Soft-deopt for mono/polymorphic property accesses that don't have any
maps, and only allow zero-map feedback to be monomorphic. This makes
sure we only emit a megamorphic LoadIC builtin call if the IC was
actually megamorphic.
JSGenericLowering assumed that zero maps meant that a load site is
megamorphic. However, it can be the case that the call-site is
monomorphic or polymorphic, and the maps had died. In this case we don't
want to call the megamorphic IC builtin, as on a stub cache miss we
fallback to a normal LoadIC miss, which can record mono/polymorphic
feedback in the IC. After this, we'll enter a miss loop in the
megamorphic load builtin, and worse the LoadIC assumes that there's
something "wrong" with the feedback, so it'll keep trying to reconfigure
the handler (possibly allocating new load handlers if this is a
prototype field access).
As a drive-by, rewrite GetRelevantReceiverMaps to be an in-place
filtering of the maps rather than copying them.
Change-Id: I0c25bfa606367fa81c43223bbd56cdadb5e789ef
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2150586
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67152}
In strict mode stores to non-existent properties throw. We should not
install a handler with the property cell for such stores. These handlers
would expect that the value exists when they see a property cell. If
this property cell gets invalidated later, it appears as if it is a
valid property cell with undefined value. This leads to an incorrect
behaviour. This cl checks if we are in strict mode and uses a slow
stub in such cases.
Bug: chromium:1067757
Change-Id: I543c6a6931530bfb13cc9a33d1dabaa756489fd1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2142255
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67151}
Add ConcurrentAllocator which can be used for concurrent allocation from a background thread in the old space. ConcurrentAllocator doesn't request a GC yet when an allocation fails. This will be implemented in later CLs.
Bug: v8:10315
Change-Id: I81260ebbd8863c143e93aedb93c66d0e7c28bddb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144066
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67150}
... to make real world protector invalidations measurable.
Chromium CL: https://crrev.com/c/2149324
Drive-by: Add missing newline in protector tracing.
Drive-by: Consistent naming for the regexp species protector.
Bug: v8:9496
Change-Id: I3c7238aa8024e03ea9e89daf83345b8ec4f0d768
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149428
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67149}
This commit removes the explicit namespace in FunctionCallbackArguments
constructor. They are not needed and this change seems to be consistent
with other CustomArguments classes like PropertyCallbackArguments.
Change-Id: If18371fbb2e6a7161ea4a1633f4219f3498cdc8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2141740
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67148}
Bug: chromium:1070890
Change-Id: I62ad81b8d5bcb9934c7eda4eae595d41339adfdf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149425
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Georg Neis <neis@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67147}
The underlying issue was fixed in https://crrev.com/c/2144116 and
https://crrev.com/c/2142259. This reenabled the test generally. Note
that it's still skipped in special configurations. I will reevaluate
which of those can also be unskipped via separate CLs.
Drive-by: Fix the order of "expected" and "actual" values.
R=thibaudm@chromium.org
Bug: v8:10410
Change-Id: Idbdcc73d641661e96e12110dcf10b060e0cf47a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144070
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67145}
cc958279ff..99e00d6563
$ git log cc958279f..99e00d656 --date=short --no-merges --format='%ad %ae %s'
2020-04-15 tikuta client: update isolated client
2020-04-15 tikuta swarming/client: set client and version in User-Agent
2020-04-15 tikuta net: add set_user_agent
2020-04-14 yekuang [swarming] Add user-agent header to the client requests
2020-04-14 tikuta Revert "client: add filename and line in logging"
2020-04-10 yekuang run_isolated.py: Propagate the exceptions from upload_items() to the main thread
2020-04-09 qyearsley Run spellchecker on luci-py.
2020-04-09 tikuta client: add verify_push flag to archive_files_to_storage
2020-04-09 jwata [swarming-client] evict corrupted files in local cache
2020-04-09 yekuang Send SIGTERM to the isolated download process when it times out
2020-04-08 tikuta client: update isolated client
2020-04-08 tikuta client: include relevant logs only in update_isolated.sh
2020-04-01 tikuta client: update isolated client
2020-04-01 tikuta client: update isolated client
2020-04-01 tikuta client: add script to update isolated in run_isolated.py
2020-03-31 tikuta client: check hash of uploaded file
2020-03-30 tikuta client: add filename and line in logging
2020-03-30 yekuang client: update isolated client
2020-03-27 tikuta client: update isolated client
2020-03-27 leilei Update luci_context.py, otherwise it is failed to get LUCI context in Python3.
2020-03-23 leilei Reland "Update Swarming client code to make it work with Python3."
2020-03-23 tikuta Reland "client: remove --extra-variable flag from isolate.py"
2020-03-19 tikuta client: show exception when failed to run command
2020-03-19 mattkot Re-cache free disk space when _load fails
2020-03-18 tikuta Revert "client: remove --extra-variable flag from isolate.py"
2020-03-17 tikuta Revert "Update Swarming client code to make it work with Python3."
2020-03-17 leilei Update Swarming client code to make it work with Python3.
2020-03-12 tikuta swarming: show account id when failed to get oauth_token
Created with:
roll-dep v8/tools/swarming_client
Bug: chromium:1070487
Change-Id: Ib8bc82a02d799d2756268243ba6d53b3508762ce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2147591
Auto-Submit: Ye Kuang <yekuang@google.com>
Commit-Queue: Ye Kuang <yekuang@google.com>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67141}
--incremental-marking-soft-trigger is a percentage of (limit - size)
at which incremental marking starts via a task.
--incremental-marking-hard-trigger is a percentage of (limit - size)
at which incremental marking starts immediately.
E.g. --incremental-marking-soft-trigger=50 and
--incremental-marking-soft-trigger=100 will start a task half-way to
the limit and start incremental marking at the limit.
Change-Id: I14be992c8552dc47de401b376b815f693564cb74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144069
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67140}
Location information doesn't reveal interesting bugs, but leads to
tedious duplicates when the location information deviates.
Bug: chromium:1068003
Change-Id: I0b6d0ee28e1a3f370d19e5593484ee250fd6928f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2148781
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67139}
Port 4558c1dfc5https://crrev.com/c/2141654
Original Commit Message:
As a drive-by, the order of rounding_average_u is adjusted according to
src/wasm/wasm-opcodes.h.
Change-Id: Ia2d39753f618f10e0795f83daa7e5a63f49f554a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2147578
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhao Jiazhong <zhaojiazhong-hf@loongson.cn>
Cr-Commit-Position: refs/heads/master@{#67136}
When memory.grow was executed concurrently on multiple threads a data
race could happen such that two memory.grow operations result in the
same return value. With this CL the return value of memory.grow is
unique, given that memory.grow actually grows the memory.
As a concrete example, assume a shared WebAssembly memory initially has
a size of 100. Assume two threads call memory.grow concurrently with a
parameter `10`. Then with the existing code, memory would grow correctly
to a size of 120, but the data race may cause both memory.grow
operations to return 100. With the change in this CL one memory.grow
operation would return 100, the other would return 110.
R=gdeepti@chromium.orgCC=rreverser@google.com
Bug: chromium:1067621
Change-Id: Ib22b5135714a56799e0818ccb39e5dce327e5f8e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144113
Reviewed-by: Ben Smith <binji@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67135}
AIX default page size is 4096 bytes hence
PlatformUsesGuardPages returns true. Power Linux however
has a default page size of 65536 bytes and the above function
is expected to return false. More info is available
at https://crrev.com/c/2144060.
Change-Id: I35a13ada5bd1b18729cfa039a0bc699a409fbc2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2147634
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67134}
older gcc compilers (tested on PPC gcc 6) may throw
a compilation error if std::pair is not constructed explicitly.
<algorithm> header also needs to be included to avoid the following
error:
error: 'remove_if' is not a member of 'std'
Change-Id: Ia7919185614fee1e2e35f2fb25f5fdf05b90e27f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2149565
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
Cr-Commit-Position: refs/heads/master@{#67133}
[1] has changed the layering between JavaScript and HTML substantially
with regards to queuing promise-related microtasks. This fixes up the
comments and parameter orders so that they match up with the current
spec.
[1]: c59502090e
Change-Id: I75650f7dc1c0b1d1c2b67aaf19d9791a0391a06d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2106997
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Timothy Gu <timothygu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67130}
A few notes:
1) Oilpan is a generic library, meaning that it can work with arbitrary
user types. The library is split in type-aware (include/) and
type-erased (src/) parts. The former comprises a lot of code that still
needs to be defended with dchecks;
2) Macros are prefixed with CPPGC_, so that they don't clash in the user
code with similar macros from other libraries;
3) The macros simply forward requests to V8 so that dcheck handlers can
be configured uniformly;
4) The CL doesn't contain CHECK_EQ and friends, but they can be added
later if needed.
Bug: chromium:1056170
Change-Id: I68e6f663247705233eaf030384164d81e53071e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2148774
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67129}
The CL also mooves the {ClearRegister} function to the
platform-independent LiftoffAssembler code.
R=clemensb@chromium.org
Bug: v8:10108
Change-Id: Ibf9f1829a525c859ad004636f678b82aa72d39ae
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2129637
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jacob Bramley <jacob.bramley@arm.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67126}
This reverts commit f2ea42d6b8.
Reason for revert: Makes UBSan unhappy: https://ci.chromium.org/p/v8/builders/ci/V8%20Linux64%20UBSan/10634
Original change's description:
> [wasm-debug-eval] Implement additional evaluator API methods
>
> This CL implements the __getLocal and __sbrk APIs of the evaluator
> interface. Also includes a drive-by fix of the imports' module: put
> them on the "env" module.
>
> Change-Id: Ie16d1b1cf924b88734eda184d1ce98d52f32f828
> Bug: chromium:1020120
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132786
> Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67122}
TBR=jkummerow@chromium.org,pfaffe@chromium.org
Change-Id: I23b078d37971e083c08c9b83994bbf38ac13f103
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:1020120
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2148787
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67124}
We were still occasionally failing tests because sometimes non-debug
Liftoff code was published *after* debug Liftoff code. This would
overwrite the debug code and we would not stop on function entry then.
This fixes this by only preferring Liftoff code in publishing if it has
been compiled for debugging.
As a side effect, this will also prefer TurboFan code which has been
compiled for debugging (i.e. Liftoff bailed out), but this would only
happen for experimental features and in this case we will just overwrite
TurboFan code with TurboFan code, which is fine.
R=thibaudm@chromium.org
Bug: v8:10410
Change-Id: I6516e9f474f6118f0f0c077e6789f604ca128e74
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144122
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67123}
This CL implements the __getLocal and __sbrk APIs of the evaluator
interface. Also includes a drive-by fix of the imports' module: put
them on the "env" module.
Change-Id: Ie16d1b1cf924b88734eda184d1ce98d52f32f828
Bug: chromium:1020120
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2132786
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67122}
For example, when --fuzzing is off, %OptimizeFunctionOnNextCall now
crashes when given a non-function argument.
The following behaviors remain unchanged for now:
- %DeoptimizeFunction continues to do nothing if the function is not
optimized.
- %DeoptimizeNow continues to do nothing if the top-most JS function
is not optimized.
- %OptimizeOSR continues to do nothing if the function already has
optimized code.
Bug: v8:10249
Change-Id: I35d2f3d50ce3f94c8ffccabe50fb4df2b70ce028
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2137406
Commit-Queue: Georg Neis <neis@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67121}
This adds a flag to {WasmCode} objects to store whether this code was
generated for debugging. This flag can be set for Liftoff code (in which
case the code will e.g. have an extended prologue for debugging), but it
can also be set for TurboFan, in case Liftoff bailed out when producing
the debugging code.
Having this flag allows us to remove the hack to pass the compilation
results to {OnFinishedUnits} just to check whether we actually wanted to
compile Liftoff functions.
Drive-by: Replace the {ReachedRecompilationTierField} by a
{MissingRecompilationField}, because all we need to know is if we are
still waiting for that function to get recompiled.
R=ahaas@chromium.org
Bug: v8:10330,v8:10410
Change-Id: Ia023df8955a60d9f5595a6cb2737e14d83baf716
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2142259
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67119}
This is a port of src/components/gc that was added recently.
Differences:
- Added back bucketing to the page pool, as that guarantees that
arenas used for specific types do not have their pages used by other
arenas.
- Replaced base::flat_map with std::map. This may cause performance
regressions when using PageMemoryRegionTree in hot paths. A
vector-like representation may be used to fix such a regression
This reverts commit a056cea51e.
Bug: chromium:1056170
Change-Id: Iffb8b0d91c8cca1815d7a1cda9486e7716aea75f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144060
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67117}
Before the "debug" flag was stored on the {CompilationEnv}. But each
background compilation task only gets the {CompilationEnv} once when
starting compilation, so by the time it picks up the "Liftoff for
debugging" compilation jobs, it might still compile them without the
debug flag being set. This leads to flakes in the "debug-step-into-wasm"
test, because we won't stop in the function prologue when stepping in
(because the function prologue does not check the "hook on function
call" flag if debug mode was not enabled).
This CL does not increase the size of a compilation unit, since both the
tier and the debug flag only need a single byte each.
As a nice side effect, this change allows us to remove the lock in
{CreateCompilationEnv}, because no modifyable flag is read any more.
R=thibaudm@chromium.org
Bug: v8:10410
Change-Id: Ic296ea0c4dd1d4dedde119f0536e87e5d301b5a1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144116
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67115}
ArrayBuffer instances are serialized by first re-assigning a index
to the backing store field, then serializing the object, and then
storing the actual backing store address again (and the same for the
ArrayBufferExtension). If serialization of the object itself is deferred,
the real backing store address is written into the snapshot, which cannot be
processed when deserializing, leading to a crash.
This fixes this by not deferring ArrayBuffer serialization and adding a DCHECK
for the crash that previously occurred.
Change-Id: Id9bea8268061bd0770cde7bfeb6695248978f994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144123
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67114}
- Minor improvements to the documentation for snapshotting.
- Add newlines to printed errors where necessary.
Change-Id: I822e7e850adb67eae73b51c23cf34e40ba3106f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144954
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67111}
Change the unittests Isolate mixin to create one Isolate per test,
rather than one per test suite. We usually run these tests independently
in separate processes anyway, so this shouldn't affect normal test
execution, but it will avoid Isolate state leaking across tests when
running the unittests binary directly.
Take this opportunity to also clean up the mixins, changing counter
initialization and forcing pointer compression into template traits.
Bug: v8:10142
Change-Id: If92046f9c6f2056252d099faed04d97844ef7319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143818
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67110}
Provides the infrastructure to register weak callbacks for
WeakMember<T> through visitor. The WeakCallbackInfo broker is used to
query objects for liveness. In a future CL the same broker object is
passed to custom weak callbacks.
Change-Id: I8b5a66354e0e457521989d40ae64a9558c339503
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2142265
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67109}
Introduce LivenessBroker which is a temporary broker object to expose
liveness during specific garbage collection phases.
This broker can be used to handle:
- PreFinalizer
- Custom weak callbacks
- Internal weak callbacks used for WeakMember
Change-Id: I3870c2b89b2538f04feabf2eb7a4676ce2fe7d61
Bug: chromium:1056170
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144059
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67107}
As a drive-by, the order of rounding_average_u is adjusted according to src/wasm/wasm-opcodes.h.
Bug: v8:9909
Change-Id: Ia3a2ed5869f8df8a2191afa034e0b9438de98bc5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2141654
Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Zhiguo Zhou <zhiguo.zhou@intel.com>
Cr-Commit-Position: refs/heads/master@{#67104}
