Now that V8_SANDBOXED_POINTERS is enabled by default on every platform
if the sandbox is enabled, it is no longer necessary to have a separate
option to enable/disable sandboxed pointers.
Bug: chromium:1218005
Change-Id: I2ab4c7c758010007765a3b0595357ddecfe9f258
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840937
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82587}
Since the overall motionmark regression is minor (<0.5%), we decided to
get benefits of pointer compression on M1. The CL can also slightly
regress speedometer2 (~0.3%).
Bug: chromium:1325007
Change-Id: Ib278f0e82e0ebde563caac79b9f32edfe2d09a53
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840301
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82586}
This is a reland of commit e50472d6a3.
In {ApplyCompilationHintToInitialProgress} we would reset the baseline
tier to {kNone} if the compilation strategy is {kDefault}, which is
wrong. We would not generate code but also not install the lazy stub,
so whenever we start executing the code before top-tier is ready we
would crash.
Original change's description:
> [wasm] Refactor compilation tier computations
>
> The way we initialized the "compilation progress" was pretty convoluted,
> with multiple levels of functions being called for initializing every
> single slot.
>
> This CL refactors this to compute one default value for the whole
> module, and only modifies those slots that need special handling (e.g.
> because of compilation hints, or lazy/eager compilation after
> deserialization).
>
> We also rename "liftoff_functions" to "eager_functions" in the
> deserialization path; the idea is that those functions should get
> eagerly compiled because we expect them to be needed during execution.
> Usually they would be Liftoff-compiled, but it's more consistent to use
> the existing logic to choose the baseline tier. In the default
> configuration, this will still use Liftoff, but if Liftoff is disabled
> we will use TurboFan instead.
>
> R=jkummerow@chromium.org, ahaas@chromium.org
>
> Bug: v8:12425
> Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82521}
Bug: v8:12425
Change-Id: Ie41e63148bf6bd0e38fc07a3a514f1094d9d26cf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838409
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82585}
NormalPageMemoryRegion is a span of 10 pages, all of which must belong
to the same space. This requirement imposes a fragmentation issue for virtual space, which is not ideal for the current 2GB cage
configuration.
The CL fixes this by mixing pages of different spaces inside the same
NormalPageMemoryRegion. With cage it's actually not necessary anymore
to have NormalPageMemoryRegion, but we keep it to allow the code to be
uniform for cage/non-cage configurations.
There is no type confusion across spaces, since pages (even empty) are
never shared between spaces. In addition, the shared cage puts an
additional memory constraint on the GC. So, there is no security benefit
in having NormalPageMemoryRegion assigned to a single space.
Savings in reserved address space:
cnn:2021: 14%
facebook_infinite_scroll:2018: 23%
Bug: chromium:1325007, chromium:1352649
Change-Id: I7b49032d581dd56feb8633734a1f37803e9526c6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840749
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82584}
The function is no longer used in Chromium or V8 and can therefore be
deleted. This CL also simplifies V8::GetSandboxSizeInBytes, which now no
longer needs to be able to deal with an uninitialized sandbox.
Bug: v8:10391
Change-Id: I22d6b0e03de1fd2ba3d38c4e476fca44068b62f9
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3769690
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82583}
This CL removes the COMPLETE state from incremental marking. Since
then the only states left were STOPPED and MARKING, we can replace
the state with an is_running_ boolean field.
The state could change back-and-forth between MARKING and COMPLETE.
IsMarking() was already also checking for COMPLETE. So most code
already treated both states the same. IsComplete() now checks whether
marking is running and a transitive closure was reached already.
IncrementalMarking::Step() didn't process the marking queue when in
COMPLETE. This should be relatively rare though since it only
transitioned into COMPLETE when the stack guard was armed and the
allocation observer ran again before reaching a stack guard check.
Bug: v8:12775
Change-Id: Ied48d8c512ad3d1b3d2e29393d43b434b5fda8fe
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835689
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82581}
This reverts commit c3a5c5b1e0.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20-%20shared/21941/overview
Original change's description:
> [heap] Ensure all old-to-shared slots are recorded
>
> This CL adds verification of the old-to-shared remembered set to
> --verify-heap. During shared GCs client heaps will be scanned for
> references into the shared heap, this CL will CHECK that every found
> slot is contained in the old-to-shared remembered set. After this
> gets a bit more stable, the full heap iteration can be dropped and we
> can fully rely on the remembered set instead.
>
> Bug: v8:11708
> Change-Id: I0b5c4edfe3271306e4e7af7394472534113e1953
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792605
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82578}
Bug: v8:11708
Change-Id: I26553d3b06d0e257a3425eeb884ccce57f026bde
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3841567
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#82580}
`JSWasmCallData` is replaced with a flag `do_conversion` to indicate if conversions of arguments and returns are needed, which is set as false for inlined js-to-wasm call wrappers.
Bug: v8:9407
Change-Id: I35244c8fc13d464d48031fb9d7d04ab277646ec5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837858
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Qifan Pan <panq@google.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82579}
This CL adds verification of the old-to-shared remembered set to
--verify-heap. During shared GCs client heaps will be scanned for
references into the shared heap, this CL will CHECK that every found
slot is contained in the old-to-shared remembered set. After this
gets a bit more stable, the full heap iteration can be dropped and we
can fully rely on the remembered set instead.
Bug: v8:11708
Change-Id: I0b5c4edfe3271306e4e7af7394472534113e1953
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3792605
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82578}
Add a version of BalanceDuration which take two TimeDurationRecord
and add them internally after converting to BigInt as nanoseconds so it will not overflow the double.
Use "std::isinf()" instead of "!std::isfinite()"
Inspired by https://github.com/tc39/proposal-temporal/issues/2380#issuecomment-1219194995
Bug: v8:11544
Change-Id: I29e06fa857ff43f2668e1e4ffd07735ff6efee42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837852
Commit-Queue: Frank Tang <ftang@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82576}
This is a reland of commit 872b7faa32
Original change's description:
> Fix Context PromiseHook behaviour with debugger enabled
>
> This is a solution for https://github.com/nodejs/node/issues/43148.
>
> Due to differences in behaviour between code with and without the debugger enabled, some promise lifecycle events were being missed and some extra ones were being added. This change resolves this and verifies the event sequence is consistent between code with and without the debugger.
>
> Change-Id: I3dabf1dceb14233226b1752083d659f1c2f97966
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3779922
> Reviewed-by: Victor Gomes <victorgomes@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82132}
Change-Id: Ifdd407261c793887fbd012d5a04ba36b3744c349
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3805979
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82575}
No need to insert into the old-to-shared remembered set for the
shared isolate itself. Check whether the host object is in the shared
isolate before inserting into the remembered set.
Bug: v8:13208, v8:11708
Change-Id: Ic1442653f6c27c51444544cd7b31356594b712e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3840298
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82574}
Pointer compression regresses binary size on Fuchsia by about 300K.
However, the change improves Oilpan memory by 15-20% (2-4% of PMF),
which is beneficial for memory-impoverished platforms.
Bug: chromium:1325007
Fuchsia-Binary-Size: See commit description.
Change-Id: Ie16fd992e45e29e264549a960e9755ec58da1691
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829313
Reviewed-by: Wez <wez@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82572}
Reference instruction lowerings are in the corresponding issue:
https://github.com/WebAssembly/relaxed-simd/issues/40
Lowers directly to Pmulhrsw in the macro assembler as we use
DefineSameAsFirst in place of the Movdqa on non-AVX hardware
Bug: v8:12609, v8:12284
Change-Id: I6de45a2d8895637f895d3b0cc68f5dd1f67f77aa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837853
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82571}
AcqRel barriers are currently unused and will be used by the shared
value barrier in a future CL.
Bug: v8:12547
Change-Id: I8ae40b9e17f007441125dfa5d0a04f46565785fd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827319
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82568}
mksnapshot is currently failing as FlagValues are not aligned
to kMinimumOSPageSize.
Change-Id: Ib6e88a3bd72af874022647ff9708024902f21a50
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838773
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82567}
This is a reland of commit 6ec7be21e6
The issues that caused the CL to be reverted appear to be unrelated
to this change as they still occurred after the revert.
Original change's description:
> [sandbox] Sandboxify WasmExportedFunctionData::sig
>
> This CL changes the WasmExportedFunctionData class to store a direct
> ExternalPointer to the wasm::FunctionSig instead of referencing it
> through a Foreign. This in turn makes it possible to use a unique
> pointer tag for that external pointer when the sandbox is enabled.
>
> Drive-by: move WasmInternalFunction::call_target external pointer to the
> end of the object, in line with other external pointer fields.
>
> Bug: v8:10391, v8:12949
> Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82523}
Bug: v8:10391, v8:12949
Change-Id: I108810ce86b95289dfb6d6377535813deac79a9f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3838109
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82565}
Provides a v8::base::Malloc::AllocateAtLeast() method that is also
UBSan-safe and use it in the GC's worklist.
Depends on https://crrev.com/c/3834601
Bug: v8:13193
Change-Id: I1bd182e613fb3c6a5a6b90bf56f12bd210d5ef8c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833818
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82562}
- Force RecordError in case of a TerminationException
- Remove Module::RecordErrorUsingPendingException
- Use more raw objects and instance methods if possible
Bug: v8:12379
Change-Id: Ia7e73715c3cdfe59d3fa324be3ce4213e454ff26
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829087
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82561}
Traced nodes were allocated black, even outside of GCs. Nodes would
always survive one GC, while the objects pointed to could die.
This CL removes black allocation and relies on proper write barriers
(that are anyways in place) to mark the nodes and their objects. This
also means that marked nodes should always point to live objects which
is now verified in the atomic pause.
Bug: v8:13141
Change-Id: Ie5cdc92d8fe5f57865d02b71d3fae9425ae532fa
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3820070
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82559}
Also fix eqref/i31ref fromJS() handling to accept unwrapped Smis.
This does not convert HeapNumbers to Smis if they fit.
Bug: v8:7748
Change-Id: Ida70a826f9541b7f3fbe9eecbb2b4fe362b5ef70
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829477
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82558}
The previous code incorrectly rounded down the number of entries to free
to kBlockSize (expressed in KB) instead of kEntriesPerBlock (expressed
in # of entries) to compute the start of the evacuation area. Further,
depending on the block sized used, the previous heuristics does not
necessarily guarantee that at least one full block would be evacuated.
This CL fixes both of these issues.
Bug: v8:10391
Change-Id: I5ddecd5d582bcf89e1c52df431f006889685320a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3837860
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82557}
In existing implementation, of MethodLoad event,
the method name passed to ETW is coming from
CodeEventLogger::CodeCreateEvent, and includes
the source file or URL, column and line numbers, method name
and a marker for the kind of code generation.
This is partially redundant, as the reference to source ID
will point to the already generated SourceLoad event, with
the file information. Also, Windows Performance Analyzer will
already pick line and column number for the stack representation.
So, for those cases, we just need to send to ETW the script
method name. Even better, this changeset uses the DebugNameCStr
logic to retrieve the inferred name in case there is no name
available.
Bug: v8:12987
Change-Id: If09c1fedc9da158a3c72932655e2e6b09e818d93
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3763862
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: José Dapena Paz <jdapena@igalia.com>
Cr-Commit-Position: refs/heads/main@{#82555}
Introducing IncrementalMarking::AdvanceForTesting as last bottleneck
for driving incremental marking in addition to AdvanceFromTask
and AdvanceOnAllocation.
Now that we have those 3 bottlenecks, Step() and AdvanceWithDeadline()
can become private methods in IncrementalMarking. We also don't need
the StepResult return value in Step() anymore, which allows us to
remove CombineStepResult.
Bug: v8:12775
Change-Id: I702714439ef7ea4b9abf2156387503d4d00a7a48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3823131
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82552}
This is a reland of commit ee89a26977
Original change's description:
> [wasm-gc] Add extern.externalize
>
> This adds `extern.externalize(ref null any): ref null extern` to wasm
> which packs wasm objects into JS objects if the js-interop flag is not set.
> This is the counterpart to extern.internalize introduced in
> 50ec8a11f2.
>
> Bug: v8:7748
> Change-Id: I67b8fe6d70b9f526ff6c43b0a4d7861c7ff5dad0
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825879
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82492}
Bug: v8:7748
Change-Id: Ie13cfd6464006dcadc2a53f2dbf77f76ab185504
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829940
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Matthias Liedtke <mliedtke@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82551}
This fixes a compile error in C++20.
Bug: chromium:1284275
Change-Id: If7f634f56bea94d594bd7a1e660b902dbebbab1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835291
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82550}
Maglev write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.
Bug: v8:11708
Change-Id: I9ff5ead0517e9682672452f9868b16fa0dd94be2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834256
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Auto-Submit: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82549}
Pass OrdinaryObjectCreate(*null*) to DifferenceISODateTime in NanosecondsToDays
and to DifferenceZonedDateTime in AddDuration
https://github.com/tc39/proposal-temporal/pull/2295
Bug: v8:11544
Change-Id: Ied1860b755b1cebd0fbcbc4bd574cd525f108378
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835263
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82547}
When a string is in a local or on the value stack at a breakpoint,
DevTools should be able to show its value.
Bug: v8:12868
Change-Id: I79014d74c8ef7b212469382bdedca85568b3bcc7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834038
Commit-Queue: Philip Pfaffe <pfaffe@chromium.org>
Auto-Submit: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Philip Pfaffe <pfaffe@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82542}
This reverts commit e50472d6a3.
Reason for revert: compilation-hints-decoder breakage
https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20ASAN/45708/overview
Original change's description:
> [wasm] Refactor compilation tier computations
>
> The way we initialized the "compilation progress" was pretty convoluted,
> with multiple levels of functions being called for initializing every
> single slot.
>
> This CL refactors this to compute one default value for the whole
> module, and only modifies those slots that need special handling (e.g.
> because of compilation hints, or lazy/eager compilation after
> deserialization).
>
> We also rename "liftoff_functions" to "eager_functions" in the
> deserialization path; the idea is that those functions should get
> eagerly compiled because we expect them to be needed during execution.
> Usually they would be Liftoff-compiled, but it's more consistent to use
> the existing logic to choose the baseline tier. In the default
> configuration, this will still use Liftoff, but if Liftoff is disabled
> we will use TurboFan instead.
>
> R=jkummerow@chromium.org, ahaas@chromium.org
>
> Bug: v8:12425
> Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
> Commit-Queue: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82521}
Bug: v8:12425
Change-Id: I45cef01ea40c50c3b86fbceca9b482a9bded535e
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835290
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Owners-Override: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82541}
This is a reland of commit 9cca4e60f1
This CL disables the mjsunit tests as well in single generation mode.
Original change's description:
> [heap] Handle old-to-new slot promotion to shared heap
>
> The GC might promote an in-place internalizable string from new space
> directly into the shared heap. This means that the GC might need to
> create OLD_TO_SHARED slots when updating OLD_TO_NEW slots.
>
> This CL implements this both for minor and full GCs.
>
> Bug: v8:11708
> Change-Id: I6102b9024d1dd5dd602d654b006ea5897ab5baa6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804604
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82298}
Bug: v8:11708
Change-Id: I9e96fe7c3f263d4088536d3a15af6d00fa82625e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828099
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82540}
This fixes C++20 compile errors due to math between disparate enum types
being deprecated (e.g. ENUM_A_VAL | ENUM_B_VAL).
Bug: chromium:1284275
Change-Id: I7fc83888bb9c8156909cbc3ea1b30ef94d4a2c1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830986
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82539}
Baseline write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.
Bug: v8:11708
Change-Id: I955f30376f3de912b418298cdcf1e38dd2adda2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834254
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82538}
