BACKGROUND_UNPARK and BACKGROUND_SAFEPOINT were introduced in
crrev.com/c/2704075 but the LAST_GENERAL_BACKGROUND_SCOPE was
not updated, so they were not tracked properly by GCTracer.
Bug: v8:12425
Change-Id: Ibbd7f5410088c45454b6e22af4e038e8ef0dd7fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650598
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80613}
In particular use the same "location" in any call site to make grouping
OOMs easier. Move the detail information into the new OOMDetails struct.
Since we cannot construct OOMDetails via "{.detail = ...}" yet (C++20),
we add another variants of FatalProcessOutOfMemory which receives the
detail string and internally stores it in an OOMDetails struct.
R=jkummerow@chromium.orgCC=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: Ie10cde8dd060867515fab4c61c15030f9c3ccff9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652298
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80612}
There is a DCHECK in the gin platform that {ShouldYield} is not called
again after it already returned {true}.
This CL adds a similar DCHECK to the default platform to catch bugs
earlier (in d8).
R=ahaas@chromium.org, mlippautz@chromium.org
Bug: chromium:1277962
Change-Id: I4dc9d880cf6d36e3e497c5324aaf44889fe7fcee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644801
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80611}
This is a follow-up CL to https://crrev.com/c/3623542.
When updating pointers during a full GC, a page might not be swept
already. In such cases there might be invalid objects in free memory.
Since these objects might be dead, their maps might have been reclaimed
already as well.
The previous CL cached the size of invalid objects in order to avoid
accessing an invalid object's map. However, as soon as a slot is within
an invalid object, we also need to check whether this slot is still a
tagged pointer which would require map access. This CL checks marking
bits on invalid objects to skip that check on such invalid objects.
Bug: v8:12578, chromium:1316289
Change-Id: Ie1d736f897a2994dbed7bfb95ed37732cd3b0882
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596123
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80609}
When call_ref has seen more than one call target, we now support
inlining all of them (constrained by budget/heuristics).
Bug: v8:7748,v8:12166
Change-Id: Iae16e74da1bad5e7a117f70efb6c61b3f39f832c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650607
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80602}
The forced allocation of fixed registers can override the arbitrary
choice of register in a previous allocation. Fix this by first
allocating fixed registers, and only afterward allocating arbitrary
registers.
Also add a DCHECK after input assignment that input locations match
their node's current location.
Bug: v8:7700
Change-Id: I262c2a1f9a3c47d5c23c84b3764569692f18f39d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644958
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80601}
Rolling v8/build: 1c34f36..5b615fa
Rolling v8/buildtools/third_party/libc++abi/trunk: ecff200..b682786
Rolling v8/buildtools/third_party/libunwind/trunk: 3d54d41..44c86bb
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d1ddc12..ecd2da3
Rolling v8/third_party/depot_tools: 31bfd51..8fb649c
Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220510.2.1..version:8.20220516.3.1
Rolling v8/third_party/jsoncpp/source: 9059f5c..42e892d
Rolling v8/third_party/zlib: 9979c19..7085d03
Rolling v8/tools/clang: 9da9510..56af55b
Rolling v8/tools/luci-go: git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e..git_revision:d3db74920e35147955be43f62b5f4ed0cf84c614
Rolling v8/tools/luci-go: git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e..git_revision:d3db74920e35147955be43f62b5f4ed0cf84c614
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I39db0aad04f28cc202fc7fa6bb31c2517b47f407
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3649375
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80593}
Split off a TurbofanFrame from OptimizedFrame, and make MaglevFrame a
subclass of OptimizedFrame. This allows it to be treated as an optimized
frame by code that is looking at deoptimization data.
Bug: v8:7700
Change-Id: Ia38e0f1c2cd73f054f63be81dff187d9197c1202
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644798
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80592}
NumFuzz passes various flags to V8 testing randomly, which can lead to
various flag contradictions with existing flags. Up to now the system
ignored the check for contradictions and kept running the test cases,
leading to false positives.
This change adds a new v8 flag --exit-on-contradictory-flags that
exists gracefully when a contradiction is detected. On the numfuzz
side we now filter simple contradictions beforehand.
Measurements showed that ~2% of all numfuzz tests ran into
contradictions. Around half of them are simple contradictions
(repetitions and inversions), which are now filtered beforehand.
The remaining ones (redundant or contradictory implications) are
now ignored.
Bug: v8:11826
Change-Id: I9942e203ba9668a097fabe1343dd1365c9da94c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650746
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80589}
Loading from/storing to the same field with incompatible mutabilities
is possible in unreachable code, specifically when a value is cast to
two different types with incompatible mutability for the same field
offset. Therefore, we allow this pattern in CsaLoadElimination.
When we detect it, we emit an Unreachable node to immediately crash the
program in case this unreachable code is somehow executed.
Bug: v8:7748, v8:12874
Change-Id: Ieb359d3e1b9f7bc4a91c556af2bba0507526d20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644806
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80587}
This CL removes GCTracer::AssertMainThread and adds the more general
methods Heap::IsMainThread and Heap::IsSharedMainThread, to be used
in DCHECKs and elsewhere. It also introduces some const qualifiers.
Bug: v8:12425
Change-Id: Ibdec39ce77be704598ca0c8b440005dc27bd6997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650600
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80586}
With the flag --always-use-string-forwarding-table (only used for
testing), we can have young generation strings in the
StringForwardingTable.
We need to update references to these strings when they are evacuated
during mark compact (previously this was only done after scavenge).
Bug: v8:12877, v8:12007
Change-Id: Ie108add176f71dcdf296bd94bdffa664cb75ae02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650719
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80575}
1) In copy/move ctors and operator=() we can just copy raw compressed
value;
2) For null check we don't need to decompress the value;
3) Same for operator==().
4) Hashing can also be optimized in a followup.
Bug: chromium:1325007
Change-Id: Ic1bf2c5049802c078b3e0121dcbe62d9ecea83b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647359
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80571}
Part of the improve error messages initiative.
Based on a resource of JSON.parse() errors found at
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/JSON_bad_parse
Previously JSON.parse(NaN) would output:
SyntaxError: Unexpected token N in JSON at position 0
Now the output is:
SyntaxError: "NaN" is not valid JSON
Previously JSON.parse("{a:1}") would output:
SyntaxError: Unexpected token a in JSON at position 1
Now the output is:
SyntaxError: Expected property name or '}' in JSON at position 1
Bug: v8:6551
Change-Id: Ic9fad1fdbd295e1302805b81e6603fc526121960
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513684
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Issack John <issackjohn@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80567}
The check whether worklists are empty sits after marking the
transitive closure, when it is guaranteed that no concurrent marker is
running anymore.
Bug: chromium:1325628
Change-Id: Ibfa7278df2181a0aa6c7e0f1d53d51e8afaa3352
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647830
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80566}
This adds a new struct "OOMDetails" which is passed to the
OOMErrorCallback. It currently holds the "is_heap_oom" bool that was
also passed before, plus an optional "detail" string.
The struct can later be extended without having to change the signature
of the OOMErrorCallback. Removing fields will have to follow the
standard deprecation rules, but this is also easily possible without the
hassle for this initial change.
We modify the deprecated OOMErrorCallback definition and un-deprecate it,
which can be seen as removing a deprecated API and adding a new one in
one CL.
R=mlippautz@chromium.org, jkummerow@chromium.org
Bug: chromium:1323177
Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80565}
