The CL splits the Oilpan giga-cage in two 2GB reservations: one for
normal pages and the other for large ones. The split enables fast
page-header lookup (assuming most objects reside on normal pages), which
is needed for:
1) the young generation project, where the remembered set will move to
pages;
2) the shared-cage project, to find HeapBase* from page-headers.
Bug: v8:12231, chromium:1029379
Change-Id: I4ae9e8a75a307ed0dff9a2ec4f1247b80e17ebd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3688519
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80950}
This is a reland of commit ea9a1f1cbe
Changes since revert:
- Make the state field uintptr-aligned since arm64 faults on
atomic accesses to non-naturally aligned addresses.
Original change's description:
> [shared-struct] Add Atomics.Mutex
>
> This CL adds a moving GC-safe, JS-exposed mutex behind the
> --harmony-struct flag. It uses a ParkingLot-inspired algorithm and
> each mutex manages its own waiter queue.
>
> For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
>
> Bug: v8:12547
> Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
> Commit-Queue: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Adam Klein <adamk@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80789}
Bug: v8:12547
Change-Id: I776cbf6ea860dcc6cb0ac51694a9b584b53d255c
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Cq-Include-Trybots: luci.v8.try:v8_mac_arm64_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3673354
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80875}
Remove code size and compilation time sampling for the "top tier
finished" event. With dynamic tiering, this event will never be reached.
R=ahaas@chromium.org
Bug: v8:12899
Change-Id: I1b0d053e31fe8cd1f8ba3b23bfff4c5879569b45
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647691
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80867}
The macro list makes it difficult to impossible to deprecate individual
methods (like the one receiving a {WasmModuleTieredUp} struct).
Hence avoid the macro list and instead call the macro explicitly for
each definition.
R=cbruni@chromium.org
Bug: v8:12899
Change-Id: I4139de7721c4a1450920c5be312e91e7478e6fa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3667076
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80865}
This CL adds a moving GC-safe, JS-exposed mutex behind the
--harmony-struct flag. It uses a ParkingLot-inspired algorithm and
each mutex manages its own waiter queue.
For more details, please see the design doc: https://docs.google.com/document/d/1QHkmiTF770GKxtoP-VQ1eKF42MpedLUeqiQPfCqus0Y/edit?usp=sharing
Bug: v8:12547
Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng
Change-Id: Ic58f8750d2e14ecd573173d17d5235a136bedef9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3595460
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80789}
When a callback does not intercept the request
1) it should not call info.GetReturnValue().Set(),
2) it must not produce side effects.
Bug: v8:12873, chromium:1310062
Change-Id: If02994f24f1a68eb96c1af7cdd6dd7109f0617c4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652786
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80742}
The majority of 64-bit Android devices appear to be using a 40-bit
address space, i.e. 512GB for userspace. Allocating a 256GB sandbox
(plus 2x 32GB guard regions) may take too much of the address space and
cause the creation of other address space reservations (e.g. the cppgc
caged heap), which are created per worker, to fail later on.
In general, we should try to limit the sandbox size to less than 1/4 of
the address space, so this CL shinks the sandbox on Android to 128GB.
Bug: chromium:1327131
Change-Id: Ib48b45506ad6a7a5e15b95115c7642bf62a68fa1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3652783
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80636}
Dynamic tiering is now enabled by default, and the origin trial is
expired, so the callback can be removed.
The callback was already never called, because the flag value is always
checked first.
R=ahaas@chromium.org, mlippautz@chromium.org
Bug: v8:12281
Change-Id: I58eaa210c86024128328a13ba07bb8fc1b437841
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644951
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80633}
There is a DCHECK in the gin platform that {ShouldYield} is not called
again after it already returned {true}.
This CL adds a similar DCHECK to the default platform to catch bugs
earlier (in d8).
R=ahaas@chromium.org, mlippautz@chromium.org
Bug: chromium:1277962
Change-Id: I4dc9d880cf6d36e3e497c5324aaf44889fe7fcee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644801
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80611}
1) In copy/move ctors and operator=() we can just copy raw compressed
value;
2) For null check we don't need to decompress the value;
3) Same for operator==().
4) Hashing can also be optimized in a followup.
Bug: chromium:1325007
Change-Id: Ic1bf2c5049802c078b3e0121dcbe62d9ecea83b3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647359
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80571}
This adds a new struct "OOMDetails" which is passed to the
OOMErrorCallback. It currently holds the "is_heap_oom" bool that was
also passed before, plus an optional "detail" string.
The struct can later be extended without having to change the signature
of the OOMErrorCallback. Removing fields will have to follow the
standard deprecation rules, but this is also easily possible without the
hassle for this initial change.
We modify the deprecated OOMErrorCallback definition and un-deprecate it,
which can be seen as removing a deprecated API and adding a new one in
one CL.
R=mlippautz@chromium.org, jkummerow@chromium.org
Bug: chromium:1323177
Change-Id: Ic4c2cb5856906ebd664626fe463d8e96cb99b0a5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647827
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80565}
This CL removes some deprecated sandbox APIs and introduces new ones, in
particular IsSandboxInitialized and GetSandboxReservationSizeInBytes. In
additon, this CL also adds comments to the various public methods of the
Sandbox class.
Bug: v8:10391
Change-Id: If5c3081a0b9f7f192966150a0d2716099357363a
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647362
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80544}
This is a reland of commit 8278cb5015
The reland adds the RestartFrameTrampoline to the list of
builtins that the deoptimizer is allowed to return from for
control flow integrity.
Original change's description:
> [inspector] Re-enable Debugger#restartFrame
>
> Doc: https://bit.ly/revive-restart-frame
>
> This CL "undeprecates" Debugger#restartFrame and adds a new optional
> "mode" parameter for back-wards compatibility. Moreover, the return
> values are all deprecated. They were never actually used in the
> DevTools frontend and the same information is available from the
> Debugger#paused event that fires once execution stops at the
> beginning of the restarted function.
>
> The CL also re-baselines all the restart-frame inspector tests that
> now run successfully.
>
> R=bmeurer@chromium.org, kimanh@chromium.org
>
> Bug: chromium:1303521
> Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80491}
Bug: chromium:1303521
Change-Id: I13e2f8b5011795a38e541310622b8333a3d08049
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3644624
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80534}
This is more consistent with similar features, for example
V8_ENABLE_WEBASSEMBLY or V8_ENABLE_MAGLEV.
Drive-by: remove V8_SANDBOX_IS_AVAILABLE as it's no longer needed.
Bug: v8:10391
Change-Id: I8658c5b0c331a4c73892737083b2c2f9b8f84056
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647355
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Auto-Submit: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80530}
With this CL, the decompression simply becomes:
movsxd rax, edi
add rax, rax
and rax, qword ptr fs:[base@TPOFF]
Bug: chromium:1325007
Change-Id: I931e4e667a9b9697671bccf14575420f8cb705e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629871
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80521}
With caged heap enabled, we can halve Member<> by storing only the least
significant half. The base of the heap is stored in a thread local
variable. The feature has therefore an implication that only single heap
is allowed per thread.
The feature is gated by the new GN arg:
cppgc_enable_pointer_compression.
Bug: chromium:1325007
Change-Id: Ic7f1ecb7b9ded57caad63d95bbc8e8ad6ad65031
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2739979
Reviewed-by: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Almothana Athamneh <almuthanna@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80518}
This reverts commit 8278cb5015.
Reason for revert: breaking https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20arm64%20-%20sim%20-%20CFI/10778/overview
Original change's description:
> [inspector] Re-enable Debugger#restartFrame
>
> Doc: https://bit.ly/revive-restart-frame
>
> This CL "undeprecates" Debugger#restartFrame and adds a new optional
> "mode" parameter for back-wards compatibility. Moreover, the return
> values are all deprecated. They were never actually used in the
> DevTools frontend and the same information is available from the
> Debugger#paused event that fires once execution stops at the
> beginning of the restarted function.
>
> The CL also re-baselines all the restart-frame inspector tests that
> now run successfully.
>
> R=bmeurer@chromium.org, kimanh@chromium.org
>
> Bug: chromium:1303521
> Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
> Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
> Commit-Queue: Simon Zünd <szuend@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80491}
Bug: chromium:1303521
Change-Id: Ibc33328c31a4b6ea736d07ce5e5ee109039eec8b
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3645767
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80495}
Doc: https://bit.ly/revive-restart-frame
This CL "undeprecates" Debugger#restartFrame and adds a new optional
"mode" parameter for back-wards compatibility. Moreover, the return
values are all deprecated. They were never actually used in the
DevTools frontend and the same information is available from the
Debugger#paused event that fires once execution stops at the
beginning of the restarted function.
The CL also re-baselines all the restart-frame inspector tests that
now run successfully.
R=bmeurer@chromium.org, kimanh@chromium.org
Bug: chromium:1303521
Change-Id: I34bddeb1f2f4ff3dee58dd82e779c111495566f3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616505
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80491}
Deprecate the existing parameter to treat global objects as roots as
this is implied by exposing internals.
Bug: chromium:1321620
Change-Id: I73a8124d63f87599dee7080980844c418eb3b5e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3637797
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80456}
Deprecate the OOMErrorCallback such that we can add a new parameter for
OOM details.
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I72c931ad0d1b75cda46e8815387098acbe091c68
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632106
Reviewed-by: Lutz Vahl <vahl@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80453}
This adds a typedef for LegacyOOMErrorCallback, which is identical to
OOMErrorCallback. Embedders will need to switch to
LegacyOOMErrorCallback so that we can change the definition of
OOMErrorCallback (see https://crbug.com/1323177).
R=mlippautz@chromium.org
Bug: chromium:1323177
Change-Id: I92312a577ca49e0174f2bb6b914cc11c3a0b0fc1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3632305
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80424}
Allocation granularity (8 bytes on 64bit platforms) is already subsumed
by whatever range size we choose.
Bug: chromium:1029379
Change-Id: Iab95e6f36955c9ffbbe9ea0c98cb9d1f8dd0337b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3629869
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80415}
- Repurpose flag `treat_global_objects_as_roots` when taking a heap
snapshot for toggling whether internals should be exposed (to
`hide_internals`).
- Use the toggle in creating heap snapshots for exposing class names
as object names for C++ objects that have not explicitly been given a
name.
Change-Id: I77d71babfdfe53269964fe81ed985037a431c28b
Bug: chromium:1321620
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3623740
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80391}
Before this CL, the heap object name of unnamed objects(those not
inheriting from NameProvider) would be solely determined by whether the
build-time configuration cppgc_enable_object_names is enabled.
This patch adds a way to override that value at runtime. This is
useful for preserving default behavior with custom builds but at the
same time allow them to still enable the feature.
Bug: chromium:1321620
Change-Id: I3aa06db15e58d9ba9773be6797572f17f007e9ee
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3620279
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80338}
This CL changes MaybeLocal::ToLocal documentation to assign |out|
with nullptr when the MaybeLocal is empty to be consistent with
the behavior.
Bug: v8:12845
Change-Id: I8145d6604c51b79f137b686b3e9b4f328534e0a8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616432
Commit-Queue: 王澳 <wangao.james@bytedance.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80329}
Due to the consistent overhead of snapshot checksum verification
we ideally want to avoid it all-together. However there are still enough
devices out there that suffer from corrupted snapshots that might
cause hard to debug heap corruptions.
This CL exposes the calculated (dummy value for now) and the expected
snapshot checksum as a crash key, so it can be easily consulted during
investigation.
Note: The calculated crash key contains 0x0 for now as a dummy value. We
will come up with a strategy later-on to limit the overhead of
calculating the checksum.
Bug: v8:12195
Change-Id: I6da6d74c035cb6f9b0edae212a36e6c41c048a5b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3605813
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80325}
This change adds support for computing SHA-256 hashes in the stack
output of errors by adding a function to the prototype of the
`CallSite` object, passed to `Error.prepareStackTrace`. Additionally,
it updates the `hash` property from `Debugger.scriptParsed` and
`Debugger.scriptFailedToParse` to be SHA-256 instead of the
proprietary hash it is today.
It is intended to be an advancement in indexing source maps to
support improved tooling, especially for post-hoc or in-production
diagnostics scenarios.
The explainer can be found here:
https://docs.google.com/document/d/13hNeeLC2Ve_FVieNndZUUUP15x2O4ltvjnGWwOsMlrU/edit?usp=sharing
Change-Id: Ifbbed4b22c8256e74e6d79974d2dd1e444143eda
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229957
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Robert Paveza <Rob.Paveza@microsoft.com>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80320}
The CL prepares the sources and the tests for enabling
cppgc_enable_young_generation by default. The static initializer
in YoungGenerationEnabler (due to v8::base::Mutex) changed to be lazy.
The tests are now checking the runtime flag.
Bug: chromium:1029379
Change-Id: I1497a3dd2b8d62c1acd48496821f07324b7944d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3616726
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80304}
The CL introduces a new option --cppgc-young-generation. This option
can't be enabled statically, because V8 options are parsed after heap
initialization. The CL changes minor GC so that it can be enabled
dynamically. The way it works is as follows:
- the user calls YoungGenerationEnabler::Enable();
- a heap checks in the next atomic pause whether the flag was enabled;
- if so, the heap enables young generation for itself.
To avoid barrier regressions without young-generation enabled, the CL changes the meaning of the global flag is-any-incremental-or-concurrent-marking to is-barrier-enabled.
The runtime option would enable us to test young generation on try-
and performance-bots.
Bug: chromium:1029379
Change-Id: I664cccdcd208225ffcbf9901f1284b56d088c5c3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3607993
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80274}
* Prefix all isolate variables with i_ for i::Isolate and
v8_ for v8::Isolate
* Change _DO_NOT_USE macro suffix to _INTERNAL
Change-Id: I005efbe0192cf202741448c63a4263e6a4b1fa1b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610429
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80252}
It is expected that changing page permissions can fail due to the system
running out of memory. However, any other failure is unexpected and
likely indicates a bug in the caller, such as changing the permissions
of an invalid memory region. To allow distinguishing between these
unexpected failures and expected OOM failures, this CL adds CHECKs into
the low-level memory management routines to abort when an unexpected
failure occurs.
Similar logic could later be added to other low-level memory management
routines that can legitimately fail due to OOM as well.
Bug: chromium:1320126
Change-Id: I3de6f4b2aed8962c91770b81382df34384584501
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610445
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80245}
If the following conditions hold:
1) value is kSentinel,
2) slot is on stack,
3) stack is allocated below 4GB,
then the generational barrier would be erroneously triggered for the
stack object object. This CL fixes it. At the same time, it aims to
simplify the code and potentially optimizes it (by having 'and' instead
of 'sub').
Bug: chromium:1029379
Change-Id: Iafd91d50b0a1c3d97647f7bf3643dfcc7e9fb48f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3608629
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80202}
It's necessary to support fast W^X permission switching on MacOS on
ARM64 ("Apple M1"/Apple Silicon) where permission modification of RWX
pages to anything else is prohibited.
On all the other architectures/platforms RecommitPages() is equivalent
to SetPermissions().
The new API will be used in a follow-up CLs.
Bug: v8:12797
Change-Id: Id0d8b8c42c81b80cd8fa6b47c227680d7d1f9b10
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3606231
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Samuel Groß <saelo@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80190}
When setting a range for a newly allocated lab, consider adjacent cards.
If either is young, don't mark it as kMixed.
Bug: chromium:1029379
Change-Id: If7d1d920dd5769679de68800eae61f3a8dc1eb17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3584116
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80175}
One of the biggest categories in heap snapshots is named “(system)”,
which gives developers no indication of why all that memory is used or
what they might do to reduce it. In this change, I propose that we
create a new category for Maps, DescriptorArrays, and related objects,
and call this new category “(object shape)” in the devtools. I think
that this category name would be more meaningful, while still grouping
those objects together so that they mostly stay out of the way.
Bug: v8:12769
Doc: https://docs.google.com/document/d/1a-6V_2LIJuRcsppwh6E18g8OSnC9j6gN4ao2gq--BiU
Change-Id: I282a7b87c34ca6ed371ff32f3c7332d794ae42ca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3587974
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#80123}
Remove PENDING state as handles were always immediately transitioned
into FREE or NEAR_DEATH state.
Bug: v8:12672
Change-Id: I9a9d40b573e862282d41d7a4a3f9c8c8ed21b9e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599473
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80119}
When moving forward and optimizing internals, these APIs cannot be
trusted anymore as their semantics are tangled to the current
implementation.
Bug: v8:12819
Change-Id: I0e3370724307a420ee42fed8070b55542be9400d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3599475
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80082}
Removes support for specifying weak handles with finalizers that allow
for object resurrection.
This CL removes the public facing APIs. Internal support will be
removed in a follow up.
Bug: v8:12672
Change-Id: Ia6ea269093aaa128caadb7508aca2e5a1254923c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596174
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80070}
Doc: https://bit.ly/revive-restart-frame
Context: https://crrev.com/c/3582395 (whole feature)
This CL adds a new optional flag `canBeRestarted` to every call frame
in Debugger.paused events. As the name suggests, the flag indicates
whether we can restart a particular frame through Debugger.restartFrame
once implemented.
We are not able to safely restart all frames:
* We don't support WASM frames
* We don't support frames where resumable functions (async fns,
generators) and embedder C++ frames are between the top-most
frame and the to-be-restarted frame.
Note that from a CDP perspective the flag doesn't actually guarantee
a successful restart. CDP clients can issue
CDP commands between the Debugger.paused event and before a user
decides to restart a frame, which can potentially mess
with the stack.
The `canBeRestarted` flag tests are folded into the
Debugger.restartFrame tests. As the feature is not yet fully
implemented we short-circuit most of the tests for now and only
run them up until the first Debugger.restartFrame call fails
(except "fails-for-resumables.js").
This means the tests exercise the `canBeRestarted` flag, but not
the restarting functionality itself.
R=bmeurer@chromium.org, kimanh@chromium.org
Bug: chromium:1303521
Change-Id: I01ab46dc3557ab8383960969fbe03e00604cc5e2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3596160
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Kim-Anh Tran <kimanh@chromium.org>
Commit-Queue: Simon Zünd <szuend@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80046}
