Add a simple, linear-time scheduler to check whether two nodes can be
scheduled to a same basic block without actually building basic blocks.
Bug: v8:12716
Change-Id: I20506f28a9126f881b7e4748f54b12551967ba76
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3388910
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Cr-Commit-Position: refs/heads/main@{#81015}
Currently the Isolate is gotten off of the object that the operation is
being performed on. Shared objects return the shared Isolate, which is
incorrect as it shouldn't be used to run JS, nor does it have
HandleScopes open. Plumb the executing Isolate through.
Bug: v8:12547
Change-Id: Ib7542c8cf63563d29f23fb03f86974c319ed88c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3697456
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Luis Fernando Pardo Sixtos <lpardosixtos@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81014}
The test should now be self-skipping without extra work
Bug: v8:12547
Change-Id: I0adf5d8745e19b17d2644587e416eb16063b210d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3694455
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81013}
This saves one indirection when fetching the supertype array for
type checks.
Bug: v8:7748
Change-Id: I41ec5a190c1ccdd9112869c7cdf1748bef4b359a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688405
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81012}
Earlier, we had to introduce some temporary workarounds in Turbofan to
enable optimizations for common wasm-gc patterns. These are now not
required, since these optimizations are applied in WasmTyper and WasmGCOperatorReducer.
Bug: v8:7748
Change-Id: I3a7bc4bd2a8023a438ee4620934ff3fcb8bcfc6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693999
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81011}
This wraps CagedHeap in #if defined(CPPGC_CAGED_HEAP)
Bug: v8:12231
Change-Id: I8407abdd88c6a96b6c79c08e7039b5eb6f8175f9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695384
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81010}
This is a reland of commit abcb6bb8b4.
The data race is fixed by using atomic operations.
Original change's description:
> [heap] Avoid dynamic updates of FLAG_gc_interval
>
> Flags will be protected from updates after V8 initialization (in the
> future). This CL avoids any updates of the --gc-interval flag during
> runtime, and instead updates a static field on the HeapAllocator
> directly.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80998}
Bug: v8:12887
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ib5b537500413a627d9b2509354d20906e0474d8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695380
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81008}
This is a reland of commit c443858fa9
The original version included an operation which could left-shift
signed values, which is undefined behavior; the updated version masks
the value first to avoid the problem.
Original change's description:
> Allow lookup of matching scripts in Isolate compilation cache
>
> Currently, if the same script text is compiled multiple times with
> differing details (such as name, line number, or host-defined options),
> then multiple copies of that script are added to the Isolate's
> compilation cache. However, any attempt to look up those scripts can
> find only the first instance. This change makes the script compilation
> cache behave more consistently by checking the details while searching
> the hash table for a match, rather than after a potential match has been
> found.
>
> Bug: v8:12808
> Change-Id: Ic9da0bf74f359d4f1c88af89d585404f173056ee
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3671615
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
> Cr-Commit-Position: refs/heads/main@{#80919}
Bug: v8:12808
Change-Id: I494c3c9cc520b79f34247aab6618c40c854b9edc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687070
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#81007}
The CL is a prerequisite for the shared cage. Instead of storing
state variables (is_incremental_marking_in_progress,
is_young_generation_enabled) in the cage metadata, the CL moves them to
HeapHandle. The HeapHandle pointer is now retrieved from page-headers.
To make sure that the write-barrier code is better optimized, the
HeapHandle definition is moved to internal/ headers. The part of
BasePage that contains HeapBase (i.e. HeapHandle) pointer is also
extracted and moved to the headers.
Bug: v8:12231
Change-Id: I44bf65d99a621d9548e4250386cf87476ca186ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3689730
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81005}
We previously missed out on turning ConsString objects into ThinStrings
due to the flattening step in StringTable::LookupString.
// Example input string:
string = cons("A", cons"B", "C"))
// After flatten:
string == cons("ABC", "")
// OLD: After internalising and thinning:
string == cons(#"ABC", "")
The new behaviour yields a thin string after internalising:
// NEW: After internalising and thinning:
string == thin(#"ABC")
Change-Id: I99bbebd52fa02ecfeb2289cb85b69f3e01175cdd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667080
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81004}
Current method is passing no_reg as scratch and causes failure.
This CL copies the necessary parts from under ASSEMBLE_STORE_INTEGER
and passes r0 as scratch.
Change-Id: Iaa8477bed6ee73ad85514a390ceff4847d2c8c27
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695957
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#81003}
This reverts commit abcb6bb8b4.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20isolates/20029/overview
Original change's description:
> [heap] Avoid dynamic updates of FLAG_gc_interval
>
> Flags will be protected from updates after V8 initialization (in the
> future). This CL avoids any updates of the --gc-interval flag during
> runtime, and instead updates a static field on the HeapAllocator
> directly.
>
> R=mlippautz@chromium.org
>
> Bug: v8:12887
> Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80998}
Bug: v8:12887
Change-Id: I18310a3f515506d617f42be7a208013957625eaf
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3695559
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Owners-Override: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81002}
Anyone using CopyablePersistentTraits should be using v8::Global, so
deprecate it and fix the uses in V8.
Bug: v8:12915
Change-Id: I25e6f2a03e070db9e9af9bbd9ea8cbc0f838c5ac
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3669254
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81001}
If enabled, a signal handler is installed which intercepts memory access
violations (e.g. SIGSEGV) and checks whether they occurred inside the
sandbox address space, in which case the process is terminated cleanly
as this does not represent a (security) issue with the sandbox. However,
if the access violation occurred outside the sandbox, the access
violation is forwarded to the original signal handler.
The filter can be enabled in d8 by specifying
--enable-sandbox-crash-filter.
Bug: v8:12878
Change-Id: If9d76267e90ee79ee81ab793d7774afed6226b7c
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688408
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80999}
Flags will be protected from updates after V8 initialization (in the
future). This CL avoids any updates of the --gc-interval flag during
runtime, and instead updates a static field on the HeapAllocator
directly.
R=mlippautz@chromium.org
Bug: v8:12887
Change-Id: I17a495cae50a46d59a8159c6ece1558d4d61b949
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687691
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80998}
... by default when fast W^X is enabled.
Bug: v8:12054
Change-Id: I242567a07aa323127e5f7cdcbf3a1a7d5708b923
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688518
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80995}
Rolling v8/build: a568526..5ef7447
Rolling v8/buildtools/linux64: git_revision:37baefb026b199605affa7bcb24810d1724ce373..git_revision:2f71761a90bdccdb5f4a99e8b231c96aba0967d9
Rolling v8/buildtools/third_party/libc++abi/trunk: c30c515..11395e5
Rolling v8/buildtools/third_party/libunwind/trunk: 86ab9dd..1644d07
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/3a2e446..45853b3
Rolling v8/third_party/depot_tools: 13c50b4..6754c49
Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220531.3.1..version:8.20220607.2.1
Rolling v8/tools/clang: 4e79fda..a455f33R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I388c75fffc589bcc2702f9d36fec250a6d6d37c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691131
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#80987}
GCC doesn't accept 'lr' in inline assembly, specifically for the
list of clobbered registers. Change all uses to 'x30', for
consistency.
Bug: v8:10026
Change-Id: I5654fee4ca398dfdd99c34d09fc5294d169a9bd8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693701
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Cr-Commit-Position: refs/heads/main@{#80980}
Port e50d19cb11
Original Commit Message:
https://crrev.com/c/3471854 already disabled the RecordWrite builtin
specifically for incremental marking. Since this didn't regress performance as expected, we can now remove those versions of the
builtin.
This will simplify the barrier implementation a bit, but is also
required for the shared heap write barrier. Unlike the generational barrier, the shared heap barrier can't be elided for map values.
R=dinfuehr@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com
BUG=
LOG=N
Change-Id: Ic1a31fad3faaafeab077590d71d6d998eaddcc6a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3691128
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80979}
Mostly in comments, again, not much to be said...
Bug: v8:12425
Change-Id: I6d6c70b4e4dba70ec6ac7574caecc77b65316050
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3693698
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80977}
I noticed in a recent build that C++ files from cctest didn't start
compiling until after several slow non-parallel tasks such as running
mksnapshot and linking v8_for_testing. I don't see any reason that
cctest sources should wait for those tasks, so in this change I propose
adjusting the build dependencies for more parallelism.
Change-Id: I2472117c8555ac397fa1232954c8b699d6429d38
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3690170
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80976}
When the sandbox cannot be initialized, it's either because there is not
enough virtual address space available, or because there is not enough
memory for the kernel data structures needed for the reservation (this
typically happens on Windows 7/8 where reserving virtual memory is
expensive). Both cases should be reported as OOMs, not CHECK failures.
Bug: chromium:1325302
Change-Id: I17bde9bcd4fbd6e3d54075b8891287c8fb01c1d7
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688406
Auto-Submit: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80975}
Port: f149912f33
Drive-by: Defined EnqueueFunction under baseline-batch-compiler
for platforms without spakrplug support, currently getting
a link error when making a debug build.
Bug: v8:12887
Change-Id: I4fc8584ef09ad024280f7e40554a5e73a207b64f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688474
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80972}
Use doubleword load/store to swap values in FPSackSlots instead of word
load/store.
Besides, fix error in gap resolver.
Change-Id: I57e9d577a6001bc970ce6b56b6f890eb3e4d196c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688325
Auto-Submit: Liu Yu <liuyu@loongson.cn>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Reviewed-by: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/main@{#80971}
Drive-by: Make the code less verbose my returning the input node from
SetInt32Type.
Bug: v8:7748, chromium:1332385
Change-Id: I2fde9c2168af1365e305e7e8d894b03487e8a8d9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3687692
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80970}
It is now considered best effort, that in-place internalizable strings
are promoted into the shared old space instead of non-shared old space.
This was previously an invariant, but it doesn't hold if the whole page
containing the shared string is promoted instead of individual objects.
In addition with conservative stack scanning individual objects won't be
moved.
Bug: v8:12007
Change-Id: I7474738b02b0c18080cb2e82268a02bf9b480c40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688512
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80969}
This build flag was removed in https://crrev.com/c/3314864.
Bug: v8:12470
Change-Id: I365a1914ff096d07ae41d8bf35150615a9c91736
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3676853
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80968}
In typed-optimization, Turbofan optimized NumberFloor(NumberDivide(...))
patterns where both inputs are known to be of Unsigned32 type, but the
replacement couldn't be typed consistently. This CL introduces a new
operator Unsigned32Divide, which has the same semantics, but can be
typed consistently and thus allows the simplified lowering verifier to
validate the graph correctly.
Bug: v8:12619
Change-Id: Iad77154d3d840c94edfd3ab91ffa37c840da0bc9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644790
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80967}
https://crrev.com/c/3471854 already disabled the RecordWrite builtin
specifically for incremental marking. Since this didn't regress performance as expected, we can now remove those versions of the
builtin.
This will simplify the barrier implementation a bit, but is also
required for the shared heap write barrier. Unlike the generational barrier, the shared heap barrier can't be elided for map values.
Bug: v8:11708
Change-Id: I44bc6ee79006a5be8c1b593dee7fc30c3b9cfa85
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3683341
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80966}
