism.
Previously the DevTools front-end had some quite complicated logic in
place to simulate this via injected JavaScript, but that logic didn't
pick up internal properties and was also interfering with the inherited
accessor mechanism. With this new flag, it's straight-forward to
implement the correct behavior in the DevTools front-end.
The corresponding devtools-frontend CL is https://crrev.com/c/3099011.
Before: https://imgur.com/hMX6vaV.png
After: https://imgur.com/MGgiuJQ.png
Bug: chromium:1199701
Change-Id: Iacbe9756ed8a2e6982efaebe1e7c606d37c05379
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3099686
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76360}
ArrayBuffer backing stores will instead use the virtual memory cage and
be referenced through offsets rather than pointers when the sandbox is
enabled. This will be implemented in an independent CL.
Bug: v8:10391
Change-Id: Icc9781003e53c76dbbf4c84ee165151e4182da4b
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3086458
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76348}
This is a reland of a3b2c4ec81
The fix is in PS3, for UBSan. We use WriteUnalignedValue for
potentially unaligned memory writes.
Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
> both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
> we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}
Bug: v8:11908
Change-Id: I5ded6d01cff40803b2f70525163f760edcf97165
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093506
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76327}
This commit updates the comment for the AddData methods which currently
refer to GetDataFromSnapshot, and changes them to
GetDataFromSnapshotOnce instead.
Change-Id: Id09d187eccf645338e2c75b8b692c15a904c8357
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2301929
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76310}
Bug: v8:12008
Change-Id: I2e1d918a1370dae1e15919fbf02d69cbe48f63bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3089095
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76308}
The assumption doesn't necessarily hold on linux and Android either.
Bug: chromium:1056170, chromium:1239287
Change-Id: Ibb0d8f5f814580bff4e8a7dce9a3397df1385896
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097273
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76299}
This reverts commit 91c8be9599.
RCS should not be exposed through the API or the inspector protocol as
they are meant as an internal debugging feature.
The only regularly tested and supported way is through chrome-tracing.
Given that this was used mostly for an experiment to analyse chrome's
performance, we can use pprof support as a replacement.
Original change's description:
> [DevTools] Implemented DevTools protocol API to retrieve V8 RunTime Call Stats.
>
> The new APIs are:
> enableRuntimeCallStats
> disableRuntimeCallStats
> getRuntimeCallStats
>
> The RunTime Call Stats are collected per isolate.
>
> Change-Id: I7e520e2c866288aa9f9dc74f12572abedf0d3ac8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1881601
> Commit-Queue: Peter Kvitek <kvitekp@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#64784}
Change-Id: Ia7575436e97d3420dd7e68414d89477e6a86bb05
Bug: v8:11395
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2998585
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76297}
In Blink's version of Oilpan, GCInfo objects would reside in .bss and
a table would translate between an index and the .bss address. Upon
retrieving a GCInfoIndex, the slow path merely passes a .bss pointer
to a slow path setup method to create the table mapping.
In cppgc, we set up GCInfo entries directly in the table. This is
slightly faster for actually using GCInfo objects as there's no
indirection between table and .bss, and it also saves one pointer (the
indirection) per type that is set up. The downside of this approach is
that individual components of a GCInfo objects, that are all
type-dependent, need to be passed to the conditional setup method.
Since GCInfo indices must be retrieved on each allocation, this
pollutes the fast path with additional instructions.
However, GCInfo components are actually known at compile-time for many
objects. In such cases, we can use a compile-time static dispatch to
encode the known parameters in different functions. This saves around
40KiB of memory on ChromePublic.apk and also creates a more compact
fast path for allocation.
Bug: chromium:1238884, chromium:1056170
Change-Id: Iedd809a8baefcc02f131d2b2c77d341b0abe43bb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3094007
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76291}
This reverts commit a3b2c4ec81.
Reason for revert: UBSan https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8839060153390139249/+/u/Check/gdbjit
Original change's description:
> [wasm][diagnostics] Support WasmCode in gdb JIT integration
>
> - Add new enum WASM_CODE to JitCodeEvent::CodeType
> - Use AddressRegion instead of AddressRange (remove the latter)
> - Change CodeDescription constructor to take an AddressRegion,
> both JIT_CODE and WASM_CODE use this
> - Add a simple mjsunit test that sets --gdbjit to check that
> we don't crash.
> - Add a api test for adding WASM_CODE
>
> Bug: v8:11908
> Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Zhi An Ng <zhin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76271}
Bug: v8:11908
Change-Id: Ic1a74a9239e8ef6107efd36f61c089ae6bfc5b6c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093365
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#76274}
- Add new enum WASM_CODE to JitCodeEvent::CodeType
- Use AddressRegion instead of AddressRange (remove the latter)
- Change CodeDescription constructor to take an AddressRegion,
both JIT_CODE and WASM_CODE use this
- Add a simple mjsunit test that sets --gdbjit to check that
we don't crash.
- Add a api test for adding WASM_CODE
Bug: v8:11908
Change-Id: I6e87fadc2df67978144d78caf9800c3982bc3705
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067754
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76271}
fetch_or (lock-prefixed-or on x86) is emulated with branching on
armv7/armv8 and therefore generates more instructions.
This improves android-binary-size by 45K. It should also improve
performance.
Bug: chromium:1238884
Change-Id: I48f59b645a4bb872b3798a1fde11608fd2930ce6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3090342
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76260}
When this is enabled, v8 reserves a large region of virtual address
space during initialization, at the start of which it will place its 4GB
pointer compression cage. The remainder of the cage is used to store
ArrayBuffer backing stores and WASM memory buffers. This will later
allow referencing these buffers from inside V8 through offsets from the
cage base rather than through raw pointers.
Bug: chromium:1218005
Change-Id: I300094b07f64985217104b14c320cc019f8438af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3010195
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@google.com>
Cr-Commit-Position: refs/heads/master@{#76234}
nullptr objects are considered alive to allow weakness to be used from
stack while running into a conservative GC. Treating nullptr as dead
would mean that e.g. custom collectins could not be strongified on
stack.
Bug: chromium:1231286
Change-Id: Ibeddef18fcbae366c3f54304bf36b75c47bd74ff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085280
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76229}
This CL adds back the 8-byte element types and extends the fast API
by hiding the unaligned memory reads performed for them.
Bug: chromium:1052746
Change-Id: Ide49ce6bd2c77b9d2d544ca2df47b5f95c93eaa9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3056988
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76207}
This cannot be defined in v8config.h because target architecture
detection is not done in that file.
This CL moves the logic to set V8_HAS_PTHREAD_JIT_WRITE_PROTECT to
src/base/build_config.h, which also defines the V8_TARGET_ARCH* macros.
R=jkummerow@chromium.org, mlippautz@chromium.org
Bug: chromium:1238029
Change-Id: I2a688dad32b83df1d26bf23b15bf4485d78c8cc6
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3085271
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76198}
Following up on https://crrev.com/c/3067319 (V8 call site) and
https://crrev.com/c/3080920 (Blink override), we can now safely remove
the formatAccessorsAsProperties() predicate in the inspector API. V8 now
consistently applies the logic to all "inherited", native accessor
properties (which means both Blink IDL attributes and V8 builtins).
Bug: chromium:1076820, chromium:1199247
Change-Id: I156ee43eb87ffd7b1ba69900fe11283f37241dda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080568
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76187}
This is a reland of fffcbaea55
Additional fixes:
- Relax IsStarted DCHECKs in ElapsedTimer for paused_elapsed
- Add LogEventStatus enum in the API for better testing
- Rename Logger::StartEnd enum values to kXXX
- Add additional NestedTimedHistogramScope tests
Original change's description:
> [counters] Fix reentrant timers for V8.Execute
>
> This CL fixes a long standing issue where reentering TimedHistograms
> scopes would cause spurious measurements. Only the non-nested scopes
> yielded correct results.
>
> Due to the changed numbers, the V8.Execute histogram is renamed to
> V8.ExecuteMicroSeconds. Note that this histogram is also guarded
> behind the --slow-histograms flag due to the additional overhead.
>
> Unlike before, it does no longer include time for external callbacks
> and only measures self time. The following example illustrates the
> new behaviour:
>
> 1. Enter V8: |--+.......+--| self-time: 4 units (reported)
> 2. Exit V8 (callback): |-+...+-| self-time: 2 units (ignored)
> 3. Re-enter V8: |---| self-time: 3 units (reported)
>
> This would result in 2 histogram entries with 4 time units for the first
> V8 slice and 3 units for the nested part. Note that the callback time
> itself is ignored.
>
> This CL attempts to clean up how TimedHistograms work:
> - Histogram: the base class
> - TimedHistograms: used for time-related histograms that are not nested
> - NestedTimeHistograms: Extends TimedHistograms and is used for nested
> histograms
>
> This CL changes Histograms to not measure time themselves. Measurements
> happen in the *HistogramScopes:
> - BaseTimedHistogramScope: Base functionality
> - TimedHistogramScope: For non-nested measurements
> - NestedTimedHistogramScope: For nested measurements
> - PauseNestedTimedHistogramScope: Ignore time during a given scope.
> This is used to pause timers during callbacks.
>
> Additional changes:
> - ExternalCallbackScope now contains a PauseNestedTimedHistogramScope
> and always sets VMState<EXTERNAL>
>
> Bug: v8:11946
> Change-Id: I45e4b7ff77b5948b605dd50539044cb26222fa21
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001345
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#76111}
Bug: v8:11946
Change-Id: Ic2eef7456fbc245febcf780b23418f6ab0bebdb7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080566
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76180}
On OSes other than Windows and Fuchsia the write barrier assumes that
the caged heap is allocated below the stack.
Add CHECK that the assumption holds.
Bug: chromium:1056170
Change-Id: I64c790e61b4cfa2adb8274ed74111f0433e9aefb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080570
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76173}
Rather than depending on slow signature checks, receiver type checks are
performed using fast numeric instance type checks.
This CL adds a instance type range for embedders to assign values and
uses these to perform type checks.
Bug: v8:11476
Change-Id: Ie8236ae47ca0ba93ae76a7e690b81aa0a2b0f3e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2883623
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76162}
To consume a code cache off-thread
1. The embedder creates a CachedData object wrapping the data blob.
2. The embedder calls ScriptCompiler::StartConsumingCodeCache with the
CachedData, and receives a ScriptCompiler::CodeCacheConsumeTask
which takes ownership of the CachedData.
3. The embedder calls ScriptCompiler::CodeCacheConsumeTask::Run
on a different thread.
4. Once this completes, the embedded passes the completed task as an
optional argument into Source constructor, and calls Compile as
before.
This is roughly similar to how streaming compilation works, with the
QoL improvement that Source owns the CodeCacheConsumeTask and therefore
we can reuse the same Compile method and do the off-thread finalization
behind the scenes inside Compile.
On the v8::internal side, ScriptCompiler::CodeCacheConsumeTask wraps a
v8::internal::BackgroundDeserializeTask, which has a Run and a Finish
method. The Run creates a LocalIsolate (again, similar to
BackgroundCompileTask), calls some helpers on CodeSerializer, and stores
the pre-finalization result in a OffThreadDeserializeData structure.
This stores Persistent Handles to the off-thread initialized SFI and
a vector of Scripts needing fixing up, and it owns the PersistentHandles
object which owns those Handles. Finally, the Finish method consumes
this OffThreadDeserializeData structure, fixes up Scripts, moves the
SFI Handle into the caller HandleScope, and that's it.
Since we don't yet have the source at off-thread deserialization time,
the various code cache sanity checks are done without the source hash
when deserializing, and the Finish method re-does them now that the
source is available.
Bug: chromium:1075999
Change-Id: If1faf35ba3ef840fa4e735581d0b29c96c1d5fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3067322
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76155}
pthread_jit_write_protect* functions are only available on arm64 Mac,
not on iOS (which also sets V8_{TARGET_,}OS_MACOSX).
This CL refactors the logic to detect whether pthread_jit_write_protect
and MAP_JIT are available and defines a global preprocessor macro which
can subsequently be used instead of the existing complex condition.
R=jkummerow@chromium.org, mlippautz@chromium.org
Change-Id: I63894f42df35406d6eee90a4ce5070c2fde7b566
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3077154
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76143}
crrev.com/c/3069146 fixed a write barrier issue leading to a null
dereference on Windows that was triggered by having the stack allocated
at address below 4GB.
Turns out the same can happen on Fuchsia.
Bug: chromium:1230763, chromium:1056170
Change-Id: I74ba0b465c3230b4274f2c23d279c4f73183eddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3071402
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76094}
Windows can allocate the stack at low addresses. A low-address on-stack
slot (e.g. backing store reference for Blink's on-heap collections) with
a null value would make TryGetCagedHeap falsely think that the slot
resides in a caged heap that starts at a null address.
We will still crash for low-address on-stack slots with non-null
on-stack value, since these cases are not considered valid and should
not happen.
The null value check is added only to Windows. It is not an issue on
other OSes where the stack always resides at high addresses and we
prefer to keep the write barrier as cheap as possible.
Bug: chromium:1230794, chromium:1056170
Change-Id: I07e2d178cd95edba57015d6bc6eb127a443b0589
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069146
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76069}
Rename CopyAndConvertArrayToCppBuffer as
TryCopyAndConvertArrayToCppBuffer and implement type specialization for
int32_t and double in order to speed up V8 bindings with sequences.
This API is used by Blink code, for example see
https://chromium-review.googlesource.com/c/chromium/src/+/3027405.
Bug: v8:11739
Change-Id: I026a7f5e7833fb1afcc2ea9c296b66c7f733cbb1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036407
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#76016}
This is a reland of 84d5b027a7
It removes support for 8-byte types which were causing
unaligned reads.
Original change's description:
> [fastcall] Implement support for TypedArray arguments
>
> This CL adds TypedArrays as supported arguments for fast API calls.
> It implements "exact type" matching, i.e. if Float32Array is expected
> and e.g. Int32Array is passed instead, the generated code bails to the
> slow callback.
>
> Bug: chromium:1052746, chromium:1018624
> Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75756}
Bug: chromium:1052746, chromium:1018624
Change-Id: I872716d95bde8c340cf04990a3e4ae8ec8cd74a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3035090
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75877}
This properly threads through the `executionContextId` to the request
reported to the DevTools front-end, similarly to how we already report
the `executionContextId` as part of `Runtime.bindingCalled`.
Bug: chromium:1231521
Change-Id: I0a003041aedd8ec661d1b07cdddbcd1f2866a99f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3046187
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75875}
Allow CrossThreadPersistent and its weak form to access ASAN poisoned
memory from the GC entry points.
In general, payloads of to-be-finalized objects are poisoned until the
finalizer actually runs to avoid accidentally touching that payload.
In the case of cross-thread handles, these may need to be cleared by a
different thread before the finalizer actually runs. In order to clear
those references, the slot needs to be unpoisoned.
This is issue is ASAN-only and does not affect production or other
debug builds.
Bug: chromium:1230599, chromium:1056170
Change-Id: If4d0808953047319b02653821abbb5c638084dc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3040845
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75846}
This CL adds TypedArrays as supported arguments for fast API calls.
It implements "exact type" matching, i.e. if Float32Array is expected
and e.g. Int32Array is passed instead, the generated code bails to the
slow callback.
Bug: chromium:1052746, chromium:1018624
Change-Id: I01d4e681d2b367cbb57b06effcb591c090a23295
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999094
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75756}
This is a reland of dcdaf42fa8. It adds
CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.
Bug: v8:11611
Change-Id: I813fc8de36d1445c6a887abf496ec10e1a803815
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2953296
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75715}
For CopyAndConvertArrayToCppBuffer<T, type_info>(src, dst, length),
type `T` can be deducible from `dst`, but `type_info` cannot be
deducible so it's better to rewrite it as
CopyAndConvertArrayToCppBuffer<type_info, T>(src, dst, length).
Bug: v8:11739
Change-Id: Ic3a28671cf7576672dad2f21bf6acf87807c3b48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3023006
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75709}
A human-readable name is in Blink only available for C++ types with
JS wrapper objects and for manually annotated types that are interesting
for the snapshot. Return the proper C++ shallow size of the object in
this case. (Merge nodes will have their JS+C++ sizes added.)
Bug: chromium:1228411, chromium:1056170
Change-Id: Ib2b1b7b9dec80e5cccccb1aad8c4c035715612ec
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3021169
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75698}
So far, discarded size was maintained by the sweeper but not wired up
anywere.
Changes in this patch:
- Wire up resident size in heap statistics collection.
- Fix bugs in reporting committed and resident size.
- Sweeper test: Enforce some internal details. The details should not
not be checked broadly but be kept as a detail to the sweeper
itself.
- Stats collection: Test that committed and resident set size are
reported and differ after discarding GCs.
Bug: chromium:1056170
Change-Id: Icf8871c7ea3b28253233485c736b2ca4816fd6f2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3020971
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75684}
This CL implements the resolution of function overloads based on
run-time checks of the type of arguments passed to the JS function.
For the moment, the only supported overload resolution is between
JSArrays and TypedArrays.
Bug: v8:11739
Change-Id: Iabb79149f021037470a3adf071d1cccb6f00acd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2987599
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#75664}
GCInfoIndex cannot be used for a canonicalization of type names.
Example by omerkatz:
struct A : public GCed<A>, public NameProvider {
override const char* GetHumanReadableName() { return "A"; }
};
struct B : public A {
override const char* GetHumanReadableName() { return "B"; }
};
A and B will have the same GCInfoIndex but different type names.
Bug: chromium:1056170
Change-Id: I35b76a0d80498b8c39e3788f6c2556cdb29f3a7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013311
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75649}
- Allows for differentiating committed and physical (resident) size on
a page. This change merely adjusts the API surface and does not
implement resident set size tracking.
- Add object types on page level as well which helps diagnosing almost
empty pages.
Bug: chromium:1056170
Change-Id: I64c69dc55873a0ce97d2064356bfcd957e10cbf9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3011164
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75621}
This allows for marking promises as silent. Setting this flag prevents
the debugger from pausing when the promise rejects.
Bug: chromium:1132506
Change-Id: I260e52faa45ebedd9e8d84e092bd0260e828a902
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001354
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75595}
In order to implement eager (side effect free) evaluation of arbitrary
accessor properties correctly, we need the ability to call getters while
guaranteeing that we don't trigger side effects. This is accomplished by
adding a `throwOnSideEffect` flag to the `Runtime.callFunctionOn` API,
similar to what's already available with the `Runtime.evaluate` and the
`Debugger.evaluateOnCallFrame` APIs.
Bug: chromium:1076820, chromium:1119900, chromium:1222114
Change-Id: If2d6c51376669cbc71a9dd3c79403d24d62aee43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3001360
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75556}
This reverts commit 92bfb63cac.
Reason for revert: Broke build https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20shared/43249/overview
Original change's description:
> [build] Separate out inspector as a shared library
>
> This makes src/inspector:inspector into a v8_component producing a
> shared library in component builds. To enable this, all of its exported
> are now marked with V8_INSPECTOR_EXPORT.
>
> This also inverts the dependency between src/inspector:inspector and
> :v8_base_without_compiler, and instead makes d8 and some tests depend on
> inspector rather than getting it via v8.
>
> As a result, the no_check_targets exclusions list in .gn is reduced.
>
> Ultimately embedders like chromium should depend on :v8 and optionally
> src/inspector:inspector, but to allow that transition to occur, this
> renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
> inspector. Once all embedders have changed to reflect the new structure,
> this part can be reverted.
>
> Bug: v8:11917
> Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Achenbach <machenbach@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Commit-Queue: Dan Elphick <delphick@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#75532}
Bug: v8:11917
Change-Id: I0ed27ed95211d13b8b3438a8c0a42d577806c475
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3003452
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#75533}
This makes src/inspector:inspector into a v8_component producing a
shared library in component builds. To enable this, all of its exported
are now marked with V8_INSPECTOR_EXPORT.
This also inverts the dependency between src/inspector:inspector and
:v8_base_without_compiler, and instead makes d8 and some tests depend on
inspector rather than getting it via v8.
As a result, the no_check_targets exclusions list in .gn is reduced.
Ultimately embedders like chromium should depend on :v8 and optionally
src/inspector:inspector, but to allow that transition to occur, this
renames :v8 to :v8_lib and introduces a new :v8 which depends on v8 and
inspector. Once all embedders have changed to reflect the new structure,
this part can be reverted.
Bug: v8:11917
Change-Id: Ia8b15f07fb15acc5e1f111b1a80248def4285fd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2999088
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75532}
This CL adds support in TurboFan for passing JSArrays as arguments to
fast API callbacks. It also extends the v8::Array class with a
CopyAndConvertArrayToCppBuffer method to allow the embedder to perform
quick conversions of their JSArrays to a C++ buffer. The CL also adds
tests in d8. Design doc:
https://docs.google.com/document/d/1BNKKZNgrGYafx8kqSfNEQqQYY5n4A6mGufss_Vz-h-4/edit#heading=h.c0kgf82jnlpp
Bug: chromium:1052746, chromium:715122
Change-Id: If47ac60d9ebe6462bbf3adff002e2da8e14e8fc8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2940900
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75333}
When checks are enabled, ensure that the global handle zap value never
leaks into user code as it indicates that the garbage collector failed
to keep alive an object.
Bug: chromium:1056170
Change-Id: I4836fe49cd6e443d689068af10276ed99b46eb10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2972729
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75330}
... behind the v8_enable_external_code_space build flag.
This is a first CL in a row of CLs that will make CodeDataContainer
the only type of objects that could contain references to Code objects
(besides the Code objects embedded into the generated code).
Eventually these changes will allow us to move Code space out of the V8
heap cage.
This CL adds |code| field to ensure that CodeDataContainer keeps the
respective Code object alive and |code_entry_point| field that contains
cached value of the code().InstructionStart().
Bug: v8:11880
Change-Id: Ie7ce75667d8da306797d203691b429671bc4530d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2964093
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75179}
Constructors define instance types for their instances while accessors
define a range of permissable instance types for receiver checks.\
Bug: v8:11476
Change-Id: I48b5326ec0a4e847283c2fa5c8f1705302727453
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821430
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75131}
This CL adds a new method intended for tests or lab settings to
cleanup V8 caches. The synchronous nature of the method greatly reduces
flakiness of blink leak detection in many cases.
Bug: chromium:1217831
Change-Id: I107eddc8b88d91aa7e69430ecfc135fe39538a5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2948666
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75041}
This commit adds a TryGetCurrent() method to the v8::Isolate class.
The motivation for adding this method this is that in Node.js we've run
into situations where we need to check if there is a current
Isolate and we are using GetCurrent() for this. The issue is that for a
debug build of Node.js, the debug check in GetCurrent() will cause a
failure.
The suggestion in this changeset is to allow getting the current
Isolate, or null if one does not exist, without any checks.
Change-Id: I01676e4bcdbe86da0496f5df1982d14eb1c9ebf8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2910630
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75004}
This interface allows associating meta information to
exceptions. This meta information can be used by debugging
tools, like DevTools, to learn about e.g. a network request
or a DevTools issue that is associated with the exception.
To do so the inspector client (i.e. embedder) has to provide
the data.
Bug: chromium:1213393
Change-Id: Ia86221f4f04b21024d592bafb2f74886ead8a6a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928496
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74909}
This CL enhances the interface of the fast C API with constants and
structs necessary for supporting JSArrays, TypedArrays and ArrayBuffers.
It also adds checks for incompatible combinations of argument type/flags.
Bug: chromium:1052746
Change-Id: I032167d0739d33f8151f78574c89d565cb9bd821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2903147
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74857}
To support Fast API calls with overloads, implement compile-time
function resolution based on the number of arguments passed to the JS
function.
Bug: v8:11739
Change-Id: I96839dc0b6fc540eff94573ac9e77f678908fc3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2901249
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74837}
Based on an analysis of auto-generated code, based on
browser_protocol.pdl and js_protocol.pdl:
https://goreportcard.com/report/github.com/daabr/chrome-vision#misspell
Bug: chromium:1213460
Change-Id: Ib96b2d2700d0bf1ac90e88accd0bc15eccbb9d7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848874
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74810}
They have been disabled for some time and are superseeded by lazy
feedback vector allocation.
Change-Id: Iafc3989b0c1f866ce7d6295d9b13ccaa5ef1c115
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2905609
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74711}
Used include-what-you-use [1] to clean up cppgc API headers. The tool
does somewhat work but requires some cleanup afterwards as it cannot
nicely deal with `v8config.h` and the defines it generates.
[1] https://github.com/include-what-you-use/include-what-you-use/
Bug: chromium:1056170
Change-Id: I7b03797c615f8e033510fc959bbdb792d8b7a4ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2907612
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74693}
Check that the marked bit of an object is set if assigned during a
prefinalizer to a Member in a live object or a Persistent.
Bug: v8:11749
Change-Id: I993c0d226a4157698591e1f7bc0c55e5c79239b6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897093
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74672}
In order to support Fast API calls with overloads, store a FixedArray
of c-function addresses and a FixedArray of the corresponding
FunctionInfo*. For now keep using only the first function in the array.
Bug: v8:11739
Change-Id: If23381aa9d04c5cd830043951da9c53836a36328
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876592
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74643}
Create verification state on first assignment and check that
the reference slot is contained within the values heap if it
is an on-heap reference.
Bug: chromium:1056170
Change-Id: I0ce0e2bbd751186429950bb4f6bad97b273b3128
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887509
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74607}
The method changes a global flag, depending upon which v8 attaches or
not the SharedArrayBuffer constructor to global objects. Chrome ended
up calling it when some contexts had already been created, leading to
inconsistencies. (Also) because of that, we decided to change the
mechanism for enabling cross-origin isolation (cf.
https://crrev.com/c/2880215). I believe it is better not to expose
this method.
Bug: chromium:923807
Change-Id: I269cb1c5406f999a395bbb7657574c0f73b4ae99
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2900224
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74600}
This CL enhances the fast C API in a way to allow passing the receiver
to the fast callback as Local<Object> instead of Local<Value>. It also
fixes documentation comments.
Bug: chromium:1052746
Change-Id: I424aa83023c2e6633b9df08ee040bf170db32b3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2887510
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74519}
Member is sometimes still used from off-heap storage which prohibits
getting the heap from the Member's slot address.
Bug: v8:11756
Change-Id: I61658ce07a8b02a8c400232ff21c75f0d8b95dcb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2886879
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74496}
After updating our bots to use GCC 7.4, we do not need to support
incomplete C++14 support any more. In particular, we can assume
complete c++14 constexpr support now.
This CL removes the V8_HAS_CXX14_CONSTEXPR and CONSTEXPR_DCHECK macros.
The CONSTEXPR_DCHECKs are replaced by DCHECK and friend, or
STATIC_ASSERT where possible.
R=jgruber@chromium.org, leszeks@chromium.org, mlippautz@chromium.org
Bug: v8:9686, v8:11384
Change-Id: I3a8769a0f54da7eb2cacc37ee23e5c97092e3051
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876847
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74486}
As a first step to support Fast API calls with overloads, adds a
new FunctionTemplate constructor that accepts a vector of CFunction*.
Bug: v8:11739
Change-Id: I112b1746768f52df52c893a4f1fb799b6bd90856
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2860838
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Paolo Severini <paolosev@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#74481}
This is a reland of 7458e67c4e
Original change's description:
> cppgc: Implement basic Member and Persistent checks
>
> Adds check for
> - same heap on assignment
> - header and containment
>
> The verification state is eagerly created for on-heap Member
> references using caged heap and lazily created on first assignment for
> all others.
>
> Bug: chromium:1056170
> Change-Id: I38ee18eeb7ac489f69a46670cc5e5abe07f62dfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878745
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74449}
Bug: chromium:1056170
Change-Id: I9cecfcf7ba2cb70650fd51f345fbf740b96ff6ba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2882804
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74468}
This change turns the previously used XOR-based type checks for external
pointers into AND-based type checks. With those, the type tag is ORed
into the top bits of an external pointer when it is written, and the
type check performed on every load is done by ANDing the value with the
inverted tag. This will later allow type checking and masking off the GC
marking bits of external pointers in a single operation.
Bug: v8:10391
Change-Id: I89f2b22588b3f7467c79c7916c11f25cd9bcc82d
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2850639
Commit-Queue: Samuel Groß <saelo@google.com>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74464}
This reverts commit 7458e67c4e.
Reason for revert: Crash on windows https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64%20-%20debug/37698/overview
Original change's description:
> cppgc: Implement basic Member and Persistent checks
>
> Adds check for
> - same heap on assignment
> - header and containment
>
> The verification state is eagerly created for on-heap Member
> references using caged heap and lazily created on first assignment for
> all others.
>
> Bug: chromium:1056170
> Change-Id: I38ee18eeb7ac489f69a46670cc5e5abe07f62dfa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878745
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74449}
Bug: chromium:1056170
Change-Id: I466522a7d879560c99dabbd96c3b097894743a87
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880149
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74450}
Adds check for
- same heap on assignment
- header and containment
The verification state is eagerly created for on-heap Member
references using caged heap and lazily created on first assignment for
all others.
Bug: chromium:1056170
Change-Id: I38ee18eeb7ac489f69a46670cc5e5abe07f62dfa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2878745
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74449}
The function will be used to implement the web memory measurement API.
This adds an |allocated_bytes_at_last_gc| counter to each normal page.
The counter is updated by the sweeper.
Bug: chromium:1181269
Change-Id: If6612de06f373a839fce986c71ba3dfde4d9c9c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880534
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74446}
This reland patch:
https://chromium-review.googlesource.com/c/v8/v8/+/2867473
(See patchset 1)
The problem was blink injecting interceptor into the window object. It
observes "observation" and "mutations" on this object. When it happens
to the initial empty document, the IPC DidAccessInitialDocument() is
sent and modify the state of the browser process. Causing two tests to
fail.
The diff (See patchset 1..2) includes:
1. Use JSObject::HasRealNamedProperty instead of JsObject::HasProperty.
This skips the interceptor and do not walk the prototype chain.
2. Invert JSObject::HasRealNamedProperty() with
IsSharedArrayBufferConstructorEnabled(), just in case. This avoid
observing the object when not needed.
Original patch description:
---
This change makes it possible to enable SharedArrayBuffer per Context,
controlling whether it should be enabled or not with a callback. The
previous implementation of the reverse origin trial for
SharedArrayBuffer was broken, since the feature could only be enabled
globally per process, and only if the feature flag is set early enough
in the v8 initialization. This does not play well with how origin
trials work.
The implementation is similar to the callbacks that already exist for
the origin trials for WebAssembly simd and exceptions.
SharedArrayBuffer is still controlled by the flag
harmony_sharedarraybuffer. If that flag is disabled, then
SharedArrayBuffer is disabled unconditionally. On top of that, this CL
introduces a new flag for enabling SharedArrayBuffer per context. If
that flag is set, a callback is used to determine whether
SharedArrayBuffer should be enabled.
Note that this only controls whether the SharedArrayBuffer constructor
should be exposed on the global object or not. It is always possible
to construct a SharedArrayBuffer using
new WebAssembly.Memory({
shared:true, initial:0, maximum:0 }).buffer.constructor;
There are few things which I do not like of this approach, but I did
not have better ideas:
1. The complex logic of dobule flag + callback. However, this seemed
the best way to me to not break embedders which rely on that flag
being enabled by default.
2. The fact that what actually matters is just whether the callback
returns `true` once. It would be good to check that the callback gives
a consistent return value, or to provide a better API that cannot be
missunderstood.
Bug: chromium:923807,chromium:1071424,chromium:1138860
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867473
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74378}
---
Bug: chromium:923807,chromium:1071424,chromium:1138860,chromium:1206187
Change-Id: Ibc6b4f8c0e0827178b7f0cbe4b942444bbbe6216
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2880215
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Auto-Submit: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74441}
Within the inspector we should be consistent about passing the script ID
always as integer, and only convert to String16 when actually needed.
That (a) saves memory (and some runtime overhead) when stashing away
call frames, for example in case of async stack traces, and (b) reduces
confusion which representation to chose.
Bug: chromium:1162229
Change-Id: I9591931da0a307779372f36aba6e155ec22bbe3d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2876856
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74410}
This reverts commit bc1eb7b478.
Reason for revert: https://ci.chromium.org/ui/p/chromium/builders/try/android-pie-arm64-rel/369203/overview
Original change's description:
> [api] Add API callback setter for the SAB origin trial
>
> This change makes it possible to enable SharedArrayBuffer per Context,
> controlling whether it should be enabled or not with a callback. The
> previous implementation of the reverse origin trial for
> SharedArrayBuffer was broken, since the feature could only be enabled
> globally per process, and only if the feature flag is set early enough
> in the v8 initialization. This does not play well with how origin
> trials work.
>
> The implementation is similar to the callbacks that already exist for
> the origin trials for WebAssembly simd and exceptions.
>
> SharedArrayBuffer is still controlled by the flag
> harmony_sharedarraybuffer. If that flag is disabled, then
> SharedArrayBuffer is disabled unconditionally. On top of that, this CL
> introduces a new flag for enabling SharedArrayBuffer per context. If
> that flag is set, a callback is used to determine whether
> SharedArrayBuffer should be enabled.
>
>
> Note that this only controls whether the SharedArrayBuffer constructor
> should be exposed on the global object or not. It is always possible
> to construct a SharedArrayBuffer using
>
> new WebAssembly.Memory({
> shared:true, initial:0, maximum:0 }).buffer.constructor;
>
>
> There are few things which I do not like of this approach, but I did
> not have better ideas:
>
> 1. The complex logic of dobule flag + callback. However, this seemed
> the best way to me to not break embedders which rely on that flag
> being enabled by default.
>
> 2. The fact that what actually matters is just whether the callback
> returns `true` once. It would be good to check that the callback gives
> a consistent return value, or to provide a better API that cannot be
> missunderstood.
>
>
> Bug: chromium:923807,chromium:1071424,chromium:1138860
> Change-Id: Ibe3776fad4d3bff5dda9066967e4b20328014266
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867473
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74378}
Bug: chromium:923807
Bug: chromium:1071424
Bug: chromium:1138860
Change-Id: Iec678dee130db891c2096e47bc072a5d77ae9476
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874403
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74404}
- Take HeapHandle& parameter to allow a use case of free() on an already
dead object during sweeping.
- Change free() from T* to T& which forces an object and allows the
caller to place the nullptr check before retrieving a heap handle.
Bug: chromium:1056170
Change-Id: I80689d27d3abe410d177cd8c86b31ff2fe579a77
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2874461
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74387}
This change makes it possible to enable SharedArrayBuffer per Context,
controlling whether it should be enabled or not with a callback. The
previous implementation of the reverse origin trial for
SharedArrayBuffer was broken, since the feature could only be enabled
globally per process, and only if the feature flag is set early enough
in the v8 initialization. This does not play well with how origin
trials work.
The implementation is similar to the callbacks that already exist for
the origin trials for WebAssembly simd and exceptions.
SharedArrayBuffer is still controlled by the flag
harmony_sharedarraybuffer. If that flag is disabled, then
SharedArrayBuffer is disabled unconditionally. On top of that, this CL
introduces a new flag for enabling SharedArrayBuffer per context. If
that flag is set, a callback is used to determine whether
SharedArrayBuffer should be enabled.
Note that this only controls whether the SharedArrayBuffer constructor
should be exposed on the global object or not. It is always possible
to construct a SharedArrayBuffer using
new WebAssembly.Memory({
shared:true, initial:0, maximum:0 }).buffer.constructor;
There are few things which I do not like of this approach, but I did
not have better ideas:
1. The complex logic of dobule flag + callback. However, this seemed
the best way to me to not break embedders which rely on that flag
being enabled by default.
2. The fact that what actually matters is just whether the callback
returns `true` once. It would be good to check that the callback gives
a consistent return value, or to provide a better API that cannot be
missunderstood.
Bug: chromium:923807,chromium:1071424,chromium:1138860
Change-Id: Ibe3776fad4d3bff5dda9066967e4b20328014266
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2867473
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74378}
This reverts commit 1527c4878a.
Reason for revert: reverted in favour of https://chromium-review.googlesource.com/c/v8/v8/+/2857640
Original change's description:
> Expose V8CommandLineAPIScope and V8InspectorSession::createCommandLineAPI
>
> This CL extracts CommandLineAPIScope from V8Console and exposes it
> as V8CommandLineAPIScope. Also, it exposes V8InspectorSession::createCommandLineAPI.
> These changes will be used by InspectorPageAgent to install command
> line APIs when evaluating scripts added using CDP's command
> Page.addScriptToEvaluateOnNewDocument.
>
> Chromium CL: https://crrev.com/c/2835786
>
> Doc: https://docs.google.com/document/d/1zGG7-NZMb-aOfFfHf1u4VsP4C-lZettopCvYDC6pkBw/
> Bug: chromium:1200705
> Change-Id: I39b27f957cfb6d682ea84e385eaf25d09d261b58
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835712
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#74096}
Bug: chromium:1200705
Change-Id: Ic7f411f3c66dd33c1b021dab90f202b361ee85c2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859953
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74350}
AtomicCtorTag is needed by Blink to force atomic initialization of
members. This is used when reinitializing a member in a backing store.
Bug: chromium:1056170
Change-Id: I410766a9c9133a1f1c2ea2e1153cb1c61363459f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2859944
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74341}
cpplint rules change over time, and we change the exact rules we enable
for v8. This CL removes NOLINT annotations which are not needed
according to the currently enabled rules.
R=mlippautz@chromium.org
Bug: v8:11717
Change-Id: I41c4c18dd3f70ec255e9d2769ffd25a38f6f2784
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2862764
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74307}
In https://crrev.com/c/2842128, a concern was raised that using
`V8InspectorSession::createCommandLineAPI` directly would not cache the command line
API definitions and V8 could expose a higher level API for this use
case. This CL exposes `InjectedScript::ContextScope` via V8InspectorSession.
If this approach is approved, V8InspectorSession::createCommandLineAPI
could be removed.
Example usage: https://crrev.com/c/2858964
Bug: chromium:1200705
Change-Id: Ib9fcadcb9bbd75c08f0122b0e4ee61e2874c4f8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2857640
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74289}
The "Restart frame" feature was implemented as part of LiveEdit and
primarily used to support LiveEdit of active functions, but that was
previously disabled as part of https://crrev.com/c/2846892 because it's
too brittle and causes crashes when using seemingly unrelated features.
The "Restart frame" feature was also available as a context menu item
separately in the DevTools front-end, but that was also already removed
as part of https://crrev.com/c/2854681 earlier. So all uses are gone
now.
This change works by marking Debugger.restartFrame as deprecated and
having it respond with a ServerError all the time. It thus allows us to
remove a whole bunch of machinery that was essentially just put in
various places to support the restart_fp_ magic. In particular the
debugger no longer needs any machine specific builtins now.
Bug: chromium:1195927
Change-Id: I1153ba6b00e979620af57dd9f58aa1c035ec4484
Fixed: chromium:1203606
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854750
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74276}
GCC 7.4 has problems with combining [[nodiscard]] with
__attribute__((visibility(""))). Disable as there's enough compilation
coverage for clang to find issues.
Bug: v8:11707
Change-Id: I9e61463c4d11dbc3b03d458e2810206fb93de108
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854737
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Santiago Aboy Solanes <solanes@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74262}
This CL factors out a CodeRange class out of MemoryAllocator.
When V8_COMPRESS_POINTERS_IN_SHARED_CAGE is defined, there is a single
CodeRange shared by all Isolates in the process. This also turns short
builtins back for both configurations of pointer compression. When
sharing a cage, there is a single copy of the re-embedded builtins.
Since a shared pointer cage is still experimental, to avoid API churn
this CodeRange's size is not configurable and is always the maximal size
depending on the underlying platform.
Change-Id: Ie94f52746f2c5450247a999cc6071e3914d4cf0c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2819206
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74261}
With top-level await enabled by default, the behavior of
v8::Module::Evaluate is changed to always return a Promise, and should
be documented.
No-try: true
Change-Id: I8bf41a18d8d98befecd62d6423ab37fdbaac3aad
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2854874
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74238}
This CL makes the object passed as argument to IsLeafTemplateForApiObject
be received as a handle instead of a raw C++ pointer. From the codegen
point of view, the memory representation is the same, so this doesn't
change its semantics.
Bug: chromium:1052746
Change-Id: Ibc116aa4d577ba95f30d1014f15f34ef3fbb1a35
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2851884
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74220}
`exectionContextId` parameter in Runtime.addBinding is not working
correctly and does not have a practical use case. Therefore,
deprecating it in favour of the `executionContextName` parameter that
better serves the purpose of exposing bindings to isolated worlds. We
expect most users to be able to migrate to `executionContextName`.
Bug: chromium:1169639
Change-Id: Ic37cefa6a62501c7e903923f1f9c0da7e51326c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844652
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74137}
Untangles the non-tracing GC optimization (Scavenger) that allows for
dropping objects that are only reachable from certain API references
from EmbedderHeapTracer. Instead, allow setting it on Isolate.
This allows for using the optimization when using cppgc.
Chromium-side: https://crrev.com/c/2844587
Bug: chromium:1056170
Change-Id: I20f28dd84c808872c7f9559c8c168e828794dd1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2844657
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74135}
As we can still intend to run the web-exposed profiler outside of an
origin-isolated environment, add support back for filtering by
v8::Context.
This reverts commit 05af368100.
Bug: chromium:956688
Change-Id: Idd98bea3213b5963f689a04de6c3743073efc587
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2785806
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#74112}
This CL extracts CommandLineAPIScope from V8Console and exposes it
as V8CommandLineAPIScope. Also, it exposes V8InspectorSession::createCommandLineAPI.
These changes will be used by InspectorPageAgent to install command
line APIs when evaluating scripts added using CDP's command
Page.addScriptToEvaluateOnNewDocument.
Chromium CL: https://crrev.com/c/2835786
Doc: https://docs.google.com/document/d/1zGG7-NZMb-aOfFfHf1u4VsP4C-lZettopCvYDC6pkBw/
Bug: chromium:1200705
Change-Id: I39b27f957cfb6d682ea84e385eaf25d09d261b58
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835712
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74096}
This is a reland of d5457f5fb7
after a speculative revert.
Additionally it fixes an issue with throwing promise hooks.
Original change's description:
> [api] JSFunction PromiseHook for v8::Context
>
> This will enable Node.js to get much better performance from async_hooks
> as currently PromiseHook delegates to C++ for the hook function and then
> Node.js delegates it right back to JavaScript, introducing several
> unnecessary barrier hops in code that gets called very, very frequently
> in modern, promise-heavy applications.
>
> This API mirrors the form of the original C++ function based PromiseHook
> API, however it is intentionally separate to allow it to use JSFunctions
> triggered within generated code to, as much as possible, avoid entering
> runtime functions entirely.
>
> Because PromiseHook has internal use also, beyond just the Node.js use,
> I have opted to leave the existing API intact and keep this separate to
> avoid conflicting with any possible behaviour expectations of other API
> users.
>
> The design ideas for this new API stemmed from discussion with some V8
> team members at a previous Node.js Diagnostics Summit hosted by Google
> in Munich, and the relevant documentation of the discussion can be found
> here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e
>
> A summary of the reasons for why this new design is important can be
> found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing
>
> Bug: v8:11025
> Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73858}
Bug: v8:11025
Bug: chromium:1197475
Change-Id: I73a71e97d9c3dff89a2b092c3fe4adff81ede8ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2823917
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74071}
This is a reland of 6124a534b2
It fixes a UAF issue in the d8 test by moving the test API object
constructor to PerIsolateData. It also fixes a crash in Chromium
caused by current usage of v8::ApiObject, which should be migrated
to v8::Value*.
Original change's description:
> [fastcall] Add support for leaf interface type checks
>
> This CL adds an IsTemplateForApiObject method to FunctionTemplate
> allowing the embedder to check whether a given API object was
> instantiated by this template without including parent templates
> in the search. It also replaces the v8::ApiObject in the fast API
> with a raw v8::Value pointer to allow use of standard C++ casts.
>
> Bug: chromium:1052746
> Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73999}
Bug: chromium:1052746, chromium:1199900
Change-Id: I4b7f0c9e9152919dde4a1d0c48fbf5ac8c5b13d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2835711
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74064}
This is a reland of c83c9590ba
Changes since revert: nothing, issue was crbug.com/v8/11666
Original change's description:
> [ic] Add a new MegaDOM IC
>
> This patch implements the MegaDOM IC setup and access. A new MegaDOM
> IC state indicates that we've seen only DOM accessors at this access
> site.
>
> This CL only adds support for DOM getters in LoadIC, other kinds of
> access will be added in follow on CLs.
>
> Still remaining TODO before shipping:
> 1. Have a mechanism to invalidate the protector
> 2. Have a mechanism to find the accessors that aren't overloaded
> 3. Use a new builtin to miss to runtime on access check failure
>
> Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
> Bug: v8:11321
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73733}
Bug: v8:11321
Change-Id: I2bec54465542b5b40c42adb6eb12b6ce72cce5bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794439
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74056}
This reverts commit 6124a534b2.
Reason for revert: On suspicion of blocking V8 roll: https://ci.chromium.org/ui/p/chromium/builders/try/win10_chromium_x64_rel_ng/839568/overview
Original change's description:
> [fastcall] Add support for leaf interface type checks
>
> This CL adds an IsTemplateForApiObject method to FunctionTemplate
> allowing the embedder to check whether a given API object was
> instantiated by this template without including parent templates
> in the search. It also replaces the v8::ApiObject in the fast API
> with a raw v8::Value pointer to allow use of standard C++ casts.
>
> Bug: chromium:1052746
> Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73999}
Bug: chromium:1052746
Change-Id: Ic99ec616310f0f75800c3dad393b5d2d685b76ab
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2829988
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#74016}
This CL adds an IsTemplateForApiObject method to FunctionTemplate
allowing the embedder to check whether a given API object was
instantiated by this template without including parent templates
in the search. It also replaces the v8::ApiObject in the fast API
with a raw v8::Value pointer to allow use of standard C++ casts.
Bug: chromium:1052746
Change-Id: I0812ec8b4daaa5f5005aabf10b63e1e84e0b8f03
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2595310
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73999}
- represent smis as fake heap numbers
- numbers nodes (both smi and heap numbers) reference a child node whose
name is "value" and whose entry is the string representation of that
number
That feature is disabled by default, and can be enabled by passing
captureNumericValue: true when calling HeapProfiler.takeHeapSnapshot
This patch slightly refactors some functions that operate on "essential
objects". We now check that the object is essential before trying to
create the entry. Otherwise, we would end up with smi objects created,
but not referenced anywhere.
Design doc:
https://docs.google.com/document/d/1Qh1zxyn0SS5wzJzitD6ecBJTdFbQkJogSMwxDRsn44o/edit
Change-Id: Ibbe6e79a54c4f9eace72bc0a0ccb622a97698e00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806747
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Arnaud Renevier <arenevier@fb.com>
Cr-Commit-Position: refs/heads/master@{#73985}
https://crrev.com/c/2817958 is going to support artificial
calls of NoAllocDirectCall for a testing purpose, and this
new API will be used there.
Change-Id: If47ba080eede96e91ba60b89ff502dd3d3e34b93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2822188
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Yuki Shiino <yukishiino@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73945}
The method was scheduled for removal in M92, as finaly part of the
fn.displayName support removal.
Fixed: chromium:1177685
Doc: https://bit.ly/devtools-function-displayName-removal
Change-Id: I243dd6c9849a6f39e76dd003300b639bfd8df604
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2821954
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73930}
With a shared cage, there's no easy way to recover an Isolate from a
heap pointer. Symbol::Description relies on RO symbols' description slot
being uncompressed so a Handle could point to it. This isn't possible
with a shared cage without going through TLS to get an Isolate for
Handle construction, so deprecate the method in favor of one that takes
an Isolate directly.
Bug: v8:11460
Change-Id: I69b2b7d77f4c00d0f58954cd80e22cba5ff222e3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802860
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73924}
The pointer compression cage is the virtual memory reservation
that all compressed pointers fall within. This CL splits pointer
compression into two modes: a per-Isolate cage and a shared cage
among multiple Isolates.
When multiple Isolates are sharing a cage, they can decompress
each others' pointers and share the same virtual memory range.
Bug: v8:11460
Change-Id: I7b89b7413b8e7ca6b8b6faafd083dc387542a8b4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783674
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73916}
This CL adds features to pack/unpack map words.
Currently V8 cannot store extra metadata in object headers -- because V8
objects do not have a proper header, but only a map pointer at the start
of the object. To store per-object metadata like marking data, a side
table is required as the per-object metadata storage.
This CL enables V8 to use higher unused bits in a 64-bit map word as
per-object metadata storage. Map pointer stores come with an extra step
to encode the metadata into the pointer (we call it "map packing").
Map pointer loads will also remove the metadata bits as well (we call it
"map packing").
Since the map word is no longer a valid pointer after packing, we also
change the tag of the packed map word to make it looks like a Smi. This
helps various GC and barrier code to correctly skip them instead of
blindly dereferencing this invalid pointer.
A ninja flag `v8_enable_map_packing` is provided to turn this
map-packing feature on and off. It is disabled by default.
* Only works on x64 platform, with `v8_enable_pointer_compression`
set to `false`
Bug: v8:11624
Change-Id: Ia2bdf79553945e5fc0b0874c87803d2cc733e073
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2247561
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73915}
This reverts commit dcdaf42fa8.
Reason for revert: This has problems on mac-arm64:
https://ci.chromium.org/p/v8/builders/ci/V8%20Mac%20-%20arm64%20-%20release/3591
Original change's description:
> [wasm] Add CPU time metrics
>
> This adds CPU time metrics to the WasmModuleDecoded (except for streaming),
> WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
> to provide this information as UKMs or UMAs.
>
> Bug: v8:11611
> Change-Id: I36818f5efbdcae2d3ed6f27c16db21f9d8440d98
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796952
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73882}
Bug: v8:11611
Change-Id: I1c82c3e4f19b3a486538fd62665669f6c5b98438
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2818380
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73884}
This adds CPU time metrics to the WasmModuleDecoded (except for streaming),
WasmModuleCompiled and WasmModuleTieredUp events. This can later be used
to provide this information as UKMs or UMAs.
Bug: v8:11611
Change-Id: I36818f5efbdcae2d3ed6f27c16db21f9d8440d98
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2796952
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73882}
This reverts commit d5457f5fb7.
Reason for revert:
https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/32999
Original change's description:
> [api] JSFunction PromiseHook for v8::Context
>
> This will enable Node.js to get much better performance from async_hooks
> as currently PromiseHook delegates to C++ for the hook function and then
> Node.js delegates it right back to JavaScript, introducing several
> unnecessary barrier hops in code that gets called very, very frequently
> in modern, promise-heavy applications.
>
> This API mirrors the form of the original C++ function based PromiseHook
> API, however it is intentionally separate to allow it to use JSFunctions
> triggered within generated code to, as much as possible, avoid entering
> runtime functions entirely.
>
> Because PromiseHook has internal use also, beyond just the Node.js use,
> I have opted to leave the existing API intact and keep this separate to
> avoid conflicting with any possible behaviour expectations of other API
> users.
>
> The design ideas for this new API stemmed from discussion with some V8
> team members at a previous Node.js Diagnostics Summit hosted by Google
> in Munich, and the relevant documentation of the discussion can be found
> here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e
>
> A summary of the reasons for why this new design is important can be
> found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing
>
> Bug: v8:11025
> Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
> Reviewed-by: Marja Hölttä <marja@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73858}
Bug: v8:11025
Change-Id: Ie7345c4505f39c973f9f0dbca745b591cff63f3f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2814740
Auto-Submit: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73862}
This will enable Node.js to get much better performance from async_hooks
as currently PromiseHook delegates to C++ for the hook function and then
Node.js delegates it right back to JavaScript, introducing several
unnecessary barrier hops in code that gets called very, very frequently
in modern, promise-heavy applications.
This API mirrors the form of the original C++ function based PromiseHook
API, however it is intentionally separate to allow it to use JSFunctions
triggered within generated code to, as much as possible, avoid entering
runtime functions entirely.
Because PromiseHook has internal use also, beyond just the Node.js use,
I have opted to leave the existing API intact and keep this separate to
avoid conflicting with any possible behaviour expectations of other API
users.
The design ideas for this new API stemmed from discussion with some V8
team members at a previous Node.js Diagnostics Summit hosted by Google
in Munich, and the relevant documentation of the discussion can be found
here: https://docs.google.com/document/d/1g8OrG5lMIUhRn1zbkutgY83MiTSMx-0NHDs8Bf-nXxM/edit#heading=h.w1bavzz80l1e
A summary of the reasons for why this new design is important can be
found here: https://docs.google.com/document/d/1vtgoT4_kjgOr-Bl605HR2T6_SC-C8uWzYaOPDK5pmRo/edit?usp=sharing
Bug: v8:11025
Change-Id: I0b403b00c37d3020b5af07b654b860659d3a7697
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759188
Reviewed-by: Marja Hölttä <marja@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73858}
The only valid way to define a GCed type T is by inheriting from
GarbageCollected<T>. Since this is prone to typos (see tests), add a
simple check that covers most interesting use cases.
The static assert covers
A -> B -> GarbageCollected<C>
The static assert does not cover
A -> B -> C -> GarbageCollected<B>
(In order to do so, we would need __direct_bases() support which is
not yet available for C++.)
Bug: pdfium:1670, chromium:1056170
Change-Id: I494de48992f8ba9a1f0f9daad60584d828717403
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810415
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73854}
This CL completes Jobs cleanup for deprecated and pure virtual functions in
v8 platform.
Bug: chromium:1196703
Change-Id: I823ab06b56077181e92eee5a6468096a355634fc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2810155
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73839}
These are used by v8_wrapper/heap_test_utilities.* in Blink.
See crrev.com/c/2787126 for usage.
Bug: chromium:1056170
Change-Id: I329b1823f2ac21181a3536577ed72bee3d591347
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2786842
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73805}
This is a reland of 9eba2d85f4.
The reland fixes a global state variable which was incompatible
with the --isolate flag in d8, which runs the same script in a
different isolate.
Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}
Bug: chromium:1052746
Change-Id: I33b265b97bf7c797eee7d4cce5066999358a8c66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2790174
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73801}
This is a reland of e28dadc207
The original failure was due to a stale Win32 bot. The reland failure
was due to idempotent task deduplication returning the exact same
failure. See crbug/1196064
Original change's description:
> [ptr-cage] Rename IsolateRoot to PtrComprCageBase
>
> Currently, IsolateRoot is both the address of the Isolate root and the
> base address of the pointer compression reservation. This CL teases the
> two uses apart by renaming IsolateRoot to PtrComprCageBase.
>
> - In addition to V8_COMPRESS_POINTERS, add a
> V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE (vs SHARED_CAGE).
>
> - Rename GetIsolate* helpers to GetPtrComprCageBase. When
> V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE is true, the helpers remain as
> aliases to GetPtrComprCageBase.
>
> - Rename kPtrComprIsolateRootAlignment to kPtrComprCageBaseAlignment.
>
> Bug: v8:11460
> Change-Id: I1d715f678ce9a0b5731895612ca14f56579b1c48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783672
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Auto-Submit: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73790}
Bug: v8:11460
No-Try: true
Tbr: ishell@chromium.org
Tbr: rmcilroy@chromium.org
Change-Id: Id69311cf3267ebe1297fff159de0be48b15b65a3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806546
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73795}
This reverts commit 15c78b45a6.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win32/32277/overview
Original change's description:
> Reland "[ptr-cage] Rename IsolateRoot to PtrComprCageBase"
>
> This is a reland of e28dadc207
>
> Relanding to see if Win32 rel failures from
> https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win32/32275/overview
> were infra flakes. Could not repro on try bots.
>
> Original change's description:
> > [ptr-cage] Rename IsolateRoot to PtrComprCageBase
> >
> > Currently, IsolateRoot is both the address of the Isolate root and the
> > base address of the pointer compression reservation. This CL teases the
> > two uses apart by renaming IsolateRoot to PtrComprCageBase.
> >
> > - In addition to V8_COMPRESS_POINTERS, add a
> > V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE (vs SHARED_CAGE).
> >
> > - Rename GetIsolate* helpers to GetPtrComprCageBase. When
> > V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE is true, the helpers remain as
> > aliases to GetPtrComprCageBase.
> >
> > - Rename kPtrComprIsolateRootAlignment to kPtrComprCageBaseAlignment.
> >
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783672
> > Reviewed-by: Igor Sheludko <ishell@chromium.org>
> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
>
> No-Try: true
> Bug: v8:11460
> Tbr: ishell@chromium.org
> Tbr: rmcilroy@chromium.org
> Change-Id: I0a8c3a48999d6737c8c64d2c2703607f14f3fdd0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806169
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73792}
Bug: v8:11460
Change-Id: Ifee92d622c43a91c15f45ef94ff739237bd2024b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806545
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73793}
This is a reland of e28dadc207
Relanding to see if Win32 rel failures from
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win32/32275/overview
were infra flakes. Could not repro on try bots.
Original change's description:
> [ptr-cage] Rename IsolateRoot to PtrComprCageBase
>
> Currently, IsolateRoot is both the address of the Isolate root and the
> base address of the pointer compression reservation. This CL teases the
> two uses apart by renaming IsolateRoot to PtrComprCageBase.
>
> - In addition to V8_COMPRESS_POINTERS, add a
> V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE (vs SHARED_CAGE).
>
> - Rename GetIsolate* helpers to GetPtrComprCageBase. When
> V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE is true, the helpers remain as
> aliases to GetPtrComprCageBase.
>
> - Rename kPtrComprIsolateRootAlignment to kPtrComprCageBaseAlignment.
>
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783672
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
No-Try: true
Bug: v8:11460
Tbr: ishell@chromium.org
Tbr: rmcilroy@chromium.org
Change-Id: I0a8c3a48999d6737c8c64d2c2703607f14f3fdd0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806169
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73792}
This reverts commit e28dadc207.
Reason for revert: failed test262 tests;; see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win32/32275/steps?succeeded=true&debug=false
Original change's description:
> [ptr-cage] Rename IsolateRoot to PtrComprCageBase
>
> Currently, IsolateRoot is both the address of the Isolate root and the
> base address of the pointer compression reservation. This CL teases the
> two uses apart by renaming IsolateRoot to PtrComprCageBase.
>
> - In addition to V8_COMPRESS_POINTERS, add a
> V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE (vs SHARED_CAGE).
>
> - Rename GetIsolate* helpers to GetPtrComprCageBase. When
> V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE is true, the helpers remain as
> aliases to GetPtrComprCageBase.
>
> - Rename kPtrComprIsolateRootAlignment to kPtrComprCageBaseAlignment.
>
> Bug: v8:11460
> Change-Id: I1d715f678ce9a0b5731895612ca14f56579b1c48
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783672
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Auto-Submit: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73790}
Bug: v8:11460
Change-Id: I19d0e28194fcdb28e89f129a7694ca3fe29fa17a
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2806168
Auto-Submit: Francis McCabe <fgm@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73791}
Currently, IsolateRoot is both the address of the Isolate root and the
base address of the pointer compression reservation. This CL teases the
two uses apart by renaming IsolateRoot to PtrComprCageBase.
- In addition to V8_COMPRESS_POINTERS, add a
V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE (vs SHARED_CAGE).
- Rename GetIsolate* helpers to GetPtrComprCageBase. When
V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE is true, the helpers remain as
aliases to GetPtrComprCageBase.
- Rename kPtrComprIsolateRootAlignment to kPtrComprCageBaseAlignment.
Bug: v8:11460
Change-Id: I1d715f678ce9a0b5731895612ca14f56579b1c48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783672
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73790}
This reverts commit c83c9590ba.
Reason for revert: Speculatively reverting for a failure on Arm GC stress bot - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20GC%20Stress/b8851256837192083520/overview
Original change's description:
> [ic] Add a new MegaDOM IC
>
> This patch implements the MegaDOM IC setup and access. A new MegaDOM
> IC state indicates that we've seen only DOM accessors at this access
> site.
>
> This CL only adds support for DOM getters in LoadIC, other kinds of
> access will be added in follow on CLs.
>
> Still remaining TODO before shipping:
> 1. Have a mechanism to invalidate the protector
> 2. Have a mechanism to find the accessors that aren't overloaded
> 3. Use a new builtin to miss to runtime on access check failure
>
> Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
> Bug: v8:11321
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dan Elphick <delphick@chromium.org>
> Reviewed-by: Mythri Alle <mythria@chromium.org>
> Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73733}
Bug: v8:11321
Change-Id: Ib6a55796f2a3c345d4923f9eaa215a6ff55ed15b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2794437
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73734}
This patch implements the MegaDOM IC setup and access. A new MegaDOM
IC state indicates that we've seen only DOM accessors at this access
site.
This CL only adds support for DOM getters in LoadIC, other kinds of
access will be added in follow on CLs.
Still remaining TODO before shipping:
1. Have a mechanism to invalidate the protector
2. Have a mechanism to find the accessors that aren't overloaded
3. Use a new builtin to miss to runtime on access check failure
Change-Id: Ie12efe5e9fa284f023043b996d61e7d74e710ee2
Bug: v8:11321
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2618239
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Reviewed-by: Mythri Alle <mythria@chromium.org>
Commit-Queue: Sathya Gunasekaran <gsathya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73733}
This reverts commit 9eba2d85f4.
Reason for revert: TSAN failures https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/14265/overview
Original change's description:
> [fastcall] Add fast API testing facilities to d8
>
> This CL provides the minimum necessary functionality to expose fast API
> for testing in mjsunit, exposing the fast path for fuzzing. It exposes
> a d8.test.fast_c_api with an `add_all` method, which exercises primitive
> types. On x64, all integer and floating point types are supported. On
> other platforms currently only 32-bit integers are included in the test.
>
> Design doc:
> https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
>
> Bug: chromium:1052746
> Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Georg Neis <neis@chromium.org>
> Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73670}
Bug: chromium:1052746
Change-Id: Iaf5083540ddfe882a747eaa9d1d2a2a8b4ba0ec0
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2787081
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73673}
This CL provides the minimum necessary functionality to expose fast API
for testing in mjsunit, exposing the fast path for fuzzing. It exposes
a d8.test.fast_c_api with an `add_all` method, which exercises primitive
types. On x64, all integer and floating point types are supported. On
other platforms currently only 32-bit integers are included in the test.
Design doc:
https://docs.google.com/document/d/1KUKPfXkSRZTA2gMwaWbpQKlYfw0C-T6AE3XzC4viHbo/
Bug: chromium:1052746
Change-Id: Icc824199a26dd2abd2b869f5483a39d38e4dce3e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2749154
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73670}
Origin trials allow webpages to use experimental features even though
the features are not yet enabled by default. These features will then
get enabled per execution context: it is possible that the feature is
enabled in one execution context but disabled in another execution
context. In V8 we check for origin trials by calling a callback provided
by the embedder that takes the context as a parameter and returns
whether a feature is enabled in this context or not.
This approach fails when a feature changes the context itself, e.g. by
extending the global object. In that case the context is not available
yet to check for the origin trial.
To solve the problem this CL adds a new API function that can be called
by the embedder to notify V8 that context with the origin trial
information is finished. After that V8 can read the origin trial
information from the context and extend e.g. the global object with the
origin trial features.
Additionally to the API this CL also adds code to enable the
WebAssembly.Exception constructor conditionally, depending on whether
it has been enabled by an origin trial or not.
The Blink-side change: https://crrev.com/c/2775573R=ulan@chromium.org, jkummerow@chromium.org
Change-Id: Ic05c4a89eb3e0e31469e49da8767d630c43b2e00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2773287
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73597}
Refactor SpacePolicy on a non-templated class to avoid the situation
of having MakeGarbageCollectedTraitBase<T>::SpacePolicy<U> refer to
different T and U which make it hard for the compiler to alias
anything.
Bug: chromium:1056170
Change-Id: I78eb0362d43403ad2712bcb65746eeb9f6ad44fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2769338
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73494}
This is a reland of d76064df4f
Original change's description:
> cppgc: Rework GC info creation
>
> Previously, GCInfoTrait relied on the non-trivial constructor of a
> static object for registering a new GCInfo object. The generated code
> is required to be thread-safe which is achieved by introducing guard
> variables in the compiler.
>
> The new version is similar to Blink in that it relies on zero
> initialization of a trivially constructible atomic.
>
> Compared to guard variables that are created per GCInfo registration,
> the atomic creates less bloat (~20bytes/type) and also results in a
> better fast path.
>
> Minimum example: https://godbolt.org/z/qrdTf8
>
> Bug: chromium:1056170
> Change-Id: I95efbbf035b655d0440c9477f5391e310e2b71fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764750
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73463}
Bug: chromium:1056170
Change-Id: I01e60beabc1d279d352361657f408f113aac768e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767021
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73471}
This reverts commit d76064df4f.
Reason for revert: Breaking MSAN - https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/37390/overview
Original change's description:
> cppgc: Rework GC info creation
>
> Previously, GCInfoTrait relied on the non-trivial constructor of a
> static object for registering a new GCInfo object. The generated code
> is required to be thread-safe which is achieved by introducing guard
> variables in the compiler.
>
> The new version is similar to Blink in that it relies on zero
> initialization of a trivially constructible atomic.
>
> Compared to guard variables that are created per GCInfo registration,
> the atomic creates less bloat (~20bytes/type) and also results in a
> better fast path.
>
> Minimum example: https://godbolt.org/z/qrdTf8
>
> Bug: chromium:1056170
> Change-Id: I95efbbf035b655d0440c9477f5391e310e2b71fa
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764750
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73463}
Bug: chromium:1056170
Change-Id: I71960103513d6db7789d752b70727d014c2e6406
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2767020
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/master@{#73466}
Previously, GCInfoTrait relied on the non-trivial constructor of a
static object for registering a new GCInfo object. The generated code
is required to be thread-safe which is achieved by introducing guard
variables in the compiler.
The new version is similar to Blink in that it relies on zero
initialization of a trivially constructible atomic.
Compared to guard variables that are created per GCInfo registration,
the atomic creates less bloat (~20bytes/type) and also results in a
better fast path.
Minimum example: https://godbolt.org/z/qrdTf8
Bug: chromium:1056170
Change-Id: I95efbbf035b655d0440c9477f5391e310e2b71fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764750
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73463}
Using RW to update code perturbs SMC snooping on some CPUs.
This reland fixes Apple Silicon and jitless by forcing the flag off.
Change-Id: Ie2cc2e4fac333cad24a129e59cbcb6b13590d6d8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2759515
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73425}
Add a V8 API to update load start time for RAIL PERFORMANCE_LOAD mode
Bug: v8:10947
Change-Id: If86a815f8974b47a6f4ba82c3661c21b73f39553
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2423403
Auto-Submit: Hong Zheng <hong.zheng@intel.com>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73393}
Adds GCInfo folding that delegates GCInfo requests to the
parent-most object if finalizer semantics match.
Folding is disabled for builds that want exact object names
as those names are also managed through GCInfo objects.
Bug: chromium:1056170
Change-Id: I783aad930587853741da533d0b9b56ba160d0596
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2748588
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73339}
Resize() is not similar to realloc() in that it allocates a new object
when passed a nullptr object.
Avoid corner cases around Resize(nullptr, size) where size may be
problematic if non-null by just requiring a valid object. The caller
can perform the necesary nullptr check.
Bug: chromium:1056170
Change-Id: Ic05972ae67c2968fc3eb002a6302b44e56b41ab4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2752147
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73336}
Resize() may be used to adjust additional trailing bytes of an object.
It is up to the embedder to ensure correctness in case of shrinking.
Bug: chromium:1056170
Change-Id: I954df6c7440b77275cd62e4b802e8f5d39c06f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739652
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73277}
This CL adds missing locks to the PersistentRegions for
(Weak)CrossThreadPersistents.
To make sure no locks are missed in the future, this CL also splits
PersistentRegion and introduces CrossThreadPersistentRegion that checks
whether a lock is taken whenever it is accessed.
Bug: chromium:1056170
Change-Id: Iaaef4a28af0f02bcb896706e9abf1ee5ad2ee1e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737299
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73264}
Add an explicit FreeUnreferencedObject() call that can be used to
reclaim objects that are guaranteed to not be referenced anymore
by the embedder. It is up to the embedder to ensure correctness.
Change-Id: I7f2d86d9639e8b805f79a8fd0a346903f63171e5
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2737301
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73262}
This missing include prevents v8-fast-api-calls.h from being included in
some places in blink code.
BUG=chromium:1181349
Change-Id: Ib0678c9a380b702319bd1717fac48bdc64c9b394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2724929
Auto-Submit: Justin Novosad <junov@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73197}
Handles are notorious for preventing compiler optimizations. We should
avoid them for simple const functions.
- Mark more API functions const
- Mark more String functions const
Bug: v8:11195, chromium:808503, v8:11263
Change-Id: I9940e85600bc7d19027039d807b3313e2dcccdc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2575065
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73159}
These simplify production of extra information in stack traces or
dereferencing source maps in processing stack traces. While these
can be managed externally, this can be very complicated in
environments where scripts come from many different sources,
possibly not even under embedder control. Since V8 already has
easy access to this information, it's nice to share it with
embedders.
Bug: v8:11509
Change-Id: Ic5a1685adf4cdf456bdf7191ce815f728cf491e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2724571
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73148}
After deprecation and removal of the old misleading API we re-add
v8::String::IsExternal which returns true for both, external one-byte and
external two-byte strings.
Bug: v8:10641
Change-Id: I4c66d4df891f7180c7a727a45c1fbd254a7f5c02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2726512
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73137}
Add a Utf16CharacterStream for windows-1252, which uses a table to
covert from windows-1252 to the appropriate uc16 character. This fixes
issues where windows-1252 encoded source was treated like latin-1.
This introduces a new encoding type in the API, so embedders will have
to opt-in to using this new stream.
Fixed: v8:9315
Change-Id: I2e847c2d4f1727281f6be24b4743d77bb232a62d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2729338
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73134}
This is a reland of eb4536797e
Original change's description:
> cppgc: Rework testing GC infrastructure
>
> Instead of moving the stand-alone logic to the base heap, allows
> specific heaps to override their stand-alone GC behavior. This allows
> CppHeap to reuse the unified heap bottlenecks and visitors for
> testing. This works as long as any v8 references are empty as there is
> no Isolate attached to the heap in this case.
>
> - Reverts parts of https://crrev.com/c/2716291
> - Relands parts of https://crrev.com/c/2718146
>
> In addition, add tests covering v8::CppHeap and cppgc::Heap.
>
> Bug: chromium:1056170
> Change-Id: I47dc88c7f0e4961a1aadd60da9b05bff4dcfb27a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718612
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73077}
Bug: chromium:1056170
Change-Id: I415c837a7cf275c636172485dc4101c237a7d76b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2723253
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73081}
This reverts commit eb4536797e.
Reason for revert: Breaks MSAN: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20MSAN/37053
Original change's description:
> cppgc: Rework testing GC infrastructure
>
> Instead of moving the stand-alone logic to the base heap, allows
> specific heaps to override their stand-alone GC behavior. This allows
> CppHeap to reuse the unified heap bottlenecks and visitors for
> testing. This works as long as any v8 references are empty as there is
> no Isolate attached to the heap in this case.
>
> - Reverts parts of https://crrev.com/c/2716291
> - Relands parts of https://crrev.com/c/2718146
>
> In addition, add tests covering v8::CppHeap and cppgc::Heap.
>
> Bug: chromium:1056170
> Change-Id: I47dc88c7f0e4961a1aadd60da9b05bff4dcfb27a
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718612
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73077}
Bug: chromium:1056170
Change-Id: Ieda44c07d08f837a6632f96b8db6d5bec87dd521
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2723216
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73078}
Instead of moving the stand-alone logic to the base heap, allows
specific heaps to override their stand-alone GC behavior. This allows
CppHeap to reuse the unified heap bottlenecks and visitors for
testing. This works as long as any v8 references are empty as there is
no Isolate attached to the heap in this case.
- Reverts parts of https://crrev.com/c/2716291
- Relands parts of https://crrev.com/c/2718146
In addition, add tests covering v8::CppHeap and cppgc::Heap.
Bug: chromium:1056170
Change-Id: I47dc88c7f0e4961a1aadd60da9b05bff4dcfb27a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718612
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73077}
This was causing DevTools to crush whenever I took a heap snapshot.
Bug: chromium:1056170
Change-Id: Ice7b3039c21a3f902f242299939e92ba0e393c9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720307
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73065}
This CL adds WasConservativeGC to HeapState which reports whether the
last GC was finalized conservatively. The state is updated at the end of
marking atomic pause.
Currently the library integration in Blink ignores the stack state when
scheduling a forced GC for testing. That means that we always schedule
another GC after a forced GC.
This causes a crash in web_tests which assume no GC is happening
between forced GCs if the thread is not idle and no new allocations
happen.
Usage CL: https://crrev.com/c/2720201
Drive by: Fix stack state for MarkingVerifier in CppHeap.
Bug: chromium:1056170
Change-Id: I6ad23ed7c1a53fae96425b968bc4b3eb18ce80b7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2720279
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73064}
Change-Id: I0005fe0ed7b9f00fd074161d355da430b85675ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2714703
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73052}
This reverts commit ea818f0733.
Reason for revert: Test failure in Linux64 UBSan https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/15251/overview
Original change's description:
> cppgc: Fix testing APIs that enable garbage collection
>
> The APIs require that the CppHeap is moved into a permanently detached
> state that moves the heap out of a no-gc scope.
>
> Bug: chromium:1056170
> Change-Id: I1fc08451b3fdfaa4cfe58e6a1ddbe5dbed7efe5c
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718146
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#73025}
Bug: chromium:1056170
Change-Id: Id00cb18274cbe7d255e7e95bd9e8e4dbc4b0c6e7
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718658
Auto-Submit: Zhi An Ng <zhin@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Francis McCabe <fgm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73029}
The APIs require that the CppHeap is moved into a permanently detached
state that moves the heap out of a no-gc scope.
Bug: chromium:1056170
Change-Id: I1fc08451b3fdfaa4cfe58e6a1ddbe5dbed7efe5c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718146
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73025}
- Add a CFunctionBuilder interface to allow adding modifier flags
to argument types. This will be used to support IDL attributes
like [EnforceRange], [Clamp], and [AllowShared]. This CL adds
only the interface, but the actual modifier flags do not exist
yet as they would not be implemented.
- Remove the internals of the old CFunction type inference and
implement it on top of CFunctionBuilder.
Bug: chromium:1052746
Change-Id: I09a7cba07105097517a8426a8eeb891393883ac6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686686
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Austin Eng <enga@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73024}
Two threads might get the same PersistentNode because the
BasicCrossThreadPersistent ctor wasn't taking a lock. Then if one thread
frees the node and the other initalizes it or updates its owner, we get
some random object in our free list of PersistentNodes.
I debug a crash in Assign(Unsafe) and Clear where the PersistentNode
seemed to be allocated on stack. Empirically, adding this guard resolved
it. I can't confirm in the code that the scenario above is what was
happening.
Drive-by: adding a few DCHECKs.
Bug: chromium:1056170
Change-Id: I37d8ed5bb942a124c98d7524b7f04fe8ccb2aefd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2718144
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73023}
Assert that the lock is help whenever AssignUnsafe is called.
LazyMutex::AssertHeld resolves to a DCHECK so this should not
regress production performance (other than the call itself
that might not be inlined).
Bug: chromium:1056170
Change-Id: Ic2005d180e6960c24dff7743aa3e0d5e57a63d80
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2716286
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73000}
This is a reland of ed225df70c
Reland changes: removed #if DEBUG from v8.h since it had compile errors
in chromium + windows. Also wasn't needed anyway since the method it was
calling was just a DCHECK.
Original change's description:
> [objects] Cache the ExternalString's data in its resource
>
> For external uncached strings (also called "Small External Strings")
> with cacheable resources, we can cache its resource's data at the
> string's creation time. This allows us to safely read the data from the
> background as we wouldn't trigger a data() callback.
>
> For more information regarding the investigation and possible proposals
> see
> https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing
>
> Bug: v8:7790, v8:11463
> Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72862}
Bug: v8:7790
Bug: v8:11463
Change-Id: I7c8a54c814b92c8632fb0bcf5a33f57fec159443
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2710440
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72956}
This reverts commit ed225df70c.
Reason for revert: Blocks the roll, causing compile failures in Chromium:
https://ci.chromium.org/p/chromium/builders/try/win_chromium_compile_dbg_ng/800868?
Original change's description:
> [objects] Cache the ExternalString's data in its resource
>
> For external uncached strings (also called "Small External Strings")
> with cacheable resources, we can cache its resource's data at the
> string's creation time. This allows us to safely read the data from the
> background as we wouldn't trigger a data() callback.
>
> For more information regarding the investigation and possible proposals
> see
> https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing
>
> Bug: v8:7790, v8:11463
> Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
> Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
> Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
> Reviewed-by: Leszek Swirski <leszeks@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#72862}
Bug: v8:7790
Bug: v8:11463
Change-Id: I1d14c2f9872d156d43d5d95c8a032a37ba9379cb
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2708824
Auto-Submit: Bill Budge <bbudge@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Bill Budge <bbudge@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72880}
For external uncached strings (also called "Small External Strings")
with cacheable resources, we can cache its resource's data at the
string's creation time. This allows us to safely read the data from the
background as we wouldn't trigger a data() callback.
For more information regarding the investigation and possible proposals
see
https://docs.google.com/document/d/101eAQqFpBPWFGNJicxtdlwYShJkTOUsEuxkVVeu5Hrk/edit?usp=sharing
Bug: v8:7790, v8:11463
Change-Id: I6164092b01a6ccb525a9516f476e066b35fb1f96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2685177
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72862}
- Remove unused type inference paths which will be replaced
with more explicit structs.
- Removes the tagged pointer from CTypeInfo since the embedder
will perform the type check for API objects.
Bug: chromium:1052746
Change-Id: I47a5f5ae35b06845b01b68cb089c67f76a7fb05e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2686685
Commit-Queue: Austin Eng <enga@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72848}
