All uses of the build flag will be removed in a follow-up CL.
Bug: v8:11112
Change-Id: Ifc3d9ed5d642646edeba51aa6d60924796d0f788
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322769
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78294}
This is a reland of 2d087f237e
The changes are :
* Fix redundant reinterpret_cast in test file for MSVC failure
https://crbug.com/v8/12476
* Fix flaky test
https://crbug.com/v8/12475
If a sample is captured during a GC, no embedder context is obtained
defaulting to EMPTY. This is the expected behavior, made it in clear
in implementation and in test.
* Synchronized the embedder context filter behavior with existing
native context filter.
Original change's description:
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}
Bug: chromium:1263871
Change-Id: Ief891b05da99c695e9fb70f94ed7ebdecc6c3b7b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3320037
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78281}
This reverts commit 2d087f237e.
Reason for revert:
- Causing MSVC build failures: https://crbug.com/v8/12476
- Causing flaky failures: https://crbug.com/v8/12475
Original change's description:
> [profiler] Surface VM & Embedder State
>
> Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
>
> EmbedderState:
> * An EmbedderState is defined as a value uint8_t and a v8::context used
> for filtering.
> * EmbedderStates are stack allocated by the embedder, construction and
> destruction set/unset the state to the isolate thread local top.
> * A v8::context is used to filter states that are added to a CpuProfile,
> if the CpuProfile do not have a ContextFilter set or if contexts do not
> match, state defaults to Empty.
>
> * v8:StateTag is already propagated all the way to a Sample, simply add
> an API to surface it.
>
> VMState:
> Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
> Bug: chromium:1263871
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
> Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Commit-Queue: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78250}
Bug: chromium:1263871, v8:12475, v8:12476
Change-Id: I02670b1ed3bb863033208369227642a7419fce00
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315444
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78256}
When leak sanitizer is active, an LsanVirtualAddressSpace is used and
takes care of marking the allocated pages as lsan root regions.
Bug: chromium:1276767
Change-Id: I3d8a61f7d3c59e4574e46707d2217031a32e3f0e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314828
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78251}
Add APIs to surface VMState and new EmbedderState to CpuProfile samples.
EmbedderState:
* An EmbedderState is defined as a value uint8_t and a v8::context used
for filtering.
* EmbedderStates are stack allocated by the embedder, construction and
destruction set/unset the state to the isolate thread local top.
* A v8::context is used to filter states that are added to a CpuProfile,
if the CpuProfile do not have a ContextFilter set or if contexts do not
match, state defaults to Empty.
* v8:StateTag is already propagated all the way to a Sample, simply add
an API to surface it.
VMState:
Change-Id: I7eed08907360b99b0ad20ddcff59c95c7076c85e
Bug: chromium:1263871
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3188072
Auto-Submit: Corentin Pescheloche <cpescheloche@fb.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78250}
Use an atomic marking state in all builds - even builds with concurrent
marking disabled. This will allow us to simplify our code a bit.
This CL starts by always using MajorMarkingState for
MarkCompactCollector::MarkingState and removing V8_ATOMIC_MARKING_STATE.
Bug: v8:12470
Change-Id: I88a65647fb2142a63b2b51fc21391c8ef1baa82d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3314864
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78241}
This interface is meant to eventually replace the existing
v8::PageAllocator interface. Beyond general refactoring of the
PageAllocator APIs, the new interface now supports the concept of
(contiguous) address space reservations, which previously had to be
implemented through page allocations. These reservations now make better
use of provided OS primitives on Fuchsia (VMARs) and Windows
(placeholder mappings) and can be used to back many of the cages and
virtual memory regions that V8 creates.
The new interface is not yet stable and may change at any time without
deprecating the old version first.
Bug: chromium:1218005
Change-Id: I295253c42e04cf311393c5dab9f8c06bd7451ce3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3301475
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78235}
Some performance sensitive paths in V8 (compilation/json parsing) or
paths with high allocation/freeing throughput can suffer from not being
able to reuse recently freed allocations. These paths can also
significantly increase the working set and cause large number of page
faults. For such paths (at least as an initial measure) we are planning
to disable allocation quarantining.
The CL provides a way for the embedder to hook in *Scan functions that
disable/enable quarantining. It also disables *Scan for json parsing and
compilation jobs.
Bug: chromium:1249550
Change-Id: I0274f66010435f3d4d091fe70fabcd20f46dc0d2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3306389
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78178}
Snapshot decompression for new isolates or new context is roughly 10%
of the time. Unlike on mobile, we don't need to compress the snapshot
on desktop where we can live with a 400KiB regression.
Bug: v8:12195, chromium:1270752
Change-Id: Ie4b307125f5df3d94374d5295b06c457ab6e8c24
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3275554
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78087}
This is a reland of d7c3f1cd8a. It fixes
a build failure on native arm64.
Original change's description:
> Reland "[fastcall] Enable float support on arm64 simulator"
>
> This is a reland of b9ddcbc86f
>
> The original CL was reverted due to an MSAN issue, that is fixed by
> moving the signature mapping onto the Isolate (instead of having
> per-thread storage, which got invalid on multithreaded compilation).
>
> This CL also contains fixes for the Bazel config and for a data race
> when obtaining the PerIsolateSimulatorData.
>
> Original change's description:
> > [fastcall] Enable float support on arm64 simulator
> >
> > This CL adds support for handling calls to C functions with arbitrary
> > signatures on the arm64 simulator. It adds infrastructure for
> > encoding the signature data from CallDescriptor and FunctionInfo
> > classes into a compact representation, stored in the simulator and
> > called EncodedCSignature.
> >
> > Design doc:
> > https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
> >
> > This CL is a follow up on the native support added in
> > https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> > and is partially based on the previous attempt:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2343072
> >
> > Bug: chromium:1052746
> > Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> > Commit-Queue: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77744}
>
> Bug: chromium:1052746, chromium:1267854
> Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78018}
Bug: chromium:1052746, chromium:1267854
Change-Id: Ib495573569a6c930b8f9e5f1fe7ff46eb57a0aa7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295461
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78063}
This reverts commit d7c3f1cd8a.
Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Android%20Arm64%20-%20debug%20builder/22043/overview
Original change's description:
> Reland "[fastcall] Enable float support on arm64 simulator"
>
> This is a reland of b9ddcbc86f
>
> The original CL was reverted due to an MSAN issue, that is fixed by
> moving the signature mapping onto the Isolate (instead of having
> per-thread storage, which got invalid on multithreaded compilation).
>
> This CL also contains fixes for the Bazel config and for a data race
> when obtaining the PerIsolateSimulatorData.
>
> Original change's description:
> > [fastcall] Enable float support on arm64 simulator
> >
> > This CL adds support for handling calls to C functions with arbitrary
> > signatures on the arm64 simulator. It adds infrastructure for
> > encoding the signature data from CallDescriptor and FunctionInfo
> > classes into a compact representation, stored in the simulator and
> > called EncodedCSignature.
> >
> > Design doc:
> > https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
> >
> > This CL is a follow up on the native support added in
> > https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> > and is partially based on the previous attempt:
> > https://chromium-review.googlesource.com/c/v8/v8/+/2343072
> >
> > Bug: chromium:1052746
> > Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> > Commit-Queue: Maya Lekova <mslekova@chromium.org>
> > Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77744}
>
> Bug: chromium:1052746, chromium:1267854
> Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#78018}
Bug: chromium:1052746, chromium:1267854
Change-Id: Ia8f10d085d13990b331f306957f95ecf3e003cfd
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3295453
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78019}
This is a reland of b9ddcbc86f
The original CL was reverted due to an MSAN issue, that is fixed by
moving the signature mapping onto the Isolate (instead of having
per-thread storage, which got invalid on multithreaded compilation).
This CL also contains fixes for the Bazel config and for a data race
when obtaining the PerIsolateSimulatorData.
Original change's description:
> [fastcall] Enable float support on arm64 simulator
>
> This CL adds support for handling calls to C functions with arbitrary
> signatures on the arm64 simulator. It adds infrastructure for
> encoding the signature data from CallDescriptor and FunctionInfo
> classes into a compact representation, stored in the simulator and
> called EncodedCSignature.
>
> Design doc:
> https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
>
> This CL is a follow up on the native support added in
> https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> and is partially based on the previous attempt:
> https://chromium-review.googlesource.com/c/v8/v8/+/2343072
>
> Bug: chromium:1052746
> Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77744}
Bug: chromium:1052746, chromium:1267854
Change-Id: I89bbd01e33fb1080543d98bcfd4c2d17b5c76861
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3270541
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78018}
This reverts commit b9ddcbc86f.
Reason for revert: Hits unreachable on MSAN, see https://bugs.chromium.org/p/chromium/issues/detail?id=1267854
Original change's description:
> [fastcall] Enable float support on arm64 simulator
>
> This CL adds support for handling calls to C functions with arbitrary
> signatures on the arm64 simulator. It adds infrastructure for
> encoding the signature data from CallDescriptor and FunctionInfo
> classes into a compact representation, stored in the simulator and
> called EncodedCSignature.
>
> Design doc:
> https://docs.google.com/document/d/1ZxOF3GSyNmtU0C0YJvrsydPJj35W_tTJZymeXwfDxoI/edit
>
> This CL is a follow up on the native support added in
> https://chromium-review.googlesource.com/c/v8/v8/+/3182232
> and is partially based on the previous attempt:
> https://chromium-review.googlesource.com/c/v8/v8/+/2343072
>
> Bug: chromium:1052746
> Change-Id: I0991b47bd644b2fc2244c5eb923b085261f04765
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3060486
> Commit-Queue: Maya Lekova <mslekova@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77744}
Bug: chromium:1052746, chromium:1267854, chromium:1267841
Change-Id: If3d5aaab6b5f4309ce90add614d674aaa86b43c7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3268910
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77788}
A CagedPointer is guaranteed to point into the Virtual Memory Cage and
will for example be used for ArrayBuffer backing stores when the heap
sandbox is enabled. In the current implementation, CagedPointers are
stored as offsets from the cage base, shifted to the left. Because the
cage base address is usually available in a register, accessing a
CagedPointer is very efficient, requiring only an additional shift and
add operation.
Bug: chromium:1218005
Change-Id: Ifc8c088e3862400672051a8c52840514dee2911f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123417
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77614}
This is a reland of 45227ffdb4
Differences:
- Handle one more flags conflict in variants.py.
- Disallow %VerifyType without --concurrent-recompilation.
Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
> OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
> HeapConstant Factory::zero_string(). However, NumberToString does
> not always produce this string. To avoid regressions, the CL keeps
> the HeapConstant type and changes the runtime and builtin code to
> always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}
Change-Id: I5b3c6745c6ad349ff8c2b199d9afdf0a9b5a7392
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247035
Auto-Submit: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77596}
This reverts commit 45227ffdb4.
Reason for revert: Breaks on gc_stress mode, see https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux%20-%20gc%20stress/35988/overview
Original change's description:
> [turbofan] extend type asserts to cover all JS types
>
> Extend type assertions to all types covering JavaScript values.
> This is achieved by allocating type representations on the heap using
> newly defined HeapObject subclasses. To allocate these in the compiler,
> we disable concurrent compilation for the --assert-types flag for now.
>
> Fix two type errors that came up with the existing tests:
> 1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
> OtherObject.
> 2. OperationTyper::NumberToString(Type) can type the result as the
> HeapConstant Factory::zero_string(). However, NumberToString does
> not always produce this string. To avoid regressions, the CL keeps
> the HeapConstant type and changes the runtime and builtin code to
> always produce the canonical "0" string.
>
> A few tests were failing because they check for truncations to work
> and prevent deoptimization. However, AssertType nodes destroy all
> truncations (which is by design), so these tests are incompatible
> and now disabled for the assert_types variant.
>
> Drive-by fix: a few minor Torque issues that came up.
>
> Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Omer Katz <omerkatz@chromium.org>
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77565}
Change-Id: Ia779a11fc811846194c7a8d1e40b372b265e7ea4
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3247034
Auto-Submit: Maya Lekova <mslekova@chromium.org>
Owners-Override: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77566}
Extend type assertions to all types covering JavaScript values.
This is achieved by allocating type representations on the heap using
newly defined HeapObject subclasses. To allocate these in the compiler,
we disable concurrent compilation for the --assert-types flag for now.
Fix two type errors that came up with the existing tests:
1. JSCreateKeyValueArray has type Array (i.e., a JSArray) instead of
OtherObject.
2. OperationTyper::NumberToString(Type) can type the result as the
HeapConstant Factory::zero_string(). However, NumberToString does
not always produce this string. To avoid regressions, the CL keeps
the HeapConstant type and changes the runtime and builtin code to
always produce the canonical "0" string.
A few tests were failing because they check for truncations to work
and prevent deoptimization. However, AssertType nodes destroy all
truncations (which is by design), so these tests are incompatible
and now disabled for the assert_types variant.
Drive-by fix: a few minor Torque issues that came up.
Change-Id: If03b7851f7e6803a2f69edead4fa91231998f764
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234717
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77565}
... and introduce CodeRange::GetWritableReservedAreaSize() as a
bottleneck for calculating a size of the writable area used for unwind
information.
Bug: v8:11880
Change-Id: Ifa2a3f74ce994cffb6bb8bef12ab17b69dabd706
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244409
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77555}
We introduce simple escape analysis for wasm-gc objects, where struct
allocations that are only assigned to are eliminated. Handling phi uses
of allocated objects is left for future work.
Bug: v8:11510
Change-Id: Ibd0b220466546e150b26b02890572a5174c6872d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229744
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77515}
Disable --concurrent-inlining when v8_dict_property_const_tracking is
enabled, since the latter doesn't support the former. Add statusfile
variables to mark this as an incompatible flag, and otherwise disable it
via flags.
Change-Id: Ie2e7dac6f4a1ddc97e7e7f4d4d2c77e638e216a0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229565
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77455}
Young generation collection requires that full GCs unmark before
starting marking.
Bug: v8:12324
Change-Id: Id6cc218057252cbf0664326126f34b07ac8ea247
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229570
Auto-Submit: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77445}
... by updating the checks for not_mapped_symbol root and using proper
cage base values depending on the host object type.
Bug: v8:11880
Change-Id: I28908cbb5b1023addaee248028661d480734e29c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222760
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77435}
Port 255aaed95b
Port 6bd44dfe57
Change-Id: I9d57cf7782c267bda4532d0408e69b671e6001f1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220271
Reviewed-by: ji qiu <qiuji@iscas.ac.cn>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: ji qiu <qiuji@iscas.ac.cn>
Commit-Queue: Yahan Lu <yahan@iscas.ac.cn>
Auto-Submit: Yahan Lu <yahan@iscas.ac.cn>
Cr-Commit-Position: refs/heads/main@{#77407}
There is no need to wrap the cage's page allocator into a
LsanPageAllocator as that page allocator ultimately relies on the
platform page allocator to obtain pages. As the platform page allocator
will be a LsanPageAllocator when LSAN is enabled, it will already take
care of marking the pages as root regions with LSAN.
luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Bug: chromium:1218005
Change-Id: I62b5da9cb320e5012a657951c0d4c85a1bb2b3fb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222761
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77403}
Due to caching issues we will not be able to store host-defined options
directly on the Script anymore. ScriptOrModule can thus no longer be
a i::Script.
NodeJS keeps weak references from ScriptOrModule to their import meta
data. This CL changes ScriptOrModule to be a temporary struct which has
a different lifetime. As a temporary fix until the API is fully updated
we introduce the v8_scriptormodule_legacy_lifetime compile-time flag.
It keeps references to ScriptOrModule alive on the Script to restore the
previous behavior (at an additional memory cost).
Bug: chromium:1244145
Change-Id: I1dc42d25930d7bc4f22ee3c9bba93d89425be406
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211575
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77382}
Port commit 6bd44dfe57
Port commit 89933af67f
Port commit 255aaed95b
Port commit 7511020bc8
Port commit aa259e30c3
Bug: v8:11112
Change-Id: Ia005a5da2d48505926a19a5d238b606826db1135
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3215372
Auto-Submit: Liu yu <liuyu@loongson.cn>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77338}
This CL adds a new snapshot to hold objects that are in the shared heap
or may need to be in the shared heap depending on runtime flags.
Currently this is to support --shared-string-table, which puts all
in-place-internalizable strings, internalized strings, and the
string table into the shared heap.
The shared heap snapshot is never deserialized into client Isolates.
This means when V8 is started without a shared Isolate, the shared heap
snapshot is deserialized into all Isolates.
Bug: v8:12007
Change-Id: I7eeab73080cda2e8250a5a49747f25b2440a349d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173905
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77309}
The shared pointer compression cage is a requirement for the V8 virtual
memory cage, and there are some configurations that don't enable the
former but enable the latter, which thus break.
Bug: chromium:1218005
Change-Id: I734598a952ccafd57e4ed63a71e76e4dc252057e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211996
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77305}
This is a reland of 0adc1410b1
1. Fork out test/mjsunit/temporal/function-exist.js test
to test/mjsunit/temporal/function-exist-no-i18n.js and mark
function-exist FAIL in no_i18n build.
Original change's description:
> [Temporal] Part 1 - Skeleton
>
> 1. Expose all the functions to empty buildins.
> 2. Wire up basic structure of classes and internal slots.
>
> Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/
>
> This is just a CL to establish a skeleton for Temporal.
> The Temporal is very big. The prototype CL is in
> https://chromium-review.googlesource.com/c/v8/v8/+/2967755
> but too big to be reviewed so I break up the basic structure here first.
>
> Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
> Bug: v8:11544
> Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Commit-Queue: Frank Tang <ftang@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#76819}
Bug: v8:11544
Change-Id: I60eaface94ba9b3408cb235cd1ae425151a36732
Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160324
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77303}
Allocate code range close to binary (<2GB) when pointer compression is
disabled. And enable short builtin calls if it succeeds.
Bug: v8:12045, v8:11527
Change-Id: I1a9d635b243337980fd75883d9802bc0cee75e43
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3069457
Commit-Queue: Hao A Xu <hao.a.xu@intel.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77248}
This is a reland of 75dd3600b4
crrev.com/c/3205901 should fix the test failures on Fuchsia.
Original change's description:
> Reland "Turn on v8_enable_virtual_memory_cage for Chromium builds"
>
> This is a reland of 4fb3eae7af
>
> crrev.com/c/3202002 fixed the Chromium build issue.
>
> Original change's description:
> > Turn on v8_enable_virtual_memory_cage for Chromium builds
> >
> > This CL enables the virtual memory cage at compile time by default for
> > Chromium builds on x64 and arm64. However, the cage will only be used at
> > runtime if the correpsonding Chromium feature is enabled as well.
> >
> > Bug: chromium:1218005
> > Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
> > Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
> > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
> > Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> > Commit-Queue: Samuel Groß <saelo@chromium.org>
> > Cr-Commit-Position: refs/heads/main@{#77212}
>
> Bug: chromium:1218005
> Change-Id: I32b1a4088ca44827ca4f76b5d19b8138875bfc97
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204950
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77229}
Bug: chromium:1218005
Change-Id: Id258ded659e4abc31f052ff4c57804d4bd9c5ba0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205897
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77240}
This is a reland of 4fb3eae7af
crrev.com/c/3202002 fixed the Chromium build issue.
Original change's description:
> Turn on v8_enable_virtual_memory_cage for Chromium builds
>
> This CL enables the virtual memory cage at compile time by default for
> Chromium builds on x64 and arm64. However, the cage will only be used at
> runtime if the correpsonding Chromium feature is enabled as well.
>
> Bug: chromium:1218005
> Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77212}
Bug: chromium:1218005
Change-Id: I32b1a4088ca44827ca4f76b5d19b8138875bfc97
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204950
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77229}
Port a partial revert of https://crrev.com/c/3189512. The comments are
kept around to document what each flag does.
Fixed: chromium:1255096
Change-Id: I8758a536a6f77826b0eb4918d7d8c85b772d9394
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3203004
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77227}
This reverts commit 4fb3eae7af.
Reason for revert: Fails to link on chromium, blocking the roll: https://cr-buildbucket.appspot.com/build/8834293599516974577
Original change's description:
> Turn on v8_enable_virtual_memory_cage for Chromium builds
>
> This CL enables the virtual memory cage at compile time by default for
> Chromium builds on x64 and arm64. However, the cage will only be used at
> runtime if the correpsonding Chromium feature is enabled as well.
>
> Bug: chromium:1218005
> Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77212}
Bug: chromium:1218005
Change-Id: Id17946641b7b4e0d377d4e211aab929bb39ec341
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3201998
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#77220}
This CL enables the virtual memory cage at compile time by default for
Chromium builds on x64 and arm64. However, the cage will only be used at
runtime if the correpsonding Chromium feature is enabled as well.
Bug: chromium:1218005
Change-Id: I5a452d299ac950f8ec0f741f6b9a153e57b2a666
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3200081
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77212}
Nobody uses the generated *_FIELDS macros anymore, so we can remove
them. I also renamed the generated file to represent its content better.
Bug: v8:7793
Change-Id: I49ab39e363d6961e7210cd67018b6fb83b65a162
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3192191
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77151}
Prepare the Torque compiler to generate Kythe artifacts to be consumed
by CodeSearch.
Drive-by changes.
* Extend SourcePosition by an offset in the input string, as this is
required by the Kythe graph.
* Correctly set missing identifier positions in Declarations.
Bug: v8:12261
Change-Id: Ida0a4a562c99f58ab924ddde36f3146f3d3fd415
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3181102
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Seth Brenith <seth.brenith@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#77099}
Activate argument count consistency (receiver is always included in
JS argument count) for arm and arm64.
Bug: v8:11112
Change-Id: I4b019721422a0a4653d59e81cde2f7d57708e625
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3186436
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77089}
