The slow paths of the Array.prototype methods in the
change-Array-by-copy proposal don't need to be inlined as macros. Make
them builtins where possible.
This CL also driveby fixes the fast path for toSpliced to only apply
when the returned copy's length is <= kMaxFastArrayLength.
Bug: v8:13035
Change-Id: I4034d5d40d7db14d86b33a6f1047e1b17781321a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830287
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82465}
Bug: v8:12781
Change-Id: I759024fb18ee596ecb678e5b70c95235ea91e520
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827126
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82464}
Store the is_marking_flag_ in the IsolateData to improve the generated
code for the RecordWrite builtin. This allows to load the value of the
flag directly using the root register, instead of loading that flag's
address first using the root register and only then loading its value.
Bug: v8:11708
Change-Id: Id4076a7e519c5f8126e310771c0ccd958dc07278
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3780536
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82456}
This is a reland of commit a1b863c130
Original change's description:
> [heap] Introduce per-thread storage for concurrent sweeping
>
> Introduce ConcurrentSweeper as indirection between SweeperJob and
> Sweeper to hold per-thread state during sweeping.
> This will be used by MinorMC sweeping to hold the pretenuring feedback
> map.
>
> Bug: v8:12612
> Change-Id: Ib363339f9109b405e4cae7f2c08cb4f0eacff8d0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829466
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82442}
Bug: v8:12612
Change-Id: Ic475d0a8a6e9f9e8b5945bb8d28588db1d524510
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829480
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82454}
This is a reland of commit 924be6956f
Original change's description:
> [heap] Use PagedNewSpace when MinorMC is enabled
>
> This CL also introduces/updates DCHECKs that some methods are never
> reached with MinorMC (they may still be reached by full GC when MinorMC
> is disabled).
>
> Bug: v8:12612
> Change-Id: I8afb8c964bc5c44225a92d0f8d9ac5a4c0ecef75
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823130
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82439}
Bug: v8:12612
Change-Id: I64aa83d48fb48970ee45263356aaf1541e3d6bdc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827040
Commit-Queue: Adam Klein <adamk@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82448}
This reverts commit 924be6956f.
Reason for revert: speculative revert for TSAN failures:
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/8726/overview
Original change's description:
> [heap] Use PagedNewSpace when MinorMC is enabled
>
> This CL also introduces/updates DCHECKs that some methods are never
> reached with MinorMC (they may still be reached by full GC when MinorMC
> is disabled).
>
> Bug: v8:12612
> Change-Id: I8afb8c964bc5c44225a92d0f8d9ac5a4c0ecef75
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823130
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Omer Katz <omerkatz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82439}
Bug: v8:12612
Change-Id: I540f38fea17fbacffbd120dd050626d7d1ec32f3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827039
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82446}
This is a reland of commit cf765fc348
Original change's description:
> [Temporal] Use double instead of int32_t for input of BalanceTime
>
> To avoid overflow int32_t in the math of balancing time.
>
> Bug: v8:13182, v8:11544
> Change-Id: Ib76cf95bbd4f9b47efd6921a67b09d3024e72b13
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827310
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82409}
Bug: v8:13182, v8:11544
Change-Id: I7550b3a7186beed0e32e95a41cae87030d0c5a7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827671
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82445}
The capacity may be modified on one thread when growing the table while
being used in a DCHECK (to sanity-check a provided
ExternalPointerHandle) on another thread, resulting in TSan failures.
This CL turns these accesses into atomic accesses and adds a comment
explaining when the capacity value can be used reliably.
Bug: chromium:1352148
Change-Id: I0b86a47e16cfa14ff2d296e7e507e38a3fb5893c
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826244
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82444}
Introduce ConcurrentSweeper as indirection between SweeperJob and
Sweeper to hold per-thread state during sweeping.
This will be used by MinorMC sweeping to hold the pretenuring feedback
map.
Bug: v8:12612
Change-Id: Ib363339f9109b405e4cae7f2c08cb4f0eacff8d0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829466
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82442}
to get rid of the pattern
```
EnsureHash();
uint32_t field = raw_hash_field();
```
which requires an additional load and might be misleading in the
presence of forwarding indices for shared strings, as raw_hash_field()
can return a forwarding index, whereas EnsureRawHash() will always
return a computed hash value.
Bug: v8:12957
Change-Id: I33426fef433f774fb323d4381e784c1037fb6fbb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829469
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82441}
... to please mksnapshot which expects the new space to be empty.
Bug: v8:10470
Change-Id: I7d5b62db138ef2e334581a8697d137cd13291d7c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827877
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82440}
This CL also introduces/updates DCHECKs that some methods are never
reached with MinorMC (they may still be reached by full GC when MinorMC
is disabled).
Bug: v8:12612
Change-Id: I8afb8c964bc5c44225a92d0f8d9ac5a4c0ecef75
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823130
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82439}
This reverts commit a19316d9d7.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/22670/overview
Original change's description:
> [heap] Rework Worklist base type
>
> Worklist uses a singly-linked list of segments to hold entries.
> Segment size was based on a compile-time constant but already stored
> in the segment itself.
>
> Rework the segments to query `malloc_usable_size()` on allocation and
> adjust the capacity properly. For PartitionAlloc, it turns out that
> there's ~20% more capacity available for the 64-element segments.
>
> This slows down actual allocation of the segments with the upside of
> improving utilization and requiring 20% less segments.
>
> Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82432}
Change-Id: I14994e11ff5ffaba70b93d977d40dd2f6e9e5d35
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829474
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82438}
The existing version for paged spaces simply reset the freelist, which
doesn't work for tests that require actual objects in the space.
The version for new space also doesn't work because it assumes
everything after top is free space.
Fill the space with FixedArray by iterating over the freelist and
creating an object in place of each freelist entry.
This method actually fills the space, so that we can also use it to
force page promotion.
Bug: v8:12612
Change-Id: Ie0d73e846bbf688ea52030be29e0587b2f37ed4e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823135
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82437}
The WasmStringConcat builtin delegates all the work to yet another
builtin (StringAdd_CheckNone); so from optimized code we might as
well call the latter directly.
Bug: v8:12868
Change-Id: I3876ce1d6341befac5d49ba02c4af47637ad4ba3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823124
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82436}
The CL aims to check if PC is causing a Speedometer regression. The
previous reland was part of the roll that broke builtin PGOs, which
cause large Speedometer2 regression. Now we want to disable and then
reenable pointer compression on M1 just to make sure that there are no
performance regressions caused by PC.
Bug: chromium:1325007
Change-Id: I2442218322d3b045bc5518b03730f57aa2091ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827875
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82435}
When trying to understand why a given module fails to validate, it
can be helpful to disassemble it as far as possible until reaching
the erroneous byte(s).
Change-Id: I0056ba1a81b85a486c0446d15bbf54ccb2e8332e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827866
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82433}
Worklist uses a singly-linked list of segments to hold entries.
Segment size was based on a compile-time constant but already stored
in the segment itself.
Rework the segments to query `malloc_usable_size()` on allocation and
adjust the capacity properly. For PartitionAlloc, it turns out that
there's ~20% more capacity available for the 64-element segments.
This slows down actual allocation of the segments with the upside of
improving utilization and requiring 20% less segments.
Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82432}
This adds `extern.internalize(ref null extern): ref null any` to wasm
which unpacks the wrapped wasm object if the js-interop flag is not set.
I31 values are still wrapped in object wrappers and don't use SMIs.
Bug: v8:7748
Change-Id: Ie4a4507961d0ad41caf430054a3d341f474b8e66
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3819645
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82426}
This has been broken even prior to the any <-> extern split.
The code decided to use the generic wrapper for type any even though
the generic wrapper doesn't support wrapping the return value of functions
and unwrapping arguments passed to it.
Bug: v8:7748
Change-Id: I9dbb893cc4bc4f2bb789b3b3a9addd0208d526ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826056
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82424}
Instead of defining one global (FLAG_foo) per flag, define all flag
values as fields in a global {v8_flags} struct. This guarantees that the
memory is contiguous, and together with proper alignment allows us to
later memory-protect that memory space.
In order to avoid rewriting all existing code that uses the {FLAG_foo}
syntax, we define global aliases: {FLAG_foo} is a reference to
{v8_flags.foo}.
After the next branch cut (v10.6), follow-up CLs will rewrite all
existing code to use the {v8_flags.foo} syntax, and after another branch
cut (v10.7) the aliases will be removed.
This should allow us to merge back most fixes to the previous branch
(N-1). Merges to stable (N-2) might still require resolving merge
conflicts manually, if they modify code that reads flags.
R=cbruni@chromium.org
CC=sroettger@chromium.org
Bug: v8:12887
Change-Id: I8bc44429767f611484fe345d7268af1d55c98124
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3810187
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82423}
This reverts commit 01aed57e68.
Reason for revert: Might have caused some regressions, see https://crbug.com/1351991.
Original change's description:
> [heap] Add IncrementalMarking::AdvanceOnTask as new bottleneck
>
> Introduce common bottleneck for all incremental marking step
> invocations from a task context. This will later be used to move
> code out of IncrementalMarking::Step.
>
> Bug: v8:11708
> Change-Id: Iba2dc2402083f8b4152ded56eaf0e13d473442a8
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3822682
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82343}
Bug: v8:11708
Change-Id: I1ec74974d90b865baf223f9820f5bf346f113d86
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827865
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82422}