Commit Graph

73444 Commits

Author SHA1 Message Date
Seth Brenith
d937a0bb0c Add verifier for retaining paths in heap snapshots
The web app owner who notified me about bugs v8:12112 and v8:12126 asked
me a reasonable question: "how am I ever supposed to trust the retaining
paths in the devtools, if the heap snapshot is generated by a different
component than the actual marking code?". This change is my attempt to
answer that question. If verification is enabled, the heap snapshot
generator will visit each heap object with a realistic marking visitor
to find all references from that object. It will then check that those
references match the HeapGraphEdges in the snapshot.

I also considered the idea that we could collect retaining information
during the last GC cycle before taking the heap snapshot, or during an
extra GC cycle immediately after. However, running the full GC provides
the embedder with the opportunity to run arbitrary code (including JS)
both before and after PerformGarbageCollection, so there is no clear
guarantee that the heap state during the snapshot actually matches the
heap state during marking.

Bug: v8:12112, v8:12126
Change-Id: Id29e75ecf9eee19e35daedbdb4a3e1df64785380
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3299590
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#78952}
2022-02-04 15:47:55 +00:00
Leszek Swirski
2ce2c9c77c [compiler] Don't fallthrough liveness across Return/Throw
Return/Throw/Rethrow all unconditionally exit the bytecode, so the
bytecode liveness analysis shouldn't merge their next bytecode's
liveness into them.

Change-Id: I62f53d16f2763e12a702b8b40b2573c264488968
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439915
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78951}
2022-02-04 15:39:38 +00:00
Michael Lippautz
d3038386e8 api: Deprecate v8::TracedGlobal
Replacement is v8::TracedReference in combination with v8::Global if a
callback is really needed.

Bug: v8:12603
Change-Id: Iae48fee2e6588a594d430c5f3a71ff0b3e67e5b2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439873
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78950}
2022-02-04 15:38:17 +00:00
Hannes Payer
cf3b6036d0 [heap] Refactoring prologue of CollectGarbage.
This is the 3. CL in a series of CollectGarbage refactoring CLs.

Bug: v8:12503
Change-Id: Icc578eb9a4dc06083ea3380a00a50dbdbfd22e34
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420908
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Hannes Payer <hpayer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78949}
2022-02-04 15:31:35 +00:00
Leszek Swirski
c97337ff5e [tools] Add basic pointer compression to grokdump
Distinguish between tagged and machine pointer sizes in grokdump, and
dump a tagged memory view in addition to the machine-word dump when they
don't match.

This tagged view tries to decompress pointers for link targets, by
masking the slot they're in to get the cage root.

Drive-by: Add a .style.yapf to opt in to python formatting using
git cl format.

Change-Id: Ic5272cd865f995fc670ab2fb7d5e464f317af1bf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439906
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78948}
2022-02-04 14:35:26 +00:00
Michael Lippautz
6bb35b8c83 handles: Only reclaim TracedNode during atomic pause
TracedNode is used as backing node for v8::TracedGlobal (with
destructor) and v8::TracedReference (no destructor).

A future change adds concurrent marking for TracedReference which
requires that the node stays around until the atomic pause to avoid
synchronization with the concurrent marker.

This change prepares TracedNode in prolonging the lifetime until the
it is actively cleared ("sweeped") in the atomic pause. This allows
for spuriously keeping alive a TracedNode for an additional GC cycle
in the case the the node was destroyed while the marker is running.

We maintain eager clearing of nodes where possible, i.e., outside of
incremental marking.

Bug: v8:12600
Change-Id: I9688c83a42b70d352c84613485f37242b1b910a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3436805
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78947}
2022-02-04 14:22:35 +00:00
Anton Bikineev
db1d56ee91 cppgc: young-gen: Fix verifier for minor GC in cpp-heap.
Bug: chromium:1029379
Change-Id: I3970de943c58aa834bd12afd2d289c2034c65c1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439913
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78946}
2022-02-04 14:09:15 +00:00
Milad Fa
29c26dfa5a S390[simd]: move qfm opes to macro-assembler
Change-Id: I2ca9afc488ebe9dcab0fd1d1f1bc4016f9a06c92
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3440434
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78945}
2022-02-04 14:00:15 +00:00
Clemens Backes
cb5dfb7d73 [base] Remove TimeTicks::HighResolutionNow
TimeTicks::HighResolutionNow is identical to TimeTicks::Now since 2018
(https://crrev.com/c/997153), but the declaration still has a wrong
comment about a non-existing DCHECK.
In order to avoid confusion, remove the redundant method and just use
TimeTicks::Now everywhere.

Drive-by: Make IsHighResolutionTimer "inline" instead of "V8_INLINE"
because it will only be called once anyway.

R=mlippautz@chromium.org

Bug: v8:12425
Change-Id: I31dc65f8c1ac910862e070e60e928054d4921154
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439909
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78944}
2022-02-04 13:27:14 +00:00
Anton Bikineev
4c2b5f4d30 cppgc: Provide API to test if object is marked or freed
This is needed to support minor gc tests on the Blink side.

Bug: chromium:1029379
Change-Id: Ic7ce1ae8e626b87738d76663ceecf7198e425d18
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437050
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78943}
2022-02-04 12:30:05 +00:00
Clemens Backes
fca5a7f350 [wasm] Remove custom DeserializationTimeScope
Use the standard TimedHistogramScope instead.

R=ahaas@chromium.org

Bug: v8:12281
Change-Id: Ib404f8e60999bc5c1871d4dce25f8ba7cc3cadfe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437048
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78942}
2022-02-04 11:28:56 +00:00
Clemens Backes
c65c71b56a [wasm] Avoid signature map lookup if possible
When updating the dispatch tables, the other instances are often
generated from the same wire bytes, or there is only the one original
instance in that list of instances. In both cases we can avoid the
costly hash table lookup, and just use the signature index from the
originating module.

For big modules, this saves more than 50% of time for updating the
dispatch tables, and ~25% of overall instantiation time.

R=manoskouk@chromium.org

Bug: v8:12593
Change-Id: I356d5dd10f6c0738330e9a8d1cb27f60ff21215a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432212
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78941}
2022-02-04 10:54:05 +00:00
Anton Bikineev
75a8335d22 cppgc: young-gen: Unmark only on major GCs
Bug: chromium:1029379
Change-Id: Id496cae4bb59fa247b362d17f3eaf0ecc98e9ae4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437051
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78940}
2022-02-04 09:56:44 +00:00
Nico Hartmann
362b30eb1e Reland "Reland "[Torque] Generalize Torque literals to larger size""
This is a reland of 517ed4ad00

Original change's description:
> Reland "[Torque] Generalize Torque literals to larger size"
>
> Previously, literals in Torque were stored as double values, which
> made it impossible to precisely represent 64 bit integer values.
> This CL replaces the old literal expression with an integer and
> floating point literal expression that are unbounded in size. We
> allow implicit conversion of these literals to arbitary integer
> and floating point types respectively and insert a corresponding
> bounds check into generated CSA.
>
> Changes in the reland: Simplified IntegerLiteral to single digit.
>
> Bug: v8:7793, chromium:1289282
> Change-Id: I31c762c2f31165c7a1d0b07842b764e5851ce189
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3406750
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78811}

Bug: v8:7793, chromium:1289282
Change-Id: I7aadc4d2c9494f03eae85e94949c8f4cab7a075c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437047
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78939}
2022-02-04 09:40:24 +00:00
v8-ci-autoroll-builder
bc2a8f6475 Update V8 DEPS.
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/79dc3ff..87e6066

Rolling v8/third_party/depot_tools: 0faae1c..df01c5a

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I0922c8dd2768df0f2b4eca3442f435dbf8d41196
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439627
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78938}
2022-02-04 09:15:54 +00:00
Marja Hölttä
f733dc0f31 [rab / gsab] RAB / GSAB support for TA.p.set
Bug: v8:11111
Change-Id: I757e67cbcad98b6cacb3ad08b6a364194feead1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427201
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78937}
2022-02-04 07:35:46 +00:00
Michael Achenbach
efd28c14c2 [infra] Make various scripts compatible with Python3
This fixes all Python3 problems in scripts and tests running via
v8_presubmit.py. It includes:
- Test runner
- Release tools
- Perf runner
- Torque formatter
- V8's main presubmit

On bots, v8_presubmit is run with vpython, hence we also add
the required dependencies. After the Python3 migration, most
of the transitional code in this CL can be removed again.

Bug: chromium:1293709,chromium:1292016
Change-Id: Ic25e5965948b212c047e9d5194d2a4b6db1fa91b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432213
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78936}
2022-02-04 07:17:24 +00:00
v8-ci-autoroll-builder
b0f18c7d6a Update ICU
Rolling v8/third_party/icu: 609143a..2e0f298

Revert "Move back to a single android icu dat file" (Michael Cui)
https://chromium.googlesource.com/chromium/deps/icu/+/2e0f298

Suppress C++20 warnings (Mark Schott)
https://chromium.googlesource.com/chromium/deps/icu/+/cd7e36d

Move back to a single android icu dat file (Mohamed Heikal)
https://chromium.googlesource.com/chromium/deps/icu/+/44f2bbf

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,ftang@chromium.org

Change-Id: I45c34640ec98629a0185141789e969ad4e62b15e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3439165
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78935}
2022-02-04 05:34:46 +00:00
v8-ci-autoroll-builder
9f376e70d2 Update V8 DEPS.
Rolling v8/build: 5ba6fa4..3a9b7ad

Rolling v8/buildtools: f78b4b9..8ccda4f

Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/1e084a5..79dc3ff

Rolling v8/third_party/depot_tools: fa5989b..0faae1c

Rolling v8/tools/clang: 853a56c..f246ca2

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I4df24450e536837079fe8cacc12c9208f66c5c23
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3438468
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78934}
2022-02-04 03:57:34 +00:00
Frank Tang
a141d2a58d [Temporal] Add Temporal.*.prototype.withCalendar
Bug: v8:11544
Change-Id: I59e5a448385b2e67927c18c9609f24f4d66f3756
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3380305
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78933}
2022-02-03 22:26:34 +00:00
Milad Fa
42c279e00d S390 [liftoff]: Implement simd integer narrowing
Change-Id: I37ebc9b8470ba0df8c62af7ccc02edf4eb38b6bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437414
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78932}
2022-02-03 21:54:44 +00:00
Junliang Yan
15bdd378d9 s390x: add AddU64 in macroassembler
Change-Id: I9ccd6181437017aea627373b9f323efa6b4a183d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437825
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78931}
2022-02-03 21:14:04 +00:00
Junliang Yan
c98a5101d5 s390x: implement LoadTaggedSignedField
Change-Id: I04813fbb55b60d60a829dbb8970637a7cd32c813
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437407
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78930}
2022-02-03 18:09:04 +00:00
Clemens Backes
beed8f6aff [liftoff] Use cached instance for bulk memory operations
Instead of always loading the instance from the frame, try to use the
cached instance register instead.
This is totally not performance critical since we do a C call afterwards
anyway, but it's just as easy to use the cached instance than loading it
fresh from the stack.

R=thibaudm@chromium.org

Change-Id: Ia815e9e6f8ab2efc665b2e3aefcdc7b4aa95739f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427461
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78929}
2022-02-03 16:53:14 +00:00
Junliang Yan
4365a70df2 s390x: implement LoadEntryFromBuiltin and EntryFromBuiltinAsOperand
Change-Id: I0f42cf86182782b5357d905bfdef1874f6efb909
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437406
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78928}
2022-02-03 16:51:05 +00:00
Junliang Yan
3e5f800083 s390x: [baseline] implement baseline compiler
Change-Id: I0ca1d28774c58bce52f8553a08351d7191ff0f40
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3436806
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Commit-Queue: Junliang Yan <junyan@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78927}
2022-02-03 16:36:34 +00:00
Camillo Bruni
959d169c08 [tools] Improve heap stats tool documentation
Change-Id: I913e36afd76fe0f212e8c0c9b97e5ac52b2342d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3437045
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78926}
2022-02-03 15:53:04 +00:00
Manos Koukoutos
071ae7b169 [wasm] Reload shared memory size after stack guard
The stack guard may update a shared memory's size. Therefore, we need to
update the size in the instance cache in Turbofan when StackCheck is
invoked for loops.

Change-Id: I1b000adad991a6b799ad37ba36c9a33c67559d3a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3423780
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78925}
2022-02-03 14:31:05 +00:00
Clemens Backes
5a939b831f [liftoff] Remove redundant method (FillInstanceInto)
On all platform, the method is implemented identical to
{LoadInstanceFromFrame}. So remove {FillInstanceInto} and keep
{LoadInstanceFromFrame} which is a better name.

R=thibaudm@chromium.org

Bug: v8:12425
Change-Id: Ia9e6a3e2478628f8d31ff4faaab8d5250fda7796
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429203
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78924}
2022-02-03 13:35:44 +00:00
Leszek Swirski
11c48033fe Revert "[heap-stats] Fix heap-stats with ptr-cage"
This reverts commit 9ae463bc43.

Reason for revert: ODROID failure https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Arm%20GC%20Stress/22085/overview

Original change's description:
> [heap-stats] Fix heap-stats with ptr-cage
>
> - Heap-stats was trying to load the map without explicitly passing in
>   the PtrComprBase causing failures with Code objects in external code
>   space
> - Extend the debugPrint.js tests to run with some more debugging and
>   testing flags to prevent future regressions
>
> Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Auto-Submit: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78919}

Change-Id: I4a5e9d8a4ce2f608b7a42dcf5d7e799daf9cc1c5
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3436285
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78923}
2022-02-03 12:00:14 +00:00
Thibaud Michaud
dfbe502810 Reland "Reland "[wasm] Resume suspender on resolved promise""
This is a reland of f942f656dc

Changes: Change the order of initialization for wasm continuations to
ensure object integrity if a GC happens during allocation. Also add
missing handles.

Original change's description:
> Reland "[wasm] Resume suspender on resolved promise"
>
> This is a reland of a865d16bc2
>
> Changes:
> - Make the next ID atomic
> - Leave more space for runtime calls in debug mode
>
> Original change's description:
> > [wasm] Resume suspender on resolved promise
> >
> > Implement the WasmResume builtin, which resumes a wasm suspender
> > when the corresponding JS promise resolves.
> >
> > Drive-by 1: Fix detection of empty stacks in the stack frame iterator.
> > Drive-by 2: Add a stack ID for better tracing.
> >
> > R=ahaas@chromium.org
> > CC=​fgm@chromium.org
> >
> > Bug: v8:12191
> > Change-Id: Ifa3f00c4259f802292b04d426c739e9b551f87b9
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3420827
> > Reviewed-by: Andreas Haas <ahaas@chromium.org>
> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> > Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#78842}
>
> Bug: v8:12191
> Change-Id: I3c231690b27be79a0c00e13043342bb4a3628886
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427203
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78890}

Bug: v8:12191
Change-Id: I0e1362d3a9da1fd8c0d600ad9776ce2fd26c6a52
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3434145
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78922}
2022-02-03 11:50:44 +00:00
Clemens Backes
5468590a86 [wasm] Fix hash value of ValueType
Since the equality operator uses the whole encoded bitfield, also the
hash value should use that. Otherwise get get unnecessary hash
collisions, resulting in bad hash table performance (e.g. in the
signature map).

R=manoskouk@chromium.org

Bug: v8:12593
Change-Id: I6f9b8ed1789ee937c90ece15d78b2bf5a3c357a6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435189
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78921}
2022-02-03 11:39:04 +00:00
Omer Katz
ef53e0a0d2 cppgc: Prevent misuse of explicit_management.h
The methods in explicit_management.h should be called via the public
variants in the subtle namespace. Calling the variants in the internal
namespace directly skips asserts and required size coversions. Doing so
may cause misuse of the api that may break GC inernals

Change-Id: I58a0f324ca1ee0839bb85eb9b53ce57785dc7b91
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435187
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78920}
2022-02-03 11:18:34 +00:00
Camillo Bruni
9ae463bc43 [heap-stats] Fix heap-stats with ptr-cage
- Heap-stats was trying to load the map without explicitly passing in
  the PtrComprBase causing failures with Code objects in external code
  space
- Extend the debugPrint.js tests to run with some more debugging and
  testing flags to prevent future regressions

Change-Id: I1f0d03cb31480f316fe533b507ff98fe3befbe8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432386
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78919}
2022-02-03 11:17:29 +00:00
Clemens Backes
18469ec4bf [wasm] Implement bulk memory operations on memory64
This makes the bulk memory operations respect the memory type, i.e.
using i64 values for memory offsets if memory64 is enabled.

The called C functions now expect memory offsets to be passed as
{uintptr_t}, such that we can address any memory on all systems. For
64-bit memories on 32-bit systems, the upper half of the 64-bit value is
checked in compiled code before passing the lower half to the C
function.

Liftoff support turned out to be a bit harder than expected, because we
cannot hold three 64-bit values in registers on ia32 (not enough
registers...). Thus implement that in a follow-up CL.

R=thibaudm@chromium.org

Bug: v8:10949, chromium:1281995
Change-Id: Ie77636145f94cc579d479c4e7c346ba3c682679d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427206
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78918}
2022-02-03 10:35:04 +00:00
Dominik Inführ
1c3ac2d9f4 [heap] Fix data race when promoting objects into shared heap
Each GC thread needs their own instance of ConcurrentAllocator for
allocation. The LAB is always considered thread-local.

Bug: v8:12582, v8:11708
Change-Id: I39200202ec9fd07fa33b3ababa88e84a1a270778
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429294
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78917}
2022-02-03 10:31:25 +00:00
Clemens Backes
cbdc833756 [wasm] Decommit unneeded memory
The {WasmCodeManager::Decommit} method is called for ranges that do not
contain any live code any more. Instead of setting permissions to
{kNoAccess} and discarding the pages, do actually decommit them. The
difference is subtle, but decommitting tries harder to actually free the
underlying physical pages (whereas discarding is more a hint to the
operating system).

After both operations, the memory is not accessible afterwards, so any
further access results in a signal, and thus a crash of the process.

R=jkummerow@chromium.org, mlippautz@chromium.org

Change-Id: Iddeda5c4ed864682c4df589b6ea6e359bf03847a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3427459
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78916}
2022-02-03 09:40:04 +00:00
Dominik Inführ
6c3001fa89 [heap] Update InvalidatedSlotsFilter for map space compaction
* Map may be forwarded here, so use IsMapOrForwardedMap in DCHECK
* Code didn't expect a slot in the map word.

Bug: v8:12578
Change-Id: I8dd9cd57fb1336e0014812b7a2e35dc209f78a2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429292
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78915}
2022-02-03 07:42:55 +00:00
v8-ci-autoroll-builder
0b0270165c Update google_benchmark
Rolling v8/third_party/google_benchmark/src: 14eee07..1ee7bee

Use Win32 API only for Win32 apps (#1333) (batortaller)
https://chromium.googlesource.com/external/github.com/google/benchmark/+/1ee7bee

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com,mlippautz@chromium.org

Change-Id: I9d7480c5ede64550b4e8434d62fcc8c29ae038b9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435329
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78914}
2022-02-03 05:38:22 +00:00
v8-ci-autoroll-builder
15c2b9ad4e Update V8 DEPS.
Rolling v8/build: a0549e2..5ba6fa4

Rolling v8/buildtools/third_party/libunwind/trunk: d0ad43c..659c7d9

Rolling v8/third_party/depot_tools: 60206c4..fa5989b

Rolling v8/third_party/googletest/src: 4517697..25ad42a

Rolling v8/tools/clang: cb91247..853a56c

Rolling v8/tools/luci-go: git_revision:d46a9c7ad4e38935bbacb01602fc1d09a162884b..git_revision:462d0a9cdbe947cd652fcd0c54f64ebc712858a5

Rolling v8/tools/luci-go: git_revision:d46a9c7ad4e38935bbacb01602fc1d09a162884b..git_revision:462d0a9cdbe947cd652fcd0c54f64ebc712858a5

R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com

Change-Id: I8442c5410c92fd1029cc13bc89dbd75b08fe4f43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3435325
Commit-Queue: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Bot-Commit: v8-ci-autoroll-builder <v8-ci-autoroll-builder@chops-service-accounts.iam.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#78913}
2022-02-03 04:02:22 +00:00
Anton Bikineev
a687e9fade cppgc: young-gen: Implement remembered set invalidation
This CL adds invalidations for slots that reside in promptly freed or
shrunk storage.

Bug: chromium:1029379
Change-Id: I05e0ede55c202c952b26f452053b8777d1a2ffae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431488
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78912}
2022-02-03 00:37:42 +00:00
Nikolaos Papaspyrou
73a1c635fe heap: Fix the tracing of GC cycles
Conceptually, a full GC cycle completes when the sweeping phase is
finished. As sweeping is performed concurrently, this happens after
Heap::CollectGarbage has returned and, at the latest, before the next
full GC cycle begins. However, an arbitrary number of young GC cycles
may happen in the meantime. Tracing information for the sweeping phase
must be added to the corresponding full GC cycle event. Until now, this
was not done correctly: this information was added to the GCTracer's
current event and could thus be attributed to a subsequent young or full
GC cycle.

This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
cycle (still allowing for full GC cycles to be interrupted by young GC
cycles). These methods are different from (Start|Stop)ObservablePause,
which delimit the observable pause of each GC. The events of "pending"
full GC cycles are kept until they are properly amended and reported,
when the sweeping phase is finished.

This is a reland of 4ad20bff97
which was reviewed here: https://crrev.com/3404733

Bug: v8:12503
Bug: chromium:1154636
Change-Id: Icc315b53cff1f3b19b8efe49db34340a5608bcd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432211
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78911}
2022-02-02 20:46:01 +00:00
Milad Fa
e2bdbffb0a S390 [liftoff]: Implement simd i32 to fp32 conversion
Change-Id: I251df1abd2f7facc1ee5adad7a7dbf70c1554d22
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432985
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78910}
2022-02-02 18:10:59 +00:00
Gus Caplan
cc9a8a3744 fix overflow check in error formatting
Bug: v8:12494
Change-Id: Iba2684173296aa236f1a1c73a5606c21472eff06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3426634
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Gus Caplan <snek@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78909}
2022-02-02 15:50:28 +00:00
Leszek Swirski
10e811c45e Revert "heap: Fix the tracing of GC cycles"
This reverts commit 4ad20bff97.

Reason for revert: New test seems to be failing on TSAN/incremental marking stress (https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20TSAN%20-%20stress-incremental-marking/6346/overview)

Original change's description:
> heap: Fix the tracing of GC cycles
>
> Conceptually, a full GC cycle completes when the sweeping phase is
> finished. As sweeping is performed concurrently, this happens after
> Heap::CollectGarbage has returned and, at the latest, before the next
> full GC cycle begins. However, an arbitrary number of young GC cycles
> may happen in the meantime. Tracing information for the sweeping phase
> must be added to the corresponding full GC cycle event. Until now, this
> was not done correctly: this information was added to the GCTracer's
> current event and could thus be attributed to a subsequent young or full
> GC cycle.
>
> This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
> cycle (still allowing for full GC cycles to be interrupted by young GC
> cycles). These methods are different from (Start|Stop)ObservablePause,
> which delimit the observable pause of each GC. The events of "pending"
> full GC cycles are kept until they are properly amended and reported,
> when the sweeping phase is finished.
>
> Bug: chromium:1154636
> Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78905}

Bug: chromium:1154636
Change-Id: Id6688cfe982f9d8159c66d715b7079782a371bed
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431489
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78908}
2022-02-02 15:17:59 +00:00
Milad Fa
7f47473a39 S390 [liftoff]: Implement simd fp32 to i32 conversion
I32x4UConvertF32x4 is also slightly optimized by removing 2
instructions.

Change-Id: Ie61fbd34628beb2410ae3ef916de7c3119c7ad9c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429463
Reviewed-by: Junliang Yan <junyan@redhat.com>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#78907}
2022-02-02 14:41:08 +00:00
Benedikt Meurer
b345204579 [inspector] Make inspector tests independent of Debugger.CallFrame.url.
This is the second step towards moving away from sending `url` with
every call frame when emitting the `Debugger.paused` event.

Bug: chromium:1270316, chromium:1271078
Change-Id: Ib4f996024b5200cded155bd8a564d01d36856400
Doc: https://bit.ly/devtools-debugger-callframe-url
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3431485
Auto-Submit: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78906}
2022-02-02 14:34:08 +00:00
Nikolaos Papaspyrou
4ad20bff97 heap: Fix the tracing of GC cycles
Conceptually, a full GC cycle completes when the sweeping phase is
finished. As sweeping is performed concurrently, this happens after
Heap::CollectGarbage has returned and, at the latest, before the next
full GC cycle begins. However, an arbitrary number of young GC cycles
may happen in the meantime. Tracing information for the sweeping phase
must be added to the corresponding full GC cycle event. Until now, this
was not done correctly: this information was added to the GCTracer's
current event and could thus be attributed to a subsequent young or full
GC cycle.

This CL introduces methods GCTracer::(Start|Stop)Cycle to delimit a
cycle (still allowing for full GC cycles to be interrupted by young GC
cycles). These methods are different from (Start|Stop)ObservablePause,
which delimit the observable pause of each GC. The events of "pending"
full GC cycles are kept until they are properly amended and reported,
when the sweeping phase is finished.

Bug: chromium:1154636
Change-Id: I2fbc65d4807c78656d4abc8c451043f6f86211b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3404733
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78905}
2022-02-02 14:27:50 +00:00
Clemens Backes
078f7c4fca [wasm] Unhandlify UpdateDispatchTables
UpdateDispatchTables is the hottest function during Wasm instantiation,
thus dehandlify it, as it does not allocate on the JS heap anyway. This
saves ~20% of instantiation time locally.

R=manoskouk@chromium.org

Bug: v8:12593
Cq-Include-Trybots: luci.v8.try:v8_linux_gc_stress_dbg_ng
Cq-Include-Trybots: luci.v8.try:v8_mac64_gc_stress_dbg_ng
Change-Id: Ifdd3f8fcd2e31950b591b179a62a0d397c41c339
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429205
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78904}
2022-02-02 13:40:10 +00:00
Clemens Backes
63c95e6197 [wasm] Remove wrong signature definitions for numerics
Some of the numeric opcodes have a variadic signature, e.g. table.grow
or table.fill, and soon also the bulk memory opcodes because their
consumed types depend on the memory type.

For those opcodes, remove the signature definition from the opcode macro
lists, because using it might result in bugs.

R=thibaudm@chromium.org

Bug: v8:10949, chromium:1281995
Change-Id: I350e75db7197d97a561f8219cedba5fe85b5c9c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3424494
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78903}
2022-02-02 12:53:21 +00:00