Rolling v8/build: 1c34f36..5b615fa
Rolling v8/buildtools/third_party/libc++abi/trunk: ecff200..b682786
Rolling v8/buildtools/third_party/libunwind/trunk: 3d54d41..44c86bb
Rolling v8/third_party/catapult: https://chromium.googlesource.com/catapult/+log/d1ddc12..ecd2da3
Rolling v8/third_party/depot_tools: 31bfd51..8fb649c
Rolling v8/third_party/fuchsia-sdk/sdk: version:8.20220510.2.1..version:8.20220516.3.1
Rolling v8/third_party/jsoncpp/source: 9059f5c..42e892d
Rolling v8/third_party/zlib: 9979c19..7085d03
Rolling v8/tools/clang: 9da9510..56af55b
Rolling v8/tools/luci-go: git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e..git_revision:d3db74920e35147955be43f62b5f4ed0cf84c614
Rolling v8/tools/luci-go: git_revision:2aa3d7e5e8662c5193059a490f07b7d91331933e..git_revision:d3db74920e35147955be43f62b5f4ed0cf84c614
R=v8-waterfall-sheriff@grotations.appspotmail.com,mtv-sf-v8-sheriff@grotations.appspotmail.com
Change-Id: I39db0aad04f28cc202fc7fa6bb31c2517b47f407
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3649375
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Liviu Rau <liviurau@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80593}
Split off a TurbofanFrame from OptimizedFrame, and make MaglevFrame a
subclass of OptimizedFrame. This allows it to be treated as an optimized
frame by code that is looking at deoptimization data.
Bug: v8:7700
Change-Id: Ia38e0f1c2cd73f054f63be81dff187d9197c1202
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644798
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80592}
NumFuzz passes various flags to V8 testing randomly, which can lead to
various flag contradictions with existing flags. Up to now the system
ignored the check for contradictions and kept running the test cases,
leading to false positives.
This change adds a new v8 flag --exit-on-contradictory-flags that
exists gracefully when a contradiction is detected. On the numfuzz
side we now filter simple contradictions beforehand.
Measurements showed that ~2% of all numfuzz tests ran into
contradictions. Around half of them are simple contradictions
(repetitions and inversions), which are now filtered beforehand.
The remaining ones (redundant or contradictory implications) are
now ignored.
Bug: v8:11826
Change-Id: I9942e203ba9668a097fabe1343dd1365c9da94c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650746
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80589}
Loading from/storing to the same field with incompatible mutabilities
is possible in unreachable code, specifically when a value is cast to
two different types with incompatible mutability for the same field
offset. Therefore, we allow this pattern in CsaLoadElimination.
When we detect it, we emit an Unreachable node to immediately crash the
program in case this unreachable code is somehow executed.
Bug: v8:7748, v8:12874
Change-Id: Ieb359d3e1b9f7bc4a91c556af2bba0507526d20e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644806
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80587}
This CL removes GCTracer::AssertMainThread and adds the more general
methods Heap::IsMainThread and Heap::IsSharedMainThread, to be used
in DCHECKs and elsewhere. It also introduces some const qualifiers.
Bug: v8:12425
Change-Id: Ibdec39ce77be704598ca0c8b440005dc27bd6997
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650600
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80586}
With the flag --always-use-string-forwarding-table (only used for
testing), we can have young generation strings in the
StringForwardingTable.
We need to update references to these strings when they are evacuated
during mark compact (previously this was only done after scavenge).
Bug: v8:12877, v8:12007
Change-Id: Ie108add176f71dcdf296bd94bdffa664cb75ae02
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650719
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80575}
1) In copy/move ctors and operator=() we can just copy raw compressed
value;
2) For null check we don't need to decompress the value;
3) Same for operator==().
4) Hashing can also be optimized in a followup.
Bug: chromium:1325007
Change-Id: Ic1bf2c5049802c078b3e0121dcbe62d9ecea83b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647359
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80571}
Part of the improve error messages initiative.
Based on a resource of JSON.parse() errors found at
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/JSON_bad_parse
Previously JSON.parse(NaN) would output:
SyntaxError: Unexpected token N in JSON at position 0
Now the output is:
SyntaxError: "NaN" is not valid JSON
Previously JSON.parse("{a:1}") would output:
SyntaxError: Unexpected token a in JSON at position 1
Now the output is:
SyntaxError: Expected property name or '}' in JSON at position 1
Bug: v8:6551
Change-Id: Ic9fad1fdbd295e1302805b81e6603fc526121960
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3513684
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Issack John <issackjohn@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80567}
The check whether worklists are empty sits after marking the
transitive closure, when it is guaranteed that no concurrent marker is
running anymore.
Bug: chromium:1325628
Change-Id: Ibfa7278df2181a0aa6c7e0f1d53d51e8afaa3352
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647830
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80566}
This adds a new struct "OOMDetails" which is passed to the
OOMErrorCallback. It currently holds the "is_heap_oom" bool that was
also passed before, plus an optional "detail" string.
The struct can later be extended without having to change the signature
of the OOMErrorCallback. Removing fields will have to follow the
standard deprecation rules, but this is also easily possible without the
hassle for this initial change.
We modify the deprecated OOMErrorCallback definition and un-deprecate it,
which can be seen as removing a deprecated API and adding a new one in
one CL.
R=mlippautz@chromium.org, jkummerow@chromium.org
Bug: chromium:1323177
Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80565}
Mostly in comments, not much to be said...
Bug: v8:12425
Change-Id: Ib1e4d3913f9b91eeafefbef13330fd1388223c06
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650597
Commit-Queue: Nikolaos Papaspyrou <nikolaos@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80562}
Calls to Flip and ResetLinearAllocationArea of SemiSpaceNewSpace are
(almost) always called together, and always at the start of evacuation.
Introducing NewSpace::EvacuatePrologue, allows removing these methods
from SemiSpaceNewSpace public interface and reduces future branches
between the semi space and paged new space cases.
Bug: v8:12612
Change-Id: Ic589a48c1e7751631603da757f4f5f7edb69e571
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650599
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80561}
This fixes a flaky crash when running with --turbo-stats or
--turbo-stats-wasm.
With dynamic tiering, it can happen that a compilation job is started
shortly before the program/test/benchmark terminates and the main thread
goes through its teardown sequence. When such a late job finishes, it
still wants to report its statistics, which currently crashes due to
UAF if the CompilationStats object, which is owned by the main thread,
has already been deleted.
Change-Id: Ie25a97299fdf40ece8f286487063feadcfa2eea9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645410
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80560}
Otherwise opening a HandleScope nested in a SHS also wouldn't allow PHS. This
currently happens in maglev..
Bug: v8:7700
Change-Id: Id279cf7ad8c83f68a3ba0050a0df718892636e9f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3650601
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80559}
This patch adds a side table to the MachineGraph that stores the
previously observed call count for the Call nodes used for Wasm
direct calls. This replaces a more convoluted system that accessed
processed feedback during compilation, keyed on source position.
Bug: v8:12166
Change-Id: I06109918030b8f256c5f170da5853394c1a69cc2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644803
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80558}
Record old-to-shared references in the C++ write barrier. When
an old-to-shared reference is created, this particular slot will be
atomically inserted into the old-to-new remembered set.
We already stopped clearing the old-to-new-remembered set after a
shared GC, so we already need to be able to handle such slots when
invalidating objects and in the sweeper.
Bug: v8:11708
Change-Id: I1b5854d58f6496228f3a3d9eb7acfd9492f09e68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3557232
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80555}
This uses a SparseBitVector instead of a BitVector for storing sets of
blocks. As we only use the mid-tier register allocator for huge
functions, this should generally be a win in both compile time and
memory usage.
R=mslekova@chromium.org
Bug: chromium:1313379, v8:12780
Change-Id: Icf5b50c62f1c5fd69877cd54833d9dea8d1c37e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3634781
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80554}
A few of LogTests have been crashing intermittently
after they were moved to unittests in this CL:
https://crrev.com/c/3616424
Will re-enable once issue is investigated.
Change-Id: I53435596274c935c028a625b610c54eadda9d1de
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647092
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#80551}
SpaceWithLinearArea will holds a ref to a struct containing
original_top_ and original_limit_ as well the lock used to sync them
for querying IsPendingAllocation.
PagedSpace is split into PagedSpaceBase (that holds all funcitonality)
and PagedSpace. The actual fields are owned by PagedSpace and NewSpace.
This is done in preparation for PagedNewSpace to allow PagedSpaceiBase
and NewSpace to share the same original_top_ and original_limit_ fields.
Bug: v8:12612
Change-Id: Iefbbd5209c5553db4ee16cb261734e6479e0f23f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644795
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80549}
